MicrosoftDocs
diff --git a/‎articles/active-directory/authentication/how-to-mfa-additional-context.md
Lines changed: 16 additions & 10 deletions b/‎articles/active-directory/authentication/how-to-mfa-additional-context.md
Lines changed: 16 additions & 10 deletions
diff --git a/‎articles/active-directory/authentication/how-to-mfa-number-match.md
Lines changed: 27 additions & 21 deletions b/‎articles/active-directory/authentication/how-to-mfa-number-match.md
Lines changed: 27 additions & 21 deletions
@@ -4,7 +4,7 @@ description: Learn how to use additional context in MFA notifications
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 06/23/2022
+ms.date: 08/08/2022
 ms.author: justinha
 author: mjsantani
 ms.collection: M365-identity-device-management
@@ -13,7 +13,7 @@ ms.collection: M365-identity-device-management
 ---
 # How to use additional context in Microsoft Authenticator app notifications (Preview) - Authentication Methods Policy
 
-This topic covers how to improve the security of user sign-in by adding the application and location in Microsoft Authenticator app push notifications.  
+This article covers how to improve the security of user sign-in by adding the application and location in Microsoft Authenticator app push notifications.  
 
 ## Prerequisites
 
@@ -50,7 +50,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 
 | Property | Type | Description |
 |---------|------|-------------|
-| id | String | The authentication method policy identifier. |
+| ID | String | The authentication method policy identifier. |
 | state | authenticationMethodState | Possible values are: **enabled**<br>**disabled** |
 
 **RELATIONSHIPS**
@@ -67,7 +67,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 | Property | Type | Description |
 |----------|------|-------------|
 | authenticationMode | String | Possible values are:<br>**any**: Both passwordless phone sign-in and traditional second factor notifications are allowed.<br>**deviceBasedPush**: Only passwordless phone sign-in notifications are allowed.<br>**push**: Only traditional second factor push notifications are allowed. |
-| id | String | Object ID of an Azure AD user or group. |
+| ID | String | Object ID of an Azure AD user or group. |
 | targetType | authenticationMethodTargetType | Possible values are: **user**, **group**.<br>You can only set one group or user for additional context. |
 | displayAppInformationRequiredState | advancedConfigState | Possible values are:<br>**enabled** explicitly enables the feature for the selected group.<br>**disabled** explicitly disables the feature for the selected group.<br>**default** allows Azure AD to manage whether the feature is enabled or not for the selected group. |
 
@@ -78,7 +78,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 
 Change the **displayAppInformationRequiredState** from **default** to **enabled**. 
 
-The value of Authentication Mode can be either **any** or **push**, depending on whether or not you also want to enable passwordless phone sign-in. In these examples, we'll use **any**, but if you do not want to allow passwordless, use **push**.
+The value of Authentication Mode can be either **any** or **push**, depending on whether or not you also want to enable passwordless phone sign-in. In these examples, we'll use **any**, but if you don't want to allow passwordless, use **push**.
 
 You need to PATCH the entire includeTarget to prevent overwriting any previous configuration. In that case, do a GET first, update only the relevant fields, and then PATCH. The following example only shows the update to the **displayAppInformationRequiredState**. 
 
@@ -182,18 +182,24 @@ To turn off additional context, you'll need to PATCH remove **displayAppInformat
 
 To enable additional context in the Azure AD portal, complete the following steps:
 
-1. In the Azure AD portal, click **Security** > **Authentication methods** > **Microsoft Authenticator**.
-1. Select the target users, click the three dots on the right, and click **Configure**.
+1. Sign in to the [Azure portal](https://portal.azure.com) using an account with *global administrator* permissions.
+1. Search for and select **Azure Active Directory**, then choose **Security** from the menu on the left-hand side.
+1. Under the **Manage** menu header, select **Authentication methods** >  **Policies**.
+1. From the list of available authentication methods, select **Microsoft Authenticator**.
+
+    ![Screenshot that shows how to select the Microsoft Authenticator policy.](./media/how-to-mfa-additional-context/select-microsoft-authenticator-policy.png)
+
+1. Select the target users, select the three dots on the right, and choose **Configure**.
 
