Updates from: 09/06/2021 03:07:25
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory Howto Sspr Reporting https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/howto-sspr-reporting.md
The following list explains this activity in detail:
* [SSPR and MFA usage and insights reporting](./howto-authentication-methods-activity.md) * [How do I complete a successful rollout of SSPR?](howto-sspr-deployment.md) * [Reset or change your password](../user-help/active-directory-passwords-update-your-own-password.md).
-* [Register for self-service password reset](../user-help/active-directory-passwords-reset-register.md).
+* [Register for self-service password reset](https://support.microsoft.com/account-billing/register-the-password-reset-verification-method-for-a-work-or-school-account-47a55d4a-05b0-4f67-9a63-f39a43dbe20a).
* [Do you have a licensing question?](concept-sspr-licensing.md) * [What data is used by SSPR and what data should you populate for your users?](howto-sspr-authenticationdata.md) * [What authentication methods are available to users?](concept-sspr-howitworks.md#authentication-methods)
active-directory Troubleshoot Sspr https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/troubleshoot-sspr.md
Use the following information to understand the problem and what needs to be cor
| SsprNotEnabledInUserPolicy = 11 | We're sorry, you can't reset your password at this time because your administrator has not configured password reset for your organization. There is no further action you can take to resolve this situation. Contact your admin and ask them to configure password reset.<br /><br />To learn more about password reset configuration, see [Quickstart: Azure AD self-service password reset](./tutorial-enable-sspr.md). | SSPR_0011: Your organization has not defined a password reset policy. Please contact your admin and ask them to define a password reset policy. | | UserNotLicensed = 12 | We're sorry, you can't reset your password at this time because required licenses are missing from your organization. There is no further action you can take to resolve this situation. Please contact your admin and ask them to check your license assignment.<br /><br />To learn more about licensing, see [Licensing requirements for Azure AD self-service password reset](./concept-sspr-licensing.md). | SSPR_0012: Your organization does not have the required licenses necessary to perform password reset. Please contact your admin and ask them to review the license assignments. | | UserNotMemberOfScopedAccessGroup = 13 | We're sorry, you can't reset your password at this time because your administrator has not configured your account to use password reset. There is no further action you can take to resolve this situation. Please contact your admin and ask them to configure your account for password reset.<br /><br />To learn more about account configuration for password reset, see [Roll out password reset for users](./howto-sspr-deployment.md). | SSPR_0013: You are not a member of a group enabled for password reset. Contact your admin and request to be added to the group. |
-| UserNotProperlyConfigured = 14 | We're sorry, you can't reset your password at this time because necessary information is missing from your account. There is no further action you can take to resolve this situation. Please contact you admin and ask them to reset your password for you. After you have access to your account again, you need to register the necessary information.<br /><br />To register information, follow the steps in the [Register for self-service password reset](../user-help/active-directory-passwords-reset-register.md) article. | SSPR_0014: Additional security info is needed to reset your password. To proceed, contact your admin and ask them to reset your password. After you have access to your account, you can register additional security info at https://aka.ms/ssprsetup. Your admin can add additional security info to your account by following the steps in [Set and read authentication data for password reset](howto-sspr-authenticationdata.md). |
+| UserNotProperlyConfigured = 14 | We're sorry, you can't reset your password at this time because necessary information is missing from your account. There is no further action you can take to resolve this situation. Please contact you admin and ask them to reset your password for you. After you have access to your account again, you need to register the necessary information.<br /><br />To register information, follow the steps in the [Register for self-service password reset](https://support.microsoft.com/account-billing/register-the-password-reset-verification-method-for-a-work-or-school-account-47a55d4a-05b0-4f67-9a63-f39a43dbe20a) article. | SSPR_0014: Additional security info is needed to reset your password. To proceed, contact your admin and ask them to reset your password. After you have access to your account, you can register additional security info at https://aka.ms/ssprsetup. Your admin can add additional security info to your account by following the steps in [Set and read authentication data for password reset](howto-sspr-authenticationdata.md). |
| OnPremisesAdminActionRequired = 29 | We're sorry, we can't reset your password at this time because of a problem with your organization's password reset configuration. There is no further action you can take to resolve this situation. Please contact your admin and ask them to investigate. <br /><br />Or<br /><br />We cannot reset your password at this time because of a problem with your organization's password reset configuration. There is no further action you can take to resolve this issue. Please contact your admin and ask them to investigate.<br /><br />To learn more about the potential problem, see [Troubleshoot password writeback](troubleshoot-sspr-writeback.md). | SSPR_0029: We are unable to reset your password due to an error in your on-premises configuration. Please contact your admin and ask them to investigate. | | OnPremisesConnectivityError = 30 | We're sorry, we can't reset your password at this time because of connectivity issues to your organization. There is no action to take right now, but the problem might be resolved if you try again later. If the problem persists, please contact your admin and ask them to investigate.<br /><br />To learn more about connectivity issues, see [Troubleshoot password writeback connectivity](troubleshoot-sspr-writeback.md). | SSPR_0030: We can't reset your password due to a poor connection with your on-premises environment. Contact your admin and ask them to investigate.|
active-directory Whats New Archive https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/fundamentals/whats-new-archive.md
User-assigned managed identities are now generally available for Virtual Machine
Users who have registered a mobile app with your organization can now reset their own password by approving a notification from the Microsoft Authenticator app or by entering a code from their mobile app or hardware token.
-For more information, see [How it works: Azure AD self-service password reset](../authentication/concept-sspr-howitworks.md). For more information about the user experience, see [Reset your own work or school password overview](../user-help/active-directory-passwords-reset-register.md).
+For more information, see [How it works: Azure AD self-service password reset](../authentication/concept-sspr-howitworks.md). For more information about the user experience, see [Reset your own work or school password overview](https://support.microsoft.com/account-billing/register-the-password-reset-verification-method-for-a-work-or-school-account-47a55d4a-05b0-4f67-9a63-f39a43dbe20a).
active-directory Active Directory Passwords Reset Register https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/active-directory-passwords-reset-register.md
- Title: Register authentication info to reset your own password - Azure AD
-description: Register your verification method information for Azure AD self-service password reset, so you can reset your own password without administrator help.
--------- Previously updated : 05/28/2020---
-# Register your verification method info to reset your own password
-
-If you forgot your work or school password, never got a password from your organization, or have been locked out of your account, you can use your security info and your mobile device to reset your work or school password.
-
-Your administrator must turn on this feature for you to be able to register your information and reset your own password. If you don't see the **Forgot my password** option, it means that your administrator hasn't turned on the feature for your organization. If you believe this to be incorrect, contact your help desk for assistance.
-
->[!Important]
->This article is intended for users trying to use sign up for self-service password reset. This means that youΓÇÖll be able to reset your own work or school password (such as alain@contoso.com), without requiring your administratorΓÇÖs help. If you're an administrator looking for information about how to turn on self-service password reset for your employees or other users, see the [Deploy Azure AD self-service password reset and other articles](../authentication/howto-sspr-deployment.md).
-
-## Set up your password reset verification method
-
-1. Open the web browser on your device and go to the [security info page](https://account.activedirectory.windowsazure.com/PasswordReset/Register.aspx?regref=ssprsetup).
-
-2. Depending on how your administrator has set up your organization, one or more of the following options will be available for you to set up as your security verification method. If multiple options are available, we strongly recommend that you use more than one as your security verification method, in case one of your methods becomes unavailable.
-
- - **Authentication app.** Choose to use the Microsoft Authenticator app or other authenticator app as your security verification method. For more information about setting up the app, see [Set up the Microsoft Authenticator app as your verification method](security-info-setup-auth-app.md).
-
- - **Text messaging.** Choose to send yourself text messages to your mobile device. For more information about setting up text messaging, see [Set up text messaging as your verification method](security-info-setup-text-msg.md).
-
- - **Phone calls.** Choose to get a phone call to your registered phone number. For more information about setting up phone calls, see [Set up a phone number as your verification method](security-info-setup-phone-number.md).
-
- - **Security key.** Choose to use a Microsoft-compatible security key. For more information, see [Set up a security key as your verification method](security-info-setup-security-key.md).
-
- - **Email address.** Choose to use an alternate email address that can be used without requiring your forgotten or missing password. This only works for password reset, not as a security verification method. For more information about setting up an email address, see [Set up an email address as your verification method](security-info-setup-email.md).
-
- - **Security questions.** Choose to set up and answer pre-defined security questions set up by your administrator. This only works for password reset, not as a security verification method. For more information about security questions, see [Set up security questions as your verification method](security-info-setup-questions.md).
-
-3. After you select and set up your methods, choose **Finish** to complete the process.
-
- > [!Note]
- > Information added for your phone number or email address is not shared with your organization's global directory. The only people that can see this information are you and your administrator. Only you can see the answers to your security questions.
-
-## Common problems and their solutions
-
- Here are some common error cases and their solutions:
-
-| Error message | Possible solution |
-| | | |
-| Please contact your administrator.<br>We've detected that your user account password is not managed by Microsoft. As a result, we are unable to automatically reset your password.<br>Contact your IT staff for any further assistance.| If you get this error message after typing your User ID, it means that your organization internally manages your password and doesn't want you to reset your password from the **Can't access your account** link. To reset your password in this situation, you must contact your organization's help desk or your administrator for help. |
-| Your account is not enabled for password reset.<br>We're sorry, but your IT staff has not set up your account for use with this service.<br>If you'd like, we can contact an administrator in your organization to reset your password for you. | If you get this error message after typing your User ID, it means that either your organization hasn't turned on the password reset feature or you aren't allowed to use it. To reset your password in this situation, you must select the **Contact an administrator** link. After you click the link, an email is sent to your organization's help desk or administrator, letting them know you want to reset your password. |
-| We could not verify your account.<br>If you'd like, we can contact an administrator in your organization to reset your password for you. | If you get this error message after typing your User ID, it means that your organization has turned on password reset and that you can use it, but that you haven't registered for the service. In this situation, you must contact your organization's help desk or administrator to reset your password. For information about to register for password reset after you are back on your device, see the process above in this article. |
-
-## Next steps
--- [Change your password by using self-service password reset](active-directory-passwords-update-your-own-password.md)--- [Security info page](https://mysignins.microsoft.com/security-info)--- [Password reset portal](https://passwordreset.microsoftonline.com/)--- [When you can't sign in to your Microsoft account](https://support.microsoft.com/help/12429/microsoft-account-sign-in-cant)
active-directory Active Directory Passwords Update Your Own Password https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/active-directory-passwords-update-your-own-password.md
- Title: Reset your password using security info - Azure Active Directory | Microsoft Docs
-description: How to reset your own password if you forget it, using your security info and two-step verification.
--------- Previously updated : 09/10/2020---
-# Reset your work or school password using security info
-
-If you forgot your work or school password, never got a password from your organization, or have been locked out of your account, you can use your security info and your mobile device to reset your work or school password. Your administrator must turn on this feature for you to be able to set up your information and [reset your own password](./active-directory-passwords-reset-register.md).
-
-If you know your password and you want to change it, see the [Change your password steps](#how-to-change-your-password) sections of this article.
-
->[!Important]
->This article is intended for users trying to use reset a forgotten or unknown work or school account password. If you're an administrator looking for information about how to turn on self-service password reset for your employees or other users, see the [Deploy Azure AD self-service password reset and other articles](../authentication/howto-sspr-deployment.md).
-
-## How to reset or unlock your password for a work or school account
-
-If you can't access your Azure Active Directory (Azure AD) account, it could be because either:
--- Your password isn't working and you want to reset it, or--- You know your password, but your account is locked out and you need to unlock it.-
-### To reset your password and get back into your account
-
-1. In the **Enter password** screen, select **Forgot my password**.
-
-2. In the **Get back into your account** screen, type your work or school **User ID** (for example, your email address), prove you aren't a robot by entering the characters you see on the screen, and then select **Next**.
-
- ![Get back into your account screen](media/security-info/security-info-back-into-acct.png)
-
- >[!NOTE]
- >If your administrator hasn't turned on the ability for you to reset your own password, you'll see a **Contact your administrator** link instead of the **Get back into your account** screen. This link lets you contact your administrator about resetting your password, through either email or a web portal.
-
-3. Choose one of the following methods to verify your identity and change your password. Depending on how your administrator has set up your organization, you might need to go through this process a second time, adding info for a second verification step.
-
- ![Get back into your account, verification step #1](media/security-info/security-info-back-into-acct2.png)
-
- >[!NOTE]
- >Depending on how your administrator has set up your organization, some of these verification options might not be available. You must have previously set up your mobile device for verification using at least one of these methods.<br><br>Additionally, your new password might need to meet certain strength requirements. Strong passwords typically have 8 to 16 characters, including upper and lowercase characters, at least one number, and at least one special character.
--- **Reset your password using an email address.** Sends an email to the email address you previously set up in two-step verification or security info. If your administrator has turned on the security info experience, you can find more info about setting up an email address in the [Set up security info to use email (preview)](security-info-setup-email.md) article. If you're not yet using security info, you can find more info about setting up an email address in the [Set up my account for two-step verification](multi-factor-authentication-end-user-first-time.md) article. -
- 1. Select **Email my alternate email**, and then select **Email**.
-
- 2. Type the verification code from the email into the box, and then select **Next**.
-
- 3. Type and confirm your new password, and then select **Finish**.
--- **Reset your password using a text message.** Sends a text message to the phone number you previously set up in security info. If your administrator has turned on the security info experience, you can find more info about setting up text messaging in the [Set up security info to use text messaging (preview)](security-info-setup-text-msg.md) article. If you're not yet using security info, you can find more info about setting up text messaging in the [Set up my account for two-step verification](multi-factor-authentication-end-user-first-time.md) article.-
- 1. Select **Text my mobile phone**, type your phone number, and then select **Text**.
-
- 2. Type the verification code from the text message into the box, and then select **Next**.
-
- 3. Type and confirm your new password, and then select **Finish**.
--- **Reset your password using a phone number.** Places an automated voice call to the phone number you previously set up in security info. If your administrator has turned on the security info experience, you can find more info about setting up a phone number in the [Set up security info to use a phone call (preview)](security-info-setup-phone-number.md) article. If you're not yet using security info, you can find more info about setting up a phone number in the [Set up my account for two-step verification](multi-factor-authentication-end-user-first-time.md) article.-
- 1. Select **Call my mobile phone**, type your phone number, and then select **Call**.
-
- 2. Answer the phone call and follow the instructions to verify your identity, and then select **Next**.
-
- 3. Type and confirm your new password, and then select **Finish**.
--- **Reset your password using security questions.** Shows you the list of security questions you set up in security info. If your administrator has turned on the security info experience, you can find more info about setting up your security questions in the [Set up security info to use pre-defined security questions (preview)](security-info-setup-questions.md) article. If you're not yet using security info, you can find more info about setting up security questions in the [Set up my account for two-step verification](multi-factor-authentication-end-user-first-time.md) article.-
- 1. Select **Answer my security questions**, answer the questions, and then select **Next**.
-
- 2. Type and confirm your new password, and then select **Finish**.
--- **Reset your password using a notification from your authenticator app.** Sends an approval notification to the authenticator app. If your administrator has turned on the security info experience, you can find more info about setting up an authenticator app to send a notification in the [Set up security info to use an authentication app (preview)](security-info-setup-auth-app.md) article. If you're not yet using security info, you can find more info about setting up an authenticator app to send a notification in the [Set up my account for two-step verification](multi-factor-authentication-end-user-first-time.md) article.-
- 1. Select **Approve a notification on my authenticator app**, and then select **Send Notification**.
-
- 2. Approve the sign-in from your authenticator app.
-
- 3. Type and confirm your new password, and then select **Finish**.
--- **Reset your password using a code from your authenticator app.** Accepts a random code provided by your authentication app. If your administrator has turned on the security info experience, you can find more info about setting up an authenticator app to provide a code in the [Set up security info to use an authentication app (preview)](security-info-setup-auth-app.md) article. If you're not yet using security info, you can find more info about setting up an authenticator app to provide a code in the [Set up my account for two-step verification](multi-factor-authentication-end-user-first-time.md) article.-
- 1. Select **Enter a code from my authenticator app**, and then select **Send Notification**.
-
- 2. Open your authenticator app, type the verification code for your account into the box, and then select **Next**.
-
- 3. Type and confirm your new password, and then select **Finish**.
-
- 4. After you get the message saying that your password has been reset, you can sign in to your account using your new password.
-
- If you still can't access your account, you should contact your organization's administrator for more help.
-
-After resetting your password, you might get a confirmation email that comes from an account like, "Microsoft on behalf of \<*your_organization*>." If you get a similar email, but you didn't recently reset your password, you must contact your organization's administrator immediately.
-
-## How to change your password
-
-If you just want to change your password, you can do it through the Office 365 portal, the My Apps portal, or the Windows 10 sign-in page.
-
-### To change your password using the Office 365 portal
-
-Use this method if you typically access your apps through the Office portal:
-
-1. Sign in to your [Office 365 account](https://portal.office.com), using your existing password.
-
-2. Select your profile on the upper-right side, and then select **View account**.
-
-3. Select **Security & privacy** > **Password**.
-
-4. Type your old password, create and confirm your new password, and then select **Submit**.
-
-### To change your password from the My Apps portal
-
-Use this method if you typically access your apps from the My Apps portal:
-
-1. Sign in to the [My Apps portal](https://myapps.microsoft.com/), using your existing password.
-
-2. Select your profile on the upper-right side, and then select **Profile**.
-
-3. Select **Change password**.
-
-4. Type your old password, create and confirm your new password, and then select **Submit**.
-
-### To change your password at Windows sign-in
-
-If your administrator turned on the functionality, you can see a link to **Reset password** on your Windows 7, Windows 8, Windows 8.1, or Windows 10 sign-in screen.
-
-1. Select the **Reset password** link to start the password reset process without having to use the normal web-based experience.
-
-2. Confirm your user ID and select **Next**.
-
-3. Select and confirm a contact method for verification. If necessary, choose a second verification option that's different from your previous one, filling in the necessary info.
-
-4. On the **Create a new password** page, type and confirm your new password, and then select **Next**.
-
- Strong passwords typically have 8 to 16 characters, including upper and lowercase characters, at least one number, and at least one special character.
-
-5. After you get the message saying that your password has been reset, you can select **Finish**.
-
- If you still can't access your account, you should contact your organization's administrator for more help.
-
-## Common problems and their solutions
-
-Here are some common error cases and their solutions:
-
-|Problem|Description|Solution|
-| | | |
-|When I try to change my password, I get an error. |Your password has a word, phrase, or pattern that makes your password easily guessable.| Try again using a stronger password.|
-|After I enter my User ID, I go to a page that says, "Please contact your administrator."|Microsoft has determined that your user account password is managed by your administrator in an on-premises environment. As a result, you can't reset your password from the "Can't access your account" link. |Contact your administrator for more help.|
-|After I enter my User ID, I get an error that says, "Your account is not enabled for password reset."|Your administrator hasn't set up your account so you can reset your own password.|Your administrator hasn't turned on password reset for your organization from the "Can't access your account" link, or hasn't licensed you to use the feature.<br><br> To reset your password, you must select the "contact an administrator link" to send an email to your company's administrator, and let them know you want to reset your password.|
-|After I enter my User ID, I get an error that says, "We couldn't verify your account."|The sign-in process was unable to verify your account info.|There are two reasons you could be seeing this message.<br><br>1. Your administrator turned on password reset for your organization, but you haven't registered to use the service. To register for password reset, see one of the following articles, based on your verification method: [Set up security info to use an authenticator app (preview)](security-info-setup-auth-app.md), [Set up security info to use a phone call (preview)](security-info-setup-phone-number.md), [Set up security info to use text messaging (preview)](security-info-setup-text-msg.md), [Set up security info to use email (preview)](security-info-setup-email.md), or [Set up security info to use security questions (preview)](security-info-setup-questions.md).<br><br>2. Your administrator hasn't turned on password reset for your organization. In this situation, you must select the "contact an administrator link" to send an email to your administrator, asking to reset your password.|
-
-## Next steps
--- Learn about security info in the [Security info (preview) overview](./security-info-setup-signin.md) article.--- If you're trying to get back into a personal account like Xbox, hotmail.com, or outlook.com, try the suggestions in the [When you can't sign in to your Microsoft account article](https://support.microsoft.com/help/12429/microsoft-account-sign-in-cant).
active-directory Auth App Android China https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/auth-app-android-china.md
- Title: Microsoft Authenticator availability and limitations for Android in China | Microsoft Docs
-description: Learn about how to get the Microsoft Authenticator app - availability in China
--------- Previously updated : 01/27/2021---
-# Microsoft Authenticator for Android in the public cloud in China
-
-The Microsoft Authenticator app for Android is available for download in China. The Google Play Store isn't available in China, so the app must be downloaded from other Chinese app marketplaces. The Microsoft Authenticator app for Android is currently available in the following stores in China:
--- [Lenovo](https://www.lenovomm.com/appdetail/com.azure.authenticator/20197724)-- [Huawei](https://appgallery.cloud.huawei.com/uowap/https://docsupdatetracker.net/index.html#/detailApp/C100262999?source=appshare&subsource=C100262999&shareTo=weixin&locale=zh_CN)-- [Samsung Galaxy Store](http://apps.samsung.com/appquery/appDetail.as?appId=com.azure.authenticator)-
-The most current build of the app is in the Google Play Store, but we're updating the app on all other app stores as quickly as we can. Because there's no custom Android application package (APK) deployed to any app store, the app can be seamlessly updated from one of the following locations:
--- The store it was downloaded from-- The Google Play Store if the user crosses regions-
-## Limitations
-
-The Microsoft Authenticator app for Android uses GoogleΓÇÖs Firebase Cloud Messaging system and Google Play Services to receive push notifications. Because neither service is available in China, there are some limitations in functionalities of the app:
--- Registration of the Authenticator app as a multi-factor authentication (MFA) method using push notifications doesn't work.--- [Phone sign-in](../authentication/howto-authentication-sms-signin.md) can't be set up. It requires the user to set up the app as an MFA method using push notifications, which currently don't work.-
-If a user has previously managed to set up phone sign-in or multi-factor authentication using the app, they can perform a manual check for notifications requests in the app and use it for identity verification.
-
-## Multi-factor authentication workaround
-
-Instead of using push notifications for multi-factor authentication, users can [set up their Authenticator app to receive verification codes](multi-factor-authentication-setup-auth-app.md#set-up-the-microsoft-authenticator-app-to-use-verification-codes) on their device that they can use for MFA to verify their identity. These verification codes are valid for 30 seconds and to use them, admins must enable their tenant to perform verification using Time-based One-Time Password (TOTP) verification codes.
-
-## Availability
-
-Microsoft Authenticator Feature | Availability in China
-- |
-MFA registration using push notifications | No
-Pre-Existing MFA account verifying identity using push notifications | No
-Pre-Existing MFA account performing manual check for notifications | Yes
-MFA registration/authentication using TOTP/verification codes only | Yes
-Phone Sign-in Registration | No
-Existing Phone Sign-in using push notifications | No
-Existing Phone Sign-in verification by performing manual check for authentication requests | Yes
-Support for the Authenticator app for personal Microsoft accounts | No
-
-## Next steps
--- [Download and install the Microsoft Authenticator app](user-help-auth-app-download-install.md)
active-directory Cross Tenant Switcher https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/cross-tenant-switcher.md
- Title: Switch organizations in My Account, My Apps, My Access and My Staff portals - Azure Active Directory
-description: Switch from one organization to another one in a management portal such as My Account.
------- Previously updated : 10/27/2020-----
-# Switching organizations in a portal
-
-In your account or access portals, such as the **My Account** portal for your organizational accounts, you can switch to other organizations you might work with to manage your account information in those other organizations.
-
-The organization switcher is available in the following portals:
--- [**My Account**](https://myaccount.microsoft.com)-- [**My Apps**](https://myapps.microsoft.com)-- [**My Access**](https://myaccess.microsoft.com)-- [**My Staff**](https://mystaff.microsoft.com)-
-Switching organizations is not available for **My Sign-ins**, **Security info**, or **My Groups**.
-
-## Switch organizations
-
-Here's how to switch to another organization. This example uses the **My Account** portal, but the switcher icon and placement are similar in other portals, too.
-
-1. Sign in to your work or school account, and then open the [My Account](https://myaccount.microsoft.com) page.
-1. Select the organization switcher :::image type="content" source="media/cross-tenant-switcher/switcher-icon.png" alt-text="The icon for the organization switcher"::: at the top of the page, next to your account photo.
-
- :::image type="content" source="media/cross-tenant-switcher/switcher-location.png" alt-text="The menu of organizations you can switch to":::
-
-1. Select the organization to which you would like to switch. You'll automatically be switched to the organization you selected.
-
-If the organization you selected has additional security requirements, you might be prompted to provide an additional piece of security information.
-
-## After switching
-
-After you switch organizations, all portal pages will reflect the organization you selected.
-
-> [!Important]
->The password you use to sign in to your home organization is the one used to sign you in to other organizations. Please be aware that:
->
->- If you're signed in to an organization that isn't your home organization and then select **Password** on the **My Account** Overview page or other places where it appears, you are immediately switched back to your home organization.
->- In the **My Staff** portal, if you switch to another organization, you'll only have access to My Staff if you are enabled for My Staff in that organization.
active-directory Multi Factor Authentication Change Sms Phone https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/multi-factor-authentication-change-sms-phone.md
- Title: Common problems using text message two-step verification - Azure Active Directory | Microsoft Docs
-description: Learn how to set up a different mobile device as your two-factor verification method.
-------- Previously updated : 07/28/2021----
-# Common problems with text message two-step verification
-
-Receiving a verification code in a text message is a common verification method for two-step verification. If you didnΓÇÖt expect to receive a code, or if you received a code on the wrong phone, use the following steps to fix this problem.
-
-> [!Note]
-> If your organization doesn't allow you to receive a text message for verification, you'll need to select another method or contact your administrator for more help.
-
-## If you received the code on the wrong phone
-
-1. Sign in to **My Security Info** to manage your security info.
-
-1. On the **Security info** page, select the phone number that you want to change in your list of registered authentication methods, and then select **Change**.
-
-1. Select your country or region for your new number, and then enter your mobile device phone number.
-
-1. Select **Text me a code to receive text messages for verification**, then select **Next**.
-
-1. Type the verification code from the text message sent from Microsoft when prompted, and then select **Next**.
-
-1. When notified that your phone was registered successfully, select **Done**.
-
-## If you receive a code unexpectedly
-
-### If you already registered your phone number for two-step verification
-
-Receiving an unexpected text message could mean that someone knows your password and is attempting to take over your account. Change your password immediately and notify your organization's administrator about what happened.
-
-### If you never registered your phone number for two-step verification
-
-You can reply to the text message with `STOP` in the body of the text message. This message prevents the provider from sending messages to your phone number in the future. You might need to reply to similar messages with different codes.
-
-However, if you're already using two-step verification, sending this message prevents you from using this phone number to sign in. If you want to begin receiving text messages again, reply to the initial text message with `START` in the body.
-
-## Next steps
--- [Get help with two-step verification](multi-factor-authentication-end-user-troubleshoot.md)-- [Set up a mobile phone as your two-step verification method](multi-factor-authentication-setup-phone-number.md)
active-directory Multi Factor Authentication End User App Passwords https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/multi-factor-authentication-end-user-app-passwords.md
- Title: How to manage app passwords - Azure Active Directory | Microsoft Docs
-description: Learn about app passwords and what they are used for with regard to two-step verification.
--------- Previously updated : 05/28/2020----
-# Manage app passwords for two-step verification
-
-> [!Important]
->Your administrator may not allow you to use app passwords. If you don't see **App passwords** as an option, they're not available in your organization.
-
-When using app passwords, it's important to remember:
--- App passwords are autogenerated, and should be created and entered once per app.--- There's a limit of 40 passwords per user. If you try to create one after that limit, you'll be prompted to delete an existing password before being allowed to create the new one.-
- >[!Note]
- >Office 2013 clients (including Outlook) support new authentication protocols and can be used with two-step verification. This support means that after two-step verification is turned on, you'll no longer need app passwords for Office 2013 clients. For more info, see the [How modern authentication works for Office 2013 and Office 2016 client apps](https://support.office.com/article/how-modern-authentication-works-for-office-2013-and-office-2016-client-apps-e4c45989-4b1a-462e-a81b-2a13191cf517) article.
-
-## Create new app passwords
-
-During your initial two-factor verification registration process, you're provided with a single app password. If you require more than one, you'll have to create them yourself. You can create app passwords from multiple areas, depending on how two-factor verification is set up in your organization. For more information about registering to use two-factor verification with your work or school account, see [Overview for two-factor verification and your work or school account](multi-factor-authentication-end-user-first-time.md) and its related articles.
-
-### Where to create and delete your app passwords
-
-You can create and delete app passwords, based on how you use two-factor verification:
--- **Your organization uses two-factor verification and the Additional security verification page.** If you're using your work or school account (such as, alain@contoso.com) with two-factor verification in your organization, you can manage your app passwords from the [Additional security verification page](https://account.activedirectory.windowsazure.com/Proofup.aspx). For detailed instructions, see [Create and delete app passwords using the Additional security verification page](#create-and-delete-app-passwords-from-the-additional-security-verification-page) in this article.--- **Your organization uses two-factor verification and the Office 365 portal.** If you're using your work or school account (such as, alain@contoso.com), two-factor verification, and Microsoft 365 apps in your organization, you can manage your app passwords from the [Office 365 portal page](https://www.office.com). For detailed instructions, see [Create and delete app passwords using the Office 365 portal](#create-and-delete-app-passwords-using-the-office-365-portal) in this article.--- **You're using two-factor verification with a personal Microsoft account.** If you're using a personal Microsoft account (such as, alain@outlook.com) with two-factor verification, you can manage your app passwords from the [Security basics page](https://account.microsoft.com/security/). For detailed instructions, see [Using app passwords with apps that don't support two-step verification](https://support.microsoft.com/help/12409/microsoft-account-app-passwords-and-two-step-verification).-
-## Create and delete app passwords from the Additional security verification page
-
-You can create and delete app passwords from the **Additional security verification** page for your work or school account.
-
-1. Sign in to the [Additional security verification page](https://account.activedirectory.windowsazure.com/Proofup.aspx), and then select **App passwords**.
-
- ![App passwords page, with the App passwords tab highlighted](media/multi-factor-authentication-end-user-app-passwords/mfa-app-passwords-page.png)
-
-2. Select **Create**, type the name of the app that requires the app password, and then select **Next**.
-
- ![Create app passwords page, with name of app that needs password](media/multi-factor-authentication-end-user-app-passwords/mfa-create-app-password-page.png)
-
-3. Copy the password from the **Your app password** page, and then select **Close**.
-
- ![Your app password page with the password for your specified app](media/multi-factor-authentication-end-user-app-passwords/mfa-your-app-password-page.png)
-
-4. On the **App passwords** page, make sure your app is listed.
-
- ![App passwords page, with new app shown in list](media/multi-factor-authentication-end-user-app-passwords/mfa-app-passwords-page-with-new-password.png)
-
-5. Open the app you created the app password for (for example, Outlook 2010), and then paste the app password when asked for it. You should only have to do this once per app.
-
-### To delete an app password using the App passwords page
-
-1. On the **App passwords** page, select **Delete** next to the app password you want to delete.
-
- ![Screenshot that shows deleting an app password on the App passwords page](media/multi-factor-authentication-end-user-app-passwords/mfa-app-passwords-page-delete.png)
-
-2. Select **Yes** to confirm you want to delete the password, and then select **Close**.
-
- The app password is successfully deleted.
-
-## Create and delete app passwords using the Office 365 portal
-
-If you use two-step verification with your work or school account and your Microsoft 365 apps, you can create and delete your app passwords using the Office 365 portal.
-
-### To create app passwords using the Office 365 portal
-
-1. Sign in to your work or school account, go to the [My account page](https://myaccount.microsoft.com), and select **Security info**.
-
- ![Office portal showing Security info tab](media/multi-factor-authentication-end-user-app-passwords/mfa-security-info.png)
-
-2. Select **Add method**, choose **App password** from the dropdown list, and then click **Add**.
-
- ![Security info page, with the Add a method drowpdown list](media/multi-factor-authentication-end-user-app-passwords/mfa-add-method.png)
-
-3. Enter a name for the app password, and then select **Next**.
-
- ![Create app passwords page, with name of the app password](media/multi-factor-authentication-end-user-app-passwords/mfa-enter-app-password-name.png)
-
-4. Copy the password from the **App password** page, and then select **Done**.
-
- ![App password page with the new app password you created](media/multi-factor-authentication-end-user-app-passwords/mfa-copy-app-password.png)
-
-5. On the **Security info** page, make sure your app password is listed.
-
- ![Security info page, with new app password shown in list](media/multi-factor-authentication-end-user-app-passwords/mfa-verify-app-password.png)
-
-6. Open the app you created the app password for (for example, Outlook 2016), and then paste the app password when asked for it. You should only have to do this once per app.
-
-### To delete app passwords using the Security info page
-
-1. On the **Security info** page, select **Delete** next to the app password you want to delete.
-
- ![Screenshot that shows deleting an app password on the Security info page](media/multi-factor-authentication-end-user-app-passwords/mfa-delete-app-password.png)
-
-2. Select **Ok** in the confirmation box.
-
- The app password is successfully deleted.
-
-## If your app passwords aren't working properly
-
-Make sure you typed your password correctly. If you're sure you entered your password correctly, you can try to sign in again and create a new app password. If neither of those options fix your problem, contact your organization's Help desk so they can delete your existing app passwords, letting you create brand-new ones.
-
-## Next steps
--- [Manage your two-step verification settings](multi-factor-authentication-end-user-manage-settings.md)--- Try out the [Microsoft Authenticator app](user-help-auth-app-download-install.md) to verify your sign-ins with app notifications, instead of receiving texts or calls.
active-directory Multi Factor Authentication End User First Time https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/multi-factor-authentication-end-user-first-time.md
- Title: What is the Additional verification page? - Azure AD
-description: How to get to the Additional security verification page for two-factor verification
-------- Previously updated : 05/28/2020---
-# What is the Additional verification page?
-
-Your organization is taking extra steps to make sure you are who you say you are when you sign in. This extra security verification is also known as two-factor verification. It consists of a combination of your username, password, and a mobile device or phone. If all you want to do is turn off two-factor verification for a Microsoft account such as alain@outlook.com, use the instructions in [Turning two-factor verification on or off for your Microsoft account](https://support.microsoft.com/help/4028586/microsoft-account-turning-two-step-verification-on-or-off).
-
-<center>
-
-![Conceptual authentication methods image](../authentication/media/concept-mfa-howitworks/methods.png)</center>
-
-Two-factor verification is more secure than just a password because it relies on two forms of authentication:
--- Something you know, like your password.-- Something you have, like a phone or other device that you carry.-
-Two-factor verification can help stop malicious hackers from pretending to be you. Even if they have your password, the odds are that they don't have your device, too.
-
->[!Important]
->If you're an administrator looking for information about how to turn on two-factor verification for your employees or other users, see the [Azure Active Directory Authentication documentation](../authentication/index.yml). This article is intended for users trying to use two-factor verification with a work or school account (such as alain@contoso.com).
-
-## Who decides if you use this feature?
-
-Who decides whether you use two-factor verification depends on what type of account you have:
--- **Work or school account.** If you're using a work or school account (such as alain@contoso.com), it's up to your organization whether you use two-factor verification, along with the specific verification methods. Because your organization has decided you must use this feature, there's no way for you to individually turn it off.--- **Personal Microsoft account.** You can choose to set up two-factor verification for your personal Microsoft accounts (such as alain@outlook.com). You can turn it on or off whenever you want, using the simple instructions in [Turning two-factor verification on or off for your Microsoft account](https://support.microsoft.com/help/4028586/microsoft-account-turning-two-step-verification-on-or-off).-
- >[!Note]
- >If you're having other problems with two-factor verification and one of your personal Microsoft accounts, there are more suggestions in [How to use two-step verification with your Microsoft account](https://support.microsoft.com/help/12408/microsoft-account-how-to-use-two-step-verification).
-
-## Open the Additional security verification page
-
-After your organization turns on two-factor verification, every time you sign in youΓÇÖll get a prompt telling you to provide more information to help keep your account secure.
-
-![More info required prompt](media/multi-factor-authentication-verification-methods/multi-factor-authentication-initial-prompt.png)
-
-### To access the Additional security verification page
-
-1. Select **Next** from the **More information required** prompt.
-
- The **Additional security verification** page appears.
-
-2. On the **Additional security verification** page, select the two-factor verification method to use to verify you are who you say you are when you sign into your work or school account. You can select:
-
- | Contact method | Description |
- | | |
- | Mobile app | <ul><li>**Receive notifications for verification.** This option pushes a notification to the authenticator app on your smartphone or tablet. View the notification and, if it is legitimate, select **Authenticate** in the app. Your work or school may require that you enter a PIN before you authenticate.</li><li>**Use verification code.** In this mode, the app generates a verification code that updates every 30 seconds. Enter the most current verification code in the sign-in screen.<br>The Microsoft Authenticator app is available for [Android](https://go.microsoft.com/fwlink/?linkid=866594) and [iOS](https://go.microsoft.com/fwlink/?linkid=866594).</li></ul> |
- | Authentication phone | <ul><li>**Phone call** places an automated voice call to the phone number you provide. Answer the call and press the pound key (#) on the phone keypad to authenticate.</li><li>**Text message** ends a text message containing a verification code. Following the prompt in the text, either reply to the text message or enter the verification code provided into the sign-in interface.</li></ul> |
- | Office phone | Places an automated voice call to the phone number you provide. Answer the call and press the pound key (#) on the phone keypad to authenticate. |
-
-## Next steps
-
-After you've selected a two-factor verification method on the **Additional security verification** page, you must set it up:
--- [Set up your mobile device as your verification method](multi-factor-authentication-setup-phone-number.md)--- [Set up your office phone as your verification method](multi-factor-authentication-setup-office-phone.md)--- [Set up the Microsoft Authenticator app as your verification method](multi-factor-authentication-setup-auth-app.md)-
-## Related resources
--- [Sign-in using two-factor verification](multi-factor-authentication-end-user-signin.md)--- [Get help with two-factor verification](multi-factor-authentication-end-user-troubleshoot.md)
active-directory Multi Factor Authentication End User Manage Settings https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/multi-factor-authentication-end-user-manage-settings.md
- Title: Change your two-factor verification method and settings - Azure Active Directory
-description: Learn how to change the security verification method and settings for your work or school account, from the Additional security verification page.
--------- Previously updated : 07/06/2020---
-# Change your two-factor verification method and settings
-
-After you set up your security verification methods for your work or school account, you can update any of the related details, including:
--- Default security verification method--- Security verification method details, like your phone number--- Authenticator app setup or deleting a device from the authenticator app-
-## Using the Additional security verification page
-
-If your organization provided you with specific steps about how to turn on and manage your two-factor verification, you should follow those instructions first. Otherwise, you can get to your security verification method settings from the [Additional security verification](./multi-factor-authentication-end-user-first-time.md) page.
-
->[!Note]
->If what you're seeing on your screen doesn't match what's being covered in this article, it means that either your administrator has turned on the **Security info (preview)** experience or that your organization has provided your own custom portal. For more information about the new security info experience, see [Security info (preview) overview](./security-info-setup-signin.md). For more information about your organization's custom portal, you must contact your organization's Help desk.
-
-### To get to the Additional security verification page
-
-You can follow this link to the [Additional security verification page](https://account.activedirectory.windowsazure.com/proofup.aspx?proofup=1).
-
-![Additional security verification page, with the available security verification method details](./media/multi-factor-authentication-end-user-manage-settings/mfa-security-verification-page.png)
-
-You can also get to the **Additional security verification** page by following these steps:
-
-1. Sign in to [https://myapps.microsoft.com](https://myapps.microsoft.com).
-
-1. Select your account name in the top right, then select **profile**.
-
-1. Select **Additional security verification**.
-
- ![My Apps link to the Additional security verification page](./media/multi-factor-authentication-end-user-manage-settings/mfa-myapps-link.png)
-
->[!Note]
->For information about using the **App passwords** section of **Additional security verification** page, see [Manage app passwords for two-factor verification](multi-factor-authentication-end-user-app-passwords.md). App passwords should be used only for apps that don't support two-factor verification.
-
-## Change your default security verification method
-
-After you sign in to your work or school account with your user name and password, you'll automatically be presented with your chosen security verification method. Depending on your organization's requirements, this can be a notification or verification code through an authenticator app, a text message, or a phone call.
-
-If you decide that you want to change the default security verification method you're using, you can do it from here.
-
-### To change your default security verification method
-
-1. From the **Additional security verification** page, select the method to use from the **What's your preferred option** list. You'll see all of the options, but you can select only the ones that are made available to you by your organization.
-
- - **Notify me through app**: You'll be notified through your authenticator app that you have a waiting verification prompt.
-
- - **Call my authentication phone**: You'll get a phone call on your mobile device, asking you to verify your information.
-
- - **Text code to my authentication phone**: You'll get a verification code as part of a text message on your mobile device. You must enter this code into the verification prompt for your work or school account.
-
- - **Call my office phone**: You'll get a phone call on your office phone, asking you to verify your information.
-
- - **Use verification code from app**: You'll use your authenticator app to get a verification code you'll type into the prompt from your work or school account.
-
-2. Select **Save**.
-
-## Add or change your phone number
-
-You can add new phone numbers, or update existing numbers, from the **Additional security verification** page.
-
->[!Important]
->We strongly recommend that you add a secondary phone number to help prevent being locked out of your account if your primary phone is lost or stolen, or if you get a new phone and no longer have your original, primary phone number.
-
-### To change your phone numbers
-
-1. From the **How would you like to respond?** section of the **Additional security verification** page, update the phone number information for your **Authentication phone** (your primary mobile device) and your **Office phone**.
-
-1. Select the box next to the **Alternate authentication phone** option, and then type in a secondary phone number where you can receive phone calls if you can't access your primary device.
-
-1. Select **Save**.
-
-## Add a new account to the Microsoft authenticator app
-
-You can set up your work or school account on the Microsoft Authenticator app for [Android](https://play.google.com/store/apps/details?id=com.azure.authenticator) or [iOS](https://apps.apple.com/app/microsoft-authenticator/id983156458).
-
-If you already set up your work or school account in the Microsoft Authenticator app, you don't need to do it again.
-
-1. From the **How would you like to respond?** section of the **Additional security verification** page, select **Set up Authenticator app**.
-
- ![Set up your work or school account in the Microsoft Authenticator app](./media/multi-factor-authentication-end-user-manage-settings/mfa-security-verification-page-auth-app.png)
-
-1. Follow the on-screen instructions, including using your mobile device to scan the QR code, and then select **Next**.
-
- You'll be asked to approve a notification through the Microsoft Authenticator app, to verify your information.
-
-1. Select **Save**.
-
-## Delete your account or device from the Microsoft Authenticator app
-
-You can delete your account from the Microsoft Authenticator app, and you can delete your device from your work or school account. Typically you delete your device to permanently remove a lost, stolen, or old device from your account, and you delete your account to try to fix some connection issues or to address an account change, such as a new user name.
-
-### To delete your device from your work or school account
-
-1. From the **How would you like to respond?** section of the **Additional security verification** page, select the **Set up Authenticator app** button.
-
-1. Select **Save**.
-
-### To delete your account from the Microsoft Authenticator app
-
-From the Microsoft Authenticator app, select the **Delete** button next to the device you want to delete.
-
-## Turn on two-factor verification prompts on a trusted device
-
-Depending on your organization settings, you may see a check box that says **Don't ask again for X days** when you perform two-factor verification on your browser. If you've selected this option to stop two-factor verification prompts, and then you lose your device or your device is potentially compromised, you should turn two-factor verification prompts back on to help protect your account. You must turn the prompts on for all of your devices at the same time. Unfortunately, you can't turn the prompts back on for only a specific device.
-
-### To turn two-factor verification prompts back on for your devices
-
-From the [**Additional security verification** page](#to-get-to-the-additional-security-verification-page), select **Restore multi-factor authentication on previously trusted devices**. The next time you sign in on any device, you'll be prompted to perform two-factor verification.
-
-## Next steps
-
-After you add or update your two-factor verification settings, you can manage your app passwords, sign in, or get help with some common two-factor verification-related problems.
--- [Manage app passwords for two-factor verification](multi-factor-authentication-end-user-app-passwords.md) for any apps that don't support two-factor verification.--- [How to sign in using two-factor verification](multi-factor-authentication-end-user-signin.md)--- [Solve common problems with two-factor verification](multi-factor-authentication-end-user-troubleshoot.md)
active-directory Multi Factor Authentication End User Signin https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/multi-factor-authentication-end-user-signin.md
- Title: Sign in using authentication with a work or school account - Azure AD
-description: Learn how to sign in to your work or school account using the various two-factor verification methods.
-------- Previously updated : 04/02/2017-----
-# Sign in to your work or school account using your two-factor verification method
-
-> [!NOTE]
-> The purpose of this article is to walk through a typical sign-in experience. For help with signing in, or to troubleshoot problems, see [Having trouble with Azure AD Multi-Factor Authentication](multi-factor-authentication-end-user-troubleshoot.md).
-
-## What will your sign-in experience be?
-Your sign-in experience differs depending on what you choose to use as your second factor: a phone call, an authentication app, or texts. Choose the option that best describes what you are doing:
-
-| How do you sign in? |
-| |
-| [With a phone call to my mobile or office phone](#signing-in-with-a-phone-call) |
-| [With a text to my mobile phone](#signing-in-with-a-text-message)
-| [With notifications from the Microsoft Authenticator app](#to-sign-in-with-a-notification-from-the-microsoft-authenticator-app) |
-| With verification codes from the Microsoft Authenticator app |
-| [With an alternate method, because I can't use my preferred method right now](#signing-in-with-an-alternate-method) |
-
-## Signing in with a phone call
-The following information describes the two-step verification experience with a call to your mobile or office phone.
-
-1. Sign in to an application or service such as Microsoft 365 using your username and password.
-2. Microsoft calls you.
-3. Answer the phone and hit the # key.
-
-## Signing in with a text message
-The following information describes the two-step verification experience with a text message to your mobile phone:
-
-1. Sign in to an application or service such as Microsoft 365 using your username and password.
-2. Microsoft sends you a text message that contains a number code.
-3. Enter the code in the box provided on the sign-in page.
-
-## Signing in with the Microsoft Authenticator app
-The following information describes the experience of using the Microsoft Authenticator app for two-step verifications. There are two different ways to use the app. You can receive push notifications on your device, or you can open the app to get a verification code.
-
-### To sign in with a notification from the Microsoft Authenticator app
-1. Sign in to an application or service such as Microsoft 365 using your username and password.
-2. Microsoft sends a notification to the Microsoft Authenticator app on your device.
-
- ![Microsoft sends notification](./media/multi-factor-authentication-end-user-signin/notify.png)
-
-3. Open the notification on your phone and select the **Verify** key. If your company requires a PIN, enter it here.
-4. You should now be signed in.
-
-### To sign in using a verification code with the Microsoft Authenticator app
-
-If you use the Microsoft Authenticator app to get verification codes, then when you open the app you see a number under your account name. This number changes every 30 seconds so that you don't use the same number twice. When you're asked for a verification code, open the app and use whatever number is currently displayed.
-
-1. Sign in to an application or service such as Microsoft 365 using your username and password.
-2. Microsoft prompts you for a verification code.
-
- ![Enter verification code](./media/multi-factor-authentication-end-user-signin/verify3.png)
-
-3. Open the Microsoft Authenticator app on your phone and enter the code in the box where you are signing in.
-
-## Signing in with an alternate method
-Sometimes you don't have the phone or device that you set up as your preferred verification method. This situation is why we recommend that you set up backup methods for your account. The following section shows you how to sign in with an alternate method when your primary method may not be available.
-
-1. Sign in to an application or service such as Microsoft 365 using your username and password.
-2. Select **Use a different verification option**. You see different verification options based on how many you have setup.
-3. Choose an alternate method and sign in.
-
- ![Use alternate method](./media/multi-factor-authentication-end-user-signin/alt.png)
-
-## Next steps
-- If you have problems signing in with two-step verification, get more information at [Having trouble with Azure AD Multi-Factor Authentication](multi-factor-authentication-end-user-troubleshoot.md).--- Learn how to [Manage your two-step verification settings](multi-factor-authentication-end-user-manage-settings.md).--- Find out how to [Get started with the Microsoft Authenticator app](user-help-auth-app-download-install.md) so that you can use notifications to sign in, instead of texts and phone calls.
active-directory Multi Factor Authentication End User Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/multi-factor-authentication-end-user-troubleshoot.md
- Title: Common problems with account two factor authentication - Azure AD
-description: Solutions for some of the more common two-factor verification problems and your work or school account.
-------- Previously updated : 09/01/2020-----
-# Common problems with two-factor verification and your work or school account
-
-There are some common two-factor verification problems that seem to happen more frequently than any of us would like. We've put together this article to describe fixes for the most common problems.
-
-Your Azure Active Directory (Azure AD) organization can turn on two-factor verification for your account. When two-factor verification is on, your account sign-in requires a combination of the following data:
--- Your user name-- Your password-- A mobile device or phone-
-Two-factor verification is more secure than just a password, because two-factor verification requires something you _know_ plus something you _have_. No hacker has your physical phone.
-
->[!Important]
->If you're an administrator, you can find more information about how to set up and manage your Azure AD environment in the [Azure AD documentation](../index.yml).
-
-This content can help you with your work or school account, which is the account provided to you by your organization (for example, dritan@contoso.com). If you're having problems with two-factor verification on a personal Microsoft account, which is an account that you set up for yourself (for example, danielle@outlook.com), see [Turning two-factor verification on or off for your Microsoft account](https://support.microsoft.com/help/4028586/microsoft-account-turning-two-step-verification-on-or-off).
-
-## I don't have my mobile device with me
-
-It happens. You left your mobile device at home, and now you can't use your phone to verify who you are. Maybe you previously added an alternative method to sign in to your account, such as through your office phone. If so, you can use this alternative method now. If you never added an alternative verification method, you can contact your organization's Help desk for assistance.
-
-### To sign in to your work or school account using another verification method
-
-1. Sign in to your account but select the **Sign in another way** link on the **Two-factor verification** page.
-
- ![Change sign in verification method](./media/multi-factor-authentication-end-user-troubleshoot/two-factor-auth-signin-another-way.png)
-
- If you don't see the **Sign in another way** link, it means that you haven't set up any other verification methods. You'll have to contact your administrator for help signing into your account.
-
-2. Choose your alternative verification method, and continue with the two-factor verification process.
-
-## I can't turn two-factor verification off
--- If you're using two-factor verification with a personal account for a Microsoft service, like alain@outlook.com, you can [turn the feature on and off](https://account.live.com/proofs/Manage).--- If you're using two-factor verification with your work or school account, it most likely means that your organization has decided you must use this added security feature. There is no way for you to individually turn it off.-
-If you can't turn off two-factor verification, it could also be because of the security defaults that have been applied at the organization level. For more information about security defaults, see [What are security defaults?](../fundamentals/concept-fundamentals-security-defaults.md)
-
-## My device was lost or stolen
-
-If you've lost or had your mobile device stolen, you can take either of the following actions:
--- Sign in using a different method.-- Ask your organization's Help desk to clear your settings.-
-We strongly recommend letting your organization's Help desk know if your phone was lost or stolen. The Help desk can make the appropriate updates to your account. After your settings are cleared, you'll be prompted to [register for two-factor verification](multi-factor-authentication-end-user-first-time.md) the next time you sign in.
-
-## I'm not receiving the verification code sent to my mobile device
-
-Not receiving your verification code is a common problem. The problem is typically related to your mobile device and its settings. Here are some actions you can try.
-
-Try this | Guidance info
- |
-Use the Microsoft authenticator app or Verification codes | You are getting ΓÇ£You've hit our limit on verification callsΓÇ¥ or ΓÇ£YouΓÇÖve hit our limit on text verification codesΓÇ¥ error messages during sign-in. <br/><br/>Microsoft may limit repeated authentication attempts that are perform by the same user in a short period of time. This limitation does not apply to the Microsoft Authenticator or verification code. If you have hit these limits, you can use the Authenticator App, verification code or try to sign in again in a few minutes. <br/><br/> You are getting "Sorry, we're having trouble verifying your account" error message during sign-in. <br/><br/> Microsoft may limit or block voice or SMS authentication attempts that are performed by the same user, phone number, or organization due to high number of failed voice or SMS authentication attempts. If you are experiencing this error, you can try another method, such as Authenticator App or verification code, or reach out to your admin for support.
-Restart your mobile device | Sometimes your device just needs a refresh. When you restart your device, all background processes and services are ended. The restart also shuts down the core components of your device. Any service or component is refreshed when you restart your device.
