Merge pull request #250649 from barclayn/enterprise-users-first-steps

part 1, editing the first two steps in enterprise user articles

Author: v-dirichards

articles/active-directory/enterprise-users/directory-delete-howto.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: enterprise-users
 ms.topic: how-to
 ms.workload: identity
-ms.date: 08/31/2023
+ms.date: 09/08/2023
 ms.author: barclayn
 ms.reviewer: sumitp
 ms.custom: it-pro, seo-update-azuread-jan, has-azure-ad-ps-ref
@@ -18,21 +18,22 @@ ms.collection: M365-identity-device-management
 ---
 # Take over an unmanaged directory as administrator in Azure Active Directory
 
-This article describes two ways to take over a DNS domain name in an unmanaged directory in Azure Active Directory (Azure AD), part of Microsoft Entra. When a self-service user signs up for a cloud service that uses Azure AD, they're added to an unmanaged Azure AD directory based on their email domain. For more about self-service or "viral" sign-up for a service, see [What is self-service sign-up for Azure Active Directory?](directory-self-service-signup.md)
+This article describes two ways to take over a DNS domain name in an unmanaged directory in Microsoft Entra ID formerly known as Azure AD. When a self-service user signs up for a cloud service that uses Microsoft Entra ID, they're added to an unmanaged Entra ID directory based on their email domain. For more about self-service or "viral" sign-up for a service, see [What is self-service sign-up for Microsoft Entra ID?](directory-self-service-signup.md)
 
 
 > [!VIDEO https://www.youtube.com/embed/GOSpjHtrRsg]
 
 ## Decide how you want to take over an unmanaged directory
-During the process of admin takeover, you can prove ownership as described in [Add a custom domain name to Azure AD](../fundamentals/add-custom-domain.md). The next sections explain the admin experience in more detail, but here's a summary:
+
+During the process of admin takeover, you can prove ownership as described in [Add a custom domain name to Microsoft Entra ID](../fundamentals/add-custom-domain.md). The next sections explain the admin experience in more detail, but here's a summary:
 
 * When you perform an ["internal" admin takeover](#internal-admin-takeover) of an unmanaged Azure directory, you're added as the global administrator of the unmanaged directory. No users, domains, or service plans are migrated to any other directory you administer.
 
 * When you perform an ["external" admin takeover](#external-admin-takeover) of an unmanaged Azure directory, you add the DNS domain name of the unmanaged directory to your managed Azure directory. When you add the domain name, a mapping of users to resources is created in your managed Azure directory so that users can continue to access services without interruption. 
 
 ## Internal admin takeover
 
-Some products that include SharePoint and OneDrive, such as Microsoft 365, don't support external takeover. If that is your scenario, or if you're an admin and want to take over an unmanaged or "shadow" Azure AD organization create by users who used self-service sign-up, you can do this with an internal admin takeover.
+Some products that include SharePoint and OneDrive, such as Microsoft 365, don't support external takeover. If that is your scenario, or if you're an admin and want to take over an unmanaged or "shadow" Microsoft Entra ID organization created by users who used self-service sign-up, you can do this with an internal admin takeover.
 
 1. Create a user context in the unmanaged organization through signing up for Power BI. For convenience of example, these steps assume that path.
 
@@ -48,11 +49,11 @@ Some products that include SharePoint and OneDrive, such as Microsoft 365, don't
 
    ![Add a txt record for the domain name](./media/domains-admin-takeover/become-admin-txt-record.png)
 
-When the DNS TXT records are verified at your domain name registrar, you can manage the Azure AD organization.
+When the DNS TXT records are verified at your domain name registrar, you can manage the Entra ID organization.
 
 When you complete the preceding steps, you're now the global administrator of the Fourth Coffee organization in Microsoft 365. To integrate the domain name with your other Azure services, you can remove it from Microsoft 365 and add it to a different managed organization in Azure.
 
-### Adding the domain name to a managed organization in Azure AD
+### Adding the domain name to a managed organization in Entra ID
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
@@ -65,26 +66,28 @@ When you complete the preceding steps, you're now the global administrator of th
 
 5. If you have any users or groups in Microsoft 365 that reference the removed domain name, they must be renamed to the .onmicrosoft.com domain. If you force delete the domain name, all users are automatically renamed, in this example to *user\@fourthcoffeexyz.onmicrosoft.com*.
 
