fix blocking and non blocking issues

omondiatieno · omondiatieno · commit 4d060551cb4c · 2023-08-29T08:46:52.000+03:00
diff --git a/articles/active-directory/manage-apps/configure-user-consent-groups.md b/articles/active-directory/manage-apps/configure-user-consent-groups.md
@@ -324,11 +324,11 @@ PATCH https://graph.microsoft.com/beta/settings/{directorySettingId}
 :::zone-end
 
 > [!NOTE]
-> "User can consent to apps accessing company data on their behalf" setting, when turned off, does not disable the "Users can consent to apps accessing company data for groups they own" option
+> **User can consent to apps accessing company data on their behalf** setting, when turned off, doesn't disable the **Users can consent to apps accessing company data for groups they own** option.
 
 ## Manage group owner consent to apps by app consent policy
 
-You can configure which users are allowed to consent to apps accessing their groups' or teams' data through app consent policies. To allow group owner consent subject to app consent policies, the group owner consent setting **must** be disabled. Once disabled, your current policy is read from app consent policies.
+You can configure which users are allowed to consent to apps accessing their groups' or teams' data through app consent policies. To allow group owner consent subject to app consent policies, the group owner consent setting must be disabled. Once disabled, your current policy is read from app consent policies.
 
 :::zone pivot="ms-powershell"
 
@@ -348,21 +348,21 @@ Connect-MgGraph -Scopes "Policy.ReadWrite.Authorization"
 
 ### Disable group owner consent to use app consent policies
 
-1. check if the `ManagePermissionGrantPoliciesForOwnedResource` is scoped in `group`
+1. Check if the `ManagePermissionGrantPoliciesForOwnedResource` is scoped in `group`
 
     1. Retrieve the current value for the group owner consent setting 
     ```powershell
       Get-MgPolicyAuthorizationPolicy | select -ExpandProperty DefaultUserRolePermissions | ft PermissionGrantPoliciesAssigned
     ```
     If `ManagePermissionGrantPoliciesForOwnedResource` is returned in `PermissionGrantPoliciesAssigned`, your group owner consent setting **might** have been governed by the app consent policy.
 
-    2.Check if the policy is scoped to `group` 
+    1. Check if the policy is scoped to `group` 
     ```powershell
         Get-MgPolicyPermissionGrantPolicy -PermissionGrantPolicyId {"microsoft-all-application-permissions-for-group"} | ft AdditionalProperties
     ```
     If `resourceScopeType` == `group`, your group owner consent setting **has been** governed by the app consent policy.
 