-   ![Screenshot of how to configure number match.](media/howto-authentication-passwordless-phone/configure.png)
+   ![Screenshot of configuring Microsoft authenticator additional context.](./media/how-to-mfa-additional-context/configure-microsoft-authenticator.png)
 
-1. Select the **Authentication mode**, and then for **Show additional context in notifications (Preview)**, click **Enable**, and then click **Done**.
+1. Select the **Authentication mode**, and then for **Show additional context in notifications (Preview)**, select **Enable**, and then select **Done**.
 
    ![Screenshot of enabling additional context.](media/howto-authentication-passwordless-phone/enable-additional-context.png)
 
 ## Known issues
 
-Additional context is not supported for Network Policy Server (NPS). 
+Additional context isn't supported for Network Policy Server (NPS). 
 
 ## Next steps
 
 
@@ -4,7 +4,7 @@ description: Learn how to use number matching in MFA notifications
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 06/23/2022
+ms.date: 08/08/2022
 ms.author: justinha
 author: mjsantani
 ms.collection: M365-identity-device-management
@@ -13,7 +13,7 @@ ms.collection: M365-identity-device-management
 ---
 # How to use number matching in multifactor authentication (MFA) notifications (Preview) - Authentication Methods Policy
 
-This topic covers how to enable number matching in Microsoft Authenticator push notifications to improve user sign-in security.  
+This article covers how to enable number matching in Microsoft Authenticator push notifications to improve user sign-in security.  
 
 >[!NOTE]
 >Number matching is a key security upgrade to traditional second factor notifications in the Authenticator app that will be enabled by default for all tenants a few months after general availability (GA).<br> 
@@ -42,7 +42,7 @@ Number matching is available for the following scenarios. When enabled, all scen
 
 ### Multifactor authentication
 
-When a user responds to an MFA push notification using the Authenticator app, they will be presented with a number. They need to type that number into the app to complete the approval. 
+When a user responds to an MFA push notification using the Authenticator app, they'll be presented with a number. They need to type that number into the app to complete the approval. 
 
 ![Screenshot of user entering a number match.](media/howto-authentication-passwordless-phone/phone-sign-in-microsoft-authenticator-app.png)
 
@@ -71,7 +71,7 @@ Make sure you run the latest version of the [NPS extension](https://www.microsof
 
 Because the NPS extension can't show a number, a user who is enabled for number matching will still be prompted to **Approve**/**Deny**. However, you can create a registry key that overrides push notifications to ask a user to enter a One-Time Passcode (OTP). The user must have an OTP authentication method registered to see this behavior. Common OTP authentication methods include the OTP available in the Authenticator app, other software tokens, and so on. 
 
-If the user doesn't have an OTP method registered, they will continue to get the **Approve**/**Deny** experience. A user with number matching disabled will always see the **Approve**/**Deny** experience.
+If the user doesn't have an OTP method registered, they'll continue to get the **Approve**/**Deny** experience. A user with number matching disabled will always see the **Approve**/**Deny** experience.
 
 To create the registry key that overrides push notifications:
 
@@ -98,7 +98,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 
 | Property | Type | Description |
 |---------|------|-------------|
-| id | String | The authentication method policy identifier. |
+| ID | String | The authentication method policy identifier. |
 | state | authenticationMethodState | Possible values are: **enabled**<br>**disabled** |
 
 **RELATIONSHIPS**
@@ -115,18 +115,18 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 | Property | Type | Description |
 |----------|------|-------------|
 | authenticationMode | String | Possible values are:<br>**any**: Both passwordless phone sign-in and traditional second factor notifications are allowed.<br>**deviceBasedPush**: Only passwordless phone sign-in notifications are allowed.<br>**push**: Only traditional second factor push notifications are allowed. |
-| id | String | Object ID of an Azure AD user or group. |
-| targetType | authenticationMethodTargetType | Possible values are: **user**, **group**.<br>Please note: You will be able to only set one group or user for number matching. |
+| ID | String | Object ID of an Azure AD user or group. |
+| targetType | authenticationMethodTargetType | Possible values are: **user**, **group**.<br>Note: You'll be able to only set one group or user for number matching. |
 | numberMatchingRequiredState | advancedConfigState | Possible values are:<br>**enabled** explicitly enables the feature for the selected group.<br>**disabled** explicitly disables the feature for the selected group.<br>**default** allows Azure AD to manage whether the feature is enabled or not for the selected group. |
 
 >[!NOTE]
 >Number matching can only be enabled for a single group.
 
 #### Example of how to enable number matching for all users
 
-You will need to change the **numberMatchingRequiredState** from **default** to **enabled**. 
+You'll need to change the **numberMatchingRequiredState** from **default** to **enabled**. 
 
