Merge pull request #5929 from MicrosoftDocs/main

Publish to live, Tuesday 4 AM PST, 11/12

docs/architecture/service-accounts-on-premises.md

@@ -104,7 +104,7 @@ After you've found the service accounts in your on-premises environment, documen
 
 * **Anticipated lifetime and periodic attestation**: How long you anticipate that this account will be live, and how often the owner should review and attest to its ongoing need.
 
-* **Password security**: For user and local computer accounts, where the password is stored. Ensure that passwords are kept secure, and document who has access. Consider using [Privileged Identity Management](~/id-governance/privileged-identity-management/pim-configure.md) to secure stored passwords. 
+* **Password security**: For user and local computer accounts, where the password is stored. Ensure that passwords are kept secure, and document who has access. Consider using [Windows LAPS](/windows-server/identity/laps/laps-scenarios-azure-active-directory) to secure accounts on local computer accounts. 
 
 ## Next steps
 

docs/external-id/customers/how-to-manage-customer-accounts.md

@@ -8,7 +8,7 @@ ms.service: entra-external-id
 
 ms.subservice: external
 ms.topic: how-to
-ms.date: 07/12/2023
+ms.date: 11/11/2024
 ms.author: mimart
 ms.custom: it-pro
 
@@ -34,17 +34,16 @@ To add or delete users, your account must be assigned at least the [User Adminis
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](/entra/identity/role-based-access-control/permissions-reference#user-administrator).
 1. If you have access to multiple tenants, use the **Settings** icon :::image type="icon" source="media/common/admin-center-settings-icon.png" border="false"::: in the top menu to switch to your external tenant from the **Directories + subscriptions** menu.
 1. Browse to **Identity** > **Users** > **All users**.
-1. Select **New user** > **Create new user**. 
-1. Select **Create a customer**.
-1. Under **Identity**, select a **Sign in method** and enter the **Value**:
-   - **Email**: Enter the customer's email address, which will become their sign-in name.
-   - **User Name**: Enter a user name for the customer.
-1. Next to **Name** (required), enter the first and last name of the customer (for example, *Mary Parker*).
-1. Under **Settings**, use the yes or no toggle to set **Block sign in**, and the select the user's primary location in the **Usage location** list. Then enter the customer's **First name** and **Last name**.
-1. Copy the autogenerated password provided in the **Password** box. Give this password to the user to sign in for the first time.
-1. Select **Create**.
-
-Unless you've selected **Block sign in**, the user can now sign in using the sign in method (email or username) that you specified.
+1. Select **New user** > **Create new external user**.
+1. Next to **Identities**:
+   1. Under **Sign-in method**, select **Email**.
+   1. Under **Value**, enter the customer's email address, which will become their sign-in name.
+   1. Select the **+ Add** button to add multiple emails for the user.
+1. Next to **Display name** (required), enter the first and last name of the customer (for example, *Mary Parker*).
+1. Use the **Copy to clipboard** button to copy the autogenerated password provided in the **Password** box. Give this password to the user to sign in for the first time.
+1. Select **Review + create**.
+
+The user can now sign in using the sign in method you specified.
 
 ## Reset a customer's password
 

docs/external-id/customers/how-to-user-insights.md

@@ -9,7 +9,7 @@ ms.service: entra-external-id
 
 ms.subservice: external
 ms.topic: how-to
-ms.date: 07/18/2024
+ms.date: 11/07/2024
 
 ms.custom: it-pro
 
@@ -19,29 +19,27 @@ ms.custom: it-pro
 
 [!INCLUDE [applies-to-external-only](../includes/applies-to-external-only.md)]
 
-The Application user activity  feature under Usage & insights provides data analytics on user activity and engagement for registered applications in your tenant. You can use this feature to view, query, and analyze user activity data in the Microsoft Entra admin center. This can help you uncover valuable insights that can aid strategic decisions and drive business growth.
+The Application user activity  feature under Usage & insights provides data analytics on user activity and engagement for registered applications in your tenant. You can use this feature to view, query, and analyze user activity data in the Microsoft Entra admin center. This feature can help you uncover valuable insights that can aid strategic decisions and drive business growth.
 
