etherscan-io
diff --git a/‎articles/active-directory-b2c/active-directory-b2c-reference-custom-attr.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory-b2c/active-directory-b2c-reference-custom-attr.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory-b2c/manage-user-access.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory-b2c/manage-user-access.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/b2b/one-time-passcode.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/b2b/one-time-passcode.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/conditional-access/plan-conditional-access.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/conditional-access/plan-conditional-access.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/develop/active-directory-saml-claims-customization.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/develop/active-directory-saml-claims-customization.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/devices/enterprise-state-roaming-enable.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/devices/enterprise-state-roaming-enable.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/governance/perform-access-review.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/governance/perform-access-review.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-business-needs.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-business-needs.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-incident-response-requirements.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-incident-response-requirements.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-lifecycle-adoption-strategy.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/hybrid/plan-hybrid-identity-design-considerations-lifecycle-adoption-strategy.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/hybrid/reference-connect-adconnectivitytools.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/hybrid/reference-connect-adconnectivitytools.md
Lines changed: 2 additions & 2 deletions
@@ -20,7 +20,7 @@ ms.subservice: B2C
  You can create custom attributes in the [Azure portal](https://portal.azure.com/) and use them in your sign-up user flows, sign-up or sign-in user flows, or profile editing user flows. You can also read and write these attributes by using the [Azure AD Graph API](active-directory-b2c-devquickstarts-graph-dotnet.md). Custom attributes in Azure AD B2C use [Azure AD Graph API Directory Schema Extensions](/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-directory-schema-extensions).  
 
 > [!NOTE]
-> Support for newer [Microsoft Graph API](https://docs.microsoft.com/en-us/graph/overview?view=graph-rest-1.0) for querying Azure AD B2C tenant is still under development.
+> Support for newer [Microsoft Graph API](https://docs.microsoft.com/graph/overview?view=graph-rest-1.0) for querying Azure AD B2C tenant is still under development.
 >
 
 ## Create a custom attribute
@@ -52,5 +52,5 @@ The custom attribute is now available in the list of **User attributes** and for
 5. Select **Application claims** and then select the custom attribute. 
 6. Click **Save**.
 
-Once you have created a new user using a user flow which uses the newly created custom attribute, the object can be queried in [Azure AD Graph Explorer](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api-quickstart). Alternatively you can use the [**Run user flow**](https://docs.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows) feature on the user flow to verify the customer experience. You should now see **ShoeSize** in the list of attributes collected during the sign-up journey, and see it in the token sent back to your application. 
+Once you have created a new user using a user flow which uses the newly created custom attribute, the object can be queried in [Azure AD Graph Explorer](https://docs.microsoft.com/azure/active-directory/develop/active-directory-graph-api-quickstart). Alternatively you can use the [**Run user flow**](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-create-user-flows) feature on the user flow to verify the customer experience. You should now see **ShoeSize** in the list of attributes collected during the sign-up journey, and see it in the token sent back to your application. 
 
@@ -34,7 +34,7 @@ If a user is identified as a minor, you can set the user flow in Azure AD B2C to
 
 - **Send an unsigned JSON token to the application**: Azure AD B2C notifies the application that the user is a minor and provides the status of the user’s parental consent. The application then proceeds by applying business rules. A JSON token does not complete a successful authentication with the application. The application must process the unauthenticated user according to the claims included in the JSON token, which may include **name**, **email**, **ageGroup**, and **consentProvidedForMinor**.
 
-- **Block the user**: If a user is a minor, and parental consent has not been provided, Azure AD B2C can notify the user that he or she is blocked. No token is issued, access is blocked, and the user account is not created during a registration journey. To implement this notification, you provide a suitable HTML/CSS content page to inform the user and present appropriate options. No further action is needed by the application for new registrations.
+- **Block the user**: If a user is a minor, and parental consent has not been provided, Azure AD B2C can notify the user that they are blocked. No token is issued, access is blocked, and the user account is not created during a registration journey. To implement this notification, you provide a suitable HTML/CSS content page to inform the user and present appropriate options. No further action is needed by the application for new registrations.
 
 ## Get parental consent
 
@@ -44,7 +44,7 @@ The following is an example of a user flow for gathering parental consent:
 
 1. An [Azure Active Directory Graph API](/previous-versions/azure/ad/graph/api/api-catalog) operation identifies the user as a minor and returns the user data to the application in the form of an unsigned JSON token.
 
-2. The application processes the JSON token and shows a screen to the minor, notifying him or her that parental consent is required and requesting the consent of a parent online. 
+2. The application processes the JSON token and shows a screen to the minor, notifying them that parental consent is required and requesting the consent of a parent online. 
 
