Merge pull request #5443 from MicrosoftDocs/main

10/4/2024 PM Publish
MicrosoftDocs · Oct 4, 2024 · 692e553 · 692e553
2 parents 45494a8 + 8b60ffe
commit 692e553
Show file tree

Hide file tree

Showing 20 changed files with 242 additions and 180 deletions.
diff --git a/.docutune/dictionaries/known-guids.json b/.docutune/dictionaries/known-guids.json
@@ -3348,5 +3348,7 @@
   "Business Central Business Foundation": "f3552374-a1f2-4356-848e-196002525837",
   "Change password": "AB721A53-1E2F-11D0-9819-00AA0040529B",
   "ID of the Prevhost.exe surrogate host GUID" : "6d2b5079-2f0b-48dd-ab7f-97cec514d30b",
-  "32-bit preview handlers GUID" : "534A1E02-D58F-44f0-B58B-36CBED287C7C"
+  "32-bit preview handlers GUID" : "534A1E02-D58F-44f0-B58B-36CBED287C7C",
+  "Business Central Test Toolkit - Library Assert" : "dd0be2ea-f733-4d65-bb34-a28f4624fb14",
+  "Business Central Test Toolkit - Test Libraries" : "5d86850b-0d76-4eca-bd7b-951ad998e997"
 }
diff --git a/docs/fundamentals/how-to-rename-azure-ad.yml b/docs/fundamentals/how-to-rename-azure-ad.yml
@@ -7,7 +7,7 @@ metadata:
   ms.author: celested
   manager: CelesteDG
   ms.reviewer: nicholepet
-  ms.date: 05/31/2024
+  ms.date: 10/04/2024
   ms.service: entra
   ms.subservice: fundamentals
   ms.topic: how-to
@@ -229,6 +229,7 @@ procedureSection:
           @{ Key = 'Azure AD group'; Value = 'Microsoft Entra group' },
           @{ Key = 'Azure AD login'; Value = 'Microsoft Entra login' },
           @{ Key = 'Azure AD managed'; Value = 'Microsoft Entra managed' },
+          @{ Key = 'Azure AD managed identities'; Value = 'Managed identities for Azure resources' },
           @{ Key = 'Azure AD entitlement'; Value = 'Microsoft Entra entitlement' },
           @{ Key = 'Azure AD access review'; Value = 'Microsoft Entra access review' },
           @{ Key = 'Azure AD Identity Protection'; Value = 'Microsoft Entra ID Protection' },

diff --git a/docs/fundamentals/new-name.md b/docs/fundamentals/new-name.md
@@ -6,7 +6,7 @@ manager: CelesteDG
 ms.service: entra
 ms.subservice: fundamentals
 ms.topic: concept-article
-ms.date: 03/05/2024
+ms.date: 10/04/2024
 ms.author: celested
 ms.reviewer: nicholepet
 
@@ -205,7 +205,7 @@ Only official product names are capitalized, plus Conditional Access and My * ap
 
 |  **Category**           | **Old terminology** | **Correct name as of July 2023** |
 |-------------------------|---------------------|----------------------------------|
-| **Microsoft Entra product family** | Microsoft Azure Active Directory<br/> Azure Active Directory<br/> Azure Active Directory (Azure AD)<br/> Azure AD<br/> AAD | Microsoft Entra ID<br/> (Second use: Microsoft Entra ID is preferred, ID is acceptable in product/UI experiences, ME-ID if abbreviation is necessary) |
+| **Microsoft Entra product family** | Microsoft Azure Active Directory<br/> Azure Active Directory<br/> Azure Active Directory (Azure AD)<br/> Azure AD<br/> AAD | Microsoft Entra ID<br/> (Second use: Microsoft Entra ID is preferred, Entra ID should be used sparingly and only when space is truly limited) <br/><br/>Acronym usage isn't encouraged, but if you must replace AAD with an acronym due to space limitations, use ME-ID. |
 |       | Azure Active Directory External Identities<br/> Azure AD External Identities | Microsoft Entra External ID<br/> (Second use: External ID) |
 |       | Azure Active Directory Identity Governance<br/> Azure AD Identity Governance<br/> Microsoft Entra Identity Governance | Microsoft Entra ID Governance<br/> (Second use: ID Governance) |
 |       | *New* | Microsoft Entra Internet Access<br/> (Second use: Internet Access) |

