diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml
index 5a140f98e2..97c1386a73 100644
--- a/windows/configuration/TOC.yml
+++ b/windows/configuration/TOC.yml
@@ -143,7 +143,7 @@
href: cortana-at-work/set-up-and-test-cortana-in-windows-10.md
- name: Cortana at work testing scenarios
href: cortana-at-work/cortana-at-work-testing-scenarios.md
- - name: Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query
+ - name: Test scenario 1 - Sign into Microsoft Entra ID, enable the wake word, and try a voice query
href: cortana-at-work/cortana-at-work-scenario-1.md
- name: Test scenario 2 - Run a Bing search with Cortana
href: cortana-at-work/cortana-at-work-scenario-2.md
@@ -163,7 +163,7 @@
href: cortana-at-work/cortana-at-work-o365.md
- name: Testing scenarios using Cortana in your business or organization
href: cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
- - name: Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query
+ - name: Test scenario 1 - Sign into Microsoft Entra ID, enable the wake word, and try a voice query
href: cortana-at-work/test-scenario-1.md
- name: Test scenario 2 - Run a quick search with Cortana at work
href: cortana-at-work/test-scenario-2.md
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
index 5dc0aa37ec..8cc906cd9f 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
@@ -29,7 +29,7 @@ Your employees can use Cortana to help manage their day and be more productive b
### Before you begin
There are a few things to be aware of before you start using Cortana in Windows 10, versions 1909 and earlier.
-- **Azure Active Directory (Azure AD) account.** Before your employees can use Cortana in your org, they must be logged in using their Azure AD account through Cortana's notebook. They must also authorize Cortana to access Microsoft 365 on their behalf.
+- **Microsoft Entra account.** Before your employees can use Cortana in your org, they must be logged in using their Microsoft Entra account through Cortana's notebook. They must also authorize Cortana to access Microsoft 365 on their behalf.
- **Office 365 Trust Center.** Cortana in Windows 10, version 1909 and earlier, isn't a service governed by the [Online Services Terms](https://www.microsoft.com/en-us/licensing/product-licensing/products). [Learn more about how Cortana in Windows 10, versions 1909 and earlier, treats your data](https://support.microsoft.com/en-us/help/4468233/cortana-and-privacy-microsoft-privacy).
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
index 2f8c615755..9bd3833b21 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
@@ -38,15 +38,17 @@ Cortana requires a PC running Windows 10, version 1703 or later, and the followi
| Software | Minimum version |
|---------|---------|
|Client operating system | - Windows 10, version 2004 (recommended)
- Windows 10, version 1703 (legacy version of Cortana)
For more information on the differences between Cortana in Windows 10, version 2004 and earlier versions, see [**How is my data processed by Cortana**](#how-is-my-data-processed-by-cortana) below. |
-|Azure Active Directory (Azure AD) | While all employees signing into Cortana need an Azure AD account, an Azure AD premium tenant isn't required. |
+|Microsoft Entra ID | While all employees signing into Cortana need a Microsoft Entra account, a Microsoft Entra ID P1 or P2 tenant isn't required. |
|Additional policies (Group Policy and Mobile Device Management (MDM)) |There's a rich set of policies that can be used to manage various aspects of Cortana. Most of these policies will limit the abilities of Cortana but won't turn off Cortana. For example, if you turn **Speech** off, your employees won't be able to use the wake word ("Cortana") for hands-free activation or voice commands to easily ask for help. |
>[!NOTE]
>For Windows 11, Cortana is no longer pinned to the taskbar by default. You can still pin the Cortana app to the taskbar as you would any other app. In addition, the keyboard shortcut that launched Cortana (Win+C) no longer opens Cortana.
-## Signing in using Azure AD
+
-Your organization must have an Azure AD tenant and your employees' devices must all be Azure AD-joined for the best Cortana experience. (Users may also sign into Cortana with a Microsoft account, but won't be able to use their enterprise email or calendar.) For info about what an Azure AD tenant is, how to get your devices joined, and other Azure AD maintenance info, see [Azure Active Directory documentation.](/azure/active-directory/)
+## Signing in using Microsoft Entra ID
+
+Your organization must have a Microsoft Entra tenant and your employees' devices must all be Microsoft Entra joined for the best Cortana experience. (Users may also sign into Cortana with a Microsoft account, but won't be able to use their enterprise email or calendar.) For info about what a Microsoft Entra tenant is, how to get your devices joined, and other Microsoft Entra maintenance info, see [Microsoft Entra documentation.](/azure/active-directory/)
## How is my data processed by Cortana?
@@ -54,7 +56,7 @@ Cortana's approach to integration with Microsoft 365 has changed with Windows 10
### Cortana in Windows 10, version 2004 and later, or Windows 11
-Cortana enterprise services that can be accessed using Azure AD through Cortana meet the same enterprise-level privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/en-us/licensing/product-licensing/products). To learn more, see [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide#what-data-is-processed-by-cortana-in-office-365&preserve-view=true).
+Cortana enterprise services that can be accessed using Microsoft Entra ID through Cortana meet the same enterprise-level privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/en-us/licensing/product-licensing/products). To learn more, see [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide#what-data-is-processed-by-cortana-in-office-365&preserve-view=true).
