MicrosoftDocs
diff --git a/‎articles/active-directory-b2c/localization-string-ids.md
Lines changed: 14 additions & 14 deletions b/‎articles/active-directory-b2c/localization-string-ids.md
Lines changed: 14 additions & 14 deletions
diff --git a/‎articles/active-directory/app-provisioning/on-premises-ecma-troubleshoot.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/app-provisioning/on-premises-ecma-troubleshoot.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/authentication/how-to-migrate-mfa-server-to-azure-mfa-with-federation.md
Lines changed: 17 additions & 21 deletions b/‎articles/active-directory/authentication/how-to-migrate-mfa-server-to-azure-mfa-with-federation.md
Lines changed: 17 additions & 21 deletions
@@ -24,7 +24,7 @@ The **Localization** element enables you to support multiple locales or language
 The following IDs are used for a content definition with an ID of `api.signuporsignin`, and [self-asserted technical profile](self-asserted-technical-profile.md).
 
 | ID | Default value | Page Layout Version |
-| -- | ------------- | ------ |
+| --- | ------------- | ------ |
 | **forgotpassword_link** | Forgot your password? | `All` |
 | **createaccount_intro** | Don't have an account? | `All` |
 | **button_signin** | Sign in | `All` |
@@ -92,7 +92,7 @@ The following example localizes the Facebook identity provider to Arabic:
 ### Sign-up or sign-in error messages
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 | **UserMessageIfInvalidPassword** | Your password is incorrect. |
 | **UserMessageIfPasswordExpired**| Your password has expired.|
 | **UserMessageIfClaimsPrincipalDoesNotExist** | We can't seem to find your account. |
@@ -142,7 +142,7 @@ The following example localizes the Facebook identity provider to Arabic:
 The following are the IDs for a content definition with an ID of `api.localaccountsignup` or any content definition that starts with `api.selfasserted`, such as `api.selfasserted.profileupdate` and `api.localaccountpasswordreset`, and [self-asserted technical profile](self-asserted-technical-profile.md).
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 | **ver_sent** | Verification code has been sent to: |
 | **ver_but_default** | Default |
 | **cancel_message** | The user has canceled entering self-asserted information |
@@ -181,7 +181,7 @@ The following are the IDs for a content definition with an ID of `api.localaccou
 ### Sign-up and self-asserted pages error messages
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 | **UserMessageIfClaimsPrincipalAlreadyExists** | A user with the specified ID already exists. Please choose a different one. |
 | **UserMessageIfClaimNotVerified** | Claim not verified: {0} |
 | **UserMessageIfIncorrectPattern** | Incorrect pattern for: {0} |
@@ -255,7 +255,7 @@ The following example shows the use of some of the user interface elements in th
 The Following are the IDs for a content definition with an ID of `api.phonefactor`, and [phone factor technical profile](phone-factor-technical-profile.md).
 
