Update how-to-connect-sso-faq.yml#1955
Conversation
Updated invalid encoding on words with apostrophes. Replacing ` with ' for better readability
|
@microsoft-github-policy-service agree |
|
@ARL-DW : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
prmerger-automator
Bot
added
Change sent to author
entra-id/svc
hybrid-connect/subsvc
labels
|
Learn Build status updates of commit d9f39ca:
|
| File | Status | Preview URL | Details |
|---|---|---|---|
| docs/identity/hybrid/connect/how-to-connect-sso-faq.yml | Details |
docs/identity/hybrid/connect/how-to-connect-sso-faq.yml
- Line 146, Column 319: [Warning: disallowed-html-tag - See documentation]
HTML tag 'fqdn' isn't allowed. Replace it with approved Markdown or escape the brackets if the content is a placeholder.
For more details, please refer to the build report.
Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.
|
Learn Build status updates of commit ddaffce:
|
| File | Status | Preview URL | Details |
|---|---|---|---|
| docs/identity/hybrid/connect/how-to-connect-sso-faq.yml | Details |
docs/identity/hybrid/connect/how-to-connect-sso-faq.yml
- Line 146, Column 319: [Warning: disallowed-html-tag - See documentation]
HTML tag 'value' isn't allowed. Replace it with approved Markdown or escape the brackets if the content is a placeholder.
For more details, please refer to the build report.
Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.
|
Learn Build status updates of commit 31f832e:
|
| File | Status | Preview URL | Details |
|---|---|---|---|
| docs/identity/hybrid/connect/how-to-connect-sso-faq.yml | Details |
docs/identity/hybrid/connect/how-to-connect-sso-faq.yml
- Line 146, Column 319: [Warning: disallowed-html-tag - See documentation]
HTML tag 'fqdn' isn't allowed. Replace it with approved Markdown or escape the brackets if the content is a placeholder.
For more details, please refer to the build report.
Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.
|
Learn Build status updates of commit a0ec8f8: ✅ Validation status: passed
For more details, please refer to the build report. |
PRMerger Results
|
|
Can you review the proposed changes? IMPORTANT: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
There was a problem hiding this comment.
Pull request overview
This PR updates the Seamless SSO FAQ content to replace backtick-wrapped inline text with apostrophes/single quotes, aiming to address readability/encoding concerns around apostrophes.
Changes:
- Replaced many inline-code backticks (for parameters, attributes, account names, and PowerShell cmdlets) with single quotes.
- Updated several command/path examples and one placeholder (
<fqdn>) representation.
|
|
||
| - question: | | ||
| What applications take advantage of `domain_hint` or `login_hint` parameter capability of Seamless SSO? | ||
| What applications take advantage of 'domain_hint' or 'login_hint' parameter capability of Seamless SSO? |
There was a problem hiding this comment.
Use inline code formatting (backticks) for parameter names like domain_hint/login_hint; single quotes remove code styling and diverge from existing docs conventions (for example, how-to-connect-sso.md uses backticks for these parameters).
| What applications take advantage of 'domain_hint' or 'login_hint' parameter capability of Seamless SSO? | |
| What applications take advantage of `domain_hint` or `login_hint` parameter capability of Seamless SSO? |
| How can I roll over the Kerberos decryption key of the 'AZUREADSSO' computer account? | ||
| answer: | | ||
| It's important to frequently roll over the Kerberos decryption key of the `AZUREADSSO` computer account (which represents Microsoft Entra ID) created in your on-premises AD forest. | ||
| It's important to frequently roll over the Kerberos decryption key of the 'AZUREADSSO' computer account (which represents Microsoft Entra ID) created in your on-premises AD forest. | ||
|
|
||
| >[!IMPORTANT] | ||
| >We highly recommend that you roll over the Kerberos decryption key at least every **30 days** using the `Update-AzureADSSOForest` cmdlet. When using the `Update-AzureADSSOForest` cmdlet, ensure that you *don't* run the `Update-AzureADSSOForest` command more than once per forest. Otherwise, the feature stops working until the time your users' Kerberos tickets expire and are reissued by your on-premises Active Directory. | ||
| >We highly recommend that you roll over the Kerberos decryption key at least every **30 days** using the 'Update-AzureADSSOForest' cmdlet. When using the 'Update-AzureADSSOForest' cmdlet, ensure that you *don't* run the 'Update-AzureADSSOForest' command more than once per forest. Otherwise, the feature stops working until the time your users' Kerberos tickets expire and are reissued by your on-premises Active Directory. |
There was a problem hiding this comment.
