diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index f059ddd00ae..8dda7a95084 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -65,6 +65,11 @@
       "redirect_url": "/entra/fundamentals/how-to-manage-support-access-requests",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/docs/identity/monitoring-health/reference-azure-monitor-sign-ins-log-schema.md",
+      "redirect_url": "/entra/identity/monitoring-health/concept-activity-log-schemas",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/docs/identity/monitoring-health/howto-configure-prerequisites-for-reporting-api.md",
       "redirect_url": "/entra/identity/monitoring-health/howto-analyze-activity-logs-with-microsoft-graph",
diff --git a/docs/identity/authentication/certificate-based-authentication-federation-get-started.md b/docs/identity/authentication/certificate-based-authentication-federation-get-started.md
index 2583065a89d..dc771cec7b6 100644
--- a/docs/identity/authentication/certificate-based-authentication-federation-get-started.md
+++ b/docs/identity/authentication/certificate-based-authentication-federation-get-started.md
@@ -59,21 +59,21 @@ The related information exists for the following device platforms:
 
 ## Step 2: Configure the certificate authorities
 
-[!INCLUDE [Configure certificate authorities](../../includes/entra-authentication-configure-certificate-authorities.md)]
+[!INCLUDE [Configure certificate authorities](~/includes/entra-authentication-configure-certificate-authorities.md)]
 
 ### Connect
 
-[!INCLUDE [Connect-AzureAD](../../includes/entra-authentication-connect.md)]
+[!INCLUDE [Connect-AzureAD](~/includes/entra-authentication-connect.md)]
 
 
 ### Retrieve
 
-[!INCLUDE [Get-AzureAD](../../includes/entra-authentication-get-trusted.md)]
+[!INCLUDE [Get-AzureAD](~/includes/entra-authentication-get-trusted.md)]
 
 
 To add, modify, or remove a CA, use the Microsoft Entra admin center:
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a [Global Administrator](~/identity/role-based-access-control/permissions-reference.md#global-administrator).
+1. [!INCLUDE [Privileged role](../../includes/privileged-role-include.md)]
 1. Browse to **Protection** > **Show more** > **Security Center** (or **Identity Secure Score**) > **Certificate authorities**.
 1. To upload a CA, select **Upload**: 
    1. Select the CA file.
diff --git a/docs/identity/authentication/concept-authentication-methods-manage.md b/docs/identity/authentication/concept-authentication-methods-manage.md
index a6920828b50..99d03e35eec 100644
--- a/docs/identity/authentication/concept-authentication-methods-manage.md
+++ b/docs/identity/authentication/concept-authentication-methods-manage.md
@@ -5,7 +5,7 @@ description: Learn about the authentication methods policy and different ways to
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 07/09/2024
+ms.date: 10/03/2024
 
 ms.author: justinha
 author: justinha
@@ -35,7 +35,9 @@ Only the [converged registration experience](concept-registration-mfa-sspr-combi
 
 ## Legacy MFA and SSPR policies
 
-Two other policies, located in **Multifactor authentication** settings and **Password reset** settings, provide a legacy way to manage some authentication methods for all users in the tenant. You can't control who uses an enabled authentication method, or how the method can be used. A [Global Administrator](~/identity/role-based-access-control/permissions-reference.md#global-administrator) is needed to manage these policies. 
+Two other policies, located in **Multifactor authentication** settings and **Password reset** settings, provide a legacy way to manage some authentication methods for all users in the tenant. You can't control who uses an enabled authentication method, or how the method can be used. 
+
+[!INCLUDE [Privileged role](~/includes/privileged-role-feature-include.md)]
 
 >[!Important]
 >In March 2023, we announced the deprecation of managing authentication methods in the legacy multifactor authentication and self-service password reset (SSPR) policies. Beginning September 30, 2025, authentication methods can't be managed in these legacy MFA and SSPR policies. We recommend customers use the manual migration control to migrate to the Authentication methods policy by the deprecation date.
diff --git a/docs/identity/authentication/concept-authentication-oath-tokens.md b/docs/identity/authentication/concept-authentication-oath-tokens.md
index 0124cdbff1c..26d5f7e62dc 100644
--- a/docs/identity/authentication/concept-authentication-oath-tokens.md
+++ b/docs/identity/authentication/concept-authentication-oath-tokens.md
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 02/14/2024
+ms.date: 10/03/2024
 
 ms.author: justinha
 author: justinha
@@ -54,7 +54,7 @@ Helga@contoso.com,1234567,2234567abcdef2234567abcdef,60,Contoso,HardwareKey
 > [!NOTE]
 > Make sure you include the header row in your CSV file. 
 
-Once properly formatted as a CSV file, a Global Administrator can then sign in to the Microsoft Entra admin center, navigate to **Protection** > **Multifactor authentication** > **OATH tokens**, and upload the resulting CSV file.
+Once properly formatted as a CSV file, an administrator can then sign in to the Microsoft Entra admin center, navigate to **Protection** > **Multifactor authentication** > **OATH tokens**, and upload the resulting CSV file.
 
 Depending on the size of the CSV file, it can take a few minutes to process. Select the **Refresh** button to get the current status. If there are any errors in the file, you can download a CSV file that lists any errors for you to resolve. The field names in the downloaded CSV file are different than the uploaded version.  
 
diff --git a/docs/identity/authentication/concept-certificate-based-authentication-migration.md b/docs/identity/authentication/concept-certificate-based-authentication-migration.md
index 82d7780fb94..9133cc05da0 100644
--- a/docs/identity/authentication/concept-certificate-based-authentication-migration.md
+++ b/docs/identity/authentication/concept-certificate-based-authentication-migration.md
@@ -5,7 +5,7 @@ description: Learn how to migrate from Federated server to Microsoft Entra ID
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 09/13/2023
+ms.date: 10/03/2024
 
 
 ms.author: justinha
@@ -75,7 +75,7 @@ For synchronized accounts:
 
 ### Should organizations eliminate federated servers like AD FS to prevent the capability to pivot from AD FS to Azure?
  
-With federation, an attacker could impersonate anyone, such as a CIO, even if they can't obtain a cloud-only role like the Global Administrator account.
+With federation, an attacker could impersonate anyone, such as a CIO, even if they can't obtain a cloud-only role like a highly privileged administrator account.
 
 When a domain is federated in Microsoft Entra ID, a high level of trust is being placed on the Federated IdP. AD FS is one example, but the notion holds true for *any* federated IdP. Many organizations deploy a federated IdP such as AD FS exclusively to accomplish certificate based authentication. Microsoft Entra CBA completely removes the AD FS dependency in this case. With Microsoft Entra CBA, customers can move their application estate to Microsoft Entra ID to modernize their IAM infrastructure and reduce costs with increased security.
 
diff --git a/docs/identity/authentication/concept-mfa-authprovider.md b/docs/identity/authentication/concept-mfa-authprovider.md
index 047b6bb13ab..b1223fb2387 100644
--- a/docs/identity/authentication/concept-mfa-authprovider.md
+++ b/docs/identity/authentication/concept-mfa-authprovider.md
@@ -6,21 +6,21 @@ description: When should you use an authentication provider with Microsoft Entra
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 09/14/2023
+ms.date: 10/03/2024
 
 ms.author: justinha
 author: justinha
 manager: amycolannino
-ms.reviewer: michmcla
+ms.reviewer: jpettere
 ---
 # When to use a Microsoft Entra multifactor authentication provider
 
 > [!IMPORTANT]
 > Effective September 1st, 2018 new auth providers may no longer be created. Existing auth providers may continue to be used and updated, but migration is no longer possible. Multifactor authentication will continue to be available as a feature in Microsoft Entra ID P1 or P2 licenses.
 
-Two-step verification is available by default for Global Administrators who have Microsoft Entra ID, and Microsoft 365 users. However, if you wish to take advantage of [advanced features](howto-mfa-mfasettings.md) then you should purchase the full version of Microsoft Entra multifactor authentication.
+Two-step verification is available by default for administrators in Microsoft Entra ID, and Microsoft 365 users. However, if you wish to take advantage of [advanced features](howto-mfa-mfasettings.md) then you should enable Microsoft Entra multifactor authentication by using Conditional Access. For more information, see [Common Conditional Access policy: Require MFA for all users](~/identity/conditional-access/howto-conditional-access-policy-all-users-mfa.md).
 
-A Microsoft Entra multifactor authentication provider is used to take advantage of features provided by Microsoft Entra multifactor authentication for users who **do not have licenses**.
+A Microsoft Entra multifactor authentication provider is used to take advantage of features provided by Microsoft Entra multifactor authentication for users who **don't have licenses**.
 
 ## Caveats related to the Azure MFA SDK
 
@@ -70,3 +70,5 @@ After you confirm that all settings are migrated, browse to **Providers** and se
 ## Next steps
 
 [Configure multifactor authentication settings](howto-mfa-mfasettings.md)
+
+[Common Conditional Access policy: Require MFA for all users](~/identity/conditional-access/howto-conditional-access-policy-all-users-mfa.md)
diff --git a/docs/identity/authentication/concept-mfa-licensing.md b/docs/identity/authentication/concept-mfa-licensing.md
index afe68e1cb53..67f60e333e1 100644
--- a/docs/identity/authentication/concept-mfa-licensing.md
+++ b/docs/identity/authentication/concept-mfa-licensing.md
@@ -6,7 +6,7 @@ description: Learn about the Microsoft Entra multifactor authentication client a
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 01/29/2023
+ms.date: 10/03/2024
 
 ms.author: justinha
 author: justinha
@@ -15,16 +15,16 @@ ms.reviewer: michmcla
 ---
 # Features and licenses for Microsoft Entra multifactor authentication
 
-To protect user accounts in your organization, multifactor authentication should be used. This feature is especially important for accounts that have privileged access to resources. Basic multifactor authentication features are available to Microsoft 365 and Microsoft Entra users and Global Administrators for no extra cost. If you want to upgrade the features for your admins or extend multifactor authentication to the rest of your users with more authentication methods and greater control, you can purchase Microsoft Entra multifactor authentication in several ways.
+To protect user accounts in your organization, multifactor authentication should be used. This feature is especially important for accounts that have privileged access to resources. Basic multifactor authentication features are available to Microsoft 365 and Microsoft Entra ID users and administrators for no extra cost. If you want to upgrade the features for your admins or extend multifactor authentication to the rest of your users with more authentication methods and greater control, you can enable Microsoft Entra multifactor authentication by using Conditional Access. For more information, see [Common Conditional Access policy: Require MFA for all users](~/identity/conditional-access/howto-conditional-access-policy-all-users-mfa.md).
 
