Merge pull request #204510 from jkdouglas/XTAP-Outbound-User-Targeting

Updates to cross-tenant access docs

Author: PRMerger8

articles/active-directory/external-identities/cross-cloud-settings.md

@@ -47,13 +47,6 @@ After each organization has completed these steps, Azure AD B2B collaboration be
 
 In your Microsoft cloud settings, enable the Microsoft Azure cloud you want to collaborate with.
 
-> [!NOTE]
-> The admin experience is currently still deploying to national clouds. To access the admin experience in Microsoft Azure Government or Microsoft Azure China, you can use these links: 
->
->Microsoft Azure Government - https://aka.ms/cloudsettingsusgov
->
->Microsoft Azure China - https://aka.ms/cloudsettingschina
-
 1. Sign in to the [Azure portal](https://portal.azure.com) using a Global administrator or Security administrator account. Then open the **Azure Active Directory** service.
 1. Select **External Identities**, and then select **Cross-tenant access settings**.
 1. Select **Microsoft cloud settings (Preview)**.

articles/active-directory/external-identities/cross-tenant-access-overview.md

@@ -77,13 +77,6 @@ To set up B2B collaboration, both organizations configure their Microsoft cloud
 
 For configuration steps, see [Configure Microsoft cloud settings for B2B collaboration (Preview)](cross-cloud-settings.md).
 
-> [!NOTE]
-> The admin experience is currently still deploying to national clouds. To access the admin experience in Microsoft Azure Government or Microsoft Azure China, you can use these links: 
->
->Microsoft Azure Government - https://aka.ms/cloudsettingsusgov
->
->Microsoft Azure China - https://aka.ms/cloudsettingschina
-
 ### Default settings in cross-cloud scenarios
 
 To collaborate with a partner tenant in a different Microsoft Azure cloud, both organizations need to mutually enable B2B collaboration with each other. The first step is to enable the partner's cloud in your cross-tenant settings. When you first enable another cloud, B2B collaboration is blocked for all tenants in that cloud. You need to add the tenant you want to collaborate with to your Organizational settings, and at that point your default settings go into effect for that tenant only. You can allow the default settings to remain in effect, or you can modify the organizational settings for the tenant.

articles/active-directory/external-identities/cross-tenant-access-settings-b2b-collaboration.md

@@ -231,6 +231,9 @@ With outbound settings, you select which of your users and groups will be able t
    - Select the user or group in the search results.
    - When you're done selecting the users and groups you want to add, choose **Select**.
 
+   > [!NOTE]
+   > When targeting your users and groups, you won't be able to select users who have configured [SMS-based authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-sms-signin). This is because users who have a "federated credential" on their user object are blocked to prevent external users from being added to outbound access settings. As a workaround, you can use the [Microsoft Graph API](https://docs.microsoft.com/graph/api/resources/crosstenantaccesspolicy-overview?view=graph-rest-1.0) to add the user's object ID directly or target a group the user belongs to.
+
 1. Select the **External applications** tab.
 
 1. Under **Access status**, select one of the following:

articles/active-directory/external-identities/cross-tenant-access-settings-b2b-direct-connect.md

@@ -228,6 +228,9 @@ With outbound settings, you select which of your users and groups will be able t
    - In the **Select** pane, type the user name or the group name in the search box.
    - When you're done selecting users and groups, choose **Select**.
 
+   > [!NOTE]
+   > When targeting your users and groups, you won't be able to select users who have configured [SMS-based authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-sms-signin). This is because users who have a "federated credential" on their user object are blocked to prevent external users from being added to outbound access settings. As a workaround, you can use the [Microsoft Graph API](https://docs.microsoft.com/graph/api/resources/crosstenantaccesspolicy-overview?view=graph-rest-1.0) to add the user's object ID directly or target a group the user belongs to.
+
 1. Select **Save**.
 1. Select the **External applications** tab.
 1. Under **Access status**, select one of the following: