MicrosoftDocs
diff --git a/‎.docutune/dictionaries/known-guids.json‎
Lines changed: 4 additions & 2 deletions b/‎.docutune/dictionaries/known-guids.json‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎docs/fundamentals/concept-learn-about-groups.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/fundamentals/concept-learn-about-groups.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/fundamentals/how-to-manage-stay-signed-in-prompt.yml‎
Lines changed: 2 additions & 2 deletions b/‎docs/fundamentals/how-to-manage-stay-signed-in-prompt.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/identity/app-provisioning/media/inbound-provisioning-api-logic-apps/logic-apps-instance-details.png‎
-7.94 KB b/‎docs/identity/app-provisioning/media/inbound-provisioning-api-logic-apps/logic-apps-instance-details.png‎
-7.94 KB
diff --git a/‎docs/identity/app-provisioning/media/inbound-provisioning-api-logic-apps/web-app-domain-name.png‎
-9.75 KB b/‎docs/identity/app-provisioning/media/inbound-provisioning-api-logic-apps/web-app-domain-name.png‎
-9.75 KB
diff --git a/‎docs/identity/app-provisioning/media/inbound-provisioning-api-powershell/properties.png‎
6.11 KB b/‎docs/identity/app-provisioning/media/inbound-provisioning-api-powershell/properties.png‎
6.11 KB
diff --git a/‎docs/identity/authentication/concept-mfa-regional-opt-in.md‎
Lines changed: 4 additions & 3 deletions b/‎docs/identity/authentication/concept-mfa-regional-opt-in.md‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎docs/identity/authentication/how-to-enable-authenticator-passkey.md‎
Lines changed: 5 additions & 2 deletions b/‎docs/identity/authentication/how-to-enable-authenticator-passkey.md‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎docs/identity/authentication/how-to-register-passkey-authenticator.md‎
Lines changed: 8 additions & 3 deletions b/‎docs/identity/authentication/how-to-register-passkey-authenticator.md‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎docs/identity/monitoring-health/howto-use-health-scenario-alerts.md‎
Lines changed: 7 additions & 7 deletions b/‎docs/identity/monitoring-health/howto-use-health-scenario-alerts.md‎
Lines changed: 7 additions & 7 deletions
@@ -1233,7 +1233,6 @@
   "Microsoft Cloud App Security_1": "df845ce7-05f9-4894-b5f2-11bbfbcfd2b6",
   "Microsoft Cloud App Security_2": "2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2",
   "Marketo Sales Engage": "0b4dcf5f-e476-465b-8d46-538e19df4943",
-  "Azure VPN Client": "41b23e61-6c1e-4545-b367-cd054e0ed4b4",
   "Microsoft Commerce Tools Authentication Service": "dae9ab2c-0d46-41d1-969c-15f3b5005024",
   "Microsoft Forms": "c9a559d2-7aab-4f13-a6ed-e7e9c52aec87",
   "Microsoft Frontbridge": "0fe2f700-2fcd-47cd-8347-d6b245233ffc",
@@ -3678,5 +3677,8 @@
   "Azure VPN client - Manually registered, Azure Public" : "41b23e61-6c1e-4545-b367-cd054e0ed4b4",
   "Azure VPN client - Manually registered, Azure Government" : "51bb15d4-3a4f-4ebf-9dca-40096fe32426",
   "Azure VPN client - Manually registered, Azure Germany" : "538ee9e6-310a-468d-afef-ea97365856a9",
-  "Azure VPN client - Manually registered, Microsoft Azure operated by 21Vianet" : "49f817b6-84ae-4cc0-928c-73f27289b3aa"
+  "Azure VPN client - Manually registered, Microsoft Azure operated by 21Vianet" : "49f817b6-84ae-4cc0-928c-73f27289b3aa",
+  "Azure Resource Manager tenant ID - hardcoded" : "c0257de7-538f-415c-993a-1b87a031879d",
+  "Azure Databricks app ID" : "2ff814a6-3304-4ab8-85cb-cd0e6f879c1d",
+  "MQTT broker state store ID" : "FA9AE35F-2F64-47CD-9BFF-08E2B32A0FE8"
 }
@@ -44,7 +44,7 @@ There are two group types and three group membership types. Review the options t
 For example, you can create a security group so that all group members have the same set of security permissions. Members of a security group can include users, devices, [service principals](~/architecture/service-accounts-principal.md), and other groups (also known as nested groups), which define [access policy and permissions](identity-fundamental-concepts.md). Owners of a security group can include users and service principals.
 