-2. To disable group owner consent to utilize app consent policies, ensure that the consent policies (`PermissionGrantPoliciesAssigned`) include the current `ManagePermissionGrantsForSelf.*` policy and other current `ManagePermissionGrantsForOwnedResource.*` policies if any that aren't applicable to groups while updating the collection. This way, you can maintain your current configuration for user consent settings and other resource consent settings.
+1. To disable group owner consent to utilize app consent policies, ensure that the consent policies (`PermissionGrantPoliciesAssigned`) include the current `ManagePermissionGrantsForSelf.*` policy and other current `ManagePermissionGrantsForOwnedResource.*` policies if any that aren't applicable to groups while updating the collection. This way, you can maintain your current configuration for user consent settings and other resource consent settings.
 
 ```powershell
 # only exclude policies that are scoped in group
@@ -419,19 +419,19 @@ Use the [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) t
 
 ### Disable group owner consent to use app consent policies
 
-1. check if the `ManagePermissionGrantPoliciesForOwnedResource` is scoped in `group`
+1. Check if the `ManagePermissionGrantPoliciesForOwnedResource` is scoped in `group`
 
     1. Retrieve the current value for the group owner consent setting 
     ```http
     GET https://graph.microsoft.com/v1.0/policies/authorizationPolicy
     ```
-    If `ManagePermissionGrantsForOwnedResource` is returned in `permissionGrantPolicyIdsAssignedToDefaultUserRole`, your group owner consent setting **might** have been governed by the app consent policy.
+    If `ManagePermissionGrantsForOwnedResource` is returned in `permissionGrantPolicyIdsAssignedToDefaultUserRole`, your group owner consent setting might have been governed by the app consent policy.
 
     2.Check if the policy is scoped to `group` 
     ```http
     GET https://graph.microsoft.com/beta/policies/permissionGrantPolicies/{microsoft-all-application-permissions-for-group}
     ```
-    If `resourceScopeType` == `group`, your group owner consent setting **has been** governed by the app consent policy.
+    If `resourceScopeType` == `group`, your group owner consent setting has been governed by the app consent policy.
 
 2. To disable group owner consent to utilize app consent policies, ensure that the consent policies (`PermissionGrantPoliciesAssigned`) include the current `ManagePermissionGrantsForSelf.*` policy and other current `ManagePermissionGrantsForOwnedResource.*` policies if any that aren't applicable to groups. This way, you can maintain your current configuration for user consent settings and other resource consent settings.
    ```http
@@ -488,15 +488,8 @@ PATCH https://graph.microsoft.com/v1.0/policies/authorizationPolicy
 
 ## Next steps
 
-To learn more:
-
-* [Managing group owner consent by app consent policies](manage-group-owner-consent-policies.md)
-* [Configure user consent settings](configure-user-consent.md)
-* [Configure the admin consent workflow](configure-admin-consent-workflow.md)
-* [Learn how to manage consent to applications and evaluate consent requests](manage-consent-requests.md)
-* [Grant tenant-wide admin consent to an application](grant-admin-consent.md)
-* [Permissions and consent in the Microsoft identity platform](../develop/permissions-consent-overview.md)
+- [Manage group owner consent policies](manage-group-owner-consent-policies.md)
 
 To get help or find answers to your questions:
 
-* [Azure AD on Microsoft Q&A](/answers/topics/azure-active-directory.html)
+- [Azure AD on Microsoft Q&A](/answers/topics/azure-active-directory.html)
diff --git a/articles/active-directory/manage-apps/manage-app-consent-policies.md b/articles/active-directory/manage-apps/manage-app-consent-policies.md
@@ -114,10 +114,11 @@ Once the app consent policy has been created, you can [allow user consent](confi
 
 ## Delete a custom app consent policy
 
-1. The following shows how you can delete a custom app consent policy.
-   ```powershell
+The following cmdlet shows how you can delete a custom app consent policy.
+   
+```powershell
    Remove-MgPolicyPermissionGrantPolicy -PermissionGrantPolicyId "my-custom-policy"
-   ```
+```
 
 :::zone-end
 
@@ -220,7 +221,7 @@ The following table provides the list of supported conditions for app consent po
 | PermissionClassification | The [permission classification](configure-permission-classifications.md) for the permission being granted, or "all" to match with any permission classification (including permissions that aren't classified). Default is "all". |
 | PermissionType | The permission type of the permission being granted. Use "application" for application permissions (for example, app roles) or "delegated" for delegated permissions. <br><br>**Note**: The value "delegatedUserConsentable" indicates delegated permissions that haven't been configured by the API publisher to require admin consent. This value may be used in built-in permission grant policies, but can't be used in custom permission grant policies. Required. |
 | ResourceApplication | The **AppId** of the resource application (for example, the API) for which a permission is being granted, or "any" to match with any resource application or API. Default is "any". |
