ddit-joe
diff --git a/‎SECURITY.md
+1-1 b/‎SECURITY.md
+1-1
diff --git a/‎docs/architecture/auth-remote-desktop-gateway.md
+11-10 b/‎docs/architecture/auth-remote-desktop-gateway.md
+11-10
diff --git a/‎docs/architecture/auth-saml.md
+13-14 b/‎docs/architecture/auth-saml.md
+13-14
diff --git a/‎docs/architecture/auth-ssh.md
+15-14 b/‎docs/architecture/auth-ssh.md
+15-14
diff --git a/‎docs/architecture/auth-sync-overview.md
+9-11 b/‎docs/architecture/auth-sync-overview.md
+9-11
@@ -23,7 +23,7 @@ Include the requested information listed below (as much as you can provide) to h
   - The location of the affected source code (tag/branch/commit or direct URL)
   - Any special configuration required to reproduce the issue
   - Step-by-step instructions to reproduce the issue
-  - Proof-of-concept code or exploit code (if possible)
+  - Proof of concept code or exploit code (if possible)
   - Impact of the issue, including how an attacker might exploit the issue
 
 This information will help us triage your report more quickly.
 
@@ -10,11 +10,12 @@ ms.date: 03/01/2023
 ms.author: jricketts
 ms.reviewer: ajburnle
 ---
+
 # Remote Desktop Gateway Services
 
 A standard Remote Desktop Services (RDS) deployment includes various [Remote Desktop role services](/windows-server/remote/remote-desktop-services/desktop-hosting-logical-architecture) running on Windows Server. The RDS deployment with Microsoft Entra application proxy has a permanent outbound connection from the server that is running the connector service. Other deployments leave open inbound connections through a load balancer.
 
-This authentication pattern allows you to offer more types of applications by publishing on premises applications through Remote Desktop Services. It reduces the attack surface of their deployment by using Microsoft Entra application proxy.
+This authentication pattern allows you to offer more types of applications by publishing on-premises applications through Remote Desktop Services. It reduces the attack surface of their deployment by using Microsoft Entra application proxy.
 
 ## When to use Remote Desktop Gateway Services
 
@@ -24,22 +25,22 @@ Use Remote Desktop Gateway Services when you need to provide remote access and p
 
 ## System components
 
-* **User**: Accesses RDS served by Application Proxy.
-* **Web browser**: The component that the user interacts with to access the external URL of the application.
-* **Microsoft Entra ID**: Authenticates the user. 
-* **Application Proxy service**: Acts as reverse proxy to forward request from the user to RDS. Application Proxy can also enforce any Conditional Access policies.
-* **Remote Desktop Services**: Acts as a platform for individual virtualized applications, providing secure mobile and remote desktop access. It provides end users with the ability to run their applications and desktops from the cloud.
+- **User:** Accesses RDS served by Application Proxy.
+- **Web browser:** The component that the user interacts with to access the external URL of the application.
+- **Microsoft Entra ID:** Authenticates the user.
+- **Application Proxy service:** Acts as reverse proxy to forward request from the user to RDS. Application Proxy can also enforce any Conditional Access policies.
+- **Remote Desktop Services:** Acts as a platform for individual virtualized applications, providing secure mobile and remote desktop access. It provides end users with the ability to run their applications and desktops from the cloud.
 
 <a name='implement-remote-desktop-gateway-services-with-azure-ad'></a>
 
 ## Implement Remote Desktop Gateway services with Microsoft Entra ID
 
 Explore the following resources to learn more about implementing Remote Desktop Gateway services with Microsoft Entra ID.
 
-* [Publish Remote Desktop with Microsoft Entra application proxy](~/identity/app-proxy/application-proxy-integrate-with-remote-desktop-services.md) describes how Remote Desktop Service and Microsoft Entra application proxy work together to improve productivity of workers who are away from the corporate network.
-* The [Tutorial - Add an on-premises app - Application Proxy in Microsoft Entra ID](~/identity/app-proxy/application-proxy-add-on-premises-application.md) helps you to prepare your environment for use with Application Proxy.
+- [Publish Remote Desktop with Microsoft Entra application proxy](~/identity/app-proxy/application-proxy-integrate-with-remote-desktop-services.md) describes how Remote Desktop Service and Microsoft Entra application proxy work together to improve productivity of workers who are away from the corporate network.
+- The [Tutorial - Add an on-premises app - Application Proxy in Microsoft Entra ID](~/identity/app-proxy/application-proxy-add-on-premises-application.md) helps you to prepare your environment for use with Application Proxy.
 
