Merge pull request #185640 from shrmal/patch-8

PRMerger20 · web-flow · commit 58c6f0464054 · 2022-01-20T16:00:58.000-08:00
Update IP mismatch scenario for clarity
diff --git a/articles/active-directory/conditional-access/concept-continuous-access-evaluation.md b/articles/active-directory/conditional-access/concept-continuous-access-evaluation.md
@@ -176,8 +176,7 @@ Your identity provider and resource providers may see different IP addresses. Th
  
 Examples:
 
-- Your identity provider sees one IP address from the client.
-- Your resource provider sees a different IP address from the client after passing through a proxy.
+- Your identity provider sees one IP address from the client while your resource provider sees a different IP address from the client after passing through a proxy.
 - The IP address your identity provider sees is part of an allowed IP range in policy but the IP address from the resource provider isn't.
 
 To avoid infinite loops because of these scenarios, Azure AD issues a one hour CAE token and won't enforce client location change. In this case, security is improved compared to traditional one hour tokens since we're still evaluating the [other events](#critical-event-evaluation) besides client location change events.
