revised portal steps

Justinha · Justinha · commit f5f634e5d4f1 · 2023-09-13T17:01:16.000-07:00
diff --git a/articles/active-directory/authentication/how-to-mfa-additional-context.md b/articles/active-directory/authentication/how-to-mfa-additional-context.md
@@ -4,7 +4,7 @@ description: Learn how to use additional context in MFA notifications
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 01/29/2023
+ms.date: 09/13/2023
 ms.author: justinha
 author: mjsantani
 ms.collection: M365-identity-device-management
@@ -17,7 +17,7 @@ This topic covers how to improve the security of user sign-in by adding the appl
 
 ## Prerequisites
 
-- Your organization needs to enable Microsoft Authenticator passwordless and push notifications for some users or groups by using the new Authentication methods policy. You can edit the Authentication methods policy by using the Azure portal or Microsoft Graph API. 
+- Your organization needs to enable Microsoft Authenticator passwordless and push notifications for some users or groups by using the new Authentication methods policy. You can edit the Authentication methods policy by using the Microsoft Entra admin center or Microsoft Graph API. 
 
   >[!NOTE]
   >The policy schema for Microsoft Graph APIs has been improved. The older policy schema is now deprecated. Make sure you use the new schema to help prevent errors.
@@ -165,7 +165,7 @@ Only users who are enabled for Microsoft Authenticator under Microsoft Authentic
 #### Example of how to enable application name and geographic location for separate groups
  
 In **featureSettings**, change **displayAppInformationRequiredState** and **displayLocationInformationRequiredState** from **default** to **enabled.** 
-Inside the **includeTarget** for each featureSetting, change the **id** from **all_users** to the ObjectID of the group from the Azure portal.
+Inside the **includeTarget** for each featureSetting, change the **id** from **all_users** to the ObjectID of the group from the Microsoft Entra admin center.
 
 You need to PATCH the entire schema to prevent overwriting any previous configuration. We recommend that you do a GET first, and then update only the relevant fields and then PATCH. The following example shows an update to **displayAppInformationRequiredState** and **displayLocationInformationRequiredState** under **featureSettings**. 
 
@@ -222,7 +222,7 @@ GET https://graph.microsoft.com/v1.0/authenticationMethodsPolicy/authenticationM
 #### Example of how to disable application name and only enable geographic location 
  
 In **featureSettings**, change the state of **displayAppInformationRequiredState** to **default** or **disabled** and **displayLocationInformationRequiredState** to **enabled.** 
-Inside the **includeTarget** for each featureSetting, change the **id** from **all_users** to the ObjectID of the group from the Azure portal.
+Inside the **includeTarget** for each featureSetting, change the **id** from **all_users** to the ObjectID of the group from the Microsoft Entra admin center.
 
 You need to PATCH the entire schema to prevent overwriting any previous configuration. We recommend that you do a GET first, and then update only the relevant fields and then PATCH. The following example shows an update to **displayAppInformationRequiredState** and **displayLocationInformationRequiredState** under **featureSettings**. 
 
@@ -273,9 +273,9 @@ Only users who are enabled for Microsoft Authenticator under Microsoft Authentic
 #### Example of how to exclude a group from application name and geographic location 
  
 In **featureSettings**, change the states of **displayAppInformationRequiredState** and **displayLocationInformationRequiredState** from **default** to **enabled.** 
-Inside the **includeTarget** for each featureSetting, change the **id** from **all_users** to the ObjectID of the group from the Azure portal.
+Inside the **includeTarget** for each featureSetting, change the **id** from **all_users** to the ObjectID of the group from the Microsoft Entra admin center.
 
-In addition, for each of the features, you'll change the id of the excludeTarget to the ObjectID of the group from the Azure portal. This change excludes that group from seeing application name or geographic location.
+In addition, for each of the features, you'll change the id of the excludeTarget to the ObjectID of the group from the Microsoft Entra admin center. This change excludes that group from seeing application name or geographic location.
 
 You need to PATCH the entire schema to prevent overwriting any previous configuration. We recommend that you do a GET first, and then update only the relevant fields and then PATCH. The following example shows an update to **displayAppInformationRequiredState** and **displayLocationInformationRequiredState** under **featureSettings**. 
 
