shashishailaj
diff --git a/‎articles/active-directory/authentication/howto-mfa-nps-extension-rdg.md
Lines changed: 4 additions & 1 deletion b/‎articles/active-directory/authentication/howto-mfa-nps-extension-rdg.md
Lines changed: 4 additions & 1 deletion
diff --git a/‎articles/active-directory/cloud-provisioning/tutorial-existing-forest.md
Lines changed: 12 additions & 9 deletions b/‎articles/active-directory/cloud-provisioning/tutorial-existing-forest.md
Lines changed: 12 additions & 9 deletions
diff --git a/‎articles/active-directory/cloud-provisioning/tutorial-pilot-aadc-aadccp.md
Lines changed: 12 additions & 24 deletions b/‎articles/active-directory/cloud-provisioning/tutorial-pilot-aadc-aadccp.md
Lines changed: 12 additions & 24 deletions
diff --git a/‎articles/active-directory/cloud-provisioning/tutorial-single-forest.md
Lines changed: 20 additions & 13 deletions b/‎articles/active-directory/cloud-provisioning/tutorial-single-forest.md
Lines changed: 20 additions & 13 deletions
diff --git a/‎articles/active-directory/hybrid/how-to-connect-password-hash-synchronization.md
Lines changed: 3 additions & 2 deletions b/‎articles/active-directory/hybrid/how-to-connect-password-hash-synchronization.md
Lines changed: 3 additions & 2 deletions
@@ -230,7 +230,7 @@ To ensure there is time to validate users’ credentials, perform two-step verif
 
 ### Verify Connection Request Policies
 
-By default, when you configure the RD Gateway to use a central policy store for connection authorization policies, the RD Gateway is configured to forward CAP requests to the NPS server. The NPS server with the Azure MFA extension installed, processes the RADIUS access request. The following steps show you how to verify the default connection request policy.
+By default, when you configure the RD Gateway to use a central policy store for connection authorization policies, the RD Gateway is configured to forward CAP requests to the NPS server. The NPS server with the Azure MFA extension installed, processes the RADIUS access request. The following steps show you how to verify the default connection request policy.  
 
 1. On the RD Gateway, in the NPS (Local) console, expand **Policies**, and select **Connection Request Policies**.
 1. Double-click **TS GATEWAY AUTHORIZATION POLICY**.
@@ -241,6 +241,9 @@ By default, when you configure the RD Gateway to use a central policy store for
 
 1. Click **Cancel**.
 
+>[!NOTE]
+> For more information about creating a connection request policy see the article, [Configure connection request policies](https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-crp-configure#add-a-connection-request-policy) documentation for the same. 
+
 ## Configure NPS on the server where the NPS extension is installed
 
 The NPS server where the NPS extension is installed needs to be able to exchange RADIUS messages with the NPS server on the Remote Desktop Gateway. To enable this message exchange, you need to configure the NPS components on the server where the NPS extension service is installed.
 
@@ -48,22 +48,25 @@ In this scenario, there is an existing forest synced using Azure AD Connect sync
    - For certificate validation, unblock the following URLs: **mscrl.microsoft.com:80**, **crl.microsoft.com:80**, **ocsp.msocsp.com:80**, and **www\.microsoft.com:80**. Since these URLs are used for certificate validation with other Microsoft products you may already have these URLs unblocked.
 
 ## Install the Azure AD Connect provisioning agent
-1. Sign in to the server you will use with enterprise admin permissions.  If you are using the  [Basic AD and Azure environment](tutorial-basic-ad-azure.md) tutorial, it would be DC1.
-2. Download the Azure AD Connect provisioning agent [here](https://go.microsoft.com/fwlink/?linkid=2109037).
-3. Run the Azure AD Connect provisioning agent (AADConnectProvisioningAgent.Installer)
-3. On the splash screen, **Accept** the licensing terms and click **Install**.</br>
+1. Sign in to the domain joined server.  If you are using the  [Basic AD and Azure environment](tutorial-basic-ad-azure.md) tutorial, it would be DC1.
+2. Sign in to the Azure portal using cloud-only global admin credentials.
+3. On the left, select **Azure Active Directory**, click **Azure AD Connect** and in the center select **Manage provisioning (preview)**.</br>
+![Azure portal](media/how-to-install/install6.png)</br>
+4. Click on "Download agent"
+5. Run the Azure AD Connect provisioning agent
+6. On the splash screen, **Accept** the licensing terms and click **Install**.</br>
 ![Welcome screen](media/how-to-install/install1.png)</br>
 
