Merge pull request #6208 from MicrosoftDocs/main

12/5/2024 PM Publish

docs/external-id/customers/reference-training-videos.md

@@ -8,7 +8,7 @@ ms.service: entra-external-id
 
 ms.subservice: external
 ms.topic: concept-article
-ms.date: 10/14/2024
+ms.date: 12/05/2024
 ms.author: mimart
 ms.custom: it-pro
 
@@ -50,16 +50,24 @@ Microsoft Entra External ID is Microsoft’s customer identity and access manage
 
 > [!VIDEO https://www.youtube.com/embed/XuxXCMOYiSc?si=yX21DVcKsozFPM0v]
 
-### Get started with Microsoft Entra external ID
+### Microsoft Entra external ID overview
 
-This tutorial guides you through creating a new Microsoft Entra External ID tenant and helps you get started with running a sample app and signing in your users. It also explores the various components involved and discusses ways to enhance your configuration.
+Microsoft Entra External ID allows secure and customizable sign-ins for customer-facing apps. For businesses that want to provide their customers with apps for buying products, subscribing to services, or accessing their account data, it offers robust customer identity and access management (CIAM). It lets you easily integrate your apps and get all the security, reliability, and scalability benefits of Microsoft Entra. This video highlights some of the most commonly used Entra external ID features.
+
+> [!VIDEO https://www.youtube.com/embed/zb5tpY1sGaE?si=n1KLhaTF044jhnex]
 
-> [!VIDEO https://www.youtube.com/embed/AgjAgcBOehU?si=Rqg7UHxq-43VpCjy]
 ### Woodgrove Groceries live demo
 
 The Woodgrove Groceries live demo is a fictional global food retailer that uses Microsoft Entra External ID for its online shopping app. This video shows how to use the live demo and demonstrates how you can try out the authentication features you can configure for customer-facing apps.
 
 > [!VIDEO https://www.youtube.com/embed/ZRhD-1WLrh8?si=y5iXA9dNskWfXO-Z]
+
+### Get started with Microsoft Entra external ID
+
+This tutorial guides you through creating a new Microsoft Entra External ID tenant and helps you get started with running a sample app and signing in your users. It also explores the various components involved and discusses ways to enhance your configuration.
+
+> [!VIDEO https://www.youtube.com/embed/AgjAgcBOehU?si=Rqg7UHxq-43VpCjy]
+
 ### Enable sign-in with social accounts
 
 The video covers how to integrate social identity providers like Facebook, Google and Apple into application sign-up and sign-in flows. It focuses on how you can enhance and personalize the registration experience. It also describes ways to ensure robust security and manage users efficiently using Microsoft Entra External ID.

docs/global-secure-access/concept-universal-conditional-access.md

@@ -45,7 +45,7 @@ With Conditional Access, you can enable access controls and security policies fo
 - Apply Conditional Access policies to your [Private Access apps](how-to-target-resource-private-access-apps.md), such as Quick Access.
 - Enable [Global Secure Access signaling in Conditional Access](how-to-source-ip-restoration.md) so the source IP address is visible in the appropriate logs and reports.
 
-## Internet Access – Universal Conditional Access
+## Internet Access flow diagram
 
 The following example demonstrates how Microsoft Entra Internet Access works when you apply Universal Conditional Access policies to network traffic.
 

docs/global-secure-access/how-to-configure-web-content-filtering.md

@@ -93,8 +93,7 @@ Create a Conditional Access policy for end users or groups and deliver your secu
 1. In the **Enable policy** section, ensure **On** is selected.
 1. Select **Create**.
 
-## Internet Access – web content filtering
-
+## Internet Access flow diagram
 This example demonstrates the flow of Microsoft Entra Internet Access traffic when you apply web content filtering policies.
 
 The following flow diagram illustrates web content filtering policies blocking or allowing access to internet resources.

docs/identity/hybrid/connect/choose-ad-authn.md

@@ -4,7 +4,7 @@ description: This guide helps CEOs, CIOs, CISOs, Chief Identity Architects, Ente
 keywords:
 author: billmath
 ms.author: billmath
-ms.date: 11/06/2023
+ms.date: 12/05/2024
 manager: amycolannino
 ms.topic: article
 ms.service: entra-id

docs/identity/hybrid/connect/concept-adsync-service-account.md

@@ -7,16 +7,16 @@ manager: amycolannino
 ms.service: entra-id
 ms.tgt_pltfrm: na
 ms.topic: conceptual
-ms.date: 11/06/2023
+ms.date: 12/05/2024
 ms.subservice: hybrid-connect
 ms.author: billmath
 