@@ -408,11 +408,12 @@ To turn off additional context, you'll need to PATCH **displayAppInformationRequ
 }
 ```
 
-## Enable additional context in the portal
+## Enable additional context in the Microsoft Entra admin center
 
-To enable application name or geographic location in the Azure portal, complete the following steps:
+To enable application name or geographic location in the Microsoft Entra admin center, complete the following steps:
 
-1. In the Azure portal, click **Security** > **Authentication methods** > **Microsoft Authenticator**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Browse to **Protection** > **Authentication methods** > **Microsoft Authenticator**.
 1. On the **Basics** tab, click **Yes** and **All users** to enable the policy for everyone, and change **Authentication mode** to **Any**. 
    
    Only users who are enabled for Microsoft Authenticator here can be included in the policy to show the application name or geographic location of the sign-in, or excluded from it. Users who aren't enabled for Microsoft Authenticator can't see application name or geographic location.
diff --git a/articles/active-directory/authentication/how-to-mfa-authenticator-lite.md b/articles/active-directory/authentication/how-to-mfa-authenticator-lite.md
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 04/25/2023
+ms.date: 09/13/2023
 
 ms.author: justinha
 author: sabina-smith
@@ -26,12 +26,12 @@ Users receive a notification in Outlook mobile to approve or deny sign-in, or th
 
 >[!NOTE]
 >These are important security enhancements for users authenticating via telecom transports:
->- On June 26, the Microsoft managed value of this feature changed from ‘disabled’ to ‘enabled’ in the Authentication methods policy. If you no longer wish for this feature to be enabled, move the state from 'default' to ‘disabled’ or scope it to only a group of users.
->- Starting September 18, Authenticator Lite will be enabled as part of the *Notification through mobile app* verification option in the per-user MFA policy. If you don't want this feature enabled, you can disable it in the Authentication methods policy following the steps below.
+>- On June 26, the Microsoft managed value of this feature changed from **Disabled** to **Enabled** in the Authentication methods policy. If you no longer wish for this feature to be enabled, move the state from **Default** to **Disabled** or scope it to only a group of users.
+>- Starting September 18, Authenticator Lite will be enabled as part of the **Notification through mobile app* verification option in the per-user MFA policy. If you don't want this feature enabled, you can disable it in the Authentication methods policy following the steps below.
 
 ## Prerequisites
 
-- Your organization needs to enable Microsoft Authenticator (second factor) push notifications for all users or select groups. We recommend enabling Microsoft Authenticator by using the modern [Authentication methods policy](concept-authentication-methods-manage.md#authentication-methods-policy). You can edit the Authentication methods policy by using the Azure portal or Microsoft Graph API. Organizations with an active MFA server are not eligible for this feature.
+- Your organization needs to enable Microsoft Authenticator (second factor) push notifications for all users or select groups. We recommend enabling Microsoft Authenticator by using the modern [Authentication methods policy](concept-authentication-methods-manage.md#authentication-methods-policy). You can edit the Authentication methods policy by using the Microsoft Entra admin center or Microsoft Graph API. Organizations with an active MFA server are not eligible for this feature.
 
   >[!TIP]
   >We recommend that you also enable [system-preferred multifactor authentication (MFA)](concept-system-preferred-multifactor-authentication.md) when you enable Authenticator Lite. With system-preferred MFA enabled, users try to sign-in with Authenticator Lite before they try less secure telephony methods like SMS or voice call. 
@@ -49,26 +49,26 @@ Users receive a notification in Outlook mobile to approve or deny sign-in, or th
 
 By default, Authenticator Lite is [Microsoft managed](concept-authentication-default-enablement.md#microsoft-managed-settings) in the Authentication methods policy. On June 26, the Microsoft managed value of this feature changed from ‘disabled’ to ‘enabled’. Authenticator Lite is also included as part of the *Notification through mobile app* verification option in the per-user MFA policy.
 
-### Disabling Authenticator Lite in Azure portal UX
+### Disabling Authenticator Lite in the Microsoft Entra admin center
 
-To disable Authenticator Lite in the Azure portal, complete the following steps:
+To disable Authenticator Lite in the Microsoft Entra admin center, complete the following steps:
 
-  1. In the Azure portal, click Azure Active Directory > Security > Authentication methods > Microsoft Authenticator.