-4. Once this operation completes, the configuration wizard will launch.  Sign in with your Azure AD global administrator account.  Note that if you have IE enhanced security enabled this will block the sign-in.  If this is the case, close the installation, disable IE enhanced security in Server Manager, and click the **AAD Connect Provisioning Agent Wizard** to restart the installation.
-5. On the **Connect Active Directory** screen, click **Add directory** and then sign in with your Active Directory domain administrator account.  NOTE: The domain administrator account should not have password change requirements. In case the password expires or changes, you will need to re-configure the agent with the new credentials. This operation will add your on-premises directory.  Click **Next**.</br>
+7. Once this operation completes, the configuration wizard will launch.  Sign in with your Azure AD global administrator account.  Note that if you have IE enhanced security enabled this will block the sign-in.  If this is the case, close the installation, disable IE enhanced security in Server Manager, and click the **AAD Connect Provisioning Agent Wizard** to restart the installation.
+8. On the **Connect Active Directory** screen, click **Add directory** and then sign in with your Active Directory domain administrator account.  NOTE: The domain administrator account should not have password change requirements. In case the password expires or changes, you will need to re-configure the agent with the new credentials. This operation will add your on-premises directory.  Click **Next**.</br>
 ![Welcome screen](media/how-to-install/install3.png)</br>
 
-6. On the **Configuration complete** screen, click **Confirm**.  This operation will register and restart the agent.</br>
+9. On the **Configuration complete** screen, click **Confirm**.  This operation will register and restart the agent.</br>
 ![Welcome screen](media/how-to-install/install4.png)</br>
 
-7. Once this operation completes you should see a notice: **Your agent configuration was successfully verified.**  You can click **Exit**.</br>
+10. Once this operation completes you should see a notice: **Your agent configuration was successfully verified.**  You can click **Exit**.</br>
 ![Welcome screen](media/how-to-install/install5.png)</br>
-8. If you still see the initial splash screen, click **Close**.
+11. If you still see the initial splash screen, click **Close**.
 
 
 ## Verify agent installation
 
@@ -128,37 +128,25 @@ Azure AD Connect sync synchronizes changes occurring in your on-premises directo
 3.  Run `Start-ADSyncSyncCycle`.  Hit Enter.  
 
