Merge pull request #214699 from MicrosoftDocs/main

Publish to live, Monday 4 AM PST, 10/17

Author: ttorble

articles/active-directory/authentication/concept-certificate-based-authentication.md

@@ -70,7 +70,7 @@ The following scenarios aren't supported:
 - Only one CRL Distribution Point (CDP) for a trusted CA is supported.
 - The CDP can be only HTTP URLs. We don't support Online Certificate Status Protocol (OCSP), or Lightweight Directory Access Protocol (LDAP) URLs.
 - Configuring other certificate-to-user account bindings, such as using the **Subject**, **Subject + Issuer** or **Issuer + Serial Number**, aren’t available in this release.
-- Password as an authentication method cannot be disabled and the option to sign in using a password is displayed even with Azure AB CBA method available to the user.
+- Password as an authentication method cannot be disabled and the option to sign in using a password is displayed even with Azure AD CBA method available to the user.
 
 ## Out of Scope
 

articles/active-directory/external-identities/cross-tenant-access-settings-b2b-collaboration.md

@@ -16,7 +16,7 @@ ms.collection: M365-identity-device-management
 
 # Configure cross-tenant access settings for B2B collaboration
 
-Use External Identities cross-tenant access settings to manage how you collaborate with other Azure AD organizations through B2B collaboration. These settings determine both the level of *inbound* access users in external Azure AD organizations have to your resources, as well as the level of *outbound* access your users have to external organizations. They also let you trust multi-factor authentication (MFA) and device claims ([compliant claims and hybrid Azure AD joined claims](../conditional-access/howto-conditional-access-policy-compliant-device.md)) from other Azure AD organizations. For details and planning considerations, see [Cross-tenant access in Azure AD External Identities](cross-tenant-access-overview.md).
+Use External Identities cross-tenant access settings to manage how you collaborate with other Azure AD organizations through B2B collaboration. These settings determine both the level of *inbound* access users in external Azure AD organizations have to your resources, and the level of *outbound* access your users have to external organizations. They also let you trust multi-factor authentication (MFA) and device claims ([compliant claims and hybrid Azure AD joined claims](../conditional-access/howto-conditional-access-policy-compliant-device.md)) from other Azure AD organizations. For details and planning considerations, see [Cross-tenant access in Azure AD External Identities](cross-tenant-access-overview.md).
 
 ## Before you begin
 
@@ -92,9 +92,13 @@ With inbound settings, you select which external users and groups will be able t
 
 ### To change inbound B2B collaboration settings
 
-1. Select the **B2B collaboration** tab.
+1. Sign in to the [Azure portal](https://portal.azure.com) using a Global administrator or Security administrator account. Then open the **Azure Active Directory** service.
+
+1. Select **External Identities** > **Cross-tenant access settings**.
+
+1. Under **Organizational settings** select the link in the **Inbound access** column and the **B2B collaboration** tab.
 
-1. (This step applies to **Organizational settings** only.) If you're configuring inbound access settings for a specific organization, select one of the following:
+1. If you're configuring inbound access settings for a specific organization, select one of the following:
 
    - **Default settings**: Select this option if you want the organization to use the default inbound settings (as configured on the **Default** settings tab). If customized settings were already configured for this organization, you'll need to select **Yes** to confirm that you want all settings to be replaced by the default settings. Then select **Save**, and skip the rest of the steps in this procedure.
 
@@ -232,7 +236,7 @@ With outbound settings, you select which of your users and groups will be able t
    - When you're done selecting the users and groups you want to add, choose **Select**.
 
    > [!NOTE]
-   > When targeting your users and groups, you won't be able to select users who have configured [SMS-based authentication](../authentication/howto-authentication-sms-signin.md). This is because users who have a "federated credential" on their user object are blocked to prevent external users from being added to outbound access settings. As a workaround, you can use the [Microsoft Graph API](/graph/api/resources/crosstenantaccesspolicy-overview?view=graph-rest-1.0) to add the user's object ID directly or target a group the user belongs to.
+   > When targeting your users and groups, you won't be able to select users who have configured [SMS-based authentication](../authentication/howto-authentication-sms-signin.md). This is because users who have a "federated credential" on their user object are blocked to prevent external users from being added to outbound access settings. As a workaround, you can use the [Microsoft Graph API](/graph/api/resources/crosstenantaccesspolicy-overview) to add the user's object ID directly or target a group the user belongs to.
 