-     In the Entra admin center, on the sidebar select Azure Active Directory > Protect & Secure > Authentication methods > Microsoft Authenticator.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Browse to **Protection** > **Authentication methods** > **Microsoft Authenticator**.
 
-  2. On the Enable and Target tab, click Enable and All users to enable the Authenticator policy for everyone or add select groups. Set the Authentication mode for these users/groups to Any or Push.
+2. On the **Enable and Target** tab, click **Enable** and **All users** to enable the Authenticator policy for everyone or add select groups. Set the Authentication mode for these users/groups to **Any** or **Push**.
 
-Users who aren't enabled for Microsoft Authenticator can't see the feature. Users who have Microsoft Authenticator downloaded on the same device Outlook is downloaded on will not be prompted to register for Authenticator Lite in Outlook. Android users utilizing a personal and work profile on their device may be prompted to register if Authenticator is present on a different profile from the Outlook application.
+   Users who aren't enabled for Microsoft Authenticator can't see the feature. Users who have Microsoft Authenticator downloaded on the same device Outlook is downloaded on will not be prompted to register for Authenticator Lite in Outlook. Android users utilizing a personal and work profile on their device may be prompted to register if Authenticator is present on a different profile from the Outlook application.
 
-<img width="1112" alt="Microsoft Entra admin center Authenticator settings" src="https://user-images.githubusercontent.com/108090297/228603771-52c5933c-f95e-4f19-82db-eda2ba640b94.png">
+   <img width="1112" alt="Microsoft Entra admin center Authenticator settings" src="https://user-images.githubusercontent.com/108090297/228603771-52c5933c-f95e-4f19-82db-eda2ba640b94.png">
 
 
-  3. On the Configure tab, for **Microsoft Authenticator on companion applications**, change Status to Disabled, and click Save.
+3. On the **Configure** tab, for **Microsoft Authenticator on companion applications**, change Status to **Disabled**, and click **Save**.
 
-<img width="664" alt="Authenticator Lite configuration settings" src="https://user-images.githubusercontent.com/108090297/228603364-53f2581f-a4e0-42ee-8016-79b23e5eff6c.png">
+   <img width="664" alt="Authenticator Lite configuration settings" src="https://user-images.githubusercontent.com/108090297/228603364-53f2581f-a4e0-42ee-8016-79b23e5eff6c.png">
 
->[!NOTE]
-> If your organization still manages authentication methods in the per-user MFA policy, you'll need to disable *Notification through mobile app* as a verification option there in addition to the steps above. We recommend doing this only after you've enabled Microsoft Authenticator in the Authentication methods policy. You can contine to manage the remainder of your authentication methods in the per-user MFA policy while Microsoft Authenticator is managed in the modern Authentication methods policy. However, we recommend [migrating](how-to-authentication-methods-manage.md) management of all authentication methods to the modern Authentication methods policy. The ability to manage authentication methods in the per-user MFA policy will be retired September 30, 2024.
+   >[!NOTE]
+   > If your organization still manages authentication methods in the per-user MFA policy, you need to disable *Notification through mobile app* as a verification option there in addition to the preceding steps. We recommend doing this only after you enable Microsoft Authenticator in the Authentication methods policy. You can contine to manage the remainder of your authentication methods in the per-user MFA policy while Microsoft Authenticator is managed in the modern Authentication methods policy. However, we recommend [migrating](how-to-authentication-methods-manage.md) management of all authentication methods to the modern Authentication methods policy. The ability to manage authentication methods in the per-user MFA policy will be retired September 30, 2024.
 
 ### Enable Authenticator Lite via Graph APIs
 
diff --git a/articles/active-directory/authentication/howto-authentication-use-email-signin.md b/articles/active-directory/authentication/howto-authentication-use-email-signin.md
@@ -7,7 +7,7 @@ ms.service: active-directory
 ms.subservice: authentication
 ms.custom: has-azure-ad-ps-ref
 ms.topic: how-to
-ms.date: 06/01/2023
+ms.date: 09/13/2023
 
 ms.author: justinha
 author: calui
@@ -135,24 +135,23 @@ Email as an alternate login ID applies to [Azure AD B2B collaboration](../extern
 
 Once users with the *ProxyAddresses* attribute applied are synchronized to Azure AD using Azure AD Connect, you need to enable the feature for users to sign in with email as an alternate login ID for your tenant. This feature tells the Azure AD login servers to not only check the sign-in identifier against UPN values, but also against *ProxyAddresses* values for the email address.
 
