Skip to content

Commit e509259

Browse files
committed
fixing the notes
1 parent a324e23 commit e509259

File tree

1 file changed

+8
-4
lines changed

1 file changed

+8
-4
lines changed

articles/active-directory/governance/conditional-access-exclusion.md

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,8 @@ Unfortunately, some users may still have a valid reason to sign in from these bl
3737

3838
Another example might be that you have a Conditional Access policy [blocking legacy authentication for the vast majority of your users](https://cloudblogs.microsoft.com/enterprisemobility/2018/06/07/azure-ad-conditional-access-support-for-blocking-legacy-auth-is-in-public-preview/). However, if you have some users that need to use legacy authentication methods to access your resources via Office 2010 or IMAP/SMTP/POP based clients, then you can exclude these users from the policy that blocks legacy authentication methods.
3939

40-
>[!NOTE] Microsoft strongly recommends that you block the use of legacy protocols in your tenant to improve your security posture.
40+
>[!NOTE]
41+
>Microsoft strongly recommends that you block the use of legacy protocols in your tenant to improve your security posture.
4142
4243
## Why are exclusions challenging?
4344

@@ -90,7 +91,8 @@ Now you can create a Conditional Access policy that uses this exclusion group.
9091

9192
7. Select the exclusion group you created.
9293

93-
>[!NOTE] As a best practice, it is recommended to exclude at least one administrator account from the policy when testing to make sure you are not locked out of your tenant.
94+
>[!NOTE]
95+
> As a best practice, it is recommended to exclude at least one administrator account from the policy when testing to make sure you are not locked out of your tenant.
9496
9597
1. Continue with setting up the Conditional Access policy based on your organizational requirements.
9698

@@ -103,7 +105,8 @@ Let's cover two examples where you can use access reviews to manage exclusions i
103105
Let's say you have a Conditional Access policy that blocks access from certain countries/regions. It includes a group that is excluded from the policy. Here is
104106
a recommended access review where members of the group are reviewed.
105107

106-
>[!NOTE] A Global administrator or User administrator role is required to create access reviews.
108+
>[!NOTE]
109+
>A Global administrator or User administrator role is required to create access reviews.
107110
108111
1. The review will happen every week.
109112

@@ -139,7 +142,8 @@ that is excluded from the policy. Here is a recommended access review where memb
139142

140143
![Create an access review pane for example 2](./media/conditional-access-exclusion/create-access-review-2.png)
141144

142-
>[!IMPORTANT] If you have many exclusion groups and therefore need to create multiple access reviews, we now have an API in the Microsoft Graph beta endpoint that allows you to create and manage them programmatically. To get started, see the [Azure AD access reviews API reference](https://developer.microsoft.com/graph/docs/api-reference/beta/resources/accessreviews_root) and [Example of retrieving Azure AD access reviews via Microsoft Graph](https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Example-of-retrieving-Azure-AD-access-reviews-via-Microsoft/td-p/236096).
145+
>[!IMPORTANT]
146+
>If you have many exclusion groups and therefore need to create multiple access reviews, we now have an API in the Microsoft Graph beta endpoint that allows you to create and manage them programmatically. To get started, see the [Azure AD access reviews API reference](https://developer.microsoft.com/graph/docs/api-reference/beta/resources/accessreviews_root) and [Example of retrieving Azure AD access reviews via Microsoft Graph](https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Example-of-retrieving-Azure-AD-access-reviews-via-Microsoft/td-p/236096).
143147
144148
## Access review results and audit logs
145149

0 commit comments

Comments
 (0)