 > [!TIP]
 > [![Try it now](./media/common/try-it-now.png)](https://woodgrovedemo.com/#usecase=UserInsights)
-> 
 > To try out this feature, go to the Woodgrove Groceries demo and start the “Application user activity” use case.
 
 ## Supported scenarios
 
 You can use the user insights feature for the following scenarios:
-- **Tracking active users** - You want to determine the total number of active users in your tenant. This can help you assess the overall user engagement with your applications.
-- **Monitoring new users added** - You want to track and identify how many users have been added to your tenant in the last month. This data is valuable for monitoring the growth of your user base.
-- **Analyzing daily and monthly application sign-ins** - You want to gather data on the number of users who sign in to your applications on a daily and monthly basis. This can help you gauge user engagement over time and spot trends.
-- **Assessing MFA usage success and failure** - You want to compare the multifactor authentication (MFA) usage success and failure rates for your applications. This can provide insights into the security and user experience of your authentication processes.
 
+- **Tracking active users** - You want to determine the total number of active users in your tenant, to assess the overall user engagement with your applications. 
+- **Monitoring new users added** - You want to track and identify how many users have been added to your tenant in the last month. This data is valuable for monitoring the growth of your user base.
+- **Analyzing daily and monthly application sign-ins** - You want to gather data on the number of users who sign in to your applications daily and monthly to assess user engagement and spot trends.
+- **Assessing MFA usage success and failure** - You want to compare the multifactor authentication (MFA) usage success and failure rates for your applications to provide insights into the security and user experience of your authentication processes. You can also use our new telecom metrics for MFA SMS and fraud detection. These preview metrics help you identify vulnerabilities and detect potential fraud.
 
 ## Prerequisites
 
 To access and view data from application user activity, you must have:
-- A Microsoft Entra ID for [customers tenant](quickstart-tenant-setup.md).
-- [Registered application(s)](how-to-register-ciam-app.md) with some sign-in and sign-up data.
 
-<!-- Link here later how to access the application user activity reports in two ways. -->
+- A Microsoft Entra External ID [external tenant](quickstart-tenant-setup.md).
+- [Registered application(s)](how-to-register-ciam-app.md) with some sign-in and sign-up data.
 
 ## How to access the Application user activity dashboards
 
@@ -60,7 +58,7 @@ There are three dashboards available with data centered around users, requests,
 
 ### Users dashboard
 
-The **Users** dashboard gives you a summary of daily and monthly active users, and new users that have been added to your tenant. For this dataset, you'll be able to view the following trends:
+The **Users** dashboard provides a summary of daily and monthly active users, and new users added to your tenant. For this dataset, you can view the following trends:
 
 - Daily active and inactive users over a period of 30 days.
 - Monthly active users over a period of 12 months 
@@ -70,31 +68,46 @@ The **Users** dashboard gives you a summary of daily and monthly active users, a
 
     :::image type="content" source="media/how-to-user-insights/users-dashboard.png" alt-text="Screenshot of the Users dashboard.":::
 
-### Requests dashboard
-
-The **Requests** dashboard gives you a summary of monthly requests for all your applications. For this dataset, you'll be able to view the following trends:
-
-- Monthly requests over a period of 12 months.
-- Types of MFA usage with a summary of success vs failure count over a period of 12 months
-
-    :::image type="content" source="media/how-to-user-insights/requests-dashboard.png" alt-text="Screenshot of the Requests dashboard.":::
-
 ### Authentications dashboard
 
-The **Authentications** dashboard gives you a summary of daily and monthly authentications in your tenant. For this dataset, you'll be able to view the following trends.
+The **Authentications** dashboard provides a summary of daily and monthly authentications in your tenant. For this dataset, you can view the following trends:
 
 - Daily authentications over a period of 30 days.
 - Daily authentications breakdown by operating system.
 - Monthly authentications over a period of 12 months summarized by location.
 