-Verify your security information is correct | Make sure your security verification method information is accurate, especially your phone numbers. If you put in the wrong phone number, all of your alerts will go to that incorrect number. Fortunately, that user won't be able to do anything with the alerts, but it also won't help you sign in to your account. To make sure your information is correct, see the instructions in the [Manage your two-factor verification method settings](multi-factor-authentication-end-user-manage-settings.md) article.
-Verify your notifications are turned on | Make sure your mobile device has notifications turned on. Ensure the following notification modes are allowed: <br/><br/> &bull; Phone calls <br/> &bull; Your authentication app <br/> &bull; Your text messaging app <br/><br/> Ensure these modes create an alert that is _visible_ on your device.
-Make sure you have a device signal and Internet connection | Make sure your phone calls and text messages are getting through to your mobile device. Have a friend call you and send you a text message to make sure you receive both. If you don't receive the call or text, first check to make sure your mobile device is turned on. If your device is turned on, but you're still not receiving the call or text, there's probably a problem with your network. You'll need to talk to your provider. If you often have signal-related problems, we recommend you install and use the [Microsoft Authenticator app](user-help-auth-app-download-install.md) on your mobile device. The authenticator app can generate random security codes for sign-in, without requiring any cell signal or Internet connection.
-Turn off Do not disturb | Make sure you haven't turned on the **Do not disturb** feature for your mobile device. When this feature is turned on, notifications aren't allowed to alert you on your mobile device. Refer to your mobile device's manual for instructions about how to turn off this feature.
-Unblock phone numbers | In the United States, voice calls from Microsoft come from the following numbers: +1 (866) 539 4191, +1 (855) 330 8653, and +1 (877) 668 6536.
-Check your battery-related settings | If you set your battery optimization to stop less frequently used apps from remaining active in the background, your notification system has probably been affected. Try turning off battery optimization for both your authentication app and your messaging app. Then try to sign in to your account again.
-Disable third-party security apps | Some phone security apps block text messages and phone calls from annoying unknown callers. A security app might prevent your phone from receiving the verification code. Try disabling any third-party security apps on your phone, and then request that another verification code be sent.
-
-## I'm not being prompted for my second verification information
-
-You sign in to your work or school account by using your user name and password. Next you should be prompted for your additional security verification information. If you are not prompted, maybe you haven't yet set up your device. Your mobile device must be set up to work with your specific additional security verification method.
-
-Maybe you haven't set up your device yet. Your mobile device has to be set up to work with your specific additional security verification method. For the steps to make your mobile device available to use with your verification method, see [Manage your two-factor verification method settings](multi-factor-authentication-end-user-manage-settings.md). If you know that you haven't set up your device or your account yet, you can follow the steps in the [Set up my account for two-step verification](multi-factor-authentication-end-user-first-time.md) article.
-
-## I have a new phone number and I want to add it
-
-If you have a new phone number, you'll need to update your security verification method details. This enables your verification prompts to go to the right location. To update your verification method, follow the steps in the **Add or change your phone number** section of the [Manage your two-factor verification method settings](multi-factor-authentication-end-user-manage-settings.md#add-or-change-your-phone-number) article.
-
-## I have a new mobile device and I want to add it
-
-If you have a new mobile device, you'll need to set it up to work with two-factor verification. This is a multi-step solution:
-
-1. Set up your device to work with your account by following the steps in the [Set up my account for two-step verification](multi-factor-authentication-end-user-first-time.md) article.
-
-1. Update your account and device information in the **Additional security verification** page. Perform the update by deleting your old device and adding your new one. For more information, see the [Manage your two-factor verification method settings](multi-factor-authentication-end-user-manage-settings.md) article.
-
-Optional steps:
--- Install the Microsoft Authenticator app on your mobile device by following the steps in the [Download and install the Microsoft Authenticator app](user-help-auth-app-download-install.md) article.--- Turn on two-factor verification for your trusted devices by following the steps in the **Turn on two-factor verification prompts on a trusted device** section of the [Manage your two-factor verification method settings](multi-factor-authentication-end-user-manage-settings.md#turn-on-two-factor-verification-prompts-on-a-trusted-device) article.-
-## I'm having problems signing in on my mobile device while traveling
-
-You might find it more difficult to use a mobile device-related verification method, like a text messaging, while you're in an international location. It's also possible that your mobile device can cause you to incur roaming charges. For this situation, we recommend you use the Microsoft Authenticator app, with the option to connect to a Wi-Fi hot spot. For more information about how to set up the Microsoft Authenticator app on your mobile device, see the [Download and install the Microsoft Authenticator app](user-help-auth-app-download-install.md) article.
-
-## I can't get my app passwords to work
-
-App passwords replace your normal password for older desktop applications that don't support two-factor verification. First, make sure you typed the password correctly. If that doesn't fix it, try creating a new app password for the app. Do this by following the steps in the **Create and delete app passwords using the My Apps portal** section of the [Manage app passwords for two-step verification](multi-factor-authentication-end-user-app-passwords.md#create-and-delete-app-passwords-from-the-additional-security-verification-page) article.
-
-## I can't turn off two-factor verification
-
-If you're using two-factor verification with your work or school account (for example, alain@contoso.com), it most likely means that your organization has decided you must use this added security feature. Because your organization has decided you must use this feature, there is no way for you to individually turn it off. If, however, you're using two-factor verification with a personal account, like alain@outlook.com, you have the ability to turn the feature on and off. For instructions about how to control two-factor verification for your personal accounts, see [Turning two-factor verification on or off for your Microsoft account](https://support.microsoft.com/help/4028586/microsoft-account-turning-two-step-verification-on-or-off).
-
-If you can't turn off two-factor verification, it could also be because of the security defaults that have been applied at the organization level. For more information about security defaults, see [What are security defaults?](../fundamentals/concept-fundamentals-security-defaults.md)
-
-## I didn't find an answer to my problem
-
-If you've tried these steps but are still running into problems, contact your organization's Help desk for assistance.
-
-## Related articles
--- [Manage your two-factor verification method settings](multi-factor-authentication-end-user-manage-settings.md)--- [Set up my account for two-step verification](multi-factor-authentication-end-user-first-time.md)--- [Microsoft Authenticator app FAQ](user-help-auth-app-faq.md)
active-directory Multi Factor Authentication Setup Auth App https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/multi-factor-authentication-setup-auth-app.md
- Title: Set up an authenticator app as your two-factor verification method - Azure Active Directory | Microsoft Docs
-description: Learn how to set up the Microsoft Authenticator app as your two-factor verification method.
-------- Previously updated : 08/12/2019---
-# Set up an authenticator app as your two-factor verification method
-
-You can set up an authenticator app to send a notification to your mobile device or to send you a verification code as your security verification method. You aren't required to use the Microsoft Authenticator app, and you can select a different app during the set up process. However, this article uses the Microsoft Authenticator app.
-
->[!Important]
->Before you can add your account, you must download and install the Microsoft Authenticator app. If you haven't done that yet, follow the steps in the [Download and install the app](user-help-auth-app-download-install.md) article.
-
->[!Note]
-> If the Mobile app option is greyed out, it's possible that your organization doesn't allow you to use an authentication app for verification. In this case, you'll need to select another method or contact your administrator for more help.
-
-## Set up the Microsoft Authenticator app to send notifications
-
-1. On the [Additional security verification page](https://account.activedirectory.windowsazure.com/proofup.aspx?proofup=1), select **Mobile app** from the **Step 1: How should we contact you** area.
-
-2. Select **Receive notifications for verification** from the **How do you want to use the mobile app** area, and then select **Set up**.
-
- ![Screenshot that shows the "Additional security verification" page, with "Mobile app" and "Receive notifications for verification" selected.](media/multi-factor-authentication-verification-methods/multi-factor-authentication-auth-app-notification.png)
-
- The **Configure mobile app** page appears.
-
- ![Screen that provides the QR code](media/multi-factor-authentication-verification-methods/multi-factor-authentication-auth-app-barcode.png)
-
-3. Open the Microsoft Authenticator app, select **Add account** from the **Customize and control** icon in the upper-right, and then select **Work or school account**.
-
- >[!Note]
- >If this is the first time you're setting up the Microsoft Authenticator app, you might receive a prompt asking whether to allow the app to access your camera (iOS) or to allow the app to take pictures and record video (Android). You must select **Allow** so the authenticator app can access your camera to take a picture of the QR code in the next step. If you don't allow the camera, you can still set up the authenticator app, but you'll need to add the code information manually. For information about how to add the code manually, see see [Manually add an account to the app](user-help-auth-app-add-account-manual.md).
-
-4. Use your device's camera to scan the QR code from the **Configure mobile app** screen on your computer, and then choose **Next**.
-
-5. Return to your computer and the **Additional security verification** page, make sure you get the message that says your configuration was successful, and then select **Next**.
-
- ![Screenshot that shows the "Additional security verification" page, with the "Mobile app has been configured..." success message highlighted.](media/multi-factor-authentication-verification-methods/multi-factor-authentication-auth-app-notification-confirm.png)
-
- The authenticator app will send a notification to your mobile device as a test.
-
-6. On your mobile device, select **Approve**.
-
-7. On your computer, add your mobile device phone number to the **Step 3: In case you lose access to the mobile app** area, and then select **Next**.
-
- We strongly suggest adding your mobile device phone number to act as a backup if you're unable to access or use the mobile app for any reason.
-
-8. From the **Step 4: Keep using your existing applications** area, copy the provided app password and paste it somewhere safe.
-
- ![App passwords area of the Additional security verification page](media/multi-factor-authentication-verification-methods/multi-factor-authentication-app-passwords.png)
-
- >[!Note]
- >For information about how to use the app password with your older apps, see [Manage app passwords](multi-factor-authentication-end-user-app-passwords.md). You only need to use app passwords if you're continuing to use older apps that don't support two-factor verification.
-
-9. Select **Done**.
-
-## Set up the Microsoft Authenticator app to use verification codes
-
-1. On the **Additional security verification** page, select **Mobile app** from the **Step 1: How should we contact you** area.
-
-2. Select **Use verification code** from the **How do you want to use the mobile app** area, and then select **Set up**.
-
- ![Additional security verification page, with mobile app and notifications option](media/multi-factor-authentication-verification-methods/multi-factor-authentication-auth-app-verification-code.png)
-
- The **Configure mobile app** page appears.
-
- ![Screen that provides the QR code](media/multi-factor-authentication-verification-methods/multi-factor-authentication-auth-app-barcode.png)
-
-3. Open the Microsoft Authenticator app, select **Add account** from the **Customize and control** icon in the upper-right, and then select **Work or school account**.
-
- >[!Note]
- >If this is the first time you're setting up the Microsoft Authenticator app, you might receive a prompt asking whether to allow the app to access your camera (iOS) or to allow the app to take pictures and record video (Android). You must select **Allow** so the authenticator app can access your camera to take a picture of the QR code in the next step. If you don't allow the camera, you can still set up the authenticator app, but you'll need to add the code information manually. For information about how to add the code manually, see see [Manually add an account to the app](user-help-auth-app-add-account-manual.md).
-
-4. Use your device's camera to scan the QR code from the **Configure mobile app** screen on your computer, and then choose **Next**.
-
-5. Return to your computer and the **Additional security verification** page, make sure you get the message that says your configuration was successful, and then select **Next**.
-
- ![Additional security verification page, with success message](media/multi-factor-authentication-verification-methods/multi-factor-authentication-auth-app-verification-confirm.png)
-
- The authenticator app will ask for a verification code as a test.
-
-6. From the Microsoft Authenticator app, scroll down to your work or school account, copy and paste the 6-digit code from the app into the **Step 2: Enter the verification code from the mobile app** box on your computer, and then select **Verify**.
-
- ![Additional security verification page, with verification code test](media/multi-factor-authentication-verification-methods/multi-factor-authentication-auth-app-verification-test.png)
-
-7. On your computer, add your mobile device phone number to the **Step 3: In case you lose access to the mobile app** area, and then select **Next**.
-
- We strongly suggest adding your mobile device phone number to act as a backup if you're unable to access or use the mobile app for any reason.
-
-8. From the **Step 4: Keep using your existing applications** area, copy the provided app password and paste it somewhere safe.
-
- ![App passwords area of the Additional security verification page](media/multi-factor-authentication-verification-methods/multi-factor-authentication-app-passwords.png)
-
- >[!Note]
- >For information about how to use the app password with your older apps, see [Manage app passwords](multi-factor-authentication-end-user-app-passwords.md). You only need to use app passwords if you're continuing to use older apps that don't support two-factor verification.
-
-9. Select **Done**.
-
-## Next steps
-
-After you've set up your two-factor verification method, you can add additional methods, manage your settings and app passwords, sign-in, or get help with some common two-factor verification-related problems.
--- [Manage your two-factor verification method settings](multi-factor-authentication-end-user-manage-settings.md)--- [Manage app passwords](multi-factor-authentication-end-user-app-passwords.md)--- [Sign-in using two-factor verification](multi-factor-authentication-end-user-signin.md)--- [Get help with two-factor verification](multi-factor-authentication-end-user-troubleshoot.md)
active-directory Multi Factor Authentication Setup Office Phone https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/multi-factor-authentication-setup-office-phone.md
- Title: Set up an office phone as your two-factor verification method - Azure Active Directory | Microsoft Docs
-description: Learn how to set up an office phone as your two-factor verification method.
-------- Previously updated : 08/12/2019---
-# Set up an office phone as your two-factor verification method
-
-You can set up your office phone to act as your two-factor verification method.
-
-> [!Note]
-> If the **Office phone** option isn't available to select, it's possible that your organization doesn't allow you to use an office phone number for verification. In this case, you'll need to select another method or contact your administrator for more help.
->
-> Combined Registration users won't see an option to use an extension with the **Office phone** option.
-
-## Set up your office phone number as your verification method
-
-1. On the **Additional security verification** page, select **Office phone** from the **Step 1: How should we contact you** area, select your country or region from the drop-down list, type your office phone number, and then type your extension, if you have one.
-
- ![Additional security verification page, with authentication phone and phone call](media/multi-factor-authentication-verification-methods/multi-factor-authentication-office-phone.png)
-
-2. You'll receive a phone call from Microsoft, asking you press the pound (#) sign on your office phone to verify your identity.
-
- ![Testing the specified phone number](media/multi-factor-authentication-verification-methods/multi-factor-authentication-office-phone-test.png)
-
-3. From the **Step 3: Keep using your existing applications** area, copy the provided app password and paste it somewhere safe.
-
- ![App passwords area of the Additional security verification page](media/multi-factor-authentication-verification-methods/multi-factor-authentication-app-passwords.png)
-
- >[!Note]
- >For information about how to use the app password with your older apps, see [Manage app passwords](multi-factor-authentication-end-user-app-passwords.md). You only need to use app passwords if you're continuing to use older apps that don't support two-factor verification.
-
-4. Select **Done**.
-
-## Next steps
-
-After you've set up your two-factor verification method, you can add additional methods, manage your settings and app passwords, sign-in, or get help with some common two-factor verification-related problems.
--- [Manage your two-factor verification method settings](multi-factor-authentication-end-user-manage-settings.md)--- [Manage app passwords](multi-factor-authentication-end-user-app-passwords.md)--- [Sign-in using two-factor verification](multi-factor-authentication-end-user-signin.md)--- [Get help with two-factor verification](multi-factor-authentication-end-user-troubleshoot.md)
active-directory Multi Factor Authentication Setup Phone Number https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/multi-factor-authentication-setup-phone-number.md
- Title: Set up a mobile device as your two-step verification method - Azure Active Directory | Microsoft Docs
-description: Learn how to set up a mobile device as your two-step verification method.
-------- Previously updated : 08/12/2019---
-# Set up a mobile device as your two-step verification method
-
-You can set up your mobile device to act as your two-step verification method. Your mobile phone can either receive a text message with a verification code or a phone call.
-
->[!Note]
-> If the authentication phone option is greyed out, it's possible that your organization doesn't allow you to use a phone number or text message for verification. In this case, you'll need to select another method or contact your administrator for more help.
-
-## Set up your mobile device to use a text message as your verification method
-
-1. On the **Additional security verification** page, select **Authentication phone** from the **Step 1: How should we contact you** area, select your country or region from the drop-down list, and then type your mobile device phone number.
-
-2. Select **Send me a code by text message** from the **Method** area, and then select **Next**.
-
- ![Screenshot that shows the "Additional security verification" page, with "Authentication phone" and "Send me a code by text message" selected.](media/multi-factor-authentication-verification-methods/multi-factor-authentication-text-message.png)
-
-3. Type the verification code from the text message sent from Microsoft into the **Step 2: We've sent a text message to your phone** area, and then select **Verify**.
-
- ![Additional security verification page, with authentication phone and text message](media/multi-factor-authentication-verification-methods/multi-factor-authentication-text-message-test.png)
-
-4. From the **Step 3: Keep using your existing applications** area, copy the provided app password and paste it somewhere safe.
-
- ![App passwords area of the Additional security verification page](media/multi-factor-authentication-verification-methods/multi-factor-authentication-app-passwords.png)
-
- >[!Note]
- >For information about how to use the app password with your older apps, see [Manage app passwords](multi-factor-authentication-end-user-app-passwords.md). You only need to use app passwords if you're continuing to use older apps that don't support two-step verification.
-
-5. Select **Done**.
-
-## Set up your mobile device to receive a phone call
-
-1. On the **Additional security verification** page, select **Authentication phone** from the **Step 1: How should we contact you** area, select your country or region from the drop-down list, and then type your mobile device phone number.
-
-2. Select **Call me** from the **Method** area, and then select **Next**.
-
- ![Additional security verification page, with authentication phone and phone call](media/multi-factor-authentication-verification-methods/multi-factor-authentication-phone-call.png)
-
-3. You'll receive a phone call from Microsoft, asking you press the pound (#) sign on your mobile device to verify your identity.
-
- ![Testing the specified phone number](media/multi-factor-authentication-verification-methods/multi-factor-authentication-phone-call-test.png)
-
-4. From the **Step 3: Keep using your existing applications** area, copy the provided app password and paste it somewhere safe.
-
- ![App passwords area of the Additional security verification page](media/multi-factor-authentication-verification-methods/multi-factor-authentication-app-passwords.png)
-
- >[!Note]
- >For information about how to use the app password with your older apps, see [Manage app passwords](multi-factor-authentication-end-user-app-passwords.md). You only need to use app passwords if you're continuing to use older apps that don't support two-step verification.
-
-5. Select **Done**.
-
-## Next steps
-
-After you've set up your two-step verification method, you can add additional methods, manage your settings and app passwords, sign-in, or get help with some common two-step verification-related problems.
--- [Manage your two-step verification method settings](multi-factor-authentication-end-user-manage-settings.md)--- [Manage app passwords](multi-factor-authentication-end-user-app-passwords.md)--- [Sign-in using two-step verification](multi-factor-authentication-end-user-signin.md)--- [Get help with two-step verification](multi-factor-authentication-end-user-troubleshoot.md)
active-directory My Account Change Password Page https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-account-change-password-page.md
- Title: Change your work or school account password - Azure AD
-description: Learn to change your work or school account password from the Change Password page of the My Account portal.
--------- Previously updated : 01/19/2021---
-# Change your work or school account password from the Change Password page
-
-The **Change password** page of the **My Account** portal helps you to update an existing password for your work or school account, assuming you remember the password and that you're not locked out of your account. If you don't remember your password, if you're locked out of your account, or if you never got a password from your organization, you can use your security info and your mobile device to reset your password.
-
->[!Important]
->This article is intended for users trying to update a known password for an existing work or school account. If you're a user trying to get into a personal account, such as for Xbox, Hotmail, or Outlook.com, try the suggestions in the [When you can't sign in to your Microsoft account](https://support.microsoft.com/help/12429/microsoft-account-sign-in-cant) article. If you see an error while signing in with a personal Microsoft account, you can still sign in by using the domain name for your organization (such as contoso.com) or the **Tenant ID** of your organization from your administrator in one of the following URLs:
->
-> - https://myaccount.microsoft.com?tenantId=*your_domain_name*
-> - https://myaccount.microsoft.com?tenant=*your_tenant_ID*
->
->If you're an administrator trying to find more information about how to test up self-service password reset for your employees or other users, see [Self-service password reset](../authentication/tutorial-enable-sspr.md).
-
-## Update a password from the Change password page
-
-1. Sign in to your work or school account, using your existing password, and then go to the **My Account** (https://myaccount.microsoft.com/) page.
-
-2. Select **Password** from the left navigation pane or select the **Change password** link from the **Password** block.
-
- ![My Account page, showing highlighted Change password link](media/my-account-portal/my-account-portal-change-password.png)
-
-3. Type your old password, and then create and confirm your new password.
-
- ![Change password page, showing password fields](media/my-account-portal/my-account-portal-change-password-page.png)
-
-4. Select **Submit**.
-
- Your password will be changed and you'll be asked to sign in to your work or school account again.
-
-## Next steps
-
-After changing your password, you can:
--- View or manage your [security info](./security-info-setup-signin.md).--- View or manage your connected [devices](my-account-portal-devices-page.md).--- View or manage your [organizations](my-account-portal-organizations-page.md).--- View your [sign-in activity](my-account-portal-sign-ins-page.md).--- View how your organization [uses your privacy-related data](my-account-portal-privacy-page.md).--- Change your [My Account portal settings](my-account-portal-settings.md)
active-directory My Account Find Administrator https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-account-find-administrator.md
- Title: Find an administrator for My Account - Azure AD
-description: How to find the Azure AD administrator in your organization, for My Account users
--------- Previously updated : 07/29/2020---
-# Find an administrator to change my information in My Account
-
-Your IT or human resources department may keep some of your profile information in separate systems; for example, your profile photo or your name or title. If you're not allowed to change this information yourself, contact your human resources department or admin to have them change it for you.
-
-## Why can't you just give me the name of who to contact?
-
-We would have liked to give you the name or the email address of who to contact, but Microsoft doesn't have this information. In this article are some suggestions that may help you find out who your admin is.
-
-## How do I find out who my admin is?
-
-When looking for your My Account admin to update certain information, reset your password, delete an account, or do other tasks, here's some pointers to who you should contact:
--- Universities and schools: Contact your technical support team. Usually you can find a link on your university site. At smaller schools, there may be just a couple technical people who have admin permissions.--- Large businesses: Contact your organization's internal help desk or technical support.--- Small businesses: Contact the business owner or co-owner. Often they give admin permissions to their IT consultant who does all the computer maintenance work for their business.-
-If you don't know who to contact at your work or school for help, try asking the person who gave you your My Account user account and password.
-
-## Next steps
--- Select to view or manage your [security info](./security-info-setup-signin.md)--- View or manage your connected [devices](my-account-portal-devices-page.md)--- View and manage your [organizations](my-account-portal-organizations-page.md)--- View your [sign-in activity](my-account-portal-sign-ins-page.md)--- View how your organization [uses your privacy-related data](my-account-portal-privacy-page.md)--- Change your [My Account portal settings](my-account-portal-settings.md)-
-## Related Microsoft Office content
--- [Sign in to manage your Office product](https://support.office.com/article/sign-in-to-manage-your-office-product-959ac957-8d37-4ae4-b1b6-d6e4874e013f)--- [Go to the Office **My Account** page](https://portal.office.com/account/)--- [Go to the Office **My installs** page](https://portal.office.com/account/#installs)--- [Go to the Office **Subscriptions** page](https://portal.office.com/account/#subscriptions)
active-directory My Account Portal Devices Page https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-account-portal-devices-page.md
- Title: Manage your connected devices from the My Account portal - Azure AD
-description: How to view and disable devices connected to your work or school account from the Devices page of the My Account portal.
--------- Previously updated : 01/19/2021---
-# Manage your connected devices from the Devices page
-
-The **Devices** page of the **My Account** portal helps you to manage the devices connected to your work or school account. From the **Devices** page, you can:
--- View your work or school account-connected devices.--- Disable any devices you no longer own, have lost, or that have been stolen.-
->[!Important]
->This article is intended for users trying to update the device info connected to a work or school account. If you see an error while signing in with a personal Microsoft account, you can still sign in by using the domain name for your organization (such as contoso.com) or the **Tenant ID** of your organization from your administrator in one of the following URLs:
->
-> - https://myaccount.microsoft.com?tenantId=*your_domain_name*
-> - https://myaccount.microsoft.com?tenant=*your_tenant_ID*
->
->If you're an administrator looking for information about device management for your employees and other uses, see the [Device Identities Documentation](../devices/index.yml).
-
-## View your connected devices
-
-1. Sign in to your work or school account, and then go to the **My Account** (https://myaccount.microsoft.com/) page.
-
-2. Select **Devices** from the left navigation pane or select the **Manage devices** link from the **Devices** block.
-
- ![My Account page, showing highlighted Devices links](media/my-account-portal/my-account-portal-devices.png)
-
-3. Review the information for your connected devices, making sure you recognize them all.
-
- ![Device page, showing connected devices](media/my-account-portal/my-account-portal-devices-page.png)
-
-## Disable a device
-
-You can disable any of your connected devices at any time. This is especially important if a device isn't familiar to you or if a device is lost or stolen. After you disable a device, it can no longer be authenticated by your organization, and will be unable to access any of your organization's resources.
-
->[!Important]
->If you disable a device by mistake, there's no way to undo it. You'll have to contact your organization's administrator to add the device again.
-
-1. Select **Disable** from the device you want to remove.
-
- ![Device page with highlighted Disable link](media/my-account-portal/my-account-portal-devices-disable.png)
-
-2. Select **Yes** to confirm you want to disable the device.
-
-## View a BitLocker key
-
-If you're locked out of your device or have a fatal error, you can go to another device and view your BitLocker key from the **My Account** portal.
-
-1. On another device, where you're not locked out, go to the **Devices** page of the **My Account** portal.
-
- ![Device page with BitLocker key option](media/my-account-portal/my-account-portal-devices-bitlocker.png)
-
-2. Select **View BitLocker Keys** for the locked out device and write down the BitLocker key for your locked device.
-
-## Next steps
-
-After viewing your connected devices, you can:
--- Select to view or manage your [security info](./security-info-setup-signin.md).--- View and manage your [organizations](my-account-portal-organizations-page.md).--- View your [sign-in activity](my-account-portal-sign-ins-page.md).--- View how your organization [uses your privacy-related data](my-account-portal-privacy-page.md).--- Change your [My Account portal settings](my-account-portal-settings.md)-
-## Related Office content
--- [Sign in to manage your Office product](https://support.office.com/article/sign-in-to-manage-your-office-product-959ac957-8d37-4ae4-b1b6-d6e4874e013f)--- [Go to the Office **My Account** page](https://portal.office.com/account/)--- [Go to the Office **My installs** page](https://portal.office.com/account/#installs)--- [Go to the Office **Subscriptions** page](https://portal.office.com/account/#subscriptions)
active-directory My Account Portal Organizations Page https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-account-portal-organizations-page.md
- Title: Manage your organizations from the My Account portal - Azure AD
-description: How to view and leave organizations you have access to from the Organizations page of the My Account portal.
--------- Previously updated : 01/19/2021---
-# Manage organizations you have access to in the My Account portal
-
-The **Organizations** page of the **My Account** portal helps you to manage the organizations (typically, your organization's name) that you have access to. There are two types of organizations shown on the **Organizations** page:
--- **Home organization.** Your home organization is the organization that owns your work or school account. You can't leave your home organization.-
- >[!NOTE]
- > If you don't have an assigned Home organization, you'll just see a single heading that says Organizations with the list of your associated organizations.
--- **Other organizations.** The other organizations are any group that you've signed in to previously using your work or school account. You can leave any of these organizations at any time.-
->[!Important]
->This article is intended for users trying to update the organization info accessed by a work or school account. If you see an error while signing in with a personal Microsoft account, you can still sign in by using the domain name for your organization (such as contoso.com) or the **Tenant ID** of your organization from your administrator in one of the following URLs:
->
-> - https://myaccount.microsoft.com?tenantId=*your_domain_name*
-> - https://myaccount.microsoft.com?tenant=*your_tenant_ID*
->
->If you're an administrator looking for information about group and user management for your employees and other uses, see the [Enterprise user management documentation](../enterprise-users/index.yml).
-
-## View your organizations
-
-1. Sign in to your work or school account, and then go to the **My Account** (https://myaccount.microsoft.com/) page.
-
-1. Select **Organizations** from the left navigation pane or select the **Manage organizations** link from the **Organizations** block.
-
- ![My Account page, showing highlighted Organizations links](media/my-account-portal/my-account-portal-organizations.png)
-
-1. Review the information for your **Home organization**.
-
- ![Organizations page](media/my-account-portal/my-account-portal-organization-page.png)
-
-1. Review your other organizations, making sure you recognize all of the organizations that you have access to.
-
-## Leave an organization
-
-You can leave any organization that isn't your Home organization.
-
->[!Important]
->If you leave an organization by mistake, there's no way to undo it. You'll have to wait for the administrator of that organization to invite you again.
--- Select **Leave organization** next to the organization you want to leave, and then select **Leave** to confirm you want to leave.-
- ![Organizations page with highlighted leave organization link](media/my-account-portal/my-account-portal-organizations-leave.png)
-
-## Next steps
-
-After viewing your organizations, you can:
--- View or manage your [security info](./security-info-setup-signin.md).--- View or manage your connected [devices](my-account-portal-devices-page.md).--- View your [sign-in activity](my-account-portal-sign-ins-page.md).--- View how your organization [uses your privacy-related data](my-account-portal-privacy-page.md).--- Change your [My Account portal settings](my-account-portal-settings.md)
active-directory My Account Portal Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-account-portal-overview.md
- Title: What is the My Account portal? - Azure AD
-description: How to get to the My Account portal and its features, including setting up and managing your Security info, Devices, Password, Organizations, Privacy, and My Sign-ins.
--------- Previously updated : 01/19/2021---
-# What is the My Account portal?
-
-The **My Account** portal helps you to manage your work or school account by setting up and managing your security info, managing your connected organizations and devices, viewing how your organization uses your data.
-
-You can get to the **My Account** portal (https://myaccount.microsoft.com), from the current version of any of the following browsers:
--- Chrome-- Microsoft Edge-- Safari-- Firefox-- Internet Explorer 11-
-![My Account portal, Overview page](media/my-account-portal/my-account-portal-overview.png)
-
->[!Important]
->This article is intended for users trying to get to the My Account portal to update their security info, device info, password, connected organizations, language settings, privacy, or previous sign-in information. If you're an administrator looking for information about how to turn on authentication and other Azure Active Directory (Azure AD) features for your employees and other uses, see the [Azure AD documentation for administrators](../index.yml).
-
-## Next steps
--- Select to view or manage your [security info](./security-info-setup-signin.md)--- View or manage your connected [devices](my-account-portal-devices-page.md)--- View and manage your [organizations](my-account-portal-organizations-page.md)--- View your [sign-in activity](my-account-portal-sign-ins-page.md)--- View how your organization [uses your privacy-related data](my-account-portal-privacy-page.md)--- Change your [My Account portal settings](my-account-portal-settings.md)-
-## Related Microsoft Office content
--- [Sign in to manage your Office product](https://support.office.com/article/sign-in-to-manage-your-office-product-959ac957-8d37-4ae4-b1b6-d6e4874e013f)--- [Go to the Office **My Account** page](https://portal.office.com/account/)--- [Go to the Office **My installs** page](https://portal.office.com/account/#installs)--- [Go to the Office **Subscriptions** page](https://portal.office.com/account/#subscriptions)
active-directory My Account Portal Privacy Page https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-account-portal-privacy-page.md
- Title: View privacy-related info from the My Account portal - Azure AD
-description: Learn how your organization uses your privacy-related information from the Privacy page of the My Account portal.
--------- Previously updated : 01/19/2021---
-# View how your organization uses your privacy-related data
-
-You can view how your organization uses your data from the **Settings & Privacy** page of the **My Account** portal.
-
->[!Note]
-> If you see an error while signing in with a personal Microsoft account, you can still sign in by using the domain name for your organization (such as contoso.com) or the **Tenant ID** of your organization from your administrator in one of the following URLs:
->
-> - https://myaccount.microsoft.com?tenantId=*your_domain_name*
-> - https://myaccount.microsoft.com?tenant=*your_tenant_ID*
-
-## View your privacy-related info
-
-1. Sign in to your work or school account and then go to your https://myaccount.microsoft.com/ page. If you are signing in with a personal Microsoft account, you can still sign in by using the domain name for your organization (such as contoso.com) or the **Tenant ID** of your organization from your administrator in one of the following URLs:
-
- - https://myaccount.microsoft.com?tenantId=*your_domain_name*
- - https://myaccount.microsoft.com?tenant=*your_tenant_ID*
-
-2. Select **Settings & Privacy** from the left navigation pane or select the **View Settings and Privacy** link from the **Settings & Privacy** block.
-
- ![My Account page, showing highlighted Settings & Privacy link](media/my-account-portal/my-account-portal-privacy.png)
-
-3. Select **Privacy**, as shown in the following example screenshot, then review the information, including:
-
- ![Settings & Privacy page, showing highlighted Privacy tab option](media/my-account-portal/my-account-portal-privacy-tab.png)
-
- - **Services.** A list of online services you're connected to using your work or school account.
-
- - **Terms of use**. Your organization's terms of use.
-
-## Next steps
-
-After viewing how your organization uses your data, you can:
--- View or manage your [security info](./security-info-setup-signin.md).--- View or manage your connected [devices](my-account-portal-devices-page.md).--- View or manage your [organizations](my-account-portal-organizations-page.md).--- View your [sign-in activity](my-account-portal-sign-ins-page.md).--- Change your [My Account portal settings](my-account-portal-settings.md)--- You can also view your Microsoft Office-related contact preferences and privacy information from the [Office portal, Security & privacy page](https://portal.office.com/account/#security).
active-directory My Account Portal Settings https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-account-portal-settings.md
- Title: Change your settings in the My Account portal - Azure AD
-description: Learn how to change your language or region settings from the Settings & Privacy page of the My Account portal.
--------- Previously updated : 01/19/2021---
-# View or change your settings in the My Account portal
-
-You can view or change your account settings in the My Account portal, such as language or time zone, from the **Settings & Privacy** page of the **My Account** portal.
-
->[!Note]
-> If you see an error while signing in with a personal Microsoft account, you can still sign in by using the domain name for your organization (such as contoso.com) or the **Tenant ID** of your organization from your administrator in one of the following URLs:
->
-> - https://myaccount.microsoft.com?tenantId=*your_domain_name*
-> - https://myaccount.microsoft.com?tenant=*your_tenant_ID*
-
-## View and manage your language and regional settings
-
-1. Sign in to your work or school account and then go to your https://myaccount.microsoft.com/ page. If you are signing in with a personal Microsoft account, you can still sign in by using the domain name for your organization (such as contoso.com) or the **Tenant ID** of your organization from your administrator in one of the following URLs:
-
- - https://myaccount.microsoft.com?tenantId=*your_domain_name*
- - https://myaccount.microsoft.com?tenant=*your_tenant_ID*
-
-1. Select **Settings & Privacy** from the left navigation pane or select the **View Settings And Privacy** link from the **Settings & Privacy** block.
-
- ![My Account page, showing highlighted Settings and Privacy link](media/my-account-portal/my-account-portal-privacy.png)
-
-1. Under *Language & Region (preview)*, review or change the following settings:
- * *Display language*: The language used for buttons, menus, and some content in Microsoft websites.
- * *Preferred languages*: Languages you understand and use to create or consume content.
- * *Regional format*: Microsoft websites use this setting to format dates and times.
- * *Time zone*: Used to effectively schedule meetings in your Microsoft calendar.
-
-After you change your display language, it's recommended to sign out and sign in to your work or school account to make sure your display language is refreshed.
-
-> [!NOTE]
-> In some organizations, you can't manage the *Display Language* setting. If your display language is disabled, as shown in the following example screenshot, reach out to your IT admin for assistance:
->
-> ![My Account page, showing Display Language settings are disabled for the organization](media/my-account-portal/my-account-portal-managed-language-settings.png)
-
-## Next steps
-
-After changing your My Account portal settings, you can:
--- View or manage your [security info](./security-info-setup-signin.md).--- View or manage your connected [devices](my-account-portal-devices-page.md).--- View or manage your [organizations](my-account-portal-organizations-page.md).--- View your [sign-in activity](my-account-portal-sign-ins-page.md).--- View the [M365 web applications that currently use the language and regional format settings](https://support.microsoft.com/office/change-your-display-language-and-time-zone-in-microsoft-365-for-business-6f238bff-5252-441e-b32b-655d5d85d15b).
active-directory My Account Portal Sign Ins Page https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-account-portal-sign-ins-page.md
- Title: View and search your recent sign-in activity from the My Sign-ins page - Azure Active Directory | Microsoft Docs
-description: Details about how to view and search your recent sign-in activity from the My Sign-ins page of the My Account portal.
--------- Previously updated : 04/22/2021---
-# View and search your recent sign-in activity from the My Sign-ins page
-
-You can view all of your recent work or school account sign-in activity, from the **My Sign-ins** page of the **My Account** portal. Reviewing your sign-in history helps you to check for unusual activity by helping you to see:
--- If someone is trying to guess your password.-- If an attacker successfully signed in to your account, and from what location.-- What apps the attacker tried to access.-
->[!Note]
-> If you see an error while signing in with a personal Microsoft account, you can still sign in by using the domain name for your organization (such as contoso.com) or the **Tenant ID** of your organization from your administrator in one of the following URLs:
->
-> - `https://myaccount.microsoft.com?tenantId=<your_domain_name>`
-> - `https://myaccount.microsoft.com?tenant=<your_tenant_ID>`
-
-## View your recent sign-in activity
-
-1. Sign in to your work or school account and then go to your https://myaccount.microsoft.com/ page.
-
-1. Select **My Sign-ins** from the left navigation pane or select the **Review recent activity** link from the **My sign-ins** block.
-
- ![My Account page, showing highlighted Recent activity links](media/my-account-portal/my-account-portal-sign-ins.png)
-
-1. Expand and review each of the sign-in items, making sure that you recognize each one. If you find a sign-in item that doesn't look familiar, change your password to protect the account in case it's compromised.
-
- ![Recent activity page with expanded sign-in details](media/my-account-portal-sign-ins-page/recent-activity.png)
-
-### If you see a successful sign-in
-
-Sometimes, while reviewing your own normal sign-in activity, you might see a successful sign-in from an unfamiliar location, browser, or operating system. Unfamiliar sign-ins can mean an attacker has gained access to your account. If you see activity that you didn't authorize, we recommend you immediately change your password, and then go to [Security info](https://mysignins.microsoft.com/security-info) to update your security settings.
-
-Before you determine something is incorrect, make sure you're not seeing a false positive (where the item looks questionable, but is okay). For example, we determine your approximate location and map based on your IP address. Mobile networks are especially hard to pinpoint since they sometimes route traffic through distant locations. Even if you sign in using your mobile device in Washington state, the location might show the sign-in coming from California. We strongly suggest that you check details beyond just the location. Make sure the operating system, browser, and app all make sense, too.
-
-### If you see an unsuccessful sign-in
-
-If you see an unsuccessful sign-in, it could mean that you mistyped your credentials. It could also mean that an attacker was trying to guess your password. To respond to this risk, you don't have to change your password, but we recommend that you register for Azure AD Multi-Factor Authentication (MFA). With multi-factor authentication, even if the hacker guesses your password, it won't be enough to access the account.
-
-![Unsuccessful sign-in tile](media/my-account-portal-sign-ins-page/unsuccessful.png)
-
-If you see an unsuccessful sign-in, with a note under **Session activity** that says, `Additional verification failed, invalid code`, it means that your primary authentication credentials succeeded, but multi-factor authentication failed. This condition could mean that an attacker correctly guessed your password but was unable to pass the multi-factor authentication challenge. We recommend that you still change your password, because the attacker might have that already, and go to the [Security info](https://mysignins.microsoft.com/security-info) page to update your security settings.
-
-## Search for specific sign-in activity
-
-You can search your recent sign-in activity by any of the available information. For example, you can search for your recent sign-in activity by operating system, location, app, and so on.
-
-1. On the **Review recent activity** page, type the information you want to search for into the **Search** bar. For example, type `Unsuccessful` to search for all unsuccessful sign-in activity collected by the My Account app.
-
-2. Select the **Search** button to begin searching.
-
- ![Recent Activity page, showing highlighted search bar, search button, and results](media/my-account-portal-sign-ins-page/sign-in-search.png)
-
-### Confirm unusual activity
-
-Sign-ins that are flagged as unusual activity can be confirmed in the tile for that activity in the **My sign-ins** page.
-
-![Unusual sign-in tile for confirms that you did or did not attempt the sign-in](media/my-account-portal-sign-ins-page/this-wasnt-me.png)
-
-## View sign-in activity on Android
-
-Each time you view or change security information, you must sign in to your work or school account to continue.
-
-1. Open the Microsoft Authenticator app, and select the home page for your work or school account.
-
-1. Select **Recent account activity**.
-
- ![Work or school account home page, showing highlighted recent sign-in activity link](media/my-account-portal-sign-ins-page/android-recent-activity.png)
-
-1. If your sign-in is successful, review each of the sign-in items, making sure that you recognize each one. If you find a sign-in item that doesn't look familiar, change your password to protect the account in case it's compromised.
-
- ![Recent activity page with sign-in details](media/my-account-portal-sign-ins-page/android-activity-page.png)
-
-## Change your password on Android
-
-Your administrator can make it possible for you to reset your password from the Authenticator app. Each time you sign in to view or change security information, you must sign in to your work or school account to continue.
-
-1. Open the Microsoft Authenticator app, and select the home page for your work or school account.
-
-1. Select **Change password**.
-
- ![Work or school account home page, showing highlighted Change password link](media/my-account-portal-sign-ins-page/android-change-password.png)
-
-1. If your sign-in is successful, you can update your password info on the **Change password** page.
-
- ![Recent activity page with old and new password entry](media/my-account-portal-sign-ins-page/android-password-page.png)
-
-## Update security info on Android
-
-Each time you sign in to view or change security information, you must sign in to your work or school account to continue.
-
-1. Open the Microsoft Authenticator app, and select the home page for your work or school account.
-
-1. Select **Update security info**.
-
- ![Work or school account home page, showing highlighted Update security info link](media/my-account-portal-sign-ins-page/android-update-security-info.png)
-
-1. If your sign-in is successful, you can update your security details the **Security info** page.
-
- ![Recent activity page with security info](media/my-account-portal-sign-ins-page/android-security-info-page.png)
-
-## Next steps
-
-After viewing your recent sign-in info, you can:
--- View or manage your [security info](./security-info-setup-signin.md).--- View or manage your connected [devices](my-account-portal-devices-page.md).--- View or manage your [organizations](my-account-portal-organizations-page.md).--- View how your organization [uses your privacy-related data](my-account-portal-privacy-page.md).--- Change your [My Account portal settings](my-account-portal-settings.md)
active-directory My Applications Portal Permissions Saved Accounts https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-applications-portal-permissions-saved-accounts.md
- Title: Manage application permissions from the My Apps portal - Azure Active Directory | Microsoft Docs
-description: Learn how to manage application permissions for your organization's cloud-based apps from the My Apps portal.
-------- Previously updated : 02/03/2020----
-# Edit or revoke application permissions in the My Apps portal
-
-When you use organizational applications in the **My Apps** portal, you often grant permissions and save account information. To keep your data secure, you may want to review and revoke permissions or clear saved account credentials. Removing permissions or accounts may break some app functionality. If you have problems after you remove permissions or accounts, contact your organization's Helpdesk for additional assistance.
--
->[!Important]
->This content is intended for users. If you're an administrator, you can find more information about how to set up and manage your cloud-based apps in the [Application Management Documentation](../manage-apps/access-panel-collections.md).
-
-## Manage app accounts
-
-To view the apps consented to by you or your administrator, select **...** when you hover over an app in the **My Apps** portal, then select **Manage your application**:
-
-![Manage an application in the My Apps portal](media/my-applications-portal-permissions-saved-accounts/my-apps-home-woodgrove.png)
-
-The top part of permissions window shows what you personally consented to. Examples of apps permissions include the ability to access your calendar, contacts, or camera.
-
-You can revoke any of the permissions you consented to by selecting **Revoke Permissions**, however removing a permission may break some of the apps functionality. If you have problems after you remove permissions or accounts, contact your organization's Helpdesk for additional assistance.
-
-![Revoke permissions for an application in the My Apps portal](media/my-applications-portal-permissions-saved-accounts/revoke-permissions.png)
-
-The bottom part of the permissions window shows what your administrator consented to on your behalf. This section isn't shown if there are no admin-consented permissions. You can't revoke these permissions because the administrator consented to them, and they're often required for your organization's policy.
-
-## Next steps
-
-After you manage app permissions and saved accounts in the **My Apps** portal, you can:
--- Organize your apps into the various categories created and provided by your organization. For more information, see [Access and use collections in the My Apps portal](my-applications-portal-workspaces.md).-
-## Related articles
--- [Update your profile and account info](my-account-portal-overview.md). Instructions about how to update your personal information that appears on the **My Profile** portal.--- [Manage your organizations](my-account-portal-organizations-page.md). Instructions about how to view and manage your organization-related information on the **Organizations** page of the **My Profile** portal.--- [Manage your connected devices](my-account-portal-devices-page.md). Instructions about how to manage the devices you're connected to using your work or school account, on the **Devices** page of the **My Profile** portal.
active-directory My Applications Portal Workspaces https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-applications-portal-workspaces.md
- Title: Organize apps using collections from the My Apps portal - Azure Active Directory | Microsoft Docs
-description: Learn how to access and use collections for your organization's cloud-based apps from the My Apps portal.
-------- Previously updated : 07/26/2021----
-# Use collections in the My Apps portal
-
-Collections are different app views you see in the **My Apps** portal. Apps can be grouped into collections by department function or user role, for example. If you don't see any collections or categories available, it means that your administrator hasn't set up or shared any with you. Contact your organization's Helpdesk for additional assistance or permissions to see shared collections.
--
->[!Important]
->This content is intended for **My Apps** users. If you're an administrator, you can find more information about how to set up and manage your cloud-based apps in the [Application Management Documentation](../manage-apps/access-panel-collections.md).
-
-## Access apps using collections
-
-The list of collections in the **My Apps** portal defaults to show one named **Apps**:
-
-![All apps page in the My Apps portal](media/my-applications-portal-workspaces/my-apps-all-apps.png)
-
-Any other collection you see in this list was created by your admin and shared with you. You can choose one of those collections to see a more scoped set of apps, such as *Support* in the following example:
-
-![Individual collection and scoped set of apps in the My Apps portal](media/my-applications-portal-workspaces/my-apps-workspace.png)
-
-When you select and view a collection, you only see the default applications that you have access to.
-
-## Next steps
-
-After you organize your apps into the various categories in the **My Apps** portal, you can:
--- Review, update, or revoke permissions granted to applications. For more information, see [Edit or revoke application permissions in the My Apps portal](my-applications-portal-permissions-saved-accounts.md).-
-## Related articles
--- [Update your profile and account info](my-account-portal-overview.md). Instructions about how to update your personal information that appears on the **My Profile** portal.--- [Manage your organizations](my-account-portal-organizations-page.md). Instructions about how to view and manage your organization-related information on the **Organizations** page of the **My Profile** portal.--- [Manage your connected devices](my-account-portal-devices-page.md). Instructions about how to manage the devices you're connected to using your work or school account, on the **Devices** page of the **My Profile** portal.
active-directory My Apps Portal End User Access Reviews https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-apps-portal-end-user-access-reviews.md
- Title: Manage your organization's access to apps & groups - Azure AD
-description: Learn how to perform an access review to manage security access for your organization's apps and groups from the My Apps portal.
------- Previously updated : 01/19/2021-----
-# Perform an access review from the My Apps portal
-
-You can use your work or school account with the web-based **My Apps** portal to perform access reviews for your apps and groups. Access reviews help you manage outdated access or changing access requirements and ensure that they are reviewed and updated.
-
-If you donΓÇÖt have access to the **My Apps** portal, contact your Helpdesk for permission.
--
->[!Important]
->This content is intended for **My Apps** users. If you're an administrator, you can find more information about how to set up and manage your cloud-based apps in the [Application Management Documentation](../manage-apps/index.yml).
->
-> If you see an error signing in with a personal Microsoft account, you can still sign in by using the domain name for your organization (such as contoso.com) or the **Tenant ID** of your organization from your administrator in one of the following URLs:
->
-> - https://myapplications.microsoft.com?tenantId=*your_domain_name*
-> - https://myapplications.microsoft.com?tenant=*your_tenant_ID*
-
-## Manage access reviews
-
-If your administrator has given you permission to perform your own access reviews, you can manage your groups or apps access from the **Access reviews** tile on the **My Apps** portal page.
-
->[!Note]
->If you don't see the **Access reviews** tile, it either means that you don't have permission to perform access reviews, or that you don't have any pending reviews waiting for your approval. If you think you should have access to the tile, contact your Helpdesk for assistance.
-
-## To perform your access reviews
-
-1. Sign in to your work or school account.
-
-1. Open your web browser and go to https://myapps.microsoft.com, or use the link provided by your organization. For example, you might be directed to a customized page for your organization, such as https://myapps.microsoft.com/contoso.com.
-
- The **Apps** page appears, showing all the cloud-based apps owned by your organization and available for you to use.
-
- ![Apps page in the My Apps portal](media/my-apps-portal/my-apps-home.png)
-
-1. Select the **Access reviews** tile to see a list of access reviews waiting for your approval.
-
- ![Access reviews page with pending access reviews for the organization](media/my-apps-portal/my-apps-portal-access-reviews-page.png)
-
-1. Select **Begin review** to start your access review.
-
-5. Review your access and determine whether it's still necessary.
-
- ![Access review page, showing the review details](media/my-apps-portal/my-apps-portal-perform-access-reviews-page.png)
-
- >[!Note]
- >If you're an administrator, and allowed to review your organization's access to groups and apps, you'll see a different page. For more information about reviewing groups or apps for your organization, see [Review access to groups or applications in Azure AD Access Reviews](../governance/perform-access-review.md).
-
-6. Select **Yes** to keep your access or **No** to remove your access.
-
- If you select **Yes**, you might need to specify a justification in the **Reason** box.
-
- ![Access review page, showing the Reason box with sample text](media/my-apps-portal/my-apps-portal-perform-access-reviews-reason-box.png)
-
-7. Select **Submit**.
-
- Your access review is complete and you return to the **My Apps** portal.
-
- >[!Note]
- >You can change your access at any time until your access review period ends. If you remove your access to an app or group, it's not removed immediately. The removal happens when the access review period ends or when an administrator closes the review.
-
-## Next steps
--- [Access and use apps on the My Apps portal](my-apps-portal-end-user-access.md)-- [Change your profile information](./my-account-portal-settings.md)-- [View and update your groups-related information](my-apps-portal-end-user-groups.md)
active-directory My Apps Portal End User Access https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-apps-portal-end-user-access.md
- Title: Locate & use apps on the My Apps portal - Azure AD
-description: Learn how to find the My Apps portal and then how to access your organization's cloud-based apps.
------- Previously updated : 03/26/2021-----
-# Sign in and start apps from the My Apps portal
-
-You can use your work or school account with the web-based **My Apps** portal to:
--- View and start many of your organizationΓÇÖs cloud-based apps-- Go to the [**My Groups** portal](https://account.activedirectory.windowsazure.com/r#/groups)-- Go to the [**My Account** portal](https://myaccount.microsoft.com/)-
-If you donΓÇÖt have access to the **My Apps** portal, contact your organization's Help desk for permission.
-
-> [!IMPORTANT]
-> This content is intended for **My Apps** users. If you're an administrator, you can find more information about how to set up and manage your cloud-based apps in the [Application Management Documentation](../manage-apps/index.yml).
->
-> If you see an error signing in with a personal Microsoft account, you can still sign in by using the domain name for your organization (such as contoso.com) or the **Tenant ID** of your organization from your administrator in one of the following URLs:
->
-> - https://myapplications.microsoft.com?tenantId=*your_domain_name*
-> - https://myapplications.microsoft.com?tenant=*your_tenant_ID*
-
-## Supported browsers
-
-You can get to the **My Apps** portal from any of the following web browser. Microsoft recommends that you use the most up-to-date browser that's compatible with your operating system.
--- Microsoft Edge (latest version, desktop and mobile)-- Safari (latest version, Mac and iOS)-- Chrome (latest version, desktop and mobile)-- Firefox (latest version)-
-You can access and use the My Apps portal on your computer, or from the mobile version of the Edge browser on an iOS or Android mobile device.
