[ZT] Rename Azure AD to Entra ID (#16997)

public/_redirects

@@ -1529,6 +1529,7 @@
 /cloudflare-one/analytics/access/ /cloudflare-one/insights/analytics/access/ 301
 /cloudflare-one/analytics/gateway/ /cloudflare-one/insights/analytics/gateway/ 301
 /cloudflare-one/analytics/users/ /cloudflare-one/insights/logs/users/ 301
+/cloudflare-one/api-terraform/access-api-examples/azure-group/ /cloudflare-one/api-terraform/access-api-examples/entra-group/ 301
 /cloudflare-one/applications/non-http/arbitrary-tcp/ /cloudflare-one/applications/non-http/cloudflared-authentication/arbitrary-tcp/ 301
 /cloudflare-one/connections/connect-apps/configuration/ /cloudflare-one/connections/connect-networks/configure-tunnels/ 301
 /cloudflare-one/connections/connect-apps/install-and-setup/setup/ /cloudflare-one/connections/connect-networks/get-started/ 301
@@ -1607,6 +1608,7 @@
 /cloudflare-one/identity/devices/require-gateway/ /cloudflare-one/identity/devices/warp-client-checks/require-gateway/ 301
 /cloudflare-one/identity/devices/require-warp/ /cloudflare-one/identity/devices/warp-client-checks/require-warp/ 301
 /cloudflare-one/identity/devices/sentinel-one/ /cloudflare-one/identity/devices/warp-client-checks/sentinel-one/ 301
+/cloudflare-one/identity/idp-integration/azuread/ /cloudflare-one/identity/entra-id/ 301
 /cloudflare-one/identity/idp-integration/one-time-pin/ /cloudflare-one/identity/one-time-pin/ 301
 /cloudflare-one/identity/idp-integration/saml-centrify/ /cloudflare-one/identity/idp-integration/centrify-saml/ 301
 /cloudflare-one/identity/idp-integration/ping-saml/ /cloudflare-one/identity/idp-integration/pingfederate-saml/ 301
@@ -1636,6 +1638,8 @@
 /support/traffic/argo-tunnel/ /cloudflare-one/connections/connect-networks/ 301
 /support/traffic/argo-tunnel/exposing-applications-running-on-microsoft-azure-with-cloudflare-argo-tunnel/ /cloudflare-one/connections/connect-apps/deployment-guides/azure/ 301
 /cloudflare-docs/content/cloudflare-one/tutorials/area-1/ /cloudflare-one/applications/configure-apps/saas-apps/area-1/ 301
+/cloudflare-docs/content/cloudflare-one/tutorials/azuread-conditional-access/ /cloudflare-docs/content/cloudflare-one/tutorials/entra-id-conditional-access/ 301
+/cloudflare-docs/content/cloudflare-one/tutorials/azuread-risky-users/ /cloudflare-docs/content/cloudflare-one/tutorials/entra-id-risky-users/ 301
 /cloudflare-one/tutorials/zendesk-sso-saas/ /cloudflare-one/applications/configure-apps/saas-apps/zendesk-sso-saas/ 301
 /cloudflare-one/tutorials/docusign-access/ /cloudflare-one/applications/configure-apps/saas-apps/docusign-access/ 301
 /cloudflare-one/tutorials/hubspot-saas/ /cloudflare-one/applications/configure-apps/saas-apps/hubspot-saas/ 301

src/content/docs/cloudflare-one/api-terraform/access-api-examples/entra-group.mdx

@@ -0,0 +1,22 @@
+---
+type: example
+summary: Allow members of a Microsoft Entra group. The ID is the group UUID (`id`) in Microsoft Entra ID.
+tags:
+  - Microsoft Entra Group
+title: Microsoft Entra Group
+pcx_content_type: example
+sidebar:
+  order: 4
+description: Allow members of a Microsoft Entra group. The ID is the group UUID (`id`) in Microsoft Entra ID.
+---
+
+Allow members of a Microsoft Entra group. The ID is the group UUID (`id`) in Microsoft Entra ID:
+
+```json
+{
+	"azureAD": {
+		"id": "86773093-5feb-48dd-814b-7ccd3676ff50",
+		"identity_provider_id": "ca298b82-93b5-41bf-bc2d-10493f09b761"
+	}
+}
+```

src/content/docs/cloudflare-one/api-terraform/access-api-examples/github-org.mdx

@@ -2,20 +2,19 @@
 type: example
 summary: Allow members of a specific GitHub organization.
 tags:
-  - GitHub™ Organization
+  - GitHub Organization
 title: GitHub™ Organization
 pcx_content_type: example
 sidebar:
   order: 4
 description: Allow members of a specific GitHub organization.
-
 ---
 
 ```json
 {
-  "github-organization": {
-    "name": "cloudflare",
-    "identity_provider_id": "ca298b82-93b5-41bf-bc2d-10493f09b761"
-  }
+	"github-organization": {
+		"name": "cloudflare",
+		"identity_provider_id": "ca298b82-93b5-41bf-bc2d-10493f09b761"
+	}
 }
 ```

src/content/docs/cloudflare-one/api-terraform/access-api-examples/gsuite-group.mdx

