Merge pull request #6476 from MicrosoftDocs/main

1/6/2025 PM Publish

docs/fundamentals/whats-new.md

@@ -45,9 +45,7 @@ What's new in Microsoft Entra offers a comprehensive view of Microsoft Entra pro
 **Service category:** Provisioning    
 **Product capability:** Directory    
 
-To prepare for an upcoming security hardening, Microsoft will deploy a dedicated first-party application to enable the synchronization between Active Directory and Microsoft Entra ID. This new application will manifest as a first party service principal called the "Microsoft Entra AD Synchronization Service" (Application ID: 6bf85cfa-ac8a-4be5-b5de-425a0d0dc016), and will be visible in the Enterprise Applications experience within the Microsoft Entra Admin Center. This application is critical for the continued operation of their on-premises to Microsoft Entra ID synchronization functionality (through Microsoft Entra Connect Sync or Microsoft Entra Cloud Sync).
-
-In the upcoming release(s), Microsoft will share more information and guidance on upgrading to a new version of Microsoft Entra Connect that will use this first party application to synchronize between Active Directory and Microsoft Entra ID.
+As part of ongoing security hardening, Microsoft deployed Microsoft Entra AD Synchronization Service, a dedicated first-party application to enable the synchronization between Active Directory and Microsoft Entra ID. This new application, with Application Id 6bf85cfa-ac8a-4be5-b5de-425a0d0dc016, was provisioned in customer tenants that use Microsoft Entra Connect Sync or the Microsoft Entra Cloud Sync service. 
 
 ---
 

docs/identity/authentication/concept-certificate-based-authentication.md

@@ -5,7 +5,7 @@ description: Learn about Microsoft Entra certificate-based authentication withou
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 01/03/2024
+ms.date: 01/06/2025
 
 ms.author: justinha
 author: vimrang

docs/identity/authentication/concept-fido2-compatibility.md

@@ -5,7 +5,7 @@ description: Web browser and native app support for FIDO2 passwordless authentic
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 12/18/2024
+ms.date: 01/06/2025
 
 author: justinha
 ms.author: justinha

docs/identity/authentication/concept-fido2-hardware-vendor.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft Entra ID attestation for FIDO2 security key vendors
 description: Explains requirements to prepare FIDO2 hardware for attestation with Microsoft Entra ID
-ms.date: 12/01/2024
+ms.date: 01/06/2025
 ms.service: entra-id
 ms.subservice: authentication
 author: justinha

docs/identity/authentication/concept-mandatory-multifactor-authentication.md

@@ -4,7 +4,7 @@ description: Plan for mandatory multifactor authentication for users who sign in
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 12/03/2024
+ms.date: 01/06/2025
 ms.author: justinha
 author: najshahid
 manager: amycolannino

docs/identity/authentication/concept-mfa-authprovider.md

@@ -6,7 +6,7 @@ description: When should you use an authentication provider with Microsoft Entra
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 10/03/2024
+ms.date: 01/06/2025
 
 ms.author: justinha
 author: justinha
@@ -16,15 +16,15 @@ ms.reviewer: jpettere
 # When to use a Microsoft Entra multifactor authentication provider
 
 > [!IMPORTANT]
-> Effective September 1st, 2018 new auth providers may no longer be created. Existing auth providers may continue to be used and updated, but migration is no longer possible. Multifactor authentication will continue to be available as a feature in Microsoft Entra ID P1 or P2 licenses.
+> Effective September 1, 2018 new auth providers may no longer be created. Existing auth providers may continue to be used and updated, but migration is no longer possible. Multifactor authentication continues to be available as a feature in Microsoft Entra ID P1 or P2 licenses.
 
 Two-step verification is available by default for administrators in Microsoft Entra ID, and Microsoft 365 users. However, if you wish to take advantage of [advanced features](howto-mfa-mfasettings.md) then you should enable Microsoft Entra multifactor authentication by using Conditional Access. For more information, see [Common Conditional Access policy: Require MFA for all users](~/identity/conditional-access/howto-conditional-access-policy-all-users-mfa.md).
 
 A Microsoft Entra multifactor authentication provider is used to take advantage of features provided by Microsoft Entra multifactor authentication for users who **don't have licenses**.
 
-## Caveats related to the Azure MFA SDK
+## Caveats related to the Microsoft Entra multifactor authentication SDK
 
-Note the SDK has been deprecated and will only continue to work until November 14, 2018. After that time, calls to the SDK will fail.
+Note the SDK is deprecated and calls to the SDK fail after November 14, 2018
 
 ## What is an MFA provider?
 
@@ -36,18 +36,18 @@ You can't change the usage model (per enabled user or per authentication) after
 
 If you purchased enough licenses to cover all users that are enabled for MFA, you can delete the MFA provider altogether.
 
-If your MFA provider isn't linked to a Microsoft Entra tenant, or you link the new MFA provider to a different Microsoft Entra tenant, user settings and configuration options aren't transferred. Also, existing Azure MFA Servers need to be reactivated using activation credentials generated through the MFA Provider.
+If your MFA provider isn't linked to a Microsoft Entra tenant, or you link the new MFA provider to a different Microsoft Entra tenant, user settings and configuration options aren't transferred. Also, existing Microsoft Entra multifactor authentication Servers need to be reactivated using activation credentials generated through the MFA Provider.
 
