Merge pull request #224453 from wtnlee/patch-2

Update user-groups-about.md

Author: prmerger-automator[bot]

articles/virtual-wan/user-groups-about.md

@@ -59,6 +59,10 @@ Azure Active Directory|AADGroupID|Azure Active Directory Group Object ID	|0cf484
 
 Gateways using Azure Active Directory authentication can use **Azure Active Directory Group Object IDs** to determine which user group a user belongs to. If a user is part of multiple Azure Active Directory groups, they're considered to be part of the Virtual WAN user group that has the lowest numerical priority.
 
+However, if you plan to have users who are external (users who are not part of the Azure Active Directory domain configured on the VPN Gateway) connect to the Virtual WAN Point-to-site VPN Gateway, please make sure that the user type of the external user is "Member" and **not** "Guest". Also, make sure that the "Name" of the user is set to the user's email address. If the user type and name of the connecting user is not set correctly as described above or you cannot set an external member to be a "Member" of your Azure Active Directory domain, that connecting user will be assigned to the default group and assigned an IP from the default IP address pool.   
+
+You can also identify whether or not a user is external by looking at the user's "User Principal Name." External users will have **#EXT** in their "User Principal Name."
+
 :::image type="content" source="./media/user-groups-about/groups.png" alt-text="Screenshot of an Azure Active Directory group." lightbox="./media/user-groups-about/groups.png":::
 
 #### Azure Certificate (OpenVPN and IKEv2)