Spelling and Markdown

docs/identity/hybrid/connect/how-to-connect-configure-ad-ds-connector-account.md

@@ -292,16 +292,16 @@ This cmdlet sets the following permissions:
 
 |Type |Name |Access |Applies To|
 |-----|-----|-----|-----| 
-|Allow |SYSTEM |Full Control |This object 
-|Allow |Enterprise Admins |Full Control |This object 
-|Allow |Domain Admins |Full Control |This object 
-|Allow |Administrators |Full Control |This object 
-|Allow |Enterprise Domain Controllers |List Contents |This object 
-|Allow |Enterprise Domain Controllers |Read All Properties |This object 
-|Allow |Enterprise Domain Controllers |Read Permissions |This object 
-|Allow |Authenticated Users |List Contents |This object 
-|Allow |Authenticated Users |Read All Properties |This object 
-|Allow |Authenticated Users |Read Permissions |This object 
+|Allow |SYSTEM |Full Control |This object |
+|Allow |Enterprise Admins |Full Control |This object |
+|Allow |Domain Admins |Full Control |This object |
+|Allow |Administrators |Full Control |This object |
+|Allow |Enterprise Domain Controllers |List Contents |This object |
+|Allow |Enterprise Domain Controllers |Read All Properties |This object |
+|Allow |Enterprise Domain Controllers |Read Permissions |This object |
+|Allow |Authenticated Users |List Contents |This object |
+|Allow |Authenticated Users |Read All Properties |This object |
+|Allow |Authenticated Users |Read Permissions |This object |
 
 ## Next Steps
 - [Microsoft Entra Connect: Accounts and permissions](reference-connect-accounts-permissions.md)

docs/identity/hybrid/connect/how-to-connect-fed-whatis.md

@@ -22,6 +22,7 @@ This topic is the home for information on federation-related functionalities for
 <a name='azure-ad-connect-federation-topics'></a>
 
 ## Microsoft Entra Connect: federation topics
+
 | Topic | What it covers and when to read it |
 |:--- |:--- |
 | **Microsoft Entra Connect user sign-in options** | |

docs/identity/hybrid/connect/how-to-connect-health-adfs.md

@@ -259,7 +259,7 @@ To select additional metrics, specify a time range, or to change the grouping, r
 | --- | --- |
 | All | Shows the count of total number of requests processed by all AD FS servers.|
 | Application | Groups the total requests based on the targeted relying party. This grouping is useful to understand which application is receiving how much percentage of the total traffic. |
-|  Server |Groups the total requests based on the server that processed the request. This grouping is useful to understand the load distribution of the total traffic.
+|  Server |Groups the total requests based on the server that processed the request. This grouping is useful to understand the load distribution of the total traffic. |
 | Workplace Join |Groups the total requests based on whether they are coming from devices that are workplace joined (known). This grouping is useful to understand if your resources are accessed using devices that are unknown to the identity infrastructure. |
 |  Authentication Method | Groups the total requests based on the authentication method used for authentication. This grouping is useful to understand the common authentication method that gets used for authentication. Following are the possible authentication methods <ol> <li>Windows Integrated Authentication (Windows)</li> <li>Forms Based Authentication (Forms)</li> <li>SSO (Single Sign On)</li> <li>X509 Certificate Authentication (Certificate)</li> <br>If the federation servers receive the request with an SSO Cookie, that request is counted as SSO (Single Sign On). In such cases, if the cookie is valid, the user is not asked to provide credentials and gets seamless access to the application. This behavior is common if you have multiple relying parties protected by the federation servers. |
 | Network Location | Groups the total requests based on the network location of the user. It can be either intranet or extranet. This grouping is useful to know what percentage of the traffic is coming from the intranet versus extranet. |

docs/identity/hybrid/connect/how-to-connect-health-alert-catalog.md

@@ -44,6 +44,7 @@ Microsoft Entra Connect Health alerts get resolved on a success condition. Micro
 | Export to Microsoft Entra ID was Stopped. Accidental delete threshold was reached |The export operation to Microsoft Entra ID failed. There were more objects to be deleted than the configured threshold. As a result, no objects were exported. | The number of objects marked for deletion is greater than the maximum threshold set. To evaluate the objects pending deletion, see [prevent accidental deletes](/entra/identity/hybrid/connect/how-to-connect-sync-feature-prevent-accidental-deletes). |
 