Use backticks for the computer account name (AZUREADSSO) and cmdlet name (Update-AzureADSSOForest). Single quotes drop the usual command/identifier styling and reduce scanability in a procedural FAQ.
| 1. Navigate to the '$env:programfiles"\Microsoft Azure Active Directory Connect"' folder. | ||
| 2. Import the Seamless SSO PowerShell module using this command: 'Import-Module .\AzureADSSO.psd1'. |
There was a problem hiding this comment.
The path shown as $env:programfiles"\Microsoft Azure Active Directory Connect" isn't valid PowerShell syntax. Consider showing it as a proper expandable string (for example, "$env:ProgramFiles\Microsoft Azure Active Directory Connect") or via Join-Path, and keep it in backticks for code formatting.
| 1. Navigate to the '$env:programfiles"\Microsoft Azure Active Directory Connect"' folder. | |
| 2. Import the Seamless SSO PowerShell module using this command: 'Import-Module .\AzureADSSO.psd1'. | |
| 1. Navigate to the `"$env:ProgramFiles\Microsoft Azure Active Directory Connect"` folder. | |
| 2. Import the Seamless SSO PowerShell module using this command: `Import-Module .\AzureADSSO.psd1`. |
| >The domain administrator account used must not be a member of the Protected Users group. If so, the operation fails. | ||
|
|
||
| 2. Call `Update-AzureADSSOForest -OnPremCredentials $creds`. This command updates the Kerberos decryption key for the `AZUREADSSO` computer account in this specific AD forest and updates it in Microsoft Entra ID. | ||
| 2. Call 'Update-AzureADSSOForest -OnPremCredentials $creds'. This command updates the Kerberos decryption key for the 'AZUREADSSO' computer account in this specific AD forest and updates it in Microsoft Entra ID. |
There was a problem hiding this comment.
The cmdlet call Update-AzureADSSOForest -OnPremCredentials $creds and the AZUREADSSO account name should be inline code (backticks). Using single quotes removes the standard command/identifier styling and makes the command harder to copy correctly.
| 1. Navigate to the '$env:ProgramFiles"\Microsoft Azure Active Directory Connect"' folder. | ||
| 2. Import the Seamless SSO PowerShell module using this command: 'Import-Module .\AzureADSSO.psd1'. | ||
| 3. Run PowerShell as an Administrator. In PowerShell, call 'New-AzureADSSOAuthenticationContext'. This command should give you a popup to enter your tenant's Hybrid Identity Administrator credentials. |
There was a problem hiding this comment.
The Option B steps show $env:ProgramFiles"\Microsoft Azure Active Directory Connect" which isn't valid PowerShell syntax as written. Prefer an expandable string (for example, "$env:ProgramFiles\Microsoft Azure Active Directory Connect") or Join-Path, and keep module/cmdlet invocations in backticks rather than single quotes.
| Does Seamless SSO support 'Alternate ID' as the username, instead of 'userPrincipalName'? | ||
| answer: | | ||
| Yes. Seamless SSO supports `Alternate ID` as the username when configured in Microsoft Entra Connect as shown [here](how-to-connect-install-custom.md). Not all Microsoft 365 applications support `Alternate ID`. Refer to the specific application's documentation for the support statement. | ||
| Yes. Seamless SSO supports 'Alternate ID' as the username when configured in Microsoft Entra Connect as shown [here](how-to-connect-install-custom.md). Not all Microsoft 365 applications support 'Alternate ID'. Refer to the specific application's documentation for the support statement. |
There was a problem hiding this comment.