diff --git a/docs/id-governance/scenarios/automate-identity-lifecycle.md b/docs/id-governance/scenarios/automate-identity-lifecycle.md
@@ -1,10 +1,11 @@
 ---
 title: 'Automate identity lifecycle management with Microsoft Entra ID Governance'
 description: Describes overview of identity lifecycle management for Microsoft Entra ID Governance.
-services: active-directory
+ms.service: entra-id
+ms.subservice: hybrid-cloud-sync
 author: billmath
 manager: amycolannino
-ms.service: active-directory
+
 ms.workload: identity
 ms.topic: overview
 ms.date: 02/28/2024

diff --git a/docs/id-governance/scenarios/deploy-sap-netweaver.md b/docs/id-governance/scenarios/deploy-sap-netweaver.md
@@ -1,12 +1,11 @@
 ---
 title: 'Deploy SAP NetWeaver AS ABAP 7'
 description: This article describes how to set up a lab environment with SAP ECC for testing.
-services: active-directory
-documentationcenter: ''
+ms.service: entra-id
+ms.subservice: app-provisioning
 author: billmath
 manager: amycolannino
-editor: ''
-ms.service: active-directory
+
 ms.topic: conceptual
 ms.date: 07/28/2023
 ms.author: billmath

diff --git a/docs/id-governance/scenarios/identity-governance-use-cases.md b/docs/id-governance/scenarios/identity-governance-use-cases.md
@@ -1,12 +1,12 @@
 ---
 title: 'Microsoft Entra ID Governance use cases'
 description: This article describes use cases Microsoft Entra ID Governance.
-services: active-directory
-documentationcenter: ''
+ms.service: entra-id-governance
+
 author: billmath
 manager: amycolannino
-editor: ''
-ms.service: active-directory
+
+
 ms.topic: conceptual
 ms.date: 02/28/2024
 ms.author: billmath

diff --git a/docs/id-governance/scenarios/least-privileged.md b/docs/id-governance/scenarios/least-privileged.md
@@ -1,12 +1,13 @@
 ---
 title: 'Understanding least privilege with Microsoft Entra ID Governance'
 description: This article describes the concept of least privilege and how it relates with Microsoft Entra ID Governance.
-services: active-directory
-documentationcenter: ''
+ms.service: entra-id
+ms.subservice: app-provisioning
+
 author: billmath
 manager: amycolannino
-editor: ''
-ms.service: active-directory
+
+
 ms.topic: conceptual
 ms.date: 07/28/2023
 ms.author: billmath

diff --git a/docs/id-governance/scenarios/sap-template.md b/docs/id-governance/scenarios/sap-template.md
@@ -1,12 +1,13 @@
 ---
 title: 'Author SAP ECC 7 Template for ECMA2Host'
 description: This article describes how to create a template for the Web Service ECMA connector to manage SAP ECC users. 
-services: active-directory
+ms.service: entra-id
+ms.subservice: app-provisioning
 documentationcenter: ''
 author: billmath
 manager: amycolannino
 editor: ''
-ms.service: active-directory
+
 ms.topic: conceptual
 ms.date: 07/28/2023
 ms.author: billmath

diff --git a/docs/identity-platform/includes/native-auth-api/native-auth-challenge-type.md b/docs/identity-platform/includes/native-auth-api/native-auth-challenge-type.md
@@ -1,7 +1,7 @@
 ---
 author: kengaderdus
-ms.service: active-directory
-ms.subservice: ciam
+ms.service: entra-external-id 
+ms.subservice: customers
 ms.topic: include
 ms.date: 03/12/2024
 ms.author: kengaderdus

diff --git a/docs/identity/authentication/concept-authentication-methods-manage.md b/docs/identity/authentication/concept-authentication-methods-manage.md
@@ -5,7 +5,7 @@ description: Learn about the authentication methods policy and different ways to
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 10/03/2024
+ms.date: 10/04/2024
 
 ms.author: justinha
 author: justinha
@@ -72,10 +72,16 @@ Similarly, let's suppose you enable **Voice calls** for a group. After you enabl
 