 > [!IMPORTANT]
-> This article details the different ways that Microsoft Entra multifactor authentication can be licensed and used. For specific details about pricing and billing, see the [Microsoft Entra pricing page](https://www.microsoft.com/en-us/security/business/identity-access-management/azure-ad-pricing).
+> This article details the different ways that Microsoft Entra multifactor authentication can be licensed and used. For specific details about pricing and billing, see the [Microsoft Entra pricing page](https://www.microsoft.com/security/business/microsoft-entra-pricing).
 
 <a name='available-versions-of-azure-ad-multi-factor-authentication'></a>
 
 ## Available versions of Microsoft Entra multifactor authentication
 
-Microsoft Entra multifactor authentication can be used, and licensed, in a few different ways depending on your organization's needs. All tenants are entitled to basic multifactor authentication features via Security Defaults. You may already be entitled to use advanced Microsoft Entra multifactor authentication depending on the Microsoft Entra ID, EMS, or Microsoft 365 license you currently have. For example, the first 50,000 monthly active users in Microsoft Entra External ID can use MFA and other Premium P1 or P2 features for free. For more information, see [Microsoft Entra External ID pricing](https://azure.microsoft.com/pricing/details/active-directory/external-identities/).
+Microsoft Entra multifactor authentication can be used, and licensed, in a few different ways depending on your organization's needs. All tenants are entitled to basic multifactor authentication features by using security defaults. You may already be entitled to use advanced Microsoft Entra multifactor authentication depending on the license you currently have. For example, the first 50,000 monthly active users in Microsoft Entra External ID can use MFA and other Premium P1 or P2 features for free. For more information, see [Azure Active Directory B2C pricing](https://azure.microsoft.com/pricing/details/active-directory/external-identities/).
 
 The following table details the different ways to get Microsoft Entra multifactor authentication and some of the features and use cases for each.
 
@@ -34,7 +34,7 @@ The following table details the different ways to get Microsoft Entra multifacto
 | [Microsoft Entra ID P1](~/fundamentals/get-started-premium.md) | You can use [Microsoft Entra Conditional Access](~/identity/conditional-access/howto-conditional-access-policy-all-users-mfa.md) to prompt users for multifactor authentication during certain scenarios or events to fit your business requirements. |
 | [Microsoft Entra ID P2](~/fundamentals/get-started-premium.md) | Provides the strongest security position and improved user experience. Adds [risk-based Conditional Access](~/identity/conditional-access/howto-conditional-access-policy-risk.md) to the Microsoft Entra ID P1 features that adapts to user's patterns and minimizes multifactor authentication prompts. |
 | [All Microsoft 365 plans](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans) | Microsoft Entra multifactor authentication can be enabled for all users using [security defaults](~/fundamentals/security-defaults.md). Management of Microsoft Entra multifactor authentication is through the Microsoft 365 portal. For an improved user experience, upgrade to Microsoft Entra ID P1 or P2 and use Conditional Access. For more information, see [secure Microsoft 365 resources with multifactor authentication](/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication).  |
-| [Office 365 free](https://www.microsoft.com/microsoft-365/enterprise/compare-office-365-plans)<br>[Microsoft Entra ID Free](~/verified-id/how-to-create-a-free-developer-account.md) | You can use [security defaults](~/fundamentals/security-defaults.md) to prompt users for multifactor authentication as needed but you don't have granular control of enabled users or scenarios, but it does provide that additional security step.<br /> Even when security defaults aren't used to enable multifactor authentication for everyone, users assigned the *Microsoft Entra Global Administrator* role can be configured to use multifactor authentication. This feature of the free tier makes sure the critical administrator accounts are protected by multifactor authentication. |
+| [Office 365 free](https://www.microsoft.com/microsoft-365/enterprise/compare-office-365-plans)<br>[Microsoft Entra ID Free](~/verified-id/how-to-create-a-free-developer-account.md) | You can use [security defaults](~/fundamentals/security-defaults.md) to prompt users for multifactor authentication as needed but you don't have granular control of enabled users or scenarios, but it does provide that additional security step. |
 
 ## Feature comparison based on licenses
 
@@ -61,7 +61,7 @@ The following table provides a list of the features that are available in the va
 
 ## Compare multifactor authentication policies
 
-Our recommended approach to enforce MFA is using [Conditional Access](~/identity/conditional-access/overview.md). Review the following table to determine the what capabilities are included in your licenses.
+Our recommended approach to enforce MFA is using [Conditional Access](~/identity/conditional-access/overview.md). Review the following table to determine what capabilities are included in your licenses.
 
 | Policy | Security defaults | Conditional Access | Per-user MFA |
 | --- |:---:|:---:|:---:|
@@ -84,28 +84,17 @@ Our recommended approach to enforce MFA is using [Conditional Access](~/identity
 | Support for "report only" mode | | ● | |
 | Ability to completely block users/services | | ● | |
 
-<a name='purchase-and-enable-azure-ad-multi-factor-authentication'></a>
-
-## Purchase and enable Microsoft Entra multifactor authentication
-
-To use Microsoft Entra multifactor authentication, register for or purchase an eligible Microsoft Entra tier. Microsoft Entra ID comes in four editions—Free, Office 365, Premium P1, and Premium P2.
-
-The Free edition is included with an Azure subscription. See the [section below](#azure-ad-free-tier) for information on how to use security defaults or protect accounts with the *Microsoft Entra Global Administrator* role.
-
-The Microsoft Entra ID P1 or P2 editions are available through your Microsoft representative, the [Open Volume License Program](https://www.microsoft.com/licensing/licensing-programs/open-license.aspx), and the [Cloud Solution Providers program](https://go.microsoft.com/fwlink/?LinkId=614968&clcid=0x409). Azure and Microsoft 365 subscribers can also buy Microsoft Entra ID P1 and P2 online. [Sign in](https://portal.office.com/Commerce/Catalog.aspx) to purchase.
-
-After you have purchased the required Microsoft Entra tier, [plan and deploy Microsoft Entra multifactor authentication](howto-mfa-getstarted.md).
 
 <a name='azure-ad-free-tier'></a>
 
-### Microsoft Entra ID Free tier
+## Microsoft Entra ID Free tier
 
 All users in a Microsoft Entra ID Free tenant can use Microsoft Entra multifactor authentication by using security defaults. The mobile authentication app can be used for Microsoft Entra multifactor authentication when using Microsoft Entra ID Free security defaults.
 
 * [Learn more about Microsoft Entra security defaults](~/fundamentals/security-defaults.md)
 * [Enable security defaults for users in Microsoft Entra ID Free](~/fundamentals/security-defaults.md#enabling-security-defaults)
 
-If you don't want to enable Microsoft Entra multifactor authentication for all users, you can instead choose to only protect user accounts with the *Microsoft Entra Global Administrator* role. This approach provides more authentication prompts for critical administrator accounts. You enable Microsoft Entra multifactor authentication in one of the following ways, depending on the type of account you use:
+You enable Microsoft Entra multifactor authentication in one of the following ways, depending on the type of account you use:
 
 * If you use a Microsoft Account, [register for multifactor authentication](https://support.microsoft.com/help/12408/microsoft-account-about-two-step-verification).
 * If you aren't using a Microsoft Account, [turn on multifactor authentication for a user or group in Microsoft Entra ID](howto-mfa-userstates.md).
diff --git a/docs/identity/authentication/concept-sspr-deploy.md b/docs/identity/authentication/concept-sspr-deploy.md
index 1ebdedb6416..a9dcf3c212d 100644
--- a/docs/identity/authentication/concept-sspr-deploy.md
+++ b/docs/identity/authentication/concept-sspr-deploy.md
@@ -5,7 +5,7 @@ description: Learn about deployment considerations and strategy for successful i
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 01/29/2023
+ms.date: 10/04/2024
 
 ms.author: justinha
 author: gargi-sinha
@@ -66,7 +66,7 @@ For more information about pricing, see [Microsoft Entra pricing](https://www.mi
 
 * A working Microsoft Entra tenant with at least a trial license enabled. If needed, [create one for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 
-* An account with Global Administrator privileges.
+* [!INCLUDE [Privileged role feature](../../includes/privileged-role-feature-include.md)]
 
 ### Guided walkthrough
 
@@ -134,7 +134,7 @@ When technology projects fail, they typically do so due to mismatched expectatio
 | - | - |
 | Level 1 helpdesk| Password Administrator |
 | Level 2 helpdesk| User Administrator |
-| SSPR administrator| Global Administrator |
+| SSPR administrator| Authentication Administrator |
 
 ### Plan a pilot
 
@@ -311,10 +311,12 @@ Microsoft Entra ID can provide additional information on your SSPR performance t
 
 ### Password management activity reports 
 
-You can use pre-built reports on Microsoft Entra admin center to measure the SSPR performance. If you're appropriately licensed, you can also create custom queries. For more information, see [Reporting options for Microsoft Entra password management](./howto-sspr-reporting.md)
+You can use pre-built reports on Microsoft Entra admin center to measure the SSPR performance. If you're appropriately licensed, you can also create custom queries. For more information, see [Reporting options for Microsoft Entra password management](./howto-sspr-reporting.md).
+
+[!INCLUDE [Privileged role feature](../../includes/privileged-role-feature-include.md)]
 
 > [!NOTE]
-> You must be a [Global Administrator](../role-based-access-control/permissions-reference.md#global-administrator), and you must opt-in for this data to be gathered for your organization. To opt in, you must visit the Reporting tab or the audit logs on the Microsoft Entra admin center at least once. Until then, the data doesn't collect for your organization.
+> You must opt-in for this data to be gathered for your organization. To opt in, you must visit the Reporting tab or the audit logs on the Microsoft Entra admin center at least once. Until then, the data doesn't collect for your organization.
 
