Merge pull request #228061 from v-edmckillop/patch-120

Update 2-secure-access-current-state.md

Author: v-dirichards

articles/active-directory/fundamentals/2-secure-access-current-state.md

@@ -1,14 +1,14 @@
 ---
-title: Discover the current state of external collaboration with Azure Active Directory 
-description: Learn methods to discover the current state of your collaboration
+title: Discover the current state of external collaboration in your organization
+description: Discover the current state of an organization's collaboration with audit logs, reporting, allowlist, blocklist, and more.
 services: active-directory
 author: gargi-sinha
 manager: martinco
 ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: conceptual
-ms.date: 12/15/2022
+ms.date: 02/21/2023
 ms.author: gasinh
 ms.reviewer: ajburnle
 ms.custom: "it-pro, seodec18"
@@ -19,53 +19,55 @@ ms.collection: M365-identity-device-management
 
 Before you learn about the current state of your external collaboration, determine a security posture. Consider centralized vs. delegated control, also governance, regulatory, and compliance targets.
 
-Learn more: [Determine your security posture for external users](1-secure-access-posture.md)
+Learn more: [Determine your security posture for external access with Azure Active Directory](1-secure-access-posture.md)
 
-Users in your organization likely collaborate with users from other organizations. Collaboration can occur with productivity applications like Microsoft 365, by email, or sharing resources with external users. The foundation of your governance plan can include:
+Users in your organization likely collaborate with users from other organizations. Collaboration occurs with productivity applications like Microsoft 365, by email, or sharing resources with external users. These scenarios include users:
 
-* Users initiating external collaboration
-* Collaboration with external users and organizations
-* Access granted to external users
+* Initiating external collaboration
+* Collaborating with external users and organizations
+* Granting access to external users
 
-## Users initiating external collaboration
+## Determine who initiates external collaboration
 
-Users seeking external collaboration know the applications needed for their work, and when access ends. Therefore, determine users with delegated permission to invite external users, create access packages, and complete access reviews.
+Generally, users seeking external collaboration know the applications to use, and when access ends. Therefore, determine users with delegated permissions to invite external users, create access packages, and complete access reviews.
 
 To find collaborating users:
 
-* [Microsoft 365, audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide&preserve-view=true)
-* [Auditing and reporting a B2B collaboration user](../external-identities/auditing-and-reporting.md)
+* Microsoft 365 [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide&preserve-view=true) - search for events and discover activities audited in Microsoft 365
+* [Auditing and reporting a B2B collaboration user](../external-identities/auditing-and-reporting.md) - verify guest user access, and see records of system and user activities
 
-## Collaboration with external users and organizations
+## Enumerate guest users and organizations
 
-External users might be Azure AD B2B users with partner-managed credentials, or external users with locally provisioned credentials. Typically, these users are a UserType of Guest. See, [B2B collaboration overview](../external-identities/what-is-b2b.md).
+External users might be Azure AD B2B users with partner-managed credentials, or external users with locally provisioned credentials. Typically, these users are the Guest UserType. To learn about inviting guests users and sharing resources, see [B2B collaboration overview](../external-identities/what-is-b2b.md).
 
 You can enumerate guest users with:
 
 * [Microsoft Graph API](/graph/api/user-list?tabs=http)
 * [PowerShell](/graph/api/user-list?tabs=http)
 * [Azure portal](../enterprise-users/users-bulk-download.md)
 
-There are tools to identify Azure AD B2B collaboration, external Azure AD tenants and users accessing applications:
+Use the following tools to identify Azure AD B2B collaboration, external Azure AD tenants, and users accessing applications:
 
-* [PowerShell module](https://github.com/AzureAD/MSIdentityTools/wiki/Get-MSIDCrossTenantAccessActivity)
-* [Azure Monitor workbook](../reports-monitoring/workbook-cross-tenant-access-activity.md)
+* PowerShell module, [Get MsIdCrossTenantAccessActivity](https://github.com/AzureAD/MSIdentityTools/wiki/Get-MSIDCrossTenantAccessActivity)
+* [Cross-tenant access activity workbook](../reports-monitoring/workbook-cross-tenant-access-activity.md)
 
-### Email domains and companyName property
+### Discover email domains and companyName property
 
-Determine external organizations with the domain names of external user email addresses. This discovery might not be possible with consumer identity providers such as Google. We recommend you write the companyName attribute to identify external organizations.
+You can determine external organizations with the domain names of external user email addresses. This discovery might not be possible with consumer identity providers. We recommend you write the companyName attribute to identify external organizations.
 
-### Allowlist, blocklist, and entitlement management
+### Use allowlist, blocklist, and entitlement management
 
-For your organization to collaborate with, or block, specific organizations, at the tenant level, there is allowlist or blocklist. Use this feature to control B2B invitations and redemptions regardless of source (such as Microsoft Teams, SharePoint, or the Azure portal). See, [Allow or block invitations to B2B users from specific organizations](../external-identities/allow-deny-list.md).
+Use the allowlist or blocklist to enable your organization to collaborate with, or block, organizations at the tenant level. Control B2B invitations and redemptions regardless of source (such as Microsoft Teams, SharePoint, or the Azure portal). 
+
+See, [Allow or block invitations to B2B users from specific organizations](../external-identities/allow-deny-list.md)
 
 If you use entitlement management, you can confine access packages to a subset of partners with the **Specific connected organizations** option, under New access packages, in Identity Governance.
 
-   ![Screenshot of the Specific connected organizations option, under New access packages.](media/secure-external-access/2-new-access-package.png)
+   ![Screenshot of settings and options under Identity Governance, New access package.](media/secure-external-access/2-new-access-package.png)
 
-## External user access
+## Determine external user access
 
-After you have an inventory of external users and organizations, determine the access to grant to these users. You can use the Microsoft Graph API to determine Azure AD group membership or application assignment.
+With an inventory of external users and organizations, determine the access to grant to the users. You can use the Microsoft Graph API to determine Azure AD group membership or application assignment.
 
 * [Working with groups in Microsoft Graph](/graph/api/resources/groups-overview?context=graph%2Fcontext&view=graph-rest-1.0&preserve-view=true)
 * [Applications API overview](/graph/applications-concept-overview?view=graph-rest-1.0&preserve-view=true)