 ## Alerts for Active Directory Federation Services
+
 | Alert Name | Description | Remediation |
 | --- | --- | ----- |
 |Test Authentication Request (Synthetic Transaction) failed to obtain a token | The test authentication requests (Synthetic Transactions) initiated from this server failed to obtain a token after five retries. This might be caused due to transient network issues, AD DS Domain Controller availability or a mis-configured AD FS server. As a result, authentication requests processed by the federation service might fail. The agent uses the Local Computer Account context to obtain a token from the Federation Service. | Ensure that the following steps are taken to validate the health of the server.<ol><li>Validate that there are no additional unresolved alerts for this or other AD FS servers in your farm.</li><li>Validate that this condition isn't a transient failure by logging on with a test user from the AD FS sign-in page available at https://{your_adfs_server_name}/adfs/ls/idpinitiatedsignon.aspx</li><li>Go to <a href="https://testconnectivity.microsoft.com">https://testconnectivity.microsoft.com</a> and choose the ‘Office 365’ tab. Perform the ‘Office 365 single sign-on Test’.</li><li>Verify if your AD FS service name can be resolved from this server by executing the following command from a command prompt on this server. nslookup your_adfs_server_name</li></ol><p>If the service name can't be resolved, refer to the FAQ section for instructions of adding a HOST file entry of your AD FS service with the IP address of this server. This allows the synthetic transaction module running on this server to request a token</p> | 

docs/identity/hybrid/connect/how-to-connect-install-automatic-upgrade.md

@@ -58,7 +58,7 @@ Automatic upgrade will not be eligible to proceed if any of the following condit
 
 | Result Message | Description |
 | --- | --- |
-|UpgradeNotSupportedTLSVersionIncorrect|Your TLS version is lower than 1.2. Follow [our guide](reference-connect-tls-enforcement.md) to update your TLS.
+|UpgradeNotSupportedTLSVersionIncorrect|Your TLS version is lower than 1.2. Follow [our guide](reference-connect-tls-enforcement.md) to update your TLS.|
 |UpgradeNotSupportedCustomizedSyncRules|There are custom synchronization rules configured in Microsoft Entra Connect. <br/>**Note:** After version 2.2.1.0, this condition no longer prevents auto upgrade.|
 |UpgradeNotSupportedInvalidPersistedState|The installation isn't an Express settings or a DirSync upgrade.|
 |UpgradeNotSupportedNonLocalDbInstall|You aren't using a SQL Server Express LocalDB database.|

docs/identity/hybrid/connect/how-to-connect-install-custom.md

@@ -63,11 +63,11 @@ After installing the required components, select your users' single sign-on meth
 | Single sign-on option | Description |
 | --- | --- |
 | Password hash synchronization |Users can sign in to Microsoft cloud services, such as Microsoft 365, by using the same password they use in their on-premises network. User passwords are synchronized to Microsoft Entra ID as a password hash. Authentication occurs in the cloud. For more information, see [Password hash synchronization](how-to-connect-password-hash-synchronization.md). |
-|Pass-through authentication|Users can sign in to Microsoft cloud services, such as Microsoft 365, by using the same password they use in their on-premises network.  User passwords are validated by being passed through to the on-premises Active Directory domain controller.
+|Pass-through authentication|Users can sign in to Microsoft cloud services, such as Microsoft 365, by using the same password they use in their on-premises network.  User passwords are validated by being passed through to the on-premises Active Directory domain controller. |
 | Federation with AD FS |Users can sign in to Microsoft cloud services, such as Microsoft 365, by using the same password they use in their on-premises network.  Users are redirected to their on-premises Azure Directory Federation Services (AD FS) instance to sign in. Authentication occurs on-premises. |
 | Federation with PingFederate|Users can sign in to Microsoft cloud services, such as Microsoft 365, by using the same password they use in their on-premises network.  Users are redirected to their on-premises PingFederate instance to sign in. Authentication occurs on-premises. |
 | Do not configure |No user sign-in feature is installed or configured. Choose this option if you already have a third-party federation server or another solution in place. |
-|Enable single sign-on|This option is available with both password hash sync and pass-through authentication. It provides a single sign-on experience for desktop users on corporate networks. For more information, see [Single sign-on](how-to-connect-sso.md). </br></br>**Note:** For AD FS customers, this option is unavailable. AD FS already offers the same level of single sign-on.</br>
+|Enable single sign-on|This option is available with both password hash sync and pass-through authentication. It provides a single sign-on experience for desktop users on corporate networks. For more information, see [Single sign-on](how-to-connect-sso.md). </br></br>**Note:** For AD FS customers, this option is unavailable. AD FS already offers the same level of single sign-on.</br> |
 