 ## Migration between policies 
 
-The Authentication methods policy provides a migration path toward unified administration of all authentication methods. All desired methods can be enabled in the Authentication methods policy, assuming it has been defined the user groups required for each Authentication Method policy (unless it applies to All Users). After this user groups management activity, methods in the legacy MFA and SSPR policies can be disabled. Migration has three settings to let you move at your own pace, and avoid problems with sign-in or SSPR during the transition. After migration is complete, you'll centralize control over authentication methods for both sign-in and SSPR in a single place, and the legacy MFA and SSPR policies will be disabled.
+The Authentication methods policy provides a migration guide to help unify administration of all authentication methods. All desired methods can be enabled in the Authentication methods policy if the policy targets intended user groups, or all users. The authentication methods migration guide automates the steps to audit your current policy settings for MFA and SSPR, and consolidate them in the Authentication methods policy. You can access the guide from the [Microsoft Entra admin center](https://entra.microsoft.com) by browsing to **Protection** > **Authentication methods** > **Policies**.
+
+:::image type="content" border="false" source="media/how-to-authentication-methods-manage/wizard-entry-point.png" alt-text="Screenshot of the Authentication methods policy blade with highlighted wizard entry point."
+
+You can also migrate policy settings manually. The migration has three settings to let you move at your own pace, and avoid problems with sign-in or SSPR during the transition. 
+
+After migration is complete, methods in the legacy MFA and SSPR policies can be disabled. You can centralize control over authentication methods for both sign-in and SSPR in a single place, and the legacy MFA and SSPR policies will be disabled.
 
 >[!Note]
->Security questions can only be enabled today by using the legacy SSPR policy. In the future, it will be made available in the Authentication methods policy. If you're using security questions, and don't want to disable them, make sure to keep them enabled in the legacy SSPR policy until the new control is available in the future. You can migrate the remainder of your authentication methods and still manage security questions in the legacy SSPR policy.
+>Security questions can only be enabled today by using the legacy SSPR policy. If you're using security questions, and don't want to disable them, make sure to keep them enabled in the legacy SSPR policy until a migration control is available. You can migrate the remainder of your authentication methods and still manage security questions in the legacy SSPR policy.
 
 To view the migration options, open the Authentication methods policy and click **Manage migration**.
 

diff --git a/docs/identity/authentication/how-to-authentication-methods-manage.md b/docs/identity/authentication/how-to-authentication-methods-manage.md
@@ -7,6 +7,7 @@ ms.subservice: authentication
 ms.topic: conceptual
 ms.date: 10/04/2024
 
+
 ms.author: justinha
 author: justinha
 ms.reviewer: jpettere
@@ -15,13 +16,41 @@ manager: amycolannino
 ---
 # How to migrate MFA and SSPR policy settings to the Authentication methods policy for Microsoft Entra ID 
 
-You can migrate Microsoft Entra ID [legacy policy settings](concept-authentication-methods-manage.md#legacy-mfa-and-sspr-policies) that separately control multifactor authentication and self-service password reset (SSPR) to unified management with the [Authentication methods policy](./concept-authentication-methods-manage.md). 
+You can migrate Microsoft Entra ID [legacy policy settings](concept-authentication-methods-manage.md#legacy-mfa-and-sspr-policies) that separately control multifactor authentication (MFA) and self-service password reset (SSPR) to unified management with the [Authentication methods policy](./concept-authentication-methods-manage.md). 
+
+You can use the authentication methods migration guide (preview) in the Microsoft Entra admin center to automate the migration. The guide provides a wizard to help audit your current policy settings for MFA and SSPR. Then it consolidates those settings in the Authentication methods policy, where they can be managed together more easily.
 
-You migrate policy settings on your own schedule, and the process is fully reversible. You can continue to use tenant-wide MFA and SSPR policies while you configure authentication methods more precisely for users and groups in the Authentication methods policy. You complete the migration whenever you're ready to manage all authentication methods together in the Authentication methods policy.
+You can also migrate policy settings manually on your own schedule. The migration process is fully reversible. You can continue to use tenant-wide MFA and SSPR policies while you configure authentication methods more precisely for users and groups in the Authentication methods policy. 
 
 For more information about how these policies work together during migration, see [Manage authentication methods for Microsoft Entra ID](concept-authentication-methods-manage.md).
 
