You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/app-provisioning/how-provisioning-works.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -202,7 +202,7 @@ Confirm the mapping for *active* for your application. If your using an applicat
202
202
203
203
The following scenarios will trigger a disable or a delete:
204
204
* A user is soft deleted in Azure AD (sent to the recycle bin / AccountEnabled property set to false).
205
-
30 days after a user is deleted in Azure AD, they are permanently deleted from the tenant. At this point, the provisioning service sends a DELETE request to permanently delete the user in the application. At any time during the 30-day window, you can [manually delete a user permanently](../fundamentals/active-directory-users-restore.md), which sends a delete request to the application.
205
+
30 days after a user is deleted in Azure AD, they're permanently deleted from the tenant. At this point, the provisioning service sends a DELETE request to permanently delete the user in the application. At any time during the 30-day window, you can [manually delete a user permanently](../fundamentals/active-directory-users-restore.md), which sends a delete request to the application.
206
206
* A user is permanently deleted / removed from the recycle bin in Azure AD.
207
207
* A user is unassigned from an app.
208
208
* A user goes from in scope to out of scope (doesn't pass a scoping filter anymore).
@@ -230,8 +230,8 @@ The following table describes how you can configure deprovisioning actions with
230
230
231
231
**Known limitations**
232
232
233
-
* If a user that was previously managed by the provisioning service is unassigned from an app, or from a group assigned to an app we will send a disable request. At that point, the user is not managed by the service and we won't send a delete request when they are deleted from the directory.
234
-
* Provisioning a user that is disabled in Azure AD is not supported. They must be active in Azure AD before they are provisioned.
233
+
* If a user that was previously managed by the provisioning service is unassigned from an app, or from a group assigned to an app we will send a disable request. At that point, the user is not managed by the service and we won't send a delete request when they're deleted from the directory.
234
+
* Provisioning a user that is disabled in Azure AD is not supported. They must be active in Azure AD before they're provisioned.
235
235
* When a user goes from soft-deleted to active, the Azure AD provisioning service will activate the user in the target app, but won't automatically restore the group memberships. The target application should maintain the group memberships for the user in inactive state. If the target application doesn't support this, you can restart provisioning to update the group memberships.
0 commit comments