-
-![Apps page in the My Apps portal](media/my-apps-portal/my-apps-home.png)
-
-## Access and use the My Apps portal on your computer
-
-If you have permission to access and use your organization's cloud-based apps, you can get to them through the **My Apps** portal.
-
-1. Sign in to your work or school account on your computer.
-
-1. In a supported web browser, go to https://myapps.microsoft.com, or use the link provided by your organization if they direct you to a customized page such as `https://myapps.microsoft.com/contoso.com`.
-
- The **Apps** page appears, showing all the cloud-based apps owned by your organization that are available for you to use.
-
-1. From the **Apps** page, select the app you want to start using.
-
- A new page opens for the app, where you can sign in (if necessary) or begin using the app.
-
-### Download and install the My Apps Secure Sign-in Extension
-
-Download and install the **My Apps Secure Sign-in Extension**, if you're prompted. This extension helps you use your desktop browser to use single sign-on with your organization's cloud apps. Just hover over an app in the **My Apps** portal, select **...**, then select **Manage your application**.
-
-If your organization has already set you up for single sign-on, the extension is installed automatically and you can skip this section.
-
-The **My Apps Secure Sign-in Extension** helps you:
--- Sign in directly to apps from the sign-in page.-- Start any apps using the **Quick search** feature.-- See the last apps you used in the **Recently Used** section.-- Use internal company URLs when remote using [Application Proxy](../app-proxy/application-proxy.md).-
-### To download and install the extension
-
-Download and install the extension, based on the browser you're using.
--- **Microsoft Edge** - From the Microsoft Store, go to the [My Apps Secure Sign-in Extension](https://microsoftedge.microsoft.com/addons/detail/my-apps-secure-signin-ex/gaaceiggkkiffbfdpmfapegoiohkiipl) feature, and then select **Get** to get the extension for Microsoft Edge legacy browser.--- **Google Chrome** - From the Chrome Web Store, go to the [My Apps Secure Sign-in Extension](https://chrome.google.com/webstore/detail/my-apps-secure-sign-in-ex/ggjhpefgjjfobnfoldnjipclpcfbgbhl) feature, and then select **Add to Chrome**.--- **Mozilla Firefox** - From the **Firefox Add-ons** page, go to the My Apps Secure Sign-in Extension feature, and then select **Add to Firefox**.-
-An icon is added to the right of your **Address** bar, letting you sign in and customize the extension.
-
-### To change your My Apps portal using the extension
-
-You can choose how many apps to view in the **Recently Used** section and decide whether to allow your organization's internal URLs to redirect.
-
-1. Select the new **My Apps Secure Sign-in Extension** icon ![Extension icon](media/my-apps-portal/my-apps-portal-extension-icon.png) to the right of your **Address** bar, and then select **Sign in to get started**.
-
-1. Right-click the **Settings** icon ![Settings icon](media/my-apps-portal/my-apps-portal-extension-settings-icon.png), and then select **Settings**.
-
-1. In the **Settings** box, select the number of recent apps you want to see on the portal, and whether to allow your organization's internal URLs to redirect so you can use them remotely.
-
- ![Settings page of the extension, showing the available customizations](media/my-apps-portal/my-apps-portal-extension-settings-page.png)
-
-## Access and use the My Apps portal on mobile Edge
-
-View and use your organization's apps from the mobile version of the Edge browser on your devices.
-
-1. On your mobile device, download and install the mobile Edge browser app from the Apple App Store and the Google Play Store.
-
-1. Open the mobile Edge browser and go to https://myapps.microsoft.com, or use the link provided by your organization if they direct you to a customized page, such as https://myapps.microsoft.com/contoso.com.
-
- The **Apps** page appears, showing all the cloud-based apps owned by your organization and available for you to use.
-
-1. From the **Apps** page, select the app you want to start using.
-
- A new page opens for the app, where you can sign in (if necessary) or begin using the app.
-
-## Add a new app to the My Apps portal
-
-If your administrator has given you permission, you can add a new app to the **Apps** page.
-
-1. From the **Apps** page, select **Add self-service apps**.
-
- ![Add apps page, in the My Apps portal at myapplications.microsoft.com](media/my-apps-portal/my-apps-portal-add-app-link.png)
-
-1. Select the app you want to add from the provided list, and then select **Add**.
-
-1. The app is added to the list on the **Apps** page.
-
- Some apps might require administrator approval before being added. When that happens, the app isn't added to the **Apps** page until the administrator approves it.
-
-## Start a cloud-based app
-
-You can start any of the available cloud-based apps from the **My Apps** portal. You'll only see apps you have permission to use.
--- From the **Apps** page, select the app you want to start using.-
- A new page opens for the app, where you can sign in (if necessary) or begin using the app.
-
-## Activities in the My Apps portal
-
-After you get to the **My Apps** portal, you can:
--- Organize your apps into the various categories created and provided by your organization. For more information, see [Access and use collections in the My Apps portal](my-applications-portal-workspaces.md).-- Review, update, or revoke permissions granted to applications. For more information, see [Edit or revoke application permissions in the My Apps portal](my-applications-portal-permissions-saved-accounts.md).-- Create, update, and remove app accounts. For more information, see [Edit or revoke application permissions](my-applications-portal-permissions-saved-accounts.md).-- Access [**My Account**](my-account-portal-overview.md) from the **My Apps** portal for account management:
-
- - Checking for unusual sign-in activity
- - Managing your password
- - Managing connected devices, subscriptions, organizations, and Office apps
-
->[!NOTE]
->If you don't see any collections or categories available, it means that your administrator hasn't set up or shared any with you. Contact your organization's help desk for additional assistance or permissions to see shared collections.
-
-## Next steps
-
-After you get to the **Apps** page, you can:
--- [Change your profile information](./my-account-portal-settings.md)--- [View and update your groups-related information](my-apps-portal-end-user-groups.md)--- [Perform your own access reviews](my-apps-portal-end-user-access-reviews.md)
active-directory My Apps Portal End User Groups https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-apps-portal-end-user-groups.md
- Title: Update your Groups info on the My Apps portal - Azure AD
-description: Learn how to view and update your groups-related information, including viewing the groups you own, creating new groups, viewing the groups to which you're already a member, and joining any groups you aren't already part of.
------- Previously updated : 01/19/2021-----
-# Update your Groups info on the My Apps portal
-
-You can use your work or school account with the web-based **My Apps** portal to view and start many of your organizationΓÇÖs cloud-based apps, to update some of your profile and account information, to see your **Groups** information, and to perform **access reviews** for your apps and groups. If you donΓÇÖt have access to the **My Apps** portal, you must contact your Helpdesk for permission.
--
->[!Important]
->This content is intended for users. If you're an administrator, you can find more information about how to set up and manage your cloud-based apps in the [Application Management Documentation](../manage-apps/index.yml).
->
-> If you see an error signing in with a personal Microsoft account, you can still sign in by using the domain name for your organization (such as contoso.com) or the **Tenant ID** of your organization from your administrator in one of the following URLs:
->
-> - https://myapplications.microsoft.com?tenantId=*your_domain_name*
-> - https://myapplications.microsoft.com?tenant=*your_tenant_ID*
-
-## View your Groups information
-
-If your administrator has given you permission to view the **Groups** tile, you can:
--- **As a group member.** View details or leave any group.--- **As a group owner.** View details, create a new group, add or remove members, or delete your group.-
-### To view your groups information
-
-1. Sign in to your work or school account.
-
-2. Open your web browser and go to https://myapps.microsoft.com, or use the link provided by your organization. For example, you might be directed to a customized page for your organization, such as https://myapps.microsoft.com/contoso.com. If you are signing in with a personal Microsoft account, you can still sign in by using the domain name for your organization (such as contoso.com) or the **Tenant ID** of your organization from your administrator in one of the following URLs:
-
- - https://myapplications.microsoft.com?tenantId=*your_domain_name*
- - https://myapplications.microsoft.com?tenant=*your_tenant_ID*
--
- The **Apps** page appears, showing all the cloud-based apps owned by your organization and available for you to use.
-
- ![Apps page in the My Apps portal](media/my-apps-portal-end-user-groups/my-apps-home-large.png)
-
-3. Pull down the **My Apps** menu and select **My Groups** to see your group-related information.
-
-4. Based on your permissions, you can use the **My Groups** page to:
-
- - **Review the groups you own.** View information about any groups you own within your organization from the **Groups I own** area. Selecting a specific group name provides you with more details about the group, including the group type, the number of members, the join policy, and the active members list.
-
- - **Create a new group.** Create a new group with you as the owner from the **Groups I own** area. For specific steps, see the [Create a new group](#create-a-new-group) section of this article.
-
- - **Edit an existing group.** Edit the details for any of your own groups. For specific steps, see the [Edit an existing group](#edit-an-existing-group) section of this article.
-
- - **Add or remove members.** Add or remove members for groups that you own. For specific steps, see the [Add or remove a member](#add-or-remove-a-member) section of this article.
-
- - **Renew an Office 365 group.** If your organization allows it, you can renew your Office 365 groups. For specific steps, see the [Renew an Office 365 group](#renew-an-office-365-group) section of this article.
-
- - **Delete a group.** Delete any groups that you own. For specific steps, see the [Delete a group](#delete-a-group) section of this article.
-
- - **Review the groups you're a part of.** View the names of any groups to which you're a member from the **Groups I'm in** area. Selecting a specific group name provides you with more details about the group, including the group type, the number of members, the join policy, and the active members list.
-
- - **Join a group.** Join an existing group, for which you're not already a member, from the **Groups I'm in** area. For specific steps, see the [Join an existing group](#join-an-existing-group).
-
-## Create a new group
-
-1. On the **Groups** page, select **Create a group** from the **Groups I own** area.
-
- The **Create group** box appears.
-
- ![Create group box](media/my-apps-portal/my-apps-portal-create-group-page.png)
-
-2. Enter the required information:
-
- - **Group type:**
-
- - **Security.** Used to manage member and computer access to shared resources for a group of users. For example, you can create a security group for a specific security policy. By doing it this way, you can give a set of permissions to all the members at once, instead of having to add permissions to each member individually.
-
- - **Office 365.** Provides collaboration opportunities by giving members access to a shared mailbox, calendar, files, SharePoint site, and more. This option also lets you give people outside of your organization access to the group.
-
- - **Group name.** Add a name for the group, something that you'll remember and that makes sense.
-
- - **Group description (optional).** Add an optional description to your group.
-
- - **Group policy.** Choose either to allow everyone to join the group or to only allow the owner of the group to add members.
-
-3. Select **Create**.
-
- The new group is created with you as the owner and it appears in your **Groups I own** list. Because you're the owner, this group also appears in the **Groups I'm in** list.
-
-## Edit an existing group
-
-After you create a group, you can edit its details, including updating any of the existing information.
-
-1. Select the group you want to edit from the **Groups** page, and then select **Edit details** on the *&lt;group_name&gt;* page.
-
- The **Edit details** box appears and you can update the information you added when you initially created the group.
-
-2. Make all of your changes, and then select **Update**.
-
-## Add or remove a member
-
-You can add or remove members for any groups that you own.
-
-1. Select the group you want to add members to, and then select **+** on the *&lt;group_name&gt;* page.
-
- ![Add a group member, with + sign highlighted](media/my-apps-portal/my-apps-portal-add-member-link.png)
-
-2. Search for the member you want to add, from the **Add members** box, and then select **Add**.
-
- ![Add members box, with new member to add](media/my-apps-portal/my-apps-portal-add-member-page.png)
-
- An invitation is sent to the new member, to get started accessing the organization's apps.
-
-3. If you added a member by mistake, or if a member has left your organization, you can remove the member by selecting **Remove member** next to the member's name on the *&lt;group_name&gt;* page.
-
- ![Remove a member, with the removal link highlighted](media/my-apps-portal/my-apps-portal-remove-member-link.png)
-
-## Renew an Office 365 group
-
-If your organization allows it, you can renew an Office 365 group, extending your expiration date.
-
-1. Select the Office 365 group you want to renew, and then select **Renew group**.
-
- ![Renew an Office 365 group, extending the expiration date](media/my-apps-portal/my-apps-portal-renew-group-link.png)
-
-2. Click **OK** to close the confirmation message.
-
- After you refresh the page, you'll see your updated **Last Renewed** and **Group expiration** dates.
-
-## Delete a group
-
-You can delete any of your own groups at any time. However, if you delete a group by mistake you'll have to create it and add members again.
-
-1. Select the group you want to permanently delete, and then select **Delete group** on the *&lt;group_name&gt;* page.
-
- ![<Group_name> page with the Delete group link highlighted](media/my-apps-portal/my-apps-portal-delete-group-link.png)
-
-2. Select **Yes** on the confirmation message.
-
- The group is permanently deleted.
-
-## Join an existing group
-
-You can join or leave an already existing group from the **Groups** page.
-
-1. On the **Groups** page, select **Join group** from the **Groups I'm in** area.
-
- The **Join groups** page appears.
-
- ![Join groups page, with Join group button highlighted](media/my-apps-portal/my-apps-portal-join-group-link.png)
-
-2. On the **Join groups** page, select the name of the group you want to join, view the associated group details, and then if the group is available, select **Join group**.
-
- If the group requires the group owner to approve membership, you'll be asked to enter a business justification for why you need to join the group, and then select **Request**. If the group doesn't require approval, you're immediately added as a member and the group appears in your **Groups I'm in** list.
-
-3. If you joined a group by mistake or if you no longer need to be part of it, you can select the group name from the **Join groups** page, and then select **Leave group**.
-
- ![Join groups page, with Leave group button highlighted](media/my-apps-portal/my-apps-portal-leave-group-link.png)
-
-## Next steps
--- [Access and use apps on the My Apps portal](my-apps-portal-end-user-access.md).--- [Change your profile information](./my-account-portal-settings.md).--- [Perform your own access reviews](my-apps-portal-end-user-access-reviews.md).
active-directory My Apps Portal End User Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-apps-portal-end-user-troubleshoot.md
- Title: Get help with the My Apps portal - Azure Active Directory| Microsoft Docs
-description: Get help with signing in to and performing common tasks in the My Apps portal.
-------- Previously updated : 01/19/2021-----
-# Troubleshoot problems with the My Apps portal
-
-If you're experiencing issues with signing in to or using the **My Apps** portal, try these troubleshooting tips before you contact helpdesk or your administrator for help.
-
-## I'm having trouble installing the My Apps Secure Sign-in Extension
-
-If you're having problems installing the My Apps Secure Sign-in Extension:
--- Make sure you're using a supported browser, including:-
- - **Microsoft Edge.** Running on Windows 10 Anniversary Edition or later.
-
- - **Google Chrome.** Running on Windows 7 or later, and on macOS X or later.
-
- - **Mozilla Firefox 26.0 or later.** Running on Windows XP SP2 or later, and on macOS X 10.6 or later.
-
- - **Internet Explorer 11.** Running on Windows 7 or later (limited support).
--- Make sure your browser extension settings are turned on.--- Try restarting your browser and signing in to the **My Apps** portal again.--- Try clearing your browser's cookies, and then restart and sign in to the **My Apps** portal again.-
-## I can't sign in to the **My Apps** portal
-
-If you're having trouble signing into the **My Apps** portal, you can try the following:
--- If you see an error signing in with a personal Microsoft account, you can still sign in by using the domain name for your organization (such as contoso.com) or the **Tenant ID** of your organization from your administrator in one of the following URLs:-
- - https://myapplications.microsoft.com?tenantId=*your_domain_name*
- - https://myapplications.microsoft.com?tenant=*your_tenant_ID*
--- Make sure you're using the right URL. It should be https://myapps.microsoft.com or a customized page for your organization, such as https://myapps.microsoft.com/contoso.com.--- Make sure your password is correct and hasn't expired. For more info, see [Reset your work or school password](active-directory-passwords-update-your-own-password.md).--- Make sure your verification info is current and accurate. For more information, see [What does Azure AD Multi-Factor Authentication mean for me?](./multi-factor-authentication-end-user-first-time.md) or [Changing your security info methods and information](./security-info-setup-auth-app.md).--- Add the **My App** portal URL to the **Internet Properties > Security > Trusted sites** setting.--- Clear your browser's cache and try to sign in again.-
-## My password isn't working
-
-If you forgot your password, never received one from your organization, are locked out of your account, or want to change your password, see [Help, I forgot my Azure AD password](active-directory-passwords-update-your-own-password.md).
-
-## I want to be able to reset my own password
-
-To be able to reset your own password, your administrator must first turn on the feature for your organization, and then you must update and verify your required verification methods. For more information about how to update your verification methods, see [Register for self-service password reset](active-directory-passwords-reset-register.md).
-
-## I'm getting an Access Denied message when I start an app
-
-If you're getting an **Access Denied** message after you start an app from the **My App** portal, you can try the following:
--- Make sure you've installed the [My Apps Secure Sign-in Extension](my-apps-portal-end-user-access.md#download-and-install-the-my-apps-secure-sign-in-extension) and that you're using a [supported browser](my-apps-portal-end-user-access.md#supported-browsers).--- Make sure you're using the right URL for the app, and that the URL is on your **Internet Properties > Security > Trusted sites** list.--- Make sure your password is correct and hasn't expired. For more info, see [Reset your work or school password](active-directory-passwords-update-your-own-password.md).--- Make sure your verification info is current and accurate. For more information, see [What does Azure AD Multi-Factor Authentication mean for me?](./multi-factor-authentication-end-user-first-time.md) or [Changing your security info methods and information](./security-info-setup-auth-app.md).--- Clear your browser's cache and try to sign in again.-
-If after trying these things you still can't access your app, you must contact your organization's Help desk for assistance.
-
-## Next steps
-
-After you sign in to the **My Apps** portal, you can also update your profile and account information, your group information, and access review information (if you have permission).
--- [Access and use apps on the My Apps portal](my-apps-portal-end-user-access.md).--- [Change your profile information](./my-account-portal-settings.md).--- [View and update your groups-related information](my-apps-portal-end-user-groups.md).--- [Perform your own access reviews](my-apps-portal-end-user-access-reviews.md).
active-directory My Apps Portal User Collections https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-apps-portal-user-collections.md
- Title: Organize apps into collections in the My Apps portal - Azure AD
-description: Learn how to create, edit, delete, hide, and show app collections in My Apps.
------- Previously updated : 04/07/2021------
-# Organize apps using collections from My Apps
-
-My Apps is your one-stop shop for launching and managing all of your work or school apps. Create collections to organize your apps and make it easier to find the apps you need.
-
-In this article, youΓÇÖll learn how to:
--- Create your own collections of apps-- Edit collections-- Reorder collections-- Hide collections-- Show hidden collections-- Delete collections-
->[!Note]
->If you see an error while signing in with a personal Microsoft account, you can still sign in by using the domain name for your organization (such as contoso.com) or the **Tenant ID** of your organization from your administrator in one of the following URLs:
->
-> - https://myapplications.microsoft.com?tenantId=*your_domain_name*
-> - https://myapplications.microsoft.com?tenant=*your_tenant_ID*
-
-## Create a collection
-
-1. Go to [My Apps collections](https://myapplications.microsoft.com/?endUserCollections) and sign in using your work or school account.
-1. Open the page menu :::image type="content" source="media/my-apps-portal-user-collections/17-ellipsis-icon.png" alt-text="Select the ellipsis icon for the page-level menu":::, and then select **Create new**.
-
- :::image type="content" source="media/my-apps-portal-user-collections/1-create-collection.png" alt-text="The page or ellipsis menu contains the Create new command":::
-
-1. Enter a name for your new collection and select **Continue**.
-
- :::image type="content" source="media/my-apps-portal-user-collections/2-select-continue.png" alt-text="Select the Continue button to name your collection and start adding apps":::
-
-1. Select all the apps youΓÇÖd like to include in the collection and select **Add** to finish adding them to the collection.
-
- :::image type="content" source="media/my-apps-portal-user-collections/3-add-apps.png" alt-text="Adding apps from the list to your collection":::
-
-1. On the **Create new** pane you can reorder or delete apps, or select **Add apps** to select more apps for the collection. When youΓÇÖre happy with your choices, select **Create new**.
-
- :::image type="content" source="media/my-apps-portal-user-collections/4-create-button.png" alt-text="Select the Create new button to save the collection to My Apps":::
-
-1. You can now see your new collection in My Apps.
-
- :::image type="content" source="media/my-apps-portal-user-collections/5-see-created-collection.png" alt-text="You can see the collection you created now in My Apps":::
-
-## Edit collections
-
-You can only edit collections you created. To edit a collection you already created:
-
-1. Go to [My Apps collections](https://myapplications.microsoft.com/?endUserCollections) and sign in using your work or school account.
-1. Open the page menu :::image type="content" source="media/my-apps-portal-user-collections/17-ellipsis-icon.png" alt-text="Select the ellipsis icon for the page-level menu":::, and select **Manage**.
-
- :::image type="content" source="media/my-apps-portal-user-collections/6-manage-apps.png" alt-text="The page or ellipsis menu contains the Manage command to manage your apps":::
-
-1. You can see all the collections to which you have access, whether they were created by you or your admin. Find the collection you want to edit, open the collection menu :::image type="content" source="media/my-apps-portal-user-collections/18-collection-menu-icon.png" alt-text="Select the ellipsis icon on a collection for the collection-level menu":::, and then select **Edit**.
-
- :::image type="content" source="media/my-apps-portal-user-collections/7-edit-command.png" alt-text="The collection's ellipsis menu contains the Edit commend":::
-
-1. On the edit pane, you can add or remove apps, or rename the collection.
-
- :::image type="content" source="media/my-apps-portal-user-collections/8-create-experience-for-edit.png" alt-text="The Create new button saves your editing changes":::
-
-## Reorder collections
-
-1. Go to [My Apps collections](https://myapplications.microsoft.com/?endUserCollections) and sign in using your work or school account.
-1. Open the page menu :::image type="content" source="media/my-apps-portal-user-collections/17-ellipsis-icon.png" alt-text="Select the ellipsis icon for the page-level menu":::, and then select **Manage**.
-
- :::image type="content" source="media/my-apps-portal-user-collections/9-manage-apps-again.png" alt-text="Use the Manage command to manage your apps":::
-
-1. From here you can set the order in which collections appear in My Apps. The collection at the top of the list will be the default collection you see every time you go to myapps.microsoft.com.
-
- :::image type="content" source="media/my-apps-portal-user-collections/10-default-collection.png" alt-text="My Apps now contains your new collection":::
-
-## Hide collections
-
-To hide a collection:
-
-1. Go to [My Apps collections](https://myapplications.microsoft.com/?endUserCollections) and sign in using your work or school account.
-1. Open the page menu :::image type="content" source="media/my-apps-portal-user-collections/17-ellipsis-icon.png" alt-text="Select the ellipsis icon for the page-level menu":::, and then select **Manage**.
-
- :::image type="content" source="media/my-apps-portal-user-collections/11-manage-apps-again.png" alt-text="The page-level ellipsis menu contains the Manage command to manage your apps":::
-
-1. You can see all the collections to which you have access, whether they were created by you or your admin. Find the collection you want to edit, open the collection menu :::image type="content" source="media/my-apps-portal-user-collections/18-collection-menu-icon.png" alt-text="Select the three dots icon on a collection for the collection-level menu":::, and then select **Hide**. Hidden collections show up in the same list of collections just under the Hidden drop down.
-
- :::image type="content" source="media/my-apps-portal-user-collections/12-hide-collection.png" alt-text="The collection ellipsis menu contains the Hide command":::
-
-## Make hidden collections visible
-
-To make a hidden collection visible:
-
-1. Go to [My Apps collections](https://myapplications.microsoft.com/?endUserCollections) and sign in using your work or school account.
-
-1. Open the page menu :::image type="content" source="media/my-apps-portal-user-collections/17-ellipsis-icon.png" alt-text="Select the ellipsis icon for the page-level menu":::, and then select **Manage**.
-
- :::image type="content" source="media/my-apps-portal-user-collections/13-manage-apps-again.png" alt-text="The page menu contains the Manage command to manage your apps":::
-
-1. Here you will see all the collections you have access to whether they were created by you or your admin. Hidden collections show up in the same list of collections just under the Hidden drop down. Find the collection you want to edit, open the collection menu :::image type="content" source="media/my-apps-portal-user-collections/18-collection-menu-icon.png" alt-text="Select the ellipsis icon on a collection for the collection-level menu":::, and then select **Show**. The collection will go to the end of your visible collections list.
-
- :::image type="content" source="media/my-apps-portal-user-collections/14-show-collection.png" alt-text="The collection ellipsis menu contains the Show command":::
-
-## Delete collections
-
-You can delete only collections you created. To delete a collection:
-
-1. Go to [My Apps collections](https://myapplications.microsoft.com/?endUserCollections) and sign in using your work or school account.
-1. Open the psge menu :::image type="content" source="media/my-apps-portal-user-collections/17-ellipsis-icon.png" alt-text="Select the ellipsis icon for the page-level menu":::, and then select **Manage**.
-
- :::image type="content" source="media/my-apps-portal-user-collections/15-manage-apps-again.png" alt-text="Select the Manage command to manage your apps":::
-
-1. Here you will see all the collections to which you have access, whether they were created by you or your admin. Find the collection you want to edit, open the collection menu :::image type="content" source="media/my-apps-portal-user-collections/18-collection-menu-icon.png" alt-text="Select the ellipsis icon on a collection for the collection-level menu":::, and then select **Delete**.
-
- :::image type="content" source="media/my-apps-portal-user-collections/16-delete-collection.png" alt-text="The collection ellipsis menu contains the Delete command":::
active-directory My Staff Team Manager https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/my-staff-team-manager.md
- Title: Manage passwords and phone numbers with My Staff - Azure AD | Microsoft Docs
-description: Manage passwords and phone numbers for your users with My Staff
------- Previously updated : 03/17/2021-----
-# Delegate user management with My Staff
-
-Your organization can use **My Staff** to delegate user management tasks to figures of authority, such as a store manager or team leader, to help their staff members access the applications that they need. If your team member can't access an application because they forget a password, productivity is lost. This also drives up support costs and causes a bottleneck in your administrative processes. With My Staff, a team member who can't access their account can regain access in just a couple of clicks, with no administrator help required.
-
-## Manage your staff in My Staff
-
-Managing your team members in My Staff is simple. To start, [go to My Staff](https://aka.ms/mystaff), select a team or location, and then select a user. Locations and the team members in a location are determined by your IT administrator and you can't change them.
-
-If you manage more than one location, when you go to My Staff you must select a location to see the team member who are assigned to the location.
-
-If you don't yet have sufficient permissions to access My Staff, you'll see the following message "Oops, seems you're not authorized to see My Staff at this time. Please contact your admin for more information."
-
-### Find a staff member in My Staff
-
-You must open the profile of a staff member before you can start managing them.
-
-1. [Open My Staff](https://aka.ms/mystaff) and, if needed, select a location.
-
- ![Select a location for a team member in My Staff](media/my-staff-team-manager/allaus.png)
-
-1. Open a team member's profile.
-
- ![Select one of the users in a location in My Staff](media/my-staff-team-manager/aupage.png)
-
-## Reset a user password
-
-If your organization has given you permission, you can reset passwords for your staff members.
-
-1. [Open My Staff](https://aka.ms/mystaff).
-1. Open a staff member's profile.
-1. Select **Reset password**.
-
- ![Reset a user password in My Staff](media/my-staff-team-manager/resetpassword1.png)
-
-1. Generate or enter the new password. You might be shown an automatically generated temporary password or you might be asked to enter a temporary password for the user.
-
- ![Copy the temporary user password after a reset in My Staff](media/my-staff-team-manager/resetpassword2.png)
-
-After you have reset the user's password, give the user the temporary password. When the user signs in with their temporary password, they are required to change it.
-
-## Manage a user's phone number
-
-If your organization has given you permission, you can manage phone numbers for your staff members.
-
-### Add a phone number
-
-1. [Open My Staff](https://aka.ms/mystaff).
-1. Open a staff member's profile.
-1. Select **Add phone number**.
-
- ![Add a user phone number in My Staff](media/my-staff-team-manager/addphone1.png)
-
-1. Add the phone number and select **Save**.
-
- ![Save the added user phone number in My Staff](media/my-staff-team-manager/addphone2.png)
-
-After you register a phone number for a user, they can use it to sign in with SMS, perform two-step verification, or reset their password on their own, depending on your organization's settings.
-
-![New phone number registered with My Staff](media/my-staff-team-manager/addphone3.png)
-
-### Edit a phone number
-
-1. [Open My Staff](https://aka.ms/mystaff).
-1. Open a staff member's profile.
-1. Select **Edit phone number**.
-
- ![Select Edit from the user profile in My Staff](media/my-staff-team-manager/editphone2.png)
-
-1. Enter the new phone number and select **Save**.
-
- ![Edit a staff member phone number in My Staff](media/my-staff-team-manager/editphone1.png)
-
-### Enable phone number sign-in for a user
-
-If sign-in using a phone number as a username (SMS sign-in) is enabled in your organization, you can add this authentication to an existing user phone number.
-
-1. [Open My Staff](https://aka.ms/mystaff).
-1. Open a staff member's profile.
-1. If there's a message at the bottom of the screen saying that signing in with your phone number as a username is available for you, select **Enable** to begin the process. This message appears if the user has been enabled to sign in with their phone number.
-
- ![See the message when phone sign-in is supported in a location in My Staff](media/my-staff-team-manager/enableforms1.png)
-
-1. Select **OK** when you're done.
-
- ![Screenshot that shows the "Enable phone number for sign in?" window with the "OK" button selected.](media/my-staff-team-manager/enableforms2.png)
-
-### Remove a phone number
-
-1. [Open My Staff](https://aka.ms/mystaff).
-1. Open a staff member's profile.
-1. Select **Remove phone number**.
-1. Select **Delete** when you're done.
-
- ![Remove a staff member phone number in My Staff](media/my-staff-team-manager/deletephone1.png)
active-directory Security Info App Passwords https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/security-info-app-passwords.md
- Title: Create app passwords from Security info (preview) page - Azure AD
-description: Create auto-generated passwords (app passwords) to use with any non-browser app, or any app that doesn't support two-factor verification, in your organization. This app password is separate from a normal password and can be set up from the Security info page.
--------- Previously updated : 02/13/2018---
-# Create app passwords from the Security info (preview) page
-
-Certain apps, such as Outlook 2010, don't support two-step verification. This lack of support means that if you're using two-step verification in your organization, the app won't work. To get around this problem, you can create an auto-generated password to use with each non-browser app, separate from your normal password.
--
->[!Important]
->Your administrator may not allow you to use app passwords. If you don't see **App passwords** as an option, they're not available in your organization.
-
-When using app passwords, it's important to remember:
--- App passwords are auto-generated, and should be created and entered once per app.--- There's a limit of 40 passwords per user. If you try to create one after that limit, you'll be prompted to delete an existing password before being allowed to create the new one.-
- >[!Note]
- >Office 2013 clients (including Outlook) support new authentication protocols and can be used with two-step verification. This support means that after two-step verification is turned on, you'll no longer need app passwords for Office 2013 clients. For more info, see the [How modern authentication works for Office 2013 and Office 2016 client apps](https://support.office.com/article/how-modern-authentication-works-for-office-2013-and-office-2016-client-apps-e4c45989-4b1a-462e-a81b-2a13191cf517) article.
-
-## Create new app passwords
-
-If you use two-step verification with your work or school account and your administrator has turned on the security info experience, you can create and delete your app passwords using the **Security info** page.
-
->[!Note]
->If your administrator hasn't turned on the security info experience, you must follow the instructions and information in the [Manage app passwords for two-step verification](multi-factor-authentication-end-user-app-passwords.md) section.
-
-### To create a new app password
-
-1. Sign in to your work or school account and then go to your https://myaccount.microsoft.com/ page.
-
- ![My Profile page, showing highlighted Security info links](media/security-info/securityinfo-myprofile-page.png)
-
-2. Select **Security info** from the left navigation pane or from the link in the **Security info** block, and then select **Add method** from the **Security info** page.
-
- ![Security info page with highlighted Add method option](media/security-info/securityinfo-myprofile-addmethod-page.png)
-
-3. On the **Add a method** page, select **App password** from the drop-down list, and then select **Add**.
-
- ![Add method box, with App password selected](media/security-info/securityinfo-myprofile-addpassword.png)
-
-4. Type the name of the app that requires the app password, and then select **Next**.
-
- ![Screenshot that shows the "App password" page, with the name of the app entered.](media/security-info/securityinfo-myprofile-password-appname.png)
-
-5. Copy the text from the **Password** box, paste the password in the password area of the app (in this example, Outlook 2010), and then select **Done**.
-
- ![App password page, with name of app](media/security-info/securityinfo-myprofile-password-copytext.png)
-
- The password is added and you can successfully log in to your app going forward.
-
-## Delete your app passwords
-
-If you no longer need to use an app that requires an app password, you can delete the associated app password. Deleting the app password frees up one of the available app password spots for use in the future.
-
->[!Important]
->If you delete an app password by mistake, there's no way to undo it. You'll have to create a new app password and re-enter it into the app, following the steps in the [Create new app passwords](#create-new-app-passwords) section of this article.
-
-### To delete an app password
-
-1. On the **Security info** page, select the **Delete** link next to the **App password** option for the specific app.
-
- ![Link to delete the app password method from security info](media/security-info/securityinfo-myprofile-password-appdelete.png)
-
-2. Select **Yes** from the confirmation box to delete the **App password**. After the app password is deleted, it's removed from your security info and it disappears from the **Security info** page.
-
-## For more information
--- For more information about the **Security info** page and how to set it up, see [Security info overview](./security-info-setup-signin.md)
active-directory Security Info Setup Auth App https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/security-info-setup-auth-app.md
- Title: Set up the Microsoft Authenticator app as your verification method - Azure AD
-description: How to set up your Security info (preview) page to verify your identity using the Microsoft Authenticator app as your verification method.
--------- Previously updated : 06/10/2021---
-# Set up the Microsoft Authenticator app as your verification method
-
-You can follow these steps to add your two-factor verification and password reset methods. After you've set this up the first time, you can return to the **Security info** page to add, update, or delete your security information.
-
-If you're prompted to set this up immediately after you sign in to your work or school account, see the detailed steps in the [Set up your security info from the sign-in page prompt](security-info-setup-signin.md) article.
--
->[!Note]
-> If you don't see the authenticator app option, it's possible that your organization doesn't allow you to use this option for verification. In this case, you'll need to choose another method or contact your organization's help desk for more assistance.
-
-## Security vs password reset verification
-
-Security info methods are used for both two-factor security verification and for password reset. However, not all methods can be used for both.
-
-| Method | Used for |
-| | -- |
-| Authenticator app | Two-factor verification and password reset authentication. |
-| Text messages | Two-factor verification and password reset authentication. |
-| Phone calls | Two-factor verification and password reset authentication. |
-| Security key | Two-factor verification and password reset authentication. |
-| Email account | Password reset authentication only. You'll need to choose another method for two-factor verification. |
-| Security questions | Password reset authentication only. You'll need to choose another method for two-factor verification. |
-
-## Set up the Microsoft Authenticator app from the Security info page
-
-Depending on your organizationΓÇÖs settings, you might be able to use an authentication app as one of your security info methods. You aren't required to use the Microsoft Authenticator app, and you can choose a different app during the set up process. However, this article uses the Microsoft Authenticator app.
-
-> [!IMPORTANT]
-> If you have set up the Microsoft Authenticator app on five different devices or if you've used five hardware tokens, you won't be able to set up a sixth one, and you might see the following error message:
->
-> **You can't set up Microsoft Authenticator because you already have five authenticator apps or hardware tokens. Please contact your administrator to delete one of your authenticator apps or hardware tokens.**
-
-### To set up the Microsoft Authenticator app
-
-1. Sign in to your work or school account and then go to your https://myaccount.microsoft.com/ page.
-
- ![My Profile page, showing highlighted Security info links](media/security-info/securityinfo-myprofile-page.png)
-
-2. Select **Security info** in the left menu or by using the link in the **Security info** pane. If you have already registered, you'll be prompted for two-factor verification. Then, select **Add method** in the **Security info** pane.
-
- ![Security info page with highlighted Add method option](media/security-info/securityinfo-myprofile-addmethod-page.png)
-
-3. On the **Add a method** page, select **Authenticator app** from the drop-down list, and then select **Add**.
-
- ![Add method box, with Authenticator app selected](media/security-info/securityinfo-myprofile-addauthapp.png)
-
-4. On the **Start by getting the app** page, select **Download now** to download and install the Microsoft Authenticator app on your mobile device, and then select **Next**.
-
- For more information about how to download and install the app, see [Download and install the Microsoft Authenticator app](user-help-auth-app-download-install.md).
-
- ![Start by getting the app page](media/security-info/securityinfo-myprofile-getauthapp.png)
-
- > [!Note]
- > If you want to use an authenticator app other than the Microsoft Authenticator app, select the **I want to use a different authenticator app** link.
- >
- > If your organization lets you choose a different method besides the authenticator app, you can select the **I want to set up a different method link**.
-
-5. Remain on the **Set up your account** page while you set up the Microsoft Authenticator app on your mobile device.
-
- ![Set up the authenticator app page](media/security-info/securityinfo-myprofile-setupauthapp.png)
-
-6. Open the Microsoft Authenticator app, select to allow notifications (if prompted), select **Add account** from the **Customize and control** icon on the upper-right, and then select **Work or school account**.
-
- >[!Note]
- >If this is the first time you're setting up the Microsoft Authenticator app, you might receive a prompt asking whether to allow the app to access your camera (iOS) or to allow the app to take pictures and record video (Android). You must select **Allow** so the authenticator app can access your camera to take a picture of the QR code in the next step. If you don't allow the camera, you can still set up the authenticator app, but you'll need to add the code information manually. For information about how to add the code manually, see see [Manually add an account to the app](user-help-auth-app-add-account-manual.md).
-
-7. Return to the **Set up your account** page on your computer, and then select **Next**.
-
- The **Scan the QR code** page appears.
-
- ![Scan the QR code using the Authenticator app](media/security-info/securityinfo-myprofile-qrcodeauthapp.png)
-
-8. Scan the provided code with the Microsoft Authenticator app QR code reader, which appeared on your mobile device after you created your work or school account in Step 6.
-
- The authenticator app should successfully add your work or school account without requiring any additional information from you. However, if the QR code reader can't read the code, you can select the **Can't scan the QR code link** and manually enter the code and URL into the Microsoft Authenticator app. For more information about manually adding a code, see [Manually add an account to the app](user-help-auth-app-add-account-manual.md).
-
-9. Select **Next** on the **Scan the QR code** page on your computer.
-
- A notification is sent to the Microsoft Authenticator app on your mobile device, to test your account.
-
- ![Test your account with the authenticator app](media/security-info/securityinfo-myprofile-tryitauthapp.png)
-
-10. Approve the notification in the Microsoft Authenticator app, and then select **Next**.
-
- ![Success notification, connecting the app and your account](media/security-info/securityinfo-myprofile-successauthapp.png)
-
- Your security info is updated to use the Microsoft Authenticator app by default to verify your identity when using two-step verification or password reset.
-
-## Delete your authenticator app from your security info methods
-
-If you no longer want to use your authenticator app as a security info method, you can remove it from the **Security info** page. This works for all authenticator apps, not just the Microsoft Authenticator app. After you delete the app, you'll have to go into the authenticator app on your mobile device and delete the account.
-
->[!Important]
->If you delete the authenticator app by mistake, there's no way to undo it. You'll have to add the authenticator app again, following the steps in the [Set up the authenticator app](#set-up-the-microsoft-authenticator-app-from-the-security-info-page) section of this article.
-
-### To delete the authenticator app
-
-1. On the **Security info** page, select the **Delete** link next to the Authenticator app.
-
- ![Link to delete the authenticator app from security info](media/security-info/securityinfo-myprofile-deleteauthapp.png)
-
-2. Select **Yes** from the confirmation box to delete the authenticator app. After the authenticator app is deleted, it's removed from your security info and it disappears from the **Security info** page. If the authenticator app is your default method, the default will change to another available method.
-
-3. Open the authenticator app on your mobile device, select **Edit accounts**, and then delete your work or school account from the authenticator app.
-
- Your account is completely removed from the authenticator app for two-factor verification and password reset requests.
-
-## Change your default security info method
-
-If you want the authenticator app to be the default method used when you sign-in to your work or school account using two-factor verification or for password reset requests, you can set it from the Security **info** page.
-
->[!NOTE]
->If your default sign-in method is a text or call to your phone number, then the SMS code or voice call is sent automatically during multifactor authentication. As of June 2021, some apps will ask users to choose **Text** or **Call** first. This option prevents sending too many security codes for different apps. If your default sign-in method is the Microsoft Authenticator app ([which we highly recommend](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/it-s-time-to-hang-up-on-phone-transports-for-authentication/ba-p/1751752)), then the app notification is sent automatically.
-
-### To change your default security info method
-
-1. On the **Security info** page, select the **Change** link next to the **Default sign-in method** information.
-
- ![Change link for default sign-in method](media/security-info/securityinfo-myprofile-changedefaultauthapp.png)
-
-2. Choose **Microsoft Authenticator - notification** from the drop-down list of available methods. If you're not using the Microsoft Authenticator app, select the **Authenticator app or hardware token** option.
-
- ![Choose method for default sign-in](media/security-info/securityinfo-myprofile-defaultauthapp.png)
-
-3. Select **Confirm**.
-
- The default method used for sign-in changes to the Microsoft Authenticator app.
-
-## Additional security info methods
-
-You have additional options for how your organization contacts you to verify your identity, based on what's you're trying to do. The options include:
--- **Mobile device text.** Enter your mobile device number and get a text a code you'll use for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a text message (SMS), see [Set up security info to use text messaging (SMS)](security-info-setup-text-msg.md).--- **Mobile device or work phone call.** Enter your mobile device number and get a phone call for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a phone number, see [Set up security info to use phone calls](security-info-setup-phone-number.md).--- **Security key.** Register your Microsoft-compatible security key and use it along with a PIN for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a security key, see [Set up security info to use a security key](security-info-setup-security-key.md).--- **Email address.** Enter your work or school email address to get an email for password reset. This option isn't available for two-step verification. For step-by-step instructions about how to set up your email, see [Set up security info to use email](security-info-setup-email.md).--- **Security questions.** Answer some security questions created by your administrator for your organization. This option is only available for password reset and not for two-step verification. For step-by-step instructions about how to set up your security questions, see the [Set up security info to use security questions](security-info-setup-questions.md) article.-
- >[!Note]
- >If some of these options are missing, it's most likely because your organization doesn't allow those methods. If this is the case, you'll need to choose an available method or contact your administrator for more help.
-
-## Next steps
--- Sign-in using the Microsoft Authenticator app, following steps in the [Sign in using two-step verification or security info](security-info-setup-signin.md) article.--- Reset your password if you've lost or forgotten it, from the [Password reset portal](https://passwordreset.microsoftonline.com/) or follow the steps in the [Reset your work or school password](active-directory-passwords-update-your-own-password.md) article.--- Get troubleshooting tips and help for sign-in problems in the [Can't sign in to your Microsoft account](https://support.microsoft.com/help/12429/microsoft-account-sign-in-cant) article.
active-directory Security Info Setup Email https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/security-info-setup-email.md
- Title: Set up an email address as your verification method - Azure AD
-description: How to set up your Security info (preview) page to verify your identity using an email address as your verification method.
--------- Previously updated : 02/13/2019---
-# Set up an email address as your verification method
-
-You can follow these steps to add your password reset method. After you've set this up the first time, you can return to the **Security info** page to add, update, or delete your security information.
--
->[!Note]
->If you don't see an email option, it's possible that your organization doesn't allow you to use this option for your password reset method. In this case, you'll need to choose another method or contact your organization's help desk for more help.
-
-## Security vs password reset verification
-
-Security info methods are used for both two-factor security verification and for password reset. However, not all methods can be used for both.
-
-| Method | Used for |
-| | -- |
-| Authenticator app | Two-factor verification and password reset authentication. |
-| Text messages | Two-factor verification and password reset authentication. |
-| Phone calls | Two-factor verification and password reset authentication. |
-| Security key | Two-factor verification and password reset authentication. |
-| Email account | Password reset authentication only. You'll need to choose another method for two-factor verification. |
-| Security questions | Password reset authentication only. You'll need to choose another method for two-factor verification. |
-
-## Set up your email address from the Security info page
-
-Depending on your organizationΓÇÖs settings, you might be able to use your email address as one of your security info methods.
-
->[!Note]
->We recommend using an email address that doesn't require your network password to access. If you don't see the email option, it's possible that your organization doesn't allow you to use an email for verification. If this is the case, you'll need to choose another method or contact your administrator for more help.
-
-### To set up your email address
-
-1. Sign in to your work or school account and then go to your https://myaccount.microsoft.com/ page.
-
- ![My Profile page, showing highlighted Security info links](media/security-info/securityinfo-myprofile-page.png)
-
-2. Select **Security info** from the left navigation pane or from the link in the **Security info** block, and then select **Add method** from the **Security info** page.
-
- ![Security info page with highlighted Add method option](media/security-info/securityinfo-myprofile-addmethod-page.png)
-
-3. On the **Add a method** page, select **Email** from the drop-down list, and then select **Add**.
-
- ![Add method box, with email selected](media/security-info/securityinfo-myprofile-addemail.png)
-
-4. On the **Email** page, type your email address (for example, alain@gmail.com), and then select **Next**.
-
- ![Add phone number and choose phone calls](media/security-info/securityinfo-myprofile-emailaddress.png)
-
- >[!Important]
- >This email address can't be your work or school email.
-
-5. Type the code sent to your specified email address, and then select **Next**.
-
- ![Add phone number and choose text messages](media/security-info/securityinfo-myprofile-emailcode.png)
-
- Your security info is updated and you can use your email address to verify your identity when using password reset.
-
-## Delete your email address from your security info methods
-
-If you no longer want to use your email address as a security info method, you can remove it from the **Security info** page.
-
->[!Important]
->If you delete your email address by mistake, there's no way to undo it. You'll have to add the method again, following the steps in the [Set up your email address](#set-up-your-email-address-from-the-security-info-page) section of this article.
-
-### To delete your email address
-
-1. On the **Security info** page, select the **Delete** link next to the **Email** option.
-
- ![Link to delete the phone method from security info](media/security-info/securityinfo-myprofile-emaildelete.png)
-
-2. Select **Yes** from the confirmation box to delete the **Email** account. After the email account is deleted, it's removed from your security info and it disappears from the **Security info** page.
-
-## Additional security info methods
-
-You have additional options for how your organization contacts you to verify your identity, based on what's you're trying to do. The options include:
--- **Authenticator app.** Download and use an authenticator app to get either an approval notification or a randomly generated approval code for two-step verification or password reset. For step-by-step instructions about how to set up and use the Microsoft Authenticator app, see [Set up security info to use an authenticator app](security-info-setup-auth-app.md).--- **Mobile device text.** Enter your mobile device number and get a text a code you'll use for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a text message (SMS), see [Set up security info to use text messaging (SMS)](security-info-setup-text-msg.md).--- **Mobile device or work phone call.** Enter your mobile device number and get a phone call for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a phone number, see [Set up security info to use phone calls](security-info-setup-phone-number.md).--- **Security key.** Register your Microsoft-compatible security key and use it along with a PIN for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a security key, see [Set up security info to use a security key](security-info-setup-security-key.md).--- **Security questions.** Answer some security questions created by your administrator for your organization. This option is only available for password reset and not for two-step verification. For step-by-step instructions about how to set up your security questions, see the [Set up security info to use security questions](security-info-setup-questions.md) article.-
- >[!Note]
- >If some of these options are missing, it's most likely because your organization doesn't allow those methods. If this is the case, you'll need to choose an available method or contact your administrator for more help.
-
-## Next steps
--- Reset your password if you've lost or forgotten it, from the [Password reset portal](https://passwordreset.microsoftonline.com/) or follow the steps in the [Reset your work or school password](active-directory-passwords-update-your-own-password.md) article.--- Get troubleshooting tips and help for sign-in problems in the [Can't sign in to your Microsoft account](https://support.microsoft.com/help/12429/microsoft-account-sign-in-cant) article.
active-directory Security Info Setup Phone Number https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/security-info-setup-phone-number.md
- Title: Set up your phone number as your verification method - Azure AD
-description: How to set up your Security info (preview) page to verify your identity using your phone number and mobile device as your verification method.
--------- Previously updated : 02/13/2019---
-# Set up a phone number as your verification method
-
-You can follow these steps to add your two-factor verification and password reset methods. After you've set this up the first time, you can return to the **Security info** page to add, update, or delete your security information.
-
-If you're prompted to set this up immediately after you sign in to your work or school account, see the detailed steps in the [Set up your security info from the sign-in page prompt](security-info-setup-signin.md) article.
--
-> [!Note]
-> Security info doesn't support using phone extensions. Even if you add the proper format, +1 4255551234X12345, the extensions are removed before the call is placed.
->
-> If you don't see a phone option, it's possible that your organization doesn't allow you to use this option for verification. In this case, you'll need to choose another method or contact your organization's help desk for more assistance.
-
-## Security verification versus password reset authentication
-
-Security info methods are used for both two-factor security verification and for password reset. However, not all methods can be used for both.
-
-| Method | Used for |
-| | -- |
-| Authenticator app | Two-factor verification and password reset authentication. |
-| Text messages | Two-factor verification and password reset authentication. |
-| Phone calls | Two-factor verification and password reset authentication. |
-| Security key | Two-factor verification and password reset authentication. |
-| Email account | Password reset authentication only. You'll need to choose another method for two-factor verification. |
-| Security questions | Password reset authentication only. You'll need to choose another method for two-factor verification. |
-
-## Set up phone calls from the Security info page
-
-Depending on your organizationΓÇÖs settings, you might be able to use phone calls as one of your security info methods.
-
->[!Note]
->If you want to receive a text message instead of a phone call, follow the steps in the [Set up security info to use text messaging](security-info-setup-text-msg.md) article.
-
-### To set up phone calls
-
-1. Sign in to your work or school account and then go to your https://myaccount.microsoft.com/ page.
-
- ![My Profile page, showing highlighted Security info links](media/security-info/securityinfo-myprofile-page.png)
-
-2. Select **Security info** from the left navigation pane or from the link in the **Security info** block, and then select **Add method** from the **Security info** page.
-
- ![Security info page with highlighted Add method option](media/security-info/securityinfo-myprofile-addmethod-page.png)
-
-3. On the **Add a method** page, select **Phone** from the drop-down list, and then select **Add**.
-
- ![Add method box, with Phone selected](media/security-info/securityinfo-myprofile-addphonetext.png)
-
-4. On the **Phone** page, type the phone number for your mobile device, choose **Call me**, and then select **Next**.
-
- ![Add phone number and choose phone calls](media/security-info/securityinfo-myprofile-phonecall-addnumber.png)
-
-5. Answer the verification phone call, sent to the phone number you entered, and follow the instructions.
-
- The page changes to show your success.
-
- ![Success notification, connecting the phone number, the choice to receive phone calls, and your account](media/security-info/securityinfo-myprofile-phonetext-success.png)
-
- Your security info is updated and you can use phone calls to verify your identity when using two-step verification or password reset. If you want to make phone calls your default method, see the [Change your default security info method](#change-your-default-security-info-method) section of this article.
-
-## Delete phone calls from your security info methods
-
-If you no longer want to use phone calls as a security info method, you can remove it from the **Security info** page.
-
->[!Important]
->If you delete phone calls by mistake, there's no way to undo it. You'll have to add the method again, following the steps in the [Set up phone calls](#set-up-phone-calls-from-the-security-info-page) section of this article.
-
-### To delete phone calls
-
-1. On the **Security info** page, select the **Delete** link next to the **Phone** option.
-
- ![Link to delete the phone method from security info](media/security-info/securityinfo-myprofile-phonetext-delete.png)
-
-2. Select **Yes** from the confirmation box to delete the **Phone** number. After your phone number is deleted, it's removed from your security info and it disappears from the **Security info** page. If **Phone** is your default method, the default will change to another available method.
-
-## Change your default security info method
-
-If you want phone calls to be the default method used when you sign-in to your work or school account using two-factor verification or for password reset requests, you can set it from the **Security info** page.
-
-### To change your default security info method
-
-1. On the **Security info** page, select the **Change** link next to the **Default sign-in method** information.
-
- ![Change link for default sign-in method](media/security-info/securityinfo-myprofile-phonetext-defaultchange.png)
-
-2. Select **Phone - call (*_your_phone_number_*)** from the drop-down list of available methods, and then select **Confirm**.
-
- ![Choose method for default sign-in](media/security-info/securityinfo-myprofile-phonecall-changeddefault.png)
-
- The default method used for sign-in changes to **Phone - call (*_your_phone_number_*)**.
