Merge pull request #47767 from lootle1/MR52

Technical Review 1008486: Secure Microsoft Entra users with multifact…

Author: v-ccolin

learn-pr/azure/secure-aad-users-with-mfa/1-introduction.yml

@@ -5,7 +5,7 @@ metadata:
   prefetch-feature-rollout: true
   title: Introduction
   description: Introduction
-  ms.date: 11/03/2023
+  ms.date: 11/01/2024
   author: Justinha
   ms.author: justinha
   ms.topic: unit

learn-pr/azure/secure-aad-users-with-mfa/2-azure-multi-factor-authentication.yml

@@ -5,7 +5,7 @@ metadata:
   prefetch-feature-rollout: true
   title: What is Microsoft Entra multifactor authentication?
   description: Learn about Microsoft Entra multifactor authentication and how it helps protect user accounts.
-  ms.date: 11/03/2023
+  ms.date: 11/01/2024
   author: Justinha
   ms.author: justinha
   ms.topic: unit

learn-pr/azure/secure-aad-users-with-mfa/3-planning-mfa.yml

@@ -5,7 +5,7 @@ metadata:
   prefetch-feature-rollout: true
   title: Plan your multifactor authentication deployment
   description: Learn the things to consider as you plan to turn on Microsoft Entra multifactor authentication.
-  ms.date: 11/03/2023
+  ms.date: 11/01/2024
   author: Justinha
   ms.author: justinha
   ms.topic: unit

learn-pr/azure/secure-aad-users-with-mfa/4-exercise-mfa.yml

@@ -5,7 +5,7 @@ metadata:
   prefetch-feature-rollout: true
   title: Exercise - Enable Microsoft Entra multifactor authentication
   description: Exercise - Enable Microsoft Entra multifactor authentication
-  ms.date: 11/03/2023
+  ms.date: 11/01/2024
   author: Justinha
   ms.author: justinha
   ms.topic: unit

learn-pr/azure/secure-aad-users-with-mfa/5-configure-authentication-methods.yml

@@ -3,13 +3,13 @@ uid: learn.azure-security.secure-aad-users-with-mfa.configure-authentication-met
 metadata:
   adobe-target: true
   prefetch-feature-rollout: true
-  title: Configure multi-factor authentication methods
-  description: Configure multi-factor authentication methods
-  ms.date: 11/03/2023
+  title: Configure multifactor authentication methods
+  description: Configure multifactor authentication methods
+  ms.date: 11/01/2024
   author: Justinha
   ms.author: justinha
   ms.topic: unit
-title: Configure multi-factor authentication methods
+title: Configure multifactor authentication methods
 durationInMinutes: 6
 content: |
   [!include[](includes/5-configure-authentication-methods.md)]
@@ -25,20 +25,19 @@ quiz:
      - content: Security questions
        isCorrect: true
        explanation: "Correct. Security questions can only be used with Self-Service Password Reset."
-   - content: Which of the following authentication methods _cannot_ be disabled?
+   - content: Which of the following authentication methods _can't_ be disabled?
      choices:
      - content: Text message
        isCorrect: false
      - content: Password
        isCorrect: true
-       explanation: "Correct. Passwords are always usable as an authentication method and cannot be disabled."
+       explanation: "Correct. Passwords are always usable as an authentication method and can't be disabled."
      - content: Microsoft Authenticator app
        isCorrect: false
-   - content: True or False. You must activate multi-factor authentication for all users in the directory you enable it in.
+   - content: True or False. You must activate multifactor authentication for all users in the directory you enable it in.
      choices:
      - content: "True"
        isCorrect: false
      - content: "False"
        isCorrect: true
-       explanation: "Correct. MFA can be enabled for a subset of your users; this is actually a recommendation - start small to ensure you don't lock someone out of your systems."
-
+       explanation: "Correct. MFA can be enabled for a subset of your users. Enabling is actually a recommendation. Start small to ensure you don't lock someone out of your systems."

learn-pr/azure/secure-aad-users-with-mfa/6-summary.yml

@@ -5,7 +5,7 @@ metadata:
   prefetch-feature-rollout: true
   title: Summary
   description: Summary
-  ms.date: 11/03/2023
+  ms.date: 11/01/2024
   author: Justinha
   ms.author: justinha
   ms.topic: unit

learn-pr/azure/secure-aad-users-with-mfa/includes/1-introduction.md

@@ -1,6 +1,6 @@
 Imagine that you're a security engineer for a large manufacturing firm. Your company works on several big contracts for popular personal electronics companies, including Microsoft. Clients send you their confidential designs, which are then stored in your Azure infrastructure. Plenty of hackers would love to get their hands on the next-generation designs. It's your job to protect them.
 