 <a name='connect-to-azure-ad'></a>
 

docs/identity/hybrid/connect/how-to-connect-install-roadmap.md

@@ -37,6 +37,7 @@ You can find the download for Microsoft Entra Connect on [Microsoft Download Cen
 <a name='next-steps-to-install-azure-ad-connect'></a>
 
 ### Next steps to Install Microsoft Entra Connect
+
 |Topic |Link|  
 | --- | --- |
 |Download Microsoft Entra Connect | [Download Microsoft Entra Connect](https://go.microsoft.com/fwlink/?LinkId=615771)|
@@ -74,11 +75,12 @@ The [prevent accidental deletes](how-to-connect-sync-feature-prevent-accidental-
 [Automatic upgrade](how-to-connect-install-automatic-upgrade.md) is enabled by default for express settings installations and ensures your Microsoft Entra Connect is always up to date with the latest release.
 
 ### Next steps to configure sync features
+
 |Topic |Link|  
 | --- | --- |
 |Configure filtering | [Microsoft Entra Connect Sync: Configure filtering](how-to-connect-sync-configure-filtering.md)|
 |Password hash synchronization | [Password hash synchronization](how-to-connect-password-hash-synchronization.md)|
-|Pass-through Authentication | [Pass-through authentication](how-to-connect-pta.md)
+|Pass-through Authentication | [Pass-through authentication](how-to-connect-pta.md)|
 |Password writeback | [Getting started with password management](~/identity/authentication/tutorial-enable-sspr.md)|
 |Device writeback | [Enabling device writeback in Microsoft Entra Connect](how-to-connect-device-writeback.md)|
 |Prevent accidental deletes | [Microsoft Entra Connect Sync: Prevent accidental deletes](how-to-connect-sync-feature-prevent-accidental-deletes.md)|
@@ -98,6 +100,7 @@ The configuration model in sync is called [declarative provisioning](concept-azu
 <a name='next-steps-to-customize-azure-ad-connect-sync'></a>
 
 ### Next steps to customize Microsoft Entra Connect Sync
+
 |Topic |Link|  
 | --- | --- |
 |All Microsoft Entra Connect Sync articles | [Microsoft Entra Connect Sync](how-to-connect-sync-whatis.md)|
@@ -122,6 +125,7 @@ ADFS can be configured to support [multiple domains](how-to-connect-install-mult
 If your ADFS server isn't configured to update certificates from Microsoft Entra ID automatically, or if you use a non-ADFS solution, then you'll be notified when you have to [update certificates](how-to-connect-fed-o365-certs.md).
 
 ### Next steps to configure federation features
+
 |Topic |Link|  
 | --- | --- |
 |All AD FS articles | [Microsoft Entra Connect and federation](how-to-connect-fed-whatis.md)|

docs/identity/hybrid/connect/how-to-connect-install-sql-delegation.md

@@ -23,9 +23,9 @@ To use this feature, you need to realize that there are several moving parts and
 
 |Role|Description|
 |-----|-----|
-|Domain or Forest AD administrator|Creates the domain level service account that is used by Microsoft Entra Connect to run the sync service. For more information on service accounts, see [Accounts and permissions](reference-connect-accounts-permissions.md).
+|Domain or Forest AD administrator|Creates the domain level service account that is used by Microsoft Entra Connect to run the sync service. For more information on service accounts, see [Accounts and permissions](reference-connect-accounts-permissions.md).|
 |SQL administrator|Creates the ADSync database and grants login + dbo access to the Microsoft Entra Connect administrator and the service account created by the domain/forest admin.|
-Microsoft Entra Connect administrator|Installs Microsoft Entra Connect and specifies the service account during custom installation.
+|Microsoft Entra Connect administrator|Installs Microsoft Entra Connect and specifies the service account during custom installation.|
 