 | ID | Default value | Page Layout Version |
-| -- | ------------- | ------ |
+| --- | ------------- | ------ |
 | **button_verify** | Call Me | `All` |
 | **country_code_label** | Country Code | `All` |
 | **cancel_message** | The user has canceled multi-factor authentication | `All` |
@@ -279,7 +279,7 @@ The Following are the IDs for a content definition with an ID of `api.phonefacto
 | **invalid_number** | Please enter a valid phone number | `All` |
 | **intro_sms** | We have the following number on record for you. We will send a code via SMS to authenticate you. | `All` |
 | **intro_entry_mixed** | Enter a number below that we can send a code via SMS or phone to authenticate you. | `All` |
-| **number_pattern** | ^\\+(?:[0-9][\\x20-]?){6,14}[0-9]$ | `All` |
+| **number_pattern** | `^\\+(?:[0-9][\\x20-]?){6,14}[0-9]$` | `All` |
 | **intro_sms_p** |We have the following numbers on record for you. Choose a number that we can send a code via SMS to authenticate you. | `All` |
 | **requiredField_countryCode** | Please select your country code | `All` |
 | **requiredField_number** | Please enter your phone number | `All` |
@@ -357,7 +357,7 @@ The following example shows the use of some of the user interface elements in th
 The following are the IDs for a [Verification display control](display-control-verification.md) with [page layout version](page-layout.md) 2.1.0 or higher.
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 |intro_msg <sup>*</sup>| Verification is necessary. Please click Send button.|
 |success_send_code_msg | Verification code has been sent. Please copy it to the input box below.|
 |failure_send_code_msg | We are having trouble verifying your email address. Please enter a valid email address and try again.|
@@ -398,7 +398,7 @@ Note: The `intro_msg` element is hidden, and not shown on the self-asserted page
 The following are the IDs for a [Verification display control](display-control-verification.md) with [page layout version](page-layout.md) 2.0.0.
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 |verification_control_but_change_claims |Change |
 |verification_control_fail_send_code |Failed to send the code, please try again later. |
 |verification_control_fail_verify_code |Failed to verify the code, please try again later. |
@@ -428,7 +428,7 @@ The following are the IDs for a [Verification display control](display-control-v
 The following are the IDs for [Restful service technical profile](restful-technical-profile.md) error messages:
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 |DefaultUserMessageIfRequestFailed | Failed to establish connection to restful service end point. Restful service URL: {0} |
 |UserMessageIfCircuitOpen | {0} Restful Service URL: {1} |
 |UserMessageIfDnsResolutionFailed | Failed to resolve the hostname of the restful service endpoint. Restful service URL: {0} |
@@ -453,7 +453,7 @@ The following are the IDs for [Restful service technical profile](restful-techni
 The following are the IDs for an [Azure AD MFA technical profile](multi-factor-auth-technical-profile.md) error message:
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 |UserMessageIfCouldntSendSms | Cannot Send SMS to the phone, please try another phone number. |
 |UserMessageIfInvalidFormat | Your phone number is not in a valid format, please correct it and try again.|
 |UserMessageIfMaxAllowedCodeRetryReached | Wrong code entered too many times, please try again later.|
@@ -481,7 +481,7 @@ The following are the IDs for an [Azure AD MFA technical profile](multi-factor-a
 The following are the IDs for [Azure AD SSPR technical profile](aad-sspr-technical-profile.md) error messages:
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 |UserMessageIfChallengeExpired | The code has expired.|
 |UserMessageIfInternalError | The email service has encountered an internal error, please try again later.|
 |UserMessageIfThrottled | You have sent too many requests, please try again later.|
@@ -507,8 +507,8 @@ The following are the IDs for [Azure AD SSPR technical profile](aad-sspr-technic
 
 The following are the IDs for a [one-time password technical profile](one-time-password-technical-profile.md) error messages
 
-| ID | Default value |
-| -- | ------------- |
+| ID | Default value | Description | 
+| --- | ------------- | ----------- |
 | UserMessageIfSessionDoesNotExist | No | The message to display to the user if the code verification session has expired. It is either the code has expired or the code has never been generated for a given identifier. |
 | UserMessageIfMaxRetryAttempted | No | The message to display to the user if they've exceeded the maximum allowed verification attempts. |
 | UserMessageIfMaxNumberOfCodeGenerated | No | The message to display to the user if the code generation has exceeded the maximum allowed number of attempts. |
@@ -536,7 +536,7 @@ The following are the IDs for a [one-time password technical profile](one-time-p
 The following are the IDs for claims transformations error messages:
 
 | ID | Claims transformation | Default value |
-| -- | ------------- |------------- |
+| --- | ------------- |------------- |
 |UserMessageIfClaimsTransformationBooleanValueIsNotEqual |[AssertBooleanClaimIsEqualToValue](boolean-transformations.md#assertbooleanclaimisequaltovalue) | Boolean claim value comparison failed for claim type "inputClaim".| 
 |DateTimeGreaterThan |[AssertDateTimeIsGreaterThan](date-transformations.md#assertdatetimeisgreaterthan) | Claim value comparison failed: The provided left operand is greater than the right operand.|
 |UserMessageIfClaimsTransformationStringsAreNotEqual |[AssertStringClaimsAreEqual](string-transformations.md#assertstringclaimsareequal) | Claim value comparison failed using StringComparison "OrdinalIgnoreCase".|
 
@@ -183,7 +183,7 @@ You might get an error message when you install the cloud provisioning agent.
 
 This problem is typically caused by the agent being unable to execute the PowerShell registration scripts because of local PowerShell execution policies.
 
-To resolve this problem, change the PowerShell execution policies on the server. You need to have Machine and User policies set as *Undefined* or *RemoteSigned*. If they're set as *Unrestricted*, you'll see this error. For more information, see [PowerShell execution policies](/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-6). 
+To resolve this problem, change the PowerShell execution policies on the server. You need to have Machine and User policies set as *Undefined* or *RemoteSigned*. If they're set as *Unrestricted*, you'll see this error. For more information, see [PowerShell execution policies](/powershell/module/microsoft.powershell.core/about/about_execution_policies). 
 
