Skip to content

Commit cba986e

Browse files
authored
Merge pull request #204510 from jkdouglas/XTAP-Outbound-User-Targeting
Updates to cross-tenant access docs
2 parents 1a4b255 + a054c4f commit cba986e

File tree

4 files changed

+6
-14
lines changed

4 files changed

+6
-14
lines changed

articles/active-directory/external-identities/cross-cloud-settings.md

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -47,13 +47,6 @@ After each organization has completed these steps, Azure AD B2B collaboration be
4747

4848
In your Microsoft cloud settings, enable the Microsoft Azure cloud you want to collaborate with.
4949

50-
> [!NOTE]
51-
> The admin experience is currently still deploying to national clouds. To access the admin experience in Microsoft Azure Government or Microsoft Azure China, you can use these links:
52-
>
53-
>Microsoft Azure Government - https://aka.ms/cloudsettingsusgov
54-
>
55-
>Microsoft Azure China - https://aka.ms/cloudsettingschina
56-
5750
1. Sign in to the [Azure portal](https://portal.azure.com) using a Global administrator or Security administrator account. Then open the **Azure Active Directory** service.
5851
1. Select **External Identities**, and then select **Cross-tenant access settings**.
5952
1. Select **Microsoft cloud settings (Preview)**.

articles/active-directory/external-identities/cross-tenant-access-overview.md

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -77,13 +77,6 @@ To set up B2B collaboration, both organizations configure their Microsoft cloud
7777
7878
For configuration steps, see [Configure Microsoft cloud settings for B2B collaboration (Preview)](cross-cloud-settings.md).
7979

80-
> [!NOTE]
81-
> The admin experience is currently still deploying to national clouds. To access the admin experience in Microsoft Azure Government or Microsoft Azure China, you can use these links:
82-
>
83-
>Microsoft Azure Government - https://aka.ms/cloudsettingsusgov
84-
>
85-
>Microsoft Azure China - https://aka.ms/cloudsettingschina
86-
8780
### Default settings in cross-cloud scenarios
8881

8982
To collaborate with a partner tenant in a different Microsoft Azure cloud, both organizations need to mutually enable B2B collaboration with each other. The first step is to enable the partner's cloud in your cross-tenant settings. When you first enable another cloud, B2B collaboration is blocked for all tenants in that cloud. You need to add the tenant you want to collaborate with to your Organizational settings, and at that point your default settings go into effect for that tenant only. You can allow the default settings to remain in effect, or you can modify the organizational settings for the tenant.

articles/active-directory/external-identities/cross-tenant-access-settings-b2b-collaboration.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -231,6 +231,9 @@ With outbound settings, you select which of your users and groups will be able t
231231
- Select the user or group in the search results.
232232
- When you're done selecting the users and groups you want to add, choose **Select**.
233233

234+
> [!NOTE]
235+
> When targeting your users and groups, you won't be able to select users who have configured [SMS-based authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-sms-signin). This is because users who have a "federated credential" on their user object are blocked to prevent external users from being added to outbound access settings. As a workaround, you can use the [Microsoft Graph API](https://docs.microsoft.com/graph/api/resources/crosstenantaccesspolicy-overview?view=graph-rest-1.0) to add the user's object ID directly or target a group the user belongs to.
236+
234237
1. Select the **External applications** tab.
235238

236239
1. Under **Access status**, select one of the following:

articles/active-directory/external-identities/cross-tenant-access-settings-b2b-direct-connect.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -228,6 +228,9 @@ With outbound settings, you select which of your users and groups will be able t
228228
- In the **Select** pane, type the user name or the group name in the search box.
229229
- When you're done selecting users and groups, choose **Select**.
230230

231+
> [!NOTE]
232+
> When targeting your users and groups, you won't be able to select users who have configured [SMS-based authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-sms-signin). This is because users who have a "federated credential" on their user object are blocked to prevent external users from being added to outbound access settings. As a workaround, you can use the [Microsoft Graph API](https://docs.microsoft.com/graph/api/resources/crosstenantaccesspolicy-overview?view=graph-rest-1.0) to add the user's object ID directly or target a group the user belongs to.
233+
231234
1. Select **Save**.
232235
1. Select the **External applications** tab.
233236
1. Under **Access status**, select one of the following:

0 commit comments

Comments
 (0)