 ---
 
 # ADSync service account
-Microsoft Entra Connect installs an on-premises service which orchestrates synchronization between Active Directory and Microsoft Entra ID.  The Microsoft Entra ID Sync synchronization service (ADSync) runs on a server in your on-premises environment.  The credentials for the service are set by default in the Express installations but may be customized to meet your organizational security requirements.  These credentials aren't used to connect to your on-premises forests or Microsoft Entra ID.
+Microsoft Entra Connect installs an on-premises service which orchestrates synchronization between Active Directory and Microsoft Entra ID.  The Microsoft Entra ID Sync synchronization service (ADSync) runs on a server in your on-premises environment. The credentials for the service are set by default in the Express installations but may be customized to meet your organizational security requirements. These credentials aren't used to connect to your on-premises forests or Microsoft Entra ID.
 
-Choosing the ADSync service account is an important planning decision to make prior to installing Microsoft Entra Connect.  Any attempt to change the credentials after installation will result in the service failing to start, losing access to the synchronization database, and failing to authenticate with your connected directories (Azure and AD DS).  No synchronization will occur until the original credentials are restored.
+Choosing the ADSync service account is an important planning decision to make before installing Microsoft Entra Connect. Any attempt to change the credentials after installation will result in the service failing to start, losing access to the synchronization database, and failing to authenticate with your connected directories (Azure and AD DS). No synchronization occurs until the original credentials are restored.
 
 The sync service can run under different accounts. It can run under a Virtual Service Account (VSA), a Managed Service Account (gMSA/sMSA), or a regular User Account. The supported options were changed with the 2017 April release and 2021 March release of Microsoft Entra Connect when you do a fresh installation. If you upgrade from an earlier release of Microsoft Entra Connect, these additional options aren't available. 
 
@@ -70,7 +70,7 @@ To use this option, on the [Install required components](how-to-connect-install-
 
  ![managed service account](media/concept-adsync-service-account/account-2.png)
 
-It is also supported to use a standalone managed service account. However, these can only be used on the local machine and there's no benefit to using them over the default Virtual Service Account. 
+It's also supported to use a standalone managed service account. However, these can only be used on the local machine and there's no benefit to using them over the default Virtual Service Account. 
 
 ### Auto-generated standalone Managed Service Account 
 
@@ -82,7 +82,7 @@ This account is intended to be used with scenarios where the sync engine and SQL
 
 ## User Account 
 
-A local service account is created by the installation wizard (unless you specify the account to use in custom settings). The account is prefixed AAD_ and used for the actual sync service to run as. If you install Microsoft Entra Connect on a Domain Controller, the account is created in the domain. The AAD_ service account must be located in the domain if: 
+The installation wizard creates a local service account (unless you specify the account to use in custom settings). The account is prefixed AAD_ and used for the actual sync service to run as. If you install Microsoft Entra Connect on a Domain Controller, the account is created in the domain. The AAD_ service account must be located in the domain if: 
 - You use a remote server running SQL Server 
 - You use a proxy that requires authentication 
 
@@ -92,7 +92,7 @@ The account is created with a long complex password that doesn't expire.
 
 This account is used to store passwords for the other accounts in a secure way. These other accounts passwords are stored encrypted in the database. The private keys for the encryption keys are protected with the cryptographic services secret-key encryption using Windows Data Protection API (DPAPI). 
 
-If you use a full SQL Server, then the service account is the DBO of the created database for the sync engine. The service won't function as intended with any other permission. A SQL login is also created. 
+If you use a full SQL Server, then the service account is the DBO of the created database for the sync engine. The service won't function as intended with any other permission. A SQL sign-in is also created. 
 
 The account is also granted permission to files, registry keys, and other objects related to the Sync Engine. 
 

docs/identity/hybrid/connect/concept-azure-ad-connect-sync-architecture.md

@@ -9,7 +9,7 @@ ms.assetid: 465bcbe9-3bdd-4769-a8ca-f8905abf426d
 ms.service: entra-id
 ms.tgt_pltfrm: na
 ms.topic: conceptual
-ms.date: 11/06/2023
+ms.date: 12/05/2024
 ms.subservice: hybrid-connect
 ms.author: billmath
 

docs/identity/hybrid/connect/concept-azure-ad-connect-sync-declarative-provisioning-expressions.md

@@ -8,7 +8,7 @@ ms.assetid: e3ea53c8-3801-4acf-a297-0fb9bb1bf11d
 ms.service: entra-id
 ms.tgt_pltfrm: na
 ms.topic: conceptual
-ms.date: 11/06/2023
+ms.date: 12/05/2024
 ms.subservice: hybrid-connect
 ms.author: billmath
 
@@ -17,11 +17,11 @@ ms.author: billmath
 # Microsoft Entra Connect Sync: Understanding Declarative Provisioning Expressions
 Microsoft Entra Connect Sync builds on declarative provisioning first introduced in Forefront Identity Manager 2010. It allows you to implement your complete identity integration business logic without the need to write compiled code.
 