 > [!NOTE]
-> When nesting an existing security group to another security group, only members in the parent group will have access to shared resources and applications. Nested group members don't have the same assigned membership as the parent group members. For more info about managing nested groups, see [How to manage groups](how-to-manage-groups.yml#add-members-or-owners-of-a-group).
+> When nesting an existing security group to another security group, only members in the parent group will have access to shared resources and applications. Nested group members don't have the same assigned membership as the parent group members. For more info about managing nested groups, see [How to manage groups](how-to-manage-groups.yml#add-a-group-to-another-group).
 
 **Microsoft 365:** Provides collaboration opportunities by giving group members access to a shared mailbox, calendar, files, SharePoint sites, and more.
 
 
@@ -7,7 +7,7 @@ metadata:
   ms.author: sarahlipsey
   manager: amycolannino
   ms.reviewer: almars
-  ms.date: 01/16/2024
+  ms.date: 10/23/2024
   ms.service: entra
   ms.subservice: fundamentals
   ms.topic: how-to
@@ -27,7 +27,7 @@ prerequisites:
   summary: |
     Configuring the 'keep me signed in' (KMSI) option requires one of the following licenses:
 
-      - Microsoft Entra ID P1 or P2
+      - Microsoft Entra ID Free
       - Office 365 (for Office apps)
       - Microsoft 365
 
 
@@ -205,12 +205,13 @@ For voice verification, the following region codes require an opt-in.
 | 252         |  Somalia                                       | 10                              |  30                                      |  
 | 501         |  Belize                                        | 10                              |  30                                      |
 | 855         |  Cambodia                                      | 50                              |  200                                     |
-| 84         |  Vietnam                                       | 50                              |  200                                     |
-| 94         |  Sri Lanka                                     | 50                              |  200                                     |
+| 84         |  Vietnam                                       | 150                              |  500                                     |
+| 94         |  Sri Lanka                                     | 100                              |  500                                     |
 | 63         |  Philippines                                   | 50                              |  200                                     |
 | 62         |  Indonesia                                     | 50                              |  200                                     |
-| 7         |  Russia                                        | 50                              |  200                                     |
+| 7         |  Russia                                        | 100                              |  1000                                     |
 | 258         |  Mozambique                                    | 50                              |  200                                     |
+| 92         |  Pakistan                                    | 100                              |  1000                                     |
 
 ## Next steps
 
 
@@ -5,7 +5,7 @@ description: Learn about how to enable passkeys in Microsoft Authenticator for M
 ms.service: entra-id
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 10/14/2024
+ms.date: 10/23/2024
 
 
 ms.author: justinha
@@ -47,7 +47,10 @@ An Authentication Policy Administrator needs to consent to allow Authenticator i
      When attestation is enabled in the passkey (FIDO) policy, Microsoft Entra ID tries to verify the legitimacy of the passkey being created. When the user is registering a passkey in the Authenticator, attestation verifies that the legitimate Microsoft Authenticator app created the passkey by using Apple and Google services. Here’s more details: 
 
      - iOS: Authenticator attestation uses the [iOS App Attest service](https://developer.apple.com/documentation/devicecheck/preparing-to-use-the-app-attest-service) to ensure the legitimacy of the Authenticator app before registering the passkey.  
-
+     
+       >[!NOTE]
+       >Support for registering passkeys in Authenticator when attestation is enforced is currently rolling out to iOS Authenticator app users. Support for registering attested passkeys in Authenticator on Android devices is available to all users in the latest version of the app.
+       
      - Android: 
        - For Play Integrity attestation, Authenticator attestation uses the [Play Integrity API](https://developer.android.com/google/play/integrity/overview) to ensure the legitimacy of the Authenticator app before registering the passkey.  
        - For Key attestation, Authenticator attestation uses [key attestation by Android](https://developer.android.com/privacy-and-security/security-key-attestation) to verify that the passkey being registered is hardware-backed.     
 