 ### Log files
 
@@ -215,7 +215,7 @@ By using Azure AD, you can monitor the provisioning service in the cloud and col
   ```
 
 ### I am getting an Invalid LDAP style DN error when trying to configure the ECMA Connector Host with SQL
-By default, the genericSQL connector expects the DN to be populated using the LDAP style (when the ‘DN is anchor’ attribute is left unchecked in the first connectivity page). In the error message above, you can see that the DN is a UPN, rather than an LDAP style DN that the connector expects. 
+By default, the genericSQL connector expects the DN to be populated using the LDAP style (when the 'DN is anchor' attribute is left unchecked in the first connectivity page). In the error message above, you can see that the DN is a UPN, rather than an LDAP style DN that the connector expects. 
 
 To resolve this, ensure that **Autogenerated** is selected on the object types page when you configure the connector.
 
 
@@ -1,18 +1,14 @@
 ---
 title: Migrate to Azure AD MFA with federations - Azure Active Directory
 description: Step-by-step guidance to move from Azure MFA Server on-premises to Azure AD MFA with federation
-
-services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
 ms.date: 06/22/2021
-
 ms.author: BaSelden
 author: BarbaraSelden
 manager: daveba
 ms.reviewer: michmcla
-
 ms.collection: M365-identity-device-management
 ---
 # Migrate to Azure AD MFA with federation
@@ -31,7 +27,7 @@ To create new conditional access policies, you'll need to assign those policies
 
 You'll also need an Azure AD security group for iteratively migrating users to Azure AD MFA. These groups are used in your claims rules.
 
-Don’t reuse groups that are used for security. If you are using a security group to secure a group of high-value apps via a Conditional Access policy, that should be the only use of that group.
+Don't reuse groups that are used for security. If you are using a security group to secure a group of high-value apps via a Conditional Access policy, that should be the only use of that group.
 
 ## Prepare AD FS
 
@@ -62,13 +58,13 @@ Get-AdfsAdditionalAuthenticationRule
 To view existing relying party trusts, run the following command and replace RPTrustName with the name of the relying party trust claims rule: 
 
 ```powershell
-(Get-AdfsRelyingPartyTrust -Name “RPTrustName”).AdditionalAuthenticationRules 
+(Get-AdfsRelyingPartyTrust -Name "RPTrustName").AdditionalAuthenticationRules 
 ```
 
 #### Access control policies
 
 > [!NOTE]
-> Access control policies can’t be configured so that a specific authentication provider is invoked based on group membership. 
+> Access control policies can't be configured so that a specific authentication provider is invoked based on group membership. 
 
 
 To transition from access control policies to additional authentication rules, run the following command for each of your Relying Party Trusts using the MFA Server authentication provider:
@@ -89,13 +85,13 @@ You'll need to have a specific group in which you place users for whom you want
 
 To find the group SID, use the following command, with your group name
 
-`Get-ADGroup “GroupName”`
+`Get-ADGroup "GroupName"`
 
 ![Image of screen shot showing the results of the Get-ADGroup script.](./media/how-to-migrate-mfa-server-to-azure-mfa-user-authentication/find-the-sid.png)
 
 #### Setting the claims rules to call Azure MFA
 
-The following PowerShell cmdlets invoke Azure AD MFA for users in the group when not on the corporate network. Replace "YourGroupSid” with the SID found by running the above cmdlet.
+The following PowerShell cmdlets invoke Azure AD MFA for users in the group when not on the corporate network. Replace "YourGroupSid" with the SID found by running the above cmdlet.
 
 Make sure you review the [How to Choose Additional Auth Providers in 2019](/windows-server/identity/ad-fs/overview/whats-new-active-directory-federation-services-windows-server). 
 
@@ -109,7 +105,7 @@ Make sure you review the [How to Choose Additional Auth Providers in 2019](/wind
 Run the following PowerShell cmdlet: 
 
 ```powershell
-(Get-AdfsRelyingPartyTrust -Name “RPTrustName”).AdditionalAuthenticationRules
+(Get-AdfsRelyingPartyTrust -Name "RPTrustName").AdditionalAuthenticationRules
 ```
 
 
@@ -123,7 +119,7 @@ Value = "AzureMfaAuthentication");
 not exists([Type == "https://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 
 Value=="YourGroupSid"]) => issue(Type = 
 "https://schemas.microsoft.com/claims/authnmethodsproviders", Value = 
-"AzureMfaServerAuthentication");’
+"AzureMfaServerAuthentication");'
 ```
 
