Merge pull request #5365 from MicrosoftDocs/main

9/30/2024 PM Publish

docs/fundamentals/how-to-customize-branding.md

@@ -97,7 +97,7 @@ The sign-in experience process is grouped into sections. At the end of each sect
     - Choose one of two **Templates**: Full-screen or partial-screen background. The full-screen background could obscure your background image, so choose the partial-screen background if your background image is important.
     - The details of the **Header** and **Footer** options are set on the next two sections of the process.
 
-   :::image type="content" source="media/how-to-customize-branding/layout-visual-templates.png" alt-text="Screenshot of the Layout tab.":::
+   :::image type="content" source="media/how-to-customize-branding/layout-visual-templates.png" alt-text="Screenshot of the Layout tab for customizing branding.":::
 
 - **Custom CSS:** Upload a custom CSS file to replace the Microsoft default style of the page.
     - [Download the CSS template](https://download.microsoft.com/download/7/2/7/727f287a-125d-4368-a673-a785907ac5ab/custom-styles-template-013023.css).
@@ -124,7 +124,7 @@ If you haven't enabled the footer, go to the **Layout** section and select **Sho
 
     Uncheck this option to hide the default Microsoft link. Optionally provide your own **Display text** and **URL**. The text and links don't have to be related to your terms of use.
 
-    >[!IMPORTANT]
+    > [!IMPORTANT]
     > The default Microsoft 'Terms of Use' link is not the same as the Conditional Access Terms of Use. Seeing the terms here doesn't mean you've accepted those terms and conditions.
 
    :::image type="content" source="media/how-to-customize-branding/customize-branding-footer.png" alt-text="Screenshot of customizing branding on the Footer section.":::
@@ -145,9 +145,9 @@ If you haven't enabled the footer, go to the **Layout** section and select **Sho
 
 - **Username hint text:** Enter hint text for the username input field on the sign-in page. If guests use the same sign-in page, we don't recommend using hint text here.
 
-- **Sign-in page text:** Enter text that appears on the bottom of the sign-in page. You can use this text to communicate additional information, such as the phone number to your help desk or a legal statement. This page is public, so don't provide sensitive information here. This text must be Unicode and can't exceed 1024 characters.
+- **Sign-in page text:** Enter text that appears on the bottom of the sign-in page. You can use this text to communicate additional information, such as the phone number to your help desk or a legal statement. This page is public, so don't provide sensitive information here. This text must be Unicode and can't exceed 1,024 characters.
 
-    To begin a new paragraph, press the enter key twice. You can also change text formatting to include bold, italics, an underline, or clickable link. Use the following syntax to add formatting to text:
+    To begin a new paragraph, press the Enter key twice. You can also change text formatting to include bold, italics, an underline, or clickable link. Use the following syntax to add formatting to text:
 
     - Hyperlink: `[text](link)`
     - Bold: `**text**` or `__text__`

docs/fundamentals/how-to-manage-groups.yml

@@ -133,8 +133,6 @@ procedureSection:
         Scroll through the list or enter a group name in the search box. Select the group you need to manage.
       - |
         Select **Properties** from the side menu.
-
-        :::image type="content" source="media/how-to-manage-groups/groups-overview.png" alt-text="Screenshot of the Group overview page with Properties menu option highlighted.":::
       - |
         Update the **General settings** information as needed, including:
 

docs/fundamentals/how-to-manage-support-access-requests.md

@@ -1,14 +1,16 @@
 ---
-title: Approve and manage Microsoft Support access requests (preview)
-description: How to approve and manage Microsoft Support access requests to Microsoft Entra identity data
+title: Approve and manage support access requests (preview)
+description: Learn how to approve and manage the Microsoft Support access requests to Microsoft Entra identity data
 author: shlipsey3
 manager: amycolannino
 ms.author: sarahlipsey
 ms.reviewer: jeffsta
 ms.service: entra
 ms.topic: how-to
 ms.subservice: fundamentals
-ms.date: 02/20/2024
+ms.date: 09/27/2024
+
+# Customer intent: As an IT admin, I want to learn how to approve and manage Microsoft Support access requests to Microsoft Entra identity data so that I can troubleshoot issues with Microsoft Support.
 ---
 
 # Approve and manage Microsoft Support access requests (preview)
@@ -37,7 +39,7 @@ Only authorized users in your tenant can view and manage Microsoft Support acces
 
 ## Approve or reject a support request
 
-You can approve or reject a support request from the Microsoft Support Access Requests (Preview) section. If you have a pending request, a banner message appears at the top of the page with a link to manage pending requests.
+You can approve or reject a support request from the Microsoft Support Access Requests (Preview) section. If you have a pending request, a banner message appears at the top of the page with a link to the manage pending requests.
 
 :::image type="content" source="media/how-to-manage-support-access-requests/diagnose-solve-problems-banner.png" alt-text="Screenshot of the Diagnose and solve problems page with the banner notification highlighted.":::
 

docs/identity/conditional-access/concept-token-protection.md

@@ -26,7 +26,7 @@ With this preview, we're giving you the ability to create a Conditional Access p
 > * **Sign In logs output:** The value of the string used in "enforcedSessionControls" and "sessionControlsNotSatisfied" changed from "Binding" to "SignInTokenProtection" in late June 2023. Queries on Sign In Log data should be updated to reflect this change.
 
 > [!NOTE]
-> We may interchange sign in tokens and refresh tokens in this content. This preview doesn't currently support access tokens or web cookies.
+> We may interchange sign in tokens and refresh tokens in this content. If you want to provide protection for Microsoft 365 access tokens and application session cookies, consider trying [compliant network check enforcement](/entra/global-secure-access/how-to-compliant-network).
 
 :::image type="content" source="media/concept-token-protection/complete-policy-components-session.png" alt-text="Screenshot showing a Conditional Access policy requiring token protection as the session control":::
 

docs/identity/conditional-access/managed-policies.md

@@ -66,7 +66,12 @@ To apply this policy to more users, duplicate it and change the assignments.
 
 This policy covers all users and requires MFA and reauthentication when we detect high-risk sign-ins. High-risk in this case means something about the way the user signed in is out of the ordinary. These high-risk sign-ins might include: travel that is highly abnormal, password spray attacks, or token replay attacks. For more information about these risk definitions, see the article [What are risk detections](/entra/id-protection/concept-identity-protection-risks#sign-in-risk-detections).
 
-This policy targets Microsoft Entra ID P2 tenants where security defaults aren't enabled and there are enough licenses for each user. Microsoft doesn't allow risky users to register for MFA. To avoid locking out users, this policy is only available to organizations where every user is already registered for MFA. 
+This policy targets Microsoft Entra ID P2 tenants where security defaults aren't enabled. 
+-	If P2 licenses equal or exceed total MFA-registered active users, the policy will cover All Users. 
+-	If MFA-registered active users exceed P2 licenses, we will create and assign the policy to a capped security group based on available P2 licenses. You can modify membership of the policy’s security group. 
+
+To prevent attackers from taking over accounts, Microsoft doesn't allow risky users to register for MFA.
+
 
 ## Security defaults policies
 The following policies are available for when you upgrade from using security defaults.