     :::image type="content" source="media/how-to-user-insights/authentications-dashboard.png" alt-text="Screenshot of the Authentications dashboard.":::
 
-<!---New content --->
+### MFA Usage dashboard
+
+The **MFA Usage** dashboard gives you a summary of monthly MFA authentication performance for all your applications. For this dataset, you can view the following trends:
+
+- Users registered for MFA
+- Types of MFA usage with a summary of success vs failure count over a period of 12 months
+- CAPTHA triggers and activity in the last 30 days
+
+    :::image type="content" source="media/how-to-user-insights/mfa-dashboard.png" alt-text="Screenshot of the MFA Usage dashboard.":::
+
+### Telecom metrics (preview)
+
+To better understand MFA performance, we have added new metrics to the MFA Usage dashboard. These metrics provide actionable insights into SMS-based MFA usage.
+
+- **Conditional Access (CA) policies requiring MFA**: This metric helps you identify which CA policies require MFA, allowing you to pinpoint any security gaps.
+- **Number of users registered for MFA**: This metric tracks how many users are registered for MFA and which methods they use. This information helps you evaluate the level of MFA adoption.
+
+We have added several new metrics to help you detect potential telecom fraud. Microsoft Entra External ID uses CAPTCHA for SMS MFA to help to prevent automated attacks by distinguishing human users from bots. If a risky user is detected, we block the user from signing in or ask the user to complete a CAPTCHA before sending an SMS verification code. To help you visualize the effectiveness of this method, we have added the following metrics to the dashboard:
+
+- **Allowed**: This metric shows the number of users who successfully received an SMS during sign-in or sign-up.
+- **Blocked**: This metric shows the number of users who were prevented from receiving an SMS. When telecom MFA is blocked, users are notified and advised trying an alternative authentication method.
+- **Challenged**: This metric shows when a CAPTCHA challenge appears before sending the SMS. This usually happens when unusual behavior is detected. For this data point, you'll also see the following metrics:
+    - **Number of users unable to complete CAPTCHA**: This metric helps you to track how many users couldn’t pass the CAPTCHA challenge. This insight helps assess if the CAPTCHA is too difficult for legitimate users, allowing adjustments to balance security with accessibility.
+    - **Number of users successfully completing CAPTCHA**: This metric helps you review how many users have successfully completed the CAPTCHA challenge. This data provides insight into how effectively CAPTCHA protects against automated attacks while ensuring legitimate users can authenticate.
+
 ## Customize your dashboards
 
 The Application user activity dashboards provide easy-to-digest graphs and charts but have limited customization options. These dashboards are available in the Microsoft Entra admin center and accessible via Microsoft Graph APIs, which are currently in beta.
 
-Microsoft Graph APIs enable you to build powerful, customized dashboards that you can tailor to your specific needs and preferences. This has some advantages:
+Microsoft Graph APIs enable you to build powerful, customized dashboards tailored to your specific needs and preferences, offering several advantages:
 
 - **Flexibility**: You can integrate with other data sources to present your data in a way that aligns more with your business objectives.
 - **Enhanced visualization**: You can have richer and more interactive visual representations of your data.
@@ -114,7 +127,7 @@ Once you have successfully created your access token, you can use the Microsoft
 
 ### Create a custom Power BI report 
 
-To fetch the user insights data you can create a Power BI report using custom connectors. Here's how you can do it:
+To fetch the user insights data, you can create a Power BI report using custom connectors. Here's how you can do it:
 
 1. Create a new blank Power BI report.
 1. Create a [custom connector](/power-bi/connect-data/desktop-connect-to-data) and enter the URL for the Microsoft Graph API endpoint you want to query. For example: `https://graph.microsoft.com/beta/reports/userinsights/monthly/activeUsers` for monthly active users data. 