@@ -5,7 +5,7 @@ description: Registration and management of passkey with Authenticator on Androi
 ms.service: entra-id 
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 10/21/2024
+ms.date: 10/23/2024
 
 ms.author: justinha
 author: justinha
@@ -24,6 +24,9 @@ This article shows how to register a passkey using Microsoft Authenticator on yo
 
 Alternatively, you can add a passkey from your mobile device browser, or through cross-device registration using another device, such as a laptop. Your mobile device needs to run iOS version 17, or Android version 14, or later. 
 
+>[!NOTE]
+>Support for registering passkeys in Authenticator when attestation is enforced is currently rolling out to iOS Authenticator app users. Support for registering attested passkeys in Authenticator on Android devices is available to all users in the latest version of the app.
+
 | Scenario | iOS | Android |
 |------------------|---------------------------------|----------------|
 | **Same-device registration by signing into Authenticator**              | &#x2705;          | &#x2705;       |
@@ -36,6 +39,7 @@ Alternatively, you can add a passkey from your mobile device browser, or through
 
 ### Registration by signing in to Authenticator (iOS) (preview)
 
+
 You can sign in to Authenticator to create a passkey in the app and get seamless single sign-on (SSO) across Microsoft native apps. **This is the recommended and preferred flow to set up a passkey in Authenticator.** If you're signed in or already have an account in Authenticator, you still need to complete these steps to add a passkey in Authenticator.
 
 1. Download Authenticator from the App Store, open it, and go through the privacy screens.
@@ -91,7 +95,7 @@ You can sign in to Authenticator to create a passkey in the app and get seamless
    :::image type="content" border="true" source="media/howto-register-passwordless-passkey-direct-ios/new-authenticator-account.png" alt-text="Screenshot of a new account in Authenticator for iOS devices.":::
 
 
-### Passkey registration from Security Info (iOS)
+### Passkey registration from Security info (iOS)
 
 Security info by default will prompt users to sign in to the Authenticator app to register their passkey. 
 
@@ -114,6 +118,7 @@ Security info by default will prompt users to sign in to the Authenticator app t
    :::image type="content" border="true" source="media/howto-authenticate-passwordless-passkey-ios/complete-setup-in-authenticator.png" alt-text="Screenshot of wizard to complete the passkey setup in Authenticator.":::
 
 1. Add your account in Authenticator on your iOS device. If you just downloaded Authenticator, you can tap **Add work or school account** near the bottom of your iOS device. If already using Authenticator, tap **+** in the upper right corner of the app and then tap on **Add work or school account**.
+
    :::image type="content" border="true" source="media/howto-register-passwordless-passkey-direct-ios/add-account-ios.png" alt-text="Screenshot 233x433 of how to register using Microsoft Authenticator for iOS devices.":::
 
 1. The rest of the flow is similar to the flow shared earlier to sign in to the Authenticator and complete passkey registration. Complete MFA on your iOS device, and tap **Sign in**.
@@ -305,7 +310,7 @@ Security info by default will prompt users to sign in to the Authenticator app t
 
    :::image type="content" border="true" source="media/howto-authenticate-passwordless-passkey-android/passkey-android-security-info-laptop.png" alt-text="Screenshot of a new passkey on Android sign-in method in Security info on your other device.":::
 
-## Alternate registration flow on Security Info (Android)
+## Alternate registration flow on Security info (Android)
 
 If a user is unable to sign in to the Authenticator to register a passkey, you can fall back to triggering registration directly from Security Info. If initiating this flow from a browser on a different device, Bluetooth, an internet connection, and connectivity to these two endpoints must be allowed in your organization to enable cross-device registration and authentication:
 