-6. Sign in to the [Azure portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) with an account that is the Global Administrator for the Azure AD organization.
-  
-7. Select **Custom domain names**, then add the domain name. You'll have to enter the DNS TXT records to verify ownership of the domain name. 
+6. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](../roles/permissions-reference.md#global-administrator).
+7. In the search box at the top of the page, search for **Domain Names**.
+
+8. Select **+ Add custom domain names**, then add the domain name. You'll have to enter the DNS TXT records to verify ownership of the domain name. 
 
-   ![domain verified as added to Azure AD](./media/domains-admin-takeover/add-domain.png)
+   ![domain verified as added to Entra ID](./media/domains-admin-takeover/add-domain.png)
 
 > [!NOTE]
 > Any users of Power BI or Azure Rights Management service who have licenses assigned in the Microsoft 365 organization must save their dashboards if the domain name is removed. They must sign in with a user name like *user\@fourthcoffeexyz.onmicrosoft.com* rather than *user\@fourthcoffee.xyz*.
 
 ## External admin takeover
 
-If you already manage an organization with Azure services or Microsoft 365, you can't add a custom domain name if it's already verified in another Azure AD organization. However, from your managed organization in Azure AD you can take over an unmanaged organization as an external admin takeover. The general procedure follows the article [Add a custom domain to Azure AD](../fundamentals/add-custom-domain.md).
+If you already manage an organization with Azure services or Microsoft 365, you can't add a custom domain name if it's already verified in another Entra ID organization. However, from your managed organization in Entra ID you can take over an unmanaged organization as an external admin takeover. The general procedure follows the article [Add a custom domain to Entra ID](../fundamentals/add-custom-domain.md).
 
-When you verify ownership of the domain name, Azure AD removes the domain name from the unmanaged organization and moves it to your existing organization. External admin takeover of an unmanaged directory requires the same DNS TXT validation process as internal admin takeover. The difference is that the following are also moved over with the domain name:
+When you verify ownership of the domain name, Entra ID removes the domain name from the unmanaged organization and moves it to your existing organization. External admin takeover of an unmanaged directory requires the same DNS TXT validation process as internal admin takeover. The difference is that the following are also moved over with the domain name:
 
 - Users
 - Subscriptions
 - License assignments
 
 ### Support for external admin takeover
+
 External admin takeover is supported by the following online services:
 
 - Azure Rights Management
@@ -103,17 +106,16 @@ External admin takeover isn't supported for any service that has service plans t
 > [!NOTE]
 > External admin takeover is not supported cross cloud boundaries (ex. Azure Commercial to Azure Government).  In these scenarios it is recommended to perform External admin takeover into another Azure Commercial tenant, and then delete the domain from this tenant so you may verify successfully into the destination Azure Government tenant.
 
-You can optionally use the [**ForceTakeover** option](#azure-ad-powershell-cmdlets-for-the-forcetakeover-option) for removing the domain name from the unmanaged organization and verifying it on the desired organization. 
 
 #### More information about RMS for individuals
 
 For [RMS for individuals](/azure/information-protection/rms-for-individuals), when the unmanaged organization is in the same region as the organization that you own, the automatically created [Azure Information Protection organization key](/azure/information-protection/plan-implement-tenant-key) and [default protection templates](/azure/information-protection/configure-usage-rights#rights-included-in-the-default-templates) are additionally moved over with the domain name.
 
 The key and templates aren't moved over when the unmanaged organization is in a different region. For example, if the unmanaged organization is in Europe and the organization that you own is in North America.
 
-Although RMS for individuals is designed to support Azure AD authentication to open protected content, it doesn't prevent users from also protecting content. If users did protect content with the RMS for individuals subscription, and the key and templates weren't moved over, that content isn't accessible after the domain takeover.
+Although RMS for individuals is designed to support Entra ID authentication to open protected content, it doesn't prevent users from also protecting content. If users did protect content with the RMS for individuals subscription, and the key and templates weren't moved over, that content isn't accessible after the domain takeover.
 
-### Azure AD PowerShell cmdlets for the ForceTakeover option
+### Entra ID PowerShell cmdlets for the ForceTakeover option
 
 You can see these cmdlets used in [PowerShell example](#powershell-example).
 