 1. Select the **External applications** tab.
 
@@ -281,4 +285,4 @@ When you remove an organization from your Organizational settings, the default c
 ## Next steps
 
 - See [Configure external collaboration settings](external-collaboration-settings-configure.md) for B2B collaboration with non-Azure AD identities, social identities, and non-IT managed external accounts.
-- [Configure cross-tenant access settings for B2B direct connect](cross-tenant-access-settings-b2b-direct-connect.md)
+- [Configure cross-tenant access settings for B2B direct connect](cross-tenant-access-settings-b2b-direct-connect.md)

articles/active-directory/external-identities/invitation-email-elements.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 04/12/2021
+ms.date: 09/30/2022
 
 ms.author: mimart
 author: msmimart
@@ -17,13 +17,13 @@ ms.collection: M365-identity-device-management
 
 # The elements of the B2B collaboration invitation email - Azure Active Directory
 
-Invitation emails are a critical component to bring partners on board as B2B collaboration users in Azure AD. While it’s [not required that you send an email to invite someone using B2B collaboration](add-user-without-invite.md), doing so gives the user all the information they need to make a decision about whether to accept your invite. It also gives them a link they can always refer to in the future when they need to return to your resources.
+Invitation emails are a critical component to bring partners on board as B2B collaboration users in Azure AD. It’s [not required that you send an email to invite someone using B2B collaboration](add-user-without-invite.md), but it gives the user all the information they need to decide if they accept your invite or not. It also gives them a link they can always refer to in the future when they need to return to your resources.
 
 ![Screenshot showing the B2B invitation email](media/invitation-email-elements/invitation-email.png)
 
 ## Explaining the email
 
-Let's look at a few elements of the email so you know how best to use their capabilities.
+Let's look at a few elements of the email so you know how best to use their capabilities. These elements might look slightly different in some email clients. 
 
 ### Subject
 
@@ -36,34 +36,34 @@ The subject of the email follows this pattern:
 We use a LinkedIn-like pattern for the From address. This pattern should make it clear that although the email comes from [email protected], the invitation is from another organization. The format is: Microsoft Invitations <[email protected]> or Microsoft invitations on behalf of &lt;tenantname&gt; <[email protected]>. 
 
 > [!NOTE]
-> For the Azure service operated by 21Vianet in China, the sender address is [email protected].  
-> For the Azure AD Government, the sender address is [email protected].
+> For the Azure service operated by [21Vianet in China](/azure/china), the sender address is [email protected].  
+> For the [Azure AD Government](/azure/azure-government), the sender address is [email protected].
 
 ### Reply To
 
 The reply-to email is set to the inviter's email when available, so that replying to the email sends an email back to the inviter.
 
 ### Phishing warning
 
-The email starts with a brief warning to the user about phishing, alerting them that they should only accept invitations they're expecting. It’s good practice to make sure the partners you’re inviting will not be surprised by your invitation by mentioning it to them ahead of time.
+The email starts with a brief warning to the user about phishing, alerting them that they should only accept invitations they're expecting. It’s good practice to make sure the partners you’re inviting won't be surprised by your invitation by mentioning it to them ahead of time.
 
 ![Image of the phishing warning in the email](media/invitation-email-elements/phishing-warning.png)
 
 ### Inviter's information and invitation message
 
-The email includes the name and primary domain associated with the organization sending the invitation. This information should help the invitee make an informed decision about accepting the invitation. If the inviter includes a message as part of their invitation when they [invite a guest user to the directory, group, or app](add-users-administrator.md) or when they [use the invitation API](customize-invitation-api.md), the message is highlighted in the main section of the email. Also included are the inviter’s name and profile image if they’ve set one. The message itself is a text area, so for security reasons, it doesn't process HTML tags.
+The email includes the name and primary domain associated with the organization sending the invitation. This information should help the invitee make an informed decision about accepting the invitation. The inviter can include a message as part of their invitation to the [directory, group, or app](add-users-administrator.md), or when they [use the invitation API](customize-invitation-api.md). The message is highlighted in the main section of the email. The inviter’s name and profile image are also included if they’ve set one. The message itself is a text area, so for security reasons, it doesn't process HTML tags.
 
 ![Image of the invitation message in the email](media/invitation-email-elements/invitation-message-inviters-info.png)
 
-### Accept button and redirect URL
+### Accept invitation button or link and redirect URL
 
-The next section of the email contains information about where the invitee will be taken after they accept the invitation, as well as a button to do so.  In the future, the invitee can always use this link to return to your resources directly.
+The next section of the email contains information about where the invitee will be taken after they accept the invitation, and a button or link to do so.  In the future, the invitee can always use this link to return to your resources directly.
 
 ![Image of the accept button and redirect URL in the email](media/invitation-email-elements/accept-button.png)
 
 ### Footer section
 
-The footer contains more information about the invitation being sent. There is always an option for the invitee to block future invitations. If the organization has [set a privacy statement](../fundamentals/active-directory-properties-area.md), the link to the statement is displayed here.  Otherwise, a note indicates the organization hasn't set a privacy statement.
+The footer contains more information about the invitation being sent. There's always an option for the invitee to block future invitations. If the organization has [set a privacy statement](../fundamentals/active-directory-properties-area.md), the link to the statement is displayed here.  Otherwise, a note indicates the organization hasn't set a privacy statement.
 
 ![Image of the footer section in the email](media/invitation-email-elements/footer-section.png)