Skip to content

Commit 00cb88b

Browse files
committed
review
1 parent 19295af commit 00cb88b

File tree

2 files changed

+6
-4
lines changed

2 files changed

+6
-4
lines changed

articles/active-directory/manage-apps/assign-user-or-group-access-portal.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ ms.collection: M365-identity-device-management
1818

1919
This article shows you how to assign users or groups to enterprise applications in Azure Active Directory (Azure AD), either from within the Azure portal or by using PowerShell. When you assign a user to an application, the application appears in the user's [My Apps access panel](https://myapps.microsoft.com/) for easy access. If the application exposes roles, you can also assign a specific role to the user.
2020

21-
For greater control, certain types of enterprise applications can be configured to *require* user assignment. This option blocks everyone from signing in, except those users you explicitly assign to the application. When user assignment is *not required*, unassigned users won't see the app on their My Apps access panel, but they can still sign in to the application with a direct app URL (known as service provider-initiated sign-on) or the **User Access URL** in the application’s **Properties** page (known as identity provider-initiated sign on). For background, see [Managing access to apps](what-is-access-management.md).
21+
For greater control, certain types of enterprise applications can be configured to *require* user assignment. This option blocks everyone from signing in, except those users you explicitly assign to the application. When user assignment is *not required*, unassigned users won't see the app on their My Apps access panel, but they can still sign in to the application by going directly to the application sign-in page or using the user access URL in the application's property page. For background, see [Managing access to apps](what-is-access-management.md).
2222

2323
To assign a user or group to an enterprise app, you'll need to sign in as a global administrator, application administrator, cloud application administrator, or the assigned owner of the enterprise app.
2424

@@ -48,7 +48,7 @@ To require user assignment for an application:
4848
5. Make sure the **User assignment required?** toggle is set to **Yes**.
4949

5050
> [!NOTE]
51-
> If the **User assignment required?** toggle isn't available, you can use PowerShell to set this option on the service principal.
51+
> If the **User assignment required?** toggle isn't available, you can use PowerShell to set the appRoleAssignmentRequired property on the service principal.
5252
5353
6. Select the **Save** button at the top of the screen.
5454

articles/active-directory/manage-apps/what-is-access-management.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ With certain types of applications, you have the option of [requiring users to b
4747

4848
When user assignment is *not required*, unassigned users don't see the app on their My Apps access panel, but they can still sign in to the application itself (known as service provider-initiated sign-on) or they can use the **User Access URL** in the application’s **Properties** page (known as identity provider-initiated sign on).
4949

50-
For some applications, the option to require user assignment isn't available in the application properties. In these cases, you can use PowerShell to configure the setting.
50+
For some applications, the option to require user assignment isn't available in the application properties. In these cases, you can use PowerShell to set the appRoleAssignmentRequired property on the service principal.
5151

5252
### Determining the user experience for accessing apps
5353

@@ -83,9 +83,11 @@ Microsoft Applications (like Office 365 Exchange, SharePoint, Yammer, etc.) are
8383
There are three main ways that a user can get access to a Microsoft-published application.
8484

8585
- For applications in the Office 365 or other paid suites, users are granted access through **license assignment** either directly to their user account, or through a group using our group-based license assignment capability.
86-
- For applications that Microsoft or a Third Party publishes freely for anyone to use, users may be granted access through [user consent](configure-user-consent.md). This means that they sign in to the application with their Azure AD Work or School account and allow it to have access to some limited set of data on their account.
86+
- For applications that Microsoft or a 3rd party publishes freely for anyone to use, users may be granted access through [user consent](configure-user-consent.md). This means that they sign in to the application with their Azure AD Work or School account and allow it to have access to some limited set of data on their account.
8787
- For applications that Microsoft or a 3rd party publishes freely for anyone to use, users may also be granted access through [administrator consent](manage-consent-requests.md). This means that an administrator has determined the application may be used by everyone in the organization, so they sign in to the application with a Global Administrator account and grant access to everyone in the organization.
8888

89+
Some applications combine these methods. For example, certain Microsoft applications are part of an Office 365 subscription, but still require consent.
90+
8991
Users can access Office 365 applications through their Office 365 portals. You can also show or hide Office 365 applications in the My Apps access panel with the [Office 365 visibility toggle](hide-application-from-user-portal.md) in your directory's **User settings**.
9092

9193
As with enterprise apps, you can [assign users](assign-user-or-group-access-portal.md) to certain Microsoft applications via the Azure portal or, if the portal option isn't available, by using PowerShell.

0 commit comments

Comments
 (0)