-Note that the value of Authentication Mode can be either **any** or **push**, depending on whether or not you also want to enable passwordless phone sign-in. In these examples, we will use **any**, but if you do not want to allow passwordless, use **push**. 
+Note that the value of Authentication Mode can be either **any** or **push**, depending on whether or not you also want to enable passwordless phone sign-in. In these examples, we'll use **any**, but if you don't want to allow passwordless, use **push**. 
 
 >[!NOTE]
 >For passwordless users, enabling or disabling number matching has no impact because it's already part of the passwordless experience. 
@@ -157,14 +157,14 @@ You might need to patch the entire includeTarget to prevent overwriting any prev
 
 ```
 
-To confirm this has applied, please run the GET request below using the endpoint below.
+To confirm this update has applied, please run the GET request below using the endpoint below.
 GET - https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMethodConfigurations/MicrosoftAuthenticator
 
 
 #### Example of how to enable number matching for a single group
 
-We will need to change the **numberMatchingRequiredState** value from **default** to **enabled.** 
-You will need to change the **id** from **all_users** to the ObjectID of the group from the Azure AD portal.
+We'll need to change the **numberMatchingRequiredState** value from **default** to **enabled.** 
+You'll need to change the **id** from **all_users** to the ObjectID of the group from the Azure AD portal.
 
 You need to PATCH the entire includeTarget to prevent overwriting any previous configuration. We recommend that you do a GET first, and then update only the relevant fields and then PATCH. The example below only shows the update to the **numberMatchingRequiredState**. 
 
@@ -208,7 +208,7 @@ See the end user experience of an Authenticator MFA push notification with numbe
 
 ### Turn off number matching
 
-To turn number matching off, you will need to PATCH remove **numberMatchingRequiredState** from **enabled** to **disabled**/**default**.
+To turn number matching off, you'll need to PATCH remove **numberMatchingRequiredState** from **enabled** to **disabled**/**default**.
 
 ```json
 {
@@ -231,22 +231,28 @@ To turn number matching off, you will need to PATCH remove **numberMatchingRequi
 
 ## Enable number matching in the portal
 
-To enable number matching in the Azure AD portal, complete the following steps:
+To enable number matching in the Azure portal, complete the following steps:
 
-1. In the Azure AD portal, click **Security** > **Authentication methods** > **Microsoft Authenticator**.
-1. Select the target users, click the three dots on the right, and click **Configure**.
+1. Sign-in to the [Azure portal](https://portal.azure.com) using an account with *global administrator* permissions.
+1. Search for and select **Azure Active Directory**, then choose **Security** from the menu on the left-hand side.
+1. Under the **Manage** menu header, select **Authentication methods** >  **Policies**.
+1. From the list of available authentication methods, select **Microsoft Authenticator**.
+
+    ![Screenshot that shows how to select the Microsoft Authenticator policy.](./media/how-to-mfa-number-match/select-microsoft-authenticator-policy.png)
+
+1. Select the target users, select the three dots on the right, and choose **Configure**.
 
-   ![Screenshot of configuring number match.](media/howto-authentication-passwordless-phone/configure.png)
+   ![Screenshot of configuring number match.](./media/how-to-mfa-number-match/configure-microsoft-authenticator.png)
 
-1. Select the **Authentication mode**, and then for **Require number matching (Preview)**, click **Enable**, and then click **Done**. 
+1. Select the **Authentication mode**, and then for **Require number matching (Preview)**, select **Enable**, and then select **Done**. 
 
-   ![Screenshot of enabling number match.](media/howto-authentication-passwordless-phone/enable-number-matching.png)
+   ![Screenshot of enabling number match configuration.](media/howto-authentication-passwordless-phone/enable-number-matching.png)
 
 >[!NOTE]
 >[Least privileged role in Azure Active Directory - Multifactor authentication](../roles/delegate-by-task.md#multi-factor-authentication)
 
-Number matching is not supported for Apple Watch notifications. Apple Watch need to use their phone to approve notifications when number matching is enabled.
+Number matching isn't supported for Apple Watch notifications. Apple Watch need to use their phone to approve notifications when number matching is enabled.
 
 ## Next steps
 
-[Authentication methods in Azure Active Directory](concept-authentication-authenticator-app.md)
+[Authentication methods in Azure Active Directory](concept-authentication-authenticator-app.md)