Merge pull request #288026 from cherylmc/SFI-fix-global

SFI VPN Gateway Global AdminFix permissions

Author: prmerger-automator[bot]

articles/virtual-wan/openvpn-azure-ad-tenant.md

@@ -5,7 +5,7 @@ titleSuffix: Azure Virtual WAN
 author: cherylmc
 ms.service: azure-virtual-wan
 ms.topic: how-to
-ms.date: 09/24/2024
+ms.date: 10/08/2024
 ms.author: cherylmc
 
 #Note that Audience values are not sensitive data. 
@@ -32,11 +32,11 @@ Verify that you have a Microsoft Entra tenant. If you don't have a Microsoft Ent
 
 1. Create two accounts in the newly created Microsoft Entra tenant. For steps, see [Add or delete a new user](../active-directory/fundamentals/add-users-azure-active-directory.md).
 
-   * Global administrator account
+   * [Cloud Application Administrator role](/entra/identity/role-based-access-control/permissions-reference#cloud-application-administrator)
    * User account
 
-   The global administrator account will be used to grant consent to the Azure VPN app registration. The user account can be used to test OpenVPN authentication.
-1. Assign one of the accounts the **Global administrator** role. For steps, see  [Assign administrator and non-administrator roles to users with Microsoft Entra ID](../active-directory/fundamentals/active-directory-users-assign-role-azure-portal.md).
+   The Cloud Application Administrator role is used to grant consent to the Azure VPN app registration. The user account can be used to test OpenVPN authentication.
+1. Assign one of the accounts the **Cloud Application Administrator** role. For steps, see  [Assign administrator and non-administrator roles to users with Microsoft Entra ID](/azure/active-directory-b2c/tenant-management-read-tenant-name).
 
 ## <a name="enable-authentication"></a>3. Grant consent to the Azure VPN app registration
 

articles/vpn-gateway/openvpn-azure-ad-tenant.md

@@ -5,7 +5,7 @@ description: Learn how to set up a Microsoft Entra tenant and P2S gateway for P2
 author: cherylmc
 ms.service: azure-vpn-gateway
 ms.topic: how-to
-ms.date: 08/14/2024
+ms.date: 10/08/2024
 ms.author: cherylmc
 
 #Note that Audience values are not sensitive data. 

includes/vpn-gateway-vwan-azure-ad-tenant.md

@@ -2,12 +2,12 @@
  author: cherylmc
  ms.service: azure-vpn-gateway
  ms.topic: include
- ms.date: 09/24/2024
+ ms.date: 10/08/2024
  ms.author: cherylmc
 
 #Note that Audience values are not sensitive data. 
 ---
-1. Sign in to the Azure portal as a user that is assigned the **Global administrator** role.
+1. Sign in to the Azure portal as a user that is assigned the **Cloud Application Administrator** role.
 
 1. Next, grant admin consent for your organization. This allows the Azure VPN application to sign in and read user profiles. Copy and paste the URL that pertains to your deployment location in the address bar of your browser:
 
@@ -36,10 +36,10 @@
     ```
 
    > [!NOTE]
-   > If you're using a global admin account that is not native to the Microsoft Entra tenant to provide consent, replace "common" with the Microsoft Entra tenant ID in the URL. You may also have to replace "common" with your tenant ID in certain other cases as well. For help with finding your tenant ID, see [How to find your Microsoft Entra tenant ID](/azure/active-directory-b2c/tenant-management-read-tenant-name).
+   > If you're using a Cloud Applicaion Administrator account that is not native to the Microsoft Entra tenant to provide consent, replace "common" with the Microsoft Entra tenant ID in the URL. You may also have to replace "common" with your tenant ID in certain other cases as well. For help with finding your tenant ID, see [How to find your Microsoft Entra tenant ID](/azure/active-directory-b2c/tenant-management-read-tenant-name).
    >
 
-1. Select the account that has the **Global administrator** role if prompted.
+1. Select the account that has the **Cloud Application Administrator** role if prompted.
 
 1. On the **Permissions requested** page, select **Accept**.