Merge pull request #578 from MicrosoftDocs/main

11/28/2023 AM Publish

.openpublishing.redirection.json

@@ -46,6 +46,11 @@
       "source_path_from_root": "/docs/identity-platform/msal-v1-app-scopes.md",
       "redirect_url": "/entra/identity-platform/msal-acquire-cache-tokens",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/docs/identity/authentication/multi-factor-authentication-wizard.md",
+      "redirect_url": "/entra/identity/conditional-access/howto-conditional-access-policy-all-users-mfa",
+      "redirect_document_id": false
     }
 
   ]

docs/external-id/customers/concept-planning-your-solution.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 
 ms.subservice: ciam
 ms.topic: conceptual
-ms.date: 05/31/2023
+ms.date: 11/27/2023
 ms.author: mimart
 ms.custom: it-pro
 
@@ -100,6 +100,8 @@ When planning your sign-up and sign-in experience, determine your requirements:
 
 - **Attributes to collect**. In the user flow settings, you can select from a set of built-in user attributes you want to collect from customers. The customer enters the information on the sign-up page, and it's stored with their profile in your directory. If you want to collect more information, you can [define custom attributes](how-to-define-custom-attributes.md) and add them to your user flow.
 
+- **Terms and conditions consent**. You can use custom user attributes to prompt users to accept your terms and conditions. For example, you can add checkboxes to your sign-up form and include links to your terms of use and privacy policies.
+
 - **Requirements for token claims**. If your application requires specific user attributes, you can include them in the token sent to your application.
 
 - **Social identity providers**. You can set up social identity providers [Google](how-to-google-federation-customers.md) and [Facebook](how-to-facebook-federation-customers.md) and then add them to your user flow as sign-in options.

docs/external-id/customers/overview-customers-ciam.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 
 ms.subservice: ciam
 ms.topic: overview
-ms.date: 06/27/2023
+ms.date: 11/27/2023
 ms.author: mimart
 ms.custom: it-pro
 
@@ -66,6 +66,8 @@ Microsoft Entra ID for customers is intended for businesses that want to make ap
 
 - **Provide self-service account management.** Customers can register for your online services by themselves, manage their profile, delete their account, enroll in a multifactor authentication (MFA) method, or reset their password with no admin or help desk assistance.
 
+- **Consent to your terms of use and privacy policies.** You can prompt users to accept your terms and conditions during sign-up. By using customer user attributes, you can add checkboxes to your sign-up form and include links to your terms of use and privacy policies.
+
 Learn more about [adding sign-in and sign-up to your app](concept-planning-your-solution.md) and [customizing the sign-in look and feel](concept-branding-customers.md).
 
 ## Design user flows for self-service sign-up

docs/fundamentals/whats-new-archive.md

@@ -177,7 +177,7 @@ The Azure Active Directory Insights tab in Microsoft Entra Permissions Managemen
 **Service category:** MFA                           
 **Product capability:** Identity Security & Protection              
 
-The in portal guide to configure multi-factor authentication helps you get started with Azure Active Directory's MFA capabilities. You can find this guide under the Tutorials tab in the Azure AD Overview. For more information, see: [Configure multi-factor authentication using the portal guide](~/identity/authentication/multi-factor-authentication-wizard.md).
+The in portal guide to configure multi-factor authentication helps you get started with Azure Active Directory's MFA capabilities. You can find this guide under the Tutorials tab in the Azure AD Overview. 
 
 ---
 

docs/id-governance/entitlement-management-access-package-manage-lifecycle.md

@@ -30,7 +30,7 @@ Entitlement management allows you to gain visibility into the state of a guest u
 - **Blank** - The lifecycle for the guest user isn't determined. This happens when the guest user had an access package assigned before managing user lifecycle was possible.
 
 > [!NOTE]
-> When a guest user is set as **Governed**, based on ELM tenant settings their account will be deleted or disabled in specified days after their last access package assignment expires.  Learn more about ELM settings here: [Manage external access with Microsoft Entra entitlement management](~/architecture/6-secure-access-entitlement-managment.md).
+> When a guest user is set as **Governed**, based on entitlement management tenant-wide settings their account will be deleted or disabled in specified days after their last access package assignment expires.  Learn more about entitlement management settings here: [Manage external access with Microsoft Entra entitlement management](~/architecture/6-secure-access-entitlement-managment.md).
 