 Audit logs for registration and password reset are available for 30 days. If security auditing within your corporation requires longer retention, the logs need to be exported and consumed into a SIEM tool such as [Microsoft Sentinel](/azure/sentinel/connect-azure-active-directory), Splunk, or ArcSight.
 
diff --git a/docs/identity/authentication/concepts-azure-multi-factor-authentication-prompts-session-lifetime.md b/docs/identity/authentication/concepts-azure-multi-factor-authentication-prompts-session-lifetime.md
index 1dcac9af675..0602e3bf850 100644
--- a/docs/identity/authentication/concepts-azure-multi-factor-authentication-prompts-session-lifetime.md
+++ b/docs/identity/authentication/concepts-azure-multi-factor-authentication-prompts-session-lifetime.md
@@ -7,7 +7,7 @@ ms.service: entra-id
 ms.subservice: authentication
 ms.custom: has-azure-ad-ps-ref
 ms.topic: conceptual
-ms.date: 09/14/2023
+ms.date: 10/04/2024
 
 ms.author: justinha
 author: justinha
@@ -108,7 +108,7 @@ Under each sign-in log, go to the **Authentication Details** tab and explore **S
 
 To configure or review the *Remain signed-in* option, complete the following steps:
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a [Global Administrator](~/identity/role-based-access-control/permissions-reference.md#global-administrator).
+1. [!INCLUDE [Privileged role](../../includes/privileged-role-include.md)]
 1. Browse to **Identity** > **Company Branding**, then for each locale, choose **Show option to remain signed in**.
 1. Choose *Yes*, then select **Save**.
 
diff --git a/docs/identity/authentication/how-to-authentication-methods-manage.md b/docs/identity/authentication/how-to-authentication-methods-manage.md
index cb3f22ea7ba..49019bc07ec 100644
--- a/docs/identity/authentication/how-to-authentication-methods-manage.md
+++ b/docs/identity/authentication/how-to-authentication-methods-manage.md
@@ -5,7 +5,7 @@ description: Learn about how to centrally manage multifactor authentication and
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 09/24/2023
+ms.date: 10/04/2024
 
 ms.author: justinha
 author: justinha
@@ -33,7 +33,12 @@ If you aren't using SSPR and aren't yet using the Authentication methods policy,
 
 ### Review the legacy MFA policy
 
-Start by documenting which methods are available in the legacy MFA policy. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a [Global Administrator](~/identity/role-based-access-control/permissions-reference.md#global-administrator). Go to **Identity** > **Users** > **All users** > **Per-user MFA** > **service settings** to view the settings. These settings are tenant-wide, so there's no need for user or group information. 
+Start by documenting which methods are available in the legacy MFA policy. 
+
+[!INCLUDE [Privileged role](../../includes/privileged-role-include.md)]
+
+Go to **Identity** > **Users** > **All users** > **Per-user MFA** > **service settings** to view the settings. 
+These settings are tenant-wide, so there's no need for user or group information. 
 
 :::image type="content" border="false" source="media/how-to-authentication-methods-manage/legacy-mfa-policy.png" alt-text="Screenshot the shows the legacy Microsoft Entra multifactor authentication policy." lightbox="media/how-to-authentication-methods-manage/legacy-mfa-policy.png":::
 
diff --git a/docs/identity/authentication/howto-authentication-methods-activity.md b/docs/identity/authentication/howto-authentication-methods-activity.md
index 165302626ef..0aea79f5566 100644
--- a/docs/identity/authentication/howto-authentication-methods-activity.md
+++ b/docs/identity/authentication/howto-authentication-methods-activity.md
@@ -136,7 +136,9 @@ The registration details report shows the following information for each user:
 ## Limitations
 
 - The data in the report is not updated in real-time and may reflect a latency of up to a few hours.
-- The **PhoneAppNotification** or **PhoneAppOTP** methods that a user might have configured are not displayed in the dashboard on **Microsoft Entra authentication methods - Policies**. 
+- The **PhoneAppNotification** or **PhoneAppOTP** methods that a user might have configured are not displayed in the dashboard on **Microsoft Entra authentication methods - Policies**.
+- Bulk operations in the Microsoft Entra admin portal could time out and fail on very large tenants. This limitation is a known issue due to scaling limitations. For more information, see [Bulk operations](/entra/fundamentals/bulk-operations-service-limitations?WT.mc_id=Portal-Microsoft_AAD_IAM).
+
 
 ## Next steps
 
diff --git a/docs/identity/authentication/howto-authentication-passwordless-phone.md b/docs/identity/authentication/howto-authentication-passwordless-phone.md
index d6bd9c00a9a..6541e63c270 100644
--- a/docs/identity/authentication/howto-authentication-passwordless-phone.md
+++ b/docs/identity/authentication/howto-authentication-passwordless-phone.md
@@ -7,7 +7,7 @@ ms.service: entra-id
 ms.subservice: authentication
 ms.custom: has-azure-ad-ps-ref
 ms.topic: how-to
-ms.date: 08/13/2024
+ms.date: 10/04/2024
 
 
 ms.author: justinha
@@ -141,7 +141,6 @@ The Authentication methods policy is the recommended way to manage Microsoft Aut
 
 Admins can also configure parameters to better control how Microsoft Authenticator can be used. For example, they can add location or app name to the sign-in request so users have greater context before they approve.  
 
-Global Administrators can also manage Microsoft Authenticator on a tenant-wide basis by using legacy MFA and SSPR policies. These policies allow Microsoft Authenticator to be enabled or disabled for all users in the tenant. There are no options to include or exclude anyone, or control how Microsoft Authenticator can be used for sign-in. 
 
 ## Known issues
 
diff --git a/docs/identity/authentication/howto-authentication-passwordless-security-key-on-premises.md b/docs/identity/authentication/howto-authentication-passwordless-security-key-on-premises.md
index 32904683be6..20ca598c54c 100644
--- a/docs/identity/authentication/howto-authentication-passwordless-security-key-on-premises.md
+++ b/docs/identity/authentication/howto-authentication-passwordless-security-key-on-premises.md
@@ -132,17 +132,17 @@ _(Example: For US Government Cloud)_
 ### Example 1 prompt for all credentials
 
    ```powershell
-   # Specify the on-premises Active Directory domain. A new Azure AD
+   # Specify the on-premises Active Directory domain. A new Microsoft Entra ID
    # Kerberos Server object will be created in this Active Directory domain.
    $domain = $env:USERDNSDOMAIN
 
    # Enter an Azure Active Directory Global Administrator username and password.
-   $cloudCred = Get-Credential -Message 'An Active Directory user who is a member of the Global Administrators group for Azure AD.'
+   $cloudCred = Get-Credential -Message 'An Active Directory user who is a member of the Global Administrators group for Microsoft Entra ID.'
 
    # Enter a Domain Administrator username and password.
    $domainCred = Get-Credential -Message 'An Active Directory user who is a member of the Domain Admins group.'
 
-   # Create the new Azure AD Kerberos Server object in Active Directory
+   # Create the new Microsoft Entra ID Kerberos Server object in Active Directory
    # and then publish it to Azure Active Directory.
    Set-AzureADKerberosServer -Domain $domain -CloudCredential $cloudCred -DomainCredential $domainCred
    ```
@@ -152,14 +152,14 @@ _(Example: For US Government Cloud)_
    > If you're working on a domain-joined machine with an account that has domain administrator privileges, you can skip the "-DomainCredential" parameter. If the "-DomainCredential" parameter isn't provided, the current Windows login credential is used to access your on-premises Active Directory Domain Controller.
 
    ```powershell
-   # Specify the on-premises Active Directory domain. A new Azure AD
+   # Specify the on-premises Active Directory domain. A new Microsoft Entra ID
    # Kerberos Server object will be created in this Active Directory domain.
    $domain = $env:USERDNSDOMAIN
 
    # Enter an Azure Active Directory Global Administrator username and password.
    $cloudCred = Get-Credential
 
-   # Create the new Azure AD Kerberos Server object in Active Directory
+   # Create the new Microsoft Entra ID Kerberos Server object in Active Directory
    # and then publish it to Azure Active Directory.
    # Use the current windows login credential to access the on-premises AD.
    Set-AzureADKerberosServer -Domain $domain -CloudCredential $cloudCred
@@ -172,7 +172,7 @@ _(Example: For US Government Cloud)_
    > - Replace `administrator@contoso.onmicrosoft.com` in the following example with the UPN of a Global Administrator.
 
    ```powershell
-   # Specify the on-premises Active Directory domain. A new Azure AD
+   # Specify the on-premises Active Directory domain. A new Microsoft Entra ID
    # Kerberos Server object will be created in this Active Directory domain.
    $domain = $env:USERDNSDOMAIN
 
@@ -182,9 +182,9 @@ _(Example: For US Government Cloud)_
    # Enter a Domain Administrator username and password.
    $domainCred = Get-Credential
 
-   # Create the new Azure AD Kerberos Server object in Active Directory
+   # Create the new Microsoft Entra ID Kerberos Server object in Active Directory
    # and then publish it to Azure Active Directory.
-   # Open an interactive sign-in prompt with given username to access the Azure AD.
+   # Open an interactive sign-in prompt with given username to access the Microsoft Entra ID.
    Set-AzureADKerberosServer -Domain $domain -UserPrincipalName $userPrincipalName -DomainCredential $domainCred
    ```
 
@@ -194,16 +194,16 @@ _(Example: For US Government Cloud)_
       > - Replace `administrator@contoso.onmicrosoft.com` in the following example with the UPN of a Global Administrator.
 
    ```powershell
-   # Specify the on-premises Active Directory domain. A new Azure AD
+   # Specify the on-premises Active Directory domain. A new Microsoft Entra ID
    # Kerberos Server object will be created in this Active Directory domain.
    $domain = $env:USERDNSDOMAIN
 
    # Enter a UPN of a Global Administrator
    $userPrincipalName = "administrator@contoso.onmicrosoft.com"
 
-   # Create the new Azure AD Kerberos Server object in Active Directory
+   # Create the new Microsoft Entra ID Kerberos Server object in Active Directory
    # and then publish it to Azure Active Directory.
-   # Open an interactive sign-in prompt with given username to access the Azure AD.
+   # Open an interactive sign-in prompt with given username to access the Microsoft Entra ID.
    Set-AzureADKerberosServer -Domain $domain -UserPrincipalName $userPrincipalName
    ```
 
diff --git a/docs/identity/authentication/howto-authentication-temporary-access-pass.md b/docs/identity/authentication/howto-authentication-temporary-access-pass.md
index d96a9c077e1..8971afeba0e 100644
--- a/docs/identity/authentication/howto-authentication-temporary-access-pass.md
+++ b/docs/identity/authentication/howto-authentication-temporary-access-pass.md
@@ -67,8 +67,7 @@ To configure the TAP authentication method policy:
 
 After you enable a TAP policy, you can create TAPs for users in Microsoft Entra ID.  These following roles can perform various actions related to a TAP.
 