-
-## Additional security info methods
-
-You have additional options for how your organization contacts you to verify your identity, based on what's you're trying to do. The options include:
--- **Authenticator app.** Download and use an authenticator app to get either an approval notification or a randomly generated approval code for two-step verification or password reset. For step-by-step instructions about how to set up and use the Microsoft Authenticator app, see [Set up security info to use an authenticator app](security-info-setup-auth-app.md).--- **Mobile device text.** Enter your mobile device number and get a text a code you'll use for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a text message (SMS), see [Set up security info to use text messaging (SMS)](security-info-setup-text-msg.md).--- **Security key.** Register your Microsoft-compatible security key and use it along with a PIN for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a security key, see [Set up security info to use a security key](security-info-setup-security-key.md).--- **Email address.** Enter your work or school email address to get an email for password reset. This option isn't available for two-step verification. For step-by-step instructions about how to set up your email, see [Set up security info to use email](security-info-setup-email.md).--- **Security questions.** Answer some security questions created by your administrator for your organization. This option is only available for password reset and not for two-step verification. For step-by-step instructions about how to set up your security questions, see the [Set up security info to use security questions](security-info-setup-questions.md) article.-
- >[!Note]
- >If some of these options are missing, it's most likely because your organization doesn't allow those methods. If this is the case, you'll need to choose an available method or contact your administrator for more help.
-
-## Next steps
--- Reset your password if you've lost or forgotten it, from the [Password reset portal](https://passwordreset.microsoftonline.com/) or follow the steps in the [Reset your work or school password](active-directory-passwords-update-your-own-password.md) article.--- Get troubleshooting tips and help for sign-in problems in the [Can't sign in to your Microsoft account](https://support.microsoft.com/help/12429/microsoft-account-sign-in-cant) article.
active-directory Security Info Setup Questions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/security-info-setup-questions.md
- Title: Set up security questions as your verification method - Azure AD
-description: How to set up your Security info (preview) page to verify your identity using pre-defined security questions as your verification method.
--------- Previously updated : 02/13/2019---
-# Set up security questions as your verification method
-
-You can follow these steps to add your password reset method. After you've set this up the first time, you can return to the **Security info** page to add, update, or delete your security information.
--
->[!Note]
->If you don't see the security questions option, it's possible that your organization doesn't allow you to use this option for your password reset method. In this case, you'll need to choose another method or contact your organization's help desk for more help.
-
-## Security verification versus password reset authentication
-
-Security info methods are used for both two-factor security verification and for password reset. However, not all methods can be used for both.
-
-| Method | Used for |
-| | -- |
-| Authenticator app | Two-factor verification and password reset authentication. |
-| Text messages | Two-factor verification and password reset authentication. |
-| Phone calls | Two-factor verification and password reset authentication. |
-| Security key | Two-factor verification and password reset authentication. |
-| Email account | Password reset authentication only. You'll need to choose another method for two-factor verification. |
-| Security questions | Password reset authentication only. You'll need to choose another method for two-factor verification. |
-
-## Set up your security questions from the Security info page
-
-Depending on your organizationΓÇÖs settings, you might be able to choose and answer a few security questions as one of your security info methods. Your administrator sets up the number of security questions you're required to choose and answer.
-
-If you use security questions, we recommend using them in conjunction with another method. Security questions can be less secure than other methods because some people might know the answers to your questions.
-
-> [!Note]
-> Security questions are stored privately and securely on a user object in the directory and can only be answered by you during registration. There is no way for your administrator to read or modify your questions or answers.
->
-> If you don't see the security questions option, it's possible that your organization doesn't allow you to use security questions for verification. If this is the case, you'll need to choose another method or contact your administrator for more help.
->
-> Administrator accounts are not allowed to use Security Questions as a password reset method. If you are logged in as an admin level account you will not see these options.
-
-### To set up your security questions
-
-1. Sign in to your work or school account and then go to your https://myaccount.microsoft.com/ page.
-
- ![My Profile page, showing highlighted Security info links](media/security-info/securityinfo-myprofile-page.png)
-
-2. Select **Security info** from the left navigation pane or from the link in the **Security info** block, and then select **Add method** from the **Security info** page.
-
- ![Security info page with highlighted Add method option](media/security-info/securityinfo-myprofile-addmethod-page.png)
-
-3. On the **Add a method** page, select **Security questions** from the drop-down list, and then select **Add**.
-
- ![Add method box, with security questions selected](media/security-info/securityinfo-myprofile-addquestions.png)
-
-4. On the **Security questions** page, choose and answer your security questions, and then select **Save**.
-
- ![Add phone number and choose phone calls](media/security-info/securityinfo-myprofile-securityquestions.png)
-
- Your security info is updated and you can use your security questions to verify your identity when using password reset.
-
-## Delete security questions from your security info methods
-
-If you no longer want to use your security questions as a security info method, you can remove them from the **Security info** page.
-
->[!Important]
->If you delete your security questions by mistake, there's no way to undo it. You'll have to add the method again, following the steps in the [Set up your security questions](#set-up-your-security-questions-from-the-security-info-page) section of this article.
-
-### To delete your security questions
-
-1. On the **Security info** page, select the **Delete** link next to the **Security questions** option.
-
- ![Link to delete the phone method from security info](media/security-info/securityinfo-myprofile-questionsdelete.png)
-
-2. Select **Yes** from the confirmation box to delete your **Security questions**. After your security questions are deleted, the method is removed from your security info and it disappears from the **Security info** page.
-
-## Additional security info methods
-
-You have additional options for how your organization contacts you to verify your identity, based on what's you're trying to do. The options include:
--- **Authenticator app.** Download and use an authenticator app to get either an approval notification or a randomly generated approval code for two-step verification or password reset. For step-by-step instructions about how to set up and use the Microsoft Authenticator app, see [Set up security info to use an authenticator app](security-info-setup-auth-app.md).--- **Mobile device text.** Enter your mobile device number and get a text a code you'll use for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a text message (SMS), see [Set up security info to use text messaging (SMS)](security-info-setup-text-msg.md).--- **Mobile device or work phone call.** Enter your mobile device number and get a phone call for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a phone number, see [Set up security info to use phone calls](security-info-setup-phone-number.md).--- **Security key.** Register your Microsoft-compatible security key and use it along with a PIN for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a security key, see [Set up security info to use a security key](security-info-setup-security-key.md).--- **Email address.** Enter your work or school email address to get an email for password reset. This option isn't available for two-step verification. For step-by-step instructions about how to set up your email, see [Set up security info to use email](security-info-setup-email.md).-
- >[!Note]
- >If some of these options are missing, it's most likely because your organization doesn't allow those methods. If this is the case, you'll need to choose an available method or contact your administrator for more help.
-
-## Next steps
--- Reset your password if you've lost or forgotten it, from the [Password reset portal](https://passwordreset.microsoftonline.com/) or follow the steps in the [Reset your work or school password](active-directory-passwords-update-your-own-password.md) article.--- Get troubleshooting tips and help for sign-in problems in the [Can't sign in to your Microsoft account](https://support.microsoft.com/help/12429/microsoft-account-sign-in-cant) article.
active-directory Security Info Setup Security Key https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/security-info-setup-security-key.md
- Title: Set up a security key as your verification method - Azure AD
-description: How to set up your Security info (preview) page to verify your identity to use a Fast Identity Online (FIDO2) security key as your verification method.
--------- Previously updated : 07/18/2019---
-# Set up a security key as your verification method
-
-You can use security keys as a passwordless sign-in method within your organization. A security key is a physical device that's used with a unique PIN to sign-in to your work or school account. Because security keys require you to have the physical device and something only you know, it's considered a stronger verification method than a username and password.
--
->[!Note]
-> If you don't see the security key option, it's possible that your organization doesn't allow you to use this option for verification. In this case, you'll need to choose another method or contact your organization's help desk for more assistance.
-
-## Security verification versus password reset authentication
-
-Security info methods are used for both two-factor security verification and for password reset. However, not all methods can be used for both.
-
-| Method | Used for |
-| | -- |
-| Authenticator app | Two-factor verification and password reset authentication. |
-| Text messages | Two-factor verification and password reset authentication. |
-| Phone calls | Two-factor verification and password reset authentication. |
-| Security key | Two-factor verification and password reset authentication. |
-| Email account | Password reset authentication only. You'll need to choose another method for two-factor verification. |
-| Security questions | Password reset authentication only. You'll need to choose another method for two-factor verification. |
-
-## What is a security key?
-
-We currently support several designs and providers of security keys using the [Fast Identity Online (FIDO)](https://fidoalliance.org/fido2/) (FIDO2) passwordless authentication protocols. These keys allow you to sign in to your work or school account to access your organization's cloud-based resources when on a supported device and web browser.
-
-Your administrator or your organization will provide you with a security key if they require it for your work or school account. There are different types of security keys you can use, for example a USB key that you plug in to your device or an NFC key that you tap on an NFC reader. You can find out more information about your security key, including what type it is, from the manufacturer's documentation.
-
-> [!Note]
-> If you're unable to use a FIDO2 security key, there are other passwordless verification methods you can use such as the Microsoft Authenticator app or Windows Hello. For more information about the Microsoft Authenticator app, see [What is the Microsoft Authenticator app?](user-help-auth-app-overview.md). For more information about Windows Hello, see [Windows Hello overview](https://www.microsoft.com/windows/windows-hello).
-
-## Before you begin
-
-Before you are able to register your security key, the following must be true:
--- Your administrator has turned on this feature for use within your organization.--- You're on a device running the Windows 10 May 2019 Update and using a supported browser.--- You have a physical security key approved by your administrator or your organization. Your security key must be both FIDO2 and Microsoft-compliant. If you have any questions about your security key and whether it's compatible, contact your organization's help desk.-
-## Register your security key
-
-You must create your security key and give it a unique PIN before you can sign in to your work or school account using the key. You may have up to 10 keys registered with your account.
-
-1. Go to the **My Profile** page at https://myaccount.microsoft.com and sign in if you haven't already done so.
-
-2. Select **Security Info**, select **Add method**, and then select **Security key** from the **Add a method** drop-down list.
-
- ![Add method box, with Security key selected](media/security-info/security-info-security-key-add-method.png)
-
-3. Select **Add**, and then select the type of security key you have, either **USB device** or **NFC device**.
-
- ![Choose whether you have a USB or NFC type of security key](media/security-info/security-info-security-key-choose-type.png)
-
- > [!Note]
- > If you aren't sure which type of security key you have, refer to the manufacturer's documentation. If you aren't sure about the manufacturer, contact your organization's help desk for assistance.
-
-4. Have your security key physically available and then in the **Security key** box, select **Next**.
-
- ![Security key start registration box](media/security-info/security-info-security-key-start-setup.png)
-
- A new box appears to help walk you through setting up your new sign-in method.
-
-5. In the **Setting up your new sign-in method** box, select **Next**, and then:
-
- - If your security key is a USB device, insert your security key into the USB port of your device.
-
- - If your security key is an NFC device, tap your security key to your reader.
-
-6. Type your unique security key PIN into the **Windows security** box, and then select **OK**.
-
- You'll return to the **Setting up your new sign-in method** box.
-
-7. Select **Next**.
-
-8. Return to the **Security info** page, type a name you'll recognize later for your new security key, and then select **Next**.
-
- ![Security info page, naming your security key](media/security-info/security-info-security-key-name.png)
-
- Your security key is registered and ready for you to use for sign in to your work or school account.
-
-9. Select **Done** to close the **Security key** box.
-
- The **Security info** page is updated with your security key information.
-
- ![Security info page, with all registered methods shown](media/security-info/security-info-security-key-configured.png)
-
-## Delete a security key from your security info
-
-If you misplace or no longer want to use a security key, you can delete the key from your security info. While this stops the security key from being used with your work or school account, the security key continues to store your data and credential information. To delete your data and credential information from the security key itself, you must follow the instructions in the [Reset a Microsoft-compatible security key](#reset-your-security-key) section of this article.
-
-1. Select the **Delete** link from the security key to remove.
-
-2. Select **Ok** from the **Delete security key** box.
-
- Your security key is deleted and you'll no longer be able to use it to sign in to your work or school account.
-
->[!Important]
->If you delete a security key by mistake, you can register it again using the instructions in the [How to register your security key](#register-your-security-key) section of this article.
-
-## Manage your security key settings from Windows Settings
-
-You can manage your security key settings from the **Windows Settings** app, including resetting your security key and creating a new security key PIN.
-
-### Reset your security key
-
-If you want to delete all the account information stored on your physical security key, you must return the key back to its factory defaults. Resetting your security key deletes everything from the key, allowing you to start over.
-
->[!IMPORTANT]
->Resetting your security key deletes everything from the key, resetting it to factory defaults.
->
-> **All data and credentials will be cleared.**
-
-#### To reset your security key
-
-1. Open the Windows Settings app, select **Accounts**, select **Sign-in options**, select **Security Key**, and then select **Manage**.
-
-2. Insert your security key into the USB port or tap your NFC reader to verify your identity.
-
-3. Follow the on-screen instructions, based on your specific security key manufacturer. If your key manufacturer isn't listed in the on-screen instructions, refer to the manufacturer's site for more information.
-
-4. Select **Close** to close the **Manage** screen.
-
-### Create a new security key PIN
-
-You can create a new security key PIN for your security key.
-
-#### To create a new security key PIN
-
-1. Open the Windows Settings app, select **Accounts**, select **Sign-in options**, select **Security Key**, and then select **Manage**.
-
-2. Insert your security key into the USB port or tap your NFC reader to verify your identity.
-3. Select **Add** from the **Security Key PIN** area, type and confirm your new security key PIN, and then select **OK**.
-
- The security key is updated with the new security key PIN for use with your work or school account. If you decide to change your PIN again, you can select the **Change** button.
-4. Select **Close** to close the **Manage** screen.
-
-## Additional security info methods
-
-In order to register a security key, you must have at least one additional security verification method registered. See the [Overview section](./security-info-setup-auth-app.md) for more information.
-
-## Next steps
--- For more information about passwordless verification methods, read the [MicrosoftΓÇÖs Azure AD begins public preview of FIDO2 security keys, enabling passwordless logins](https://www.onmsft.com/news/microsofts-azure-ad-begins-public-preview-of-fido2-security-keys-enabling-passwordless-logins) blog, or read the [What is the Microsoft Authenticator app?](user-help-auth-app-overview.md) and [Windows Hello overview](https://www.microsoft.com/windows/windows-hello) articles.--- For more detailed info about [Microsoft-compliant security keys](/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key).--- Reset your password if you've lost or forgotten it, from the [Password reset portal](https://passwordreset.microsoftonline.com/) or follow the steps in the [Reset your work or school password](active-directory-passwords-update-your-own-password.md) article.--- Get troubleshooting tips and help for sign-in problems in the [Can't sign in to your Microsoft account](https://support.microsoft.com/help/12429/microsoft-account-sign-in-cant) article.
active-directory Security Info Setup Signin https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/security-info-setup-signin.md
- Title: Set up your Security info from a sign-in prompt - Azure AD
-description: How to set up your Security info for your work or school account, after you're prompted from your organization's sign-in page.
--------- Previously updated : 04/07/2020---
-# Set up your Security info from a sign-in prompt
-
-You can follow these steps if you're prompted to set up your security info immediately after you sign-in to your work or school account.
-
-You'll only see this prompt if you haven't set up the security info required by your organization. If you've previously set up your security info, but you want to make changes, you can follow the steps in the various method-based how-to articles. For more information, see [Add or update your security info overview](./security-info-setup-auth-app.md).
--
-## Security verification versus password reset authentication
-
-Security info methods are used for both two-factor security verification and for password reset. However, not all methods can be used for both.
-
-| Method | Used for |
-| | -- |
-| Authenticator app | Two-factor verification and password reset authentication. |
-| Text messages | Two-factor verification and password reset authentication. |
-| Phone calls | Two-factor verification and password reset authentication. |
-| Security key | Two-factor verification and password reset authentication. |
-| Email account | Password reset authentication only. You'll need to choose another method for two-factor verification. |
-| Security questions | Password reset authentication only. You'll need to choose another method for two-factor verification. |
-
-## Sign in to your work or school account
-
-After you sign in to your work or school account, you'll see a prompt that asks you to provide more information before it lets you access your account.
-
-![Prompt asking for more info](media/security-info/securityinfo-prompt.png)
-
-## Set up your security info using the wizard
-
-Follow these steps to set up your security info for your work or school account from the prompt.
-
->[!Important]
->This is only an example of the process. Depending on your organization's requirements, your administrator might have set up different verification methods that you'll need to set up during this process. For this example, we're requiring two methods, the Microsoft Authenticator app and a mobile phone number for verification calls or text messages.
-
-1. After you select **Next** from the prompt, a **Keep your account secure wizard** appears, showing the first method your administrator and organization require you to set up. For this example, it's the Microsoft Authenticator app.
-
- > [!Note]
- > If you want to use an authenticator app other than the Microsoft Authenticator app, select the **I want to use a different authenticator app** link.
- >
- > If your organization lets you choose a different method besides the authenticator app, you can select the **I want to set up a different method link**.
-
- ![Keep your account secure wizard, showing the auth app download page](media/security-info/securityinfo-prompt-get-auth-app.png)
-
-2. Select **Download now** to download and install the Microsoft Authenticator app on your mobile device, and then select **Next**. For more information about how to download and install the app, see [Download and install the Microsoft Authenticator app](user-help-auth-app-download-install.md).
-
- ![Keep your account secure wizard, showing the authenticator Set up your account page](media/security-info/securityinfo-prompt-auth-app-setup-acct.png)
-
-3. Remain on the **Set up your account** page while you set up the Microsoft Authenticator app on your mobile device.
-
-4. Open the Microsoft Authenticator app, select to allow notifications (if prompted), select **Add account** from the **Customize and control** icon on the upper-right, and then select **Work or school account**.
-
- >[!Note]
- >If this is the first time you're setting up the Microsoft Authenticator app, you might receive a prompt asking whether to allow the app to access your camera (iOS) or to allow the app to take pictures and record video (Android). You must select **Allow** so the authenticator app can access your camera to take a picture of the QR code in the next step. If you don't allow the camera, you can still set up the authenticator app, but you'll need to add the code information manually. For information about how to add the code manually, see see [Manually add an account to the app](user-help-auth-app-add-account-manual.md).
-
-5. Return to the **Set up your account** page on your computer, and then select **Next**.
-
- The **Scan the QR code** page appears.
-
- ![Scan the QR code using the Authenticator app](media/security-info/securityinfo-prompt-auth-app-qrcode.png)
-
-6. Scan the provided code with the Microsoft Authenticator app QR code reader, which appeared on your mobile device after you created your work or school account in Step 5.
-
- The authenticator app should successfully add your work or school account without requiring any additional information from you. However, if the QR code reader can't read the code, you can select the **Can't scan the QR image** and manually enter the code and URL into the Microsoft Authenticator app. For more information about manually adding a code, see [Manually add an account to the app](user-help-auth-app-add-account-manual.md).
-
-7. Select **Next** on the **Scan the QR code** page on your computer.
-
- A notification is sent to the Microsoft Authenticator app on your mobile device, to test your account.
-
- ![Test your account with the authenticator app](media/security-info/securityinfo-prompt-test-app.png)
-
-8. Approve the notification in the Microsoft Authenticator app, and then select **Next**.
-
- ![Success notification, connecting the app and your account](media/security-info/securityinfo-prompt-auth-app-success.png)
-
- Your security info is updated to use the Microsoft Authenticator app by default to verify your identity when using two-step verification or password reset.
-
-9. On the **Phone** set up page, choose whether you want to receive a text message or a phone call, and then select **Next**. For the purposes of this example, we're using text messages, so you must use a phone number for a device that can accept text messages.
-
- ![Begin setting up your phone number for text messaging](media/security-info/securityinfo-prompt-text-msg.png)
-
- A text message is sent to your phone number. If would prefer to get a phone call, the process is the same. However, you'll receive a phone call with instructions, instead of a text message.
-
-10. Enter the code provided by the text message sent to your mobile device, and then select **Next**.
-
- ![Test your account with the text message](media/security-info/securityinfo-prompt-text-msg-enter-code.png)
-
-11. Review the success notification, and then select **Done**.
-
- ![Success notification](media/security-info/securityinfo-prompt-call-answered-success.png)
-
- Your security info is updated to use text messaging as a backup method to verify your identity when using two-step verification or password reset.
-
-12. Review the **Success** page to verify that you've successfully set up both the Microsoft Authenticator app and a phone (either text message or phone call) method for your security info, and then select **Done**.
-
- ![Wizard successfully completed page](media/security-info/securityinfo-prompt-setup-success.png)
-
- >[!Note]
- >If your organization requires you to use app passwords, you might see an additional section in this wizard, where you can set it up. If you see a third section, called **App passwords**, you must fill it out before you will be able to complete the wizard. For steps about how to add an app password, see the [Manage your app passwords](#manage-your-app-passwords) section of this article.
-
-### Manage your app passwords
-
-Certain apps, such as Outlook 2010, don't support two-step verification. This lack of support means that if you're using two-step verification in your organization, the app won't work. To get around this problem, you can create an autogenerated password to use with each non-browser app, separate from your normal password.
-
->[!Note]
->If you don't see this option in the wizard, it means that your administrator hasn't set it up. If this isn't set up, but you know you need to use app passwords, you can follow the steps in the [Set up app passwords from the Security info page](security-info-app-passwords.md).
-
-When using app passwords, it's important to remember:
--- App passwords are autogenerated and only entered once per app.--- There's a limit of 40 passwords per user. If you try to create one after that limit, you'll be prompted to delete an existing password before being allowed to create the new one.--- Use one app password per device, not per app. For example, create a single password for all the apps on your laptop, and then another single password for all the apps on your desktop.-
-#### To add app passwords in the sign-in wizard
-
-1. After finishing the previous sections of the wizard, select **Next** and complete the **App password** section.
-
-2. Type the name of the app that needs the password, for example `Outlook 2010`, and then select **Next**.
-
- ![Add the app password name in the wizard](media/security-info/app-password-app-password.png)
-
-3. Copy the password code from the **App password** screen and paste it into the **Password** area of the app (in this example, Outlook 2010).
-
- ![App password page, with password for copy](media/security-info/app-password-copy-password.png)
-
-4. After you copy the password and paste it in the app, return to this wizard to make sure all of your sign-in method information is accurate, and then select **Done**.
-
- ![App password page, with completion notice](media/security-info/app-password-complete.png)
-
-## Next steps
--- To change, delete, or update default security info methods, see:-
- - [Set up security info for an authenticator app](security-info-setup-auth-app.md).
-
- - [Set up security info for text messaging](security-info-setup-text-msg.md).
-
- - [Set up security info to use phone calls](security-info-setup-phone-number.md).
-
- - [Set up security info to use email](security-info-setup-email.md).
-
- - [Set up security info to use pre-defined security questions](security-info-setup-questions.md).
--- For information about how to sign in using your specified method, see [How to sign in](user-help-sign-in.md).--- Reset your password if you've lost or forgotten it, from the [Password reset portal](https://passwordreset.microsoftonline.com/) or follow the steps in the [Reset your work or school password](active-directory-passwords-update-your-own-password.md) article.--- Get troubleshooting tips and help for sign-in problems in the [Can't sign in to your Microsoft account](https://support.microsoft.com/help/12429/microsoft-account-sign-in-cant) article.
active-directory Security Info Setup Text Msg https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/security-info-setup-text-msg.md
- Title: Set up text messaging as your verification method - Azure AD
-description: How to set up your Security info (preview) page to verify your identity using text messages as your verification method.
--------- Previously updated : 02/13/2019---
-# Set up text messaging as your verification method
-
-You can follow these steps to add your two-factor verification and password reset methods. After you've set this up the first time, you can return to the **Security info** page to add, update, or delete your security information.
-
-If you're prompted to set this up immediately after you sign in to your work or school account, see the detailed steps in the [Set up your security info from the sign-in page prompt](security-info-setup-signin.md) article.
--
->[!Note]
->If you don't see a phone option, it's possible that your organization doesn't allow you to use this option for verification. In this case, you'll need to choose another method or contact your organization's help desk for more assistance.
-
-## Set up text messages from the Security info page
-
-Depending on your organizationΓÇÖs settings, you might be able to use text messaging as one of your security info methods. The text message option is a part of the phone option, so you'll set everything up the same way you would for your phone number, but instead of having Microsoft call you, you'll choose to use a text message.
-
->[!Note]
->If you want to receive a phone call instead of a text message, follow the steps in the [Set up security info to use phone calls](security-info-setup-phone-number.md) article.
-
-### To set up text messages
-
-1. Sign in to your work or school account and then go to your https://myaccount.microsoft.com/ page.
-
- ![My Profile page, showing highlighted Security info links](media/security-info/securityinfo-myprofile-page.png)
-
-2. Select **Security info** from the left navigation pane or from the link in the **Security info** block, and then select **Add method** from the **Security info** page.
-
- ![Security info page with highlighted Add method option](media/security-info/securityinfo-myprofile-addmethod-page.png)
-
-3. On the **Add a method** page, select **Phone** from the drop-down list, and then select **Add**.
-
- ![Add method box, with Phone selected](media/security-info/securityinfo-myprofile-addphonetext.png)
-
-4. On the **Phone** page, type the phone number for your mobile device, choose **Text me a code**, and then select **Next**.
-
- ![Screenshot that shows the "Phone" page, with "Text me a code" selected.](media/security-info/securityinfo-myprofile-phonetext-addnumber.png)
-
-5. Type the code sent to you through text message to your mobile device, and then select **Next**.
-
- ![Add phone number and choose text messages](media/security-info/securityinfo-myprofile-phonetext-entercode.png)
-
- The page changes to show your success.
-
- ![Success notification, connecting the phone number, the choice to receive text messages, and your account](media/security-info/securityinfo-myprofile-phonetext-success.png)
-
- Your security info is updated and you can use text messaging to verify your identity when using two-step verification or password reset. If you want to make text messaging your default method, see the [Change your default security info method](#change-your-default-security-info-method) section of this article.
-
-## Delete text messaging from your security info methods
-
-If you no longer want to use text messages as a security info method, you can remove it from the **Security info** page.
-
->[!Important]
->If you delete text messaging by mistake, there's no way to undo it. You'll have to add the method again, following the steps in the [Set up text messages](#set-up-text-messages-from-the-security-info-page) section of this article.
-
-### To delete text messaging
-
-1. On the **Security info** page, select the **Delete** link next to the **Phone** option.
-
- ![Link to delete the phone and text messaging method from security info](media/security-info/securityinfo-myprofile-phonetext-delete.png)
-
-2. Select **Yes** from the confirmation box to delete the **Phone** number. After your phone number is deleted, it's removed from your security info and it disappears from the **Security info** page. If **Phone** is your default method, the default will change to another available method.
-
-## Change your default security info method
-
-If you want text messaging to be the default method used when you sign in to your work or school account using two-factor verification or for password reset requests, you can set it from the **Security info** page.
-
-### To change your default security info method
-
-1. On the **Security info** page, select the **Change** link next to the **Default sign-in method** information.
-
- ![Change link for default sign-in method](media/security-info/securityinfo-myprofile-phonetext-defaultchange.png)
-
-2. Select **Phone - text (*_your_phone_number_*)** from the drop-down list of available methods, and then select **Confirm**.
-
- ![Choose method for default sign-in](media/security-info/securityinfo-myprofile-phonetext-changeddefault.png)
-
- The default method used for sign-in changes to **Phone - text (*_your_phone_number_*)**.
-
-## Additional security info methods
-
-You have additional options for how your organization contacts you to verify your identity, based on what's you're trying to do. The options include:
--- **Authenticator app.** Download and use an authenticator app to get either an approval notification or a randomly generated approval code for two-step verification or password reset. For step-by-step instructions about how to set up and use the Microsoft Authenticator app, see [Set up security info to use an authenticator app](security-info-setup-auth-app.md).--- **Mobile device or work phone call.** Enter your mobile device number and get a phone call for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a phone number, see [Set up security info to use phone calls](security-info-setup-phone-number.md).--- **Security key.** Register your Microsoft-compatible security key and use it along with a PIN for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a security key, see [Set up security info to use a security key](security-info-setup-security-key.md).--- **Email address.** Enter your work or school email address to get an email for password reset. This option isn't available for two-step verification. For step-by-step instructions about how to set up your email, see [Set up security info to use email](security-info-setup-email.md).--- **Security questions.** Answer some security questions created by your administrator for your organization. This option is only available for password reset and not for two-step verification. For step-by-step instructions about how to set up your security questions, see the [Set up security info to use security questions](security-info-setup-questions.md) article.-
- >[!Note]
- >If some of these options are missing, it's most likely because your organization doesn't allow those methods. If this is the case, you'll need to choose an available method or contact your administrator for more help.
-
-## Next steps
--- Reset your password if you've lost or forgotten it, from the [Password reset portal](https://passwordreset.microsoftonline.com/) or follow the steps in the [Reset your work or school password](active-directory-passwords-update-your-own-password.md) article.--- Get troubleshooting tips and help for sign-in problems in the [Can't sign in to your Microsoft account](https://support.microsoft.com/help/12429/microsoft-account-sign-in-cant) article.
active-directory Sms Sign In Explainer https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/sms-sign-in-explainer.md
- Title: SMS sign-in user experience for phone number - Azure AD
-description: Learn more about SMS sign-in user experience for new or existing phone numbers
------- Previously updated : 06/10/2021-----
-# Use your phone number as a user name
-
-Registering a device gives your phone access to your organization's services and doesn't allow your organization access to your phone. If you're an administrator, you can find more information in [Configure and enable users for SMS-based authentication](../authentication/howto-authentication-sms-signin.md).
-
-If your organization hasn't made SMS sign-in available, you won't see an option for it when registering a phone with your account.
-
-## When you have a new phone number
-
-If you get a new phone or new number and you register it with an organization for which SMS sign-in is available, you experience the normal phone registration process:
-
-1. Select **Add method**.
-1. Select **Phone**.
-1. Enter phone number and select **Text me a code**.
-1. After you enter the code, select **Next**.
-1. You will see a prompt that says "SMS verified. Your phone was registered successfully."
-
-> [!Important]
-> Due to a known issue, for a short time adding phone number will not register the number for SMS sign-in. You'll have to sign in with the added number and then follow the prompts to register the number for SMS sign-in.
-
-### When the phone number is in use
-
-If you try to use a phone number that someone else in your organization is using, you'll see the following message:
-
-![Error message when your phone number is already used](media/sms-sign-in-explainer/sms-sign-in-error.png)
-
-Reach out to your admin to remediate the problem.
-
-## When you have an existing number
-
-If you are already using a phone number with an organization, and using your phone number as a user name becomes available, the following steps can help you sign in.
-
-1. When SMS sign-in is available, a banner is displayed asking if you'd like to enable the phone number for SMS sign-in:
-
- :::image type="content" source="media/sms-sign-in-explainer/sms-sign-in-banner.png" alt-text="Screenshot that shows the banner to enable SMS sign-in for a phone number with the 'Enable' action selected." lightbox="media/sms-sign-in-explainer/sms-sign-in-banner.png":::
-
-1. Also, an **Enable** button appears if you select the caret on the phone method tile:
-
- [![Banner to enable SMS sign-in for a phone number.](media/sms-sign-in-explainer/sms-sign-in-phone-method.png)](media/sms-sign-in-explainer/sms-sign-in-phone-method.png#lightbox)
-
-1. To enable the method, select **Enable**. You are prompted to confirm the action:
-
- ![Confirmation dialog to enable SMS sign-in for a phone number](media/sms-sign-in-explainer/sms-sign-in-confirmation.png)
-
-1. Select **Enable**.
-
-## When you remove your phone number
-
-1. To delete the phone number, select the delete button on the SMS sign-in phone method tile.
-
- [![Banner to delete SMS sign-in for a phone number.](media/sms-sign-in-explainer/sms-sign-in-delete-method.png)](media/sms-sign-in-explainer/sms-sign-in-delete-method.png#lightbox)
-
-2. When prompted to confirm the action, select **OK**.
-
-You can't remove a phone number that is in use as the default sign-in method. To remove the number, you would have to change the default sign-in method, then remove the phone number again.
active-directory User Help Auth App Add Account Manual https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/user-help-auth-app-add-account-manual.md
- Title: Manually add an account to the app - Azure Active Directory | Microsoft Docs
-description: How to manually add your accounts to the Microsoft Authenticator app for two-factor verification.
-------- Previously updated : 01/24/2019----
-# Manually add an account to the app
-
-If your camera is unable to capture the QR code, you can manually add your account information to the Microsoft Authenticator app for two-factor verification. This works for work or school accounts and non-Microsoft accounts.
-
-The codes provided for your accounts aren't case-sensitive and don't require spaces when added into the Microsoft Authenticator app.
-
->[!Important]
->Before you can add your account, you must download and install the Microsoft Authenticator app. If you haven't done that yet, follow the steps in the [Download and install the app](user-help-auth-app-download-install.md) article.
-
-## Add your work or school account
-
-1. On your computer, note the **Code** and **Url** information on the **Configure mobile app** page. Keep this page open so you can see the code and URL.
-
- ![Screen that provides the QR code](./media/user-help-auth-app-add-account-manual/auth-app-barcode.png)
-
-2. Open the Microsoft Authenticator app, select **Add account** from the **Customize and control** icon in the upper-right, and then select **Work or school account**.
-
-3. Select **OR ENTER CODE MANUALLY**.
-
- ![Screen for scanning a QR code](./media/user-help-auth-app-add-account-manual/auth-app-manual-code.png)
-
-4. Enter the **Code** and **URL** from Step 1, and then select **Finish**.
-
- ![Screen for entering code and URL](./media/user-help-auth-app-add-account-manual/auth-app-code-url.png)
-
- The **Accounts** screen of the app shows you your account name and a six-digit verification code. For additional security, the verification code changes every 30 seconds preventing someone from using a code multiple times.
-
-## Add your Google account
-
-1. On your computer, select **CAN'T SCAN IT** from the **Set up Authenticator** page with the QR code.
-
- The **Can't scan barcode** page appears with the secret code. Keep this page open so you can see the secret code.
-
-2. Open the Microsoft Authenticator app, select **Add account** from the **Customize and control** icon in the upper-right, select **Other account (Google, Facebook, etc.)**, and then select **OR ENTER CODE MANUALLY**.
-
-3. Enter an **Account name** (for example, Google) and type the **Secret key** from Step 1, and then select **Finish**.
-
-4. On the **Set up Authenticator** page on your computer, type the six-digit verification code provided in the app for your Google account, and then select **Verify**.
-
- The **Accounts** screen of the app shows you your account name and a six-digit verification code. For additional security, the verification code changes every 30 seconds preventing someone from using a code multiple times.
-
- >[!NOTE]
- >For more information about two-factor verification and your Google account, see [Turn on 2-Step Verification](https://support.google.com/accounts/answer/185839) and [Learn more about 2-Step Verification](https://www.google.com/landing/2step/help.html).
-
-## Add your Facebook account
-
-1. On the **Set up via Third Party Authenticator** page, which includes the QR code, and a code written out for entry into your app. Keep this page open so you can see the code.
-
-2. Open the Microsoft Authenticator app, select **Add account** from the **Customize and control** icon in the upper-right, select **Other account (Google, Facebook, etc.)**, and then select **OR ENTER CODE MANUALLY**.
-
-3. Enter an **Account name** (for example, Facebook) and type the **Secret key** from Step 1, and then select **Finish**.
-
-4. On the **Two-Factor Authenticator** page on your computer, type the six-digit verification code provided in the app for your Facebook account, and then select **Verify**.
-
- The **Accounts** screen of the app shows you your account name and a six-digit verification code. For additional security, the verification code changes every 30 seconds preventing someone from using a code multiple times.
-
- >[!NOTE]
- >For more information about two-factor verification and your Facebook account, see [What is two-factor authentication and how does it work?](https://www.facebook.com/help/148233965247823).
-
-## Add your Amazon account
-
-You can add your Amazon account by turning on two-factor verification and then adding the account to the app.
-
-1. On your computer, select **Can't scan the barcode** from the **Choose how you'll receive codes** page with the QR code.
-
- The **Can't scan the barcode** message appears with the secret code. Keep this message open so you can see the secret code.
-
-2. Open the Microsoft Authenticator app, select **Add account** from the **Customize and control** icon in the upper-right, select **Other account (Google, Facebook, etc.)**, and then select **OR ENTER CODE MANUALLY**.
-
-3. Enter an **Account name** (for example, Amazon) and type the **Secret key** from Step 1, and then select **Finish**.
-
-4. Complete the rest of the sign-up process, including adding a backup verification method such as a text message, and then select **Send code**.
-
-5. On the **Add a backup verification method** page on your computer, type the six-digit verification code provided by your backup verification method for your Amazon account, and then select **Verify code and continue**.
-
-6. On the Almost done page, decide whether to make your computer a trusted device, and then select **Got it. Turn on Two-Step Verification**.
-
- The **Advanced Security Settings** page appears, showing your updated two-factor verification details.
-
- >[!NOTE]
- >For more information about two-factor verification and your Amazon account, see [About Two-Step Verification](https://www.amazon.com/gp/help/customer/display.html?nodeId=201596330) and [Signing in with Two-Step Verification](https://www.amazon.com/gp/help/customer/display.html?nodeId=201962440).
-
-## Next steps
--- After you add your accounts to the app, you can sign in using the Microsoft Authenticator app on your device. For more information, see [Sign in using the app](user-help-auth-app-sign-in.md).--- If you're having trouble getting your verification code for your personal Microsoft account, see the **Troubleshooting verification code issues** section of the [Microsoft account security info & verification codes](https://support.microsoft.com/help/12428/microsoft-account-security-info-verification-codes) article.--- For devices running iOS, you can also back up your account credentials and related app settings, such as the order of your accounts, to the cloud. For more information, see [Backup and recover with Microsoft Authenticator app](user-help-auth-app-backup-recovery.md).
active-directory User Help Auth App Add Non Ms Account https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/user-help-auth-app-add-non-ms-account.md
- Title: Add non-Microsoft accounts to the Microsoft Authenticator app - Azure AD
-description: Add non-Microsoft accounts, such as for Google or Facebook to the Microsoft Authenticator app to verify your identity while using two-factor verification.
-------- Previously updated : 11/02/2020----
-# Add non-Microsoft accounts to the Microsoft Authenticator app
-
-If you have non-Microsoft accounts, such as for Google, Facebook, or GitHub, you can add them to the Microsoft Authenticator app for two-factor verification. The Microsoft Authenticator app works with any app that uses two-factor verification and any account that supports the Time-based One-time Password (TOTP) standards.
-
->[!Important]
->Before you can add your account, you must download and install the Microsoft Authenticator app. If you haven't done that yet, follow the steps in the [Download and install the app](user-help-auth-app-download-install.md) article.
-
-## Add personal accounts
-
-Generally, for all your personal accounts, you must:
-
-1. Sign in to your account, and then turn on two-factor verification using either your device or your computer.
-
-2. Add the account to the Microsoft Authenticator app. You might be asked to scan a QR code as part of this process.
-
- >[!Note]
- >If this is the first time you're setting up the Microsoft Authenticator app, you might receive a prompt asking whether to allow the app to access your camera (iOS) or to allow the app to take pictures and record video (Android). You must select **Allow** so the authenticator app can access your camera to take a picture of the QR code in the next step. If you don't allow the camera, you can still set up the authenticator app, but you'll need to add the code information manually. For information about how to add the code manually, see see [Manually add an account to the app](user-help-auth-app-add-account-manual.md).
-
-We're providing the process here for your Facebook, Google, GitHub, and Amazon accounts, but the process is the same for other apps, such as Instagram and Adobe.
-
-## Add your Google account
-
-Add your Google account by turning on two-factor verification and then adding the account to the app.
-
-### Turn on two-factor verification
-
-1. On your computer, go to https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome, select **Get Started**, and then verify your identity.
-
-2. Follow the on-page steps to turn on two-step verification for your personal Google account.
-
-### Add your Google account to the app
-
-1. On the Google account security page on your computer (https://myaccount.google.com/security), go to the **Add more second steps to verify it's you** section, choose **Set up** from the **Authenticator app** section.
-
-2. On the **Get codes from the Authenticator app** page, select either **Android** or **iPhone** based on your phone type, and then select **Next**.
-
- You're given a QR code that you can use to automatically associate your account with the Microsoft Authenticator app. Do not close this window.
-
-3. Open the Microsoft Authenticator app, select **Add account** from the **Customize and control** icon in the upper right, and then select **Other account (Google, Facebook, etc.)**.
-
-4. Use your device's camera to scan the QR code from the **Set up Authenticator** page on your computer.
-
- >[!Note]
- >If your camera isn't working properly, you can enter the QR code and URL manually.
-
-5. Review the **Accounts** page of the Microsoft Authenticator app on your device, to make sure your account information is right and that there's an associated six-digit verification code.
-
- For additional security, the verification code changes every 30 seconds preventing someone from using a code multiple times.
-
-6. Select **Next** on the **Set up Authenticator** page on your computer, type the six-digit verification code provided in the app for your Google account, and then select **Verify**.
-
-7. Your account is verified, and you can select **Done** to close the **Set up Authenticator** page.
-
- >[!NOTE]
- >For more information about two-factor verification and your Google account, see [Turn on 2-Step Verification](https://support.google.com/accounts/answer/185839) and [Learn more about 2-Step Verification](https://www.google.com/landing/2step/help.html).
-
-## Add your Facebook account
-
-Add your Facebook account by turning on two-factor verification and then adding the account to the app.
-
-### Turn on two-factor verification
-
-1. On your computer, open Facebook, select the drop-down menu in the top-right corner, and then go to **Settings** > **Security and Login**.
-
- The **Security and Login** page appears.
-
-2. Go down to the **Use two-factor authentication** option in the **Two-Factor Authentication** section, and then select **Edit**.
-
- The **Two-Factor Authentication** page appears.
-
-3. Select **Turn On**.
-
-### Add your Facebook account to the app
-
-1. On the Facebook page on your computer, go to the **Add a backup** section, and then choose **Setup** from the **Authentication app** area.
-
- You're given a QR code that you can use to automatically associate your account with the Microsoft Authenticator app. Do not close this window.
-
-2. Open the Microsoft Authenticator app, select **Add account** from the **Customize and control** icon in the upper right, and then select **Other account (Google, Facebook, etc.)**.
-
-3. Use your device's camera to scan the QR code from the **Two factor authentication** page on your computer.
-
- >[!Note]
- >If your camera isn't working properly, you can enter the QR code and URL manually.
-
-4. Review the **Accounts** page of the Microsoft Authenticator app on your device, to make sure your account information is right and that there's an associated six-digit verification code.
-
- For additional security, the verification code changes every 30 seconds preventing someone from using a code multiple times.
-
-5. Select **Next** on the **Two factor authentication** page on your computer, and then type the six-digit verification code provided in the app for your Facebook account.
-
- Your account is verified, and you can now use the app to verify your account.
-
- >[!NOTE]
- >For more information about two-factor verification and your Facebook account, see [What is two-factor authentication and how does it work?](https://www.facebook.com/help/148233965247823).
-
-## Add your GitHub account
-
-Add your GitHub account by turning on two-factor verification and then adding the account to the app.
-
-### Turn on two-factor verification
-
-1. On your computer, open GitHub, select your image from top-right corner, and then select **Settings**.
-
- The **Two-factor authentication** page appears.
-
-2. Select **Security** from the **Personal settings** sidebar, and then select **Enable two-factor authentication** from the **Two-factor authentication** area.
-
-### Add your GitHub account to the app
-
-1. On the **Two-factor authentication** page on your computer, select **Set up using an app**.
-
-2. Save your recovery codes so you can get back into your account if you lose access, and then select **Next**.
-
- You can save your codes by downloading them to your device, by printing a hard copy, or by copying them into a password manager tool.
-
-3. On the **Two-factor authentication** page, select **Set up using an app**.
-
- The page changes to show you a QR code. Do not close this page.
-
-4. Open the Microsoft Authenticator app, select **Add account** from the **Customize and control** icon in the upper right, select **Other account (Google, Facebook, etc.)**, and then select **enter this text code** from the text at the top of the page.
-
- The Microsoft Authenticator app is unable to scan the QR code, so you must manually enter the code.
-
-5. Enter an **Account name** (for example, GitHub) and type the **Secret key** from Step 4, and then select **Finish**.
-
-6. On the **Two-factor authenticator** page on your computer, type the six-digit verification code provided in the app for your GitHub account, and then select **Enable**.
-
- The **Accounts** page of the app shows you your account name and a six-digit verification code. For additional security, the verification code changes every 30 seconds preventing someone from using a code multiple times.
-
- >[!NOTE]
- >For more information about two-factor verification and your GitHub account, see [About two-factor authentication](https://help.github.com/articles/about-two-factor-authentication/).
-
-## Add your Amazon account
-
-Add your Amazon account by turning on two-factor verification and then adding the account to the app.
-
-### Turn on two-factor verification
-
-1. On your computer, open Amazon, select the **Account & Lists** drop-down menu, and then select **Your Account**.
-
-2. Select **Login & security**, sign in to your Amazon account, and then select **Edit** in the **Advanced Security Settings** area.
-
- The **Advanced Security Settings** page appears.
-
-3. Select **Get Started**.
-
-4. Select **Authenticator App** from the **Choose how you'll receive codes** page.
-
- The page changes to show you a QR code. Do not close this page.
-
-5. Open the Microsoft Authenticator app, select **Add account** from the **Customize and control** icon in the upper right, and then select **Other account (Google, Facebook, etc.)**.
-
-6. Use your device's camera to scan the QR code from the **Choose how you'll receive codes** page on your computer.
-
- >[!Note]
- >If your camera isn't working properly, you can enter the QR code and URL manually.
-
-7. Review the **Accounts** page of the Microsoft Authenticator app on your device, to make sure your account information is right and that there's an associated six-digit verification code.
-
- For additional security, the verification code changes every 30 seconds preventing someone from using a code multiple times.
-
-8. On the **Choose how you'll receive codes** page on your computer, type the six-digit verification code provided in the app for your Amazon account, and then select **Verify code and continue**.
-
-9. Complete the rest of the sign-up process, including adding a backup verification method such as a text message, and then select **Send code**.
-
-10. On the **Add a backup verification method** page on your computer, type the six-digit verification code provided by your backup verification method for your Amazon account, and then select **Verify code and continue**.
-
-11. On the **Almost done** page, decide whether to make your computer a trusted device, and then select **Got it. Turn on Two-Step Verification**.
-
- The **Advanced Security Settings** page appears, showing your updated two-factor verification details.
-
- >[!NOTE]
- >For more information about two-factor verification and your Amazon account, see [About Two-Step Verification](https://www.amazon.com/gp/help/customer/display.html?nodeId=201596330) and [Signing in with Two-Step Verification](https://www.amazon.com/gp/help/customer/display.html?nodeId=201962440).
-
-## Next steps
--- After you add your accounts to the app, you can sign in using the Authenticator app on your device. For more information, see [Sign in using the app](user-help-auth-app-sign-in.md).--- For devices running iOS, you can also back up your account credentials and related app settings, such as the order of your accounts, to the cloud. For more information, see [Backup and recover with Microsoft Authenticator app](user-help-auth-app-backup-recovery.md).
active-directory User Help Auth App Add Personal Ms Account https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/user-help-auth-app-add-personal-ms-account.md
- Title: Add a personal Microsoft account to the Microsoft Authenticator app - Azure AD
-description: Add personal Microsoft accounts, such as for Outlook.com or Xbox LIVE to the Microsoft Authenticator app to verify your identity while using two-factor verification.
-------- Previously updated : 04/08/2020----
-# Add personal Microsoft accounts to the Microsoft Authenticator app
-
-Add your personal Microsoft accounts, such as for Outlook.com and Xbox LIVE accounts, to the Microsoft Authenticator app for both the standard two-factor verification process and passwordless phone sign-in.
--- **Standard two-factor verification method.** Type your username and password into the device you're signing in to, and then choose whether the Microsoft Authenticator app sends a notification or if you'd prefer to copy the associated verification code from the **Accounts** screen of the Microsoft Authenticator app.--- **Passwordless sign-in method.** Type your username into the device you're signing in to using your personal Microsoft account, and then use your mobile device to verify that it's you using your fingerprint, face, or PIN. For this method, you don't need to enter your password.-
->[!Important]
->Before you can add your account, you must download and install the Microsoft Authenticator app. If you haven't done that yet, follow the steps in the [Download and install the app](user-help-auth-app-download-install.md) article.
-
-You can add your personal Microsoft account by first turning on two-factor verification, and then by adding the account to the app. You don't have to turn on two-factor verification to only use passwordless phone sign-in for your account, but we strongly recommend that you turn on two-factor verification for additional account security.
-
-## Turn on two-factor verification
-
-1. On your computer, go to your [Security basics](https://account.microsoft.com/security) page and sign-in using your personal Microsoft account. For example, alain@outlook.com.
-
-2. At the bottom of the **Security basics** page, choose the **more security options** link.
-
- ![Security basics page with the "more security options" link highlighted](./media/user-help-auth-app-add-personal-ms-account/more-security-options-link.png)
-
-3. Go to the **Two-step verification** section and choose to turn the feature **On**. You can also turn it off here if you no longer want to use it with your personal account.
-
-## Add your Microsoft account to the app
-
-1. Open the Microsoft Authenticator app on your mobile device.
-
-1. On Android, select **Add account** from the **Customize and Control** icon in the upper right.
-
- ![Android account selection pages](media/user-help-auth-app-add-personal-ms-account/customize-and-control-icon.png)
-
- On iOS, select the plus icon in the upper right.
-
- ![iOS version of the account selection experience](media/user-help-auth-app-add-personal-ms-account/customize-and-control-icon-ios.png)
-
-1. In the **Add account** page, choose **Personal account**.
-
-1. Select **Sign in with Microsoft** to add your account. A QR code can be used when available, but you can always add your account by signing in with your username and password.
-
- ![Select either a Microsoft account or scan a QR code when available](media/user-help-auth-app-add-personal-ms-account/add-account-android.png)
-
-1. Sign in to your personal account, using the appropriate email address (such as alain@outlook.com), and then select **Next**.
-
- >[!Note]
- >If you don't have a personal Microsoft account, [you can create one](https://account.microsoft.com/account/Account?refd=www.bing.com&ru=https%3A%2F%2Faccount.microsoft.com%2F%3Frefd%3Dwww.bing.com&destrt=home-index).
-
-1. Enter your password, and then select **Sign in**. Your personal account is added to the Microsoft Authenticator app.
-
-## Next steps
--- After you add your accounts to the app, you can sign in using the Authenticator app on your device. For more information, see [Sign in using the app](user-help-auth-app-sign-in.md).--- If you're having trouble getting your verification code for your personal Microsoft account, see the **Troubleshooting verification code issues** section of the [Microsoft account security info & verification codes](https://support.microsoft.com/help/12428/microsoft-account-security-info-verification-codes) article.--- For devices running iOS, you can also back up your account credentials and related app settings, such as the order of your accounts, to the cloud. For more information, see [Backup and recover with Microsoft Authenticator app](user-help-auth-app-backup-recovery.md).
active-directory User Help Auth App Add Work School Account https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/user-help-auth-app-add-work-school-account.md
- Title: Add a work or school account to the Microsoft Authenticator app - Azure AD
-description: Add your work or school account to the Microsoft Authenticator app to verify your identity while using two-factor verification.
-------- Previously updated : 08/09/2021----
-# Add your work or school account to the Microsoft Authenticator app
-
-If your organization uses two-factor verification, you can set up your work or school account to use the Microsoft Authenticator app as one of the verification methods.
-
->[!Important]
->Before you can add your account, you must download and install the Microsoft Authenticator app. If you haven't done that yet, follow the steps in the [Download and install the app](user-help-auth-app-download-install.md) article.
-
-## Add your work or school account
-
-You can add your work or school account to the Microsoft Authenticator app by doing one of the following:
--- Sign in with your work or school account credentials (preview)-- Scan a QR Code-
-### Sign in with your credentials
-
->[!Note]
->You can now sign in to the Microsoft Authenticator app to add your work or school account.
-
-To add an account by signing into your work or school account using your credentials:
-
-1. Open the Microsoft Authenticator app and select to the **+** button and tap **Add work or school account**. Select **Sign in**.
-
-1. Enter your work or school account credentials. If you have a Temporary Access Pass (TAP) you can use that to sign in. At this point, you could potentially be blocked from proceeding by one of the following conditions:
-
- - If you donΓÇÖt have enough authentication methods on your account to get a strong authentication token, you can't proceed to add an account.
-
- - If you receive the message `You might be signing in from a location that is restricted by your admin`, your admin hasn't enabled this feature for you and probably set up a Security Information Registration Conditional Access policy. Contact the administrator for your work or school account to use this authentication method.