@@ -2,20 +2,19 @@
 type: example
 summary: Allow members of a specific G Suite group.
 tags:
-  - G Suite® Group
-title: G Suite® Group
+  - G Suite Group
+title: G Suite Group
 pcx_content_type: example
 sidebar:
   order: 4
 description: Allow members of a specific G Suite group.
-
 ---
 
 ```json
 {
-  "gsuite": {
-    "email": "admins@mycompanygsuite.com",
-    "identity_provider_id": "ca298b82-93b5-41bf-bc2d-10493f09b761"
-  }
+	"gsuite": {
+		"email": "admins@mycompanygsuite.com",
+		"identity_provider_id": "ca298b82-93b5-41bf-bc2d-10493f09b761"
+	}
 }
 ```

src/content/docs/cloudflare-one/api-terraform/access-api-examples/okta-group.mdx

@@ -2,20 +2,19 @@
 type: example
 summary: Allow members of an Okta Group.
 tags:
-  - Okta® Group
-title: Okta® Group
+  - Okta Group
+title: Okta Group
 pcx_content_type: example
 sidebar:
   order: 4
 description: Allow members of an Okta Group.
-
 ---
 
 ```json
 {
-  "okta": {
-    "name": "admins",
-    "identity_provider_id": "ca298b82-93b5-41bf-bc2d-10493f09b761"
-  }
+	"okta": {
+		"name": "admins",
+		"identity_provider_id": "ca298b82-93b5-41bf-bc2d-10493f09b761"
+	}
 }
 ```

src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-saml-saas.mdx

@@ -45,7 +45,7 @@ Obtain the following URLs from your SaaS application account:
 
 :::note[IdP groups]
 
-If you are using Okta, AzureAD, Google Workspace, or GitHub as your IdP, Access will automatically send a SAML attribute titled `groups` with all of the user's associated groups as attribute values.
+If you are using Okta, Microsoft Entra ID (formerly Azure AD), Google Workspace, or GitHub as your IdP, Access will automatically send a SAML attribute titled `groups` with all of the user's associated groups as attribute values.
 :::
 
 11. (Optional) Configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) for the application.

src/content/docs/cloudflare-one/applications/non-http/infrastructure-apps.mdx

@@ -8,7 +8,7 @@ sidebar:
     text: New
 ---
 
-import { Badge, Details, Tabs, TabItem, Render } from "~/components"
+import { Badge, Details, Tabs, TabItem, Render } from "~/components";
 
 Access for Infrastructure allows you to have granular control over how users access individual servers, clusters, or databases in your private network. By adding an infrastructure application to Cloudflare Access, you can configure how users authenticate to the resource as well as control and authorize the ports, protocols, and usernames that they can connect with. Access and command logs ensure regulatory compliance and allow for auditing of user activity in case of a security breach.
 
@@ -37,13 +37,14 @@ Access for Infrastructure is available in early access and currently only suppor
 ### Selectors
 
 The following [Access policy selectors](/cloudflare-one/policies/access/#selectors) are available for securing infrastructure applications:
+
 - Email
 - Emails ending in
 - SAML group
 - Country
 - Authentication method
 - Device posture
-- Azure group, GitHub organization, Google Workspace group, Okta group
+- Entra group, GitHub organization, Google Workspace group, Okta group
 
 ## 4. Configure the server
 
@@ -63,8 +64,6 @@ To connect to targets that are in different VNETS, users will need to [switch th
 If a user is connected to a target in VNET-A and needs to connect to a target in VNET-B, switching their VNET will not break any existing connections to targets within VNET-A. At present, connections are maintained between VNETs.
 :::
 
-
 ## Revoke a user's session
 
 To revoke a user's access to all infrastructure targets, you can either [revoke the user from Zero Trust](/cloudflare-one/identity/users/session-management/#per-user) or revoke their device. Cloudflare does not currently support revoking a user's session for a specific target.
-

src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions.mdx

@@ -3,10 +3,9 @@ pcx_content_type: how-to
 title: WARP sessions
 sidebar:
   order: 12
-
 ---
 
-import { Render, Badge } from "~/components"
+import { Render, Badge } from "~/components";
 
 Cloudflare Zero Trust enforces WARP client reauthentication on a per-application basis, unlike legacy VPNs which treat it as a global setting. You can configure WARP session timeouts for your [Access applications](#configure-warp-sessions-in-access) or as part of your [Gateway policies](#configure-warp-sessions-in-gateway).
 