docs/external-id/customers/toc.yml

@@ -12,6 +12,8 @@ items:
       href: visual-studio-code-extension.md
     - name: Use Azure App Service built-in authentication
       href: /azure/app-service/scenario-secure-app-authentication-app-service?toc=/entra/external-id/toc.json&bc=/entra/external-id/breadcrumb/toc.json&tabs=external-configuration
+    - name: Use Power Pages and External ID
+      href: /power-pages/security/authentication/entra-external-id?toc=/entra/external-id/toc.json&bc=/entra/external-id/breadcrumb/toc.json&tabs=external-configuration
 - name: Samples
   expanded: false
   items:

docs/identity/conditional-access/reference-office-365-application-contents.md

@@ -5,7 +5,7 @@ description: What are all of the services included in the Office 365 app in Micr
 ms.service: entra-id
 ms.subservice: conditional-access
 ms.topic: reference
-ms.date: 10/07/2024
+ms.date: 11/11/2024
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -18,69 +18,78 @@ ms.reviewer: kvenkit
 The following list is provided as a reference and includes a detailed list of services and applications that are included in the Conditional Access [Office 365](concept-conditional-access-cloud-apps.md#office-365) app.
 
 - App Studio
-- Augmentation Loop
-- Call Recorder
+- Augmentation Loop
+- Augmentation Loop App
+- Call Recorder
+- Compliant Sydney App
 - Connectors
-- Compliant Sydney App
-- Data Security Investigation App
-- Device Management Service
+- Data Security Investigation App
+- Device Management Service
+- EduAssignmentsService
 - EnrichmentSvc
-- IC3 Gateway
-- Loop Service
+- IC3 Gateway
+- IC3 Gateway Non CAE
+- Insights Services
+- Loop Service
 - M365 Admin Services
 - M365 Auditing Public Protected Web API app
-- M365 Chat Client
+- M365 Chat Client
 - Mail Hook App Office 365
-- Media Analysis and Transformation Service
-- Message Recall app
-- Messaging Async Media
+- Media Analysis and Transformation Service
+- Message Recall app
+- Messaging Async Media
 - MessagingAsyncMediaProd
-- Microsoft 365 Reporting Service
-- Microsoft Discovery Service
-- Microsoft Exchange Online Protection
-- Microsoft Flow
-- Microsoft Flow GCC
-- Microsoft Forms
-- Microsoft Forms Web
-- Microsoft Forms Web in Azure Government
-- Microsoft Legacy To-Do WebApp
-- Microsoft Office 365 Portal
-- Microsoft Office client application
-- Microsoft People Cards Service
-- Microsoft SharePoint Online - SharePoint Home
-- Microsoft Stream Portal
-- Microsoft Stream Service
-- Microsoft Teams
-- Microsoft Teams - T4L Web Client
-- Microsoft Teams - Teams And Channels Service
-- Microsoft Teams Chat Aggregator
-- Microsoft Teams Graph Service
-- Microsoft Teams Retail Service
-- Microsoft Teams Services
-- Microsoft Teams UIS
-- Microsoft Teams Web Client
-- Microsoft To-Do WebApp
-- Microsoft Whiteboard Services
+- Microsoft 365 Reporting Service
+- Microsoft Discovery Service
+- Microsoft Exchange Online Protection
+- Microsoft Flow
+- Microsoft Flow GCC
+- Microsoft Forms
+- Microsoft Forms Web
+- Microsoft Forms Web in Fairfax
 - Microsoft Information Protection
+- Microsoft Legacy To-Do WebApp
+- Microsoft Office 365 Portal
+- Microsoft Office client application
+- Microsoft People Cards Service
+- Microsoft Planner
+- Microsoft Planner Client
+- Microsoft SharePoint Online - SharePoint Home
+- Microsoft Stream Portal
+- Microsoft Stream Service
+- Microsoft Teams