 The following example assumes your current claim rules are configured to prompt for MFA when users connect from outside your network. This example includes the additional rules that you need to append.
@@ -134,12 +130,12 @@ Set-AdfsAdditionalAuthenticationRule -AdditionalAuthenticationRules 'c:[type ==
 "https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", value = 
 "https://schemas.microsoft.com/claims/multipleauthn" );
  c:[Type == "https://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == 
-“YourGroupSID"] => issue(Type = "https://schemas.microsoft.com/claims/authnmethodsproviders", 
+"YourGroupSID"] => issue(Type = "https://schemas.microsoft.com/claims/authnmethodsproviders", 
 Value = "AzureMfaAuthentication");
 not exists([Type == "https://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 
-Value==“YourGroupSid"]) => issue(Type = 
+Value=="YourGroupSid"]) => issue(Type = 
 "https://schemas.microsoft.com/claims/authnmethodsproviders", Value = 
-"AzureMfaServerAuthentication");’
+"AzureMfaServerAuthentication");'
 ```
 
 
@@ -153,12 +149,12 @@ Set-AdfsRelyingPartyTrust -TargetName AppA -AdditionalAuthenticationRules 'c:[ty
 "https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", value = 
 "https://schemas.microsoft.com/claims/multipleauthn" );
 c:[Type == "https://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == 
-“YourGroupSID"] => issue(Type = "https://schemas.microsoft.com/claims/authnmethodsproviders", 
+"YourGroupSID"] => issue(Type = "https://schemas.microsoft.com/claims/authnmethodsproviders", 
 Value = "AzureMfaAuthentication");
 not exists([Type == "https://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 
-Value==“YourGroupSid"]) => issue(Type = 
+Value=="YourGroupSid"]) => issue(Type = 
 "https://schemas.microsoft.com/claims/authnmethodsproviders", Value = 
-"AzureMfaServerAuthentication");’
+"AzureMfaServerAuthentication");'
 ```
 
 
@@ -180,7 +176,7 @@ For federated domains, MFA may be enforced by Azure AD Conditional Access or by
 
 If the SupportsMFA flag is set to False, you're likely not using Azure MFA; you're probably using claims rules on AD FS relying parties to invoke MFA.
 
-You can check the status of your SupportsMFA flag with the following [Windows PowerShell cmdlet](/powershell/module/msonline/get-msoldomainfederationsettings?view=azureadps-1.0):
+You can check the status of your SupportsMFA flag with the following [Windows PowerShell cmdlet](/powershell/module/msonline/get-msoldomainfederationsettings):
 
 ```powershell
 Get-MsolDomainFederationSettings –DomainName yourdomain.com
@@ -276,7 +272,7 @@ You'll need to interpret, clean, and format the data.
 
 Users may have already registered phone numbers in Azure AD. When you import the phone numbers using the Authentication Methods API, you must decide whether to overwrite the existing phone number or to add the imported number as an alternate phone number.
 
-The following PowerShell cmdlets takes the CSV file you supply and adds the exported phone numbers as a phone number for each UPN using the Authentication Methods API. Replace "myPhones” with the name of your CSV file.
+The following PowerShell cmdlets takes the CSV file you supply and adds the exported phone numbers as a phone number for each UPN using the Authentication Methods API. Replace "myPhones" with the name of your CSV file.
 
 ```powershell
 
@@ -325,12 +321,12 @@ For example, remove the following from the rule(s):
 
 ```console
 c:[Type == "https://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value ==
-“**YourGroupSID**"] => issue(Type = "https://schemas.microsoft.com/claims/authnmethodsproviders",
+"**YourGroupSID**"] => issue(Type = "https://schemas.microsoft.com/claims/authnmethodsproviders",
 Value = "AzureMfaAuthentication");
 not exists([Type == "https://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid",
 Value=="YourGroupSid"]) => issue(Type =
 "https://schemas.microsoft.com/claims/authnmethodsproviders", Value =
-"AzureMfaServerAuthentication");’
+"AzureMfaServerAuthentication");'
 ```
 
 ### Disable MFA Server as an authentication provider in AD FS