Use inline code formatting (backticks) for identifiers like Alternate ID and userPrincipalName. Replacing backticks with single quotes removes monospace formatting and makes these look like prose rather than attribute names.
| Yes. Seamless SSO supports 'Alternate ID' as the username when configured in Microsoft Entra Connect as shown [here](how-to-connect-install-custom.md). Not all Microsoft 365 applications support 'Alternate ID'. Refer to the specific application's documentation for the support statement. | |
| Yes. Seamless SSO supports `Alternate ID` as the username when configured in Microsoft Entra Connect as shown [here](how-to-connect-install-custom.md). Not all Microsoft 365 applications support `Alternate ID`. Refer to the specific application's documentation for the support statement. |
| **Step 2. Update the Kerberos decryption key on each AD forest that it was set up on** | ||
|
|
||
| 1. Call `$creds = Get-Credential`. When prompted, enter the Domain Administrator credentials for the intended AD forest. | ||
| 1. Call '$creds = Get-Credential'. When prompted, enter the Domain Administrator credentials for the intended AD forest. |
There was a problem hiding this comment.
Commands like $creds = Get-Credential are currently wrapped in single quotes; these should be formatted as inline code (backticks) so they render as commands rather than quoted text.
| 4. Call 'Enable-AzureADSSO -Enable $false'. | ||
|
|
||
| At this point Seamless SSO is disabled but the domains remain configured in case you would like to enable Seamless SSO back. If you would like to remove the domains from Seamless SSO configuration completely, call the following cmdlet after you completed step 5 above: `Disable-AzureADSSOForest -DomainFqdn <fqdn>`. | ||
| At this point Seamless SSO is disabled but the domains remain configured in case you would like to enable Seamless SSO back. If you would like to remove the domains from Seamless SSO configuration completely, call the following cmdlet after you completed step 5 above: Disable-AzureADSSOForest -DomainFqdn "<fqdn>" |
There was a problem hiding this comment.
The Disable-AzureADSSOForest example lost inline code formatting and now contains an HTML-escaped placeholder ("<fqdn>") which will render incorrectly and is harder to copy. Use backticks and a literal placeholder. Also, this sentence references "step 5" even though Option B has 4 steps here—please correct the step reference.
| At this point Seamless SSO is disabled but the domains remain configured in case you would like to enable Seamless SSO back. If you would like to remove the domains from Seamless SSO configuration completely, call the following cmdlet after you completed step 5 above: Disable-AzureADSSOForest -DomainFqdn "<fqdn>" | |
| At this point Seamless SSO is disabled but the domains remain configured in case you would like to enable Seamless SSO back. If you would like to remove the domains from Seamless SSO configuration completely, call the following cmdlet after you complete step 4 above: `Disable-AzureADSSOForest -DomainFqdn "<fqdn>"` |
| 1. Navigate to the '$env:ProgramFiles"\Microsoft Azure Active Directory Connect"' folder. | ||
| 2. Import the Seamless SSO PowerShell module using this command: 'Import-Module .\AzureADSSO.psd1'. | ||
| 3. Run PowerShell as an Administrator. In PowerShell, call 'New-AzureADSSOAuthenticationContext'. This command should give you a popup to enter your tenant's Hybrid Identity Administrator credentials. | ||
| 4. Call 'Get-AzureADSSOStatus | ConvertFrom-Json'. This command provides you with the list of AD forests (look at the "Domains" list) on which this feature has been enabled. |
There was a problem hiding this comment.
These steps again show $env:ProgramFiles"\Microsoft Azure Active Directory Connect" (invalid PowerShell syntax) and wrap commands in single quotes. Please use a valid PowerShell path expression and format commands/identifiers as inline code (backticks).
Updated invalid encoding on words with apostrophes.
Replacing ` with ' for better readability