 ## Install the Azure AD Connect provisioning agent
-1. Sign in to the server you will use with enterprise admin permissions.  If you are using the  [Basic AD and Azure environment](tutorial-basic-ad-azure.md) tutorial it would be CP1.
-2. Download the Azure AD Connect cloud provisioning agent [here](https://go.microsoft.com/fwlink/?linkid=2109037).
-3. Run the Azure AD Connect cloud provisioning (AADConnectProvisioningAgent.Installer)
-3. On the splash screen, **Accept** the licensing terms and click **Install**.</br>
-![Welcome screen](media/how-to-install/install1.png)</br>
-
-4. Once this operation completes, the configuration wizard will launch.  Sign in with your Azure AD global administrator account.
-5. On the **Connect Active Directory** screen, click **Add directory** and then sign in with your Active Directory administrator account.  This operation will add your on-premises directory.  Click **Next**.</br>
-![Welcome screen](media/how-to-install/install3.png)</br>
-
-6. On the **Configuration complete** screen, click **Confirm**.  This operation will register and restart the agent.</br>
-![Welcome screen](media/how-to-install/install4.png)</br>
-
-7. Once this operation completes you should see a notice **Your was successfully verified.**  You can click **Exit**.</br>
-![Welcome screen](media/how-to-install/install5.png)</br>
-8. If you still see the initial splash screen, click **Close**.1. Sign in to the server you will use with enterprise admin permissions.
-2. Download the Azure AD Connect cloud provisioning agent [here](https://go.microsoft.com/fwlink/?linkid=2109037).
-3. Run the Azure AD Connect cloud provisioning (AADConnectProvisioningAgent.Installer)
-3. On the splash screen, **Accept** the licensing terms and click **Install**.</br>
+1. Sign in to the domain joined server.  If you are using the  [Basic AD and Azure environment](tutorial-basic-ad-azure.md) tutorial, it would be DC1.
+2. Sign in to the Azure portal using cloud-only global admin credentials.
+3. On the left, select **Azure Active Directory**, click **Azure AD Connect** and in the center select **Manage provisioning (preview)**.</br>
+![Azure portal](media/how-to-install/install6.png)</br>
+4. Click on "Download agent"
+5. Run the Azure AD Connect provisioning agent
+6. On the splash screen, **Accept** the licensing terms and click **Install**.</br>
 ![Welcome screen](media/how-to-install/install1.png)</br>
 
-4. Once this operation completes, the configuration wizard will launch.  Sign in with your Azure AD global administrator account.
-5. On the **Connect Active Directory** screen, click **Add directory** and then sign in with your Active Directory administrator account.  This operation will add your on-premises directory.  Click **Next**.</br>
+7. Once this operation completes, the configuration wizard will launch.  Sign in with your Azure AD global administrator account.  Note that if you have IE enhanced security enabled this will block the sign-in.  If this is the case, close the installation, disable IE enhanced security in Server Manager, and click the **AAD Connect Provisioning Agent Wizard** to restart the installation.
+8. On the **Connect Active Directory** screen, click **Add directory** and then sign in with your Active Directory domain administrator account.  NOTE: The domain administrator account should not have password change requirements. In case the password expires or changes, you will need to re-configure the agent with the new credentials. This operation will add your on-premises directory.  Click **Next**.</br>
 ![Welcome screen](media/how-to-install/install3.png)</br>
 
-6. On the **Configuration complete** screen, click **Confirm**.  This operation will register and restart the agent.</br>
+9. On the **Configuration complete** screen, click **Confirm**.  This operation will register and restart the agent.</br>
 ![Welcome screen](media/how-to-install/install4.png)</br>
 
-7. Once this operation completes you should see a notice **Your was successfully verified.**  You can click **Exit**.</br>
+10. Once this operation completes you should see a notice: **Your agent configuration was successfully verified.**  You can click **Exit**.</br>
 ![Welcome screen](media/how-to-install/install5.png)</br>
-8. If you still see the initial splash screen, click **Close**.
+11. If you still see the initial splash screen, click **Close**.
 
 ## Verify agent installation
 Agent verification occurs in the Azure portal and on the local server that is running the agent.
 
@@ -46,23 +46,30 @@ You can use the environment you create in this tutorial for testing or for getti
    - For certificate validation, unblock the following URLs: **mscrl.microsoft.com:80**, **crl.microsoft.com:80**, **ocsp.msocsp.com:80**, and **www\.microsoft.com:80**. Since these URLs are used for certificate validation with other Microsoft products you may already have these URLs unblocked.
 
 ## Install the Azure AD Connect provisioning agent
-1. Sign in to the server you will use with enterprise admin permissions.  If you are using the  [Basic AD and Azure environment](tutorial-basic-ad-azure.md) tutorial, it would be DC1.
-2. Download the Azure AD Connect provisioning agent [here](https://go.microsoft.com/fwlink/?linkid=2109037).
-3. Run the Azure AD Connect provisioning agent (AADConnectProvisionin
-4. gAgent.Installer)
-3. On the splash screen, **Accept** the licensing terms and click **Install**.</br>
-![Welcome screen](media/how-to-install/install1.png)</br>
+1. Sign in to the domain joined server.  If you are using the  [Basic AD and Azure environment](tutorial-basic-ad-azure.md) tutorial, it would be DC1.
+2. Sign in to the Azure portal using cloud-only global admin credentials.
+3. On the left, select **Azure Active Directory**, click **Azure AD Connect**, and in the center select **Manage provisioning (preview)**.
 
