Update application-provisioning-config-problem-no-users-provisioned.md

ArvindHarinder1 · web-flow · commit 61c0bac9f054 · 2020-04-17T15:17:52.000-07:00
diff --git a/articles/active-directory/app-provisioning/application-provisioning-config-problem-no-users-provisioned.md b/articles/active-directory/app-provisioning/application-provisioning-config-problem-no-users-provisioned.md
@@ -53,6 +53,11 @@ When a user shows up as “skipped” in the provisioning logs, it is important
 - **The user is “not effectively entitled”.** If you see this specific error message, it is because there is a problem with the user assignment record stored in Azure AD. To fix this issue, unassign the user (or group) from the app, and reassign it again. For more information on assignment, see [Assign user or group access](../manage-apps/assign-user-or-group-access-portal.md).
 - **A required attribute is missing or not populated for a user.** An important thing to consider when setting up provisioning is to review and configure the attribute mappings and workflows that define which user (or group) properties flow from Azure AD to the application. This configuration includes setting the “matching property” that is used to uniquely identify and match users/groups between the two systems. For more information on this important process, see [Customizing User Provisioning Attribute Mappings for SaaS Applications in Azure Active Directory](customize-application-attributes.md).
 - **Attribute mappings for groups:** Provisioning of the group name and group details, in addition to the members, if supported for some applications. You can enable or disable this functionality by enabling or disabling the **Mapping** for group objects shown in the **Provisioning** tab. If provisioning groups is enabled, be sure to review the attribute mappings to ensure an appropriate field is being used for the “matching ID”. The matching ID can be the display name or email alias. The group and its members are not provisioned if the matching property is empty or not populated for a group in Azure AD.
+## Provisioning users assigned to the default access role
+The default role on an application from the gallery is called the "default access" role. Historically, users assigned to this role are not provisioned and are marked as skipped in the [provisioning logs](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-provisioning-logs) due to being "not effectively entitled." 
+
+**Behavior for provisioning configurations created after 04/16/2020:**
+Users assigned to the default access role will be evaluated the same as all other roles. A user that is assigned the default access will not be skipped as "not effectively entitled." 
 
 ## Next steps
 