-- Global Administrators can create, delete, and view a TAP for any user (except themselves).
-- Privileged Authentication Administrators can create, delete, and view a TAP for admins and members (except themselves).
+- Those assigned at least the Privileged Authentication Administrator role can create, delete, and view a TAP for admins and members (except themselves).
 - Authentication Administrators can create, delete, and view a TAP for members (except themselves).
 - Global Readers can view TAP details for the user (without reading the code itself).
 
diff --git a/docs/identity/authentication/howto-mfa-reporting-datacollection.md b/docs/identity/authentication/howto-mfa-reporting-datacollection.md
index 10df3eb109d..7ebc41fcbd6 100644
--- a/docs/identity/authentication/howto-mfa-reporting-datacollection.md
+++ b/docs/identity/authentication/howto-mfa-reporting-datacollection.md
@@ -195,7 +195,7 @@ Use the Microsoft Privacy portal to make a request for Account Close to delete a
 
 Users can add answers to security questions as part of SSPR. Security questions and answers are hashed to prevent unauthorized access. Only the hashed data is saved, so the security questions and answers can't be exported. Users can go to [My sign-ins](https://mysignins.microsoft.com/security-info) to edit or delete them. The only other information saved for SSPR is the user email address. 
 
-Global Administrators can remove data collected for any user. On the **Users** page in Microsoft Entra ID, click **Authentication methods** and select a user to remove their phone or email address. 
+Those assigned the [Privileged Authentication Administrator](/entra/identity/role-based-access-control/permissions-reference#privileged-authentication-administrator) role can remove data collected for any user. On the **Users** page in Microsoft Entra ID, click **Authentication methods** and select a user to remove their phone or email address. 
 
 ## Next steps
 
diff --git a/docs/identity/authentication/howto-registration-mfa-sspr-combined-troubleshoot.md b/docs/identity/authentication/howto-registration-mfa-sspr-combined-troubleshoot.md
index a17ebfbba5f..13971d14db9 100644
--- a/docs/identity/authentication/howto-registration-mfa-sspr-combined-troubleshoot.md
+++ b/docs/identity/authentication/howto-registration-mfa-sspr-combined-troubleshoot.md
@@ -131,7 +131,7 @@ The steps that follow will help you roll back a user or group of users.
 
 #### Rollback
 
-In a PowerShell window, run the following command, providing the script and user file locations. Enter Global Administrator credentials when prompted. The script will output the outcome of each user update operation.
+In a PowerShell window, run the following command, providing the script and user file locations. Provide at least [Privileged Authentication Administrator](/entra/identity/role-based-access-control/permissions-reference#privileged-authentication-administrator) credentials when prompted. The script will output the outcome of each user update operation.
 
 `<script location> -path <user file location>`
 
diff --git a/docs/identity/authentication/howto-sspr-authenticationdata.md b/docs/identity/authentication/howto-sspr-authenticationdata.md
index b77548470b4..510f6c705cf 100644
--- a/docs/identity/authentication/howto-sspr-authenticationdata.md
+++ b/docs/identity/authentication/howto-sspr-authenticationdata.md
@@ -44,7 +44,7 @@ After a user verifies their mobile phone number, the *Phone* field under **Authe
 
 ## Authentication contact info
 
-On the **Authentication methods** page for a Microsoft Entra user in the Microsoft Entra admin center, a Global Administrator can manually set the authentication contact information. You can review existing methods under the *Usable authentication methods* section, or **+Add authentication methods**, as shown in the following example screenshot:
+On the **Authentication methods** page for a Microsoft Entra user in the Microsoft Entra admin center, those assigned at least the [Privileged Authentication Administrator](/entra/identity/role-based-access-control/permissions-reference#privileged-authentication-administrator) rolce can manually set the authentication contact information for anyone. You can review existing methods under the *Usable authentication methods* section, or **+Add authentication methods**, as shown in the following example screenshot:
 
 :::image type="content" source="media/howto-sspr-authenticationdata/user-authentication-contact-info.png" alt-text="Screenshot of how to manage authentication methods":::
 
diff --git a/docs/identity/authentication/tutorial-enable-cloud-sync-sspr-writeback.md b/docs/identity/authentication/tutorial-enable-cloud-sync-sspr-writeback.md
index 7b40cad10a2..42d57913616 100644
--- a/docs/identity/authentication/tutorial-enable-cloud-sync-sspr-writeback.md
+++ b/docs/identity/authentication/tutorial-enable-cloud-sync-sspr-writeback.md
@@ -56,7 +56,7 @@ To verify and enable password writeback in SSPR, complete the following steps:
 1. When ready, select **Save**.
 