+- Microsoft Teams - T4L Web Client
+- Microsoft Teams - Teams And Channels Service
+- Microsoft Teams Chat Aggregator
+- Microsoft Teams Graph Service
+- Microsoft Teams Retail Service
+- Microsoft Teams Services
+- Microsoft Teams UIS
+- Microsoft Teams Web Client
+- Microsoft To-Do WebApp
+- Microsoft Virtual Events Portal
+- Microsoft Virtual Events Services
+- Microsoft Whiteboard Services
 - Msi Meeting Intelligence
 - Natural Language Editor
-- O365 Suite UX
+- New Loop App
 - O365 Diagnostic Service
-- OCPS Checkin Service
-- Office 365 app, corresponding to a migrated siteId.
-- Office 365 Exchange Microservices
-- Office 365 Exchange Online
-- Office 365 Search Service
-- Office 365 SharePoint Online
-- Office 365 Yammer
-- Office Delve
-- Office Hive
-- Office Hive Azure Government
-- Office Online
-- Office Services Manager
-- Office Services Manager in USGov
-- Office Shredding Service
+- O365 Suite UX
+- O365 Suite UX
+- OCPS Checkin Service
+- Office 365 app, corresponding to a migrated siteId.
+- Office 365 Exchange Microservices
+- Office 365 Exchange Online
+- Office 365 Search Service
+- Office 365 SharePoint Online
+- Office 365 Yammer
+- Office Delve
+- Office Delve
+- Office Hive
+- Office Hive Fairfax
 - Office MRO Device Manager
+- Office MRO Device Manager Service
+- Office Online
 - Office Online Add-in SSO
 - Office Online Augmentation Loop SSO
 - Office Online Core SSO
@@ -92,38 +101,44 @@ The following list is provided as a reference and includes a detailed list of se
 - Office Online Speech SSO
 - Office Scripts Service
 - Office Scripts Service - Local
-- Office365 Shell WCSS-Client
-- Office365 Shell WCSS-Client in Azure Government
+- Office Services Manager
+- Office Services Manager in Azure Government
+- Office Shredding Service
+- Office365 Shell WCSS-Client
+- Office365 Shell WCSS-Client in Azure Government
 - OfficeClientService
 - OfficeHome
 - OfficePowerPointSGS
 - OneDrive
-- OneDrive SyncEngine
+- OneDrive SyncEngine
 - OneNote
-- Outlook Browser Extension
-- Outlook Service for Exchange
-- Outlook WebApp
-- PowerApps Service
-- PowerApps Web
-- PowerApps Web GCC
+- Outlook Browser Extension
+- Outlook Service for Exchange
+- Outlook WebApp Office 365
+- PowerApps Service
+- PowerApps Web
+- PowerApps Web GCC
+- Project Work Management
 - ProjectWorkManagement
 - ProjectWorkManagement_USGov
-- Reply at mention
-- Security & Compliance Center
-- SharePoint eSignature
-- SharePoint Online Web Client Extensibility
-- SharePoint Online Web Client Extensibility Isolated
-- Skype and Teams Tenant Admin API
-- Skype for Business Online
-- Skype meeting broadcast
-- Skype Presence Service
+- Reply at mention
+- Security & Compliance Center
+- SharePoint eSignature
+- SharePoint Online Web Client Extensibility
+- SharePoint Online Web Client Extensibility Isolated
+- Skype and Teams Tenant Admin API
+- Skype for Business Online
+- Skype meeting broadcast
+- Skype Presence Service
 - SmartCompose
 - Speedway (Groups Service)
 - Sway
-- Targeted Messaging Service
+- Targeted Messaging Service
+- Teams Analytics
+- Teams CMD Services Artifacts
 - TeamsTargetingServiceApp
-- The GCC DoD app for office.com
-- The Office365 Shell DoD WCSS-Client
-- Visio Data Visualizer
+- The GCC DoD app for office.com
+- The Office365 Shell DoD WCSS-Client
+- Visio Data Visualizer
 - WalkieTalkieApp
 - WalkieTalkieGCCApp