Merge pull request #113788 from MicrosoftGuyJFlo/CAOfficeServiceDependency

PRMerger15 · web-flow · commit e0d816b096cc · 2020-05-04T14:37:24.000-07:00
[Azure AD] Conditional Access - Office dependency
diff --git a/articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md b/articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md
@@ -68,7 +68,7 @@ Administrators can assign a Conditional Access policy to the following cloud app
 
 Office 365 provides cloud-based productivity and collaboration services like Exchange, SharePoint, and Microsoft Teams. Office 365 cloud services are deeply integrated to ensure smooth and collaborative experiences. This integration can cause confusion when creating policies as some apps such as Microsoft Teams have dependencies on others such as SharePoint or Exchange.
 
-The Office 365 (preview) app makes it possible to target these services all at once. We recommend using the new Office 365 (preview) app, instead of targeting individual cloud apps. Targeting this group of applications helps to avoid issues that may arise due to inconsistent policies and dependencies.
+The Office 365 (preview) app makes it possible to target these services all at once. We recommend using the new Office 365 (preview) app, instead of targeting individual cloud apps to avoid issues with [service dependencies](service-dependencies.md). Targeting this group of applications helps to avoid issues that may arise due to inconsistent policies and dependencies.
 
 Administrators can choose to exclude specific apps from policy if they wish by including the Office 365 (preview) app and excluding the specific apps of their choice in policy.
 
diff --git a/articles/active-directory/conditional-access/service-dependencies.md b/articles/active-directory/conditional-access/service-dependencies.md
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: article
-ms.date: 11/21/2019
+ms.date: 05/04/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -20,7 +20,7 @@ ms.collection: M365-identity-device-management
 
 With Conditional Access policies, you can specify access requirements to websites and services. For example, your access requirements can include requiring multi-factor authentication (MFA) or [managed devices](require-managed-devices.md). 
 
-When you access a site or service directly, the impact of a related policy is typically easy to assess. For example, if you have a policy that requires MFA for SharePoint Online configured, MFA is enforced for each sign-in to the SharePoint web portal. However, it is not always straight-forward to assess the impact of a policy because there are cloud apps with dependencies to other cloud apps. For example, Microsoft Teams can provide access to resources in SharePoint Online. So, when you access Microsoft Teams in our current scenario, you are also subject to the SharePoint MFA policy.   
+When you access a site or service directly, the impact of a related policy is typically easy to assess. For example, if you have a policy that requires multi-factor authentication (MFA) for SharePoint Online configured, MFA is enforced for each sign-in to the SharePoint web portal. However, it is not always straight-forward to assess the impact of a policy because there are cloud apps with dependencies to other cloud apps. For example, Microsoft Teams can provide access to resources in SharePoint Online. So, when you access Microsoft Teams in our current scenario, you are also subject to the SharePoint MFA policy. 
 
 ## Policy enforcement 
 
@@ -35,6 +35,8 @@ The diagram below illustrates MS Teams service dependencies. Solid arrows indica
 
 As a best practice, you should set common policies across related apps and services whenever possible. Having a consistent security posture provides you with the best user experience. For example, setting a common policy across Exchange Online, SharePoint Online, Microsoft Teams, and Skype for business significantly reduces unexpected prompts that may arise from different policies being applied to downstream services. 
 
+A great way to accomplish this with applications in the Office stack is to use the [Office 365 (preview)](concept-conditional-access-cloud-apps.md#office-365-preview) instead of targeting individual applications.
+
 The below table lists additional service dependencies, where the client apps must satisfy  
 
 | Client apps         | Downstream service                          | Enforcement |