#### How does Microsoft store, retain, process, and use Customer Data in Cortana?
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
index 8cfe781f37..e0881606c0 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
@@ -72,7 +72,7 @@ For specific info about how to set, manage, and use each of these MDM policies t
- **AllowMicrosoftAccountConnection**
- **Group policy**: None
- **MDM policy CSP**: [Accounts/AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection)
- - **Description**: Specifies whether to allow users to sign in using a Microsoft account (MSA) from Windows apps. If you only want to allow users to sign in with their Azure AD account, then disable this setting.
+ - **Description**: Specifies whether to allow users to sign in using a Microsoft account (MSA) from Windows apps. If you only want to allow users to sign in with their Microsoft Entra account, then disable this setting.
- **Allow search and Cortana to use location**
- **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location`
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
index 421e8959d9..28baf34fab 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
@@ -1,5 +1,5 @@
---
-title: Sign into Azure AD, enable the wake word, and try a voice query
+title: Sign into Microsoft Entra ID, enable the wake word, and try a voice query
description: A test scenario walking you through signing in and managing the notebook.
ms.prod: windows-client
ms.collection: tier3
@@ -13,14 +13,14 @@ ms.date: 12/31/2017
ms.topic: article
---
-# Test scenario 1 – Sign into Azure AD, enable the wake word, and try a voice query
+# Test scenario 1 – Sign into Microsoft Entra ID, enable the wake word, and try a voice query
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
>[!NOTE]
>The wake word has been re-enabled in the latest version of Cortana in Windows. If you're on Windows 10, version 2004, be sure that you've updated to build 19041.329 or later to use the wake word with Cortana. For earlier builds, you can still click on the microphone button to use your voice with Cortana.
-1. Select the **Cortana** icon in the task bar and sign in using your Azure AD account.
+1. Select the **Cortana** icon in the task bar and sign in using your Microsoft Entra account.
2. Select the "…" menu and select **Talking to Cortana**.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
index 6a8fa6528d..9260043d11 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
@@ -19,7 +19,7 @@ ms.technology: itpro-configure
We've come up with a list of suggested testing scenarios that you can use to test Cortana in your organization. After you complete all the scenarios, you should be able to:
-- [Sign into Azure AD, enable the Cortana wake word, and try a voice query](cortana-at-work-scenario-1.md)
+- [Sign into Microsoft Entra ID, enable the Cortana wake word, and try a voice query](cortana-at-work-scenario-1.md)
- [Perform a Bing search with Cortana](cortana-at-work-scenario-2.md)
- [Set a reminder](cortana-at-work-scenario-3.md)
- [Use Cortana to find free time on your calendar](cortana-at-work-scenario-4.md)
diff --git a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
index 01d6c2db85..b9fd7b9023 100644
--- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
+++ b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
@@ -49,4 +49,4 @@ When a user enters a search query (by speech or text), Cortana evaluates if the
Bing Answers is enabled by default for all users. However, admins can configure and change this setting for specific users and user groups in their organization.
## How the Bing Answer policy configuration is applied
-Before a query is sent to Bing for a search of public results from Bing.com, the Bing Answers service checks with the Office Cloud Policy Service to see if there are any policy configurations that pertain to the user for allowing Bing Answers to respond to questions users ask Cortana. If the user is a member of an Azure Active Directory group that is assigned that policy configuration, then the appropriate policy settings are applied and a check is made again in 10 minutes.
+Before a query is sent to Bing for a search of public results from Bing.com, the Bing Answers service checks with the Office Cloud Policy Service to see if there are any policy configurations that pertain to the user for allowing Bing Answers to respond to questions users ask Cortana. If the user is a member of a Microsoft Entra group that is assigned that policy configuration, then the appropriate policy settings are applied and a check is made again in 10 minutes.
diff --git a/windows/configuration/cortana-at-work/test-scenario-1.md b/windows/configuration/cortana-at-work/test-scenario-1.md
index 6f3ffd8173..cd72adceb2 100644
--- a/windows/configuration/cortana-at-work/test-scenario-1.md
+++ b/windows/configuration/cortana-at-work/test-scenario-1.md
@@ -16,11 +16,11 @@ ms.technology: itpro-configure
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
-This scenario turns on Azure AD and lets your employee use Cortana to manage an entry in the notebook.
+This scenario turns on Microsoft Entra ID and lets your employee use Cortana to manage an entry in the notebook.
## Sign in with your work or school account
-This process helps you to sign out of a Microsoft Account and to sign into an Azure AD account.
+This process helps you to sign out of a Microsoft Account and to sign into a Microsoft Entra account.
1. Click on the **Cortana** icon in the taskbar, then click the profile picture in the navigation to open Cortana settings.
diff --git a/windows/configuration/cortana-at-work/test-scenario-4.md b/windows/configuration/cortana-at-work/test-scenario-4.md
index 081ea5877a..206010600b 100644
--- a/windows/configuration/cortana-at-work/test-scenario-4.md
+++ b/windows/configuration/cortana-at-work/test-scenario-4.md
@@ -28,7 +28,7 @@ This scenario helps you search for both general upcoming meetings, and specific
This process helps you find your upcoming meetings.
-1. Check to make sure your work calendar is connected and synchronized with your Azure AD account.
+1. Check to make sure your work calendar is connected and synchronized with your Microsoft Entra account.
2. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
diff --git a/windows/configuration/cortana-at-work/test-scenario-5.md b/windows/configuration/cortana-at-work/test-scenario-5.md
index 17a27dc786..f8dfb7cf8e 100644
--- a/windows/configuration/cortana-at-work/test-scenario-5.md
+++ b/windows/configuration/cortana-at-work/test-scenario-5.md
@@ -25,7 +25,7 @@ This scenario helps you to send an email to a co-worker listed in your work addr
This process helps you to send a quick message to a co-worker from the work address book.
