Merge pull request #187754 from msmimart/mm-xtas-update

PRMerger12 · web-flow · commit 7724eca2fd3d · 2022-02-08T03:38:33.000+05:30
[EXID] Cross-tenant access overview and Conditional Access edits
diff --git a/articles/active-directory/external-identities/authentication-conditional-access.md b/articles/active-directory/external-identities/authentication-conditional-access.md
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 01/31/2022
+ms.date: 02/07/2022
 
 ms.author: mimart
 author: msmimart
@@ -52,7 +52,7 @@ The following diagram illustrates the authentication flow when an external user
 |--------------|-----------------------|
 | **1** | The B2B guest user requests access to a resource. The resource redirects the user to its resource tenant,  a trusted IdP.|
 | **2** | The resource tenant identifies the user as external and redirects the user to the B2B guest user’s IdP. The user performs primary authentication in the IdP.
-| **3** | Outbound cross-tenant access settings are evaluated. If the user is allowed outbound access, the B2B guest user’s IdP issues a token to the user. The user is redirected back to the resource tenant with the token. The resource tenant validates the token and then evaluates the user against its Conditional Access policies. For example, the resource tenant could require the user to perform Azure Active Directory (AD) MFA.
+| **3** | Authorization policies are evaluated in the B2B guest user's IdP. If the user satisfies these policies, the B2B guest user’s IdP issues a token to the user. The user is redirected back to the resource tenant with the token. The resource tenant validates the token and then evaluates the user against its Conditional Access policies. For example, the resource tenant could require the user to perform Azure Active Directory (AD) MFA.
 | **4** | Inbound cross-tenant access settings and Conditional Access policies are evaluated. If all policies are satisfied, the resource tenant issues its own token and redirects the user to its resource.
 
 ### Example 2: Authentication flow and token for one-time passcode user
diff --git a/articles/active-directory/external-identities/cross-tenant-access-overview.md b/articles/active-directory/external-identities/cross-tenant-access-overview.md
@@ -5,7 +5,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: how-to
-ms.date: 01/31/2022
+ms.date: 02/07/2022
 
 ms.author: mimart
 author: msmimart
@@ -53,7 +53,7 @@ You can configure organization-specific settings by adding an organization and m
 
 ## Important considerations
 
-> [!CAUTION]
+> [!IMPORTANT]
 > Changing the default inbound or outbound settings to block access could block existing business-critical access to apps in your organization or partner organizations. Be sure to use the tools described in this article and consult with your business stakeholders to identify the required access.
 
 - Cross-tenant access settings are used to manage B2B collaboration with other Azure AD organizations. For non-Azure AD identities (for example, social identities or non-IT managed external accounts), use [external collaboration settings](external-collaboration-settings-configure.md). External collaboration settings include options for restricting guest user access, specifying who can invite guests, and allowing or blocking domains.
@@ -84,7 +84,7 @@ Several tools are available to help you identify the access your users and partn
 To determine your users access to external Azure AD organizations in the last 30 days, run the following PowerShell script:
 
 ```powershell
-Get-MgAuditLogsSignIn ` 
+Get-MgAuditLogSignIn ` 
 -Filter “ResourceTenantID ne ‘your tenant id’” ` 
 -all:$True| ` 
 group ResourceTenantId,AppDisplayName,UserPrincipalName| ` 
