Merge pull request #219519 from omondiatieno/end-user-experience-updates

v-ccolin · web-flow · commit 7ce09bf28770 · 2022-12-08T09:50:46.000Z
update end user experience and freshness pass
diff --git a/articles/active-directory/manage-apps/end-user-experiences.md b/articles/active-directory/manage-apps/end-user-experiences.md
@@ -1,67 +1,80 @@
 ---
 title: End-user experiences for applications
-description: Azure Active Directory (Azure AD) provides several customizable ways to deploy applications to end users in your organization.
+description: Learn about the customizable ways to deploy applications to end users in your organization with Azure Active Directory (Azure AD)
 services: active-directory
 author: lnalepa
 manager: CelesteDG
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 09/27/2019
+ms.date: 12/08/2022
 ms.author: lenalepa
 ---
 
 # End-user experiences for applications
 
 Azure Active Directory (Azure AD) provides several customizable ways to deploy applications to end users in your organization:
 
-* Azure AD My Apps
-* Microsoft 365 application launcher
-* Direct sign-on to federated apps
-* Deep links to federated, password-based, or existing apps
+- Azure AD My Apps
+- Microsoft 365 application launcher
+- Direct sign-on to federated apps
+- Deep links to federated, password-based, or existing apps
 
 Which method(s) you choose to deploy in your organization is your discretion.
 
 ## Azure AD My Apps
 
-[My Apps](https://myapps.microsoft.com) is a web-based portal that allows an end user with an organizational account in Azure Active Directory to view and launch applications to which they have been granted access by the Azure AD administrator. If you are an end user with [Azure Active Directory Premium](https://www.microsoft.com/security/business/identity-access-management/azure-ad-pricing), you can also utilize self-service group management capabilities through My Apps.
+[My Apps](https://myapps.microsoft.com) is a web-based portal that allows an organization user in Azure AD to view and launch applications to which they have been granted access by the Azure AD administrator. If you're an end user with [Azure Active Directory Premium](https://www.microsoft.com/security/business/identity-access-management/azure-ad-pricing), you can also utilize self-service group management capabilities through My Apps.
 
 By default, all applications are listed together on a single page. But you can use collections to group together related applications and present them on a separate tab, making them easier to find. For example, you can use collections to create logical groupings of applications for specific job roles, tasks, projects, and so on. For information, see [Create collections on the My Apps portal](access-panel-collections.md).
 
-My Apps is separate from the Azure portal and does not require users to have an Azure subscription or Microsoft 365 subscription.
+My Apps is separate from the Azure portal and doesn't require users to have an Azure subscription or Microsoft 365 subscription.
 
 For more information on Azure AD My Apps, see the [introduction to My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
 
 ## Microsoft 365 application launcher
 
-For organizations that have deployed Microsoft 365, applications assigned to users through Azure AD will also appear in the Office 365 portal at [https://portal.office.com/myapps](https://portal.office.com/myapps). This makes it easy and convenient for users in an organization to launch their apps without having to use a second portal, and is the recommended app launching solution for organizations using Microsoft 365.
+For organizations that have deployed Microsoft 365, applications assigned to users through Azure AD will also appear in the Office 365 portal at [https://portal.office.com/myapps](https://portal.office.com/myapps). It makes it convenient for users in an organization to launch their apps without using a second portal. Microsoft 365 application launcher is the recommended app launching solution for organizations using Microsoft 365.
 
 For more information about the Office 365 application launcher, see [Have your app appear in the Office 365 app launcher](/previous-versions/office/office-365-api/).
 
 ## Direct sign-on to federated apps
 
-Most federated applications that support SAML 2.0, WS-Federation, or OpenID connect also support the ability for users to start at the application, and then get signed in through Azure AD either by automatic redirection or by clicking on a link to sign in. This is known as service provider-initiated sign-on, and most federated applications in the Azure AD application gallery support this (see the documentation linked from the app’s single sign-on configuration wizard in the Azure portal for details).
+Most federated applications that support SAML 2.0, WS-Federation, or OpenID connect also support the ability for users to start at the application. The users then get signed in through Azure AD either by automatic redirection or by selecting a link to sign in. Direct sign-on is a service provider-initiated sign-on, and most federated applications in Azure AD application gallery support it. See the documentation linked from the app’s single sign-on configuration wizard in the Azure portal for details.
 