 ### Removing an authentication provider
 
 > [!CAUTION]
-> There is no confirmation when deleting an authentication provider. Selecting **Delete** is a permanent process.
+> There's no confirmation when deleting an authentication provider. Selecting **Delete** is a permanent process.
 
 Authentication providers can be found in the [Microsoft Entra admin center](https://entra.microsoft.com). Sign in as at least an [Authentication Policy Administrator](~/identity/role-based-access-control/permissions-reference.md#authentication-policy-administrator). Browse to **Protection** > **Multifactor authentication** > **Providers**. Click the listed providers to see details and configurations associated with that provider.
 
 Before removing an authentication provider, take note of any customized settings configured in your provider. Decide what settings need to be migrated to general MFA settings from your provider and complete the migration of those settings. 
 
-Azure MFA Servers linked to providers will need to be reactivated using credentials generated under **Server settings**. Before reactivating, the following files must be deleted from the `\Program Files\Multi-Factor Authentication Server\Data\` directory on Azure MFA Servers in your environment:
+Microsoft Entra multifactor authentication Servers linked to providers need to be reactivated using credentials generated under **Server settings**. Before reactivating, the following files must be deleted from the `\Program Files\Multi-Factor Authentication Server\Data\` directory on Microsoft Entra multifactor authentication Servers in your environment:
 
 - caCert
 - cert
@@ -62,10 +62,10 @@ Azure MFA Servers linked to providers will need to be reactivated using credenti
 After you confirm that all settings are migrated, browse to **Providers** and select the ellipses **...** and select **Delete**.
 
 > [!WARNING]
-> Deleting an authentication provider will delete any reporting information associated with that provider. You may want to save activity reports before deleting your provider.
+> Deleting an authentication provider deletes any reporting information associated with that provider. You may want to save activity reports before deleting your provider.
 
 > [!NOTE]
-> Users with older versions of the Microsoft Authenticator app and Azure MFA Server may need to re-register their app.
+> Users with older versions of the Microsoft Authenticator app and Microsoft Entra multifactor authentication Server may need to re-register their app.
 
 ## Next steps
 

docs/identity/authentication/concept-mfa-data-residency.md

@@ -6,7 +6,7 @@ description: Learn what personal and organizational data Microsoft Entra multifa
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 11/27/2024
+ms.date: 01/06/2025
 
 ms.author: justinha
 author: justinha

docs/identity/authentication/concept-mfa-howitworks.md

@@ -6,7 +6,7 @@ description: Learn how Microsoft Entra multifactor authentication helps safeguar
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 12/08/2024
+ms.date: 01/06/2025
 
 ms.author: justinha
 author: justinha

docs/identity/authentication/concept-mfa-licensing.md

@@ -6,7 +6,7 @@ description: Learn about the Microsoft Entra multifactor authentication client a
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 10/03/2024
+ms.date: 01/06/2025
 
 ms.author: justinha
 author: justinha

docs/identity/authentication/concept-mfa-regional-opt-in.md

@@ -5,7 +5,7 @@ description: To protect customers, some regions require a support ticket to requ
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 11/27/2024
+ms.date: 01/06/2025
 
 author: aloom3
 ms.author: justinha

docs/identity/authentication/concept-mfa-telephony-fraud.md

@@ -5,7 +5,7 @@ description: Understanding International Revenue Share Fraud (IRSF) is crucial f
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 11/27/2024
+ms.date: 01/06/2025
 
 author: aloom3
 ms.author: justinha

docs/identity/authentication/concept-password-ban-bad-combined-policy.md

@@ -6,7 +6,7 @@ ms.service: entra-id
 ms.subservice: authentication
 ms.custom: has-azure-ad-ps-ref, azure-ad-ref-level-one-done
 ms.topic: conceptual
-ms.date: 11/27/2024
+ms.date: 01/06/2025
 
 ms.author: justinha
 author: justinha
@@ -16,7 +16,7 @@ ms.reviewer: tilarso
 # Combined password policy and check for weak passwords in Microsoft Entra ID
 
 Beginning in October 2021, Microsoft Entra validation for compliance with password policies also includes a check for [known weak passwords](concept-password-ban-bad.md) and their variants. 
-This topic explains details about the password policy criteria checked by Microsoft Entra ID. 
+This article explains details about the password policy criteria checked by Microsoft Entra ID. 
 