 #### PowerShell
-With PowerShell you can enable Microsoft Entra Connect cloud sync by using the Set-AADCloudSyncPasswordWritebackConfiguration cmdlet on the servers with the provisioning agents. You will need Global Administrator credentials: 
+With PowerShell you can enable Microsoft Entra Connect cloud sync by using the Set-AADCloudSyncPasswordWritebackConfiguration cmdlet on the servers with the provisioning agents.
 
 ```powershell
 Import-Module 'C:\\Program Files\\Microsoft Azure AD Connect Provisioning Agent\\Microsoft.CloudSync.Powershell.dll' 
diff --git a/docs/identity/authentication/tutorial-enable-sspr.md b/docs/identity/authentication/tutorial-enable-sspr.md
index 2804b572932..79a151850f5 100644
--- a/docs/identity/authentication/tutorial-enable-sspr.md
+++ b/docs/identity/authentication/tutorial-enable-sspr.md
@@ -39,8 +39,8 @@ You can also follow along in a related video: [How to enable and configure SSPR
 
 To finish this tutorial, you need the following resources and privileges:
 
-* A working Microsoft Entra tenant with at least a Microsoft Entra ID P1 license is required for password reset. For more information about license requirements for password change and password reset in Entra ID, see [Licensing requirements for Microsoft Entra self-service password reset](concept-sspr-licensing.md).
-* An account with *Global Administrator* or *Authentication Policy Administrator* privileges.
+* A working Microsoft Entra tenant with at least a Microsoft Entra ID P1 license is required for password reset. For more information about license requirements for password change and password reset in Microsoft Entra ID, see [Licensing requirements for Microsoft Entra self-service password reset](concept-sspr-licensing.md).
+* An account with at least the Authentication Policy Administrator role.
 * A non-administrator user with a password you know, like *testuser*. You'll test the end-user SSPR experience using this account in this tutorial.
     * If you need to create a user, see [Quickstart: Add new users to Microsoft Entra ID](~/fundamentals/add-users.md).
 * A group that the non-administrator user is a member of, likes *SSPR-Test-Group*. You'll enable SSPR for this group in this tutorial.
@@ -101,7 +101,7 @@ An administrator can manually provide this contact information, or users can go
 
 ## Set up notifications and customizations
 
-To keep users informed about account activity, you can set up Microsoft Entra ID to send email notifications when an SSPR event happens. These notifications can cover both regular user accounts and admin accounts. For admin accounts, this notification provides another layer of awareness when a privileged administrator account password is reset using SSPR. Microsoft Entra ID will notify all Global Administrators when someone uses SSPR on an admin account.
+To keep users informed about account activity, you can set up Microsoft Entra ID to send email notifications when an SSPR event happens. These notifications can cover both regular user accounts and admin accounts. For admin accounts, this notification provides another layer of awareness when a privileged administrator account password is reset using SSPR. Microsoft Entra ID can notify all Administrators when someone uses SSPR on an admin account.
 
 1. From the menu on the left side of the **Notifications** page, set up the following options:
 
diff --git a/docs/identity/enterprise-apps/certificate-signing-options.md b/docs/identity/enterprise-apps/certificate-signing-options.md
index 89ab23a90d5..e2fd1743fa4 100644
--- a/docs/identity/enterprise-apps/certificate-signing-options.md
+++ b/docs/identity/enterprise-apps/certificate-signing-options.md
@@ -58,9 +58,7 @@ To change an application's SAML certificate signing options and the certificate
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator). 
 1. Browse to **Identity** > **Applications** > **Enterprise applications** > **All applications**.
-1. Enter the name of the existing application in the search box, and then select the application from the search results. In this example, you use the Salesforce application.
-
-   ![Example: Application overview page](./media/certificate-signing-options/application-overview-page.png)
+1. Enter the name of the existing application in the search box, and then select the application from the search results.
 
 Next, change the certificate signing options in the SAML token for that application:
 
diff --git a/docs/identity/enterprise-apps/custom-security-attributes-apps.md b/docs/identity/enterprise-apps/custom-security-attributes-apps.md
index d56eb06eb44..900587cf79b 100644
--- a/docs/identity/enterprise-apps/custom-security-attributes-apps.md
+++ b/docs/identity/enterprise-apps/custom-security-attributes-apps.md
@@ -103,8 +103,6 @@ You can filter the list of custom security attributes assigned to applications o
 
 1. For **Value**, enter or select a value.
 
-    :::image type="content" source="./media/custom-security-attributes-apps/apps-attributes-filter.png" alt-text="Screenshot showing a custom security attribute filter for applications." lightbox="./media/custom-security-attributes-apps/apps-attributes-filter.png":::
-
 1. To apply the filter, select **Apply**.
 
 ### Remove custom security attribute assignments from applications
diff --git a/docs/identity/enterprise-apps/delete-application-portal.md b/docs/identity/enterprise-apps/delete-application-portal.md
index 8060ed7b10e..be08140d169 100644
--- a/docs/identity/enterprise-apps/delete-application-portal.md
+++ b/docs/identity/enterprise-apps/delete-application-portal.md
@@ -43,7 +43,7 @@ To delete an enterprise application, you need:
 1. In the **Manage** section of the left menu, select **Properties**.
 1. At the top of the **Properties** pane, select **Delete**, and then select **Yes** to confirm you want to delete the application from your Microsoft Entra tenant.
 
-    :::image type="content" source="media/delete-application-portal/delete-application.png" alt-text="Delete an enterprise application." lightbox="media/delete-application-portal/delete-application.png":::
+    :::image type="content" source="media/delete-application-portal/delete-application.png" alt-text="screenshot of how to delete an enterprise application." lightbox="media/delete-application-portal/delete-application.png":::
 
 :::zone-end
 
diff --git a/docs/identity/enterprise-apps/f5-big-ip-headers-easy-button.md b/docs/identity/enterprise-apps/f5-big-ip-headers-easy-button.md
index f5d0a3b8914..e06fdd92bb4 100644
--- a/docs/identity/enterprise-apps/f5-big-ip-headers-easy-button.md
+++ b/docs/identity/enterprise-apps/f5-big-ip-headers-easy-button.md
@@ -149,17 +149,12 @@ You can reuse settings to publish more applications.
 4. Confirm the BIG-IP connects to your tenant.
 5. Select **Next**
 
-   ![Screenshot of entries and options for Configuration Properties.](./media/f5-big-ip-easy-button-ldap/config-properties.png)
-
 ### Service Provider
 
 In Service Provider settings, define SAML SP instance settings for the SHA-protected application.
 
 1. Enter a **Host**, the application public FQDN.
 2. Enter an **Entity ID**, the identifier Microsoft Entra ID uses to identify the SAML SP requesting a token.
-
-   ![Screenshot of input fields for Service Provider.](./media/f5-big-ip-easy-button-ldap/service-provider.png)
-
 3. (Optional) In Security Settings, select **Enable Encryption Assertion** to enable Microsoft Entra ID to encrypt issued SAML assertions. Microsoft Entra ID and BIG-IP APM encryption assertions help assure content tokens aren't intercepted, nor personal or corporate data compromised.
 
 4. In **Security Settings**, from the **Assertion Decryption Private Key** list, select **Create New**.
diff --git a/docs/identity/enterprise-apps/f5-big-ip-kerberos-easy-button.md b/docs/identity/enterprise-apps/f5-big-ip-kerberos-easy-button.md
index 6d0f62898e4..d8f1f49e57d 100644
--- a/docs/identity/enterprise-apps/f5-big-ip-kerberos-easy-button.md
+++ b/docs/identity/enterprise-apps/f5-big-ip-kerberos-easy-button.md
@@ -129,9 +129,6 @@ Some settings are global, which can be reused for publishing more applications,
 1. Provide a unique **Configuration Name**.
 2. Enable **Single Sign-On (SSO) & HTTP Headers**.
 3. Enter the **Tenant ID**, **Client ID**, and **Client Secret** you noted when registering the Easy Button client in your tenant.
-
-    ![Screenshot of Configuration Name, SSO and HTTP Headers, and Azure Service Account Details entries.](./media/f5-big-ip-kerberos-easy-button/azure-configuration-properties.png)
-
 4. Confirm the BIG-IP connects to your tenant.
 5. Select **Next**.
 
diff --git a/docs/identity/enterprise-apps/f5-big-ip-ldap-header-easybutton.md b/docs/identity/enterprise-apps/f5-big-ip-ldap-header-easybutton.md
index 50c46374f78..a8a035ad825 100644
--- a/docs/identity/enterprise-apps/f5-big-ip-ldap-header-easybutton.md
+++ b/docs/identity/enterprise-apps/f5-big-ip-ldap-header-easybutton.md
@@ -133,17 +133,12 @@ Some of these settings are global, therefore can be reused to publish more appli
 4. Confirm the BIG-IP can connect to your tenant.
 5. Select **Next**.
 
-    ![Screenshot of entries for General Properties and Azure Service Account Details, on Configuration Properties.](./media/f5-big-ip-easy-button-ldap/config-properties.png)
-
 ### Service Provider
 
 The Service Provider settings define the properties for the SAML SP instance of the application protected through SHA.
 
 1. Enter **Host**, the public fully qualified domain name (FQDN) of the application being secured.
 2. Enter **Entity ID**, the identifier Microsoft Entra ID uses to identify the SAML SP requesting a token.
-
-    ![Screenshot of Host and Entity ID entries on Service Provider.](./media/f5-big-ip-easy-button-ldap/service-provider.png)
-
 Use the optional **Security Settings** to specify whether Microsoft Entra ID encrypts issued SAML assertions. Encrypting assertions between Microsoft Entra ID and the BIG-IP APM provides assurance the content tokens can’t be intercepted, and personal or corporate data can't be compromised.
 
 3. From the **Assertion Decryption Private Key** list, select **Create New**
diff --git a/docs/identity/enterprise-apps/f5-big-ip-oracle-enterprise-business-suite-easy-button.md b/docs/identity/enterprise-apps/f5-big-ip-oracle-enterprise-business-suite-easy-button.md
index a16f8e3af9b..d72940ee141 100644
--- a/docs/identity/enterprise-apps/f5-big-ip-oracle-enterprise-business-suite-easy-button.md
+++ b/docs/identity/enterprise-apps/f5-big-ip-oracle-enterprise-business-suite-easy-button.md
@@ -152,8 +152,6 @@ To reduce time and effort, reuse global settings to publish other applications.
 4. Confirm the BIG-IP connects to your tenant.
 5. Select **Next**.
 
-   ![Screenshot of input on the Configuration Properties dialog.](./media/f5-big-ip-oracle/configuration-general-and-service-account-properties.png)
-
 ### Service Provider
 
 Use Service Provider settings for the properties of the SAML SP instance of the protected application.
diff --git a/docs/identity/enterprise-apps/f5-big-ip-oracle-jde-easy-button.md b/docs/identity/enterprise-apps/f5-big-ip-oracle-jde-easy-button.md
index abeec1deaa1..6ce9b52a890 100644
--- a/docs/identity/enterprise-apps/f5-big-ip-oracle-jde-easy-button.md
+++ b/docs/identity/enterprise-apps/f5-big-ip-oracle-jde-easy-button.md
@@ -144,9 +144,7 @@ Use the **Configuration Properties** tab to creat new application configurations
 2. Enter the **Tenant ID, Client ID**, and **Client Secret** you noted.
 4. Confirm the BIG-IP connects to the tenant.
 5. Select **Next**
-
-   ![Screenshot of options and selections for Configuration Properties.](./media/f5-big-ip-easy-button-oracle-jde/configuration-general-and-service-account-properties.png)
-   
+  
 ### Service Provider
 
 The Service Provider settings define the properties for the SAML SP instance of the application protected through SHA.
diff --git a/docs/identity/enterprise-apps/f5-big-ip-oracle-peoplesoft-easy-button.md b/docs/identity/enterprise-apps/f5-big-ip-oracle-peoplesoft-easy-button.md
index 09e7277b207..5eeaef65104 100644
--- a/docs/identity/enterprise-apps/f5-big-ip-oracle-peoplesoft-easy-button.md
+++ b/docs/identity/enterprise-apps/f5-big-ip-oracle-peoplesoft-easy-button.md