-## Before you begin
+## Automated migration guide
+The automated migration guide lets you migrate where you manage authentication methods in just a few clicks. It can be accessed from the [Microsoft Entra admin center](https://entra.microsoft.com) by browsing to **Protection** > **Authentication methods** > **Policies**.
+
+:::image type="content" border="false" source="media/how-to-authentication-methods-manage/wizard-entry-point.png" alt-text="Screenshot of the Authentication methods policy blade with highlighted wizard entry point."
+
+The first page of the wizard explains what it is and how it works. It also provides links to each of the legacy policies for your reference. 
+
+:::image type="content" border="false" source="media/how-to-authentication-methods-manage/wizard-first-page.png" alt-text="Screenshot of the Authentication methods policy blade with highlighted wizard first page."
+
+
+The wizard then configures the Authentication method policy based on what your organization currently has enabled in the legacy MFA and SSPR policies. 
+If a method is enabled in either legacy policy, the recommendation is to also enable it in the Authentication method policy. 
+With that configuration, users can continue to sign in and reset their password by using the same method they used previously. 
+
+In addition, we recommend you enable the latest modern, secure methods like passkeys, Temporary Access Pass, and Microsoft Authenticator to help improve your organizations security posture. 
+To edit the recommended configuration, select the pencil icon next to each method. 
+
+:::image type="content" border="false" source="media/how-to-authentication-methods-manage/wizard-second-page.png" alt-text="Screenshot of the Authentication methods policy blade with highlighted wizard second page."
+
+Once you're happy with the configuration, select **Migrate**, and then confirm the migration. 
+The Authentication methods policy gets updated to match the configuration specified in the wizard. 
+Authentication methods in the legacy MFA and SSPR policies become grayed out and no longer apply. 
+
+Your migration status will be updated to **Migration Complete**. 
+You can change this status back to **In Progress** anytime to re-enable methods in the legacy policies if needed.
+
+## Manual migration
 
 Begin by doing an audit of your existing policy settings for each authentication method that's available for users. If you roll back during migration, you might want a record of the authentication method settings from each of these policies:
 

diff --git a/docs/identity/authentication/how-to-certificate-based-authentication.md b/docs/identity/authentication/how-to-certificate-based-authentication.md
@@ -5,7 +5,7 @@ description: Topic that shows how to configure Microsoft Entra certificate-based
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 09/17/2023
+ms.date: 10/04/2024
 
 ms.author: justinha
 author: vimrang
@@ -47,7 +47,9 @@ Make sure that the following prerequisites are in place:
 
 ## Steps to configure and test Microsoft Entra CBA
 
-Some configuration steps to be done before you enable Microsoft Entra CBA. First, an admin must configure the trusted CAs that issue user certificates. As seen in the following diagram, we use role-based access control to make sure only least-privileged administrators are needed to make changes. Only the [Global Administrator](../role-based-access-control/permissions-reference.md#global-administrator) role can configure the CA.
+Some configuration steps to be done before you enable Microsoft Entra CBA. First, an admin must configure the trusted CAs that issue user certificates. As seen in the following diagram, we use role-based access control to make sure only least-privileged administrators are needed to make changes. 
+
+[!INCLUDE [Privileged role feature](~/includes/privileged-role-feature-include.md)]
 
 Optionally, you can also configure authentication bindings to map certificates to single-factor or multifactor authentication, and configure username bindings to map the certificate field to an attribute of the user object. [Authentication Policy Administrators](../role-based-access-control/permissions-reference.md#authentication-policy-administrator) can configure user-related settings. Once all the configurations are complete, enable Microsoft Entra CBA on the tenant. 
 
@@ -61,7 +63,7 @@ You can configure certificate authorities(CAs) by using the Microsoft Entra admi
 
 To enable the certificate-based authentication and configure user bindings in the Microsoft Entra admin center, complete the following steps:
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a [Global Administrator](~/identity/role-based-access-control/permissions-reference.md#global-administrator).
+1. [!INCLUDE [Privileged role](~/includes/privileged-role-include.md)]
 1. Browse to **Protection** > **Show more** > **Security Center** (or **Identity Secure Score**) > **Certificate authorities**.
 1. To upload a CA, select **Upload**: 
    1. Select the CA file.
@@ -76,7 +78,8 @@ To enable the certificate-based authentication and configure user bindings in th
 1. Select **Columns** to add or delete columns.
 
 >[!NOTE]
->Upload of a new CA fails if any existing CA expired. A Global Administrator should delete any expired CA, and retry to upload the new CA.
+>Upload of a new CA fails if any existing CA expired. You should delete any expired CA, and retry to upload the new CA.
+>[!INCLUDE [Privileged role feature](~/includes/privileged-role-feature-include.md)]
 
 ### Configure certificate authorities (CA) using PowerShell