 ## Direct sign-on links
 
 Azure AD also supports direct single sign-on links to individual applications that support password-based single sign-on, linked single sign-on, and any form of federated single sign-on.
 
-These links are specifically crafted URLs that send a user through the Azure AD sign-in process for a specific application without requiring the user launch them from Azure AD My Apps or Microsoft 365. These **User access URLs** can be found under the properties of available enterprise applications. In the Azure portal, select **Azure Active Directory** > **Enterprise applications**. Select the application, and then select **Properties**.
+Direct sign-on links are crafted URLs that send a user through the Azure AD sign-in process for a specific application. The user won't need to launch the application from My Apps or Microsoft 365. These **User access URLs** can be found under the properties of available enterprise applications. In the Azure portal, select **Azure Active Directory** > **Enterprise applications**. Select the application, and then select **Properties**.
 
 ![Example of the User access URL in Twitter properties](media/end-user-experiences/direct-sign-on-link.png)
 
-These links can be copied and pasted anywhere you want to provide a sign-in link to the selected application. This could be in an email, or in any custom web-based portal that you have set up for user application access. Here's an example of an Azure AD direct single sign-on URL for Twitter:
+Direct sign-on links can be copied and pasted anywhere you want to provide a sign-in link to the selected application. They can be placed in an email, or in any custom web-based portal that you've set up for user application access. The following URL is an example of an Azure AD direct single sign-on URL for Twitter:
 
 `https://myapps.microsoft.com/signin/Twitter/230848d52c8745d4b05a60d29a40fced`
 
-Similar to organization-specific URLs for My Apps, you can further customize this URL by adding one of the active or verified domains for your directory after the *myapps.microsoft.com* domain. This ensures any organizational branding is loaded immediately on the sign-in page without the user needing to enter their user ID first:
+Similar to organization-specific URLs for My Apps, you can further customize direct sign-on URL by adding one of the active or verified domains for your directory after the *myapps.microsoft.com* domain. Customizing direct sign-on URL ensures any organizational branding is loaded immediately on the sign-in page without the user needing to enter their user ID first:
 
 `https://myapps.microsoft.com/contosobuild.com/signin/Twitter/230848d52c8745d4b05a60d29a40fced`
 
-When an authorized user clicks on one of these application-specific links, they first see their organizational sign-in page (assuming they are not already signed in), and after sign-in are redirected to their app without stopping at My Apps first. If the user is missing pre-requisites to access the application, such as the password-based single sign browser extension, then the link will prompt the user to install the missing extension. The link URL also remains constant if the single sign-on configuration for the application changes.
+When an authorized user selects one of these application-specific links, they first see their organizational sign-in page (assuming they aren't already signed in). After sign-in, they're redirected to their app without stopping at My Apps first. If the user is missing pre-requisites to access the application, such as the password-based single sign browser extension, then the link will prompt the user to install the missing extension. The link URL also remains constant if the single sign-on configuration for the application changes.
 
-These links use the same access control mechanisms as My Apps and Microsoft 365, and only those users or groups who have been assigned to the application in the Azure portal will be able to successfully authenticate. However, any user who is unauthorized will see a message explaining that they have not been granted access, and are given a link to load My Apps to view available applications for which they do have access.
+These links use the same access control mechanisms as My Apps and Microsoft 365. Only those users or groups who have been assigned to the application in the Azure portal will be able to successfully authenticate. However, any user who is unauthorized will see a message explaining that they haven't been granted access. The unauthorized user is given a link to load My Apps to view available applications that they do have access to.
+
+## Manage preview settings
+
+As an admin, you can choose to try out new app launcher features while they are in preview. Enabling a preview feature means that the feature is turned on for your organization and will be reflected in the My Apps portal and other app launchers for all your users.
+
+To enable or disable previews for your app launchers:
+
+- Sign in to the Azure portal as a global administrator for your directory.
+- Search for and select **Azure Active Directory**, then select **Enterprise applications**.
+- On the left menu, select **App launchers**, then select **Settings**.
+- Under **Preview settings**, toggle the checkboxes for the previews you want to enable or disable. To opt into a preview, toggle the associated checkbox to the checked state. To opt out of a preview, toggle the associated checkbox to the unchecked state.
+- Select **Save**. Wait a few minutes for the changes to take effect.
+Navigate to the My Apps portal and verify that the preview you enabled or disabled is reflected.
 