@@ -149,8 +149,6 @@ Use the **Configuration Properties** tab to creat new application configurations
 3. Enter the **Tenant ID, Client ID**, and **Client Secret** you noted.
 4. Confirm the BIG-IP connects to the tenant.
 5. Select **Next**.
-
-![Screenshot of options and selections for Configuration Properties.](./media/f5-big-ip-easy-button-oracle-peoplesoft/configuration-general-and-service-account-properties.png)
  
 ### Service Provider
 
@@ -314,17 +312,11 @@ Configure Oracle Access Manager to accept SSO from the BIG-IP.
 6. For **User ID**, enter **OAMPSFT**
 7. For **User Role**, enter **PeopleSoft User**.
 8. Select **Save**.
-
-![Screenshot of User ID on the Roles tab, User Profiles.](./media/f5-big-ip-easy-button-oracle-peoplesoft/user-profiles.png)
- 
 9.    Navigate to **People Tools** > **Web Profile**.
 10.    Select the web profile.
 11.    On **Security** tab, in **Public Users**, select **Allow Public Access**.
 12.    For **User ID**, enter **OAMPSFT**.
 13.    Enter the **Password**.
-
-![Screenshot of options and selections for Public Users.](./media/f5-big-ip-easy-button-oracle-peoplesoft/web-profiles.png)
- 
 14.    Leave the Peoplesoft console.
 15.    Start **PeopleTools Application Designer**.
 16.    Right-click the **LDAPAUTH** field.
diff --git a/docs/identity/enterprise-apps/f5-big-ip-sap-erp-easy-button.md b/docs/identity/enterprise-apps/f5-big-ip-sap-erp-easy-button.md
index cc22118447a..30bc9838492 100644
--- a/docs/identity/enterprise-apps/f5-big-ip-sap-erp-easy-button.md
+++ b/docs/identity/enterprise-apps/f5-big-ip-sap-erp-easy-button.md
@@ -140,9 +140,7 @@ The **Configuration Properties** tab has service account properties and creates
 3. For **Tenant ID, Client ID,** and **Client Secret**, enter the Tenant ID, Client ID, and Client Secret you noted during tenant registration.
 4. Select **Test Connection**. This action confirms the BIG-IP connects to your tenant.
 5. Select **Next**.
-
-   ![Screenshot of options and selections for Configuration Properties.](./media/f5-big-ip-easy-button-sap-erp/configuration-general-and-service-account-properties.png)
-   
+  
 ### Service Provider
 
 Use the Service Provider settings to define SAML SP instance properties of the application secured by SHA.
diff --git a/docs/identity/enterprise-apps/media/certificate-signing-options/application-overview-page.png b/docs/identity/enterprise-apps/media/certificate-signing-options/application-overview-page.png
deleted file mode 100644
index d9d6e9a0980..00000000000
Binary files a/docs/identity/enterprise-apps/media/certificate-signing-options/application-overview-page.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/configure-admin-consent-workflow/review-consent-requests.png b/docs/identity/enterprise-apps/media/configure-admin-consent-workflow/review-consent-requests.png
deleted file mode 100644
index 2f8fe6f5e00..00000000000
Binary files a/docs/identity/enterprise-apps/media/configure-admin-consent-workflow/review-consent-requests.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/custom-security-attributes-apps/apps-attributes-filter.png b/docs/identity/enterprise-apps/media/custom-security-attributes-apps/apps-attributes-filter.png
deleted file mode 100644
index c9d4ee82e9f..00000000000
Binary files a/docs/identity/enterprise-apps/media/custom-security-attributes-apps/apps-attributes-filter.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/delete-application-portal/delete-application.png b/docs/identity/enterprise-apps/media/delete-application-portal/delete-application.png
index 1592b9ceecf..4b6f0291509 100644
Binary files a/docs/identity/enterprise-apps/media/delete-application-portal/delete-application.png and b/docs/identity/enterprise-apps/media/delete-application-portal/delete-application.png differ
diff --git a/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-ldap/config-properties.png b/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-ldap/config-properties.png
deleted file mode 100644
index bd86239da2f..00000000000
Binary files a/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-ldap/config-properties.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-ldap/service-provider.png b/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-ldap/service-provider.png
deleted file mode 100644
index f71c1402083..00000000000
Binary files a/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-ldap/service-provider.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-oracle-jde/configuration-general-and-service-account-properties.png b/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-oracle-jde/configuration-general-and-service-account-properties.png
deleted file mode 100644
index e66fff56d47..00000000000
Binary files a/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-oracle-jde/configuration-general-and-service-account-properties.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-oracle-peoplesoft/configuration-general-and-service-account-properties.png b/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-oracle-peoplesoft/configuration-general-and-service-account-properties.png
deleted file mode 100644
index 829f1f909e4..00000000000
Binary files a/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-oracle-peoplesoft/configuration-general-and-service-account-properties.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-oracle-peoplesoft/user-profiles.png b/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-oracle-peoplesoft/user-profiles.png
deleted file mode 100644
index 95257132814..00000000000
Binary files a/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-oracle-peoplesoft/user-profiles.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-oracle-peoplesoft/web-profiles.png b/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-oracle-peoplesoft/web-profiles.png
deleted file mode 100644
index c98ef4726d1..00000000000
Binary files a/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-oracle-peoplesoft/web-profiles.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-sap-erp/configuration-general-and-service-account-properties.png b/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-sap-erp/configuration-general-and-service-account-properties.png
deleted file mode 100644
index 102792f9217..00000000000
Binary files a/docs/identity/enterprise-apps/media/f5-big-ip-easy-button-sap-erp/configuration-general-and-service-account-properties.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/f5-big-ip-kerberos-easy-button/azure-configuration-properties.png b/docs/identity/enterprise-apps/media/f5-big-ip-kerberos-easy-button/azure-configuration-properties.png
deleted file mode 100644
index 21bd063d13b..00000000000
Binary files a/docs/identity/enterprise-apps/media/f5-big-ip-kerberos-easy-button/azure-configuration-properties.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/f5-big-ip-oracle/configuration-general-and-service-account-properties.png b/docs/identity/enterprise-apps/media/f5-big-ip-oracle/configuration-general-and-service-account-properties.png
deleted file mode 100644
index 7c3fa1338ea..00000000000
Binary files a/docs/identity/enterprise-apps/media/f5-big-ip-oracle/configuration-general-and-service-account-properties.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/migrate-adfs-represent-security-policies/permit-access-to-all-users-2.png b/docs/identity/enterprise-apps/media/migrate-adfs-represent-security-policies/permit-access-to-all-users-2.png
deleted file mode 100644
index 40cfbad413e..00000000000
Binary files a/docs/identity/enterprise-apps/media/migrate-adfs-represent-security-policies/permit-access-to-all-users-2.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/migrate-applications-from-okta/import-api.png b/docs/identity/enterprise-apps/media/migrate-applications-from-okta/import-api.png
deleted file mode 100644
index 8f6c67dc047..00000000000
Binary files a/docs/identity/enterprise-apps/media/migrate-applications-from-okta/import-api.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/migrate-applications-from-okta/list-of-new-applications.png b/docs/identity/enterprise-apps/media/migrate-applications-from-okta/list-of-new-applications.png
deleted file mode 100644
index 984a7adda4d..00000000000
Binary files a/docs/identity/enterprise-apps/media/migrate-applications-from-okta/list-of-new-applications.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/overview-application-gallery/enterprise-applications.png b/docs/identity/enterprise-apps/media/overview-application-gallery/enterprise-applications.png
deleted file mode 100644
index e8c4a30f7ea..00000000000
Binary files a/docs/identity/enterprise-apps/media/overview-application-gallery/enterprise-applications.png and /dev/null differ
diff --git a/docs/identity/enterprise-apps/media/view-applications-portal/view-enterprise-applications.png b/docs/identity/enterprise-apps/media/view-applications-portal/view-enterprise-applications.png
index 6bf2acb9468..854e8b2c39c 100644
Binary files a/docs/identity/enterprise-apps/media/view-applications-portal/view-enterprise-applications.png and b/docs/identity/enterprise-apps/media/view-applications-portal/view-enterprise-applications.png differ
diff --git a/docs/identity/enterprise-apps/migrate-ad-fs-application-howto.md b/docs/identity/enterprise-apps/migrate-ad-fs-application-howto.md
index 5971fb7e670..b03cc368847 100644
--- a/docs/identity/enterprise-apps/migrate-ad-fs-application-howto.md
+++ b/docs/identity/enterprise-apps/migrate-ad-fs-application-howto.md
@@ -187,8 +187,6 @@ Assisted users and groups configuration supports the following configurations fr
 
 These are the users and groups you can view on the configuration wizard. This is a read-only view, you can't make any changes to this section.
 
-:::image type="content" source="media/migrate-ad-fs-application-howto/user-group-settings-application-migration-wizard.png" alt-text="Screenshot of the AD FS application migration users and groups tab.":::
-
 ### SAML configurations tab
 
 This tab shows the basic SAML properties that are used for the Single sign-on settings of the Microsoft Entra application. Currently, only required properties are mapped which are Identifier and Reply URL only.
diff --git a/docs/identity/enterprise-apps/migrate-adfs-represent-security-policies.md b/docs/identity/enterprise-apps/migrate-adfs-represent-security-policies.md
index b9ef9fd4d0a..90f188b2632 100644
--- a/docs/identity/enterprise-apps/migrate-adfs-represent-security-policies.md
+++ b/docs/identity/enterprise-apps/migrate-adfs-represent-security-policies.md
@@ -37,8 +37,6 @@ This maps to Microsoft Entra ID in one of the following ways:
 
 1. Set **Assignment required** to **No**.
 
-   :::image type="content" source="media/migrate-adfs-represent-security-policies/permit-access-to-all-users-2.png" alt-text="Screenshot shows how to edit access control policy for SaaS apps.":::
-
     > [!Note]
     > Setting **Assignment required** to **Yes** requires that users are assigned to the application to gain access. When set to **No**, all users have access. This switch doesn't control what users see in the **My Apps** experience.
 
diff --git a/docs/identity/enterprise-apps/migrate-applications-from-okta.md b/docs/identity/enterprise-apps/migrate-applications-from-okta.md
index e7585682ab9..da929b9fb5d 100644
--- a/docs/identity/enterprise-apps/migrate-applications-from-okta.md
+++ b/docs/identity/enterprise-apps/migrate-applications-from-okta.md
@@ -49,8 +49,6 @@ To create an application inventory:
 
 5. In the Postman app, in the workspace, select **Import**.
 
-    ![Screenshot of the Import option on Postman.](media/migrate-applications-from-okta/import-api.png)
-
 6. On the **Import** page, select **Link**. To import the API, insert the following link:
 
 `https://developer.okta.com/docs/api/postman/example.oktapreview.com.environment`
@@ -99,8 +97,6 @@ To migrate a SAML 2.0 application to Microsoft Entra ID, configure the applicati
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator). 
 2. Browse to **Identity** > **Applications** > **Enterprise applications** > **All applications**, then select **New application**.
 
-    ![Screenshot of the New Application option on All applications.](media/migrate-applications-from-okta/list-of-new-applications.png)