-1. Check to make sure your Microsoft Outlook or mail app is connected and synchronized with your Azure AD account.
+1. Check to make sure your Microsoft Outlook or mail app is connected and synchronized with your Microsoft Entra account.
2. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index 0fdc2d15c1..7dc2ae5f02 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -65,7 +65,7 @@ There are several kiosk configuration methods that you can choose from, dependin
- The kiosk account can be a local standard user account, a local administrator account, a domain account, or an Azure Active Directory (Azure AD) account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use a multi-app kiosk configuration. The single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method.
+ The kiosk account can be a local standard user account, a local administrator account, a domain account, or a Microsoft Entra account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use a multi-app kiosk configuration. The single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method.
>[!IMPORTANT]
@@ -79,9 +79,9 @@ You can use this method | For this edition | For this kiosk account type
--- | --- | ---
[Assigned access in Settings](kiosk-single-app.md#local) | Pro, Ent, Edu | Local standard user
[Assigned access cmdlets](kiosk-single-app.md#powershell) | Pro, Ent, Edu | Local standard user
-[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | Pro (version 1709), Ent, Edu | Local standard user, Active Directory, Azure AD
-[Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md#mdm) | Pro (version 1709), Ent, Edu | Local standard user, Azure AD
-[Shell Launcher](kiosk-shelllauncher.md) v2 | Ent, Edu | Local standard user, Active Directory, Azure AD
+[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | Pro (version 1709), Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
+[Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md#mdm) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID
+[Shell Launcher](kiosk-shelllauncher.md) v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
@@ -89,9 +89,9 @@ You can use this method | For this edition | For this kiosk account type
You can use this method | For this edition | For this kiosk account type
--- | --- | ---
-[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | Ent, Edu | Local standard user, Active Directory, Azure AD
-[Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md#mdm) | Pro (version 1709), Ent, Edu | Local standard user, Azure AD
-[Shell Launcher](kiosk-shelllauncher.md) v1 and v2 | Ent, Edu | Local standard user, Active Directory, Azure AD
+[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
+[Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md#mdm) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID
+[Shell Launcher](kiosk-shelllauncher.md) v1 and v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
@@ -99,9 +99,9 @@ You can use this method | For this edition | For this kiosk account type
You can use this method | For this edition | For this kiosk account type
--- | --- | ---
-[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Active Directory, Azure AD
-[Microsoft Intune or other MDM](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Azure AD
-[MDM WMI Bridge Provider](kiosk-mdm-bridge.md) | Pro, Ent, Edu | Local standard user, Active Directory, Azure AD
+[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
+[Microsoft Intune or other MDM](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Microsoft Entra ID
+[MDM WMI Bridge Provider](kiosk-mdm-bridge.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
## Summary of kiosk configuration methods
@@ -109,11 +109,11 @@ Method | App type | Account type | Single-app kiosk | Multi-app kiosk
--- | --- | --- | :---: | :---:
[Assigned access in Settings](kiosk-single-app.md#local) | UWP | Local account | ✔️ |
[Assigned access cmdlets](kiosk-single-app.md#powershell) | UWP | Local account | ✔️ |
-[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | UWP, Windows desktop app | Local standard user, Active Directory, Azure AD | ✔️ |
-[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Active Directory, Azure AD | ✔️ | ✔️
-Microsoft Intune or other MDM [for full-screen single-app kiosk](kiosk-single-app.md#mdm) or [for multi-app kiosk with desktop](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Azure AD | ✔️ | ✔️
-[Shell Launcher](kiosk-shelllauncher.md) |Windows desktop app | Local standard user, Active Directory, Azure AD | ✔️ |
-[MDM Bridge WMI Provider](kiosk-mdm-bridge.md) | UWP, Windows desktop app | Local standard user, Active Directory, Azure AD | | ✔️
+[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✔️ |
+[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✔️ | ✔️
+Microsoft Intune or other MDM [for full-screen single-app kiosk](kiosk-single-app.md#mdm) or [for multi-app kiosk with desktop](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Microsoft Entra ID | ✔️ | ✔️
+[Shell Launcher](kiosk-shelllauncher.md) |Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✔️ |
+[MDM Bridge WMI Provider](kiosk-mdm-bridge.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | | ✔️
>[!NOTE]
diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md
index 7891caf75d..9e599f8790 100644
--- a/windows/configuration/kiosk-policies.md
+++ b/windows/configuration/kiosk-policies.md
@@ -29,7 +29,7 @@ When the assigned access kiosk configuration is applied on the device, certain p
## Group Policy
-The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. These users include local users, domain users, and Azure Active Directory users.
+The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. These users include local users, domain users, and Microsoft Entra users.
| Setting | Value |
| --- | --- |
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index 0443a3047c..05323a4d02 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -216,7 +216,7 @@ Logs can help you [troubleshoot issues](/troubleshoot/windows-client/shell-exper
You may also want to set up **automatic logon** for your kiosk device. When your kiosk device restarts, from an update or power outage, you can sign in the assigned access account manually. Or, you can configure the device to sign in to the assigned access account automatically. Make sure that Group Policy settings applied to the device don't prevent automatic sign in.
> [!NOTE]
-> If you are using a Windows client device restriction CSP to set "Preferred Azure AD tenant domain", this will break the "User logon type" auto-login feature of the Kiosk profile.