 ## Next steps
 
diff --git a/articles/active-directory/manage-apps/manage-self-service-access.md b/articles/active-directory/manage-apps/manage-self-service-access.md
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-mgmt
 ms.workload: identity
 ms.topic: how-to
-ms.date: 09/23/2021
+ms.date: 11/24/2022
 ms.author: jomondi
 ms.collection: M365-identity-device-management
 ms.reviewer: ergreenl
@@ -42,7 +42,7 @@ To enable self-service application access, you need:
 
 - An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 - One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
-- An Azure Active Directory Premium (P1 or P2) license is required for users to request to join a self-service app and for owners to approve or deny requests. Without an Azure Active Directory Premium license, users cannot add self-service apps.
+- An Azure Active Directory Premium (P1 or P2) license is required for users to request to join a self-service app and for owners to approve or deny requests. Without an Azure Active Directory Premium license, users can't add self-service apps.
 
 ## Enable self-service application access to allow users to find their own applications
 
@@ -67,18 +67,16 @@ To enable self-service application access to an application, follow the steps be
 
 1. **Optional:** To require business approval before users are allowed access, set **Require approval before granting access to this application?** to **Yes**.
 
-1. **Optional: For applications using password single-sign on only,** to allow business approvers to specify the passwords that are sent to this application for approved users, set **Allow approvers to set user’s passwords for this application?** to **Yes**.
-
-1. **Optional:** To specify the business approvers who are allowed to approve access to this application, select **Select approvers**, select up to 10 individual business approvers, and then select **Select**.
+1. **Optional:** Next to **Who is allowed to approve access to this application?** Select **Select approvers** to specify the business approvers who are allowed to approve access to this application. Select up to 10 individual business approvers, and then select **Select**.
 
     >[!NOTE]
     >Groups are not supported. You can select up to 10 individual business approvers. If you specify multiple approvers, any single approver can approve an access request.
 
-1. **Optional:** **For applications that expose roles**, to assign self-service approved users to a role, select **Select Role**, choose the role to which these users should be assigned, and then select **Select**.
+1. **Optional:** Next to **To which role should users be assigned in this application?**, select **Select Role** to assign self-service approved users to a role. Choose the role to which these users should be assigned, and then select **Select**. This option is for applications that expose roles.
 
 1. Select the **Save** button at the top of the pane to finish.
 
-Once you complete self-service application configuration, users can navigate to their My Apps portal and select **Request new apps** to find the apps that are enabled with self-service access. Business approvers also see a notification in their My Apps portal. You can enable an email notifying them when a user has requested access to an application that requires their approval.
+Once you complete self-service application configuration, users can navigate to their My Apps portal, and select **Request new apps** to find the apps that are enabled with self-service access. Business approvers also see a notification in their My Apps portal. You can enable an email notifying them when a user has requested access to an application that requires their approval.
 
 ## Next steps
 
diff --git a/articles/active-directory/manage-apps/myapps-overview.md b/articles/active-directory/manage-apps/myapps-overview.md
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 08/11/2022
+ms.date: 11/24/2022
 ms.author: saibandaru
 ms.custom: contperf-fy23q1
 #Customer intent: As an Azure AD administrator, I want to make applications available to users in the My Apps portal.
@@ -74,7 +74,7 @@ In the Azure portal, define the logo and name for the application to represent c
 
 For more information, see [Add branding to your organization's sign-in page](../fundamentals/customize-branding.md).
 
-## Access applications
+## Manage access to applications
 
 Multiple factors affect how and whether an application can be accessed by users. Permissions that are assigned to the application can affect what can be done with it. Applications can be configured to allow self-service access, or access may be only granted by an administrator of the tenant.
 