 <a name='steps-for-installing-azure-ad-connect-using-sql-delegated-permissions'></a>
 

docs/identity/hybrid/connect/how-to-connect-password-hash-synchronization.md

@@ -223,7 +223,7 @@ If you use Microsoft Entra Domain Services to provide legacy authentication for
     * Generates a random initialization vector needed for the first round of encryption.
     * Extracts Kerberos password hashes from the *supplementalCredentials* attributes.
     * Checks the Microsoft Entra Domain Services security configuration *SyncNtlmPasswords* setting.
-        * If this setting is disabled, generates a random, high-entropy NTLM hash (different from the user's password). This hash is then combined with the exacted Kerberos password hashes from the *supplementalCrendetials* attribute into one data structure.
+        * If this setting is disabled, generates a random, high-entropy NTLM hash (different from the user's password). This hash is then combined with the exacted Kerberos password hashes from the *supplementalCredentials* attribute into one data structure.
         * If enabled, combines the value of the *unicodePwd* attribute with the extracted Kerberos password hashes from the *supplementalCredentials* attribute into one data structure.
     * Encrypts the single data structure using the AES symmetric key.
     * Encrypts the AES symmetric key using the tenant's Microsoft Entra Domain Services public key.

docs/identity/hybrid/connect/how-to-connect-single-object-sync.md

@@ -82,7 +82,7 @@ To run the Single Object Sync tool, perform the following steps:
 |-----|----|
 |DistinguishedName|This is a required string parameter. </br></br>This is the Active Directory object’s distinguished name that needs synchronization and troubleshooting.| 
 |StagingMode|This is an optional switch parameter. </br></br>This parameter can be used to prevent exporting the changes to Microsoft Entra ID.</br></br>**Note**: The cmdlet commits the sync operation. </br></br>**Note**: Microsoft Entra Connect Staging server won't export the changes to Microsoft Entra ID.|
-|NoHtmlReport|This is an optional switch parameter. </br></br>This parameter can be used to prevent generating the HTML report. 
+|NoHtmlReport|This is an optional switch parameter. </br></br>This parameter can be used to prevent generating the HTML report.|
 
 ## Single Object Sync throttling 
 

docs/identity/hybrid/connect/how-to-connect-sso.md

@@ -61,12 +61,12 @@ For more information on how SSO works with Windows 10 using PRT, see: [Primary R
 - It's supported on web browser-based clients and Office clients that support [modern authentication](/microsoft-365/enterprise/modern-auth-for-office-2013-and-2016) on platforms and browsers capable of Kerberos authentication:
 
 | OS\Browser |Internet Explorer|Microsoft Edge\*\*\*\*|Google Chrome|Mozilla Firefox|Safari|
-| --- | --- |--- | --- | --- | -- 
-|Windows 10|Yes\*|Yes|Yes|Yes\*\*\*|N/A
-|Windows 8.1|Yes\*|Yes*\*\*\*|Yes|Yes\*\*\*|N/A
-|Windows 8|Yes\*|N/A|Yes|Yes\*\*\*|N/A
-|Windows Server 2012 R2 or above|Yes\*\*|N/A|Yes|Yes\*\*\*|N/A
-|Mac OS X|N/A|N/A|Yes\*\*\*|Yes\*\*\*|Yes\*\*\*
+| --- | --- |--- | --- | --- | -- |
+|Windows 10|Yes\*|Yes|Yes|Yes\*\*\*|N/A|
+|Windows 8.1|Yes\*|Yes*\*\*\*|Yes|Yes\*\*\*|N/A|
+|Windows 8|Yes\*|N/A|Yes|Yes\*\*\*|N/A|
+|Windows Server 2012 R2 or above|Yes\*\*|N/A|Yes|Yes\*\*\*|N/A|
+|Mac OS X|N/A|N/A|Yes\*\*\*|Yes\*\*\*|Yes\*\*\*|
 
  > [!NOTE]
  >Microsoft Edge legacy is no longer supported

docs/identity/hybrid/connect/how-to-connect-sync-configure-filtering.md

@@ -184,7 +184,7 @@ If you changed the configuration by using **domain** or **organizational-unit**
 
 If you changed the configuration by using **attribute** filtering, then you need to do a **Full Synchronization**.
 