-
 3. In **Microsoft Entra Gallery**, search for **Salesforce**, select the application, and then select **Create**.
 
     ![Screenshot of applications in the Microsoft Entra Gallery.](media/migrate-applications-from-okta/salesforce-application.png)
diff --git a/docs/identity/enterprise-apps/overview-application-gallery.md b/docs/identity/enterprise-apps/overview-application-gallery.md
index 476ebfee50b..231c2227b06 100644
--- a/docs/identity/enterprise-apps/overview-application-gallery.md
+++ b/docs/identity/enterprise-apps/overview-application-gallery.md
@@ -20,8 +20,6 @@ The Microsoft Entra application gallery is a collection of software as a service
 
 To find the gallery when signed into your tenant, browse to **Identity** > **Applications** > **Enterprise applications** > **All applications** > **New application**.
 
-:::image type="content" source="media/overview-application-gallery/enterprise-applications.png" alt-text="Screenshot showing the Microsoft Entra application gallery pane in the [Microsoft Entra admin center](https://entra.microsoft.com).":::
-
 The applications available from the gallery follow the SaaS model that allows users to connect to and use cloud-based applications over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365).
 
 The following are benefits of using applications available in the gallery:
diff --git a/docs/identity/enterprise-apps/review-admin-consent-requests.md b/docs/identity/enterprise-apps/review-admin-consent-requests.md
index bf3444d3518..5a2fd1063de 100644
--- a/docs/identity/enterprise-apps/review-admin-consent-requests.md
+++ b/docs/identity/enterprise-apps/review-admin-consent-requests.md
@@ -40,10 +40,7 @@ To review the admin consent requests and take action:
 1. Review details about the request:
    - To see what permissions are being requested by the application, select **Review permissions and consent**.
    - To view the application details, select the **App details** tab.
-   - To see who is requesting access and why, select the **Requested by** tab.
-   
-   :::image type="content" source="media/configure-admin-consent-workflow/review-consent-requests.png" alt-text="Screenshot of the admin consent requests in the portal." lightbox="media/configure-admin-consent-workflow/review-consent-requests.png":::
-   
+   - To see who is requesting access and why, select the **Requested by** tab.  
 1. Evaluate the request and take the appropriate action:
    - **Approve the request**. To approve a request, grant admin consent to the application. Once a request is approved, all requestors are notified that their request for access is granted. Approving a request allows all users in your tenant to access the application unless otherwise restricted with user assignment. 
    - **Deny the request**. To deny a request, you must provide a justification that is provided to all requestors. Once a request is denied, all requestors are notified that their request for access is denied. Denying a request won't prevent users from requesting admin consent to the application again in the future.  
diff --git a/docs/identity/monitoring-health/concept-activity-log-schemas.md b/docs/identity/monitoring-health/concept-activity-log-schemas.md
new file mode 100644
index 00000000000..6d2944af2ac
--- /dev/null
+++ b/docs/identity/monitoring-health/concept-activity-log-schemas.md
@@ -0,0 +1,86 @@
+---
+title: Learn about the monitoring and health activity log schemas
+description: Learn how to interpret the details found in the Microsoft Entra audit and sign-in and logs schema.
+
+author: shlipsey3
+manager: amycolannino
+ms.service: entra-id
+ms.topic: conceptual
+ms.subservice: monitoring-health
+ms.date: 09/30/2024
+ms.author: sarahlipsey
+ms.reviewer: egreenberg
+
+# Customer intent: As an IT admin, I want to understand the schema of the Microsoft Entra audit and sign-in logs so that I can interpret the data in the logs and use it to monitor and troubleshoot my organization's identity and access management.
+---
+
+# Microsoft Entra activity logs schema
+
+This article describes the information contained in the Microsoft Entra activity logs and how that schema is used by other services. This article covers the schemas from the Microsoft Entra admin center and Microsoft Graph. Descriptions of some key fields are provided.
+
+## Prerequisites
+
+- For license and role requirements, see [Microsoft Entra monitoring and health licensing](../../fundamentals/licensing.md#microsoft-entra-monitoring-and-health).
+- The option to download logs is available in all editions of Microsoft Entra ID.
+- Downloading logs programmatically with Microsoft Graph requires a [premium license](../../fundamentals/licensing.md#microsoft-entra-monitoring-and-health).
+- **Reports Reader** is the least privileged role required to view Microsoft Entra activity logs.
+- Audit logs are available for features that you've licensed.
+- The results of a downloaded log might show `hidden` for some properties if you don't have the required license.
+
+## What is a log schema?
+
+Microsoft Entra monitoring and health offer logs, reports, and monitoring tools that can be integrated with Azure Monitor, Microsoft Sentinel, and other services. These services need to map the properties of the logs to their service's configurations. The schema is the map of the properties, the possible values, and how they're used by the service. Understanding the log schema is helpful for effective troubleshooting and data interpretation.
+
+Microsoft Graph is the primary way to access Microsoft Entra logs programmatically. The response for a Microsoft Graph call is in JSON format and includes the properties and values of the log. The schema of the logs is defined in the [Microsoft Graph documentation](/graph/api/overview?view=graph-rest-1.0&preserve-view=true).
+
+There are two endpoints for the Microsoft Graph API. The V1.0 endpoint is the most stable and is commonly used for production environments. The beta version often contains more properties, but they're subject to change. For this reason, we don't recommend using the beta version of the schema in production environments.
+
+Microsoft Entra customer can configure activity log streams to be sent to Azure Monitor storage accounts. This integration enables Security Information and Event Management (SIEM) connectivity, long-term storage, and improved querying capabilities with Log Analytics. The log schemas for Azure Monitor might differ from the Microsoft Graph schemas.
+
+For full details on these schemas, see the following articles:
+
+- [Azure Monitor audit logs](/azure/azure-monitor/reference/tables/auditlogs)
+- [Azure Monitor sign-in logs](/azure/azure-monitor/reference/tables/signinlogs)
+- [Azure Monitor provisioning logs](/azure/azure-monitor/reference/tables/aadprovisioninglogs)
+- [Microsoft Graph audit logs](/graph/api/resources/directoryaudit?view=graph-rest-1.0&preserve-view=true)
+- [Microsoft Graph sign-in logs](/graph/api/resources/signin?view=graph-rest-1.0&preserve-view=true)
+- [Microsoft Graph provisioning logs](/graph/api/resources/provisioningobjectsummary?view=graph-rest-1.0&preserve-view=true)
+
+## How to interpret the schema
+
+When looking up the definitions of a value, pay attention to the version you're using. There might be differences between the V1.0 and beta versions of the schema.
+
+### Values found in all log schemas
+
+Some values are common across all log schemas. 
+
+- `correlationId`: This unique ID helps correlate activities that span across various services and is used for troubleshooting. This value's presence in multiple logs doesn't indicate the ability to join logs across services.
+- `status` or `result`: This important value indicates the result of the activity. Possible values are: `success`, `failure`, `timeout`, `unknownFutureValue`.
+- Date and time: The date and time when the activity occurred is in Coordinated Universal Time (UTC).
+- Some reporting features require a Microsoft Entra ID P2 license. If you don't have the correct licenses, the value `hidden` is returned.
+
+### Audit logs
+
+- `activityDisplayName`: Indicates the activity name or the operation name (examples: "Create User" and "Add member to group"). For more information, see [Audit log activities](reference-audit-activities.md).
+- `category`: Indicates which resource category that's targeted by the activity. For example: `UserManagement`, `GroupManagement`, `ApplicationManagement`, `RoleManagement`. For more information, see [Audit log activities](reference-audit-activities.md).
+- `initiatedBy`: Indicates information about the user or app that initiated the activity.
+- `targetResources`: Provides information on which resource was changed. Possible values include `User`, `Device`, `Directory`, `App`, `Role`, `Group`, `Policy` or `Other`.
+
+### Sign-in logs
+
+- ID values: There are unique identifiers for users, tenants, applications, and resources. Examples include:
+    - `resourceId`: The *resource* that the user signed into.
+    - `resourceTenantId`: The tenant that owns the *resource* being accessed. Might be the same as the `homeTenantId`.
+    - `homeTenantId`: The tenant that owns the user *account* that is signing in.
+- Risk details: Provides the reason behind a specific state of a risky user, sign-in, or risk detection.
+    - `riskState`: Reports status of the risky user, sign-in, or a risk event.
+    - `riskDetail`: Provides the reason behind a specific state of a risky user, sign-in, or risk detection. The value `none` means that no action has been performed on the user or sign-in so far.
+    - `riskEventTypes_v2`: Risk detection types associated with the sign-in.
+    - `riskLevelAggregated`: Aggregated risk level. The value `hidden` means the user or sign-in wasn't enabled for Microsoft Entra ID Protection.
+- `crossTenantAccessType`: Describes the type of cross-tenant access used to access the resource. For example, B2B, Microsoft Support, and passthrough sign-ins are captured here.
+- `status`: The sign-in status that includes the error code and description of the error (if a sign-in failure occurs).
+
+### Applied Conditional Access policies
+
+The `appliedConditionalAccessPolicies` subsection lists the Conditional Access policies related to that sign-in event. The section is called *applied* Conditional Access policies; however, policies that were *not* applied also appear in this section. A separate entry is created for each policy. For more information, see [conditionalAccessPolicy resource type](/graph/api/resources/conditionalaccesspolicy?view=graph-rest-1.0&preserve-view=true).
+
diff --git a/docs/identity/monitoring-health/reference-azure-monitor-sign-ins-log-schema.md b/docs/identity/monitoring-health/reference-azure-monitor-sign-ins-log-schema.md
deleted file mode 100644
index 6b5b5bbe893..00000000000
--- a/docs/identity/monitoring-health/reference-azure-monitor-sign-ins-log-schema.md
+++ /dev/null
@@ -1,222 +0,0 @@
----
-title: Sign-in log schema in Azure Monitor
-description: Describe the Microsoft Entra sign-in log schema for use in Azure Monitor
-
-author: shlipsey3
-manager: amycolannino
-ms.service: entra-id
-ms.topic: reference
-ms.subservice: monitoring-health
-ms.date: 10/31/2022
-ms.author: sarahlipsey
-ms.reviewer: besiler
-
-ms.collection: M365-identity-device-management
----
-
-# Interpret the Microsoft Entra sign-in logs schema in Azure Monitor
-
-This article describes the Microsoft Entra sign-in log schema in Azure Monitor. Information related to sign-ins is provided under the *Properties* attribute of the `records` object.
-
-
-```json
-{
-  "time": "2019-03-12T16:02:15.5522137Z",
-  "resourceId": "/tenants/<TENANT ID>/providers/Microsoft.aadiam",
-  "operationName": "Sign-in activity",
-  "operationVersion": "1.0",
-  "category": "SignInLogs",
-  "tenantId": "<TENANT ID>",
-  "resultType": "50140",
-  "resultSignature": "None",
-  "resultDescription": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.",
-  "durationMs": 0,
-  "callerIpAddress": "<CALLER IP ADDRESS>",
-  "correlationId": "aaaa0000-bb11-2222-33cc-444444dddddd",
-  "identity": "Timothy Perkins",
-  "Level": 4,
-  "location": "US",
-  "properties": 