+> If you are using a Windows client device restriction CSP to set "Preferred Microsoft Entra tenant domain", this will break the "User logon type" auto-login feature of the Kiosk profile.
> [!TIP]
> If you use the [kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) or [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) to configure your kiosk, you can set an account to sign in automatically in the wizard or XML.
diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index fc9e86e27c..4bd3071b0d 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -52,7 +52,7 @@ For sample XML configurations for the different app combinations, see [Samples f
>
>- Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell.
-- A domain, Azure Active Directory, or local user account.
+- A domain, Microsoft Entra ID, or local user account.
- A Windows application that is installed for that account. The app can be your own company application or a common app like Internet Explorer.
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index db0f2a955f..e74ea773a1 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -85,7 +85,7 @@ You have several options for configuring your single-app kiosk.
You can use **Settings** to quickly configure one or a few devices as a kiosk.
-When your kiosk is a local device that isn't managed by Active Directory or Azure Active Directory, there is a default setting that enables automatic sign-in after a restart. That means that when the device restarts, the last signed-in user will be signed in automatically. If the last signed-in user is the kiosk account, the kiosk app will be launched automatically after the device restarts.
+When your kiosk is a local device that isn't managed by Active Directory or Microsoft Entra ID, there is a default setting that enables automatic sign-in after a restart. That means that when the device restarts, the last signed-in user will be signed in automatically. If the last signed-in user is the kiosk account, the kiosk app will be launched automatically after the device restarts.
- If you want the kiosk account to sign in automatically, and the kiosk app launched when the device restarts, then you don't need to do anything.
@@ -235,17 +235,17 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
3. Enable account management:
- :::image type="content" source="images/account-management-details.png" alt-text="In Windows Configuration Designer, join Active Directory, Azure AD, or create a local admin account.":::
+ :::image type="content" source="images/account-management-details.png" alt-text="In Windows Configuration Designer, join Active Directory, Microsoft Entra ID, or create a local admin account.":::
If you want to enable account management, select **Account Management**, and configure the following settings:
- **Manage organization/school accounts**: Choose how devices are enrolled. Your options:
- **Active Directory**: Enter the credentials for a least-privileged user account to join the device to the domain.
- - **Azure Active Directory**: Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup). In your Azure AD tenant, the **maximum number of devices per user** setting determines how many times the bulk token in the wizard can be used.
+ - **Microsoft Entra ID**: Before you use a Windows Configuration Designer wizard to configure bulk Microsoft Entra enrollment, [set up Microsoft Entra join in your organization](/azure/active-directory/active-directory-azureadjoin-setup). In your Microsoft Entra tenant, the **maximum number of devices per user** setting determines how many times the bulk token in the wizard can be used.
- If you select this option, enter a friendly name for the bulk token you get using the wizard. Set an expiration date for the token. The maximum is 180 days from the date you get the token. Select **Get bulk token**. In **Let's get you signed in**, enter an account that has permissions to join a device to Azure AD, and then the password. Select **Accept** to give Windows Configuration Designer the necessary permissions.
+ If you select this option, enter a friendly name for the bulk token you get using the wizard. Set an expiration date for the token. The maximum is 180 days from the date you get the token. Select **Get bulk token**. In **Let's get you signed in**, enter an account that has permissions to join a device to Microsoft Entra ID, and then the password. Select **Accept** to give Windows Configuration Designer the necessary permissions.
- You must run Windows Configuration Designer on Windows client to configure Azure AD enrollment using any of the wizards.
+ You must run Windows Configuration Designer on Windows client to configure Microsoft Entra enrollment using any of the wizards.
- **Local administrator**: If you select this option, enter a user name and password. If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password isn't changed during that period, the account might be locked out, and unable to sign in.
@@ -323,7 +323,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
>
>Account type:
> - Local standard user
-> - Azure AD
+> - Microsoft Entra ID
Microsoft Intune and other MDM services enable kiosk configuration through the [AssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/assignedaccess-csp). Assigned Access has a `KioskModeApp` setting. In the `KioskModeApp` setting, you enter the user account name and the [AUMID](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the app to run in kiosk mode.
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 0df2e63128..89f93fc919 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -311,7 +311,7 @@ The following example hides the taskbar:
```
>[!IMPORTANT]
->The kiosk profile is designed for public-facing kiosk devices. We recommend that you use a local, non-administrator account. If the device is connected to your company network, using a domain or Azure Active Directory account could potentially compromise confidential information.
+>The kiosk profile is designed for public-facing kiosk devices. We recommend that you use a local, non-administrator account. If the device is connected to your company network, using a domain or Microsoft Entra account could potentially compromise confidential information.
#### Configs
@@ -322,8 +322,8 @@ The full multi-app assigned access experience can only work for non-admin users.
You can assign:
- [A local standard user account that signs in automatically](#config-for-autologon-account) (Applies to Windows 10, version 1803 only)
-- [An individual account, which can be local, domain, or Azure Active Directory (Azure AD)](#config-for-individual-accounts)
-- [A group account, which can be local, Active Directory (domain), or Azure AD](#config-for-group-accounts) (Applies to Windows 10, version 1803 only).
+- [An individual account, which can be local, domain, or Microsoft Entra ID](#config-for-individual-accounts)
+- [A group account, which can be local, Active Directory (domain), or Microsoft Entra ID](#config-for-group-accounts) (Applies to Windows 10, version 1803 only).