@@ -128,7 +130,7 @@ cmdlet | Usage
 `get-mgdomain` | The domain list now shows the domain name as **Verified**.
 
 > [!NOTE]
-> The unmanaged Azure AD organization is deleted 10 days after you exercise the external takeover force option.
+> The unmanaged Entra ID organization is deleted 10 days after you exercise the external takeover force option.
 
 ### PowerShell example
 
@@ -143,7 +145,7 @@ cmdlet | Usage
    ```powershell
    Get-MgDomain
    ```
-3. Run the New-MgDomain cmdlet to add a new domain in Azure:
+3. Run the New-MgDomain cmdlet to add a new domain:
    ```powershell
    New-MgDomain -BodyParameter @{Id="<your domain name>"; IsDefault="False"}
    ```

articles/active-directory/enterprise-users/domains-admin-takeover.md

@@ -28,8 +28,8 @@ A domain name is an important part of the identifier for resources in many Azure
 
 When your organization is created, the initial domain name, such as ‘contoso.onmicrosoft.com,’ is also the primary domain name. The primary domain is the default domain name for a new user when you create a new user. Setting a primary domain name streamlines the process for an administrator to create new users in the portal. To change the primary domain name:
 
-1. Sign in to the [Azure portal](https://portal.azure.com) with an account that's a Global Administrator for the organization.
-2. Select **Azure Active Directory**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](../roles/permissions-reference.md#global-administrator).
+1. Select Microsoft Entra ID (Azure AD).
 3. Select **Custom domain names**.
 
    ![Opening the user management page](./media/domains-manage/add-custom-domain.png)

articles/active-directory/enterprise-users/domains-manage.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: enterprise-users
 ms.workload: identity
 ms.topic: how-to
-ms.date: 06/28/2023
+ms.date: 09/08/2023
 ms.author: barclayn
 ms.reviewer: krbain
 ms.custom: it-pro, has-azure-ad-ps-ref
@@ -81,10 +81,9 @@ You will also need to synchronize your sensitivity labels to Azure AD. For instr
 
 ## Assign a label to a new group in Azure portal
 
-[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
-
-1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Browse to **Azure Active Directory** > **Groups**, and then select **New group**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](../roles/permissions-reference.md#global-administrator).
+1. Select Microsoft Entra ID (Azure AD).
+1. Choose **Groups** > **All groups** > **New group**.
 1. On the **New Group** page, select **Office 365**, and then fill out the required information for the new group and select a sensitivity label from the list.
 
    ![Assign a sensitivity label in the New groups page](./media/groups-assign-sensitivity-labels/new-group-page.png)
@@ -95,8 +94,9 @@ Your group is created and the site and group settings associated with the select
 
 ## Assign a label to an existing group in Azure portal
 
-1. Sign in to the [Azure portal](https://portal.azure.com) with a Groups admin account, or as a group owner.
-1. Browse to **Azure Active Directory** > **Groups**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](../roles/permissions-reference.md#global-administrator).
+1. Select Microsoft Entra ID (Azure AD).
+1. Select **Groups**.
 1. From the **All groups** page, select the group that you want to label.
 1. On the selected group's page, select **Properties** and select a sensitivity label from the list.
 
@@ -106,8 +106,9 @@ Your group is created and the site and group settings associated with the select
 
 ## Remove a label from an existing group in Azure portal
 
-1. Sign in to the [Azure portal](https://portal.azure.com) with a Global Administrator or Groups admin account, or as a group owner.
-1. Browse to **Azure Active Directory** > **Groups**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](../roles/permissions-reference.md#global-administrator).
+1. Select Microsoft Entra ID (Azure AD).
+1. Select **Groups** > **All groups**.
 1. From the **All groups** page, select the group that you want to remove the label from.
 1. On the **Group** page, select **Properties**.
 1. Select **Remove**.
@@ -146,9 +147,10 @@ If the label you are looking for is not in the list, this could be the case for
 
 Labels can be swapped at any time using the same steps as assigning a label to an existing group, as follows:
 