 ## Next steps
 
-* [Microsoft Entra authentication and synchronization protocol overview](auth-sync-overview.md) describes integration with authentication and synchronization protocols. Authentication integrations enable you to use Microsoft Entra ID and its security and management features with little or no changes to your applications that use legacy authentication methods. Synchronization integrations enable you to sync user and group data to Microsoft Entra ID and then user Microsoft Entra management capabilities. Some sync patterns enable automated provisioning.
-* [Remote Desktop Services architecture](/windows-server/remote/remote-desktop-services/desktop-hosting-logical-architecture) describes configurations for deploying Remote Desktop Services to host Windows apps and desktops for end-users.
+- [Microsoft Entra authentication and synchronization protocol overview](auth-sync-overview.md) describes integration with authentication and synchronization protocols. Authentication integrations enable you to use Microsoft Entra ID and its security and management features with little or no changes to your applications that use legacy authentication methods. Synchronization integrations enable you to sync user and group data to Microsoft Entra ID and then user Microsoft Entra management capabilities. Some sync patterns enable automated provisioning.
+- [Remote Desktop Services architecture](/windows-server/remote/remote-desktop-services/desktop-hosting-logical-architecture) describes configurations for deploying Remote Desktop Services to host Windows apps and desktops for end-users.
@@ -14,41 +14,40 @@ ms.reviewer: ajburnle
 
 # SAML authentication with Microsoft Entra ID
 
-Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between an identity provider and a service provider. SAML is an XML-based markup language for security assertions, which are statements that service providers use to make access-control decisions. 
+Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider. SAML is an XML-based markup language for security assertions, which are statements that service providers use to make access-control decisions.
 
 The SAML specification defines three roles:
 
-* The principal, generally a user
-* The identity provider (IdP)
-* The  service provider (SP)
-
+- The principal, generally a user
+- The identity provider (IdP)
+- The service provider (SP)
 
 ## Use when
 
 There's a need to provide a single sign-on (SSO) experience for an enterprise SAML application.
 
-While one of most important use cases that SAML addresses is SSO, especially by extending SSO across security domains, there are other use cases (called profiles) as well. 
+While one of most important use cases that SAML addresses is SSO, especially by extending SSO across security domains, there are other use cases (called profiles) as well.
 
 ![architectural diagram for SAML](./media/authentication-patterns/saml-auth.png)
 
 ## Components of system
 
-* **User**: Requests a service from the application.
+- **User:** Requests a service from the application.
 
-* **Web browser**: The component that the user interacts with.
+- **Web browser:** The component that the user interacts with.
 
-* **Web app**: Enterprise application that supports SAML and uses Microsoft Entra ID as IdP.
+- **Web app:** Enterprise application that supports SAML and uses Microsoft Entra ID as IdP.
 
-* **Token**: A SAML assertion (also known as SAML tokens) that carries sets of claims made by the IdP about the principal (user). It contains authentication information, attributes, and authorization decision statements.
+- **Token:** A SAML assertion (also known as SAML tokens) that carries sets of claims made by the IdP about the principal (user). It contains authentication information, attributes, and authorization decision statements.
 
-* **Microsoft Entra ID**: Enterprise cloud IdP that provides SSO and Multi-factor authentication for SAML apps. It synchronizes, maintains, and manages identity information for users while providing authentication services to relying applications. 
+- **Microsoft Entra ID:** Enterprise cloud IdP that provides SSO and multifactor authentication for SAML apps. It synchronizes, maintains, and manages identity information for users while providing authentication services to relying applications.
 
 <a name='implement-saml-authentication-with-azure-ad'></a>
 
 ## Implement SAML authentication with Microsoft Entra ID
 
-* [Tutorials for integrating SaaS applications using Microsoft Entra ID](~/identity/saas-apps/tutorial-list.md) 
+- [Tutorials for integrating software as a service (SaaS) applications using Microsoft Entra ID](~/identity/saas-apps/tutorial-list.md)
 
-* [Configuring SAML based single sign-on for non-gallery applications](~/identity/enterprise-apps/add-application-portal.md) 
+- [Configuring SAML-based single sign-on for non-gallery applications](~/identity/enterprise-apps/add-application-portal.md)
 
-* [How Microsoft Entra ID uses the SAML protocol](~/identity-platform/saml-protocol-reference.md)
+- [How Microsoft Entra ID uses the SAML protocol](~/identity-platform/saml-protocol-reference.md)
@@ -11,40 +11,41 @@ ms.date: 01/10/2023
 ms.author: jricketts
 ms.reviewer: ajburnle
 ---
-# SSH authentication with Microsoft Entra ID  
 
-Secure Shell (SSH) is a network protocol that provides encryption for operating network services securely over an unsecured network. It's commonly used in systems like Unix and Linux. SSH replaces the Telnet protocol, which doesn't provide encryption in an unsecured network. 
+# SSH authentication with Microsoft Entra ID
+
+Secure Shell (SSH) is a network protocol that provides encryption for operating network services securely over an unsecured network. It's commonly used in systems like Unix and Linux. SSH replaces the Telnet protocol, which doesn't provide encryption in an unsecured network.
 
 Microsoft Entra ID provides a virtual machine (VM) extension for Linux-based systems that run on Azure. It also provides a client extension that integrates with the [Azure CLI](/cli/azure/) and the OpenSSH client.
 