-An essential part of declarative provisioning is the expression language used in attribute flows. The language used is a subset of Microsoft® Visual Basic® for Applications (VBA). This language is used in Microsoft Office and users with experience of VBScript will also recognize it. The Declarative Provisioning Expression Language is only using functions and is not a structured language. There are no methods or statements. Functions are instead nested to express program flow.
+An essential part of declarative provisioning is the expression language used in attribute flows. The language used is a subset of Microsoft® Visual Basic® for Applications (VBA). This language is used in Microsoft Office and users with experience of VBScript will also recognize it. The Declarative Provisioning Expression Language is only using functions and isn't a structured language. There are no methods or statements. Functions are instead nested to express program flow.
 
-For more details, see [Welcome to the Visual Basic for Applications language reference for Office 2013](/office/vba/api/overview/language-reference).
+For more information, see [Welcome to the Visual Basic for Applications language reference for Office 2013](/office/vba/api/overview/language-reference).
 
-The attributes are strongly typed. A function only accepts attributes of the correct type. It is also case-sensitive. Both function names and attribute names must have proper casing or an error is thrown.
+The attributes are strongly typed. A function only accepts attributes of the correct type. It's also case-sensitive. Both function names and attribute names must have proper casing or an error is thrown.
 
 ## Language definitions and Identifiers
 * Functions have a name followed by arguments in brackets: FunctionName(argument 1, argument N).
@@ -40,7 +40,7 @@ Declarative provisioning uses many functions to enable the possibility to transf
 The complete list of functions can be found in the [function reference](reference-connect-sync-functions-reference.md).
 
 ### Parameters
-A parameter is defined either by a Connector or by an administrator using PowerShell. Parameters usually contain values that are different from system to system, for example the name of the domain the user is located in. These parameters can be used in attribute flows.
+A parameter is defined either by a Connector or by an administrator using PowerShell. Parameters usually contain values that are different from system to system, for example, the name of the domain the user is located in. These parameters can be used in attribute flows.
 
 The Active Directory Connector provided the following parameters for inbound Synchronization Rules:
 
@@ -56,7 +56,7 @@ The Active Directory Connector provided the following parameters for inbound Syn
 The system provides the following parameter, which is used to get the identifier of the Connector currently running:  
 `Connector.ID`
 
-Here is an example that populates the metaverse attribute domain with the netbios name of the domain where the user is located:  
+Here's an example that populates the metaverse attribute domain with the netbios name of the domain where the user is located:  
 `domain` <- `%Domain.Netbios%`
 
 ### Operators
@@ -68,7 +68,7 @@ The following operators can be used:
 * **Logical**: && (and), || (or)
 * **Evaluation order**: ( )
 
-Operators are evaluated left to right and have the same evaluation priority. That is, the \* (multiplier) is not evaluated before - (subtraction). 2\*(5+3) is not the same as 2\*5+3. The brackets ( ) are used to change the evaluation order when left to right evaluation order isn't appropriate.
+Operators are evaluated left to right and have the same evaluation priority. That is, the \* (multiplier) isn't evaluated before - (subtraction). 2\*(5+3) isn't the same as 2\*5+3. The brackets ( ) are used to change the evaluation order when left to right evaluation order isn't appropriate.
 
 ## Multi-valued attributes
 The functions can operate on both single-valued and multi-valued attributes. For multi-valued attributes, the function operates over every value and applies the same function to every value.

docs/identity/hybrid/connect/concept-azure-ad-connect-sync-declarative-provisioning.md

@@ -9,7 +9,7 @@ ms.assetid: cfbb870d-be7d-47b3-ba01-9e78121f0067
 ms.service: entra-id
 ms.tgt_pltfrm: na
 ms.topic: conceptual
-ms.date: 11/06/2023
+ms.date: 12/05/2024
 ms.subservice: hybrid-connect
 ms.author: billmath