-4. Once this operation completes, the configuration wizard will launch.  Sign in with your Azure AD global administrator account.  Note that if you have IE enhanced security enabled this will block the sign-in.  If this is the case, close the installation, disable IE enhanced security in Server Manager, and click the **AAD Connect Provisioning Agent Wizard** to restart the installation.
-5. On the **Connect Active Directory** screen, click **Add directory** and then sign in with your Active Directory domain administrator account.  NOTE: The domain administrator account should not have password change requirements. In case the password expires or changes, you will need to re-configure the agent with the new credentials. This operation will add your on-premises directory.  Click **Next**.</br>
-![Welcome screen](media/how-to-install/install3.png)</br>
+   ![Azure portal](media/how-to-install/install6.png)
 
-6. On the **Configuration complete** screen, click **Confirm**.  This operation will register and restart the agent.</br>
-![Welcome screen](media/how-to-install/install4.png)</br>
+4. Click **Download agent**.
+5. Run the Azure AD Connect provisioning agent.
+6. On the splash screen, **Accept** the licensing terms and click **Install**.
 
-7. Once this operation completes you should see a notice: **Your agent configuration was successfully verified.**  You can click **Exit**.</br>
+   ![Welcome screen](media/how-to-install/install1.png)
+
+7. Once this operation completes, the configuration wizard will launch.  Sign in with your Azure AD global administrator account.  Note that if you have IE enhanced security enabled this will block the sign-in.  If this is the case, close the installation, disable IE enhanced security in Server Manager, and click the **AAD Connect Provisioning Agent Wizard** to restart the installation.
+8. On the **Connect Active Directory** screen, click **Add directory** and then sign in with your Active Directory domain administrator account.  NOTE: The domain administrator account should not have password change requirements. In case the password expires or changes, you will need to re-configure the agent with the new credentials. This operation will add your on-premises directory.  Click **Next**.
+
+   ![Welcome screen](media/how-to-install/install3.png)
+
+9. On the **Configuration complete** screen, click **Confirm**.  This operation will register and restart the agent.
+
+   ![Welcome screen](media/how-to-install/install4.png)
+
+10. Once this operation completes you should see a notice: **Your agent configuration was successfully verified.**  You can click **Exit**.</br>
 ![Welcome screen](media/how-to-install/install5.png)</br>
-8. If you still see the initial splash screen, click **Close**.
+11. If you still see the initial splash screen, click **Close**.
 
 
 ## Verify agent installation
 
@@ -122,13 +122,14 @@ To support temporary passwords in Azure AD for synchronized users, you can enabl
 
 `Set-ADSyncAADCompanyFeature  -ForcePasswordResetOnLogonFeature $true`
 
-Caveat:  Forcing a user to change their password on next logon requires a password change at the same time.  AD Connect will not pick up the force password change flag by itself, it is supplemental to the detected password change that occurs during password hash sync.
+> [!NOTE]
+> Forcing a user to change their password on next logon requires a password change at the same time.  AD Connect will not pick up the force password change flag by itself; it is supplemental to the detected password change that occurs during password hash sync.
 
 > [!CAUTION]
 > If you do not enable Self-service Password Reset (SSPR) in Azure AD users will have a confusing experience when they reset their password in Azure AD and then attempt to sign in in Active Directory with the new password, as the new password isn’t valid in Active Directory. You should only use this feature when SSPR and Password Writeback is enabled on the tenant.
 
 > [!NOTE]
-> This feature is in Public Preview right now.
+> This feature is in public preview right now.
 
 #### Account expiration