>[!NOTE]
>Configs that specify group accounts cannot use a kiosk profile, only a lockdown profile. If a group is configured to a kiosk profile, the CSP will reject the request.
@@ -365,7 +365,7 @@ Individual accounts are specified using ``.
- Local account can be entered as `machinename\account` or `.\account` or just `account`.
- Domain account should be entered as `domain\account`.
-- Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided _as is_, and consider it's a fixed domain name. Then follow with the Azure AD email address. For example, `AzureAD\someone@contoso.onmicrosoft.com`
+- Microsoft Entra account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided _as is_, and consider it's a fixed domain name. Then follow with the Microsoft Entra ID email address. For example, `AzureAD\someone@contoso.onmicrosoft.com`
>[!WARNING]
>Assigned access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so.
@@ -373,7 +373,7 @@ Individual accounts are specified using ``.
Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail.
>[!NOTE]
->For both domain and Azure AD accounts, it's not required that target account is explicitly added to the device. As long as the device is AD-joined or Azure AD-joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for assigned access.
+>For both domain and Microsoft Entra accounts, it's not required that target account is explicitly added to the device. As long as the device is AD-joined or Microsoft Entra joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for assigned access.
```xml
@@ -388,7 +388,7 @@ Before applying the multi-app configuration, make sure the specified user accoun
Group accounts are specified using ``. Nested groups aren't supported. For example, if user A is member of Group 1, Group 1 is member of Group 2, and Group 2 is used in ``, user A won't have the kiosk experience.
-- Local group: Specify the group type as **LocalGroup** and put the group name in Name attribute. Any Azure AD accounts that are added to the local group won't have the kiosk settings applied.
+- Local group: Specify the group type as **LocalGroup** and put the group name in Name attribute. Any Microsoft Entra accounts that are added to the local group won't have the kiosk settings applied.
```xml
@@ -406,7 +406,7 @@ Group accounts are specified using ``. Nested groups aren't supported
```
-- Azure AD group: Use the group object ID from the Azure portal to uniquely identify the group in the Name attribute. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as **AzureActiveDirectoryGroup**. The kiosk device must have internet connectivity when users that belong to the group sign-in.
+- Microsoft Entra group: Use the group object ID from the Azure portal to uniquely identify the group in the Name attribute. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as **AzureActiveDirectoryGroup**. The kiosk device must have internet connectivity when users that belong to the group sign-in.
```xml
@@ -416,7 +416,7 @@ Group accounts are specified using ``. Nested groups aren't supported
```
>[!NOTE]
- >If an Azure AD group is configured with a lockdown profile on a device, a user in the Azure AD group must change their password (after the account has been created with default password on the portal) before they can sign in to this device. If the user uses the default password to sign in to the device, the user will be immediately signed out.
+ >If a Microsoft Entra group is configured with a lockdown profile on a device, a user in the Microsoft Entra group must change their password (after the account has been created with default password on the portal) before they can sign in to this device. If the user uses the default password to sign in to the device, the user will be immediately signed out.
@@ -588,7 +588,7 @@ When the multi-app assigned access configuration is applied on the device, certa
### Group policy
-The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. This list includes local users, domain users, and Azure Active Directory users.
+The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. This list includes local users, domain users, and Microsoft Entra users.
| Setting | Value |
| --- | --- |
diff --git a/windows/configuration/lock-down-windows-11-to-specific-apps.md b/windows/configuration/lock-down-windows-11-to-specific-apps.md
index 80c498eb6e..b2c6c66985 100644
--- a/windows/configuration/lock-down-windows-11-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-11-to-specific-apps.md
@@ -203,7 +203,7 @@ The following example hides the taskbar:
```
> [!IMPORTANT]
-> The kiosk profile is designed for public-facing kiosk devices. We recommend that you use a local, non-administrator account. If the device is connected to your company network, using a domain or Azure Active Directory account could potentially compromise confidential information.
+> The kiosk profile is designed for public-facing kiosk devices. We recommend that you use a local, non-administrator account. If the device is connected to your company network, using a domain or Microsoft Entra account could potentially compromise confidential information.
#### Configs
@@ -214,8 +214,8 @@ The full multi-app assigned access experience can only work for non-admin users.
You can assign:
- [A local standard user account that signs in automatically](#config-for-autologon-account) (Applies to Windows 10, version 1803 only)
-- [An individual account, which can be local, domain, or Azure Active Directory (Azure AD)](#config-for-individual-accounts)
-- [A group account, which can be local, Active Directory (domain), or Azure AD](#config-for-group-accounts) (Applies to Windows 10, version 1803 only).
+- [An individual account, which can be local, domain, or Microsoft Entra ID](#config-for-individual-accounts)
+- [A group account, which can be local, Active Directory (domain), or Microsoft Entra ID](#config-for-group-accounts) (Applies to Windows 10, version 1803 only).
> [!NOTE]
> Configs that specify group accounts cannot use a kiosk profile, only a lockdown profile. If a group is configured to a kiosk profile, the CSP will reject the request.
@@ -257,7 +257,7 @@ Individual accounts are specified using ``.
- Local account can be entered as `machinename\account` or `.\account` or just `account`.
- Domain account should be entered as `domain\account`.
-- Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided _as is_, and consider it's a fixed domain name. Then follow with the Azure AD email address. For example, `AzureAD\someone@contoso.onmicrosoft.com`
+- Microsoft Entra account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided _as is_, and consider it's a fixed domain name. Then follow with the Microsoft Entra ID email address. For example, `AzureAD\someone@contoso.onmicrosoft.com`
> [!WARNING]
> Assigned access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so.