 You can use SSH authentication with Active Directory when you're:
 
-* Working with Linux-based VMs that require remote command-line sign-in.
+- Working with Linux-based VMs that require remote command-line sign-in.
 
-* Running remote commands in Linux-based systems.
+- Running remote commands in Linux-based systems.
 
-* Securely transferring files in an unsecured network.
+- Securely transferring files in an unsecured network.
 
-## Components of the system 
+## Components of the system
 
-The following diagram shows the process of SSH authentication with Microsoft Entra ID: 
+The following diagram shows the process of SSH authentication with Microsoft Entra ID:
 
 ![Diagram of Microsoft Entra ID with the SSH protocol.](./media/authentication-patterns/ssh-auth.png)
 
 The system includes the following components:
 
-* **User**: The user starts the Azure CLI and the SSH client to set up a connection with the Linux VMs. The user also provides credentials for authentication.
+- **User:** The user starts the Azure CLI and the SSH client to set up a connection with the Linux VMs. The user also provides credentials for authentication.
 
-* **Azure CLI**: The user interacts with the Azure CLI to start a session with Microsoft Entra ID, request short-lived OpenSSH user certificates from Microsoft Entra ID, and start the SSH session.
+- **Azure CLI:** The user interacts with the Azure CLI to start a session with Microsoft Entra ID, request short-lived OpenSSH user certificates from Microsoft Entra ID, and start the SSH session.
 
-* **Web browser**: The user opens a browser to authenticate the Azure CLI session. The browser communicates with the identity provider (Microsoft Entra ID) to securely authenticate and authorize the user.
+- **Web browser:** The user opens a browser to authenticate the Azure CLI session. The browser communicates with the identity provider (Microsoft Entra ID) to securely authenticate and authorize the user.
 
-* **OpenSSH client**: The Azure CLI (or the user) uses the OpenSSH client to start a connection to the Linux VM.
+- **OpenSSH client:** The Azure CLI (or the user) uses the OpenSSH client to start a connection to the Linux VM.
 
-* **Microsoft Entra ID**: Microsoft Entra authenticates the identity of the user and issues short-lived OpenSSH user certificates to the Azure CLI client.
+- **Microsoft Entra ID:** Microsoft Entra authenticates the identity of the user and issues short-lived OpenSSH user certificates to the Azure CLI client.
 
-* **Linux VM**: The Linux VM accepts the OpenSSH user certificate and provides a successful connection.
+- **Linux VM:** The Linux VM accepts the OpenSSH user certificate and provides a successful connection.
 
 ## Next steps
 
-* To implement SSH with Microsoft Entra ID for your users or guest users, see [Log in to a Linux VM by using Microsoft Entra credentials](~/identity/devices/howto-vm-sign-in-azure-ad-linux.md). 
+- To implement SSH with Microsoft Entra ID for your users or guest users, see [Log in to a Linux VM by using Microsoft Entra credentials](~/identity/devices/howto-vm-sign-in-azure-ad-linux.md).
@@ -20,27 +20,25 @@ Microsoft Entra ID enables integration with many authentication protocols. The a
 
 The following table presents authentication Microsoft Entra integration with legacy authentication protocols and their capabilities. Select the name of an authentication protocol to see
 
-* A detailed description
+- A detailed description
 
-* When to use it
+- When to use it
 
-* Architectural diagram
+- Architectural diagram
 
-* Explanation of system components
+- Explanation of system components
 
-* Links for how to implement the integration
+- Links for how to implement the integration
 
- 
-
-| Authentication protocol| Authentication| Authorization| Multi-factor Authentication| Conditional Access |
+| Authentication protocol| Authentication| Authorization| Multifactor Authentication| Conditional Access |
 | - |- | - | - | - |
 | [Header-based authentication](auth-header-based.md)|![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
 | [LDAP authentication](auth-ldap.md)| ![check mark](./media/authentication-patterns/check.png)| | |  |
-| [OAuth 2.0 authentication](auth-oauth2.md)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
+| [Open Authorization (OAuth) 2.0 authentication](auth-oauth2.md)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
 | [OIDC authentication](auth-oidc.md)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
-| [Password based SSO authentication](auth-password-based-sso.md)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
+| [Password-based single sign-on (SSO) authentication](auth-password-based-sso.md)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
 | [RADIUS authentication](auth-radius.md)| ![check mark](./media/authentication-patterns/check.png)| | ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
 | [Remote Desktop Gateway services](auth-remote-desktop-gateway.md)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
 | [Secure Shell (SSH)](auth-ssh.md) |  ![check mark](./media/authentication-patterns/check.png)| | ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
-| [SAML authentication](auth-saml.md)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
+| [Security Assertion Markup Language (SAML) authentication](auth-saml.md)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |
 | [Windows Authentication - Kerberos Constrained Delegation](auth-kcd.md)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png)| ![check mark](./media/authentication-patterns/check.png) |