@@ -52,10 +51,10 @@ If the user has an active browser session with the IdP, WARP will use the existi
 
 ### Supported IdPs
 
-* [Azure AD](/cloudflare-one/identity/idp-integration/azuread/#force-user-interaction-during-warp-reauthentication)
+- [Microsoft Entra ID](/cloudflare-one/identity/idp-integration/entra-id/#force-user-interaction-during-warp-reauthentication)
 
 ## Limitations
 
-* **Only one user per device** — If a device is already registered with User A, User B will not be able to log in on that device through the re-authentication flow. To switch the device registration to a different user, User A must first log out from Zero Trust (if [Allow device to leave organization](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#allow-device-to-leave-organization) is enabled), or an admin can revoke the registration from **My Team** > **Devices**. User B can then properly [enroll](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/).
-* **Active connections are not terminated** — Active sessions such as SSH and RDP will remain connected beyond the timeout limit.
-* **Binding Cookie is not supported** - WARP authentication will not work for Access applications that have the [Binding Cookie](/cloudflare-one/identity/authorization-cookie/#binding-cookie) enabled.
+- **Only one user per device** — If a device is already registered with User A, User B will not be able to log in on that device through the re-authentication flow. To switch the device registration to a different user, User A must first log out from Zero Trust (if [Allow device to leave organization](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#allow-device-to-leave-organization) is enabled), or an admin can revoke the registration from **My Team** > **Devices**. User B can then properly [enroll](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/).
+- **Active connections are not terminated** — Active sessions such as SSH and RDP will remain connected beyond the timeout limit.
+- **Binding Cookie is not supported** - WARP authentication will not work for Access applications that have the [Binding Cookie](/cloudflare-one/identity/authorization-cookie/#binding-cookie) enabled.

src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-prelogin.mdx

@@ -3,11 +3,9 @@ pcx_content_type: how-to
 title: Connect WARP before Windows login
 sidebar:
   order: 3
-
 ---
 
-
-import { Details, Render } from "~/components"
+import { Details, Render } from "~/components";
 
 <Details header="Feature availability">
 
@@ -17,21 +15,20 @@ import { Details, Render } from "~/components"
 
 | System   | Availability | Minimum WARP version |
 | -------- | ------------ | -------------------- |
-| Windows  | ✅            | 2024.6.415.0         |
-| macOS    | ❌            |                      |
-| Linux    | ❌            |                      |
-| iOS      | ❌            |                      |
-| Android  | ❌            |                      |
-| ChromeOS | ❌            |                      |
-
+| Windows  | ✅           | 2024.6.415.0         |
+| macOS    | ❌           |                      |
+| Linux    | ❌           |                      |
+| iOS      | ❌           |                      |
+| Android  | ❌           |                      |
+| ChromeOS | ❌           |                      |
 
 </Details>
 
 With Cloudflare Zero Trust, you can use an on-premise Active Directory (or similar) server to validate a remote user's Windows login credentials. Before the user enters their Windows login information for the first time, the WARP client establishes a connection using a service token. This initial connection is not associated with a user identity. Once the user completes the Windows login, WARP switches to an identity-based session and applies the user registration to all future logins.
 
 ## Prerequisites
 
-* Active Directory resources are [connected to Cloudflare](/cloudflare-one/connections/connect-networks/private-net/).
+- Active Directory resources are [connected to Cloudflare](/cloudflare-one/connections/connect-networks/private-net/).
 
 ## 1. Create a service token
 
@@ -49,18 +46,15 @@ In your [device enrollment permissions](/cloudflare-one/connections/connect-devi
 
 Devices enrolled via a service token are identified by the email address `non_identity@<team-name>.cloudflareaccess.com`. Using this email address, you can apply specific [device profile settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/) and [Gateway network policies](/cloudflare-one/policies/gateway/network-policies/) during the pre-login state. For example, you could provide access to only those resources necessary to complete the Windows login and/or device management activities.
 