@@ -265,7 +265,7 @@ Individual accounts are specified using ``.
Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail.
> [!NOTE]
-> For both domain and Azure AD accounts, it's not required that target account is explicitly added to the device. As long as the device is AD-joined or Azure AD-joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for assigned access.
+> For both domain and Microsoft Entra accounts, it's not required that target account is explicitly added to the device. As long as the device is AD-joined or Microsoft Entra joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for assigned access.
```xml
@@ -280,7 +280,7 @@ Before applying the multi-app configuration, make sure the specified user accoun
Group accounts are specified using ``. Nested groups aren't supported. For example, if user A is member of Group 1, Group 1 is member of Group 2, and Group 2 is used in ``, user A won't have the kiosk experience.
-- Local group: Specify the group type as **LocalGroup** and put the group name in Name attribute. Any Azure AD accounts that are added to the local group won't have the kiosk settings applied.
+- Local group: Specify the group type as **LocalGroup** and put the group name in Name attribute. Any Microsoft Entra accounts that are added to the local group won't have the kiosk settings applied.
```xml
@@ -298,7 +298,7 @@ Group accounts are specified using ``. Nested groups aren't supported
```
-- Azure AD group: Use the group object ID from the Azure portal to uniquely identify the group in the Name attribute. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as **AzureActiveDirectoryGroup**. The kiosk device must have internet connectivity when users that belong to the group sign-in.
+- Microsoft Entra group: Use the group object ID from the Azure portal to uniquely identify the group in the Name attribute. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as **AzureActiveDirectoryGroup**. The kiosk device must have internet connectivity when users that belong to the group sign-in.
```xml
@@ -308,7 +308,7 @@ Group accounts are specified using ``. Nested groups aren't supported
```
> [!NOTE]
- > If an Azure AD group is configured with a lockdown profile on a device, a user in the Azure AD group must change their password (after the account has been created with default password on the portal) before they can sign in to this device. If the user uses the default password to sign in to the device, the user will be immediately signed out.
+ > If a Microsoft Entra group is configured with a lockdown profile on a device, a user in the Microsoft Entra group must change their password (after the account has been created with default password on the portal) before they can sign in to this device. If the user uses the default password to sign in to the device, the user will be immediately signed out.
diff --git a/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md b/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md
index b3207522a4..5a71baac61 100644
--- a/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md
@@ -22,9 +22,11 @@ When applying a provisioning package (PPKG) containing power settings, elevated
To apply the power settings successfully with the [correct security context](/windows/win32/services/localsystem-account), place the PPKG in `%WINDIR%/Provisioning/Packages` directory, and reboot the device. For more information, see [Configure power settings](/windows-hardware/customize/power-settings/configure-power-settings).
-## Unable to perform bulk enrollment in Azure AD
+
-When [enrolling devices into Azure AD using provisioning packages](https://techcommunity.microsoft.com/t5/intune-customer-success/bulk-join-a-windows-device-to-azure-ad-and-microsoft-endpoint/ba-p/2381400), the bulk token request will be rejected, if the user requesting a bulk token is not authorized to grant application consent. For more information, see [Configure how users consent to applications](/azure/active-directory/manage-apps/configure-user-consent).
+## Unable to perform bulk enrollment in Microsoft Entra ID
+
+When [enrolling devices into Microsoft Entra ID using provisioning packages](https://techcommunity.microsoft.com/t5/intune-customer-success/bulk-join-a-windows-device-to-azure-ad-and-microsoft-endpoint/ba-p/2381400), the bulk token request will be rejected, if the user requesting a bulk token is not authorized to grant application consent. For more information, see [Configure how users consent to applications](/azure/active-directory/manage-apps/configure-user-consent).
> [!NOTE]
> When obtaining the bulk token, you should select "No, sign in to this app only" when prompted for authentication. If you select "OK" instead without also selecting "Allow my organization to manage my device", the bulk token request may be rejected.
diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
index 4ea1962aa4..46ddabb9da 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
@@ -44,12 +44,12 @@ The desktop wizard helps you configure the following settings in a provisioning
- Configure the device for shared use
- Remove pre-installed software
- Configure Wi-Fi network
-- Enroll device in Active Directory or Azure Active Directory
+- Enroll device in Active Directory or Microsoft Entra ID
- Create local administrator account
- Add applications and certificates
>[!WARNING]
->You must run Windows Configuration Designer on Windows client to configure Azure Active Directory enrollment using any of the wizards.
+>You must run Windows Configuration Designer on Windows client to configure Microsoft Entra enrollment using any of the wizards.
Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more.
@@ -100,17 +100,17 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
3. Enable account management:
- :::image type="content" source="../images/account-management-details.png" alt-text="In Windows Configuration Designer, join Active Directory, Azure AD, or create a local admin account.":::
+ :::image type="content" source="../images/account-management-details.png" alt-text="In Windows Configuration Designer, join Active Directory, Microsoft Entra ID, or create a local admin account.":::
If you want to enable account management, select **Account Management**, and configure the following settings:
- **Manage organization/school accounts**: Choose how devices are enrolled. Your options:
- **Active Directory**: Enter the credentials for a least-privileged user account to join the device to the domain.
- - **Azure Active Directory**: Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup). In your Azure AD tenant, the **maximum number of devices per user** setting determines how many times the bulk token in the wizard can be used.