-
-1. If you are allowed by your admin to use phone sign-in using the Authenticator app, you'll be able to go through device registration to get set up for passwordless phone sign-in and Azure AD Multi-Factor Authentication. However, you'll still be able to set up multifactor authentication whether or not you are enabled for phone sign-in.
-
-1. At this point, you might be asked to scan a QR Code provided by your organization to set up an on-premises multi-factor authentication account in the app. You're required to do this only if your organization uses on-premises MFA Server.
-
-1. On your device, tap the account and verify in the full-screen view that your account is correct. For additional security, the verification code changes every 30 seconds preventing someone from using a code multiple times.
-
-## Sign in with a QR code
-
-To add an account by scanning a QR Code, do the following:
-
-1. On your computer, go to the **Additional security verification** page.
-
- >[!Note]
- >If you don't see the **Additional security verification** page, it's possible that your administrator has turned on the security info (preview) experience. If that's the case, you should follow the instructions in the [Set up security info to use an authenticator app](security-info-setup-auth-app.md) section. If that's not the case, you will need to contact your organization's Help Desk for assistance. For more information about security info, see [Set up your Security info from a sign-in prompt](security-info-setup-signin.md).
-
-1. Select the checkbox next to Authenticator app, and then select **Configure**. The **Configure mobile app** page appears.
-
- ![Screen that provides a QR code](./media/user-help-auth-app-add-work-school-account/auth-app-barcode.png)
-
-1. Open the Microsoft Authenticator app, select the plus icon ![Select the plus icon on either iOS or Android devices](media/user-help-auth-app-add-work-school-account/plus-icon.png) and select **Add account**, and then select **Work or school account,** followed by **Scan a QR Code**.
- If you don't have an account set up in the Authenticator app, you'll see a large blue button that says **Add account**.
-
-If you aren't prompted to use your camera to scan a QR Code, in your phone's settings, ensure that the Authenticator app has access to the phone camera. After you add your account using a QR code, you can set up phone sign-in. If you receive the message "You might be signing in from a location that is restricted by your admin," your admin hasn't enabled this feature for you and probably set up a Security Information Registration Conditional Access policy. Contact the administrator for your work or school account to use this authentication method. If you *are* allowed by your admin to use phone sign-in using the Authenticator app, you'll be able to go through device registration to get set up for passwordless phone sign-in and Azure AD Multi-Factor Authentication.
-
->[!Note]
-> For US government organizations, the only way that you can add a phone sign-in account is by adding it using the [Sign in with your credentials](#sign-in-with-your-credentials) option, instead of upgrading from a QR-code based account.
-
-## Sign in on a remote computer
-
-Many apps allow you to authenticate by entering a code on another device such as a PC. If you want to sign in on a remote computer to install the Microsoft Authenticator app:
-
-1. Open the Microsoft Authenticator app, select the **+** button &gt; **Add work or school account** &gt; **Sign in**.
-1. Select **Sign in from another device**.
-1. On the remote screen, open the [**Sign in to your account** page](https://microsoft.com/devicelogin) and enter the code that you see in your Authenticator app.
-1. On your remote screen, sign in using your work or school account credentials. If you have a Temporary Access Pass (TAP) you can use that to sign in.
-1. After you complete your authentication on the remote screen, return to the Authenticator app to complete setup.
-
- ## Next steps
--- After you add your accounts to the app, you can sign in using the Authenticator app on your device. For more information, see [Sign in using the app](user-help-auth-app-sign-in.md).--- For devices running iOS, you can also back up your account credentials and related app settings, such as the order of your accounts, to the cloud. For more information, see [Backup and recover with Microsoft Authenticator app](user-help-auth-app-backup-recovery.md).
active-directory User Help Auth App Backup Recovery https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/user-help-auth-app-backup-recovery.md
- Title: Back up and recover accounts with the Microsoft Authenticator app - Azure AD
-description: Learn how to back up and recover your backed up account credentials, using the Microsoft Authenticator app.
-------- Previously updated : 06/03/2020----
-# Back up and recover account credentials using the Microsoft Authenticator app
-
-**Applies to:**
--- iOS devices, running version 5.7.0 and later--- Android devices, running version 6.6.0 and later-
-The Microsoft Authenticator app backs up your account credentials and related app settings, such as the order of your accounts, to the cloud. After backup, you can also use the app to recover your information on a new device, potentially avoiding getting locked out or having to recreate accounts.
-
-Each backup storage location requires you to have one personal Microsoft account, while iOS also requires you to have an iCloud account. You can have multiple accounts stored in that single location. For example, you can have a personal account, a work or school account, and a personal, non-Microsoft account like for Facebook, Google, and so on.
-
-> [!IMPORTANT]
-> Only your personal and 3rd-party account credentials are stored, which includes your username and the account verification code that's required to prove your identity. We don't store any other information associated with your accounts, including emails or files. We also don't associate or share your accounts in any way or with any other product or service. And finally, your IT admin won't get any information about any of these accounts.
-
-## Back up your account credentials
-
-Before you can back up your credentials, you must have:
--- A personal [Microsoft account](https://account.microsoft.com/account) to act as your recovery account.--- **For iOS only,** you must have an [iCloud account](https://www.icloud.com/) for the actual storage location.-
-### To turn on cloud backup for iOS devices
--- On your iOS device, select **Settings**, select **Backup**, and then turn on **iCloud backup**.-
- Your account credentials are backed up to your iCloud account.
-
- ![iOS settings screen, showing the location of the iCloud backup settings](./media/user-help-auth-app-backup-recovery/backup-and-recovery-turn-on.png)
-
-### To turn on cloud backup for Android devices
--- On your Android device, select **Settings**, select **Backup**, and then turn on **Cloud backup**.-
- Your account credentials are backed up to your cloud account.
-
- ![Android settings screen, showing the location of the backup settings](./media/user-help-auth-app-backup-recovery/backup-and-recovery-turn-on-android.png)
-
-## Recover your account credentials on your new device
-
-You can recover your account credentials from your cloud account, but you must first make sure that the account you're recovering doesn't exist in the Microsoft Authenticator app. For example, if you're recovering your personal Microsoft account, you must make sure you don't have a personal Microsoft account already set up in the authenticator app. This check is important so we can be sure we're not overwriting or erasing an existing account by mistake.
-
-### To recover your information
-
-1. On your mobile device, open the Microsoft Authenticator app, and select **Begin recovery** from the bottom of the screen.
-
- ![Microsoft Authenticator app, showing where to click Begin recovery](./media/user-help-auth-app-backup-recovery/backup-and-recovery-begin-recovery.png)
-
-2. Sign in to your recovery account, using the same personal Microsoft account you used during the backup process.
-
- Your account credentials are recovered to the new device.
-
-After you finish your recovery, you might notice that your personal Microsoft account verification codes in the Microsoft Authenticator app are different between your old and new phones. The codes are different because each device has its own unique credential, but both are valid and work while signing in using the associated phone.
-
-## Recover accounts requiring more verification
-
-If you use push notifications with your personal or work or school accounts, you'll get an on-screen alert that says you must provide additional verification before you can recover your information. Because push notifications require using a credential that's tied to your specific device and never sent over the network, you must prove your identity before the credential is created on your device.
-
-For personal Microsoft accounts, you can prove your identity by entering your password along with an alternate email or phone number. For work or school accounts, you must scan a QR code given to you by your account provider.
-
-### To provide more verification for personal accounts
-
-1. In the **Accounts** screen of the Microsoft Authenticator app, tap the account you want to recover to open the full screen view of the account.
-
- :::image type="content" source="media/user-help-auth-app-backup-recovery/backup-and-recovery-arrow.png" alt-text="Screenshot that shows the Microsoft Authenticator app with the available account tiles." border="true":::
-
-1. Tap the tile for the account you're recovering and then tap the option to sign in to recover. Enter your password and then confirm your email address or phone number as additional verification.
-
- :::image type="content" source="media/user-help-auth-app-backup-recovery/backup-and-recovery-codes.png" alt-text="Screenshot that shows the Microsoft Authenticator one-time password code." border="true":::
-
-### To provide more verification for work or school accounts
-
-1. In the **Accounts** screen of the Microsoft Authenticator app, tap the account you want to recover to open the full screen view of the account.
-
- :::image type="content" source="media/user-help-auth-app-backup-recovery/work-or-school-recovery-arrow.png" alt-text="Microsoft Authenticator app, showing the available account tiles" border="true":::
-
-1. In the full screen view, tap the option to scan a QR code to fully recover.
-
- :::image type="content" source="media/user-help-auth-app-backup-recovery/work-or-school-recovery-qr-code.png" alt-text="Authenticator presents a one-time password as a verification code" border="true":::
-
->[!NOTE]
->For more info about QR codes and how to get one, see [Get started with the Microsoft Authenticator app](./user-help-auth-app-download-install.md) or [Set up security info to use an authenticator app](./security-info-setup-auth-app.md), based on whether your admin has turned on security info.
->
->If this is the first time you're setting up the Microsoft Authenticator app, you might receive a prompt asking whether to allow the app to access your camera (iOS) or to allow the app to take pictures and record video (Android). You must select **Allow** so the authenticator app can access your camera to take a picture of the QR code in the next step. If you don't allow the camera, you can still set up the authenticator app, but you'll need to add the code information manually. For information about how to add the code manually, see see [Manually add an account to the app](user-help-auth-app-add-account-manual.md).
-
-## Troubleshoot backup and recovery problems
-
-There are a few reasons why your backup might not be available
--- **Changing operating systems**: Your backup is stored in the iCloud for iOS and in Microsoft's cloud storage provider for Android. This means that your backup is unavailable if you switch between Android and iOS devices. If you make the switch, you must manually recreate your accounts within the Microsoft Authenticator app.--- **Network problems**: If you're experiencing network-related problems, make sure you're connected to the network and properly signed in to your account.--- **Account problems**: If you're experiencing account-related problems, make sure that you're properly signed in to your account. For iOS this means that you must be signed into iCloud using the same AppleID account as your iPhone.--- **Accidental deletion**: It's possible that you deleted your backup account from your previous device or while managing your cloud storage account. In this situation, you must manually recreate your account within the app.--- **Existing Microsoft Authenticator accounts**: If you've already set up accounts in the Microsoft Authenticator app, the app won't be able to recover your backed-up accounts. Preventing recovery helps ensure that your account details aren't overwritten with out-of-date information. In this situation, you must remove any existing account information from the existing accounts set up in your Authenticator app before you can recover your backup.--- **Backup is out-of-date**: If your backup information is out-of-date, you might be asked to refresh the information by signing in to your Microsoft Recovery account again. Your recovery account is the personal Microsoft account you used initially to store your backup. If a sign-in is required, you'll see a red dot on your menu or action bar, or youΓÇÖll see an exclamation mark icon prompting you to sign in to finish restoring from backup. After you select the appropriate icon, you'll be prompted to sign in again to update your information.-
-## Next steps
-
-Now that you've backed up and recovered your account credentials to your new device, you can continue to use the Microsoft Authenticator app to verify your identity. For more information, see [Sign in to your accounts using the Microsoft Authenticator app](user-help-sign-in.md).
-
-## Related articles
--- [What is the Microsoft Authenticator app?](user-help-auth-app-overview.md)--- [Microsoft Authenticator app FAQ](user-help-auth-app-faq.md)--- [Multi-factor Authentication](/azure/multi-factor-authentication/)
active-directory User Help Auth App Download Install https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/user-help-auth-app-download-install.md
- Title: Download and install the Microsoft Authenticator app - Azure AD
-description: Download and install the Microsoft Authenticator app to verify your identity while using two-factor verification.
-------- Previously updated : 05/31/2020----
-# Download and install the Microsoft Authenticator app
-
->[!Important]
->This content is intended for users. If you're an administrator, you can find more information about how to set up and manage your Azure Active Directory (Azure AD) environment in the [administrative documentation for Azure Active Directory](../index.yml).
->
-> If you're having issues signing in to your account, see [When you can't sign in to your Microsoft account](https://support.microsoft.com/help/12429) for help. Also, you can get more info about what to do when you receive the [ΓÇ£That Microsoft account doesn't existΓÇ¥](https://support.microsoft.com/help/13811) message when you try to sign in to your Microsoft account.
-
-The Microsoft Authenticator app helps you sign in to your accounts if you use two-factor verification. Two-factor verification helps you to use your accounts more securely because passwords can be forgotten, stolen, or compromised. Two-factor verification uses a second factor like your phone to make it harder for other people to break in to your account. You can use the Microsoft Authenticator app in multiple ways, including:
--- **Two-factor verification.** The standard verification method, where one of the factors is your password. After you sign in using your username and password, you can either approve a notification or enter a provided verification code.--- **Phone sign-in.** A version of two-factor verification that lets you sign in without requiring a password, using your username and your mobile device with your fingerprint, face, or PIN.--- **Code generation.** As a code generator for any other accounts that support authenticator apps.-
-Authenticator works with any account that uses two-factor verification and supports the time-based one-time password (TOTP) standards.
-
-Your organization might require you to use the Authenticator app to sign in and access your organization's data and documents. Even if your user name appears in the app, the account isn't set up as a verification method until you complete the registration. For more information, see [Add your work or school account](user-help-auth-app-add-work-school-account.md).
-
-## Download and install the app
-
-Install the latest version of the Microsoft Authenticator app, based on your operating system:
--- **Google Android.** On your Android device, go to Google Play to [download and install the Microsoft Authenticator app](https://app.adjust.com/e3rxkc_7lfdtm?fallback=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.azure.authenticator).--- **Apple iOS.** On your Apple iOS device, go to the App Store to [download and install the Microsoft Authenticator app](https://app.adjust.com/e3rxkc_7lfdtm?fallback=https%3A%2F%2Fitunes.apple.com%2Fus%2Fapp%2Fmicrosoft-authenticator%2Fid983156458).-
->[!Important]
->If you're not currently on your mobile device, you can still get the Microsoft Authenticator app by sending yourself a download link from the [Microsoft Authenticator page](https://www.microsoft.com/en-us/account/authenticator).
-
-## Next steps
-
-After you download and install the app, check out the [Authenticator app overview](user-help-auth-app-overview.md) to learn more. For more setup options, see:
--- **Authenticator app.** Download and use an authenticator app to get either an approval notification or a randomly generated approval code for two-step verification or password reset. For step-by-step instructions about how to set up and use the Microsoft Authenticator app, see [Set up security info to use an authenticator app](security-info-setup-auth-app.md).--- **Mobile device text.** Enter your mobile device number and get a text a code you'll use for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a text message (SMS), see [Set up security info to use text messaging (SMS)](security-info-setup-text-msg.md).--- **Mobile device or work phone call.** Enter your mobile device number and get a phone call for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a phone number, see [Set up security info to use phone calls](security-info-setup-phone-number.md).--- **Security key.** Register your Microsoft-compatible security key and use it along with a PIN for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a security key, see [Set up security info to use a security key](security-info-setup-security-key.md).--- **Email address.** Enter your work or school email address to get an email for password reset. This option isn't available for two-step verification. For step-by-step instructions about how to set up your email, see [Set up security info to use email](security-info-setup-email.md).--- **Security questions.** Answer some security questions created by your administrator for your organization. This option is only available for password reset and not for two-step verification. For step-by-step instructions about how to set up your security questions, see the [Set up security info to use security questions](security-info-setup-questions.md) article.
active-directory User Help Auth App Faq https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/user-help-auth-app-faq.md
- Title: Questions & answers about Microsoft Authenticator app - Azure AD
-description: Frequently asked questions and answers (FAQs) about the Microsoft Authentication app and two-factor verification.
-------- Previously updated : 06/21/2021----
-# Frequently asked questions (FAQ) about the Microsoft Authenticator app
-
-This article answers common questions about the Microsoft Authenticator app. If you don't see an answer to your question, go to the [Microsoft Authenticator app forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=MicrosoftAuthenticatorApp).
-
-The Microsoft Authenticator app replaced the Azure Authenticator app, and it's the recommended app when you use Azure AD Multi-Factor Authentication. The Microsoft Authenticator app is available for [Android](https://app.adjust.com/e3rxkc_7lfdtm?fallback=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.azure.authenticator) and [iOS](https://app.adjust.com/e3rxkc_7lfdtm?fallback=https%3A%2F%2Fitunes.apple.com%2Fus%2Fapp%2Fmicrosoft-authenticator%2Fid983156458).
-
-## Frequently asked questions
-
-### Permission to access your location
-
-**Q**: I got a prompt asking me to grant permission for the app to access my location. Why am I seeing this?
-
-**A**: You will see a prompt from Microsoft Authenticator asking for access to your location if your IT admin has created a policy requiring you to share your GPS location before you are allowed to access specific resources. YouΓÇÖll need to share your location once every hour to ensure you are still within a country where you are allowed to access the resource.
-
-On iOS, Microsoft recommends allowing the app to access location always. Follow the iOS prompts to grant that permission. HereΓÇÖs what each permission level will mean for you:
--- **Allow while using the app**: If you choose this option, youΓÇÖll be prompted to select two more options.-- **Always allow (recommended)**: While youΓÇÖre still accessing the protected resource, for the next 24 hours, your location will be shared silently once per hour from the device, so you will not need to get out your phone and manually approve each hour.-- **Keep only while using**: While youΓÇÖre still accessing the protected resource, every hour, youΓÇÖll need to pull out your device and manually approve the request.-- **Allow once**: Once every hour that youΓÇÖre still accessing the resource, or next time you try to access the resource, youΓÇÖll need to grant permission again. You will need to go to Settings and manually enable the permission. -- **DonΓÇÖt allow**: If you select this option, youΓÇÖll be blocked from accessing the resource. If you change your mind, you will need to go to Settings and manually enable the permission.-
-On Android, Microsoft recommends allowing the app to access location all the time. Follow the Android prompts to grant that permission. HereΓÇÖs what each permission level will mean for you:
--- **Allow all the time (recommended)**: While youΓÇÖre still accessing the protected resource, for the next 24 hours, your location will be shared silently once per hour from the device, so you will not need to get out your phone and manually approve each hour.-- **Allow only while using the app**: While youΓÇÖre still accessing the protected resource, every hour, youΓÇÖll need to pull out your device and manually approve the request.-- **Deny and donΓÇÖt ask again**: If you select this option, youΓÇÖll be blocked from accessing the resource.-
-**Q**: How is my location information used and stored?
-
-**A**: The Authenticator app collects your GPS information to determine what country you are located in. The country name and location coordinates are sent back to the system to determine if you are allowed to access the protected resource. The country name is stored and reported back to your IT admin, but your actual coordinates are never saved or stored on Microsoft servers.
-
-### Notification blocks sign-in
-
-**Q**: IΓÇÖm trying to sign in and I need to select the number in my app thatΓÇÖs displayed on the sign- in screen. However, the notification prompt from Authenticator is blocking the sign-in screen. What do I do?
-
-**A**: Select the ΓÇ£HideΓÇ¥ option on the notification so you can see the sign-in screen and the number you need to select. The prompt will reappear after 5 seconds, and you can select the correct number then.
-
-### Registering a device
-
-**Q**: Is registering a device agreeing to give the company or service access to my device?
-
-**A**: Registering a device gives your device access to your organization's services and doesn't allow your organization access to your device.
-
-### Error adding account
-
-**Q**: When I try to add my account, I get an error message saying ΓÇ£The account you're trying to add is not valid at this time. Contact your admin to fix this issue (uniqueness validation).ΓÇ¥ What should I do?
-
-**A**: Reach out to your admin and let them know youΓÇÖre prevented from adding your account to Authenticator because of a uniqueness validation issue. YouΓÇÖll need to provide your sign-in username so that your admin can look you up in your organization.
-
-### Legacy APNs support deprecated
-
-**Q**: Because the legacy binary interface for Apple Push Notification service is being deprecated in November 2020, how can I continue to use Microsoft Authenticator/Phone Factor to sign-in?
-
-**A**: [Apple announced deprecation](https://developer.apple.com/news/?id=11042019a) of push notifications that use its binary interface for iOS devices, such as those used by Phone Factor. To continue to receive push notifications, we recommend that users update their Authenticator app to the latest version of the app. In the meantime, you can work around it by manually checking for notifications in the Authenticator app.
-
-### App Lock feature
-
-**Q**: What is App Lock, and how can I use it to help to keep me more secure?
-
-**A**: App Lock helps keep your one-time verification codes, app information, and app settings more secure. When App Lock is enabled, youΓÇÖll be asked to authenticate using your device PIN or biometric every time you open Authenticator. App Lock also helps ensure that youΓÇÖre the only one who can approve notifications by prompting for your PIN or biometric any time you approve a sign-in notification. You can turn App Lock on or off on the Authenticator Settings page. By default, App Lock is turned on when you set up a PIN or biometric on your device.<br><br>Unfortunately, there's no guarantee that App Lock will stop someone from accessing Authenticator. That's because device registration can happen in other locations outside of Authenticator, such as in Android account settings or in the Company Portal app.
-
-### Windows Mobile retired
-
-**Q**: I have a Windows Mobile device, and the Microsoft Authenticator on Windows Mobile has been deprecated. Can I continue authenticating using the app?
-
-**A**: All authentications using the Microsoft Authenticator on Windows Mobile will be retired after July 15, 2020. We strongly recommend that you use an alternate authentication method to avoid being locked out of your accounts.<br>Alternate options for enterprise users include:<br><ul><li>Setting up the Microsoft Authenticator for [Android](https://play.google.com/store/apps/details?id=com.azure.authenticator) or [iOS](https://apps.apple.com/app/microsoft-authenticator/id983156458).</li><li>[Setting up SMS](multi-factor-authentication-setup-phone-number.md) to receive verification codes.</li><li>Setting up phone number to receive [phone calls to verify their identity](multi-factor-authentication-setup-office-phone.md).</li></ul><br>Alternate options for personal Microsoft account users include:<br><ul><li>Setting up the Microsoft Authenticator for [Android](https://play.google.com/store/apps/details?id=com.azure.authenticator) or [iOS](https://apps.apple.com/app/microsoft-authenticator/id983156458).</li><li>Setting up an alternate sign-in method (SMS or email) by updating your security info from the [Microsoft Account Security page](https://account.microsoft.com/security/).</li></ul>
-
-### Android screenshots
-
-**Q**: Can I take screenshots of my one-time password (OTP) codes on the Android Authenticator?
-
-**A**: Beginning with release 6.2003.1704 of Authenticator Android, by default all OTP codes are hidden anytime a screenshot of Authenticator is taken. If you want to see your OTP codes in screenshots or allow other apps to capture the Authenticator screen, you can. Just turn on the **Screen Capture** setting in Authenticator and restart the app.
-
-### Delete stored data
-
-**Q**: What data does the Authenticator store on my behalf and how can I delete it?
-
-**A**: The Authenticator app collects three types of information:
--- Account info you provide when you add your account. After adding your account, depending on the features you enable for the account, your account data might sync down to the app. This data can be removed by removing your account.-- Diagnostic log data that stays only in the app until you **Send feedback** in the app's top menu to send logs to Microsoft. These logs can contain personal data such as email addresses, server addresses, or IP addresses. They also can contain device data such as device name and operating system version. Any personal data collected is limited to info needed to help troubleshoot app issues. You can browse these log files in the app at any time to see the info being gathered. If you send your log files, Authentication app engineers will use them only to troubleshoot customer-reported issues.-- Non-personally identifiable usage data, such "started add account flow/successfully added account," or "notification approved." This data is an integral part of our engineering decisions. Your usage helps us determine where we can improve the apps in ways that are important to you. You see a notification of this data collection when you use the app for the first time. It informs you that it can be turned off on the app's **Settings** page. You can turn this setting on or off at any time.-
-### Codes in the app
-
-**Q**: What are the codes in the app for?
-
-**A**: When you open Authenticator, you'll see your added accounts as tiles. Your work or school accounts and your personal Microsoft accounts will have six or eight digit numbers visible in the full screen view of the account (accessed by tapping the account tile). For other accounts, youΓÇÖll see a six or eight digit number in the **Accounts** page of the app.<br>You'll use these codes as single-use password to verify that you are who you say you are. After you sign in with your username and password, you'll type in the verification code that's associated with that account. For example, if you're Katy signing in to your Contoso account, you'd tap the account tile and then use the verification code 895823. For the Outlook account, youΓÇÖd follow the same steps.<br>Tap the Contoso account tile.<br>![Account tiles in the Authenticator app](media/user-help-auth-app-faq/katy-signin.png)<br>After you tap the Contoso account tile, the verification code is visible in full screen.<br>![Verification code in the account tile in Authenticator](media/user-help-auth-app-faq/verification-code.png)
-
-### Countdown timer
-
-**Q**: Why does the number next to the code keep counting down?
-
-**A**: You might see a 30-second timer counting down next to your active verification code. This timer is so that you never sign in using the same code twice. Unlike a password, we don't want you to remember this number. The idea is that only someone with access to your phone knows your code.
-
-### Grayed account tile
-
-**Q**: Why is my account tile gray?
-
-**A**: Some organizations require Authenticator to work with single sign-on and to protect organizational resources. In this situation, the account isn't used for two-step verification and shows up as gray or inactive. This type of account is frequently called a "broker" account.
-
-### Device registration
-
-**Q**: What is device registration?
-
-**A**: Your org might require you to register the device to track access to secured resources, such as files and apps. They also might turn on Conditional Access to reduce the risk of unwanted access to those resources. You can unregister your device in **Settings**, but you may lose access to emails in Outlook, files in OneDrive, and you'll lose the ability to use phone sign-in.
-
-### Verification codes when connected
-
-**Q**: Do I need to be connected to the Internet or my network to get and use the verification codes?
-
-**A**: The codes don't require you to be on the Internet or connected to data, so you don't need phone service to sign in. Additionally, because the app stops running as soon as you close it, it won't drain your battery.
-
-### No notifications when app is closed
-
-**Q**: Why do I only get notifications when the app is open? When the app is closed, I don't get notifications.
-
-**A**: If you're getting notifications, but not an alert, even with your ringer on, you should check your app settings. Make sure the app is turned on to use sound or to vibrate for notifications. If you don't get notifications at all, you should check the following conditions:<ul><li>Is your phone in Do Not Disturb or Quiet mode? These modes can prevent apps from sending notifications.</li><li>Can you get notifications from other apps? If not, it could be a problem with the network connections on your phone, or the notifications channel from Android or Apple. You can try to resolve your network connections through your phone settings. You might need to talk to your service provider to help with the Android or Apple notifications channel.</li><li>Can you get notifications for some accounts on the app, but not others? If yes, remove the problematic account from your app, add it again allowing notifications, and see if that fixes the problem.</li></ul>If you tried all of these steps and are still having issues, we recommend sending your log files for diagnostics. Open the app, go to app’s top-level menu, and then select **Send feedback**. After that, go to the [Microsoft Authenticator app forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=MicrosoftAuthenticatorApp) and tell Microsoft the problem you're seeing and the steps you tried.
-
-### Switch to push notifications
-
-**Q**: I'm using the verification codes in the app, but how do I switch to the push notifications?
-
-**A**: You can set up notifications for your work or school account (if allowed by your administrator) or for your personal Microsoft account. Notifications won't work for third-party accounts, like Google or Facebook.<br>To switch your personal account over to notifications, you'll have to re-register your device with the account. Go to **Add Account**, select **Personal Microsoft Account**, and then sign in using your username and password.<br>For your work or school account, your organization decides whether or not to allow one-click notifications.
-
-### Notifications for other accounts
-
-**Q**: Do notifications work for non-Microsoft accounts?
-
-**A**: No, notifications only work with Microsoft accounts and Azure Active Directory accounts. If your work or school uses Azure AD accounts, they are able to turn off this feature.
-
-### Backup and recovery
-
-**Q**: I got a new device or restored my device from a backup. How do I set up my accounts in Authenticator again?
-
-**A**: If you turned on **Cloud Backup** on your old device, you can use your old backup to recover your account credentials on your new iOS or an Android device. For more info, see the [Backup and recover account credentials with Authenticator](user-help-auth-app-backup-recovery.md) article.
-
-### Lost device
-
-**Q**: I lost my device or moved on to a new device. How do I make sure notifications don't continue to go to my old device?
-
-**A**: Adding Authenticator to your new device doesn't automatically remove the app from your old device. Even deleting the app from your old device isn't enough. You must both delete the app from your old device AND tell Microsoft or your organization to forget and unregister the old device.<ul><li>**To remove the app from a device using a personal Microsoft account.** Go to the two-step verification area of your [Account Security](https://account.microsoft.com/security) page and choose to turn off verification for your old device.</li><li>**To remove the app from a device using a work or school Microsoft account.** Go to the two-step verification area of either your [MyApps page](https://myapps.microsoft.com/) or your organization's custom portal to turn off verification for your old device.</li></ul>
-
-### Remove account from app
-
-**Q**:How do I remove an account from the app?
-
-**A**: Tap the account tile for the account youΓÇÖd like to remove from the app to view the account full screen. Tap **Remove account** to remove the account from the app.<br>If you have a device that is registered with your organization, you might need an extra step to remove your account. On these devices, Authenticator is automatically registered as a device administrator. If you want to completely uninstall the app, you need to first unregister the app in the app settings.
-
-### Too many permissions
-
-**Q**: Why does the app request so many permissions?
-
-**A**: Here's the full list of permissions that might be asked for, and how they're used by the app. The specific permissions you see will depend on the type of phone you have.<ul><li>**Location**. Sometimes your organization wants to know your location before allowing you to access certain resources. The app will request this permission only if your organization has a policy requiring location.</li><li>**Use biometric hardware.** Some work and school accounts require an additional PIN whenever you verify your identity. The app requires your consent to use biometric or facial recognition instead of entering the PIN.</li><li>**Camera.** Used to scan QR codes when you add a work, school, or non-Microsoft account.</li><li>**Contacts and phone.** The app requires this permission to search for work or school Microsoft accounts on your phone and add them to the app for you.</li><li>**SMS.** Used to make sure your phone number matches the number on record when you sign in with your personal Microsoft account for the first time. We send a text message to the phone on which you installed the app that includes a 6-8 digit verification code. You don't need to find this code and enter it because Authenticator finds it automatically in the text message.</li><li>**Draw over other apps.** The notification you get that verifies your identity is also displayed on any other running app.</li><li>**Receive data from the internet.** This permission is required for sending notifications.</li><li>**Prevent phone from sleeping.** If you register your device with your organization, your organization can change this policy on your phone.</li><li>**Control vibration.** You can choose whether you would like a vibration whenever you receive a notification to verify your identity.</li><li>**Use fingerprint hardware.** Some work and school accounts require an additional PIN whenever you verify your identity. To make the process easier, we allow you to use your fingerprint instead of entering the PIN.</li><li> **View network connections.** When you add a Microsoft account, the app requires network/internet connection.</li><li>**Read the contents of your storage**. This permission is only used when you report a technical problem through the app settings. Some information from your storage is collected to diagnose the issue.</li><li>**Full network access.** This permission is required for sending notifications to verify your identity.</li><li>**Run at startup.** If you restart your phone, this permission ensures that you continue you receive notifications to verify your identity.</li></ul>
-
-### Approve requests without unlocking
-
-**Q**: Why does Authenticator allow you to approve a request without unlocking the device?
-
-**A**: You don't have to unlock your device to approve verification requests because all you need to prove is that you have your phone with you. Two-step verification requires proving two things--a thing you know, and a thing you have. The thing you know is your password. The thing you have is your phone (set up with Authenticator and registered as a multi-factor authentication proof.) Therefore, having the phone and approving the request meets the criteria for the second factor of authentication.
-
-### Activity notifications
-
-**Q**: Why am I getting notifications about my account activity?
-
-**A**: Activity notifications are sent to Authenticator immediately whenever a change is made to your personal Microsoft accounts, helping to keep you more secure. We previously sent these notifications only through email and SMS. For more information about these activity notifications, see [What happens if there's an unusual sign-in to your account](https://support.microsoft.com/help/13967/microsoft-account-unusual-sign-in). To change where you receive your notifications, sign in to the [Where can we contact you with non-critical account alerts](https://account.live.com/SecurityNotifications/Update) page of your account.
-
-### One-time passcodes
-
-**Q**: My one-time passcodes are not working. What should I do?
-
-**A**: Make sure the date and time on your device are correct and are being automatically synced. If the date and time is wrong, or out of sync, the code won't work.
-
-### Windows 10 Mobile
-
-**Q**: The Windows 10 Mobile operating system was deprecated December 2019. Will the Microsoft Authenticator on Windows Mobile operating systems be deprecated as well?
-
-**A**: Authenticator on all Windows Mobile operating systems will not be supported after Feb 28, 2020. Users will not be eligible for receiving any new updates to the app post the aforementioned date. After Feb 28, 2020 Microsoft services that currently support authentications using the Microsoft Authenticator on all Windows Mobile operating systems will begin to retire their support. In order to authenticate into Microsoft services, we strongly encourage all our users to switch to an alternate authentication mechanism prior to this date.
-
-### Default mail app
-
-**Q**: While signing in to my work or school account using the default mail app that comes with iOS, I get prompted by Authenticator for my security verification information. After I enter that information and return to the mail app, I get an error. What can I do?
-
-**A**: This most-likely happens because your sign-in and your mail app are occurring across two different apps, causing the initial background sign-in process to stop working and to fail. To try to fix this, we recommend you select the **Safari** icon on the bottom right side of the screen while signing in to your mail app. By moving to Safari, the whole sign-in process happens in a single app, allowing you to sign in to the app successfully.
-
-### Apple Watch watchOS 7
-
-**Q**: Why I am having issues with Apple Watch on watchOS 7?
-
-**A**: Sometimes, approving or denying a session on watchOS 7 fails with the error message "Failed to communicate with the phone. Make sure to keep your Watch screen awake during future requests. See the FAQs for more info.". There is a known issue with notifications when app lock is enabled or when number matching is required, and weΓÇÖre working with Apple to get this fixed. In the meantime, any notifications that require the Microsoft Authenticator watchOS app should be approved on your phone instead.
-
-### Signing into an iOS app
-
-**Q**: IΓÇÖm trying to sign into an iOS app, and I need to approve a notification on the Authenticator app. When I go back to the iOS app, I get stuck. What can I do?
-
-**A**: This is a known issue on iOS 13+. Reach out to your support admin for help, and provide the following details: `Use Azure MFA, not MFA server.`
-
-### Apple Watch doesn't show accounts
-
-**Q**: Why aren't all my accounts showing up when I open Authenticator on my Apple Watch?
-
-**A**: Authenticator supports only Microsoft personal or school or work accounts with push notifications on the Apple Watch companion app. For your other accounts, like Google or Facebook, you have to open the Authenticator app on your phone to see your verification codes.
-
-### Apple Watch notifications
-
-**Q**: Why can't I approve or deny notifications on my Apple Watch?
-
-**A**: First, make sure you've upgraded to Authenticator version 6.0.0 or higher on your iPhone. After that, open the Microsoft Authenticator companion app on your Apple Watch and look for any accounts with a **Set Up** button beneath them. Complete the setup process to approve notifications for those accounts.
-
-### Apple Watch communication error
-
-**Q**: I'm getting a communication error between the Apple Watch and my phone. What can I do to troubleshoot?
-
-**A**: This error happens when your Watch screen goes to sleep before it finishes communicating with your phone.<br><b>If the error happens during setup:</b><br>Try to run setup again, making sure to keep your Watch awake until the process is done. At the same time, open the app on your phone and respond to any prompts that appear.<br>If your phone and Watch still aren't communicating, you can try the following actions:<ol><li>Force quit the Microsoft Authenticator phone app and open it again on your iPhone.</li><li>Force quit the companion app on your Apple Watch.<ol><li> Open the Microsoft Authenticator companion app on your Watch</li><li>Hold down the side button until the **Shutdown** screen appears.</li><li>Release the side button and hold down the Digital Crown to force quit the active app.</li></ol></li><li>Turn off both Bluetooth and Wi-Fi for both your phone and your Watch, and then turn them back on.</li><li>Restart your iPhone and your Watch.</li></ol><b>If the error occurs when you're trying to approve a notification:</b><br>The next time you try to approve a notification on your Apple Watch, keep the screen awake until the request is complete and you hear the sound that indicates it was successful.
-
-### Apple Watch companion app not syncing
-
-**Q**: Why isn't the Microsoft Authenticator companion app for Apple Watch syncing or showing up on my watch?
-
-**A**: If the app isn't showing up on your Watch, try the following actions: <ol><li>Make sure your Watch is running watchOS 4.0 or higher.</li><li>Sync your Watch again.</li></ol>
-
-### Apple Watch companion app crashed
-
-**Q**: My Apple Watch companion app crashed. Can I send you my crash logs so you can investigate?
-
-**A**: You first have to make sure you've chosen to share your analytics with us. If you're a TestFlight user, you're already signed up. Otherwise, you can go to **Settings > Privacy > Analytics** and select both the **Share iPhone & Watch analytics** and the **Share with App Developers** options.<br>After you sign up, you can try to reproduce your crash so your crash logs are automatically sent to us for investigation. However, if you can't reproduce your crash, you can manually copy your log files and send them to us.<ol><li>Open the Watch app on your phone, go to **Settings > General**, and then click **Copy Watch Analytics**.</li><li>Find the corresponding crash under **Settings > Privacy > Analytics > Analytics Data**, and then manually copy the entire text.</li><li>Open Authenticator on your phone and paste that copied text into theΓÇ»**Describe the issue you are facing** box under **Having trouble?** on theΓÇ»**Send feedback** page. </li></ol>
-
-## Autofill with Authenticator
-
-**Q**: What is Autofill with Authenticator?
-
-**A**: The Authenticator app now securely stores and autofills passwords on apps and websites you visit on your phone. You can use Autofill to sync and autofill your passwords on your iOS and Android devices. After setting up the Authenticator app as an autofill provider on your phone, it offers to save your passwords when you enter them on a site or in an app sign-in page. The passwords are saved as part of [your personal Microsoft account](https://account.microsoft.com/account) and are also available when you sign in to Microsoft Edge with your personal Microsoft account.
-
-**Q**: What information can Authenticator autofill for me?
-
-**A**: Authenticator can autofill usernames and passwords on sites and apps you visit on your phone.
-
-**Q**: How do I turn on password autofill in Authenticator on my phone?
-
-**A**: Follow these steps:
-
-1. Open the Authenticator app.
-1. On the **Passwords** tab in Authenticator, select **Sign in with Microsoft** and sign in using [your Microsoft account](https://account.microsoft.com/account). This feature currently supports only Microsoft accounts and doesn't yet support work or school accounts.
-
-**Q**: How do I make Authenticator the default autofill provider on my phone?
-
-**A**: Follow these steps:
-
-1. Open the Authenticator app.
-1. On the **Passwords** tab inside the app, select **Sign in with Microsoft** and sign in using [your Microsoft account](https://account.microsoft.com/account).
-1. Do one of the following:
-
- - On iOS, under **Settings**, select **How to turn on Autofill** in the Autofill settings section to learn how to set Authenticator as the default autofill provider.
- - On Android, under **Settings**, select **Set as Autofill provider** in the Autofill settings section.
-
-**Q**: What if **Autofill** is not available for me in Settings?
-
-**A**: If Autofill is not available for you in Authenticator, it might be because autofill has not yet been allowed for your organization or account type. You can use this feature on a device where your work or school account isnΓÇÖt added. To learn more on how to allow Autofill for your organization, see [Autofill for IT admins](#autofill-for-it-admins).
-
-**Q**: How do I stop syncing passwords?
-
-**A**: To stop syncing passwords in the Authenticator app, open **Settings** > **Autofill settings** > **Sync account**. On the next screen, you can select on **Stop sync and remove all autofill data**. This will remove passwords and other autofill data from the device. Removing autofill data doesn't affect multi-factor authentication.
-
-**Q**: How are my passwords protected by the Authenticator app?
-
-**A**: Authenticator app already provides a high level of security for multi-factor authentication and account management, and the same high security bar is also extended to managing your passwords.
--- **Strong authentication is needed by Authenticator app**: Signing into Authenticator requires a second factor. This means that your passwords inside Authenticator app are protected even if someone has your Microsoft account password.-- **Autofill data is protected with biometrics and passcode**: Before you can autofill password on an app or site, Authenticator requires biometric or device passcode. This helps add extra security so that even if someone else has access to your device, they can't fill or see your password, because theyΓÇÖre unable to provide the biometric or device PIN input. Also, a user cannot open the Passwords page unless they provide biometric or PIN, even if they turn off App Lock in app settings.-- **Encrypted Passwords on the device**: Passwords on device are encrypted, and encryption/decryption keys are never stored and always generated when needed. Passwords are only decrypted when user wants to, that is, during autofill or when user wants to see the password, both of which require biometric or PIN.-- **Cloud and network security**: Your passwords on the cloud are encrypted and decrypted only when they reach your device. Passwords are synced over an SSL-protected HTTPS connection, which helps prevent an attacker from eavesdropping on sensitive data when it is being synced. We also ensure we check the sanity of data being synced over network using cryptographic hashed functions (specifically, hash-based message authentication code).-
-## Autofill for IT admins
-
-**Q**: Will my employees or students get to use password autofill in Authenticator app?
-
-**A**: Yes, Autofill for your [personal Microsoft accounts](https://go.microsoft.com/fwlink/?linkid=2144423) now works for most enterprise users even when a work or school account is added to the Authenticator app. You can fill out a form to allow or deny Autofill for your organization and [send it to the Authenticator team](https://aka.ms/ConfigureAutofillInAuthenticator). Autofill is not currently available for work or school accounts.
-
-**Q**: Will my usersΓÇÖ work or school account password get automatically synced?
-
-**A**: No. Password autofill won't sync work or school account password for your users. When users visit a site or an app, Authenticator will offer to save the password for that site or app, and password is saved only when user chooses to.
-
-**Q**: Can I allowlist only certain users of my organization for Autofill?
-
-**A**: No. Enterprises can only enable passwords autofill for all or none of their employees at this time.
-
-**Q**: What if my employee or student has multiple work or school accounts? For example, my employee has accounts from multiple enterprises or schools in their Microsoft Authenticator.
-
-**A**: All enterprises or schools added in the Authenticator app need to be allow-listed for Autofill in Authenticator for the app owner to be able to use it. The one exception to this restriction is when your employee or student adds their work or school account into Microsoft cloud-based multi-factor authentication as an [external or third-party account](user-help-auth-app-add-non-ms-account.md).
-
-## Next steps
--- If you're having trouble getting your verification code for your personal Microsoft account, see the **Troubleshooting verification code issues** section of the [Microsoft account security info & verification codes](https://support.microsoft.com/help/12428/microsoft-account-security-info-verification-codes) article.--- If you want more information about two-step verification, see [Set up my account for two-step verification](multi-factor-authentication-end-user-first-time.md)--- If you want more information about security info, see [Security info (preview) overview](./security-info-setup-signin.md)--- If your question wasn't answered here, we want to hear from you. Go to the [Microsoft Authenticator app forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=MicrosoftAuthenticatorApp) to post your question and get help from the community, or leave a comment on this page.
active-directory User Help Auth App Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/user-help-auth-app-overview.md
- Title: What is the Microsoft Authenticator app? - Azure Active Directory | Microsoft Docs
-description: Learn about the Microsoft Authenticator app, including what it is, how it works, and what information is included in this section of the content.
--------- Previously updated : 01/15/2020---
-# What is the Microsoft Authenticator app?
-
-The Microsoft Authenticator app helps you sign-in to your accounts if you use two-factor verification. Two-factor verification helps you to access your accounts more securely, especially while viewing sensitive information. Because passwords can be forgotten, stolen, or compromised, two-factor verification is an additional security step that helps protect your account by making it harder for other people to break in.
-
-You can use the Microsoft Authenticator app in multiple ways, including:
--- Respond to a prompt for authentication after you sign in with your username and password.--- Sign-in without entering a password, using your username, the authenticator app, and your mobile device with your fingerprint, face, or PIN.--- As a code generator for any other accounts that support authenticator apps.-
-> [!Important]
-> The Microsoft Authenticator app works with any account that uses two-factor verification and supports the time-based one-time password (TOTP) standards.
->
->This article is intended for users trying to download and use the Microsoft Authenticator app as a security verification method. If you're an administrator looking for information about how to turn on passwordless sign-in using the Authenticator app for your employees and other uses, see the [Enable passwordless sign-in with the Microsoft Authenticator app (preview)](../authentication/howto-authentication-passwordless-phone.md).
-
-## Terminology
-
-| Term|Description|
-| -|--|
-| Two-factor verification | A verification process that requires you to specifically use only two pieces of verification info, like a password and a PIN. The Microsoft Authenticator app supports both the standard two-factor verification and passwordless sign-in. |
-| Multi-factor authentication (MFA) | All two-factor verification is multi-factor authentication, requiring you to use *at least* two pieces of verification info, based on your organization's requirements. |
-| Microsoft account (also called, MSA) | You create your own personal accounts, to get access to your consumer-oriented Microsoft products and cloud services, such as Outlook, OneDrive, Xbox LIVE, or Microsoft 365. Your Microsoft account is created and stored in the Microsoft consumer identity account system that's run by Microsoft. |
-| Work or school account | Your organization creates your work or school account (such as alain@contoso.com) to let you access internal and potentially restricted resources, such as Microsoft Azure, Windows Intune, and Microsoft 365. |
-| Verification code | The six-digit code that appears in the authenticator app, under each added account. The verification code changes every 30 seconds preventing someone from using a code multiple times. This is also known as a one-time passcode (OTP). |
-
-## How two-factor verification works with the app
-
-Two factor verification works with the Microsoft Authenticator app in the following ways:
--- **Notification.** Type your username and password into the device you're logging into for either your work or school account or your personal Microsoft account, and then the Microsoft Authenticator app sends a notification asking you to **Approve sign-in**. Choose **Approve** if you recognize the sign-in attempt. Otherwise, choose **Deny**. If you choose **Deny**, you can also mark the request as fraudulent.--- **Verification code.** Type your username and password into the device you're logging into for either your work or school account or your personal Microsoft account, and then copy the associated verification code from the **Accounts** screen of the Microsoft Authenticator app. The verification code is also known as one-time passcode (OTP) authentication.--- **Passwordless sign-in.** Type your username into the device you're logging into for either your work or school account or your personal Microsoft account, and then use your mobile device to verify it's you by using your fingerprint, face, or PIN. For this method, you don't need to enter your password.-
-### Whether to use your device's biometric capabilities
-
-If you use a PIN to complete the authentication process, you can set up the Microsoft Authenticator app to instead use your device's fingerprint or facial recognition (biometric) capabilities. You can set this up the first time you use the authenticator app to verify your account, by selecting the option to use your device biometric capabilities as identification instead of your PIN.
-
-## Who decides if you use this feature?
-
-Depending on your account type, your organization might decide that you must use two-factor verification, or you might be able to decide for yourself.
--- **Work or school account.** If you're using a work or school account (for example, alain@contoso.com), it's up to your organization whether you must use two-factor verification, along with the specific verification methods. For more information about adding your work or school account to the Microsoft Authenticator app, see [Add your work or school accounts](user-help-auth-app-add-work-school-account.md).--- **Personal Microsoft account.** You can choose to set up two-factor verification for your personal Microsoft accounts (for example, alain@outlook.com). For more information about adding your personal Microsoft account, see [Add your personal accounts](user-help-auth-app-add-personal-ms-account.md).--- **Non-Microsoft account.** You can choose to set up two-factor verification for your non-Microsoft accounts (for example, alain@gmail.com). Your non-Microsoft accounts might not use the term, two-factor verification, but you should be able to find the feature within the **Security** or the **Sign-in** settings. The Microsoft Authenticator app works with any accounts that support the TOTP standards. For more information about adding your non-Microsoft accounts, see [Add your non-Microsoft accounts](user-help-auth-app-add-non-ms-account.md).-
-## In this section
-
-| Article | Description |
-| | |
-| [Download and install the app](user-help-auth-app-download-install.md) | Describes where and how to get and install the Microsoft Authenticator app for devices running Android and iOS. |
-| [Add your work or school accounts](user-help-auth-app-add-work-school-account.md) | Describes how to add your various work or school and personal accounts to the Microsoft Authenticator app. |
-| [Add your personal accounts](user-help-auth-app-add-personal-ms-account.md) | Describes how to add your personal Microsoft accounts to the Microsoft Authenticator app. |
-| [Add your non-Microsoft accounts](user-help-auth-app-add-non-ms-account.md) | Describes how to add your non-Microsoft accounts to the Microsoft Authenticator app. |
-| [Manually add your accounts](user-help-auth-app-add-account-manual.md) | Describes how to manually add your accounts to the Microsoft Authenticator app, if you're unable to scan the provided QR code. |
-| [Sign-in using the app](user-help-auth-app-sign-in.md) | Describes how to sign in to your various accounts, using the Microsoft Authenticator app.|
-| [Backup and recover account credentials](user-help-auth-app-backup-recovery.md) | Provides information about how to back up and recover your account credentials, using the Microsoft Authenticator app. |
-| [Microsoft Authenticator app FAQ](user-help-auth-app-faq.md) | Provides answers to frequently asked questions about the app. |
active-directory User Help Auth App Sign In https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/user-help-auth-app-sign-in.md
- Title: Sign in using the Microsoft Authenticator app - Azure AD
-description: Use the Microsoft Authenticator app to sign in to your work or school account or your personal Microsoft and non-Microsoft accounts, using either two-factor verification or phone sign-in.
-------- Previously updated : 03/12/2021----
-# Sign in to your accounts using the Microsoft Authenticator app
-
-The Microsoft Authenticator app helps you sign in to your accounts if you use two-factor verification. Two-factor verification helps you to access your accounts more securely, especially while viewing sensitive information. Because passwords can be forgotten, stolen, or compromised, two-factor verification is an additional security step that helps protect your account by making it harder for other people to break in.
-
-You can use the Microsoft Authenticator app in multiple ways, including:
--- Providing a prompt for a second verification method after you sign in with your username and password.--- Providing sign-in without requiring a password, using your username and your mobile device with your fingerprint, face, or PIN.-
- >[!Important]
- >This phone sign-in method only works with your work or school and personal Microsoft accounts. Your non-Microsoft accounts require you to use the standard two-factor verification process.
-
-## Prerequisites
-
-Before you can use the Microsoft Authenticator app, you must:
-
- 1. Download and install the Microsoft Authenticator app. If you haven't done this yet, see [Download and install the app](user-help-auth-app-download-install.md).
-
- 2. Add your work/school, personal, and third-party accounts to the Microsoft Authenticator app. For the detailed steps, see [Add your work or school account](user-help-auth-app-add-work-school-account.md), [Add your personal accounts](user-help-auth-app-add-personal-ms-account.md), and [Add your non-Microsoft accounts](user-help-auth-app-add-non-ms-account.md).
-
-## Turn on and use phone sign-in for your work or school account
-
-Phone sign-in is a type of two-step verification. You must still verify your identity by providing a thing you know and a thing you have, but phone sign-in lets you skip entering your account password and performs all of your identity verification on your mobile device.
-
-Before you can turn on phone sign-in, you must turn on two-factor verification. For more information about how to turn on two-factor verification for an account, see [Add your work or school account](user-help-auth-app-add-work-school-account.md) and [Add your personal accounts](user-help-auth-app-add-personal-ms-account.md).
-
-Phone sign-in is only available on iOS and Android devices running Android 6.0 or above.
-
-### Turn on phone sign-in
-
-Open the Microsoft Authenticator app, go to your work or school account, and turn on phone sign-in.
--- **When you tap the account tile**, you see a full screen view of the account. If you see **Phone sign-in enabled** that means you are fully set up to sign in without your password. If you see **Enable phone sign-in**, tap it to turn on phone sign-in.-- **If youΓÇÖve already been using the app for two-factor verification**, you can tap the account tile to see a full screen view of the account. Then tap **Enable phone sign-in** to turn on phone sign-in.-- **If you can't find your work or school account** on the **Accounts** screen of the app, it means that you haven't added it to the app yet. Add your work or school account by following the steps in the [Add your work or school account help](user-help-auth-app-add-work-school-account.md).-
-> [!NOTE]
-> Microsoft doesn't support a combination of device registration and certificate-based authentication in Authenticator on iOS. Instead, the user must register the device manually through Authenticator settings before signing in.
-
-After you turn on phone sign-in, you can sign in using only the Microsoft Authenticator app. Here's how:
-
-1. Sign in to your work or school account.
-
- After typing your username, an **Approve sign in** screen appears showing you a two-digit number and asking you to sign-in through the Microsoft Authenticator app. If you donΓÇÖt want to use this sign in method, you can select **Use your password instead**, and sign in using your password.
-
- ![Approve sign-in box on computer](media/user-help-auth-app-sign-in/microsoft-auth-app-sign-in.png)
-
-2. Open the notification or the Microsoft Authenticator app on your device, and then tap the number that matches the number you see on your computerΓÇÖs **Approve sign-in** screen.