-During preview, you currently need *Global Administrator* permissions to enable sign-in with email as an alternate login ID. You can use either Azure portal or Graph PowerShell to set up the feature.
+During preview, you currently need *Global Administrator* permissions to enable sign-in with email as an alternate login ID. You can use either Microsoft Entra admin center or Graph PowerShell to set up the feature.
 
-### Azure portal
+### Microsoft Entra admin center
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-1. Sign in to the [Azure portal](https://portal.azure.com) as a *Global Administrator*.
-1. Search for and select **Azure Active Directory**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a [Global Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
 1. From the navigation menu on the left-hand side of the Azure Active Directory window, select **Azure AD Connect > Email as alternate login ID**.
 
-    ![Screenshot of email as alternate login ID option in the Azure portal.](media/howto-authentication-use-email-signin/azure-ad-connect-screen.png)
+    ![Screenshot of email as alternate login ID option in the Microsoft Entra admin center.](media/howto-authentication-use-email-signin/azure-ad-connect-screen.png)
 
 1. Click the checkbox next to *Email as an alternate login ID*.
 1. Click **Save**.
 
-    ![Screenshot of email as alternate login ID blade in the Azure portal.](media/howto-authentication-use-email-signin/email-alternate-login-id-screen.png)
+    ![Screenshot of email as alternate login ID blade in the Microsoft Entra admin center.](media/howto-authentication-use-email-signin/email-alternate-login-id-screen.png)
 
-With the policy applied, it can take up to 1 hour to propagate and for users to be able to sign in using their alternate login ID.
+With the policy applied, it can take up to one hour to propagate and for users to be able to sign in using their alternate login ID.
 
 ### PowerShell
 
diff --git a/articles/active-directory/authentication/howto-mfa-adfs.md b/articles/active-directory/authentication/howto-mfa-adfs.md
@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 01/29/2023
+ms.date: 09/13/2023
 
 ms.author: justinha
 author: justinha
@@ -95,14 +95,14 @@ The first thing we need to do is to configure the AD FS claims. Create two claim
 15. Click **Ok**.
 16. Close AD FS Management.
 
-### Configure Azure AD Multi-Factor Authentication Trusted IPs with Federated Users
+### Configure Azure AD Multi-Factor Authentication Trusted IPs with federated users
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
 Now that the claims are in place, we can configure trusted IPs.
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-2. Select **Azure Active Directory** > **Security** > **Conditional Access** > **Named locations**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Browse to **Conditional Access** > **Named locations**.
 3. From the **Conditional Access - Named locations** blade, select **Configure MFA trusted IPs**
 
    ![Azure AD Conditional Access named locations Configure MFA trusted IPs](./media/howto-mfa-adfs/trustedip6.png)
diff --git a/articles/active-directory/authentication/howto-mfa-app-passwords.md b/articles/active-directory/authentication/howto-mfa-app-passwords.md
@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 01/29/2023
+ms.date: 09/13/2023
 
 ms.author: justinha
 author: justinha
@@ -82,14 +82,12 @@ In this scenario, you use the following credentials:
 
 By default, users can't create app passwords. The app passwords feature must be enabled before users can use them. To give users the ability to create app passwords, **admin needs** to complete the following steps:
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-2. Search for and select **Azure Active Directory**, then choose **Security**.
-3. Select **Conditional Access** from the left navigation blade.
-4. Selet **Named location** from the left navigation blade.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Browse to **Conditional Access** > **Named locations**.
 5. Click on **"Configure MFA trusted IPs"** in the bar across the top of the *Conditional Access | Named Locations* window.
 6. On the **multi-factor authentication** page, select the **Allow users to create app passwords to sign in to non-browser apps** option.
 
-    ![Screenshot of the Azure portal that shows the service settings for multi-factor authentication to allow the user of app passwords](media/concept-authentication-methods/app-password-authentication-method.png)
+    ![Screenshot that shows the service settings for multi-factor authentication to allow the user of app passwords](media/concept-authentication-methods/app-password-authentication-method.png)
     
 > [!NOTE]
 >