+ - **Microsoft Entra ID**: Before you use a Windows Configuration Designer wizard to configure bulk Microsoft Entra enrollment, [set up Microsoft Entra join in your organization](/azure/active-directory/active-directory-azureadjoin-setup). In your Microsoft Entra tenant, the **maximum number of devices per user** setting determines how many times the bulk token in the wizard can be used.
- If you select this option, enter a friendly name for the bulk token you get using the wizard. Set an expiration date for the token. The maximum is 180 days from the date you get the token. Select **Get bulk token**. In **Let's get you signed in**, enter an account that has permissions to join a device to Azure AD, and then the password. Select **Accept** to give Windows Configuration Designer the necessary permissions.
+ If you select this option, enter a friendly name for the bulk token you get using the wizard. Set an expiration date for the token. The maximum is 180 days from the date you get the token. Select **Get bulk token**. In **Let's get you signed in**, enter an account that has permissions to join a device to Microsoft Entra ID, and then the password. Select **Accept** to give Windows Configuration Designer the necessary permissions.
- You must run Windows Configuration Designer on Windows client to configure Azure AD enrollment using any of the wizards.
+ You must run Windows Configuration Designer on Windows client to configure Microsoft Entra enrollment using any of the wizards.
- **Local administrator**: If you select this option, enter a user name and password. If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password isn't changed during that period, the account might be locked out, and unable to sign in.
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index e92747be63..22b8f9ad65 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -47,7 +47,7 @@ Windows Configuration Designer can create provisioning packages for Windows clie
- Windows Server 2008 R2
>[!WARNING]
->You must run Windows Configuration Designer on Windows client to configure Azure Active Directory enrollment using any of the wizards.
+>You must run Windows Configuration Designer on Windows client to configure Microsoft Entra enrollment using any of the wizards.
## Install Windows Configuration Designer
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index a778b86f70..96dce6d256 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -73,8 +73,8 @@ The following table describes settings that you can configure using the wizards
| --- | --- | --- | --- | --- |
| Set up device | Assign device name, enter product key to upgrade Windows, configure shared use, remove pre-installed software | ✔️ | ✔️ | ✔️ |
| Set up network | Connect to a Wi-Fi network | ✔️ | ✔️ | ✔️ |
-| Account management | Enroll device in Active Directory, enroll device in Azure Active Directory, or create a local administrator account | ✔️ | ✔️ | ✔️ |
-| Bulk Enrollment in Azure AD | Enroll device in Azure Active Directory using Bulk Token [Set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Azure AD enrollment. | ✔️ | ✔️ | ✔️ |
+| Account management | Enroll device in Active Directory, enroll device in Microsoft Entra ID, or create a local administrator account | ✔️ | ✔️ | ✔️ |
+| Bulk Enrollment in Microsoft Entra ID | Enroll device in Microsoft Entra ID using Bulk Token [Set up Microsoft Entra join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Microsoft Entra enrollment. | ✔️ | ✔️ | ✔️ |
| Add applications | Install applications using the provisioning package. | ✔️ | ✔️ | ❌ |
| Add certificates | Include a certificate file in the provisioning package. | ✔️ | ✔️ | ✔️ |
| Configure kiosk account and app | Create local account to run the kiosk mode app, specify the app to run in kiosk mode | ❌ | ✔️ | ❌ |
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index 41f4968fe9..c8ef487740 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -105,7 +105,7 @@ For more information, see [Using PowerShell scripting with the WMI Bridge Provid
## Guidance for accounts on shared PCs
-- When a device is configured in *shared PC mode* with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign out.
+- When a device is configured in *shared PC mode* with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Microsoft Entra ID and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign out.
- Local accounts that already exist on a PC won't be deleted when turning on shared PC mode. New local accounts that are created using **Settings > Accounts > Other people > Add someone else to this PC** after shared PC mode is turned on won't be deleted. However, any new guest accounts created by the **Guest** and **Kiosk** options on the sign-in screen (if enabled) will automatically be deleted at sign out. To set a general policy on all local accounts, you can configure the following local Group Policy setting: **Computer Configuration** > **Administrative Templates** > **System** > **User Profiles**: **Delete User Profiles Older Than A Specified Number Of Days On System Restart**.
@@ -150,4 +150,4 @@ To troubleshoot Shared PC, you can use the following tools:
[UWP-1]: /uwp/api/windows.system.profile.sharedmodesettings
[UWP-2]: /uwp/api/windows.system.profile.educationsettings
-[UWP-3]: /uwp/api/windows.system.profile.sharedmodesettings.shouldavoidlocalstorage
\ No newline at end of file
+[UWP-3]: /uwp/api/windows.system.profile.sharedmodesettings.shouldavoidlocalstorage
diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md
index 1678247efe..20e2c8f6fc 100644
--- a/windows/configuration/wcd/wcd-accounts.md
+++ b/windows/configuration/wcd/wcd-accounts.md
@@ -15,7 +15,7 @@ ms.technology: itpro-configure
# Accounts (Windows Configuration Designer reference)
-Use these settings to join a device to an Active Directory domain or an Azure Active Directory tenant, or to add local user accounts to the device.
+Use these settings to join a device to an Active Directory domain or a Microsoft Entra tenant, or to add local user accounts to the device.