-
- ![Approve sign-in box on device](media/user-help-auth-app-sign-in/microsoft-auth-app-sign-in-numbers.png)
-
-3. Choose **Approve** if you recognize the sign-in attempt. Otherwise, choose **Deny**.
-
-4. Use your phoneΓÇÖs PIN or your biometric key to complete the authentication.
-
-## Turn on and use phone sign-in for your personal Microsoft accounts
-
-You can turn on phone sign-in for your personal Microsoft account, such as the account you use to sign in to Outlook.com, Xbox, or Skype.
-
->[!NOTE]
->To help protect your account, the Microsoft Authenticator app requires a PIN or biometric lock on your device. If you keep your phone unlocked, the app requires you to set up a security lock before turning on phone sign-in.
-
-### Turn on phone sign-in
-
-Open the Microsoft Authenticator app, go to your work or school account, and turn on phone sign-in.
--- **When you tap on the account tile**, you see a full screen view of the account. If you see **Phone sign-in enabled** that means you are fully set up to sign in without your password. If you see **Enable phone sign-in**, tap it to turn on phone sign-in.-- **If youΓÇÖre already using the app for two-factor verification**, you can tap the account tile to see a full screen view of the account. Then tap **Enable phone sign-in** to turn on phone sign-in.-- **If you can't find your account** on the **Accounts** screen of the app, it means that you haven't added it to the app yet. Add your personal Microsoft account by following the steps in the [Add personal Microsoft accounts](user-help-auth-app-add-personal-ms-account.md) article.-
-### Sign in to your account using phone sign-in
-
-1. Go to your personal Microsoft account sign-in page, and then instead of typing your password, select the **Use the Microsoft Authenticator app instead** link.
-
- Microsoft sends a notification to your phone.
-
-2. Approve the notification.
-
-## Sign in using two-factor verification for your account
-
-The standard two-factor verification method requires you to enter your username and password into the device you're signing in to, and then choose whether the Microsoft Authenticator app receives a notification or if you want to copy the verification code from the Authenticator app. On an Android device, the verification codes can be found on the **Accounts** screen. On an iOS device, these verification codes can be found in the **Accounts** screen or the full screen view of an account depending on the type of account. You turn on two-factor verification for your account when you add the account to the Microsoft Authenticator app.
-
->[!Note]
->If you don't see your work or school account or your personal account on the **Accounts** screen of the Microsoft Authenticator app, it means that you haven't added the account to the Microsoft Authenticator app. To add your account, see [Add your work or school account](user-help-auth-app-add-work-school-account.md) or [Add your personal accounts](user-help-auth-app-add-personal-ms-account.md).
-
-For the steps necessary to sign in to your work or school or your personal account, using the various methods of two-factor verification, see [Sign in using two-step verification or security info](user-help-sign-in.md).
-
-## Frequently asked questions
-
-| Question | Solution |
-| -- | -- |
-| How is signing in with my phone more secure than typing a password? | Today most people sign in to web sites or apps using a username and password. Unfortunately, passwords can be lost, stolen, or guessed by hackers.<br><br>After you set up the Microsoft Authenticator app, it creates a key on your phone to unlock your account thatΓÇÖs protected by your phoneΓÇÖs PIN or biometric lock. This key is then used to prove your identity while signing in.<br><br>**Important**<br>Your data is only used to protect your key locally. ItΓÇÖs never sent to, or stored in, the cloud. |
-| Does phone sign-in replace two-step verification? Should I turn it off? | Phone sign-in is a type of two step verification where the two steps both happen on the mobile device. You should keep two step verification turned on to help provide additional security for your account. |
-| If I keep two-step verification turned on for my account, do I have to approve two notifications? | No. Signing in to your Microsoft account using your phone also counts as two-step verification, so there is no second approval required. |
-| What if I lose my phone or donΓÇÖt have it with me? How do I access my account? | You can always select the Use a password instead link on the sign-in page to switch back to using your password. However, if you use two-step verification youΓÇÖll still need to use a second method to verify your identity.<br><br>**Important**<br>We strongly encourage you to make sure you have more than one, up-to-date, verification method associated with your account.<br><br>You can manage your verification methods for personal accounts from your [Security settings](https://account.live.com/proofs/manage) page. For work or school accounts, you can go to your organizationΓÇÖs [Additional security verification](https://account.activedirectory.windowsazure.com/proofup.aspx?proofup=1) page or the **Keep your account secure** page if your administrator has turned on security info. For more information about security info, see [Security info (preview) overview](./security-info-setup-signin.md).<br><br>If youΓÇÖre unable to manage your verification methods, you must contact your administrator. |
-| How do I stop using this feature and go back to using my password? | For personal accounts, select the **Use a password instead** link during sign in. Your most recent choice is remembered and offered by default the next time you sign in. If you ever want to go back to using phone sign-in, select the **Use an app instead** link during sign in.<br><br>For work or school accounts, you must either unregister the device from the **Settings** page of the Microsoft Authenticator app, or disable the device from the **Devices & activity** area of your profile. For more information about disabling your device from your profile, see [Update your profile and account info from the My Apps portal](./my-account-portal-devices-page.md#disable-a-device). |
-| Why canΓÇÖt I use more than one work or school account for phone sign-in? | A phone must be registered to a single work or school account. If you want to turn on phone sign-in for a different work or school account, you must unregister your account from this device through the **Settings** page. |
-| Can I sign in to my computer using my phone? | For your computer, we recommend signing in using Windows Hello on Windows 10. Windows Hello lets you use your face, fingerprint, or PIN to sign in. |
-
-## Next steps
--- If you're having trouble getting your verification code for your personal Microsoft account, see the **Troubleshooting verification code issues** section of the [Microsoft account security info & verification codes](https://support.microsoft.com/help/12428/microsoft-account-security-info-verification-codes) article.--- If you have more general questions about the app, see the [Microsoft Authenticator FAQs](user-help-auth-app-faq.md)--- If you want more information about two-step verification, see [Set up my account for two-step verification](multi-factor-authentication-end-user-first-time.md)--- If you want more information about security info, see [Security info (preview) overview](./security-info-setup-signin.md)
active-directory User Help Authenticator App Import Passwords https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/user-help-authenticator-app-import-passwords.md
- Title: Import passwords into the Microsoft Authenticator app - Azure AD
-description: How to import passwords into the Microsoft Authentication app from popular password managers.
-------- Previously updated : 01/28/2021----
-# Import passwords into the Microsoft Authenticator app
-
-Microsoft Authenticator supports importing passwords from Google Chrome, Firefox, LastPass, Bitwarden, and Roboform. If Microsoft doesnΓÇÖt currently support your existing password manager, you can [manually enter sign-in credentials into our template CSV](https://go.microsoft.com/fwlink/?linkid=2134938). To import your existing passwords and manage them in the Authenticator app, just export your passwords from your existing password manager into our comma-separated values (CSV) format. Then, import the exported CSV to Authenticator in our Chrome browser extension or directly into the Authenticator app (Android and iOS).
-
-## Import from Google Chrome or Android Smart Lock
-
-You can import your passwords from Google Chrome or Android Smart Lock to Authenticator on either your smartphone or your desktop computer. You can:
--- [Import from Chrome on Android and iOS](#import-from-chrome-on-android-and-ios)-- [Import from Chrome desktop browser](#import-from-chrome-desktop-browser)-
-### Import from Chrome on Android and iOS
-
-Google Chrome users on Android and Apple phones can import their passwords directly from their phone with few simple steps.
-
-1. Install Authenticator app on your phone and open the **Passwords** tab.
-
-1. Sign in to Google Chrome on your phone.
-
-1. Tap the ![Google Chrome ellipsis menu](./media/user-help-authenticator-app-import-passwords/ellipsis-chrome.png) at the top right for Android phones or at bottom right for iOS devices, and then tap **Settings.**
-
- Platform | Link
- - | --
- Android | ![Google Chrome Settings menu location](./media/user-help-authenticator-app-import-passwords/android-settings-menu.png)
- iOS | ![Google Chrome Settings menu icon](./media/user-help-authenticator-app-import-passwords/apple-settings-menu.png)
-
-1. In **Settings**, open **Passwords**.
-
- Platform | Link
- - | --
- Android | ![Andoid Chrome Passwords command location](./media/user-help-authenticator-app-import-passwords/android-passwords-location.png)
- iOS | ![Apple Chrome Passwords command location](./media/user-help-authenticator-app-import-passwords/apple-passwords-location.png)
-
-1. On Android devices, tap the ![Google Chrome ellipsis menu](./media/user-help-authenticator-app-import-passwords/ellipsis-chrome.png) at the top right for Android phones, or at bottom right for iOS devices, and then tap **Export passwords**.
-
- Platform | Link
- - | --
- Android | ![Android Chrome Export passwords location](./media/user-help-authenticator-app-import-passwords/android-export-passwords-location.png)
- iOS | ![Apple Chrome Export passwords location](./media/user-help-authenticator-app-import-passwords/apple-export-passwords-location.png)
-
- You must provide a PIN, fingerprint, or facial recognition. Confirm your identity and tap **Export passwords** again to start exporting.
-
-1. After the passwords are exported, Chrome prompts you to choose which app you're importing into. Select **Authenticator** to start importing passwords.YouΓÇÖll be informed about import status when itΓÇÖs complete.
-
- Platform | Link
- - | --
- Android | ![Android Chrome import passwords location](./media/user-help-authenticator-app-import-passwords/android-chrome-import.png)
- iOS | ![Apple Chrome import passwords location](./media/user-help-authenticator-app-import-passwords/apple-chrome-import.png)
-
-### Import from Chrome desktop browser
-
-Before you begin, you must install and sign in to the [Microsoft Autofill extension](https://chrome.google.com/webstore/detail/microsoft-autofill/fiedbfgcleddlbcmgdigjgdfcggjcion) on your Chrome browser.
-
-1. Open [Google Password Manager](https://passwords.google.com) in any browser. If you havenΓÇÖt already, sign in to your Google account.
-
-1. Select the gear icon ![Desktop password manager gear icon](./media/user-help-authenticator-app-import-passwords/desktop-password-manager-gear.png) to open to Password settings page.
-
-1. Select **Export**, then on the next page select **Export** again to start exporting your passwords. Provide your Google password when prompted to confirm your identity. YouΓÇÖll be informed about import status when itΓÇÖs complete.
-
- ![Desktop Chrome browser export passwords command location](./media/user-help-authenticator-app-import-passwords/desktop-chrome-export-passwords-location.png)
-
-1. Open the Autofill Chrome Extension and select **Settings**.
-
- ![Desktop Chrome browser Autofill Extension settings location](./media/user-help-authenticator-app-import-passwords/desktop-chrome-autofill-settings.png)
-
-1. Select **Import data** to open a dialog. Then, select **Choose File** to locate and import the CSV file.
-
- ![Desktop Chrome browser Import data CSV location](./media/user-help-authenticator-app-import-passwords/desktop-chrome-import-csv.png)
-
-## Import from Firefox
-
-Firefox allows exporting of passwords from the desktop browser only, so ensure that you have access to the Firefox desktop browser before importing passwords from Firefox.
-
-1. Sign in to the latest version of Firefox on your desktop and select the ![Firefox "hamburger" menu](./media/user-help-authenticator-app-import-passwords/desktop-firefox-ellipsis-icon.png) menu from the top right of screen.
-
-1. Select **Logins and Passwords**.
-
- ![Desktop Firefox browser Logins and passwords location](./media/user-help-authenticator-app-import-passwords/desktop-firefox-passwords-location.png)
-
-1. From the Firefox Lockwise page, select the ![Firefox ellipsis menu](./media/user-help-authenticator-app-import-passwords/desktop-firefox-ellipsis-icon.png) menu, select **Export Logins**, and then confirm your intent by selecting **Export**. You are prompted to identify yourself by entering your PIN, device password or by scanning your fingerprints. Once successfully identified, Firefox exports your passwords in CSV format to the selected location.
-
- ![Desktop Firefox browser export passwords location](./media/user-help-authenticator-app-import-passwords/desktop-firefox-export-passwords-location.png)
-
-1. You can import your passwords into Authenticator from a desktop browser or on iOS or Android phones. To import to the Authenticator app on your phone:
-
- 1. Transfer the exported CSV file on your Android or iOS phone using a preferred and safe way, and then download it. Next, share the CSV file with Authenticator app to start the import.
-
- Platform | Link
- - | --
- Android | ![Android Chrome import passwords location](./media/user-help-authenticator-app-import-passwords/android-chrome-import.png)
- iOS | ![Apple Chrome import passwords location](./media/user-help-authenticator-app-import-passwords/apple-chrome-import.png)
-
- 1. After successfully importing your password to Authenticator, delete the CSV file from your desktop or mobile phone.
-
-## Import from LastPass
-
-LastPass supports export passwords from a desktop browser only, so ensure you have access to a desktop browser before starting to import passwords.
-
-1. Sign in to [the LastPass web site](https://lastpass.com) and select **Advanced Options**, and then select **Export**.
-
- ![Desktop LastPass export passwords location](./media/user-help-authenticator-app-import-passwords/desktop-lastpass-export-passwords-location.png)
-
-1. Identify yourself when prompted by providing your master password. After that, youΓÇÖll see the exported passwords on the webpage.
-
-1. Copy the contents of the webpage.
-
-1. Open Notepad (or your favorite text editor) and paste the copied content.
-
-1. Save this notepad file by selecting **File** &gt; **Save as**. Provide a name that ends with ΓÇ£.csvΓÇ¥ (such as LastPass.csv) at a safe location in your desktop.
-
- ![Desktop LastPass save CSV file](./media/user-help-authenticator-app-import-passwords/desktop-lastpass-save-import-file.png)
-
-1. You can import your passwords into Authenticator in a desktop browser or on iOS or Android phones. To import to the Authenticator app on your phone:
-
- 1. Transfer the exported CSV file on your smartphone using a preferred and safe way, and then download it. Then share the CSV file with Authenticator app to start the import.
-
- Platform | Link
- - | --
- Android | ![Android LastPass import passwords location](./media/user-help-authenticator-app-import-passwords/android-chrome-import.png)
- iOS | ![Apple LastPass import passwords location](./media/user-help-authenticator-app-import-passwords/apple-chrome-import.png)
-
- 1. After successfully importing your password to Authenticator, delete the CSV file from your desktop or mobile phone.
-
-## Import from Bitwarden
-
-Bitwarden supports export passwords from a desktop browser only, so ensure you have access to a desktop browser before starting to import passwords.
-
-1. Sign in into https://vault.bitwarden.com/ and select **Tools** &gt; **Export vault**. Choose the file format as CSV, provide your master password, and then select **Export vault** to start exporting.
-
- ![Bitwarden Export vault location](./media/user-help-authenticator-app-import-passwords/desktop-bitwarden-export-command-location.png)
-
-1. You can import your passwords into Authenticator in a desktop browser or on iOS or Android phones. To import to the Authenticator app on your phone:
-
- 1. Transfer the exported CSV file on your smartphone using a preferred and safe way, and then download it. Then share the CSV file with Authenticator app to start the import.
-
- Platform | Link
- - | --
- Android | ![Android Bitwarden import passwords location](./media/user-help-authenticator-app-import-passwords/android-chrome-import.png)
- iOS | ![Apple Bitwarden import passwords location](./media/user-help-authenticator-app-import-passwords/apple-chrome-import.png)
-
- 1. After successfully importing your password to Authenticator, delete the CSV file from your desktop or mobile phone.
-
-## Import from Roboform
-
-Roboform allows exporting of passwords from its desktop app only, so ensure you have access to the Roboform app on a desktop before starting the import.
-
-1. Start RoboForm from your desktop client and log in to your account.
-
-1. Select **Options** from the **Roboform** menu.
-
- ![Desktop Roboform options menu](./media/user-help-authenticator-app-import-passwords/desktop-roboform-options.png)
-
-1. Select **Account & Data** &gt; **Export**.
-
- ![Desktop Roboform export command location](./media/user-help-authenticator-app-import-passwords/desktop-roboform-accounts-data.png)
-
-1. Choose a safe location to save your exported file. Select **Logins** as the **Data** type and select the CSV file as the format, and then select **Export**.
-
- ![Desktop Roboform export dialog box](./media/user-help-authenticator-app-import-passwords/desktop-roboform-export-dialog.png)
-
-1. Confirm your intent and the CSV file is then exported to the selected location.
-
- ![Desktop Roboform export confirmation dialog box](./media/user-help-authenticator-app-import-passwords/desktop-roboform-confirmation.png)
-
-1. You can import your passwords into Authenticator in a desktop browser or on iOS or Android phones. To import to the Authenticator app on your phone:
-
- 1. Transfer the exported CSV file on your smartphone using a preferred and safe way, and then download it. Then share the CSV file with Authenticator app to start the import.
-
- Platform | Link
- - | --
- Android | ![Android Roboform import passwords location](./media/user-help-authenticator-app-import-passwords/android-chrome-import.png)
- iOS | ![Apple Roboform import passwords location](./media/user-help-authenticator-app-import-passwords/apple-chrome-import.png)
-
- 1. After successfully importing your password to Authenticator, delete the CSV file from your desktop or mobile phone.
-
-## Import by creating a CSV
-
-If steps to import passwords from your password manager aren't listed in this article, you can create a CSV that you can use to import your passwords into Authenticator. Microsoft recommends that you follow these steps on a desktop for ease of formatting.
-
-1. On your desktop, [download and open our import template](https://go.microsoft.com/fwlink/?linkid=2134938). If you are an Apple iPhone, Safari, and Keychain user, you can now skip to step 4.
-
-1. Export your passwords from your existing password manager in a nonencrypted CSV file.
-
-1. Copy the relevant columns from your exported CSV to the template CSV and then save.
-
-1. If you donΓÇÖt have an exported CSV, you can copy each login from your existing password manager to the template CSV. DonΓÇÖt remove or change the header row. When you finish, verify the integrity of your data before you begin the next step.
-
-1. You can import your passwords into Authenticator in a desktop browser or on iOS or Android phones. To import to the Authenticator app on your phone:
-
- 1. Transfer the exported CSV file on your smartphone using a preferred and safe way, and then download it. Then share the CSV file with Authenticator app to start the import.
-
- Platform | Link
- - | --
- Android | ![Android CSV import passwords location](./media/user-help-authenticator-app-import-passwords/android-chrome-import.png)
- iOS | ![Apple CSV import passwords location](./media/user-help-authenticator-app-import-passwords/apple-chrome-import.png)
-
- 1. After successfully importing your password to Authenticator, delete the CSV file from your desktop or mobile phone.
-
-## Troubleshooting steps
-
-The most common cause of failed imports is incorrect formatting in the CSV file. You can try the following steps to troubleshoot the issue.
--- Check this article to see if if we already support importing passwords from your current password manager. If we do, you may want to retry the import by following the steps mentioned for your respective provider.--- If we donΓÇÖt currently support importing the format of your password manager, you could retry by [creating your CSV file manually](#import-by-creating-a-csv).--- You can verify the integrity of CSV data with following suggestions:-
- - First row must contain a header with three columns: **url**, **username**, and **password**.
-
- - Each row must contain a value under **url** and **passwords** columns.
--- You can recreate the CSV by pasting your content in the [CSV template file](https://go.microsoft.com/fwlink/?linkid=2134938).--- If nothing else works, please report your issue using the **Send Feedback** link from Authenticator app settings.
active-directory User Help Device Remediation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/user-help-device-remediation.md
- Title: Fixes for the "You can't get there from here" error - Azure AD
-description: Find potential fixes for why you're getting the "You can't get there from here" error message.
-------- Previously updated : 10/10/2018----
-# Possible fixes for the "You can't get there from here" error message
-
-While accessing your organization's internal web apps or services, you might get an error message that says, **You can't get there from here**. This message means your organization has put a policy in place that's preventing your device from accessing your organization's resources. While you might end up having to contact your Helpdesk to fix this problem, here are a few things you can try first.
-
-## Make sure you're using a supported browser
-If you get the **You can't get there from here** message saying that you're trying to access your organization's sites from an unsupported browser, check which browser you're running.
-
-![Error message related to browser support](media/user-help-device-remediation/browser-version.png)
-
-To fix this problem, you must install and run a supported browser, based on your operating system. If you're using Windows 10, the supported browsers include Microsoft Edge, Internet Explorer, and Google Chrome. If you're using a different operating system, you can check the complete list of [supported browsers](../conditional-access/concept-conditional-access-conditions.md#supported-browsers).
-
-## Make sure you're using a supported operating system
-Make sure that you're running a supported version of the operating system, including:
--- **Windows Client.** Windows 7 or later.--- **Windows Server.** Windows Server 2008 R2 or later.--- **macOS.** macOS X or later--- **Android and iOS.** Latest version of Android and iOS mobile operating systems-
-To fix this problem, you must install and run a supported operating system.
-
-## Make sure your device is joined to your network
-If you get the **You can't get there from here** message saying that your device is out-of-compliance with your organization's access policy, make sure you've joined your device to your organization's network.
-
-![Error message related to whether you're on your network](media/user-help-device-remediation/network-version.png)
-
-### To check whether your device is joined to your network
-1. Sign in to Windows using your work or school account. For example, alain@contoso.com.
-
-2. Connect to your organization's network through a virtual private network (VPN) or DirectAccess.
-
-3. After you're connected, press the **Windows logo key+L** to lock your device.
-
-4. Unlock your device using your work or school account, and then try to access the problematic app or service again.
-
- If you see the **You can't get there from here** error message again, select the **More details** link, and then contact your Helpdesk with the details.
-
-### To join your device to your network
-If your device isn't joined to your organization's network, you can do one of two things:
--- **Join your work device.** Join your work-owned Windows 10 device to your organization's network so you can access potentially restricted resources. For more information and step-by-step instructions, see [Join your work device to your organization's network](user-help-join-device-on-network.md).--- **Register your personal device for work.** Register your personal device, typically a phone or tablet, on your organization's network. After your device is registered, it can access your organization's restricted resources. For more information and step-by-step instructions, see [Register your personal device on your organization's network](user-help-register-device-on-network.md).-
-## Next steps
-- [What is the MyApps portal?](./my-apps-portal-end-user-access.md)--- [Sign in with your phone, not your password](user-help-auth-app-sign-in.md)
active-directory User Help Join Device On Network https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/user-help-join-device-on-network.md
- Title: Join your work device to your organization's network - AD
-description: Learn how to join your work device to your organization's network.
-------- Previously updated : 08/03/2018----
-# Join your work device to your organization's network
-Join your work-owned Windows 10 device to your organization's network so you can access potentially restricted resources.
-
-## What happens when you join your device
-While you're joining your Windows 10 device to your organization's network, the following actions will happen:
--- Windows registers your device to your organization's network, letting you access your resources using your personal account. After your device is registered, Windows then joins your device to the network, so you can use your organization's username and password to sign in and access restricted resources.--- Optionally, based on your organization's choices, you might be asked to set up two-step verification through either [Multi-Factor Authentication](multi-factor-authentication-end-user-first-time.md) or [security info](./security-info-setup-signin.md).--- Optionally, based on your organization's choices, you might be automatically enrolled in mobile device management, such as Microsoft Intune. For more info about enrolling in Microsoft Intune, see [Enroll your device in Intune](/intune-user-help/enroll-your-device-in-intune-all).--- You'll go through the sign-in process, using automatic sign-in with your organizational account.-
-## To join a brand-new Windows 10 device
-If your device is brand-new and hasn't been set up yet, you can go through the Windows Out of Box Experience (OOBE) process to join your device to the network.
-
-1. Start up your new device and begin the OOBE process.
-
-2. On the **Sign in with Microsoft** screen, type your work or school email address.
-
- ![Sign in screen with email address](./media/user-help-join-device-on-network/join-device-oobe-signin.png)
-
-3. On the **Enter your password** screen, type your password.
-
- ![Enter your password screen](./media/user-help-join-device-on-network/join-device-oobe-password.png)
-
-4. On your mobile device, approve your device so it can access your account.
-
- ![Screenshot that shows the "Enter your password" notification screen.](./media/user-help-join-device-on-network/join-device-oobe-mobile.png)
-
-5. Complete the OOBE process, including setting your privacy settings and setting up Windows Hello (if necessary).
-
- Your device is now joined to your organization's network.
-
-## To make sure you're joined (new device)
-You can make sure that you're joined by looking at your settings.
-
-1. Open **Settings**, and then select **Accounts**.
-
- ![Accounts on the Settings screen](./media/user-help-join-device-on-network/join-device-settings-accounts.png)
-
-2. Select **Access work or school**, and make sure you see text that says something like, **Connected to *\<your_organization>* Azure AD**.
-
- ![Screenshot that shows the "Access work or school" window with the "Connected to (your organization) Azure AD" account selected.](./media/user-help-join-device-on-network/join-device-oobe-verify.png)
--
-## To join an already configured Windows 10 device
-If you've had your device for a while and it's already been set up, you can follow these steps to join your device to the network.
-
-> [!NOTE]
-> When you join an already configured Windows 10 device to Azure AD, you must use an account that's a member of the local administrators group.
-
-1. Open **Settings**, and then select **Accounts**.
-
-2. Select **Access work or school**, and then select **Connect**.
-
- ![Access work or school and Connect links](./media/user-help-join-device-on-network/join-device-access-work-school-connect.png)
-
-3. On the **Set up a work or school account** screen, select **Join this device to Azure Active Directory**.
-
- ![Set up a work or school account screen](./media/user-help-join-device-on-network/join-device-setup-join-aad.png)
-
-4. On the **Let's get you signed in** screen, type your email address (for example, alain@contoso.com), and then select **Next**.
-
- ![Let's get you signed in screen](./media/user-help-join-device-on-network/join-device-setup-get-signed-in.png)
-
-5. On the **Enter password** screen, type your password, and then select **Sign in**.
-
- ![Enter password](./media/user-help-join-device-on-network/join-device-setup-password.png)
-
-6. On your mobile device, approve your device so it can access your account.
-
- ![Mobile notification screen](./media/user-help-join-device-on-network/join-device-setup-mobile.png)
-
-7. On the **Make sure this is your organization** screen, review the information to make sure it's right, and then select **Join**.
-
- ![Make sure this is your organization verification screen](./media/user-help-join-device-on-network/join-device-setup-confirm.png)
-
-8. On the **You're all set** screen, click **Done**.
-
- ![You're all set screen](./media/user-help-join-device-on-network/join-device-setup-finish.png)
-
-## To make sure you're joined
-You can make sure that you're joined by looking at your settings.
-
-1. Open **Settings**, and then select **Accounts**.
-
- ![Accounts on the Settings screen](./media/user-help-join-device-on-network/join-device-settings-accounts.png)
-
-2. Select **Access work or school**, and make sure you see text that says something like, **Connected to *\<your_organization>* Azure AD**.
-
- ![Access work or school screen with connected contoso account](./media/user-help-join-device-on-network/join-device-setup-verify.png)
-
-## Next steps
-After you join your device to your organization's network, you should be able to access all of your resources using your work or school account information.
--- If your organization wants you to register your personal device, such as your phone, see [Register your personal device on your organization's network](user-help-register-device-on-network.md).--- If your organization is managed using Microsoft Intune and you have questions about enrollment, sign-in, or any other Intune-related issue, see the [Intune user help content](/intune-user-help/use-managed-devices-to-get-work-done).
active-directory User Help Register Device On Network https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/user-help-register-device-on-network.md
- Title: Register personal devices on an organization's network - Azure AD
-description: Learn how to register your personal device on your organization's network so you can access your organization's protected resources.
-------- Previously updated : 05/24/2020----
-# Register your personal device on your organization's network
-Register your personal device (typically a phone or tablet) on your organization's network. After your device is registered, it will be able to access your organization's restricted resources.
-
->[!Note]
->This article uses a Windows device for demonstration purposes, but you can also register devices running iOS, Android, or macOS.
-
-## What happens when you register your device
-While you're registering your device on your organization's network, the following actions will happen:
--- Windows registers your device on your organization's network.--- Optionally, based on your organization's choices, you might be asked to set up two-step verification through either [two-factor authentication](multi-factor-authentication-end-user-first-time.md) or [security info](./security-info-setup-signin.md).--- Optionally, based on your organization's choices, you might be automatically enrolled in mobile device management, such as Microsoft Intune. For more info about enrolling in Microsoft Intune, see [Enroll your device in Intune](/intune-user-help/enroll-your-device-in-intune-all).--- You'll go through the sign-in process, using the username and password for your work or school account.-
-## To register your Windows device
-
-Follow these steps to register your personal device on your network.
-
-1. Open **Settings**, and then select **Accounts**.
-
- ![Accounts on the Settings screen](./media/user-help-register-device-on-network/register-device-settings-accounts.png)
-
-1. Select **Access work or school**, and then select **Connect** from the **Access work or school** screen.
-
- ![Access work or school screen with Connect option highlighted](./media/user-help-register-device-on-network/register-device-access-work-school-connect.png)
-
-1. On the **Add a work or school account** screen, type in your email address for your work or school account, and then select **Next**. For example, alain@contoso.com.
-
-1. Sign in to your work or school account, and then select **Sign in**.
-
-1. Complete the rest of the registration process, including approving your identity verification request (if you use two-step verification) and setting up Windows Hello (if necessary).
-
-1. Restart the device.
-
-## To verify that you're registered
-
-You can make sure that you're registered by looking at your settings.
-
-1. Open **Settings**, and then select **Accounts**.
-
- ![Accounts on the Settings screen](./media/user-help-register-device-on-network/register-device-settings-accounts.png)
-
-1. Select **Access work or school**, and make sure you see your work or school account.
-
- ![Access work or school screen with connected contoso account](./media/user-help-register-device-on-network/register-device-setup-verify.png)
-
-## Next steps
-After you register your personal device to your organization's network, you should be able to access most of your resources.
--- If your organization wants you to join your work device, see [Join your work device to your organization's network](user-help-join-device-on-network.md).
active-directory User Help Sign In https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/user-help/user-help-sign-in.md
- Title: Sign-in using your identity authentication info - Azure AD
-description: Learn about how to sign-in using the various identity verification methods in security info.
--------- Previously updated : 07/18/2019----
-# Sign in using two-step verification or security info
-
-After you set up two-step verification or security info, you'll be able to sign in to your account using your specified verification method.
-
-> [!Note]
-> If you're still using the two-step verification experience, you'll need to set up your verification methods by following the instructions in the [Set up my account for two-step verification](multi-factor-authentication-end-user-first-time.md) article.
->
-> If your administrator has turned on the security info experience, you'll need to set your verification methods using these step-by-step articles:<ul><li>[Set up security info to use an authentication app](security-info-setup-auth-app.md)</li><li>[Set up security info to use text messaging](security-info-setup-text-msg.md)</li><li>[Set up security info to use a phone call](security-info-setup-phone-number.md)</li><li>[Set up security info to use a security key](security-info-setup-security-key.md)</li></ul>
-
-## Sign in using an authenticator app notification on your mobile device
-
-1. Sign in to your account with your username and password.
-
-2. Select **Approve** from the approval notification sent to your mobile device.
-
-## Sign in using an authenticator app code on your mobile device
-
-1. Sign in to your account with your username and password.
-
-2. Open your authenticator app and type the randomly generated code for your account into the **Enter code** box.
-
-## Sign in using your phone number
-
-1. Sign in to your account with your username and password.
-
-2. Answer your phone and follow the instructions.
-
-## Sign in using a text message
-
-1. Sign in to your account with your username and password.
-
-2. Open the text message and type the code from your text message into the **Enter code** box.
-
-## Sign in using a security key at the lock screen
-
-1. After you've registered your security key, select the security key image from the Windows 10 lock screen.
-
-2. Insert your security key into your device's USB port and sign in to Windows using your security key PIN.
-
- ![Security key sign-in on the Windows 10 lock screen](./media/security-info/security-info-windows-10-lock-screen-security-key.png)
-
-## Sign in using a security key and the Microsoft Edge browser
-
-1. After you've registered your security key, open the Microsoft Edge browser.
-
-2. When prompted to sign-in, insert your security key into your device's USB port and sign in to Windows using your security key PIN.
-
- ![Security key sign-in using the Microsoft Edge browser](./media/security-info/security-info-edge-security-key.png)
-
- >[!NOTE]
- >For information about signing in using the Microsoft Authenticator app see the article, [Sign in to your accounts using the Microsoft Authenticator app](user-help-auth-app-sign-in.md).
-
-## Sign in using another verification method
-
-If for some reason you're unable to use your primary sign-in method, you can use another previously set up verification method.
-
-1. Sign in to your account normally, and then choose the **Sign in another way** link on the **Two-step verification** page.
-
- ![Change sign in verification method](media/security-info/two-factor-auth-signin-another-way.png)
-
- >[!Note]
- >If you don't see the **Sign in another way** link, it means that you haven't set up any other verification methods and that you'll have to contact your administrator for help signing into your account. After your administrator helps you to sign in, make sure you add additional verification methods. For more info about adding verification methods, see the [Manage your settings for two-step verification](multi-factor-authentication-end-user-manage-settings.md) article.
- >
- >If you see the **Sign in another way** link, but still don't see any other verification methods, you'll have to contact your administrator for help signing in to your account.
-
-2. Choose your alternative verification method, and continue with the two-step verification process.
-
-3. After you're back in your account, you can update your verification methods (if necessary). For more info about add or changing your methods, see the [Manage your settings for two-step verification](multi-factor-authentication-end-user-manage-settings.md) article.
-
-## Next steps
--- Learn about security info in the [Security info (preview) overview](./security-info-setup-signin.md) article.--- Learn about two-step verification in the [Two-step verification overview](./multi-factor-authentication-end-user-first-time.md) article.--- Reset your password if you've lost or forgotten it, from the [Password reset portal](https://passwordreset.microsoftonline.com/)--- Get troubleshooting tips and help for sign-in problems in the [Can't sign in to your Microsoft account](https://support.microsoft.com/help/12429/microsoft-account-sign-in-cant) article.
advisor Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/advisor/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure Advisor description: Sample Azure Resource Graph queries for Azure Advisor showing use of resource types and tables to access Azure Advisor related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021
app-service Configure Custom Container https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-custom-container.md
The following lists show supported and unsupported Docker Compose configuration
#### Unsupported options - build (not allowed)-- depends_on (ignored)
+- [depends_on](faq-app-service-linux.yml#how-do-i-use-depends-on-) (ignored)
- networks (ignored) - secrets (ignored) - ports other than 80 and 8080 (ignored)
app-service Security Recommendations https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/security-recommendations.md
Previously updated : 06/17/2019 Last updated : 09/02/2021
This article contains security recommendations for Azure App Service. Implementi
| Recommendation | Comments | |-|-|
-|Use Azure Security Center standard tier | [Azure Security Center](../security-center/defender-for-app-service-introduction.md) is natively integrated with Azure App Service. It can run assessments and provide security recommendations. |
+|Use Azure Security Center's Azure Defender for App Service | [Azure Defender for App Service](../security-center/defender-for-app-service-introduction.md) is natively integrated with Azure App Service. Security Center assesses the resources covered by your App Service plan and generates security recommendations based on its findings. Use the detailed instructions in [these recommendations]()../security-center/recommendations-reference.md#appservices-recommendations) to harden your App Service resources. Azure Defender also provides threat protection and can detect a multitude of threats covering almost the complete list of MITRE ATT&CK tactics from pre-attack to command and control. For a full list of the Azure App Service alerts, see [Azure Defender for App Service alerts](../security-center/alerts-reference.md#alerts-azureappserv).|
## Next steps
automation Powershell Runbook Managed Identity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/learn/powershell-runbook-managed-identity.md
Title: Use managed identities with a PowerShell runbook in Azure Automation
+ Title: Create PowerShell runbook using managed identity in Azure Automation
description: In this tutorial, you learn how to use managed identities with a PowerShell runbook in Azure Automation.
#Customer intent: As a developer, I want PowerShell runbooks to execute code using a manged identity.
-# Tutorial: Use managed identities with a PowerShell runbook in Azure Automation
+# Tutorial: Create Automation PowerShell runbook using managed identity
This tutorial walks you through creating a [PowerShell runbook](../automation-runbook-types.md#powershell-runbooks) in Azure Automation that uses [managed identities](../automation-security-overview.md#managed-identities-preview), rather than the Run As account to interact with resources. PowerShell runbooks are based on Windows PowerShell. A managed identity from Azure Active Directory (Azure AD) allows your runbook to easily access other Azure AD-protected resources.
automation Create Account Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/quickstarts/create-account-portal.md
Title: Azure Quickstart - Create an Azure Automation account
-description: This article helps you get started creating an Azure Automation account and running a runbook.
+ Title: Quickstart - Create an Azure Automation account using the portal
+description: This quickstart helps you get started creating an Azure Automation account using the portal
Previously updated : 09/01/2021 Last updated : 09/07/2021
+# Customer intent: As an administrator, I want to create an Automation account so that I can further use the Automation services.
-# Create an Azure Automation account
+# Quickstart: Create an Automation account using the Azure portal
-You can create an Azure Automation account through Azure, using the Azure portal, a browser-based user interface allowing access to a number of resources. One Automation account can manage resources across all regions and subscriptions for a given tenant.
+You can create an Azure [Automation account](../automation-security-overview.md) using the Azure portal, a browser-based user interface allowing access to a number of resources. One Automation account can manage resources across all regions and subscriptions for a given tenant. This Quickstart guides you in creating an Automation account.
-This quickstart guides you in creating an Automation account and running a runbook in the account. If you don't have an Azure subscription, create a [free Azure account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+## Prerequisites
-## Sign in to Azure
-
-[Sign in to Azure](https://portal.azure.com).
+An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
## Create Automation account
-1. Choose a name for your Azure account. Automation account names are unique per region and resource group. Names for Automation accounts that have been deleted might not be immediately available.
-
- > [!NOTE]
- > You can't change the account name once it has been entered in the user interface.
-
-2. Click **Create a resource** found in the upper left corner of Azure portal.
-
-3. Select **IT & Management Tools**, and then select **Automation**.
-
-4. Enter the account information, including the selected account name. For **Create Azure Run As account**, choose **Yes** so that the artifacts to simplify authentication to Azure are enabled automatically. When the information is complete, click **Create** to start the Automation account deployment.
-
- ![Enter information about your Automation account in the page](./media/create-account-portal/create-automation-account-portal-blade.png)
-
- > [!NOTE]
- > For an updated list of locations that you can deploy an Automation account to, see [Products available by region](https://azure.microsoft.com/global-infrastructure/services/?products=automation&regions=all).
+1. Sign in to the [Azure portal](https://portal.azure.com).
-5. When the deployment has completed, click **All Services**.
+1. From the top menu, select **+ Create a resource**.
-6. Select **Automation Accounts** and then choose the Automation account you've created.
+1. Under Categories**, select **IT & Management Tools**, and then select **Automation**.
- ![Automation account overview](./media/create-account-portal/automation-account-overview.png)
+ :::image type="content" source="./media/create-account-portal/automation-account-portal.png" alt-text="Locating Automation accounts in portal.":::
-## Run a runbook
+1. From the **Add Automation Account** page, provide the following information:
-Run one of the tutorial runbooks.
+ | Property | Description |
+ |||
+ |Name| Enter a name unique for it's location and resource group. Names for Automation accounts that have been deleted might not be immediately available. You can't change the account name once it has been entered in the user interface. |
+ |Subscription| From the drop-down list, select the Azure subscription for the account.|
+ |Resource group|From the drop-down list, select your existing resource group, or select **Create new**.|
+ |Location| From the drop-down list, select a location for the account. For an updated list of locations that you can deploy an Automation account to, see [Products available by region](https://azure.microsoft.com/global-infrastructure/services/?products=automation&regions=all)|
+ |Create Azure Run As account| Select **No**. An Azure Run As account in the Automation account is useful for authenticating with Azure; however, managed identities in Automation is now available. [Managed identities](../../active-directory/managed-identities-azure-resources/overview.md) provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. |
-1. Click **Runbooks** under **Process Automation**. The list of runbooks is displayed. By default, several tutorial runbooks are enabled in the account.
+ :::image type="content" source="./media/create-account-portal/add-automation-account-portal.png" alt-text="Required fields for adding the Automation account":::
- ![Automation account runbooks list](./media/create-account-portal/automation-runbooks-overview.png)
+1. Select **Create** to start the Automation account deployment. The creation completes in about a minute.
-1. Select the **AzureAutomationTutorialScript** runbook. This action opens the runbook overview page.
+1. You will receive a notification when the deployment has completed. Select **Go to resource** in the notification to open the **Automation Account** page.
- ![Runbook overview](./media/create-account-portal/automation-tutorial-script-runbook-overview.png)
+1. Review your new Automation account.
-1. Click **Start**, and on the Start Runbook page, click **OK** to start the runbook.
+ :::image type="content" source="./media/create-account-portal/automation-account-overview.png" alt-text="Automation account overview page":::
- ![Runbook job page](./media/create-account-portal/automation-tutorial-script-job.png)
+## Clean up resources
-1. After the job status becomes `Running`, click **Output** or **All Logs** to view the runbook job output. For this tutorial runbook, the output is a list of your Azure resources.
+If you're not going to continue to use the Automation account, select **Delete** from the **Overview** page, and then select **Yes** when prompted.
## Next steps
-In this quickstart, youΓÇÖve deployed an Automation account, started a runbook job, and viewed the job results. To learn more about Azure Automation, continue to the quickstart for creating your first PowerShell runbook.
+In this Quickstart, you created an Automation account. To use managed identities with your Automation account, continue to the next Quickstart:
> [!div class="nextstepaction"]
-> [Quickstart - Create an Azure Automation PowerShell runbook](../learn/powershell-runbook-managed-identity.md)
+> [Quickstart - Enable managed identities](enable-managed-identity.md)
automation Enable Managed Identity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/quickstarts/enable-managed-identity.md
+
+ Title: Quickstart - Enable managed identities for your Automation account using the Azure portal
+description: This quickstart helps you enable managed identities for your Automation account using the Azure portal
+ Last updated : 09/07/2021++
+# Customer intent: As an administrator, I want to enable managed identities for my Automation account so that I can securely access other Azure resources.
++
+# Quickstart: Enable managed identities for your Automation account using the Azure portal
+
+This Quickstart shows you how to enable managed identities for an Azure Automation account. For more information on how managed identities work with Azure Automation, see [Managed identities](../automation-security-overview.md#managed-identities-preview).
+
+## Prerequisites
+
+- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+
+- An Azure Automation account. For instructions, see [Create an Automation account](create-account-portal.md).
+
+- A user-assigned managed identity. For instructions, see [Create a user-assigned managed identity](../../active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal.md#create-a-user-assigned-managed-identity). The user-assigned managed identity and the target Azure resources that your runbook manages using that identity must be in the same Azure subscription.
+
+## Enable system-assigned managed identity
+
+1. Sign in to the [Azure portal](https://portal.azure.com) and navigate to your Automation account.
+
+1. UnderΓÇ»**Account Settings**, selectΓÇ»**Identity (Preview)**.
+
+ :::image type="content" source="media/enable-managed-identity/managed-identity-portal.png" alt-text="Navigating to Identity in portal.":::
+
+1. Set the system-assigned **Status** option to **On** and then press **Save**. When you're prompted to confirm, select **Yes**.
+
+ Your Automation account can now use the system-assigned identity, which is registered with Azure Active Directory (Azure AD) and is represented by an object ID.
+
+ :::image type="content" source="media/enable-managed-identity/system-assigned-object-id.png" alt-text="Managed identity object ID.":::
+
+## Add user-assigned managed identity
+
+This section continues from where the last section ended.
+
+1. Select the **User assigned** tab, and then select **+ Add** or **Add user assigned managed identity** to open the **Add user assigned managed i...** page.
+
+ :::image type="content" source="media/enable-managed-identity/user-assigned-portal.png" alt-text="User-assigned tab in portal.":::
+
+1. From the **Subscription** drop-down list, select the subscription for your user-assigned managed identity.
+
+ :::image type="content" source="media/enable-managed-identity/add-user-assigned.png" alt-text="Add user-assigned page in portal.":::
+
+1. Under **User assigned managed identities**, select your existing user-assigned managed identity and then select **Add**. You'll then be returned to the **User assigned** tab.
+
+ :::image type="content" source="media/enable-managed-identity/added-user-identity-portal.png" alt-text="Added user-assigned in portal.":::
++
+## Clean up resources
+
+If you no longer need the user-assigned managed identity attached to your Automation account, perform the following steps:
+
+1. From the **User assigned** tab, select your user-assigned managed identity.
+
+1. From the top menu, select **Remove**, and then select **Yes** when prompted for confirmation.
+
+If you no longer need the system-assigned managed identity enabled for your Automation account, perform the following steps:
+
+1. From the **System assigned** tab, under **Status**, select **Off**.
+
+1. From the top menu, select **Save**, and then select **Yes** when prompted for confirmation.
+
+## Next steps
+
+In this Quickstart, you enabled managed identities for an Azure Automation account. To use your Automation account with managed identities to execute a runbook, see.
+
+> [!div class="nextstepaction"]
+> [Tutorial: Create Automation PowerShell runbook using managed identity](../learn/powershell-runbook-managed-identity.md)
azure-arc Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/kubernetes/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure Arc-enabled Kubernetes description: Sample Azure Resource Graph queries for Azure Arc-enabled Kubernetes showing use of resource types and tables to access Azure Arc-enabled Kubernetes related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021
azure-arc Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure Arc description: Sample Azure Resource Graph queries for Azure Arc showing use of resource types and tables to access Azure Arc related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021
azure-arc Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/servers/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure Arc-enabled servers description: Sample Azure Resource Graph queries for Azure Arc-enabled servers showing use of resource types and tables to access Azure Arc-enabled servers related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021
azure-monitor Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure Monitor description: Sample Azure Resource Graph queries for Azure Monitor showing use of resource types and tables to access Azure Monitor related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021
azure-monitor Vmext Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/visualize/vmext-troubleshoot.md
If the *Microsoft Monitoring Agent* VM extension is not installing or reporting,
3. Ensure the virtual machine can run PowerShell scripts 4. Ensure permissions on C:\Windows\temp havenΓÇÖt been changed 5. View the status of the Microsoft Monitoring Agent by typing the following in an elevated PowerShell window on the virtual machine `(New-Object -ComObject 'AgentConfigManager.MgmtSvcCfg').GetCloudWorkspaces() | Format-List`
-6. Review the Microsoft Monitoring Agent setup log files in `C:\Windows\System32\config\systemprofile\AppData\Local\SCOM\Logs`
+6. Review the Microsoft Monitoring Agent setup log files in `C:\WindowsAzure\Logs\Plugins\Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent\1.0.18053.0\`. Note that this path will change based on the version number of the agent.
For more information, see [troubleshooting Windows extensions](../../virtual-machines/extensions/oms-windows.md).
For more information, see [troubleshooting Linux extensions](../../virtual-machi
## Next steps
-For additional troubleshooting guidance related to the Log Analytics agent for Linux hosted on computers outside of Azure, see [Troubleshoot Azure Log Analytics Linux Agent](../agents/agent-linux-troubleshoot.md).
+For additional troubleshooting guidance related to the Log Analytics agent for Linux hosted on computers outside of Azure, see [Troubleshoot Azure Log Analytics Linux Agent](../agents/agent-linux-troubleshoot.md).
azure-resource-manager Azure Services Resource Providers https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/azure-services-resource-providers.md
The resources providers that are marked with **- registered** are registered by
| Microsoft.HardwareSecurityModules | [Azure Dedicated HSM](../../dedicated-hsm/index.yml) | | Microsoft.HDInsight | [HDInsight](../../hdinsight/index.yml) | | Microsoft.HealthcareApis | [Azure API for FHIR](../../healthcare-apis/fhir/index.yml) |
-| Microsoft.HybridCompute | [Azure Arc](../../azure-arc/index.yml) |
+| Microsoft.HybridCompute | [Azure Arc-enabled servers](../../azure-arc/servers/index.yml) |
| Microsoft.HybridData | [StorSimple](../../storsimple/index.yml) | | Microsoft.HybridNetwork | [Network Function Manager](../../network-function-manager/index.yml) | | Microsoft.ImportExport | [Azure Import/Export](../../import-export/storage-import-export-service.md) |
The resources providers that are marked with **- registered** are registered by
| Microsoft.IoTSpaces | [Azure Digital Twins](../../digital-twins/index.yml) | | Microsoft.Intune | [Azure Monitor](../../azure-monitor/index.yml) | | Microsoft.KeyVault | [Key Vault](../../key-vault/index.yml) |
-| Microsoft.Kubernetes | [Azure Kubernetes Service on Azure Stack HCI](/azure-stack/aks-hci/) |
-| Microsoft.KubernetesConfiguration | [Azure Kubernetes Service on Azure Stack HCI](/azure-stack/aks-hci/) |
+| Microsoft.Kubernetes | [Azure Arc-enabled Kubernetes](../../azure-arc/kubernetes/index.yml) |
+| Microsoft.KubernetesConfiguration | [Azure Arc-enabled Kubernetes](../../azure-arc/kubernetes/index.yml) |
| Microsoft.Kusto | [Azure Data Explorer](/azure/data-explorer/) | | Microsoft.LabServices | [Azure Lab Services](../../lab-services/index.yml) | | Microsoft.Logic | [Logic Apps](../../logic-apps/index.yml) |
azure-resource-manager Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure Resource Manager description: Sample Azure Resource Graph queries for Azure Resource Manager showing use of resource types and tables to access Azure Resource Manager related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021
azure-resource-manager Deploy Cloud Shell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deploy-cloud-shell.md
Title: Deploy templates with Cloud Shell description: Use Azure Resource Manager and Azure Cloud Shell to deploy resources to Azure. The resources are defined in an Azure Resource Manager template (ARM template). Previously updated : 10/22/2020 Last updated : 09/03/2021 # Deploy ARM templates from Azure Cloud Shell
To deploy an external template, provide the URI of the template exactly as you w
To deploy a local template, you must first upload your template to the storage account that is connected to your Cloud Shell session.
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the [Cloud Shell](https://shell.azure.com).
-1. Select your Cloud Shell resource group. The name pattern is `cloud-shell-storage-<region>`.
+1. Select either **PowerShell** or **Bash**.
- ![Select resource group](./media/deploy-cloud-shell/select-cloud-shell-resource-group.png)
+ :::image type="content" source="./media/deploy-cloud-shell/cloud-shell-bash-powershell.png" alt-text="Select Bash or PowerShell":::
-1. Select the storage account for your Cloud Shell.
+1. Select **Upload/Download files**, and then select **Upload**.
- :::image type="content" source="./media/deploy-cloud-shell/cloud-shell-storage.png" alt-text="Select storage account":::
+ :::image type="content" source="./media/deploy-cloud-shell/cloud-shell-upload.png" alt-text="Upload file":::
-1. Select **File Shares**.
-
- :::image type="content" source="./media/deploy-cloud-shell/files-shares.png" alt-text="Select file shares":::
-
-1. Select the default file share for Cloud Shell. The file share has the name format of `cs-<user>-<domain>-com-<uniqueGuid>`.
-
- :::image type="content" source="./media/deploy-cloud-shell/select-file-share.png" alt-text="Default file share":::
-
-1. Add a new directory to hold your templates. Select that directory.
-
- :::image type="content" source="./media/deploy-cloud-shell/add-directory.png" alt-text="Add directory":::
-
-1. Select **Upload**.
-
- :::image type="content" source="./media/deploy-cloud-shell/upload-template.png" alt-text="Upload template":::
-
-1. Find and upload your template.
-
- :::image type="content" source="./media/deploy-cloud-shell/select-template.png" alt-text="Select template":::
-
-1. Open the Cloud Shell prompt.
-
- :::image type="content" source="./media/deploy-cloud-shell/open-cloud-shell.png" alt-text="Open Cloud Shell":::
-
-1. Navigate to the **clouddrive** directory. Navigate to the directory you added for holding the templates.
+1. Select the ARM template you want to upload, and then select **Open**.
1. To deploy the template, use the following commands:
azure-sql Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure SQL Database description: Sample Azure Resource Graph queries for Azure SQL Database showing use of resource types and tables to access Azure SQL Database related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021
azure-sql Security Best Practice https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/security-best-practice.md
Advanced threat protection enables you to detect and respond to potential threat
**Best practices**: -- Configure [Azure Defender for SQL](azure-defender-for-sql.md) for a specific server or a managed instance. You can also configure Azure Defender for SQL for all servers and managed instances in a subscription by switching to [Azure Security Center Standard tier](../../security-center/security-center-pricing.md).
+- Configure [Azure Defender for SQL](azure-defender-for-sql.md) for a specific server or a managed instance. You can also configure Azure Defender for SQL for all servers and managed instances in a subscription by enabling [Azure Defender](../../security-center/security-center-pricing.md).