 3. Azure AD B2C shows a sign-in journey that the user can sign in to normally and issues a token to the application that is set to include **legalAgeGroupClassification = “minorWithParentalConsent”**. The application collects the email address of the parent and verifies that the parent is an adult. To do so, it uses a trusted source, such as a national ID office, license verification, or credit card proof. If verification is successful, the application prompts the minor to sign in by using the Azure AD B2C user flow. If consent is denied (for example, if **legalAgeGroupClassification = “minorWithoutParentalConsent”**), Azure AD B2C returns a JSON token (not a login) to the application to restart the consent process. It is optionally possible to customize the user flow so that a minor or an adult can regain access to a minor’s account by sending a registration code to the minor’s email address or the adult’s email address on record.
 
 
@@ -62,7 +62,7 @@ You can view guest users who authenticate with one-time passcodes in the Azure p
 > When a user redeems a one-time passcode and later obtains an MSA, Azure AD account, or other federated account, they'll continue to be authenticated using a one-time passcode. If you want to update their authentication method, you can delete their guest user account and reinvite them.
 
 ### Example
-Guest user alexdoe@gmail.com is invited to Fabrikam, which does not have Google federation set up. Alex does not have a Microsoft account. He'll receive a one-time passcode for authentication.
+Guest user alexdoe@gmail.com is invited to Fabrikam, which does not have Google federation set up. Alex does not have a Microsoft account. They'll receive a one-time passcode for authentication.
 
 ## Opting in to the preview 
 It might take a few minutes for the opt-in action to take effect. After that, only newly invited users who meet the conditions above will use one-time passcode authentication. Guest users who previously redeemed an invitation will continue to use their same authentication method.
 
@@ -76,7 +76,7 @@ At this point, it's a good time to decide on a naming standard for your policies
 
 ![Naming standard](./media/plan-conditional-access/11.png)
 
-While a descriptive name helps you to keep an overview of your conditional access implementation, the sequence number is helpful if you need to reference a policy in a conversation. For example, if you talk a fellow administrator on the phone, you can ask him to open policy EM063 to solve an issue.
+While a descriptive name helps you to keep an overview of your conditional access implementation, the sequence number is helpful if you need to reference a policy in a conversation. For example, if you talk a fellow administrator on the phone, you can ask them to open policy EM063 to solve an issue.
 
 
 
 
@@ -43,7 +43,7 @@ There are two possible reasons why you might need to edit the claims issued in t
 To edit the NameID (name identifier value):
 
 1. Open the **Name identifier value** page.
-1. Select the attribute or transformation you want to apply to the attribute. Optionally, you can specify the format you want he NameID claim to have.
+1. Select the attribute or transformation you want to apply to the attribute. Optionally, you can specify the format you want the NameID claim to have.
 
    ![Edit the NameID (name identifier) value](./media/active-directory-saml-claims-customization/saml-sso-manage-user-claims.png)
 
 
@@ -81,7 +81,7 @@ Explicit deletion is when an Azure admin deletes a user or a directory or otherw
 Data that has not been accessed for one year (“the retention period”) will be treated as stale and may be deleted from the Microsoft cloud. The retention period is subject to change but will not be less than 90 days. The stale data may be a specific set of Windows/application settings or all settings for a user. For example:
 
 * If no devices access a particular settings collection (for example, an application is removed from the device, or a settings group such as “Theme” is disabled for all of a user’s devices), then that collection becomes stale after the retention period and may be deleted. 
-* If a user has turned off settings sync on all his/her devices, then none of the settings data will be accessed, and all the settings data for that user will become stale and may be deleted after the retention period. 
+* If a user has turned off settings sync on all their devices, then none of the settings data will be accessed, and all the settings data for that user will become stale and may be deleted after the retention period. 
 * If the Azure AD directory admin turns off Enterprise State Roaming for the entire directory, then all users in that directory will stop syncing settings, and all settings data for all users will become stale and may be deleted after the retention period. 
 
 ### Deleted data recovery
 
@@ -68,7 +68,7 @@ There are two ways that you can approve or deny access:
 
 1. To approve or deny each request, click the row to open a window to specify the action to take.
 
-1. Click **Approve** or **Deny**. If you are unsure, you can click **Don't know**. Doing so will result in the user maintaining his/her access, but the selection will be reflected in the audit logs.
+1. Click **Approve** or **Deny**. If you are unsure, you can click **Don't know**. Doing so will result in the user maintaining their access, but the selection will be reflected in the audit logs.
 
     ![Perform access review](./media/perform-access-review/approve-deny.png)
 
 
@@ -22,7 +22,7 @@ ms.collection: M365-identity-device-management
 # Determine identity requirements for your hybrid identity solution
 The first step in designing a hybrid identity solution is to determine the requirements for the business organization that will be leveraging this solution.  Hybrid identity starts as a supporting role (it supports all other cloud solutions by providing authentication) and goes on to provide new and interesting capabilities that unlock new workloads for users.  These workloads or services that you wish to adopt for your users will dictate the requirements for the hybrid identity design.  These services and workloads need to leverage hybrid identity both on-premises and in the cloud.  
 