 You can directly convert ungoverned users to be governed by using the **Mark Guests as Governed (preview)** functionality in the top menu bar.
 

docs/id-governance/entitlement-management-ticketed-provisioning.md

@@ -221,7 +221,7 @@ At this point it's time to configure ServiceNow for resuming the entitlement man
 1. To create triggers within ServiceNow, you'd follow these steps:
     1. Select "*Add Trigger*" and then select "*updated*" trigger and run the trigger for every update.
     1. Add a filter condition by updating the condition as shown in the following image:
-        :::image type="content" source="media/entitlement-management-servicenow-integration/entitlement-management-servicenow-call-elm-assignment.png" alt-text="Screenshot of ServiceNow call elm resume API" lightbox="media/entitlement-management-servicenow-integration/entitlement-management-servicenow-call-elm-assignment.png":::
+        :::image type="content" source="media/entitlement-management-servicenow-integration/entitlement-management-servicenow-call-elm-assignment.png" alt-text="Screenshot of ServiceNow call entitlement management resume API" lightbox="media/entitlement-management-servicenow-integration/entitlement-management-servicenow-call-elm-assignment.png":::
     1. Select done.
     1. Select add an action
         :::image type="content" source="media/entitlement-management-servicenow-integration/entitlement-management-servicenow-flow-designer-trigger.png" alt-text="Screenshot of flow diagram trigger." lightbox="media/entitlement-management-servicenow-integration/entitlement-management-servicenow-flow-designer-trigger.png":::
@@ -240,7 +240,7 @@ When an end user requests access to an access package, the request is sent to th
 
 ## Receiving access to the requested access package as an end-user 
 
-The IT Support team works on the ticket create above to do necessary provisions and  close the ServiceNow ticket. When the ticket is closed, ServiceNow triggers a call to resume the Entitlement Management workflow. Once the request is completed, the requestor receives a notification from ELM that the request has been fulfilled. This streamlined workflow ensures that access requests are fulfilled efficiently, and users are notified promptly.
+The IT Support team works on the ticket create above to do necessary provisions and  close the ServiceNow ticket. When the ticket is closed, ServiceNow triggers a call to resume the Entitlement Management workflow. Once the request is completed, the requestor receives a notification from entitlement management that the request has been fulfilled. This streamlined workflow ensures that access requests are fulfilled efficiently, and users are notified promptly.
 
 :::image type="content" source="media/entitlement-management-servicenow-integration/entitlement-management-myaccess-request-history.png" alt-text="Screenshot of My Access request history." lightbox="media/entitlement-management-servicenow-integration/entitlement-management-myaccess-request-history.png":::
 

docs/id-governance/entitlement-management-verified-id-settings.md

@@ -1,5 +1,5 @@
 ---
-title: Configure verified ID settings for an access package in entitlement management
+title: Configure Verified ID settings for an access package in entitlement management
 description: Learn how to configure verified ID settings for an access package in entitlement management.
 services: active-directory
 documentationCenter: ''
@@ -18,7 +18,7 @@ ms.collection: M365-identity-device-management
 
 ---
 
-# Configure verified ID settings for an access package in entitlement management
+# Configure Verified ID settings for an access package in entitlement management
 
 When setting up an access package policy, admins can specify whether it’s for users in the directory, connected organizations, or any external user. Entitlement Management determines if the person requesting the access package is within the scope of the policy. 
 
@@ -30,7 +30,7 @@ This article describes how to configure the verified ID requirement settings for
 
 ## Prerequisites
 
-Before you begin, you must set up your tenant to use the [Microsoft Entra Verified ID service](~/verified-id/decentralized-identifier-overview.md). You can find detailed instructions on how to do that here: [Configure your tenant for Microsoft Entra Verified ID](~/verified-id/verifiable-credentials-configure-tenant.md). 
+Before you begin, you must set up your tenant to use the [Microsoft Entra Verified ID service](~/verified-id/decentralized-identifier-overview.md). You can find detailed instructions on how to do that here: [Configure your tenant for Microsoft Entra Verified ID](~/verified-id/verifiable-credentials-configure-tenant-quick.md). 
 
 
 ## License requirements