-As a best practice, make sure your server is in [Staging mode ](/entra/identity/hybrid/connect/how-to-connect-sync-staging-server#change-currently-active-sync-server-to-staging-mode)and start an **Initial** sync cycle which will run a full import and full synchronization on all connectors using the PowerShell command `Start-ADSyncSyncCycle -PolicyType Initial`.
+As a best practice, make sure your server is in [Staging mode](/entra/identity/hybrid/connect/how-to-connect-sync-staging-server#change-currently-active-sync-server-to-staging-mode)and start an **Initial** sync cycle which will run a full import and full synchronization on all connectors using the PowerShell command `Start-ADSyncSyncCycle -PolicyType Initial`.
 
 To manually start a run profile, do the following steps:
 

docs/identity/hybrid/connect/how-to-connect-sync-service-manager-ui-connectors.md

@@ -22,6 +22,7 @@ ms.custom: H1Hack27Feb2017
 The Connectors tab is used to manage all systems the sync engine is connected to.
 
 ## Connector actions
+
 | Action | Comment |
 | --- | --- |
 | Create |Don't use. For connecting to additional AD forests, use the installation wizard. |

docs/identity/hybrid/connect/how-to-connect-sync-staging-server.md

@@ -115,7 +115,7 @@ You may need to perform a failover of the Sync Servers for several reasons, such
 - The staging server has the synchronization scheduler enabled and has synchronized with Microsoft Entra ID recently
 - In case of any updates in synchronization rules or in sync scope, run an initial sync cycle
 - Confirm that your Microsoft Entra Connect Sync Server is configured to [prevent accidental deletes](how-to-connect-sync-feature-prevent-accidental-deletes.md) 
-- [Verify ](#verify)the pending exports and confirm that there aren't significant updates, and such updates are expected
+- [Verify](#verify)the pending exports and confirm that there aren't significant updates, and such updates are expected
 - Check if [Microsoft Entra Connect Health](whatis-azure-ad-connect.md#what-is-microsoft-entra-connect-health) agent is updated by checking the server in [Microsoft Entra Connect Health](https://aka.ms/aadconnecthealth) portal
 - Switch the current active server to staging mode, before switching the staging server to active
 

docs/identity/hybrid/connect/how-to-connect-sync-whatis.md

@@ -34,6 +34,7 @@ The sync service consists of two components, the on-premises **Microsoft Entra C
 <a name='azure-ad-connect-sync-topics'></a>
 
 ## Microsoft Entra Connect Sync topics
+
 | Topic | What it covers and when to read |
 | --- | --- |
 | **Microsoft Entra Connect Sync fundamentals** | |

docs/identity/hybrid/connect/reference-connect-adsync.md

@@ -52,7 +52,7 @@ The following documentation provides reference information for the `ADSync` Powe
  PS C:\> (Get-ADsyncConnector -Identifier 'b891884f-051e-4a83-95af-2544101c9083').ConnectivityParameters['UserName'].Value
  # Get the Microsoft Entra credential
  PS C:\> $credEntra = Get-Credential
- # Add or updatethe synchronization service account
+ # Add or update the synchronization service account
  PS C:\> Add-ADSyncAADServiceAccount -AADCredential $credEntra -Name Sync_CONNECT01
  ```
 
@@ -1638,7 +1638,7 @@ The following documentation provides reference information for the `ADSync` Powe
 ### PARAMETERS
 
 #### -AutoUpgradeState
- The AtuoUpgrade state. Accepted values: Suspended, Enabled, Disabled.
+ The AutoUpgrade state. Accepted values: Suspended, Enabled, Disabled.
 
  ```yaml
  Type: AutoUpgradeConfigurationState
@@ -1858,7 +1858,7 @@ The following documentation provides reference information for the `ADSync` Powe
 
 #### Example 1
  ```powershell
- PS C:\> Set-ADSyncSchedulerConnectorOverride -Connectorname "contoso.com" -FullImportRequired $true
+ PS C:\> Set-ADSyncSchedulerConnectorOverride -ConnectorName "contoso.com" -FullImportRequired $true
  -FullSyncRequired $false
  ```