-| Permissions | The list of permission IDs for the specific permissions to match with, or a list with the single value "all" to match with any permission. Default is the single value "all". <ul><li>Delegated permission IDs can be found in the **OAuth2Permissions** property of the API's ServicePrincipal object.</li><li>Application permission IDs can be found in the **AppRoles** property of the API's ServicePrincipal object.</li></ol> |
+| Permissions | The list of permission IDs for the specific permissions to match with, or a list with the single value "all" to match with any permission. Default is the single value "all". <br> - Delegated permission IDs can be found in the **OAuth2Permissions** property of the API's ServicePrincipal object. <br> - Application permission IDs can be found in the **AppRoles** property of the API's ServicePrincipal object. |
 | ClientApplicationIds | A list of **AppId** values for the client applications to match with, or a list with the single value "all" to match any client application. Default is the single value "all". |
 | ClientApplicationTenantIds | A list of Azure Active Directory tenant IDs in which the client application is registered, or a list with the single value "all" to match with client apps registered in any tenant. Default is the single value "all". |
 | ClientApplicationPublisherIds | A list of Microsoft Partner Network (MPN) IDs for [verified publishers](../develop/publisher-verification-overview.md) of the client application, or a list with the single value "all" to match with client apps from any publisher. Default is the single value "all". |
diff --git a/articles/active-directory/manage-apps/manage-group-owner-consent-policies.md b/articles/active-directory/manage-apps/manage-group-owner-consent-policies.md
@@ -52,7 +52,7 @@ To manage group owner consent policies for applications with Microsoft Graph Pow
    Connect-MgGraph -Scopes "Policy.ReadWrite.PermissionGrant"
    ```
 
-## Retrieve the current value for the Group Owner Consent Policy 
+## Retrieve the current value for the group owner consent policy 
 
 Learn how to verify if your group owner consent setting has been authorized in other ways.
 
@@ -149,7 +149,7 @@ Once the app consent policy for group has been created, you can [allow group own
 
 To manage group owner consent policies, sign in to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) with one of the roles listed in the prerequisite section. You also need to consent to the `Policy.ReadWrite.PermissionGrant` permission. 
 
-## Retrieve the current value for the Group Owner Consent Policy
+## Retrieve the current value for the group owner consent policy
 
 Learn how to verify if your group owner consent setting has been authorized in other ways.
 1. Retrieve the current policy value
@@ -257,7 +257,7 @@ The following table provides the list of supported conditions for group owner co
 | PermissionClassification | The [permission classification](configure-permission-classifications.md) for the permission being granted, or "all" to match with any permission classification (including permissions that aren't classified). Default is "all". |
 | PermissionType | The permission type of the permission being granted. Use "application" for application permissions (for example, app roles) or "delegated" for delegated permissions. <br><br>**Note**: The value "delegatedUserConsentable" indicates delegated permissions that haven't been configured by the API publisher to require admin consent. This value may be used in built-in permission grant policies, but can't be used in custom permission grant policies. Required. |
 | ResourceApplication | The **AppId** of the resource application (for example, the API) for which a permission is being granted, or "any" to match with any resource application or API. Default is "any". |
-| Permissions | The list of permission IDs for the specific permissions to match with, or a list with the single value "all" to match with any permission. Default is the single value "all". <ul><li>Delegated permission IDs can be found in the **OAuth2Permissions** property of the API's ServicePrincipal object.</li><li>Application permission IDs can be found in the **AppRoles** property of the API's ServicePrincipal object.</li></ol> |
+| Permissions | The list of permission IDs for the specific permissions to match with, or a list with the single value "all" to match with any permission. Default is the single value "all". <br> - Delegated permission IDs can be found in the **OAuth2Permissions** property of the API's ServicePrincipal object.<br> - Application permission IDs can be found in the **AppRoles** property of the API's ServicePrincipal object. |
 | ClientApplicationIds | A list of **AppId** values for the client applications to match with, or a list with the single value "all" to match any client application. Default is the single value "all". |
 | ClientApplicationTenantIds | A list of Azure Active Directory tenant IDs in which the client application is registered, or a list with the single value "all" to match with client apps registered in any tenant. Default is the single value "all". |
 | ClientApplicationPublisherIds | A list of Microsoft Partner Network (MPN) IDs for [verified publishers](../develop/publisher-verification-overview.md) of the client application, or a list with the single value "all" to match with client apps from any publisher. Default is the single value "all". |