-You need to go over these key aspects of the business to understand what it is a requirement now and what the company plans for the future. If you don’t have the visibility of the long term strategy for hybrid identity design, chances are that your solution will not be scalable as the business needs grow and change.   T he diagram below shows an example of a hybrid identity architecture and the workloads that are being unlocked for users. This is just an example of all the new possibilities that can be unlocked and delivered with a solid hybrid identity strategy. 
+You need to go over these key aspects of the business to understand what it is a requirement now and what the company plans for the future. If you don’t have the visibility of the long term strategy for hybrid identity design, chances are that your solution will not be scalable as the business needs grow and change. The diagram below shows an example of a hybrid identity architecture and the workloads that are being unlocked for users. This is just an example of all the new possibilities that can be unlocked and delivered with a solid hybrid identity strategy. 
 
 Some components that are part of the hybrid identity architecture
 ![hybrid identity architecture](./media/plan-hybrid-identity-design-considerations/hybrid-identity-architechture.png)
 
@@ -45,7 +45,7 @@ The identity management system should assist IT admins to identify and report th
 * Does your company need to identify suspicious sign-on attempts from users across different devices?
 * Does your company need to detect potential compromised user’s credentials?
 * Does your company need to audit user’s access and action?
-* Does your company need to know when a user reset his password?
+* Does your company need to know when a user resets their password?
 
 ## Policy enforcement
 During damage control and risk reduction-phase, it is important to quickly reduce the actual and potential effects of an attack. That action that you will take at this point can make the difference between a minor and a major one. The exact response will depend on your organization and the nature of the attack that you face. If the initial assessment concluded that an account was compromised, you will need to enforce policy to block this account. That’s just one example where the identity management system will be leveraged. Use the questions below to help you design your hybrid identity solution while taking into consideration how policies will be enforced to react to an ongoing incident:
 
@@ -36,7 +36,7 @@ Accounts in sophisticated IT enterprises include hundreds of parameters that def
 
 ## Role-based access control
 Role-based access control (RBAC) uses roles and provisioning policies to evaluate, test, and enforce your business processes and rules for granting access to users. Key administrators create provisioning policies and assign users to roles and that define sets of entitlements to resources for these roles. RBAC extends the identity management solution to use software-based processes and reduce user manual interaction in the provisioning process.
-Azure AD RBAC enables the company to restrict the number of operations that an individual can do once he has access to the Azure portal. By using RBAC to control access to the portal, IT Admins ca delegate access by using the following access management approaches:
+Azure AD RBAC enables the company to restrict the number of operations that an individual can do once they have access to the Azure portal. By using RBAC to control access to the portal, IT Admins ca delegate access by using the following access management approaches:
 
 * **Group-based role assignment**: You can assign access to Azure AD groups that can be synced from your local Active Directory. This enables you to leverage the existing investments that your organization has made in tooling and processes for managing groups. You can also use the delegated group management feature of Azure AD Premium.
 * **Leverage built in roles in Azure**: You can use three roles — Owner, Contributor, and Reader, to ensure that users and groups have permission to do only the tasks they need to do their jobs.
 
@@ -31,7 +31,7 @@ Confirm-DnsConnectivity [-Forest] <String> [-DCs] <Array> [-ReturnResultAsPSObje
 
 Runs local Dns connectivity tests.
 In order to configure the Active Directory connector, user must have both name resolution
-for the forest he\she is attempting to connect to as well as in the domain controllers
+for the forest they are attempting to connect to as well as in the domain controllers
 associated to this forest.
 
 ### EXAMPLES
@@ -311,7 +311,7 @@ Accept wildcard characters: False
 
 #### -SkipDnsPort
 
-If user is not using DNS services provided by the AD Site / Logon DC, then he\she may want
+If user is not using DNS services provided by the AD Site / Logon DC, then they may want
 to skip checking port 53.
 User must still be able to resolve _.ldap._tcp.\<forestfqdn\>
 in order for the Active Directory Connector configuration to succeed.
Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,7 @@ At this point, it's a good time to decide on a naming standard for your policies`
`76`	`76`
`77`	`77`	`![Naming standard](./media/plan-conditional-access/11.png)`
`78`	`78`
`79`		`-While a descriptive name helps you to keep an overview of your conditional access implementation, the sequence number is helpful if you need to reference a policy in a conversation. For example, if you talk a fellow administrator on the phone, you can ask him to open policy EM063 to solve an issue.`
	`79`	`+While a descriptive name helps you to keep an overview of your conditional access implementation, the sequence number is helpful if you need to reference a policy in a conversation. For example, if you talk a fellow administrator on the phone, you can ask them to open policy EM063 to solve an issue.`
`80`	`80`
`81`	`81`
`82`	`82`