-1. Sign in to the [Azure portal](https://portal.azure.com) with a Global or Group administrator account or as group owner.
-1. Browse to **Azure Active Directory** > **Groups**.
-1. From the **All groups** page, select the group that you want to label.
+1. 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](../roles/permissions-reference.md#global-administrator).
+1. Select Microsoft Entra ID (Azure AD).
+1. Select **Groups**.
+1. Choose **All groups**, select the group that you want to label.
 1. On the selected group's page, select **Properties** and select a new sensitivity label from the list.
 1. Select **Save**.
 

articles/active-directory/enterprise-users/groups-assign-sensitivity-labels.md

@@ -5,7 +5,7 @@ services: active-directory
 author: barclayn
 ms.author: barclayn
 manager: amycolannino
-ms.date: 04/24/2023
+ms.date: 09/06/2023
 ms.topic: how-to
 ms.service: active-directory
 ms.subservice: enterprise-users
@@ -17,14 +17,13 @@ ms.collection: M365-identity-device-management
 
 # Bulk download members of a group in Azure Active Directory
 
-You can bulk download the members of a group in your organization to a comma-separated values (CSV) file in the portal for Azure Active Directory (Azure AD), part of Microsoft Entra. All admins and non-admin users can download group membership lists.
+You can bulk download the members of a group in your organization to a comma-separated values (CSV) file from the Microsoft Entra Admin center. All admins and non-admin users can download group membership lists.
 
 ## To bulk download group membership
 
-[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
-
-1. Sign in to the [Azure portal](https://portal.azure.com) with an account in the organization.
-1. In Azure AD, select **Groups** > **All groups**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](../roles/permissions-reference.md#global-administrator).
+1. Select Microsoft Entra ID (Azure AD).
+1. Select **Groups** > **All groups**.
 1. Open the group whose membership you want to download, and then select **Members**.
 1. On the **Members** page, select **Bulk operations** and choose, **Download members** to download a CSV file listing the group members.
 

articles/active-directory/enterprise-users/groups-bulk-download-members.md

@@ -27,8 +27,9 @@ You can download a list of all the groups in your organization to a comma-separa
 >[!NOTE]
 > The columns downloaded are pre-defined
 
-1. Sign in to the [Azure portal](https://portal.azure.com) with an account in your organization.
-1. In Azure AD, select **Groups** > **Download groups**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](../roles/permissions-reference.md#global-administrator).
+1. Select Microsoft Entra ID (Azure AD).
+1. Select **Groups** > **Download groups**.
 1. On the **Groups download** page, select **Start** to receive a CSV file listing your groups.
 
    ![The download groups command is on the All groups page](./media/groups-bulk-download/bulk-download.png)

articles/active-directory/enterprise-users/groups-bulk-download.md

@@ -45,8 +45,12 @@ The rows in a downloaded CSV template are as follows:
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-1. Sign in to the [Azure portal](https://portal.azure.com) with a User administrator account in the organization. Group owners can also bulk import members of groups they own.
-1. In Azure AD, select **Groups** > **All groups**.
+
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](../roles/permissions-reference.md#global-administrator).
+1. Select Microsoft Entra ID (Azure AD).
+   >[!NOTE]
+   >Group owners can also bulk import members of groups they own.
+1. Select **Groups** > **All groups**.
 1. Open the group to which you're adding members and then select **Members**.
 1. On the **Members** page, select **bulk operations** and then choose **Import members**.
 1. On the **Bulk import group members** page, select **Download** to get the CSV file template with required group member properties.

articles/active-directory/enterprise-users/groups-bulk-import-members.md

@@ -5,7 +5,7 @@ services: active-directory
 author: barclayn
 ms.author: barclayn
 manager: amycolannino
-ms.date: 09/22/2021
+ms.date: 09/08/2023
 ms.topic: how-to
 ms.service: active-directory
 ms.subservice: enterprise-users
@@ -44,8 +44,9 @@ The rows in a downloaded CSV template are as follows:
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-1. Sign in to the [Azure portal](https://portal.azure.com) with a User administrator account in the organization. Group owners can also bulk remove members of groups they own.
-1. In Azure AD, select **Groups** > **All groups**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](../roles/permissions-reference.md#global-administrator).
+1. Select Microsoft Entra ID (Azure AD).
+1. Select **Groups** > **All groups**.
 1. Open the group from which you're removing members and then select **Members**.
 1. On the **Members** page, select **Remove members**.
 1. On the **Bulk remove group members** page, select **Download** to get the CSV file template with required group member properties.