## Applies to
@@ -28,7 +28,7 @@ Use these settings to join a device to an Active Directory domain or an Azure Ac
## Azure
-The **Azure > Authority** and **Azure > BPRT** settings for bulk Azure Active Directory (Azure AD) enrollment can only be configured using one of the provisioning wizards. After you get a bulk token for Azure AD enrollment in a wizard, you can switch to the advanced editor to configure more provisioning settings. For information about using the wizards, see:
+The **Azure > Authority** and **Azure > BPRT** settings for bulk Microsoft Entra enrollment can only be configured using one of the provisioning wizards. After you get a bulk token for Microsoft Entra enrollment in a wizard, you can switch to the advanced editor to configure more provisioning settings. For information about using the wizards, see:
- [Instructions for desktop wizard](../provisioning-packages/provision-pcs-for-initial-deployment.md)
- [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md
index fbfb42be13..9bff17847b 100644
--- a/windows/configuration/wcd/wcd-sharedpc.md
+++ b/windows/configuration/wcd/wcd-sharedpc.md
@@ -29,7 +29,7 @@ Use these settings to configure settings for accounts allowed on the shared PC.
| Setting | Value | Description |
| --- | --- | --- |
-| AccountModel | - Only guest- Domain-joined only- Domain-joined and guest | This option controls how users can sign in on the PC. Choosing domain-joined will enable any user in the domain to sign in. Specifying the guest option will add the Guest option to the sign in screen and enable anonymous guest access to the PC. - Only guest allows anyone to use the PC as a local standard (non-admin) account.- Domain-joined only allows users to sign in with an Active Directory or Azure AD account.- Domain-joined and guest allows users to sign in with an Active Directory, Azure AD, or local standard account. |
+| AccountModel | - Only guest- Domain-joined only- Domain-joined and guest | This option controls how users can sign in on the PC. Choosing domain-joined will enable any user in the domain to sign in. Specifying the guest option will add the Guest option to the sign in screen and enable anonymous guest access to the PC. - Only guest allows anyone to use the PC as a local standard (non-admin) account.- Domain-joined only allows users to sign in with an Active Directory or Microsoft Entra account.- Domain-joined and guest allows users to sign in with an Active Directory, Microsoft Entra ID, or local standard account. |
| DeletionPolicy | - Delete immediately - Delete at disk space threshold- Delete at disk space threshold and inactive threshold | - **Delete immediately** deletes the account on sign out.- **Delete at disk space threshold** starts deleting accounts when available disk space falls below the threshold you set for `DiskLevelDeletion`. It stops deleting accounts when the available disk space reaches the threshold you set for `DiskLevelCaching`. Accounts are deleted in order of oldest accessed to most recently accessed.- **Delete at disk space threshold and inactive threshold** applies the same disk space checks as noted above. It also deletes accounts if they haven't signed in within the number of days in `InactiveThreshold`. |
| DiskLevelCaching | A number between 0 and 100 | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account caching. |
| DiskLevelDeletion | A number between 0 and 100 | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account deletion. |
diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md
index 2fd7a6d426..d5071fb0e0 100644
--- a/windows/configuration/wcd/wcd-takeatest.md
+++ b/windows/configuration/wcd/wcd-takeatest.md
@@ -43,7 +43,7 @@ When set to True, students can print in the Take A Test app.
Enter the account to use when taking a test.
-To specify a domain account, enter **domain\user**. To specify an Azure AD account, enter `username@tenant.com`. To specify a local account, enter the username.
+To specify a domain account, enter **domain\user**. To specify a Microsoft Entra account, enter `username@tenant.com`. To specify a local account, enter the username.
## Related articles
diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md
index d5e531d913..f2ae2c2447 100644
--- a/windows/configuration/wcd/wcd-windowsteamsettings.md
+++ b/windows/configuration/wcd/wcd-windowsteamsettings.md
@@ -45,10 +45,10 @@ A device account is a Microsoft Exchange account that's connected with Skype for
| Email | Email address | Email address of the device account. |
| ExchangeServer | Exchange Server | Normally, the device will try to automatically discover the Exchange server. This field is only required if automatic discovery fails. |
| Password | Password | Password for the device account. |
-| PasswordRotationEnabled | 0 = enabled1 = disabled | Specifies whether automatic password rotation is enabled. If you enforce a password expiration policy on the device account, then use this setting to allow the device to manage its own password. It can change the password frequently, without requiring you to manually update the account information when the password expires. You can reset the password at any time using Active Directory or Azure AD. |
+| PasswordRotationEnabled | 0 = enabled1 = disabled | Specifies whether automatic password rotation is enabled. If you enforce a password expiration policy on the device account, then use this setting to allow the device to manage its own password. It can change the password frequently, without requiring you to manually update the account information when the password expires. You can reset the password at any time using Active Directory or Microsoft Entra ID. |
| SipAddress | Session Initiation Protocol (SIP) address | Normally, the device will try to automatically discover the SIP. This field is only required if automatic discovery fails. |
| UserName | User name | Username of the device account when using Active Directory. |
-| UserPrincipalName | User principal name (UPN) | To use a device account from Azure Active Directory or a hybrid deployment, you should specify the UPN of the device account. |
+| UserPrincipalName | User principal name (UPN) | To use a device account from Microsoft Entra ID or a hybrid deployment, you should specify the UPN of the device account. |
| ValidateAndCommit | Any text | Validates the data provided and then commits the changes. This process occurs automatically after the other DeviceAccount settings are applied. The text you enter for the ValidateAndCommit setting doesn't matter. |
## Dot3