-You did significant work in hardening your network and ensuring that only the right people have access to client data. There's still a big hole to protect: user accounts. This module discusses one of the best ways to stop unauthorized users from gaining access through a username and password: multifactor authentication.
+You did significant work in hardening your network and ensuring that only the right people have access to client data. There's still a big hole to protect: user accounts. This module discusses one of the best ways to stop unauthorized users from gaining access through a username and password, which is multifactor authentication.
 
 ## Learning objectives
 

learn-pr/azure/secure-aad-users-with-mfa/includes/3-planning-mfa.md

@@ -1,6 +1,6 @@
 Before you start deploying Microsoft Entra multifactor authentication, there are several things you should decide.
 
-First, consider rolling out MFA in waves. Start with a small group of pilot users to evaluate the complexity of your environment and identify any setup issues or unsupported apps or devices. Then, broaden that group over time and evaluate the results with each pass until your entire company is enrolled.
+First, consider rolling out MFA in waves. Start with a small group of pilot users to evaluate the complexity of your environment and identify any setup issues or unsupported apps or devices. Then, broaden that group over time, and evaluate the results with each pass until your entire company is enrolled.
 
 Next, make sure to create a full communication plan. Microsoft Entra multifactor authentication has several user-interaction requirements, including a registration process. Keep users informed every step of the way. Let them know what they're required to do, important dates, and how to get answers to questions if they have trouble. Microsoft provides [communication templates](https://www.microsoft.com/download/details.aspx?id=57600&WT.mc_id=rss_alldownloads_all) to help draft your communications, including posters and email templates.
 
@@ -10,10 +10,10 @@ Next, make sure to create a full communication plan. Microsoft Entra multifactor
 
 Microsoft Entra multifactor authentication is enforced with *Conditional Access* policies. Conditional Access policies are `IF-THEN` statements. *IF* a user wants to access a resource, *THEN* they must complete an action. For example, a payroll manager wants to access the payroll application and is required to perform multifactor authentication to access it. Other common access requests that might require MFA include:
 
-- IF a specific cloud application is accessed
-- IF a user is accessing a specific network
-- IF a user is accessing a specific client application
-- IF a user is registering a new device
+- IF a specific cloud application is accessed.
+- IF a user is accessing a specific network.
+- IF a user is accessing a specific client application.
+- IF a user is registering a new device.
 
 ## Deciding supported authentication methods
 
@@ -26,9 +26,9 @@ When you turn on Microsoft Entra multifactor authentication, you can choose the
 | **Call to a phone** | Azure can call a supplied phone number. The user then approves the authentication using the keypad. This method is preferred for backups. |
 | **FIDO2 security key** | FIDO2 security keys are an unphishable standards-based passwordless authentication method. These keys are typically USB devices, but could also use Bluetooth or NFC. |
 | **Windows Hello for Business** | Windows Hello for Business replaces passwords with strong two-factor authentication on devices. This authentication consists of a type of user credential that is tied to a device and uses a biometric or PIN. |
-| **OATH tokens** | OATH tokens can be software applications such as the Microsoft Authenticator app and other authenticator apps, or hardware-based tokens that customers can purchase from different vendors. |
+| **OATH tokens** | OATH tokens can be software applications such as the Microsoft Authenticator app and other authenticator apps. They can also be hardware-based tokens that customers can purchase from different vendors. |
 
-Administrators can enable one or more of these options, then users can opt in to each support authentication method they want to use.
+Administrators can enable one or more of these options. Then users can opt in to each support authentication method they want to use.
 
 ## Selecting an authentication method
 

learn-pr/azure/secure-aad-users-with-mfa/includes/4-exercise-mfa.md

@@ -10,19 +10,17 @@ You can walk through the basic steps necessary to configure and enable Microsoft
 ## Configure multifactor authentication options
 
 1. Sign in to the [Azure portal](https://portal.azure.com/) using a Global administrator account.
-1. Navigate to the Microsoft Entra dashboard using the **Microsoft Entra ID** option in the side menu.
+1. Search for **Microsoft Entra ID** and navigate to the Microsoft Entra ID dashboard.
 1. Select **Security** in the left-hand menu.
-1. Select **multifactor authentication** under the **Manage** heading in the menu. Here, you find options for multifactor authentication.
+1. Under the **Manage** menu, select **Multifactor authentication**. Here, you find options for multifactor authentication.
 