-       {
-    "id": "0231f922-93fa-4005-bb11-b344eca03c01",
-    "createdDateTime": "2019-03-12T16:02:15.5522137+00:00",
-    "userDisplayName": "Timothy Perkins",
-    "userPrincipalName": "<USER PRINCIPAL NAME>",
-    "userId": "<USER ID>",
-    "appId": "<APPLICATION ID>",
-    "appDisplayName": "Azure Portal",
-    "ipAddress": "<IP ADDRESS>",
-    "status": {
-      "errorCode": 50140,
-      "failureReason": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in."
-    },
-    "clientAppUsed": "Browser",
-    "userAgent": "<USER AGENT>",
-    "deviceDetail":
-   {
-     "deviceId": "8bfcb982-6856-4402-924c-ada2486321cc",
-     "operatingSystem": "Windows 10",
-     "browser": "Chrome 72.0.3626"
-     },
-    "location":
-    {
-      "city": "Bellevue",
-      "state": "Washington",
-      "countryOrRegion": "US",
-      "geoCoordinates": 
-     {
-        "latitude": 45,
-        "longitude": 122
-      }
-    },
-    "correlationId": "bbbb1111-cc22-3333-44dd-555555eeeeee",
-    "conditionalAccessStatus": "notApplied",
-    "appliedConditionalAccessPolicies": [
-      {
-        "id": "ae11ffaa-9879-44e0-972c-7538fd5c4d1a",
-        "displayName": "HR app access policy",
-        "enforcedGrantControls": [
-          "Mfa"
-        ],
-        "enforcedSessionControls": [],
-        "result": "notApplied",
-        "conditionsSatisfied": 0,
-        "conditionsNotSatisfied": 0
-      },
-      {
-        "id": "b915a70b-2eee-47b6-85b6-ff4f4a66256d",
-        "displayName": "MFA for all but global support access",
-        "enforcedGrantControls": [],
-        "enforcedSessionControls": [],
-        "result": "notEnabled",
-        "conditionsSatisfied": 0,
-        "conditionsNotSatisfied": 0
-      },
-      {
-        "id": "830f27fa-67a8-461f-8791-635b7225caf1",
-        "displayName": "Header Based Application Control",
-        "enforcedGrantControls": [
-          "Mfa"
-        ],
-        "enforcedSessionControls": [],
-        "result": "notApplied",
-        "conditionsSatisfied": 0,
-        "conditionsNotSatisfied": 0
-      },
-      {
-        "id": "8ed8d7f7-0a2e-437b-b512-9e47bed562e6",
-        "displayName": "MFA for everyones",
-        "enforcedGrantControls": [],
-        "enforcedSessionControls": [],
-        "result": "notEnabled",
-        "conditionsSatisfied": 0,
-        "conditionsNotSatisfied": 0
-      },
-      {
-        "id": "52924e0f-798b-4afd-8c42-49055c7d6395",
-        "displayName": "Device compliant",
-        "enforcedGrantControls": [],
-        "enforcedSessionControls": [],
-        "result": "notEnabled",
-        "conditionsSatisfied": 0,
-        "conditionsNotSatisfied": 0
-      }
-    ],
-    "originalRequestId": "f2f0a254-f831-43b9-bcb0-2646fb645c00",
-    "isInteractive": true,
-    "authenticationProcessingDetails": [
-      {
-        "key": "Login Hint Present",
-        "value": "True"
-      }
-    ],
-    "networkLocationDetails": [],
-    "processingTimeInMilliseconds": 238,
-    "riskDetail": "none",
-    "riskLevelAggregated": "none",
-    "riskLevelDuringSignIn": "none",
-    "riskState": "none",
-    "riskEventTypes": [],
-    "riskEventTypes_v2": [],
-    "resourceDisplayName": "Office 365 SharePoint Online",
-    "resourceId": "00000003-0000-0ff1-ce00-000000000000",
-    "resourceTenantId": "a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1",
-    "homeTenantId": "<USER HOME TENANT ID>",
-    "tokenIssuerName": "",
-    "tokenIssuerType": "AzureAD",
-    "authenticationDetails": [
-      {
-        "authenticationStepDateTime": "2019-03-12T16:02:15.5522137+00:00",
-        "authenticationMethod": "Previously satisfied",
-        "succeeded": true,
-        "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token",
-        "authenticationStepRequirement": "Primary authentication",
-        "StatusSequence": 0,
-        "RequestSequence": 0
-      },
-      {
-        "authenticationStepDateTime": "2021-08-12T15:48:12.8677211+00:00",
-        "authenticationMethod": "Previously satisfied",
-        "succeeded": true,
-        "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token",
-        "authenticationStepRequirement": "Multi-factor authentication"
-      }
-    ],
-    "authenticationRequirementPolicies": [
-      {
-        "requirementProvider": "multiConditionalAccess",
-        "detail": "Conditional Access"
-      }
-    ],
-    "authenticationRequirement": "multiFactorAuthentication",
-    "alternateSignInName": "<ALTERNATE SIGN IN>",
-    "signInIdentifier": "<SIGN IN IDENTIFIER>",
-    "servicePrincipalId": "",
-    "userType": "Member",
-    "flaggedForReview": false,
-    "isTenantRestricted": false,
-    "autonomousSystemNumber": 8000,
-    "crossTenantAccessType": "none",
-    "privateLinkDetails": {},
-    "ssoExtensionVersion": ""
-    }
-}
-
-```
-
-
-## Field descriptions
-
-| Field name | Key | Description |
-| --- | --- | --- | 
-| Time |  - | The date and time, in UTC. |
-| ResourceId | - | This value is unmapped, and you can safely ignore this field.  |
-| OperationName | - | For sign-ins, this value is always *Sign-in activity*. |
-| OperationVersion | - | The REST API version that's requested by the client. |
-| Category | - | For sign-ins, this value is always *SignIn*. | 
-| TenantId | - | The tenant GUID that's associated with the logs. |
-| ResultType | - | The result of the sign-in operation can be `0` for success or an *error code* for failure. | 
-| ResultSignature | - | This value is always *None*. |
-| ResultDescription | N/A or blank | Provides the error description for the sign-in operation. |
-| riskDetail | riskDetail | Provides the 'reason' behind a specific state of a risky user, sign-in or a risk detection. The possible values are: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `unknownFutureValue`. The value `none` means that no action has been performed on the user or sign-in so far. <br>**Note:** Details for this property require a Microsoft Entra ID P2 license. Other licenses return the value `hidden`. |
-| riskEventTypes | riskEventTypes | Risk detection types associated with the sign-in. The possible values are: `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`,  `generic`, and `unknownFutureValue`. |
-| authProcessingDetails	| Azure Active Directory Authentication Library | Contains Family, Library, and Platform information in format: "Family: Microsoft Authentication Library: ADAL.JS 1.0.0 Platform: JS" |
-| authProcessingDetails	| IsCAEToken | Values are True or False |
-| riskLevelAggregated | riskLevel | Aggregated risk level. The possible values are: `none`, `low`, `medium`, `high`, `hidden`, and `unknownFutureValue`. The value `hidden` means the user or sign-in wasn't enabled for Microsoft Entra ID Protection. **Note:** Details for this property are only available for Microsoft Entra ID P2 customers. All other customers will be returned `hidden`. |
-| riskLevelDuringSignIn | riskLevel | Risk level during sign-in. The possible values are: `none`, `low`, `medium`, `high`, `hidden`, and `unknownFutureValue`. The value `hidden` means the user or sign-in wasn't enabled for Microsoft Entra ID Protection. **Note:** Details for this property are only available for Microsoft Entra ID P2 customers. All other customers will be returned `hidden`. |
-| riskState | riskState | Reports status of the risky user, sign-in, or a risk detection. The possible values are: `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`. |
-| DurationMs | - | This value is unmapped, and you can safely ignore this field. |
-| CallerIpAddress | - | The IP address of the client that made the request. | 
-| CorrelationId | - | The optional GUID that's passed by the client. This value can help correlate client-side operations with server-side operations, and it's useful when you're tracking logs that span services. |
-| Identity | - | The identity from the token that was presented when you made the request. It can be a user account, system account, or service principal. |
-| Level | - | Provides the type of message. For audit, it's always *Informational*. |
-| Location | - | Provides the location of the sign-in activity. |
-| Properties | - | Lists all the properties that are associated with sign-ins.|
-| ResultType | - | Contains the Microsoft Entra error code for the sign-in event (if an error code was present).|
-
-
-
-## Next steps
-
-* [Interpret audit logs schema in Azure Monitor](./overview-monitoring-health.md)
-* [Read more about Azure platform logs](/azure/azure-monitor/essentials/platform-logs-overview)
diff --git a/docs/identity/monitoring-health/toc.yml b/docs/identity/monitoring-health/toc.yml
index afd34bc3c66..fde3c591a59 100644
--- a/docs/identity/monitoring-health/toc.yml
+++ b/docs/identity/monitoring-health/toc.yml
@@ -37,6 +37,8 @@ items:
       href: concept-flagged-sign-ins.md
     - name: Microsoft Graph activity logs
       href: /graph/microsoft-graph-activity-logs-overview?toc=/entra/identity/monitoring-health/toc.json&bc=/entra/identity/monitoring-health/breadcrumb/TOC.json
+    - name: Activity log schemas
+      href: concept-activity-log-schemas.md
   - name: How-to guides 
     expanded: true
     items:
@@ -166,30 +168,28 @@ items:
 - name: Reference
   expanded: false
   items:
-  - name: SLA performance for Microsoft Entra ID
-    href: reference-sla-performance.md
-  - name: Audit activities
+  - name: Audit log activities
     href: reference-audit-activities.md
   - name: Data retention policies
     href: reference-reports-data-retention.md
   - name: Log latency
     href: reference-log-latency.md
+  - name: Microsoft Graph PowerShell cmdlets
+    href: reference-powershell-reporting.md
+  - name: SLA performance for Microsoft Entra ID
+    href: reference-sla-performance.md
   - name: FAQs
     href: reports-faq.yml
-  - name: Microsoft Graph
+  - name: Microsoft Graph APIs
     expanded: false
     items:
-    - name: Application credential activity API reference
+    - name: appCredentialSignInActivity
       href: /graph/api/resources/appcredentialsigninactivity
-    - name: Application sign-in activity API reference
-      href: /graph/api/resources/serviceprincipalsigninactivity
-    - name: Audit logs API reference
+    - name: directoryAudit
       href: /graph/api/resources/directoryaudit
-    - name: Microsoft Graph PowerShell cmdlets
-      href: reference-powershell-reporting.md
-    - name: Recommendations API reference
+    - name: recommendation
       href: /graph/api/resources/recommendations-api-overview
-    - name: Sign-in logs API reference
-      href: /graph/api/resources/signin
-    - name: Sign-in log schema
-      href: reference-azure-monitor-sign-ins-log-schema.md
\ No newline at end of file
+    - name: servicePrincipalSignInActivity
+      href: /graph/api/resources/serviceprincipalsigninactivity
+    - name: signIn
+      href: /graph/api/resources/signin
\ No newline at end of file
diff --git a/docs/includes/privileged-role-feature-include.md b/docs/includes/privileged-role-feature-include.md
new file mode 100644
index 00000000000..ab56b1dabab
--- /dev/null
+++ b/docs/includes/privileged-role-feature-include.md
@@ -0,0 +1,13 @@
+---
+title: Include file for privileged role needed for feature
+description: include file
+author: justinha
+manager: amycolannino
+ms.service: entra-id
+ms.topic: include
+ms.date: 10/03/2024
+ms.author: justinha
+ms.custom: include file
+---
+
+A [Global Administrator](~/identity/role-based-access-control/permissions-reference.md#global-administrator) is needed to manage this feature. 
\ No newline at end of file
diff --git a/docs/includes/privileged-role-include.md b/docs/includes/privileged-role-include.md
new file mode 100644
index 00000000000..6f02e8182a1
--- /dev/null
+++ b/docs/includes/privileged-role-include.md
@@ -0,0 +1,13 @@
+---
+title: Include file for privileged role in the first step
+description: include file
+author: justinha
+manager: amycolannino
+ms.service: entra-id
+ms.topic: include
+ms.date: 10/03/2024
+ms.author: justinha
+ms.custom: include file
+---
+
+Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a [Global Administrator](~/identity/role-based-access-control/permissions-reference.md#global-administrator).
\ No newline at end of file