- For a full investigation experience, it's recommended to enableΓÇ»[SQL Database Auditing](../../azure-sql/database/auditing-overview.md). With auditing, you can track database events and write them to an audit log in an Azure Storage account or Azure Log Analytics workspace.
azure-sql Security Server Roles https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/security-server-roles.md
In Azure SQL Database, the server is a logical concept and permissions cannot be
These special fixed server-level roles use the prefix **##MS_** and the suffix **##** to distinguish from other regular user-created principals.
-Like SQL Server on-premise, server permissions are organized hierarchically. The permissions that are held by these server-level roles can propagate to database permissions. For the permissions to be effectively propagated to the database, a login needs to have a user account in the database.
+Like SQL Server on-premises, server permissions are organized hierarchically. The permissions that are held by these server-level roles can propagate to database permissions. For the permissions to be effectively propagated to the database, a login needs to have a user account in the database.
For example, the server-level role **##MS_ServerStateReader##** holds the permission **VIEW SERVER STATE**. If a login who is member of this role has a user account in the databases *master* and *WideWorldImporters*, this user will have the permission, **VIEW DATABASE STATE** in those two databases.
The examples in this section show how to work with server-level roles in Azure S
### A. Adding a SQL login to a server-level role
-The following example adds the SQL login 'Jiao' to the server-level role ##MS_ServerStateReader##.
+The following example adds the SQL login 'Jiao' to the server-level role ##MS_ServerStateReader##. This statement has to be run in the virtual master database.
```sql ALTER SERVER ROLE ##MS_ServerStateReader##
GO
### B. Listing all principals (SQL authentication) which are members of a server-level role
-The following statement returns all members of any fixed server-level role using the `sys.server_role_members` and `sys.sql_logins` catalog views.
+The following statement returns all members of any fixed server-level role using the `sys.server_role_members` and `sys.sql_logins` catalog views. This statement has to be run in the virtual master database.
```sql SELECT
INNER JOIN sys.sql_logins AS sql_logins
; GO ```
+### C. Complete example: Adding a login to a server-level role, retrieving metadata for role membership and permissions, and running a test query
+
+#### Part 1: Preparing role membership and user account
+
+Run this command from the virtual master database.
+
+```sql
+ALTER SERVER ROLE ##MS_ServerStateReader##
+ ADD MEMBER Jiao
+
+-- check membership in metadata:
+select IS_SRVROLEMEMBER('##MS_ServerStateReader##', 'Jiao')
+--> 1 = Yes
+
+SELECT
+ sql_logins.principal_id AS MemberPrincipalID
+ , sql_logins.name AS MemberPrincipalName
+ , roles.principal_id AS RolePrincipalID
+ , roles.name AS RolePrincipalName
+FROM sys.server_role_members AS server_role_members
+INNER JOIN sys.server_principals AS roles
+ ON server_role_members.role_principal_id = roles.principal_id
+INNER JOIN sys.sql_logins AS sql_logins
+ ON server_role_members.member_principal_id = sql_logins.principal_id
+;
+GO
+```
+
+Here is the result set.
+
+```
+MemberPrincipalID MemberPrincipalName RolePrincipalID RolePrincipalName
+- - --
+6 Jiao 11 ##MS_ServerStateReader##
+```
+
+Run this command from a user database.
+
+```sql
+-- Creating a database-User for 'Jiao'
+CREATE USER Jiao
+ FROM LOGIN Jiao
+;
+GO
+```
+
+#### Part 2: Testing role membership
+
+Log in as login `Jiao` and connect to the user database used in the example.
+
+```sql
+-- retrieve server-level permissions of currently logged on User
+SELECT * FROM sys.fn_my_permissions(NULL, 'Server')
+;
+
+-- check server-role membership for `##MS_ServerStateReader##` of currently logged on User
+SELECT USER_NAME(), IS_SRVROLEMEMBER('##MS_ServerStateReader##')
+--> 1 = Yes
+
+-- Does the currently logged in User have the `VIEW DATABASE STATE`-permission?
+SELECT HAS_PERMS_BY_NAME(NULL, 'DATABASE', 'VIEW DATABASE STATE');
+--> 1 = Yes
+
+-- retrieve database-level permissions of currently logged on User
+SELECT * FROM sys.fn_my_permissions(NULL, 'DATABASE')
+GO
+
+-- example query:
+SELECT * FROM sys.dm_exec_query_stats
+--> will return data since this user has the necessary permission
+
+```
## Limitations of server-level roles
azure-vmware Concepts Run Command https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/concepts-run-command.md
Last updated 08/31/2021
# Run command in Azure VMware Solution (Preview)
-In Azure VMware Solution, you'll get vCenter access with CloudAdmin role. You can [view the privileges granted](concepts-identity.md#view-the-vcenter-privileges) to the Azure VMware Solution CloudAdmin role on your Azure VMware Solution private cloud vCenter. Run commands are a collection of PowerShell cmdlets that you do certain operations on vCenter, which requires elevated privileges.
+In Azure VMware Solution, vCenter has a built-in local user called *cloudadmin* assigned to the CloudAdmin role. The CloudAdmin role has vCenter [privileges](concepts-identity.md#view-the-vcenter-privileges) that differ from other VMware cloud solutions and on-premises deployments. The Run command (Preview) feature lets you perform operations that would normally require elevated privileges through a collection of PowerShell cmdlets.
Azure VMware Solution supports the following operations: -- [Install and uninstall JetStream DR solution](deploy-disaster-recovery-using-jetstream.md)
+- [Install and uninstall the JetStream DR solution](deploy-disaster-recovery-using-jetstream.md)
- [Configure an external identity source](configure-identity-source-vcenter.md) -- [View and edit the storage policy](configure-storage-policy.md)
+- [View and set storage policies](configure-storage-policy.md)
>[!NOTE]
Azure VMware Solution supports the following operations:
## View the status of an execution
-You can view the status of any run command executed, including the output, errors, warnings, and information.
+You can view the status of any executed run command, including the output, errors, warnings, and information logs of the cmdlets.
1. Sign in to the [Azure portal](https://portal.azure.com). 1. Select **Run command** > **Run execution status**.
- You can sort by the execution name, package name, package version, command name, start time, end time, and status.
+ You can sort by the various columns by selecting the column.
:::image type="content" source="media/run-command/run-execution-status.png" alt-text="Screenshot showing Run execution status tab." lightbox="media/run-command/run-execution-status.png":::
-1. Select the execution you want to view.
+1. Select the execution you want to view. A pane opens with details about the execution, and other tabs for the various types of output generated by the cmdlet.
:::image type="content" source="media/run-command/run-execution-status-example.png" alt-text="Screenshot showing an example of a run execution."::: You can view more details about the execution including the output, errors, warnings, and information.
- - **Details** - Summary of the execution details, such as the name, status, package, and command name ran.
+ - **Details** - Summary of the execution details, such as the name, status, package, cmdlet name, and error if the command failed.
- - **Output** - Message at the end of successful execution of a cmdlet. Not all cmdlets have output.
+ - **Output** - Messages output by the cmdlet. May include progress or the result of the operation. Not all cmdlets have output.
:::image type="content" source="media/run-command/run-execution-status-example-output.png" alt-text="Screenshot showing the output of a run execution.":::
- - **Error** - Terminating exception that stopped the execution of a cmdlet.
+ - **Error** - Error messages generated in the execution of the cmdlet. This is in addition to the terminating error message on the details pane.
:::image type="content" source="media/run-command/run-execution-status-example-error.png" alt-text="Screenshot showing the errors detected during the execution of an execution.":::
- - **Warning** - Non-Terminating exception occurred during the execution of a cmdlet.
+ - **Warning** - Warning messages generated during the execution.
:::image type="content" source="media/run-command/run-execution-status-example-warning.png" alt-text="Screenshot showing the warnings detected during the execution of an execution.":::
- - **Information** - Progress message during the execution of a cmdlet.
+ - **Information** - Progress and diagnostic generated messages during the execution of a cmdlet.
:::image type="content" source="medilet as it runs.":::
You can view the status of any run command executed, including the output, error
### Method 1
->[!NOTE]
+This method attempts to cancel the execution, and then deletes it upon completion.
+
+>[!IMPORTANT]
>Method 1 is irreversible. 1. Select **Run command** > **Run execution status** and then select the job you want to cancel.
You can view the status of any run command executed, including the output, error
Now that you've learned about the Run command concepts, you can use the Run command feature to: -- [Configure storage policy](configure-storage-policy.md) - Each VM deployed to a vSAN datastore is assigned at least one VM storage policy. You can assign a VM storage policy in an initial deployment of a VM or when you perform other VM operations, such as cloning or migrating.
+- [Configure storage policy](configure-storage-policy.md) - Each VM deployed to a vSAN datastore is assigned a vSAN storage policy. You can assign a vSAN storage policy in an initial deployment of a VM or when you do other VM operations, such as cloning or migrating.
-- [Configure external identity source for vCenter](configure-identity-source-vcenter.md) - vCenter has a built-in local user called cloudadmin and assigned to the CloudAdmin role. The local cloudadmin user is used to set up users in Active Directory (AD). With the Run command feature, you can configure Active Directory over LDAP or LDAPS for vCenter as an external identity source.
+- [Configure external identity source for vCenter (Run command)](configure-identity-source-vcenter.md) - Configure Active Directory over LDAP or LDAPS for vCenter, which enables the use of an external identity source as an Active Directory. Then, you can add groups from the external identity source to the CloudAdmin role.
- [Deploy disaster recovery using JetStream](deploy-disaster-recovery-using-jetstream.md) - Store data directly to a recovery cluster in vSAN. The data gets captured through I/O filters that run within vSphere. The underlying data store can be VMFS, VSAN, vVol, or any HCI platform.
azure-vmware Configure Identity Source Vcenter https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/configure-identity-source-vcenter.md
You'll run the `Get-ExternalIdentitySources` cmdlet to list all external identit
| **Field** | **Value** | | | |
- | **Retain up to** |Retention period of the cmdlet output. The default value is 60. |
+ | **Retain up to** |Retention period of the cmdlet output. The default value is 60 days. |
| **Specify name for execution** | Alphanumeric name, for example, **getExternalIdentity**. | | **Timeout** | The period after which a cmdlet exits if taking too long to finish. |
-1. Check **Notifications** to see the progress.
+1. Check **Notifications** or the **Run Execution Status** pane to see the progress.
-## Add Active Directory over LDAP
+## Add Active Directory over LDAP with SSL
-You'll run the `New-AvsLDAPIdentitySource` cmdlet to add AD over LDAP as an external identity source to use with SSO into vCenter.
+You'll run the `New-AvsLDAPSIdentitySource` cmdlet to add an AD over LDAP with SSL as an external identity source to use with SSO into vCenter.
-1. Select **Run command** > **Packages** > **New-AvsLDAPIdentitySource**.
+1. Download the certificate for AD authentication and upload it to an Azure Storage account as blob storage. If multiple certificates are required, upload each certificate individually.
-1. Provide the required values or change the default values, and then select **Run**.
+1. For each certificate, [Grant access to Azure Storage resources using shared access signature (SAS)](../storage/common/storage-sas-overview.md). These SAS strings are supplied to the cmdlet as a parameter.
+
+ >[!IMPORTANT]
+ >Make sure to copy each SAS string, because they will no longer be available once you leave this page.
+1. Select **Run command** > **Packages** > **New-AvsLDAPSIdentitySource**.
+
+1. Provide the required values or change the default values, and then select **Run**.
+ | **Field** | **Value** | | | | | **Name** | User-friendly name of the external identity source, for example, **avslap.local**. |
- | **DomainName** | The FQDN of the domain. |
- | **DomainAlias** | For Active Directory identity sources, the domain's NetBIOS name. Add the NetBIOS name of the AD domain as an alias of the identity source if you're using SSPI authentications. |
+ | **DomainName** | The FQDN of the domain. |
+ | **DomainAlias** | For Active Directory identity sources, the domain's NetBIOS name. Add the NetBIOS name of the AD domain as an alias of the identity source if you're using SSPI authentications. |
| **PrimaryUrl** | Primary URL of the external identity source, for example, **ldap://yourserver:389**. | | **SecondaryURL** | Secondary fall-back URL if there's primary failure. | | **BaseDNUsers** | Where to look for valid users, for example, **CN=users,DC=yourserver,DC=internal**. Base DN is needed to use LDAP Authentication. | | **BaseDNGroups** | Where to look for groups, for example, **CN=group1, DC=yourserver,DC= internal**. Base DN is needed to use LDAP Authentication. |
- | **Credential** | Username and password used for authentication with the AD source (not cloudadmin). |
- | **GroupName** | Group to give cloud admin access in your external identity source, for example, **avs-admins**. |
- | **Retain up to** | Retention period of the cmdlet output. The default value is 60. |
+ | **Credential** | The username and password used for authentication with the AD source (not cloudadmin). |
+ | **CertificateSAS** | Path to SAS strings with the certificates for authentication to the AD source. If you're using multiple certificates, separate each SAS string with a comma. For example, **pathtocert1,pathtocert2**. |
+ | **GroupName** | Group in the external identity source that gives the cloudadmin access. For example, **avs-admins**. |
+ | **Retain up to** | Retention period of the cmdlet output. The default value is 60 days. |
| **Specify name for execution** | Alphanumeric name, for example, **addexternalIdentity**. | | **Timeout** | The period after which a cmdlet exits if taking too long to finish. |
-1. Check **Notifications** to see the progress.
+1. Check **Notifications** or the **Run Execution Status** pane to see the progress.
-## Add Active Directory over LDAP with SSL
+## Add Active Directory over LDAP
-You'll run the `New-AvsLDAPSIdentitySource` cmdlet to add an AD over LDAP with SSL as an external identity source to use with SSO into vCenter.
+>[!NOTE]
+>We don't recommend this method. Instead, use the [Add Active Directory over LDAP with SSL](#add-active-directory-over-ldap-with-ssl) method.
-1. Download the certificate for AD authentication and upload it to an Azure Storage account as blob storage.
+You'll run the `New-AvsLDAPIdentitySource` cmdlet to add AD over LDAP as an external identity source to use with SSO into vCenter.
-1. [Grant access to Azure Storage resources using shared access signature (SAS)](../storage/common/storage-sas-overview.md).
-
-1. Select **Run command** > **Packages** > **New-AvsLDAPSIdentitySource**.
+1. Select **Run command** > **Packages** > **New-AvsLDAPIdentitySource**.
1. Provide the required values or change the default values, and then select **Run**.-
+
| **Field** | **Value** | | | |
- | **Name** | User-friendly name of the external identity source ,for example, **avslap.local**. |
- | **DomainName** | The FQDN of the domain. |
- | **DomainAlias** | For Active Directory identity sources, the domain's NetBIOS name. Add the NetBIOS name of the AD domain as an alias of the identity source if you're using SSPI authentications. |
+ | **Name** | User-friendly name of the external identity source, for example, **avslap.local**. |
+ | **DomainName** | The FQDN of the domain. |
+ | **DomainAlias** | For Active Directory identity sources, the domain's NetBIOS name. Add the NetBIOS name of the AD domain as an alias of the identity source if you're using SSPI authentications. |
| **PrimaryUrl** | Primary URL of the external identity source, for example, **ldap://yourserver:389**. | | **SecondaryURL** | Secondary fall-back URL if there's primary failure. | | **BaseDNUsers** | Where to look for valid users, for example, **CN=users,DC=yourserver,DC=internal**. Base DN is needed to use LDAP Authentication. | | **BaseDNGroups** | Where to look for groups, for example, **CN=group1, DC=yourserver,DC= internal**. Base DN is needed to use LDAP Authentication. |
- | **Credential** | The username and password used for authentication with the AD source (not cloudadmin). |
- | **CertificateSAS** | Path to SAS strings with the certificates for authentication to the AD source. |
+ | **Credential** | Username and password used for authentication with the AD source (not cloudadmin). |
| **GroupName** | Group to give cloud admin access in your external identity source, for example, **avs-admins**. |
- | **Retain up to** | Retention period of the cmdlet output. The default value is 60. |
+ | **Retain up to** | Retention period of the cmdlet output. The default value is 60 days. |
| **Specify name for execution** | Alphanumeric name, for example, **addexternalIdentity**. | | **Timeout** | The period after which a cmdlet exits if taking too long to finish. |
-1. Check **Notifications** to see the progress.
--
+1. Check **Notifications** or the **Run Execution Status** pane to see the progress.
## Add existing AD group to cloudadmin group
You'll run the `Add-GroupToCloudAdmins` cmdlet to add an existing AD group to cl
| **Field** | **Value** | | | | | **GroupName** | Name of the group to add, for example, **VcAdminGroup**. |
- | **Retain up to** | Retention period of the cmdlet output. The default value is 60. |
+ | **Retain up to** | Retention period of the cmdlet output. The default value is 60 days. |
| **Specify name for execution** | Alphanumeric name, for example, **addADgroup**. | | **Timeout** | The period after which a cmdlet exits if taking too long to finish. |
-1. Check **Notifications** to see the progress.
-
+1. Check **Notifications** or the **Run Execution Status** pane to see the progress.
You'll run the `Remove-GroupFromCloudAdmins` cmdlet to remove a specified AD gro
| **Field** | **Value** | | | | | **GroupName** | Name of the group to remove, for example, **VcAdminGroup**. |
- | **Retain up to** | Retention period of the cmdlet output. The default value is 60. |
+ | **Retain up to** | Retention period of the cmdlet output. The default value is 60 days. |
| **Specify name for execution** | Alphanumeric name, for example, **removeADgroup**. | | **Timeout** | The period after which a cmdlet exits if taking too long to finish. |
-1. Check **Notifications** to see the progress.
+1. Check **Notifications** or the **Run Execution Status** pane to see the progress.
You'll run the `Remove-ExternalIdentitySources` cmdlet to remove all existing ex
| **Field** | **Value** | | | |
- | **Retain up to** | Retention period of the cmdlet output. The default value is 60. |
+ | **Retain up to** | Retention period of the cmdlet output. The default value is 60 days. |
| **Specify name for execution** | Alphanumeric name, for example, **remove_externalIdentity**. | | **Timeout** | The period after which a cmdlet exits if taking too long to finish. |
-1. Check **Notifications** to see the progress.
+1. Check **Notifications** or the **Run Execution Status** pane to see the progress.
## Next steps
baremetal-infrastructure Oracle Baremetal Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/baremetal-infrastructure/workloads/oracle/oracle-baremetal-overview.md
Title: What is BareMetal Infrastructure for Oracle?
description: Learn about the features BareMetal Infrastructure offers for Oracle workloads. Previously updated : 04/14/2021 Last updated : 09/03/2021 # What is BareMetal Infrastructure for Oracle?
-This article gives an overview of the features BareMetal Infrastructure offers for Oracle workloads.
+In this article, we'll give an overview of the features BareMetal Infrastructure offers for Oracle workloads.
-BareMetal Infrastructure for Oracle is based on Oracle-certified Unified Computing System (UCS) and FLexPod. The FlexPod platform delivers pre-validated storage, networking, and server technologies. It offers NFS storage, providing integration using DirectNFS protocol. The BareMetal servers are dedicated to you, with no hypervisor on the BareMetal instances.
+BareMetal Infrastructure for Oracle is based on Oracle-certified Unified Computing System (UCS) and FLexPod. The FlexPod platform delivers pre-validated storage, networking, and server technologies. It offers NetApp Network File System (NFS) storage, providing integration using DirectNFS protocol. The BareMetal servers are dedicated to you, with no hypervisor on the BareMetal instances.
-These instances are for running mission critical applications requiring an Oracle workload. BareMetal instances provide low latency (0.35 ms) to your applications running in Azure virtual machines (VMs). BareMetal provides shared storage disk and supports multi-casting required for node-to-node communication with a dedicated private interconnect network.
+These instances are for running mission critical applications requiring an Oracle workload. BareMetal instances provide low latency (0.35 ms) to your applications running in Azure virtual machines (VMs). BareMetal provides shared storage. It also supports multi-casting required for node-to-node communication with a dedicated private interconnect network.
Other features of BareMetal Infrastructure for Oracle include:
batch Batch Pool Cloud Service To Virtual Machine Configuration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/batch-pool-cloud-service-to-virtual-machine-configuration.md
Title: Migrate Batch pool configuration from Cloud Services to Virtual Machines description: Learn how to update your pool configuration to the latest and recommended configuration Previously updated : 03/11/2021 Last updated : 09/03/2021 # Migrate Batch pool configuration from Cloud Services to Virtual Machine
Some of the key differences between the two configurations include:
- 'virtualMachineConfiguration' pool nodes utilize managed OS disks. The [managed disk type](../virtual-machines/disks-types.md) that is used for each node depends on the VM size chosen for the pool. If a 's' VM size is specified for the pool, for example 'Standard_D2s_v3', then a premium SSD is used. If a 'non-s' VM size is specified, for example 'Standard_D2_v3', then a standard HDD is used. > [!IMPORTANT]
- > As with Virtual Machines and Virtual Machine Scale Sets, the OS managed disk used for each node incurs a cost, which is additional to the cost of the VMs. There is no OS disk cost for 'cloudServiceConfiguration' nodes, as the OS disk is created on the nodes local SSD.
+ > As with Virtual Machines and Virtual Machine Scale Sets, the OS managed disk used for each node incurs a cost, which is additional to the cost of the VMs. 'virtualMachineConfiguration' pools can use [ephemeral OS disks](create-pool-ephemeral-os-disk.md), which create the OS disk on the VM cache or temporary SSD, to avoid extra costs associated with managed disks.There is no OS disk cost for 'cloudServiceConfiguration' nodes, as the OS disk is created on the nodes local SSD.
## Azure Data Factory custom activity pools
batch Best Practices https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/best-practices.md
Title: Best practices description: Learn best practices and useful tips for developing your Azure Batch solutions. Previously updated : 04/29/2021 Last updated : 09/03/2021
Pool lifetime can vary depending upon the method of allocation and options appli
- **Pool efficiency and billing:** Batch itself incurs no extra charges, but you do incur charges for the compute resources used. You're billed for every compute node in the pool, regardless of the state it's in. This includes any charges required for the node to run, such as storage and networking costs. For more information, see [Cost analysis and budgets for Azure Batch](budget.md).
+- **Ephemeral OS disks:** Virtual Machine Configuration pools can use [ephemeral OS disks](create-pool-ephemeral-os-disk.md), which create the OS disk on the VM cache or temporary SSD, to avoid extra costs associated with managed disks.
+ ### Pool allocation failures Pool allocation failures can happen at any point during first allocation or subsequent resizes. This can be due to temporary capacity exhaustion in a region or failures in other Azure services that Batch relies on. Your core quota is not a guarantee but rather a limit.
batch Budget https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/budget.md
Title: Get cost analysis and set budgets for Azure Batch description: Learn how to get a cost analysis, set a budget, and reduce costs for the underlying compute resources and software licenses used to run your Batch workloads. Previously updated : 01/29/2021 Last updated : 09/03/2021 # Get cost analysis and set budgets for Azure Batch
Depending on your scenario, you may want to reduce costs as much as possible. Co
[Low-priority VMs](batch-low-pri-vms.md) reduce the cost of Batch workloads by taking advantage of surplus computing capacity in Azure. When you specify low-priority VMs in your pools, Batch uses this surplus to run your workload. There can be substantial cost savings when you use low-priority VMs instead of dedicated VMs.
-### Select a standard virtual machine OS disk type
+### Use ephemeral OS disks
-Azure offers multiple [VM OS disk types](../virtual-machines/disks-types.md). Most VM-series have sizes that support both premium and standard storage. When an 's' VM size is selected for a pool, Batch configures premium SSD OS disks. When the 'non-s' VM size is selected, then the cheaper, standard HDD disk type is used. For example, premium SSD OS disks are used for `Standard_D2s_v3` and standard HDD OS disks are used for `Standard_D2_v3`.
-
-Premium SSD OS disks are more expensive, but have higher performance. VMs with premium disks can start slightly quicker than VMs with standard HDD OS disks. With Batch, the OS disk is often not used much, since the applications and task files are located on the VM's temporary SSD disk. Because of this, you can often select the 'non-s' VM size to avoid paying the increased cost for the premium SSD that is provisioned when an 's' VM size is specified.
+Virtual Machine Configuration pools can use [ephemeral OS disks](create-pool-ephemeral-os-disk.md), which create the OS disk on the VM cache or temporary SSD, to avoid extra costs associated with managed disks.
### Purchase reservations for virtual machine instances
batch Create Pool Ephemeral Os Disk https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/create-pool-ephemeral-os-disk.md
+
+ Title: Use ephemeral OS disk nodes for Azure Batch pools
+description: Learn how and why to create a Batch pool that uses ephemeral OS disk nodes.
+ Last updated : 09/03/2021++
+# Use ephemeral OS disk nodes for Azure Batch pools
+
+Some Azure virtual machine (VM) series support the use of [ephemeral OS disks](../virtual-machines/ephemeral-os-disks.md), which create the OS disk on the node virtual machine local storage. The default Batch pool configuration uses [Azure managed disks](../virtual-machines/managed-disks-overview.md) for the node OS disk, where the managed disk is like a physical disk, but virtualized and persisted in remote Azure Storage.
+
+For Batch workloads, the main benefits of using ephemeral OS disks are reduced costs associated with pools, the potential for faster node start time, and improved application performance due to better OS disk performance. When choosing whether ephemeral OS disks should be used for your workload, consider the following:
+
+- There is lower read/write latency to ephemeral OS disks, which may lead to improved application performance.
+- There is no storage cost for ephemeral OS disks, whereas there is a cost for each managed OS disk.
+- Reimaging the node, when supported by Batch, will be faster for ephemeral disks compared to managed disks.
+- Node start time may be slightly faster when ephemeral OS disks are used.
+- Ephemeral OS disks are not highly durable and available; when a VM is removed for any reason, the OS disk is lost. Since Batch workloads are inherently stateless, and don't normally rely on changes to the OS disk being persisted, ephemeral OS disks are appropriate to use for most Batch workloads.
+- The use of an ephemeral OS disk is not currently supported by all Azure VM series. If a VM size doesn't support an ephemeral OS disk, a managed OS disk must be used.
+
+> [!NOTE]
+> Ephemeral OS disk configuration is only applicable to 'virtualMachineConfiguration' pools, and aren't supported by 'cloudServiceConfigurationΓÇÖ pools. We recommend using 'virtualMachineConfiguration for your Batch pools, as 'cloudServiceConfiguration' pools do not support all features and no new capabilities are planned. You won't be able to create new 'cloudServiceConfiguration' pools or add new nodes to existing pools [after February 29, 2024](https://azure.microsoft.com/updates/azure-batch-cloudserviceconfiguration-pools-will-be-retired-on-29-february-2024/). For more information, see [Migrate Batch pool configuration from Cloud Services to Virtual Machine](batch-pool-cloud-service-to-virtual-machine-configuration.md).
+
+## VM series support
+
+To determine whether a VM series supports ephemeral OS disks, check the documentation for each VM instance. For example, the [Ddv4 and Ddsv4-series](../virtual-machines/ddv4-ddsv4-series.md) supports ephemeral OS disks.
+
+Alternately, you can programmatically query to check the 'EphemeralOSDiskSupported' capability. An example PowerShell cmdlet to query this capability is provided in the [ephemeral OS disk frequently asked questions](../virtual-machines/ephemeral-os-disks.md#frequently-asked-questions).
+
+## Create a pool that uses ephemeral OS disks
+
+The `EphemeralOSDiskSettings` property is not set by default. You must set this property in order to configure ephemeral OS disk use on the pool nodes.
+
+The following example shows how to create a Batch pool where the nodes use ephemeral OS disks and not managed disks.
+
+### Batch .NET API
+
+```csharp
+VirtualMachineConfiguration virtualMachineConfiguration = new VirtualMachineConfiguration(
+ imageReference: imageReference,
+ nodeAgentSkuId: nodeAgentSku
+ );
+virtualMachineConfiguration.OSDisk = new OSDisk();
+virtualMachineConfiguration.OSDisk.EphemeralOSDiskSettings = new DiffDiskSettings();
+virtualMachineConfiguration.OSDisk.EphemeralOSDiskSettings.Placement = DiffDiskPlacement.CacheDisk;
+```
+
+## Next steps
+
+- Learn about the [Batch service workflow and primary resources](batch-service-workflow-features.md) such as pools, nodes, jobs, and tasks.
+- Learn about [costs that may be associated with Azure Batch workloads](budget.md).
blockchain Migration Guide https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/blockchain/service/migration-guide.md
There are several blockchain resource management templates you can use to deploy
If you are starting to develop a new solution or are in an evaluation phase, consider the following alternatives based on your scenario requirements. - [Quorum template from Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/consensys.quorum-dev-quickstart)-- [Besu template from Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/consensys.hyperledger-besu-quickstart)
+- Besu template from Azure Marketplace
### How to migrate to an alternative
cognitive-services Call Center Transcription https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/call-center-transcription.md
Title: Call Center Transcription - Speech service
description: A common scenario for speech-to-text is transcribing large volumes of telephony data that come from various systems, such as Interactive Voice Response (IVR). Using Speech service and the Unified speech model, a business can get high-quality transcriptions with audio capture systems. -+ Last updated 07/05/2019-+ # Speech service for telephony data
cognitive-services Conversation Transcription https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/conversation-transcription.md
Title: Conversation Transcription (Preview) - Speech service
description: Conversation Transcription is a solution for meetings, that combines recognition, speaker ID, and diarization to provide transcription of any conversation. -+ Last updated 03/26/2021-+ # What is Conversation Transcription (Preview)?
cognitive-services Custom Keyword Basics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/custom-keyword-basics.md
Title: Create Keyword quickstart - Speech service
description: Your device is always listening for a keyword (or phrase). When the user says the keyword, the device sends all subsequent audio to the cloud, until the user stops speaking. Customizing your keyword is an effective way to differentiate your device and strengthen your branding. -+ Last updated 11/03/2020-+ zone_pivot_groups: keyword-quickstart
cognitive-services Custom Neural Voice https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/custom-neural-voice.md
Title: Custom neural voice overview - Speech service
description: Custom Neural Voice is a text-to-Speech feature that allows you to create a one-of-a-kind customized synthetic voice for your applications by providing your own audio data as a sample. -+ Last updated 05/18/2021-+ # What is Custom Neural Voice?
cognitive-services Custom Speech Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/custom-speech-overview.md
Title: "Custom Speech overview - Speech service"
description: Custom Speech is a set of online tools that allow you to evaluate and improve the Microsoft speech-to-text accuracy for your applications, tools, and products. -+ Last updated 02/12/2021-+
cognitive-services Direct Line Speech https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/direct-line-speech.md
Title: Direct Line Speech - Speech service
description: An overview of the features, capabilities, and restrictions for Voice assistants using Direct Line Speech with the Speech Software Development Kit (SDK). -+ Last updated 03/11/2020-+ # What is Direct Line Speech?
cognitive-services Get Speech Devices Sdk https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/get-speech-devices-sdk.md
Title: Get the Speech Devices SDK
description: The Speech service works with a wide variety of devices and audio sources. Now, you can take your speech applications to the next level with matched hardware and software. In this article, you'll learn how to get access to the Speech Devices SDK and start developing. -+ Last updated 04/14/2019-+ # Get the Cognitive Services Speech Devices SDK
cognitive-services Get Started Intent Recognition https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/get-started-intent-recognition.md
Title: "Intent recognition quickstart - Speech service"
description: In this quickstart, you use intent recognition to interactively recognize intents from audio data captured from a microphone. -+ Last updated 05/04/2021-+ zone_pivot_groups: programming-languages-speech-services-one-nomore-no-go keywords: intent recognition
cognitive-services Get Started Speaker Recognition https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/get-started-speaker-recognition.md
Title: "Speaker Recognition quickstart - Speech service"
description: Learn how to use Speaker Recognition from the Speech SDK to answer the question, "who is speaking". In this quickstart, you learn about common design patterns for working with both speaker verification and identification, which both use voice biometry to identify unique voices. -+ Last updated 09/02/2020-+ zone_pivot_groups: programming-languages-set-twenty-five keywords: speaker recognition, voice biometry
cognitive-services Get Started Speech To Text https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/get-started-speech-to-text.md
Title: "Speech-to-text quickstart - Speech service"
description: Learn how to use the Speech SDK to convert speech-to-text. In this quickstart, you learn about object construction, supported audio input formats, and configuration options for speech recognition. -+ Last updated 09/15/2020-+ zone_pivot_groups: programming-languages-set-twenty-three keywords: speech to text, speech to text software
cognitive-services Get Started Speech Translation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/get-started-speech-translation.md
Title: Speech translation quickstart - Speech service
description: Learn how to use the Speech SDK to translate speech. In this quickstart, you learn about object construction, supported audio input formats, and configuration options for speech translation. -+ Last updated 09/01/2020-+ zone_pivot_groups: programming-languages-set-two-with-js-spx keywords: speech translation
cognitive-services Get Started Text To Speech https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/get-started-text-to-speech.md
Title: "Text-to-speech quickstart - Speech service"
description: Learn how to use the Speech SDK to convert text-to-speech. In this quickstart, you learn about object construction and design patterns, supported audio output formats, the Speech CLI, and custom configuration options for speech synthesis. -+ Last updated 05/17/2021-+ zone_pivot_groups: programming-languages-set-twenty-four keywords: text to speech
cognitive-services How To Audio Content Creation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-audio-content-creation.md
Title: Audio Content Creation - Speech service
description: Audio Content Creation is an online tool that allows you to customize and fine-tune Microsoft's text-to-speech output for your apps and products. -+ Last updated 01/31/2020-+ # Improve synthesis with the Audio Content Creation tool
cognitive-services How To Automatic Language Detection https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-automatic-language-detection.md
Title: How to use language identification
description: Language identification can be used with speech recognition to determine the language being spoken in speech audio being recognized. -+ Last updated 05/21/2021-+ zone_pivot_groups: programming-languages-speech-services-nomore-variant
zone_pivot_groups: programming-languages-speech-services-nomore-variant
Language identification is used to determine the language being spoken in audio passed to the Speech SDK when compared against a list of provided languages. The value returned by language identification is then used to select the language model for speech to text, providing you with a more accurate transcription.
-Language identification can also be used while doing [speech translation](./get-started-speech-translation.md?pivots=programming-language-csharp&tabs=script%2cwindowsinstall#multi-lingual-translation-with-language-identification), or by doing [standalone identification](/azure/cognitive-services/speech-service/language-identification). To see which languages are available, see [Language support](language-support.md).
+Language identification can also be used while doing [speech translation](./get-started-speech-translation.md?pivots=programming-language-csharp&tabs=script%2cwindowsinstall#multi-lingual-translation-with-language-identification), or by doing [standalone identification](/azure/cognitive-services/speech-service/language-identification).
+
+To see which languages are available, see [Language support](language-support.md).
## Prerequisites
var autoDetectConfig = SpeechSDK.AutoDetectSourceLanguageConfig.fromSourceLangua
::: zone pivot="programming-language-objectivec" * See the [sample code](https://github.com/Azure-Samples/cognitive-services-speech-sdk/blob/master/samples/objective-c/ios/speech-samples/speech-samples/ViewController.m#L525) on GitHub for language identification ::: zone-end-
-* [Speech SDK reference documentation](speech-sdk.md)
cognitive-services How To Custom Commands Update Command From Client https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-custom-commands-update-command-from-client.md
Title: 'Update a command parameter from a client app'
description: Learn how to update a command from a client application. -+ Last updated 10/20/2020-+ # Update a command from a client app
cognitive-services How To Custom Commands Update Command From Web Endpoint https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-custom-commands-update-command-from-web-endpoint.md
Title: 'Update a command from a web endpoint'
description: Learn how to update the state of a command by using a call to a web endpoint. -+ Last updated 10/20/2020-+ # Update a command from a web endpoint
cognitive-services How To Custom Speech Evaluate Data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-custom-speech-evaluate-data.md
Title: "Evaluate and improve Custom Speech accuracy - Speech service"
description: "In this document you learn how to quantitatively measure and improve the quality of our speech-to-text model or your custom model. Audio + human-labeled transcription data is required to test accuracy, and 30 minutes to 5 hours of representative audio should be provided." -+ Last updated 02/12/2021-+ # Evaluate and improve Custom Speech accuracy
cognitive-services How To Custom Speech Human Labeled Transcriptions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-custom-speech-human-labeled-transcriptions.md
Title: Human-labeled transcriptions guidelines - Speech service
description: To improve speech recognition accuracy, such as when words are deleted or incorrectly substituted, you can use human-labeled transcriptions along with your audio data. Human-labeled transcriptions are word-by-word, verbatim transcriptions of an audio file. -+ Last updated 02/12/2021-+ # How to create human-labeled transcriptions
cognitive-services How To Custom Speech Inspect Data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-custom-speech-inspect-data.md
Title: Inspect data quality for Custom Speech - Speech service
description: Custom Speech provides tools that allow you to visually inspect the recognition quality of a model by comparing audio data with the corresponding recognition result. You can play back uploaded audio and determine if the provided recognition result is correct. -+ Last updated 02/12/2021-+ # Inspect Custom Speech data
cognitive-services How To Custom Speech Test And Train https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-custom-speech-test-and-train.md
Title: "Prepare data for Custom Speech - Speech service"
description: "When testing the accuracy of Microsoft speech recognition or training your custom models, you'll need audio and text data. On this page, we cover the types of data, how to use, and manage them." -+ Last updated 02/12/2021-+ # Prepare data for Custom Speech
cognitive-services How To Custom Speech Train Model https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-custom-speech-train-model.md
Title: Train and deploy a Custom Speech model - Speech service
description: Learn how to train and deploy Custom Speech models. Training a speech-to-text model can improve recognition accuracy for the Microsoft baseline model or a for custom model. -+ Last updated 02/12/2021-+ # Train and deploy a Custom Speech model
cognitive-services How To Custom Voice Create Voice https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-custom-voice-create-voice.md
Title: "Create a Custom Voice - Speech service"
description: "When you're ready to upload your data, go to the Custom Voice portal. Create or select a Custom Voice project. The project must share the right language/locale and the gender properties as the data you intend to use for your voice training." -+ Last updated 11/04/2019-+ # Create and use your voice model
cognitive-services How To Custom Voice Prepare Data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-custom-voice-prepare-data.md
Title: "How to prepare data for Custom Voice - Speech service"
description: "Create a custom voice for your brand with the Speech service. You provide studio recordings and the associated scripts, the service generates a unique voice model tuned to the recorded voice. Use this voice to synthesize speech in your products, tools, and applications." -+ Last updated 11/04/2019-+ # Prepare training data
cognitive-services How To Custom Voice https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-custom-voice.md
Title: "Get started with Custom Neural Voice - Speech service"
description: "Custom Neural Voice is a set of online tools that allow you to create a recognizable, one-of-a-kind voice for your brand. All it takes to get started are a handful of audio files and the associated transcriptions." -+ Last updated 05/18/2021-+ # Get started with Custom Neural Voice
cognitive-services How To Develop Custom Commands Application https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-develop-custom-commands-application.md
description: Learn how to develop and customize Custom Commands applications. These voice-command apps are best suited for task completion or command-and-control scenarios. -+ Last updated 12/15/2020-+ # Develop Custom Commands applications
cognitive-services How To Migrate From Bing Speech https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-migrate-from-bing-speech.md
Last updated 04/03/2020-+ # Customer intent: As a developer currently using the deprecated Bing Speech, I want to learn the differences between Bing Speech and the Speech service, so that I can migrate my application to the Speech service.
cognitive-services How To Recognize Intents From Speech Csharp https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-recognize-intents-from-speech-csharp.md
Title: How to recognize intents from speech using the Speech SDK C#
description: In this guide, you learn how to recognize intents from speech using the Speech SDK for C#. -+ Last updated 02/10/2020-+
cognitive-services How To Track Speech Sdk Memory Usage https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-track-speech-sdk-memory-usage.md
Title: How to track Speech SDK memory usage - Speech service
description: The Speech Service SDK supports numerous programming languages for speech-to-text and text-to-speech conversion, along with speech translation. This article discusses memory management tooling built into the SDK. -+
cognitive-services How To Use Conversation Transcription https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-use-conversation-transcription.md
Title: Real-time Conversation Transcription quickstart - Speech service
description: Learn how to use real-time Conversation Transcription with the Speech SDK. Conversation Transcription allows you to transcribe meetings and other conversations with the ability to add, remove, and identify multiple participants by streaming audio to the Speech service. -+ Last updated 10/20/2020-+ zone_pivot_groups: acs-js-csharp
cognitive-services Language Identification https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/language-identification.md
zone_pivot_groups: programming-languages-cs-cpp-py
# Language identification
-Language identification is used to determine the language being spoken in audio passed to the Speech SDK when compared against a list of provided languages. The value returned by language identification is then used to select the language model for speech to text, providing you with a more accurate transcription.
+Language identification is used to determine the language being spoken in audio passed to the Speech SDK when compared against a list of provided languages.
-Language identification can also be used while doing [speech translation](./get-started-speech-translation.md#multi-lingual-translation-with-language-identification), or by doing [language identification during speech recognition](/azure/cognitive-services/speech-service/how-to-automatic-language-detection). To see which languages are available, see [Language support](language-support.md).
+Language identification can also be used while doing [speech translation](./get-started-speech-translation.md#multi-lingual-translation-with-language-identification), or by doing [language identification during speech recognition](/azure/cognitive-services/speech-service/how-to-automatic-language-detection).
+
+To see which languages are available, see [Language support](language-support.md).
## Prerequisites
cognitive-services Language Support https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/language-support.md
Title: Language support - Speech service
description: The Speech service supports numerous languages for speech-to-text and text-to-speech conversion, along with speech translation. This article provides a comprehensive list of language support by service feature. -+ Last updated 01/07/2021-+
cognitive-services Long Audio Api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/long-audio-api.md
Title: Long Audio API - Speech service
description: Learn how the Long Audio API is designed for asynchronous synthesis of long-form text to speech. -+ Last updated 08/11/2020-+ # Long Audio API
cognitive-services Multi Device Conversation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/multi-device-conversation.md
Title: Multi-device Conversation (Preview) - Speech Service
description: Multi-device conversation makes it easy to create a speech or text conversation between multiple clients and coordinate the messages that are sent between them. -+ Last updated 03/11/2020-+ # What is Multi-device Conversation (Preview)?
cognitive-services Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/overview.md
Title: What is the Speech service?
description: The Speech service is the unification of speech-to-text, text-to-speech, and speech translation into a single Azure subscription. Add speech to your applications, tools, and devices with the Speech SDK, Speech Devices SDK, or REST APIs. -+ Last updated 11/23/2020-+ # What is the Speech service?
cognitive-services Setup Platform https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/quickstarts/setup-platform.md
Title: 'Quickstart: Set up development environment'
description: In this quickstart, you'll learn how to install the Speech SDK for your preferred platform and programming language combination. -+ Last updated 10/15/2020-+ zone_pivot_groups: programming-languages-speech-services-one-nomore
cognitive-services Record Custom Voice Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/record-custom-voice-samples.md
Title: "Record custom voice samples - Speech service"
description: Make a production-quality custom voice by preparing a robust script, hiring good voice talent, and recording professionally. -+ Last updated 04/13/2020-+ # Record voice samples to create a custom voice
cognitive-services Rest Speech To Text https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/rest-speech-to-text.md
Title: Speech-to-text API reference (REST) - Speech service
description: Learn how to use the speech-to-text REST API. In this article, you'll learn about authorization options, query options, how to structure a request and receive a response. -+ Last updated 07/01/2021-+
cognitive-services Rest Text To Speech https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/rest-text-to-speech.md
Title: Text-to-speech API reference (REST) - Speech service
description: Learn how to use the text-to-speech REST API. In this article, you'll learn about authorization options, query options, how to structure a request and receive a response. -+ Last updated 07/01/2021-+
cognitive-services Speaker Recognition Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speaker-recognition-overview.md
Title: Speaker Recognition overview - Speech service
description: Speaker Recognition provides algorithms that verify and identify speakers by their unique voice characteristics using voice biometry. Speaker Recognition is used to answer the question ΓÇ£who is speaking?ΓÇ¥. This article is an overview of the benefits and capabilities of the Speaker Recognition service. -+ Last updated 09/02/2020-+ keywords: speaker recognition, voice biometry
cognitive-services Speech Devices Sdk Microphone https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speech-devices-sdk-microphone.md
Title: Speech Devices SDK microphone array recommendations
description: Speech Devices SDK microphone array recommendations. These array geometries are recommended for use with the Microsoft Audio Stack. -+ Last updated 07/16/2019-+ # Speech Devices SDK Microphone array recommendations
cognitive-services Speech Devices Sdk Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speech-devices-sdk-quickstart.md
Title: 'Quickstart: Run the Speech Devices SDK on Windows, Linux or Android - Sp
description: This article contains the prerequisites and instructions for getting started with a Windows, Linux or Android Speech Devices SDK. -+ Last updated 06/25/2020-+ zone_pivot_groups: platforms-set-of-three
cognitive-services Speech Devices Sdk Roobo V1 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speech-devices-sdk-roobo-v1.md
Title: Speech Devices SDK Roobo Smart Audio Dev Kit v1 - Speech service
description: Prerequisites and instructions for getting started with the Speech Devices SDK, Roobo Smart Audio Dev Kit v1. -+ Last updated 07/05/2019-+ # Device: Roobo Smart Audio Dev Kit
cognitive-services Speech Devices Sdk https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speech-devices-sdk.md
Title: Speech Devices SDK - Speech service
description: Get started with the Speech Devices SDK. The Speech service works with a wide variety of devices and audio sources. The Speech Devices SDK is a pre-tuned library that's paired with purpose-built, microphone array development kits. -+ Last updated 03/11/2020-+ # What is the Speech Devices SDK?
cognitive-services Speech Sdk https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speech-sdk.md
Title: About the Speech SDK - Speech service
description: The Speech software development kit (SDK) exposes many of the Speech service capabilities, making it easier to develop speech-enabled applications. -+ Last updated 04/03/2020-+ # About the Speech SDK
cognitive-services Speech Studio Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speech-studio-overview.md
Title: "Speech Studio overview - Speech service"
description: Speech Studio is a set of UI-based tools for building and integrating features from Azure Speech service in your applications. -+ Last updated 05/07/2021-+ # What is Speech Studio?
cognitive-services Speech Synthesis Markup https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speech-synthesis-markup.md
Title: Speech Synthesis Markup Language (SSML) - Speech service
description: Using the Speech Synthesis Markup Language to control pronunciation and prosody in text-to-speech. -+ Last updated 03/23/2020-+
cognitive-services Speech To Text https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speech-to-text.md
Title: Speech-to-text overview - Speech service
description: Speech-to-text software enables real-time transcription of audio streams into text. Your applications, tools, or devices can consume, display, and take action on this text input. This article is an overview of the benefits and capabilities of the speech-to-text service. -+ Last updated 09/01/2020-+ keywords: speech to text, speech to text software
cognitive-services Speech Translation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speech-translation.md
Title: Speech translation overview - Speech service
description: Speech translation allows you to add end-to-end, real-time, multi-language translation of speech to your applications, tools, and devices. The same API can be used for both speech-to-speech and speech-to-text translation. This article is an overview of the benefits and capabilities of the speech translation service. -+ Last updated 09/01/2020-+ keywords: speech translation
cognitive-services Spx Basics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/spx-basics.md
Title: "Speech CLI quickstart - Speech service"
description: Get started with the Azure Speech CLI. You can interact with Speech services like speech to text, text to speech, and speech translation without writing code. -+ Last updated 04/28/2021-+ # Get started with the Azure Speech CLI
cognitive-services Spx Batch Operations https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/spx-batch-operations.md
Title: "Speech CLI batch operations - Speech service"
description: learn how to do batch speech to text (speech recognition), batch text to speech (speech synthesis) with the Speech CLI. -+ Last updated 01/13/2021-+ # Speech CLI batch operations
cognitive-services Spx Data Store Configuration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/spx-data-store-configuration.md
Title: "Speech CLI configuration options - Speech service"
description: Learn how to create and manage configuration files for use with the Azure Speech CLI. -+ Last updated 01/13/2021-+ # Speech CLI configuration options
cognitive-services Spx Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/spx-overview.md
Title: The Azure Speech CLI
description: The Speech CLI is a command-line tool for using the Speech service without writing any code. The Speech CLI requires minimal setup, and it's easy to immediately start experimenting with key features of the Speech service to see if your use-cases can be met. -+ Last updated 01/13/2021-+
cognitive-services Text To Speech https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/text-to-speech.md
Title: Text-to-speech overview - Speech service
description: The text-to-speech feature in the Speech service enables your applications, tools, or devices to convert text into natural human-like synthesized speech. This article is an overview of the benefits and capabilities of the text-to-speech service. -+ Previously updated : 08/31/2021- Last updated : 09/01/2020++ keywords: text to speech
cognitive-services Tutorial Tenant Model https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/tutorial-tenant-model.md
Title: Create a tenant model (preview) - Speech Service
description: Automatically generate a secure, compliant tenant model (Custom Speech with Microsoft 365 data) that uses your Microsoft 365 data to deliver optimal speech recognition for organization-specific terms. -+ Last updated 06/25/2020-+
cognitive-services Tutorial Voice Enable Your Bot Speech Sdk https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/tutorial-voice-enable-your-bot-speech-sdk.md
Title: "Tutorial: Voices enable your bot using Speech SDK - Speech service"
description: In this tutorial, you'll create an Echo Bot using Microsoft Bot Framework, deploy it to Azure, and register it with the Bot Framework Direct Line Speech channel. Then you'll configure a sample client app for Windows that lets you speak to your bot and hear it respond back to you. -+ Last updated 02/25/2020-+
container-registry Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/container-registry/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure Container Registry description: Sample Azure Resource Graph queries for Azure Container Registry showing use of resource types and tables to access Azure Container Registry related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021
cosmos-db Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure Cosmos DB description: Sample Azure Resource Graph queries for Azure Cosmos DB showing use of resource types and tables to access Azure Cosmos DB related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021
cosmos-db Introduction https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/table/introduction.md
* Guaranteed high availability. * Automatic secondary indexing.
-Applications written for Azure Table storage can migrate to Azure Cosmos DB by using the Table API with no code changes and take advantage of premium capabilities. The Table API has client SDKs available for .NET, Java, Python, and Node.js.
+[Azure Data Table SDKs](https://devblogs.microsoft.com/azure-sdk/announcing-the-new-azure-data-tables-libraries/) are available for .NET, Java, Python, Node.js, and Go. These SDKs can be used to target either Table Storage or Cosmos DB Tables. Applications written for Azure Table storage using the Azure Data Tables SDKs can be migrated to the Azure Cosmos DB Table API with no code changes to take advantage of premium capabilities.
> [!NOTE] > The [serverless capacity mode](../serverless.md) is now available on Azure Cosmos DB's Table API.
frontdoor Front Door Caching https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/frontdoor/front-door-caching.md
ms.devlang: na
na Previously updated : 09/29/2020 Last updated : 09/03/2021
The following request headers won't be forwarded to a backend when using caching
- Content-Length - Transfer-Encoding
-## Cache duration
+## Cache behavior and duration
-Cache duration can be configured in both the Front Door Designer and in Rules Engine. The cache duration set in the Front Door designer is the minimum cache duration. This override won't work if the cache control header from the origin has greater TTL than override value.
+Cache behavior and duration can be configured in both the Front Door designer routing rule and in Rules Engine. Rules Engine caching configuration will always override the Front Door designer routing rule configuration.
-The cache duration set via Rules Engine is a true cache override, meaning that it will use the override value no matter what the origin response header is.
+* When *caching* is **disabled**, Front Door doesnΓÇÖt cache the response contents, irrespective of origin response directives.
+
+* When *caching* is **enabled**, the cache behavior is different for different values of *Use cache default duration*.
+ * When *Use cache default duration* is set to **Yes**, Front Door will always honor origin response header directive. If the origin directive is missing, Front Door will cache contents anywhere from 1 to 3 days.
+ * When *Use cache default duration* is set to **No**, Front Door will always override with the *cache duration* (required fields), meaning that it will cache the contents for the cache duration ignoring the values from origin response directives.
+
+> [!NOTE]
+> The *cache duration* set in the Front Door designer routing rule is the **minimum cache duration**. This override won't work if the cache control header from the origin has a greater TTL than the override value.