 <a name='azure-ad-password-policies'></a>
 
@@ -34,12 +34,12 @@ The following Microsoft Entra password policy requirements apply for all passwor
 | Characters not allowed | Unicode characters |
 | Password length |Passwords require<br>- A minimum of eight characters<br>- A maximum of 256 characters</li> |
 | Password complexity |Passwords require three out of four of the following categories:<br>- Uppercase characters<br>- Lowercase characters<br>- Numbers <br>- Symbols<br> Note: Password complexity check isn't required for Education tenants. |
-| Password not recently used | When a user changes their password, the new password should not be the same as the current password. |
+| Password not recently used | When a user changes their password, the new password shouldn't be the same as the current password. |
 | Password isn't banned by [Microsoft Entra Password Protection](concept-password-ban-bad.md) | The password can't be on the global list of banned passwords for Microsoft Entra Password Protection, or on the customizable list of banned passwords specific to your organization. |
 
 ## Password expiration policies
 
-Password expiration policies are unchanged but they're included in this topic for completeness. Those assigned at least the [User Administrator](../role-based-access-control/permissions-reference.md#user-administrator) role can use the [Microsoft Graph PowerShell cmdlets](/powershell/microsoftgraph/) to set user passwords not to expire.
+Password expiration policies are unchanged but they're included in this article for completeness. Those assigned at least the [User Administrator](../role-based-access-control/permissions-reference.md#user-administrator) role can use the [Microsoft Graph PowerShell cmdlets](/powershell/microsoftgraph/) to set user passwords not to expire.
 
 > [!NOTE]
 > By default, only passwords for user accounts that aren't synchronized through Microsoft Entra Connect can be configured to not expire. For more information about directory synchronization, see [Connect AD with Microsoft Entra ID](~/identity/hybrid/connect/how-to-connect-password-hash-synchronization.md#password-expiration-policy).

docs/identity/authentication/concept-password-ban-bad-on-premises.md

@@ -5,7 +5,7 @@ description: Ban weak passwords in on-premises Active Directory Domain Services
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 02/12/2024
+ms.date: 01/06/2025
 ms.author: justinha
 author: justinha
 manager: amycolannino

docs/identity/authentication/concept-password-ban-bad.md

@@ -5,7 +5,7 @@ description: Learn how to dynamically ban weak passwords from your environment w
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 04/03/2024
+ms.date: 01/06/2025
 
 ms.author: justinha
 author: justinha
@@ -14,7 +14,7 @@ ms.reviewer: miminans
 ---
 # Eliminate bad passwords using Microsoft Entra Password Protection
 
-A lot of security guidance recommends that you don't use the same password in multiple places, to make it complex, and to avoid simple passwords like *Password123*. You can provide your users with [guidance on how to choose passwords](https://www.microsoft.com/research/publication/password-guidance), but weak or insecure passwords are often still used. Microsoft Entra Password Protection detects and blocks known weak passwords and their variants, and can also block other weak terms that are specific to your organization.
+As a general rule, security guidance recommends that you don't use the same password in multiple places, to make it complex, and to avoid simple passwords like *Password123*. You can provide your users with [guidance on how to choose passwords](https://www.microsoft.com/research/publication/password-guidance), but weak or insecure passwords are often still used. Microsoft Entra Password Protection detects and blocks known weak passwords and their variants, and can also block other weak terms that are specific to your organization.
 
 With Microsoft Entra Password Protection, default global banned password lists are automatically applied to all users in a Microsoft Entra tenant. To support your own business and security needs, you can define entries in a custom banned password list. When users change or reset their passwords, these banned password lists are checked to enforce the use of strong passwords.
 
@@ -49,9 +49,9 @@ Some organizations want to improve security and add their own customizations on
 When terms are added to the custom banned password list, they're combined with the terms in the global banned password list. Password change or reset events are then validated against the combined set of these banned password lists.
 
 > [!NOTE]
-> The custom banned password list is limited to a maximum of 1000 terms. It's not designed for blocking extremely large lists of passwords.
+> The custom banned password list is limited to a maximum of 1,000 terms. It isn't designed for blocking extremely large lists of passwords.
 >
-> To fully leverage the benefits of the custom banned password list, first understand [how are passwords evaluated](#how-are-passwords-evaluated) before you add terms to the custom banned list. This approach lets you efficiently detect and block large numbers of weak passwords and their variants.
+> To fully apply the benefits of the custom banned password list, first understand [how are passwords evaluated](#how-are-passwords-evaluated) before you add terms to the custom banned list. This approach lets you efficiently detect and block large numbers of weak passwords and their variants.
 
 ![Modify the custom banned password list under Authentication Methods](./media/tutorial-configure-custom-password-protection/enable-configure-custom-banned-passwords-cropped.png)
 
@@ -153,7 +153,7 @@ Consider the following example:
 
 #### Substring matching (on specific terms)
 
-Substring matching is used on the normalized password to check for the user's first and last name as well as the tenant name. Tenant name matching isn't done when validating passwords on an AD DS domain controller for on-premises hybrid scenarios.
+Substring matching is used on the normalized password to check for the user's first and last name, and the tenant name. Tenant name matching isn't done when validating passwords on an AD DS domain controller for on-premises hybrid scenarios.
 
 > [!IMPORTANT]
 > Substring matching is only enforced for names, and other terms, that are at least four characters long.
@@ -170,7 +170,7 @@ Consider the following example:
 
 The next step is to identify all instances of banned passwords in the user's normalized new password. Points are assigned based on the following criteria:
 
-1. Each banned password that's found in a user's password is given one point.
+1. Each banned password found in a user's password is given one point.
 1. Each remaining character that isn't part of a banned password is given one point.
 1. A password must be at least five (5) points to be accepted.