-
 <Details header="Example device profile rule">
 
 | Selector         | Operator | Value                                           | Logic |
 | ---------------- | -------- | ----------------------------------------------- | ----- |
 | User email       | in       | `non_identity@<team-name>.cloudflareaccess.com` | And   |
 | Operating system | is       | Windows                                         |       |
 
-
 </Details>
 
-
 <Details header="Example Gateway network policy">
 
 | Selector                     | Operator | Value                                           | Logic |
@@ -73,7 +67,6 @@ Devices enrolled via a service token are identified by the email address `non_id
 | ------ |
 | Allow  |
 
-
 </Details>
 
 ## 3. Configure the MDM file

src/content/docs/cloudflare-one/faq/teams-general-faq.mdx

@@ -5,7 +5,6 @@ sidebar:
   order: 3
 head: []
 description: Review frequently asked questions about Cloudflare Zero Trust.
-
 ---
 
 [❮ Back to FAQ](/cloudflare-one/faq/)
@@ -26,11 +25,11 @@ Access does not have an independent or out-of-band MFA feature.
 
 These browsers are supported:
 
-* Internet Explorer® 11
-* Edge® (current release, last release)
-* Firefox® (current release, last release)
-* Chrome® (current release, last release)
-* Safari® (current release, last release)
+- Internet Explorer 11
+- Edge (current release, last release)
+- Firefox (current release, last release)
+- Chrome (current release, last release)
+- Safari (current release, last release)
 
 ## What data localization services are supported?
 

src/content/docs/cloudflare-one/identity/authorization-cookie/application-token.mdx

@@ -71,7 +71,7 @@ Access allows you to add custom SAML attributes and OIDC claims to your JWT for
 
 #### User identity
 
-User identity is useful for checking application permissions. For example, your application can validate that a given user is a member of an Okta or AzureAD group such as `Finance-Team`.
+User identity is useful for checking application permissions. For example, your application can validate that a given user is a member of an Okta or Microsoft Entra ID group such as `Finance-Team`.
 
 Due to cookie size limits and bandwidth considerations, the application token only contains a subset of the user's identity. To get the user's full identity, send the `CF_Authorization` cookie to `https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/get-identity`. Your request should be structured as follows:
 

src/content/docs/cloudflare-one/identity/devices/access-integrations/index.mdx

@@ -3,13 +3,12 @@ pcx_content_type: navigation
 title: Access integrations
 sidebar:
   order: 4
-
 ---
 
 These device posture checks can only be enforced for Cloudflare Access applications. They cannot be used in Gateway network policies.
 
-| Device posture check                                                                          | macOS | Windows | Linux | iOS | Android/ChromeOS | [WARP mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) |
-| --------------------------------------------------------------------------------------------- | ----- | ------- | ----- | --- | ---------------- | ---------------------------------------------------------------------------------------- |
-| [Azure AD Conditional Access](/cloudflare-one/tutorials/azuread-conditional-access/)          | ✅     | ✅       | ❌     | ❌   | ❌                | WARP not required                                                                        |
-| [Mutual TLS](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/) | ✅     | ✅       | ✅     | ✅   | ✅                | WARP not required                                                                        |
-| [Tanium](/cloudflare-one/identity/devices/access-integrations/tanium/)                        | ✅     | ✅       | ✅     | ❌   | ❌                | Gateway with WARP, Secure Web Gateway without DNS filtering, or Device Information Only  |
+| Device posture check                                                                            | macOS | Windows | Linux | iOS | Android/ChromeOS | [WARP mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) |
+| ----------------------------------------------------------------------------------------------- | ----- | ------- | ----- | --- | ---------------- | ---------------------------------------------------------------------------------------- |
+| [Microsoft Entra ID Conditional Access](/cloudflare-one/tutorials/entra-id-conditional-access/) | ✅    | ✅      | ❌    | ❌  | ❌               | WARP not required                                                                        |
+| [Mutual TLS](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/)   | ✅    | ✅      | ✅    | ✅  | ✅               | WARP not required                                                                        |
+| [Tanium](/cloudflare-one/identity/devices/access-integrations/tanium/)                          | ✅    | ✅      | ✅    | ❌  | ❌               | Gateway with WARP, Secure Web Gateway without DNS filtering, or Device Information Only  |

src/content/docs/cloudflare-one/identity/devices/warp-client-checks/domain-joined.mdx

@@ -6,16 +6,21 @@ sidebar:
 head:
   - tag: title
     content: Domain joined
-
 ---
 
-import { Render } from "~/components"
+import { Render } from "~/components";
 
 The Domain Joined device posture attribute ensures that a user is a member of a specific Windows Active Directory domain.
 
 ## Prerequisites
 
-* <Render file="posture/prereqs-warp-is-deployed" params={{ name: "WARP Client Checks", link: "/cloudflare-one/identity/devices/warp-client-checks/" }} />
+- <Render
+  	file="posture/prereqs-warp-is-deployed"
+  	params={{
+  		name: "WARP Client Checks",
+  		link: "/cloudflare-one/identity/devices/warp-client-checks/",
+  	}}
+  />
 
 ## Enable the Domain Joined check