## Next steps
governance Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/management-groups/resource-graph-samples.md
Title: Azure Resource Graph sample queries for management groups description: Sample Azure Resource Graph queries for management groups showing use of resource types and tables to access management group details. Previously updated : 08/31/2021 Last updated : 09/03/2021
governance Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/samples/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure Policy description: Sample Azure Resource Graph queries for Azure Policy showing use of resource types and tables to access Azure Policy related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021
governance Query Language https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/concepts/query-language.md
Title: Understand the query language description: Describes Resource Graph tables and the available Kusto data types, operators, and functions usable with Azure Resource Graph. Previously updated : 08/27/2021 Last updated : 09/03/2021 # Understanding the Azure Resource Graph query language
properties from related resource types. Here is the list of tables available in
|ExtendedLocationResources |No |Includes resources _related_ to `Microsoft.ExtendedLocation`. | |GuestConfigurationResources |No |Includes resources _related_ to `Microsoft.GuestConfiguration`. | |HealthResources|Yes |Includes resources _related_ to `Microsoft.ResourceHealth/availabilitystatuses`. |
+|IoTSecurityResources |No |Includes resources _related_ to `Microsoft.IoTSecurity`. |
|KubernetesConfigurationResources |No |Includes resources _related_ to `Microsoft.KubernetesConfiguration`. | |MaintenanceResources |Partial, join _to_ only. (preview) |Includes resources _related_ to `Microsoft.Maintenance`. | |PatchAssessmentResources|No |Includes resources _related_ to Azure Virtual Machines patch assessment. |
governance Supported Tables Resources https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/reference/supported-tables-resources.md
Title: Supported Azure Resource Manager resource types description: Provide a list of the Azure Resource Manager resource types supported by Azure Resource Graph and Change History. Previously updated : 08/31/2021 Last updated : 09/03/2021
For sample queries for this table, see [Resource Graph sample queries for adviso
- microsoft.advisor/configurations - microsoft.advisor/recommendations - Sample query: [Get cost savings summary from Azure Advisor](../samples/samples-by-category.md#get-cost-savings-summary-from-azure-advisor)
+ - Sample query: [List Arc-enabled servers not running latest released agent version](../samples/samples-by-category.md#list-arc-enabled-servers-not-running-latest-released-agent-version)
- microsoft.advisor/recommendations/suppressions - microsoft.advisor/suppressions
For sample queries for this table, see [Resource Graph sample queries for health
- Sample query: [List of virtual machines by availability state and power state with Resource Ids and resource Groups](../samples/samples-by-category.md#list-of-virtual-machines-by-availability-state-and-power-state-with-resource-ids-and-resource-groups) - Sample query: [List of virtual machines that are not Available by Resource Ids](../samples/samples-by-category.md#list-of-virtual-machines-that-are-not-available-by-resource-ids)
+## iotsecurityresources
+
+- microsoft.iotsecurity/locations/devicegroups/alerts
+- microsoft.iotsecurity/locations/devicegroups/devices
+- microsoft.iotsecurity/locations/devicegroups/recommendations
+- microsoft.iotsecurity/onpremisesensors
+- microsoft.iotsecurity/sensors
+- microsoft.iotsecurity/sites
+ ## kubernetesconfigurationresources For sample queries for this table, see [Resource Graph sample queries for kubernetesconfigurationresources](../samples/samples-by-table.md#kubernetesconfigurationresources).
For sample queries for this table, see [Resource Graph sample queries for resour
- Microsoft.ContainerRegistry/registries/webhooks (Container registry webhooks) - microsoft.containerservice/containerservices - Microsoft.ContainerService/managedClusters (Kubernetes services)
+ - Sample query: [List impacted resources when transferring an Azure subscription](../samples/samples-by-category.md#list-impacted-resources-when-transferring-an-azure-subscription)
- microsoft.containerservice/openshiftmanagedclusters - microsoft.contoso/clusters - microsoft.contoso/employees
For sample queries for this table, see [Resource Graph sample queries for resour
- Microsoft.DataFactory/factories (Data factories (V2)) - Microsoft.DataLakeAnalytics/accounts (Data Lake Analytics) - Microsoft.DataLakeStore/accounts (Data Lake Storage Gen1)
+ - Sample query: [List impacted resources when transferring an Azure subscription](../samples/samples-by-category.md#list-impacted-resources-when-transferring-an-azure-subscription)
- microsoft.datamigration/controllers - Microsoft.DataMigration/services (Azure Database Migration Services) - Microsoft.DataMigration/services/projects (Azure Database Migration Projects)
For sample queries for this table, see [Resource Graph sample queries for resour
- Microsoft.HybridCompute/machines (Servers - Azure Arc) - Sample query: [Get count and percentage of Arc-enabled servers by domain](../samples/samples-by-category.md#get-count-and-percentage-of-arc-enabled-servers-by-domain) - Sample query: [List all extensions installed on an Azure Arc-enabled server](../samples/samples-by-category.md#list-all-extensions-installed-on-an-azure-arc-enabled-server)
+ - Sample query: [List Arc-enabled servers not running latest released agent version](../samples/samples-by-category.md#list-arc-enabled-servers-not-running-latest-released-agent-version)
- microsoft.hybridcompute/machines/extensions - Sample query: [List all extensions installed on an Azure Arc-enabled server](../samples/samples-by-category.md#list-all-extensions-installed-on-an-azure-arc-enabled-server) - Microsoft.HybridCompute/privateLinkScopes (Azure Arc Private Link Scopes)
For sample queries for this table, see [Resource Graph sample queries for resour
- Microsoft.KeyVault/vaults (Key vaults) - Sample query: [Count key vault resources](../samples/samples-by-category.md#count-key-vault-resources) - Sample query: [Key vaults with subscription name](../samples/samples-by-category.md#key-vaults-with-subscription-name)
+ - Sample query: [List impacted resources when transferring an Azure subscription](../samples/samples-by-category.md#list-impacted-resources-when-transferring-an-azure-subscription)
- Microsoft.Kubernetes/connectedClusters (Kubernetes - Azure Arc) - Sample query: [List all Azure Arc-enabled Kubernetes clusters without Azure Monitor extension](../samples/samples-by-category.md#list-all-azure-arc-enabled-kubernetes-clusters-without-azure-monitor-extension) - Sample query: [List all Azure Arc-enabled Kubernetes resources](../samples/samples-by-category.md#list-all-azure-arc-enabled-kubernetes-resources)
For sample queries for this table, see [Resource Graph sample queries for resour
- microsoft.maintenance/maintenancepolicies - microsoft.managedidentity/groups - Microsoft.ManagedIdentity/userAssignedIdentities (Managed Identities)
+ - Sample query: [List impacted resources when transferring an Azure subscription](../samples/samples-by-category.md#list-impacted-resources-when-transferring-an-azure-subscription)
- microsoft.managednetwork/managednetworkgroups - microsoft.managednetwork/managednetworkpeeringpolicies - microsoft.managednetwork/managednetworks
For sample queries for this table, see [Resource Graph sample queries for resour
- Microsoft.Sql/managedInstances/databases (Managed databases) - Microsoft.Sql/servers (SQL servers) - Microsoft.Sql/servers/databases (SQL databases)
+ - Sample query: [List impacted resources when transferring an Azure subscription](../samples/samples-by-category.md#list-impacted-resources-when-transferring-an-azure-subscription)
- Sample query: [List SQL Databases and their elastic pools](../samples/samples-by-category.md#list-sql-databases-and-their-elastic-pools) - Microsoft.Sql/servers/elasticpools (SQL elastic pools) - Sample query: [List SQL Databases and their elastic pools](../samples/samples-by-category.md#list-sql-databases-and-their-elastic-pools)
For sample queries for this table, see [Resource Graph sample queries for resour
- Sample query: [Find storage accounts with a specific case-insensitive tag on the resource group](../samples/samples-by-category.md#find-storage-accounts-with-a-specific-case-insensitive-tag-on-the-resource-group) - Sample query: [Find storage accounts with a specific case-sensitive tag on the resource group](../samples/samples-by-category.md#find-storage-accounts-with-a-specific-case-sensitive-tag-on-the-resource-group) - Sample query: [List all storage accounts with specific tag value](../samples/samples-by-category.md#list-all-storage-accounts-with-specific-tag-value)
+ - Sample query: [List impacted resources when transferring an Azure subscription](../samples/samples-by-category.md#list-impacted-resources-when-transferring-an-azure-subscription)
- microsoft.storagecache/amlfilesystems - Microsoft.StorageCache/caches (HPC caches) - Microsoft.StoragePool/diskPools (Disk Pools)
governance Samples By Category https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/samples/samples-by-category.md
Title: List of sample Azure Resource Graph queries by category description: List sample queries for Azure Resource-Graph. Categories include Tags, Azure Advisor, Key Vault, Kubernetes, Guest Configuration, and more. Previously updated : 08/31/2021 Last updated : 09/03/2021
governance Samples By Table https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/samples/samples-by-table.md
Title: List of sample Azure Resource Graph queries by table description: List sample queries for Azure Resource-Graph. Tables include Resources, ResourceContainers, PolicyResources, and more. Previously updated : 08/31/2021 Last updated : 09/03/2021
key-vault Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/key-vault/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure Key Vault description: Sample Azure Resource Graph queries for Azure Key Vault showing use of resource types and tables to access Azure Key Vault related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021
marketplace What Is New https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/marketplace/what-is-new.md
Previously updated : 08/06/2021 Last updated : 09/03/2021 # What's new in the Microsoft commercial marketplace
Learn about important updates in the commercial marketplace program of Partner C
## New features | Category | Description | Date |
-| | - | - |
+| | | |
+| Offers | Setup and maintenance of Power BI Visuals is migrating from the Office Store to the commercial marketplace this month. [This FAQ](/azure/marketplace/power-bi-visual-faq) provides a summary of improvements to the offer submission process. | 2021-09-07 |
| Offers | Additional properties at the plan level are now available for Azure Virtual Machine offers. See the [virtual machine technical configuration properties](azure-vm-create-plans.md#properties) article for more information. | 2021-07-26 | | Fees | Microsoft has changed its fees for certain services. See [Commercial marketplace transact capabilities](marketplace-commercial-transaction-capabilities-and-considerations.md#examples-of-pricing-and-store-fees) and Common questions about payouts and taxes, "[How do I find the current Store Service Fee and the payout rate?](/partner-center/payout-faq)". | 2021-07-14 | | Offers | Publishers can publish a virtual machine (VM) that they have built on premises. To learn more, see [Create a virtual machine using your own image](./azure-vm-create-using-own-image.md). | 2021-06-23 |
Learn about important updates in the commercial marketplace program of Partner C
## Tax updates | Category | Description | Date |
-| | - | - |
+| | | |
| Taxation | End-customer taxation in Australia is managed by Microsoft, except for customer purchases made through an enterprise agreement, which are managed by the publisher. | 2021-07-01 | | Taxation | Updated [tax details page](/partner-center/tax-details-marketplace) country list to include the following: <ul><li>Argentina</li><li>Bulgaria</li><li>Hong Kong SAR</li><li>Korea (South)</li><li>Pakistan</li><li>Palestinian Authority</li><li>Panama</li><li>Paraguay</li><li>Peru</li><li>Philippines</li><li>Saint Kitts and Nevis</li><li>Senegal</li><li>Sri Lanka</li><li>Tajikistan</li><li>Tanzania</li><li>Thailand</li><li>Trinidad and Tobago</li><li>Tunisia</li><li>Turkmenistan</li><li>Uganda</li><li>Uzbekistan</li><li>Zimbabwe</li></ul> | 2021-07-01 | | Taxation | Nigeria moved from the "shared publisher/developer-managed countries" list to the ΓÇ£end-customer taxation with differences in Marketplaces". | 2021-07-01 |
Learn about important updates in the commercial marketplace program of Partner C
## Documentation updates | Category | Description | Date |
-| | - | - |
+| | | |
| Offers | The [Commercial marketplace transact capabilities](/azure/marketplace/marketplace-commercial-transaction-capabilities-and-considerations) topic now includes a flowchart to help you determine the appropriate transactable offer type and pricing plan to sell your software in the commercial marketplace. | 2021-08-18 | | Policy | Updated [certification](/legal/marketplace/certification-policies?context=/azure/marketplace/context/context) policy; see [change history](/legal/marketplace/offer-policies-change-history). | 2021-08-06 | | Co-sell | Information added for the MACC program including, requirements, how often we update MACC status, and definitions for Enrolled, and not Enrolled. To learn more, see [Azure Consumption Commitment enrollment](./azure-consumption-commitment-enrollment.md), or [Co-sell with Microsoft sales teams and partners overview](./co-sell-overview.md). | 2021-06-03 |
network-watcher Connection Monitor Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/network-watcher/connection-monitor-overview.md
The script creates registry keys required by the solution. It also creates Windo
The script configures only Windows Firewall locally. If you have a network firewall, make sure that it allows traffic destined for the TCP port used by Network Performance Monitor.
+The LA Windows agent can be multihomed to send data to multiple workspaces and System Center Operations Manager management groups. The Linux agent can send to only a single destination, either a workspace or management group.
+
+#### Enable Network Performance Monitor Solution for on-premise machines
+
+Follow the following steps to enable Network Performance Monitor Solution for on-premise machines
+
+1. On the Azure portal home page, go to Network Watcher
+2. On the left, in the Monitoring section, select Network Performance Monitor
+3. On the Portal you will see a list of Workspaces with NPM Solution enabled, filtered by Subscriptions
+4. To add NPM solution in a New Workspace , click on "+ Add NPM " on the top left of the Portal
+5. Select the Subscription and Workspace in which you wish to enable the solution and click on Create
+6. The Workspace will take a couple of minutes to show up on the Portal after enabling the solution.
++
+Unlike LA agents, NPM Solution can only be configured to send data to a single LA workspace
+ ## Enable Network Watcher on your subscription All subscriptions that have a virtual network are enabled with Network Watcher. When you create a virtual network in your subscription, Network Watcher is automatically enabled in the virtual network's region and subscription. This automatic enabling doesn't affect your resources or incur a charge. Ensure that Network Watcher isn't explicitly disabled on your subscription.
For networks whose sources are Azure VMs, the following issues can be detected:
* BGP isn't enabled on the gateway connection. * The DIP probe is down at the load balancer.
-## Comparision between Azure's Connectivity Monitoring Support
+## Comparison between Azure's Connectivity Monitoring Support
You can migrate tests from Network Performance Monitor and Connection Monitor (Classic) to New, Improved Connection Monitor with a single click and with zero downtime.
networking Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/networking/fundamentals/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure networking description: Sample Azure Resource Graph queries for Azure networking showing use of resource types and tables to access Azure networking related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021
role-based-access-control Transfer Subscription https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/role-based-access-control/transfer-subscription.md
ms.devlang: na Previously updated : 07/14/2021 Last updated : 09/04/2021
Several Azure resources have a dependency on a subscription or a directory. Depe
> [!WARNING] > If you are using encryption at rest for a resource, such as a storage account or SQL database, that has a dependency on a key vault that is **not** in the same subscription that is being transferred, it can lead to an unrecoverable scenario. If you have this situation, you should take steps to use a different key vault or temporarily disable customer-managed keys to avoid this unrecoverable scenario.
+To get a list of some of the Azure resources that are impacted when you transfer a subscription, you can also run a query in [Azure Resource Graph](../governance/resource-graph/overview.md). For a sample query, see [List impacted resources when transferring an Azure subscription](../governance/resource-graph/samples/samples-by-category.md#list-impacted-resources-when-transferring-an-azure-subscription).
+ ## Prerequisites To complete these steps, you will need:
search Knowledge Store Concept Intro https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/search/knowledge-store-concept-intro.md
The simplest approach for creating enriched documents is [through the portal](kn
> [!div class="nextstepaction"] > [Create a knowledge store using Postman and REST](knowledge-store-create-rest.md)-
-Or, take a closer look at [projections](knowledge-store-projection-overview.md). To walk through an example that demonstrates advanced projections concepts like slicing, inline shaping, and relationships, start with [Define projections in a knowledge store](knowledge-store-projections-examples.md).
search Knowledge Store Create Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/search/knowledge-store-create-portal.md
Last updated 09/02/2021
# Quickstart: Create a knowledge store in the Azure portal
-Knowledge store is a feature of Azure Cognitive Search that sends skillset output from an [AI enrichment pipeline](cognitive-search-concept-intro.md) to Azure Storage for subsequent analysis or downstream processing.
+Knowledge store is a feature of Azure Cognitive Search that sends output from an [AI enrichment pipeline](cognitive-search-concept-intro.md) to Azure Storage for subsequent analysis or downstream processing.
-An enrichment pipeline accepts unstructured text and image content, applies AI-powered processing by Cognitive Services, and outputs new structures and information that didn't previously exist. One of the physical data structures created by a pipeline is a [knowledge store](knowledge-store-concept-intro.md), which you can access through tools that analyze and explore content in Azure Storage such as [Storage Explorer](knowledge-store-view-storage-explorer.md) or [Power BI](knowledge-store-connect-power-bi.md).
+An enrichment pipeline accepts unstructured text and image content, applies AI-powered processing by Cognitive Services, and outputs new structures and information that didn't previously exist. One of the physical data structures created by a pipeline is a [knowledge store](knowledge-store-concept-intro.md), which you can access through any tool, app, or process that connects to Azure Storage.
-In this quickstart, you'll set up your data and then run the **Import data** wizard to create an enrichment pipeline that also generates a knowledge store. The knowledge store will contain original text content pulled from the source, plus AI-generated content that includes a sentiment score, key phrase extraction, and text translation of non-English customer comments.
+In this quickstart, you'll set up your data and then run the **Import data** wizard to create an enrichment pipeline that also generates a knowledge store. The knowledge store will contain original text content pulled from the source, plus AI-generated content that includes a sentiment label, key phrase extraction, and text translation of non-English customer comments.
> [!NOTE] > This quickstart is the fastest route to a finished knowledge store in Azure Storage. For more detailed coverage, see [Create a knowledge store in REST](knowledge-store-create-rest.md) instead.
In this wizard step, add skills for AI enrichment. The source data consists of c
1. Scroll down and expand **Save enrichments to knowledge store**.
-1. Select these **Azure table projections**:
+1. Select the following **Azure table projections**. The wizard always offers the **Documents** projection. Other projections will be offered depending on the skills you select (such as **Key phrases**), or the enrichment granularity (**Pages**):
+ + **Documents** + **Pages** + **Key phrases**
-1. Enter the **Storage account Connection String** that you saved in a previous step.
- :::image type="content" source="media/knowledge-store-create-portal/hotel-reviews-ks.png" alt-text="Screenshot of the knowledge store definition" border="true":::
+1. Enter the **Storage account Connection String** that you saved in a previous step.
+ 1. Continue to the next page. ### Step 3: Configure the index
In the **Overview** page, open the **Indexers** tab in the middle of the page, a
## Check tables in Azure Storage
-In the Azure portal, switch to your Azure Storage account and use **Storage Explorer** to view the new tables. You should see six tables.
+In the Azure portal, switch to your Azure Storage account and use **Storage Explorer** to view the new tables. You should see three tables, one for each projection that was offered in the "Save enrichments" section of the "Add enrichments" page.
Each table is generated with the IDs necessary for cross-linking the tables in queries. When you open a table, scroll past these fields to view the content fields added by the pipeline.
- :::image type="content" source="media/knowledge-store-create-rest/knowledge-store-tables.png" alt-text="Screenshot of the knowledge store tables in Storage Explorer" border="true":::
-
-In this walkthrough, the knowledge store is composed of a various tables showing different ways of shaping and structuring a table. The first three rely on a Shaper skill to provide the columns and data values.
- | Table | Description | |-|-|
-| hotelReviews1Document | Contains fields carried forward from the CSV, such as reviews_date and reviews_text. |
-| hotelReviews2Pages | Contains enriched fields created by the skillset, such as sentiment score and translated text. |
-| hotelReviews3KeyPhrases | Contains a long list of just the key phrases. |
-| hotelReviews4InlineProjectionDocument | Alternative to the first table, using inline shaping instead of the Shaper skill to shape data for the projection. |
-| hotelReviews5InlineProjectionPages | Alternative to the second table, using inline shaping. |
-| hotelreviews6InlineProjectionKeyPhrases | Alternative to the third table, using inline shaping. |
+| hotelReviewssDocument | Contains fields carried forward from the CSV, such as reviews_date and reviews_text. |
+| hotelReviewssPages | Contains enriched fields created by the skillset, such as sentiment label and translated text. |
+| hotelReviewssKeyPhrases | Contains a long list of just the key phrases. |
+
+Your table should look similar to the following screenshot:
+
+ :::image type="content" source="media/knowledge-store-create-portal/azure-table-hotel-reviews.png" alt-text="Screenshot of the generated tables in Storage Explorer" border="true":::
## Clean up
If you are using a free service, remember that you are limited to three indexes,
## Next steps
-Now that you've enriched your data by using Cognitive Services and projected the results to a knowledge store, you can use Storage Explorer or other apps to explore your enriched data set.
-
-To learn how to explore this knowledge store by using Storage Explorer, see this walkthrough:
+Now that you've been introduced to a knowledge store, take a closer look at each step by switching over to the REST API walkthrough. Tasks that the wizard handled internally are explained in the REST walkthrough.
> [!div class="nextstepaction"]
-> [View with Storage Explorer](knowledge-store-view-storage-explorer.md)
+> [Create a knowledge store using REST and Postman](knowledge-store-create-rest.md)
search Knowledge Store Create Rest https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/search/knowledge-store-create-rest.md
Create the index by issuing a PUT request to `https://{{search-service-name}}.se
{ "name": "AzureSearch_DocumentKey", "type": "Edm.String", "searchable": false, "filterable": false, "sortable": false, "facetable": false, "key": true }, { "name": "language", "type": "Edm.String", "filterable": true, "sortable": false, "facetable": true }, { "name": "translated_text", "type": "Edm.String", "filterable": false, "sortable": false, "facetable": false },
- { "name": "sentiment", "type": "Collection(Edm.Double)", "searchable": false, "filterable": true, "retrievable": true, "sortable": false, "facetable": true },
+ { "name": "sentiment", "type": "Collection(Edm.String)", "searchable": false, "filterable": true, "retrievable": true, "sortable": false, "facetable": true },
{ "name": "keyphrases", "type": "Collection(Edm.String)", "filterable": true, "sortable": false, "facetable": true } ] }
To generate the skillset, select the **Send** button in Postman to PUT the reque
] }, {
- "@odata.type": "#Microsoft.Skills.Text.SentimentSkill",
+ "@odata.type": "#Microsoft.Skills.Text.V3.SentimentSkill",
"context": "/document/reviews_text/pages/*", "inputs": [ { "name": "text", "source": "/document/reviews_text/pages/*" },
security-center Defender For Container Registries Introduction https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security-center/defender-for-container-registries-introduction.md
Title: Azure Defender for container registries - the benefits and features
description: Learn about the benefits and features of Azure Defender for container registries. Previously updated : 08/16/2021 Last updated : 09/05/2021
To protect the Azure Resource Manager based registries in your subscription, ena
|Release state:|Generally available (GA)| |Pricing:|**Azure Defender for container registries** is billed as shown on [the pricing page](security-center-pricing.md)| |Supported registries and images:|Linux images in ACR registries accessible from the public internet with shell access<br>[ACR registries protected with Azure Private Link](../container-registry/container-registry-private-link.md)|
-|Unsupported registries and images:|Windows images<br>'Private' registries<br>Super-minimalist images such as [Docker scratch](https://hub.docker.com/_/scratch/) images, or "Distroless" images that only contain an application and its runtime dependencies without a package manager, shell, or OS<br>Images with [Open Container Initiative (OCI) Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/spec.md)|
+|Unsupported registries and images:|Windows images<br>'Private' registries (unless access is granted to [Trusted Services](../container-registry/allow-access-trusted-services.md#trusted-services))<br>Super-minimalist images such as [Docker scratch](https://hub.docker.com/_/scratch/) images, or "Distroless" images that only contain an application and its runtime dependencies without a package manager, shell, or OS<br>Images with [Open Container Initiative (OCI) Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/spec.md)|
|Required roles and permissions:|**Security reader** and [Azure Container Registry roles and permissions](../container-registry/container-registry-roles.md)| |Clouds:|:::image type="icon" source="./media/icons/yes-icon.png" border="false"::: Commercial clouds<br>:::image type="icon" source="./media/icons/yes-icon.png" border="false"::: US Gov and China Gov - Only the scan on push feature is currently supported. Learn more in [When are images scanned?](#when-are-images-scanned)| |||
security-center Defender For Resource Manager Introduction https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security-center/defender-for-resource-manager-introduction.md
Title: Azure Defender for Resource Manager - the benefits and features
description: Learn about the benefits and features of Azure Defender for Resource Manager Previously updated : 07/14/2021 Last updated : 09/05/2021
The cloud management layer is a crucial service connected to all your cloud reso
Azure Defender for Resource Manager automatically monitors the resource management operations in your organization, whether they're performed through the Azure portal, Azure REST APIs, Azure CLI, or other Azure programmatic clients. Azure Defender runs advanced security analytics to detect threats and alerts you about suspicious activity.
+>[!NOTE]
+> Some of these analytics are powered by [Microsoft Cloud App Security](/cloud-app-security/what-is-cloud-app-security). To benefit from these analytics, you must activate a Cloud App Security license. If you have a Cloud App Security license, then these alerts are enabled by default. To disable the alerts:
+>
+> 1. From Security Center's menu, select **Pricing & settings**.
+> 1. Select the subscription you want to change.
+> 1. Select **Integrations**.
+> 1. Clear **Allow Microsoft Cloud App Security to access my data**, and select **Save**.
++ ## Availability |Aspect|Details|
security-center Other Threat Protections https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security-center/other-threat-protections.md
Previously updated : 04/29/2021 Last updated : 09/05/2021
Some network configurations restrict Security Center from generating alerts on s
For a list of the Azure network layer alerts, see the [Reference table of alerts](alerts-reference.md#alerts-azurenetlayer). -
->[!NOTE]
-> Some of these analytics are powered by Microsoft Cloud App Security. To benefit from these analytics, you must activate a Cloud App Security license. If you have a Cloud App Security license, then these alerts are enabled by default. To disable the alerts:
->
-> 1. From Security Center's menu, select **Pricing & settings**.
-> 1. Select the subscription you want to change.
-> 1. Select **Integrations**.
-> 1. Clear **Allow Microsoft Cloud App Security to access my data**, and select **Save**.
-- >[!NOTE] > Security Center stores security-related customer data in the same geo as its resource. If Microsoft hasn't yet deployed Security Center in the resource's geo, then it stores the data in the United States. When Cloud App Security is enabled, this information is stored in accordance with the geo location rules of Cloud App Security. For more information, see [Data storage for non-regional services](https://azuredatacentermap.azurewebsites.net/).
security-center Recommendations Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security-center/recommendations-reference.md
description: This article lists Azure Security Center's security recommendations
Previously updated : 07/25/2021 Last updated : 09/05/2021
security-center Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security-center/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure Security Center description: Sample Azure Resource Graph queries for Azure Security Center showing use of resource types and tables to access Azure Security Center related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021
security-center Security Center Just In Time https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security-center/security-center-just-in-time.md
Previously updated : 07/12/2020 Last updated : 09/05/2021
From Security Center, you can enable and configure the JIT VM access.
- the last user - **Not configured** - VMs without JIT enabled, but that can support JIT. We recommend that you enable JIT for these VMs. - **Unsupported** - VMs without JIT enabled and which don't support the feature. Your VM might be in this tab for the following reasons:
- - Missing network security group (NSG) - JIT requires an NSG to be configured
+ - Missing network security group (NSG) or Azure Firewall - JIT requires an NSG to be configured or a Firewall configuration (or both)
- Classic VM - JIT supports VMs that are deployed through Azure Resource Manager, not 'classic deployment'. [Learn more about classic vs Azure Resource Manager deployment models](../azure-resource-manager/management/deployment-models.md). - Other - Your VM might be in this tab if the JIT solution is disabled in the security policy of the subscription or the resource group.
sentinel Customer Managed Keys https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/sentinel/customer-managed-keys.md
This article provides background information and steps to configure a [customer-
## Prerequisites -- The CMK capability requires a Log Analytics dedicated cluster with at least a 1 TB/day commitment tier. Several workspaces can be linked to the same dedicated cluster, and they will share the same customer-managed key.
+- The CMK capability requires a Log Analytics dedicated cluster with at least a 500 GB/day commitment tier. Multiple workspaces can be linked to the same dedicated cluster, and they will share the same customer-managed key.
- After you complete the steps in this guide and before you use the workspace, for onboarding confirmation, contact the [Azure Sentinel Product Group](mailto:azuresentinelCMK@microsoft.com).
Azure Sentinel does not support replacing a customer-managed key. You should use
In this document, you learned how to set up a customer-managed key in Azure Sentinel. To learn more about Azure Sentinel, see the following articles: - Learn how to [get visibility into your data, and potential threats](get-visibility.md). - Get started [detecting threats with Azure Sentinel](./detect-threats-built-in.md).-- [Use workbooks](monitor-your-data.md) to monitor your data.
+- [Use workbooks](monitor-your-data.md) to monitor your data.
sentinel Normalization About Parsers https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/sentinel/normalization-about-parsers.md
To ensure the performance of the parser, note the following filtering recommenda
Filtering recommendations for performance may not always be trivial to follow. For example, using `has` is less accurate than `contains`. In other cases, matching the built-in field, such as `SyslogMessage`, is less accurate than comparing an extracted field, such as `DvcAction`. In such cases, we recommend that you still pre-filter using a performance-optimizing operator over a built-in field, and repeat the filter using more accurate conditions after parsing.
-For an example, see the following [Infoblox DNS](https://github.com/Azure/Azure-Sentinel/tree/master/Parsers/ASimDns/ARM/Infoblox) parser snippet. The parser first checks that the SyslogMessage field `has` the word `client`. However, the term might be used in a different place in the message. Therefore, after parsing the `Log_Type` field, the parser checks again that the word `client` was indeed the field's value.
+For an example, see the following [Infoblox DNS](https://aka.ms/AzSentinelInfobloxParser) parser snippet. The parser first checks that the SyslogMessage field `has` the word `client`. However, the term might be used in a different place in the message. Therefore, after parsing the `Log_Type` field, the parser checks again that the word `client` was indeed the field's value.
```kusto Syslog | where ProcessName == "named" and SyslogMessage has "client"
When handling variants, use the following guidelines:
|Scenario |Handling | ||| |The different variants represent *different* event types, commonly mapped to different schemas | Use separate parsers |
-|The different variants represent the *same* event type but are structured differently. | If the variants are known, such as when there is a method to differentiate between the events before parsing, use the `case` operator to select the correct `extract_all` to run and field mapping, as demonstrated in the [Infoblox DNS parser](https://github.com/Azure/Azure-Sentinel/tree/master/Parsers/ASimDns/ARM/Infoblox). |
+|The different variants represent the *same* event type but are structured differently. | If the variants are known, such as when there is a method to differentiate between the events before parsing, use the `case` operator to select the correct `extract_all` to run and field mapping, as demonstrated in the [Infoblox DNS parser](https://aka.ms/AzSentinelInfobloxParser). |
|If `union` is unavoidable | When using `union` is unavoidable, make sure to use the following guidelines:<br><br>- Pre-filter using built-in fields in each one of the subqueries. <br>- Ensure that the filters are mutually exclusive. <br>- Consider not parsing less critical information, reducing the number of subqueries. | | | |
service-health Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/service-health/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure Service Health description: Sample Azure Resource Graph queries for Azure Service Health showing use of resource types and tables to access Azure Service Health related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021
storage Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/storage/common/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure Storage description: Sample Azure Resource Graph queries for Azure Storage showing use of resource types and tables to access Azure Storage related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021
synapse-analytics Design Elt Data Loading https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/synapse-analytics/sql-data-warehouse/design-elt-data-loading.md
Many of our partners have loading solutions. To find out more, see a list of our
## Next steps
-For loading guidance, see [Guidance for loading data](guidance-for-loading-data.md).
+For loading guidance, see [Data loading best practices](../sql/data-loading-best-practices.md).
synapse-analytics Guidance For Loading Data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/synapse-analytics/sql-data-warehouse/guidance-for-loading-data.md
- Title: Data loading best practices for dedicated SQL pools
-description: Recommendations and performance optimizations for loading data using dedicated SQL pools in Azure Synapse Analytics.
------ Previously updated : 11/20/2020-----
-# Best practices for loading data using dedicated SQL pools in Azure Synapse Analytics
-
-In this article, you'll learn recommendations and performance optimizations for loading data using dedicated SQL pool.
-
-## Preparing data in Azure Storage
-
-To minimize latency, colocate your storage layer and your dedicated SQL pool.
-
-When exporting data into an ORC File Format, you might get Java out-of-memory errors when there are large text columns. To work around this limitation, export only a subset of the columns.
-
-All file formats have different performance characteristics. For the fastest load, use compressed delimited text files. The difference between UTF-8 and UTF-16 performance is minimal.
-
-Split large compressed files into smaller compressed files.
-
-## Running loads with enough compute
-
-For fastest loading speed, run only one load job at a time. If that isn't feasible, run a minimal number of loads concurrently. If you expect a large loading job, consider scaling up your dedicated SQL pool before the load.
-
-To run loads with appropriate compute resources, create loading users designated for running loads. Classify each loading user to a specific workload group. To run a load, sign in as one of the loading users, and then run the load. The load runs with the user's workload group.
-
-### Example of creating a loading user
-
-This example creates a loading user classified to a specific workload group. The first step is to **connect to master** and create a login.
-
-```sql
- -- Connect to master
- CREATE LOGIN loader WITH PASSWORD = 'a123STRONGpassword!';
-```
-
-Connect to the dedicated SQL pool and create a user. The following code assumes you're connected to the database called mySampleDataWarehouse. It shows how to create a user called loader and gives the user permissions to create tables and load using the [COPY statement](/sql/t-sql/statements/copy-into-transact-sql?view=azure-sqldw-latest&preserve-view=true). Then it classifies the user to the DataLoads workload group with maximum resources.
-
-```sql
- -- Connect to the dedicated SQL pool
- CREATE USER loader FOR LOGIN loader;
- GRANT ADMINISTER DATABASE BULK OPERATIONS TO loader;
- GRANT INSERT ON <yourtablename> TO loader;
- GRANT SELECT ON <yourtablename> TO loader;
- GRANT CREATE TABLE TO loader;
- GRANT ALTER ON SCHEMA::dbo TO loader;
-
- CREATE WORKLOAD GROUP DataLoads
- WITH (
- MIN_PERCENTAGE_RESOURCE = 100
- ,CAP_PERCENTAGE_RESOURCE = 100
- ,REQUEST_MIN_RESOURCE_GRANT_PERCENT = 100
- );
-
- CREATE WORKLOAD CLASSIFIER [wgcELTLogin]
- WITH (
- WORKLOAD_GROUP = 'DataLoads'
- ,MEMBERNAME = 'loader'
- );
-```
-<br><br>
->[!IMPORTANT]
->This is an extreme example of allocating 100% resources of the SQL pool to a single load. This will give you a maximum concurrency of 1. Be aware that this should be used only for the initial load where you will need to create additional workload groups with their own configurations to balance resources across your workloads.
-
-To run a load with resources for the loading workload group, sign in as loader and run the load.
-
-## Allowing multiple users to load (PolyBase)
-
-There's often a need to have multiple users load data into a dedicated SQL pool. Loading with the [CREATE TABLE AS SELECT (Transact-SQL)](/sql/t-sql/statements/create-table-as-select-azure-sql-data-warehouse?toc=/azure/synapse-analytics/sql-data-warehouse/toc.json&bc=/azure/synapse-analytics/sql-data-warehouse/breadcrumb/toc.json&view=azure-sqldw-latest&preserve-view=true) (PolyBase) requires CONTROL permissions of the database. The CONTROL permission gives control access to all schemas.
-
-You might not want all loading users to have control access on all schemas. To limit permissions, use the DENY CONTROL statement.
-
-For example, consider database schemas, schema_A for dept A, and schema_B for dept B. Let database users user_A and user_B be users for PolyBase loading in dept A and B, respectively. They both have been granted CONTROL database permissions. The creators of schema A and B now lock down their schemas using DENY:
-
-```sql
- DENY CONTROL ON SCHEMA :: schema_A TO user_B;
- DENY CONTROL ON SCHEMA :: schema_B TO user_A;
-```
-
-User_A and user_B are now locked out from the other dept's schema.
-
-## Loading to a staging table
-
-To achieve the fastest loading speed for moving data into a dedicated SQL pool table, load data into a staging table. Define the staging table as a heap and use round-robin for the distribution option.
-
-Consider that loading is usually a two-step process in which you first load to a staging table and then insert the data into a production dedicated SQL pool table. If the production table uses a hash distribution, the total time to load and insert might be faster if you define the staging table with the hash distribution.
-
-Loading to the staging table takes longer, but the second step of inserting the rows to the production table does not incur data movement across the distributions.
-
-## Loading to a columnstore index
-
-Columnstore indexes require large amounts of memory to compress data into high-quality rowgroups. For best compression and index efficiency, the columnstore index needs to compress the maximum of 1,048,576 rows into each rowgroup.
-
-When there is memory pressure, the columnstore index might not be able to achieve maximum compression rates. This scenario, in turn, effects query performance. For a deep dive, see [Columnstore memory optimizations](sql-data-warehouse-memory-optimizations-for-columnstore-compression.md).
--- To ensure the loading user has enough memory to achieve maximum compression rates, use loading users that are a member of a medium or large resource class.-- Load enough rows to completely fill new rowgroups. During a bulk load, every 1,048,576 rows get compressed directly into the columnstore as a full rowgroup. Loads with fewer than 102,400 rows send the rows to the deltastore where rows are held in a b-tree index.-
-> [!NOTE]
-> If you load too few rows, they might all route to the deltastore and not get compressed immediately into columnstore format.
-
-## Increase batch size when using SqLBulkCopy API or bcp
-
-Loading with the COPY statement will provide the highest throughput with dedicated SQL pools. If you cannot use the COPY to load and must use the [SqLBulkCopy API](/dotnet/api/system.data.sqlclient.sqlbulkcopy?toc=/azure/synapse-analytics/sql-data-warehouse/toc.json&bc=/azure/synapse-analytics/sql-data-warehouse/breadcrumb/toc.json) or [bcp](/sql/tools/bcp-utility?toc=/azure/synapse-analytics/sql-data-warehouse/toc.json&bc=/azure/synapse-analytics/sql-data-warehouse/breadcrumb/toc.json&view=azure-sqldw-latest&preserve-view=true), you should consider increasing batch size for better throughput.
-
-> [!TIP]
-> A batch size between 100 K to 1M rows is the recommended baseline for determining optimal batch size capacity.
-
-## Handling loading failures
-
-A load using an external table can fail with the error *"Query aborted-- the maximum reject threshold was reached while reading from an external source"*. This message indicates that your external data contains dirty records.
-
-A data record is considered to be dirty if it meets one of the following conditions:
--- The data types and number of columns do not match the column definitions of the external table.-- The data doesn't conform to the specified external file format.-
-To fix the dirty records, ensure that your external table and external file format definitions are correct and your external data conforms to these definitions.
-
-If a subset of external data records are dirty, you can choose to reject these records for your queries by using the reject options in [CREATE EXTERNAL TABLE (Transact-SQL)](/sql/t-sql/statements/create-external-table-transact-sql?toc=/azure/synapse-analytics/sql-data-warehouse/toc.json&bc=/azure/synapse-analytics/sql-data-warehouse/breadcrumb/toc.json&view=azure-sqldw-latest&preserve-view=true).
-
-## Inserting data into a production table
-
-A one-time load to a small table with an [INSERT statement](/sql/t-sql/statements/insert-transact-sql?toc=/azure/synapse-analytics/sql-data-warehouse/toc.json&bc=/azure/synapse-analytics/sql-data-warehouse/breadcrumb/toc.json&view=azure-sqldw-latest&preserve-view=true), or even a periodic reload of a look-up might perform good enough with a statement like `INSERT INTO MyLookup VALUES (1, 'Type 1')`. However, singleton inserts are not as efficient as performing a bulk load.
-
-If you have thousands or more single inserts throughout the day, batch the inserts so you can bulk load them. Develop your processes to append the single inserts to a file, and then create another process that periodically loads the file.
-
-## Creating statistics after the load
-
-To improve query performance, it's important to create statistics on all columns of all tables after the first load, or substantial changes occur in the data. Creating statistics can be done manually or you can enable [AUTO_CREATE_STATISTICS](sql-data-warehouse-tables-statistics.md#automatic-creation-of-statistic).
-
-For a detailed explanation of statistics, see [Statistics](sql-data-warehouse-tables-statistics.md). The following example shows how to manually create statistics on five columns of the Customer_Speed table.
-
-```sql
-create statistics [SensorKey] on [Customer_Speed] ([SensorKey]);
-create statistics [CustomerKey] on [Customer_Speed] ([CustomerKey]);
-create statistics [GeographyKey] on [Customer_Speed] ([GeographyKey]);
-create statistics [Speed] on [Customer_Speed] ([Speed]);
-create statistics [YearMeasured] on [Customer_Speed] ([YearMeasured]);
-```
-
-## Rotate storage keys (PolyBase)
-
-It is good security practice to change the access key to your blob storage on a regular basis. You have two storage keys for your blob storage account, which enables you to transition the keys.
-
-To rotate Azure Storage account keys:
-
-For each storage account whose key has changed, issue [ALTER DATABASE SCOPED CREDENTIAL](/sql/t-sql/statements/alter-database-scoped-credential-transact-sql?toc=/azure/synapse-analytics/sql-data-warehouse/toc.json&bc=/azure/synapse-analytics/sql-data-warehouse/breadcrumb/toc.json&view=azure-sqldw-latest&preserve-view=true).
-
-Example:
-
-Original key is created
-
-```sql
-CREATE DATABASE SCOPED CREDENTIAL my_credential WITH IDENTITY = 'my_identity', SECRET = 'key1'
-```
-
-Rotate key from key 1 to key 2
-
-```sql
-ALTER DATABASE SCOPED CREDENTIAL my_credential WITH IDENTITY = 'my_identity', SECRET = 'key2'
-```
-
-No other changes to underlying external data sources are needed.
-
-## Next steps
--- To learn more about the COPY statement or PolyBase when designing an Extract, Load, and Transform (ELT) process, see [Design ELT for Azure Synapse Analytics](design-elt-data-loading.md).-- For a loading tutorial, [Use the COPY statement to load data from Azure blob storage to Synapse SQL](./load-data-from-azure-blob-storage-using-copy.md).-- To monitor data loads, see [Monitor your workload using DMVs](sql-data-warehouse-manage-monitor.md).
synapse-analytics Load Data Wideworldimportersdw https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/synapse-analytics/sql-data-warehouse/load-data-wideworldimportersdw.md
Run the following SQL scripts to specify information about the data you wish to
This section uses the external tables you defined to load the sample data from Azure Blob to SQL pool. > [!NOTE]
-> This tutorial loads the data directly into the final table. In a production environment, you will usually use CREATE TABLE AS SELECT to load into a staging table. While data is in the staging table you can perform any necessary transformations. To append the data in the staging table to a production table, you can use the INSERT...SELECT statement. For more information, see [Inserting data into a production table](guidance-for-loading-data.md#inserting-data-into-a-production-table).
+> This tutorial loads the data directly into the final table. In a production environment, you will usually use CREATE TABLE AS SELECT to load into a staging table. While data is in the staging table you can perform any necessary transformations. To append the data in the staging table to a production table, you can use the INSERT...SELECT statement. For more information, see [Inserting data into a production table](../sql/data-loading-best-practices.md#insert-data-into-a-production-table).
The script uses the [CREATE TABLE AS SELECT (CTAS)](/sql/t-sql/statements/create-table-as-select-azure-sql-data-warehouse?toc=/azure/synapse-analytics/sql-data-warehouse/toc.json&bc=/azure/synapse-analytics/sql-data-warehouse/breadcrumb/toc.json&view=azure-sqldw-latest&preserve-view=true) T-SQL statement to load the data from Azure Storage Blob into new tables in your data warehouse. CTAS creates a new table based on the results of a select statement. The new table has the same columns and data types as the results of the select statement. When the select statement selects from an external table, the data is imported into a relational table in the data warehouse.
synapse-analytics Quickstart Bulk Load Copy Tsql https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/synapse-analytics/sql-data-warehouse/quickstart-bulk-load-copy-tsql.md
GROUP BY r.[request_id]
## Next steps -- For best practices on data loading, see [Best Practices for Loading Data](./guidance-for-loading-data.md).
+- For best practices on data loading, see [Best Practices for Loading Data](../sql/data-loading-best-practices.md).
- For information on how to manage the resources for your data loads, see [Workload Isolation](./quickstart-configure-workload-isolation-tsql.md).
synapse-analytics Sql Data Warehouse Concept Recommendations https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/synapse-analytics/sql-data-warehouse/sql-data-warehouse-concept-recommendations.md
Query performance can degrade when there is high tempdb contention. Tempdb cont
## Data loading misconfiguration
-You should always load data from a storage account in the same region as your dedicated SQL pool to minimize latency. Use the [COPY statement for high throughput data ingestion](/sql/t-sql/statements/copy-into-transact-sql?view=azure-sqldw-latest&preserve-view=true) and split your staged files in your storage account to maximize throughput. If you can't use the COPY statement, you can use the SqlBulkCopy API or bcp with a high batch size for better throughput. For additional data loading guidance, visit the following [documentation](./guidance-for-loading-data.md).
+You should always load data from a storage account in the same region as your dedicated SQL pool to minimize latency. Use the [COPY statement for high throughput data ingestion](/sql/t-sql/statements/copy-into-transact-sql?view=azure-sqldw-latest&preserve-view=true) and split your staged files in your storage account to maximize throughput. If you can't use the COPY statement, you can use the SqlBulkCopy API or bcp with a high batch size for better throughput. See [Best practices for data loading](../sql/data-loading-best-practices.md) for additional data loading guidance.
synapse-analytics Sql Data Warehouse Tables Identity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/synapse-analytics/sql-data-warehouse/sql-data-warehouse-tables-identity.md
DBCC PDW_SHOWSPACEUSED('dbo.T1');
> It's not possible to use `CREATE TABLE AS SELECT` currently when loading data into a table with an IDENTITY column. >
-For more information on loading data, see [Designing Extract, Load, and Transform (ELT) for dedicated SQL pool](design-elt-data-loading.md) and [Loading best practices](guidance-for-loading-data.md).
+For more information on loading data, see [Designing Extract, Load, and Transform (ELT) for dedicated SQL pool](design-elt-data-loading.md) and [Loading best practices](../sql/data-loading-best-practices.md).
## System views
synapse-analytics Data Loading Best Practices https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/synapse-analytics/sql/data-loading-best-practices.md
Title: Data loading best practices
-description: Recommendations and performance optimizations for loading data into a dedicated SQL pool Azure Synapse Analytics.
+ Title: Data loading best practices for dedicated SQL pools
+description: Recommendations and performance optimizations for loading data into a dedicated SQL pool in Azure Synapse Analytics.
Previously updated : 04/15/2020 Last updated : 08/26/2021
-# Best practices for loading data into a dedicated SQL pool Azure Synapse Analytics
+# Best practices for loading data into a dedicated SQL pool in Azure Synapse Analytics
In this article, you'll find recommendations and performance optimizations for loading data.
For fastest loading speed, run only one load job at a time. If that is not feasi
To run loads with appropriate compute resources, create loading users designated for running loads. Assign each loading user to a specific resource class or workload group. To run a load, sign in as one of the loading users, and then run the load. The load runs with the user's resource class. This method is simpler than trying to change a user's resource class to fit the current resource class need. + ### Create a loading user
-This example creates a loading user for the staticrc20 resource class. The first step is to **connect to master** and create a login.
+This example creates a loading user classified to a specific workload group. The first step is to **connect to master** and create a login.
```sql -- Connect to master
- CREATE LOGIN LoaderRC20 WITH PASSWORD = 'a123STRONGpassword!';
+ CREATE LOGIN loader WITH PASSWORD = 'a123STRONGpassword!';
```
-Connect to the data warehouse and create a user. The following code assumes you are connected to the database called mySampleDataWarehouse. It shows how to create a user called LoaderRC20, give the user control permission on a database. It then adds the user as a member of the staticrc20 database role.
+Connect to the dedicated SQL pool and create a user. The following code assumes you're connected to the database called mySampleDataWarehouse. It shows how to create a user called loader and gives the user permissions to create tables and load using the [COPY statement](/sql/t-sql/statements/copy-into-transact-sql?view=azure-sqldw-latest&preserve-view=true). Then it classifies the user to the DataLoads workload group with maximum resources.
```sql
- -- Connect to the database
- CREATE USER LoaderRC20 FOR LOGIN LoaderRC20;
- GRANT CONTROL ON DATABASE::[mySampleDataWarehouse] to LoaderRC20;
- EXEC sp_addrolemember 'staticrc20', 'LoaderRC20';
+ -- Connect to the dedicated SQL pool
+ CREATE USER loader FOR LOGIN loader;
+ GRANT ADMINISTER DATABASE BULK OPERATIONS TO loader;
+ GRANT INSERT ON <yourtablename> TO loader;
+ GRANT SELECT ON <yourtablename> TO loader;
+ GRANT CREATE TABLE TO loader;
+ GRANT ALTER ON SCHEMA::dbo TO loader;
+
+ CREATE WORKLOAD GROUP DataLoads
+ WITH (
+ MIN_PERCENTAGE_RESOURCE = 0
+ ,CAP_PERCENTAGE_RESOURCE = 100
+ ,REQUEST_MIN_RESOURCE_GRANT_PERCENT = 100
+ );
+
+ CREATE WORKLOAD CLASSIFIER [wgcELTLogin]
+ WITH (
+ WORKLOAD_GROUP = 'DataLoads'
+ ,MEMBERNAME = 'loader'
+ );
```
-To run a load with resources for the staticRC20 resource classes, sign in as LoaderRC20 and run the load.
+<br><br>
+>[!IMPORTANT]
+>This is an extreme example of allocating 100% resources of the SQL pool to a single load. This will give you a maximum concurrency of 1. Be aware that this should be used only for the initial load where you will need to create additional workload groups with their own configurations to balance resources across your workloads.
-Run loads under static rather than dynamic resource classes. Using the static resource classes guarantees the same resources regardless of your [data warehouse units](resource-consumption-models.md). If you use a dynamic resource class, the resources vary according to your service level. For dynamic classes, a lower service level means you probably need to use a larger resource class for your loading user.
+To run a load with resources for the loading workload group, sign in as loader and run the load.
## Allow multiple users to load
Columnstore indexes require large amounts of memory to compress data into high-q
## Increase batch size when using SQLBulkCopy API or BCP
-As mentioned before, loading with PolyBase will provide the highest throughput with Synapse SQL pool. If you cannot use PolyBase to load and must use the SQLBulkCopy API (or BCP), you should consider increasing batch size for better throughput - a good rule of thumb is a batch size between 100K to 1M rows.
+
+Loading with the COPY statement will provide the highest throughput with dedicated SQL pools. If you cannot use the COPY to load and must use the [SqLBulkCopy API](/dotnet/api/system.data.sqlclient.sqlbulkcopy?toc=/azure/synapse-analytics/sql-data-warehouse/toc.json&bc=/azure/synapse-analytics/sql-data-warehouse/breadcrumb/toc.json) or [bcp](/sql/tools/bcp-utility?toc=/azure/synapse-analytics/sql-data-warehouse/toc.json&bc=/azure/synapse-analytics/sql-data-warehouse/breadcrumb/toc.json&view=azure-sqldw-latest&preserve-view=true), you should consider increasing batch size for better throughput.
+
+> [!TIP]
+> A batch size between 100 K to 1M rows is the recommended baseline for determining optimal batch size capacity.
## Manage loading failures A load using an external table can fail with the error *"Query aborted-- the maximum reject threshold was reached while reading from an external source"*. This message indicates that your external data contains dirty records. A data record is considered dirty if the data types and number of columns do not match the column definitions of the external table, or if the data doesn't conform to the specified external file format.
-To fix the dirty records, ensure that your external table and external file format definitions are correct and your external data conforms to these definitions. In case a subset of external data records are dirty, you can choose to reject these records for your queries by using the reject options in CREATE EXTERNAL TABLE.
+To fix the dirty records, ensure that your external table and external file format definitions are correct and your external data conforms to these definitions. In case a subset of external data records are dirty, you can choose to reject these records for your queries by using the reject options in ['CREATE EXTERNAL TABLE'](/sql/t-sql/statements/create-external-table-transact-sql?view=azure-sqldw-latest&preserve-view=true) .
## Insert data into a production table
virtual-machines Resource Graph Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/resource-graph-samples.md
Title: Azure Resource Graph sample queries for Azure Virtual Machines description: Sample Azure Resource Graph queries for Azure Virtual Machines showing use of resource types and tables to access Azure Virtual Machines related resources and properties. Previously updated : 08/31/2021 Last updated : 09/03/2021