 
@@ -1,21 +1,21 @@
 ---
-title: How to use Microsoft Entra health monitoring alerts (preview)
+title: How to use Microsoft Entra Health monitoring alerts (preview)
 description: Learn how to use the Microsoft Entra health monitoring alerts to monitor and improve the health of your tenant.
 author: shlipsey3
 manager: amycolannino
 ms.service: entra-id
 ms.topic: how-to
 ms.subservice: monitoring-health
-ms.date: 10/14/2024
+ms.date: 10/23/2024
 ms.author: sarahlipsey
 ms.reviewer: sarbar
 
 # Customer intent: As an IT admin, I want to learn how to use Microsoft Entra health monitoring to observe and improve the health of my tenant.
 ---
 
-# How to use Microsoft Entra health monitoring alerts (preview)
+# How to use Microsoft Entra Health monitoring alerts (preview)
 
-Microsoft Entra Health monitoring provides the ability to monitor the health of your Microsoft Entra tenant through a set of health metrics and intelligent alerts. Health metrics are fed into our anomaly detection service, which uses machine learning to understand the patterns for your tenant. When the anomaly detection service identifies a significant change one of the tenant-level patterns, it triggers an alert. You can also receive email notifications when a potential issue or failure condition is detected within the health scenarios. For more information on Microsoft Entra Health, see [What is Microsoft Entra Health](concept-microsoft-entra-health.md).
+Microsoft Entra Health monitoring provides the ability to monitor the health of your Microsoft Entra tenant through a set of health metrics and intelligent alerts. Health metrics are fed into our anomaly detection service, which uses machine learning to understand the patterns for your tenant. When the anomaly detection service identifies a significant change in one of the tenant-level patterns, it triggers an alert. You can receive email notifications when a potential issue or failure condition is detected within the health scenarios. For more information on Microsoft Entra Health, see [What is Microsoft Entra Health](concept-microsoft-entra-health.md).
 
 This article provides guidance on how to:
 
@@ -32,7 +32,7 @@ This article provides guidance on how to:
 - Newly onboarded tenants might not have enough data to generate alerts for about 30 days.
 - Currently, alerts are only available with the Microsoft Graph API.
 
-## How to access Microsoft Entra Health
+## Access Microsoft Entra Health
 
 You can view the Microsoft Entra Health service level agreement (SLA) attainment report and the health monitoring signals from the Microsoft Entra admin center. You can also view these data streams, and the public preview of health monitoring alerts, using [Microsoft Graph APIs](/graph/api/resources/healthmonitoring-overview?view=graph-rest-beta&preserve-view=true). [Enable the Scenario monitoring preview](https://entra.microsoft.com/?feature.tokencaching=true&feature.internalgraphapiversion=true#view/Microsoft_AAD_IAM/FeaturePreviewsListBlade).
 
@@ -128,7 +128,7 @@ With the email notifications configured, you and your team can more effectively
     ```http
     GET https://graph.microsoft.com/beta/reports/healthMonitoring/alerts/{alertId}
     ```
-For sample requests and responses, see [Health  monitoring List alert objects](/graph/api/healthmonitoring-healthmonitoringroot-list-alerts?view=graph-rest-beta&preserve-view=true).
+For sample requests and responses, see [Health monitoring List alert objects](/graph/api/healthmonitoring-healthmonitoringroot-list-alerts?view=graph-rest-beta&preserve-view=true).
 - The portion of the response after `impacts` make up the impact summary for the alert.
 - The `supportingData` portion includes the full query used to generate the alert.
 - The results of the query include everything identified by the anomaly detection service, but there might be results that aren't directly related to the alert.
@@ -139,7 +139,7 @@ For sample requests and responses, see [Health  monitoring List alert objects](/
     - If you need to modify Conditional Access policies, you need the [Conditional Access Administrator](../role-based-access-control/permissions-reference.md#conditional-access-administrator) role.
 1. Browse to **Monitoring & health** > **Sign-in logs**.
     - Adjust the time range to match the alert time frame.
-    - Add a **filter** for Conditional Access.
+    - Add a filter for Conditional Access.
     - Select a log entry to view the sign-in logs details and select the Conditional Access tab to see the policies that were applied.
 
 ### View the scenario-specific resources