     :::image type="content" source="../media/4-mfa-options.png" alt-text="Screenshot showing MFA options in the dashboard.":::
 
-1. Under **Configure**, select **Additional cloud-based multifactor authentication settings**. A new browser page opens where you can see all the MFA options for Azure.
+1. Under **Configure**, select **Additional cloud-based multifactor authentication settings**. On the resulting page, you can see all the MFA options for Azure under **Service Settings**.
 
     :::image type="content" source="../media/4-set-mfa.png" alt-text="Screenshot showing MFA configuration.":::
 
-    This page is where you select the supported authentication methods. In this example, all of them are selected.
-
-    You can also enable or disable *app passwords* here, which allow users to create unique account passwords for apps that don't support multifactor authentication. This feature lets the user authenticate with their Microsoft Entra identity, using a different password specific to that app.
+    You can enable or disable *app passwords* here, which allow users to create unique account passwords for apps that don't support multifactor authentication. This feature lets the user authenticate with their Microsoft Entra identity, using a different password specific to that app.
 
 ## Set up Conditional Access rules for MFA
 

learn-pr/azure/secure-aad-users-with-mfa/includes/5-configure-authentication-methods.md

@@ -33,11 +33,11 @@ The following table lists the authentication methods and the services that can u
 
 ### Password
 
-This method is the only one that you can’t disable.
+This method is the only one that you can't disable.
 
 ### Security questions
 
-This method is available only for nonadministrative accounts that use Self-Service Password Reset.
+This method is available only for non-administrative accounts that use Self-Service Password Reset.
 
 * Azure stores security questions privately and in a security-enhanced manner on a user object in the directory. Only users can answer the questions, and only during registration. An administrator can't read or change a user's questions or answers.
 
@@ -55,17 +55,17 @@ Windows Hello for Business provides reliable, fully integrated biometric authent
 
 ### FIDO2 security keys
 
-FIDO2 security keys are an unphishable, standards-based passwordless authentication method that can come in any form factor. Fast Identity Online (FIDO) is an open standard for passwordless authentication.
+FIDO2 security keys are an unphishable, standards-based, and passwordless authentication method that can come in any form factor. Fast Identity Online (FIDO) is an open standard for passwordless authentication.
 
-Users can register and then select a FIDO2 security key at the sign-in interface as their main means of authentication. These FIDO2 security keys are typically USB devices, but could also use Bluetooth or NFC.
+Users can register and then select a FIDO2 security key at the sign-in interface as their main means of authentication. These FIDO2 security keys are typically USB devices but could also use Bluetooth or NFC.
 
-FIDO2 security keys can be used to sign in to their Microsoft Entra ID or Microsoft Entra hybrid joined Windows 10 devices and get single-sign on to their cloud and on-premises resources. Users can also sign in to supported browsers.
+FIDO2 security keys can be used to sign in to their Microsoft Entra ID or Microsoft Entra hybrid joined Windows 10 devices. They can get single-sign on to their cloud and on-premises resources. Users can also sign in to supported browsers.
 
 ### Microsoft Authenticator app
 
-This method is available for Android and iOS. Users can register their mobile app at [https://aka.ms/mfasetup](https://aka.ms/mfasetup).
+This method is available for Android and iOS. Users can [register their mobile app here](https://aka.ms/mfasetup).
 
-* The Microsoft Authenticator app helps prevent unauthorized access to accounts and helps stop fraudulent transactions by pushing a notification to your smartphone or tablet. Users view the notification and confirm or deny the request.
+* The Microsoft Authenticator app helps prevent unauthorized access to accounts. It pushes a notification that helps stop fraudulent transactions to your smartphone or tablet. Users view the notification, and confirm or deny the request.
 
 * Users can use the Microsoft Authenticator app or a third-party app as a software token to generate an OATH verification code. After the user enters the username and password, the users enter the code provided by the app on the sign-in screen. The verification code provides a second form of authentication. Users can also set the Microsoft Authenticator app to deliver a push notification that they select and approve to sign in.
 
@@ -87,7 +87,7 @@ Azure uses an automated voice system to call the number and the owner uses the k
 
 ### App password
 
-Certain nonbrowser apps don't support Microsoft Entra multifactor authentication. If users are enabled for Microsoft Entra multifactor authentication and try to use nonbrowser apps, they're unable to authenticate. The app password allows users to continue to authenticate.
+Certain non-browser apps don't support Microsoft Entra multifactor authentication. If users are enabled for Microsoft Entra multifactor authentication and try to use nonbrowser apps, they're unable to authenticate. The app password allows users to continue to authenticate.
 
 ## Monitoring adoption