Merge pull request #210256 from eringreenlee/master

fixing clickthrough rate on 4 articles

Author: prmerger-automator[bot]

articles/active-directory/manage-apps/assign-user-or-group-access-portal.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-mgmt
 ms.workload: identity
 ms.topic: how-to
-ms.date: 10/23/2021
+ms.date: 09/06/2022
 ms.author: ergreenl
 ms.custom: contperf-fy22q2, contperf-fy22q3
 
@@ -17,7 +17,7 @@ ms.custom: contperf-fy22q2, contperf-fy22q3
 
 # Assign users and groups to an application
 
-This article shows you how to assign users and groups to an enterprise application in Azure Active Directory (Azure AD) using PowerShell. When you assign a user to an application, the application appears in the user's [My Apps](https://myapps.microsoft.com/) portal for easy access. If the application exposes roles, you can also assign a specific role to the user.
+This article shows you how to assign users and groups to an enterprise application in Azure Active Directory (Azure AD) using PowerShell. When you assign a user to an application, the application appears in the user's [My Apps](https://myapps.microsoft.com/) portal for easy access. If the application exposes app roles, you can also assign a specific app role to the user.
 
 When you assign a group to an application, only users in the group will have access. The assignment does not cascade to nested groups.
 
@@ -33,7 +33,6 @@ To assign users to an app using PowerShell, you need:
 - One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
 - If you have not yet installed the AzureAD module (use the command `Install-Module -Name AzureAD`). If you're prompted to install a NuGet module or the new Azure Active Directory V2 PowerShell module, type Y and press ENTER.
 - Azure Active Directory Premium P1 or P2 for group-based assignment. For more licensing requirements for the features discussed in this article, see the [Azure Active Directory pricing page](https://azure.microsoft.com/pricing/details/active-directory).
-- Optional: Completion of [Configure an app](add-application-portal-configure.md).
 
 ## Assign users, and groups, to an app using PowerShell
 

articles/active-directory/manage-apps/configure-admin-consent-workflow.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-mgmt
 ms.workload: identity
 ms.topic: how-to
-ms.date: 06/10/2022
+ms.date: 09/02/2022
 ms.author: ergreenl
 ms.collection: M365-identity-device-management
 ms.custom: contperf-fy22q2
@@ -34,7 +34,7 @@ To configure the admin consent workflow, you need:
 
 To enable the admin consent workflow and choose reviewers:
 
-1. Sign in to the [Azure portal](https://portal.azure.com)  with one of the roles listed in the prerequisites.
+1. Sign-in to the [Azure portal](https://portal.azure.com)  with one of the roles listed in the prerequisites.
 1. Search for and select **Azure Active Directory**.
 1. Select **Enterprise applications**.
 1. Under **Manage**, select **User settings**.
@@ -58,3 +58,5 @@ To configure the admin consent workflow programmatically, use the [Update adminC
 ## Next steps
 
 [Grant tenant-wide admin consent to an application](grant-admin-consent.md)
+
+[Reivew admin consent requests](review-admin-consent-requests.md)

articles/active-directory/manage-apps/disable-user-sign-in-portal.md

@@ -8,15 +8,19 @@ ms.service: active-directory
 ms.subservice: app-mgmt
 ms.workload: identity
 ms.topic: how-to
-ms.date: 09/23/2021
+ms.date: 09/06/2022
 ms.author: ergreenl
 ms.custom: it-pro
 ms.collection: M365-identity-device-management
 #customer intent: As an admin, I want to disable the way a user signs in for an application so that no user can sign in to it in Azure Active Directory.
 ---
-# Disable how a user signs in for an application
+# Disable user sign-in for an application
+
+There may be situations while configuring or managing an application where you don't want tokens to be issued for an application. Or, you may want to preemptively block an application that you do not want your employees to try to access. To accomplish this, you can disable user sign-in for the application, which will prevent all tokens from being issued for that application.
+
+In this article, you will learn how to disable how a user signs in to an application in Azure Active Directory through both the Azure portal and PowerShell. If you are looking for how to block specific users from accessing an application, use [user or group assignment](./assign-user-or-group-access-portal.md).
+
 
-In this article, you disable how a user signs in to an application in Azure Active Directory.
 
 ## Prerequisites
 
@@ -39,7 +43,7 @@ To disable how a user signs in, you need:
 
 Ensure you have installed the AzureAD module (use the command Install-Module -Name AzureAD). In case you are prompted to install a NuGet module or the new Azure Active Directory V2 PowerShell module, type Y and press ENTER.
 
-If you know the AppId of an app that doesn't appear on the Enterprise apps list (for example, because you deleted the app or the service principal hasn't yet been created due to the app being pre-authorized by Microsoft), you can manually create the service principal for the app and then disable it by using [AzureAD PowerShell cmdlet](/powershell/module/azuread/New-AzureADServicePrincipal).
+If you know the AppId of an app that doesn't appear on the Enterprise apps list (for example, because you deleted the app or the service principal hasn't yet been created due to the app being pre-authorized by Microsoft), you can manually create the service principal for the app and then disable it by using the cmdlet below.
 
 ```PowerShell
 # The AppId of the app to be disabled

articles/active-directory/manage-apps/grant-admin-consent.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-mgmt
 ms.workload: identity
 ms.topic: how-to
-ms.date: 10/23/2021
+ms.date: 09/02/2022
 ms.author: ergreenl
 ms.collection: M365-identity-device-management
 ms.custom: contperf-fy22q2
@@ -18,13 +18,15 @@ ms.custom: contperf-fy22q2
 
 # Grant tenant-wide admin consent to an application
 
-  In this article, you'll learn how to grant tenant-wide admin consent to an application in Azure Active Directory (Azure AD).
+  In this article, you'll learn how to grant tenant-wide admin consent to an application in Azure Active Directory (Azure AD). To understand how individual users consent, see [Configure how end-users consent to applications](configure-user-consent.md).
 
-When you grant tenant-wide admin consent to an application, all users can sign in to the app. To restrict which users can sign in to an application, configure the app to require user assignment and then assign users or groups to the application. 
+When you grant tenant-wide admin consent to an application, you give the application access on behalf of the whole organization to the permissions requested. Granting admin consent on behalf of an organization is a sensitive operation, potentially allowing the application's publisher access to significant portions of your organization's data, or the permission to do highly privileged operations. Examples of such operations might be role management, full access to all mailboxes or all sites, and full user impersonation.
+
+By default, granting tenant-wide admin consent to an application will allow all users to access the application unless otherwise restricted. To restrict which users can sign-in to an application, configure the app to [require user assignment](application-properties.md#assignment-required) and then [assign users or groups to the application](assign-user-or-group-access-portal.md). 
 
 Tenant-wide admin consent to an app grants the app and the app's publisher access to your organization's data. Carefully review the permissions that the application is requesting before you grant consent. For more information on consenting to applications, see [Azure Active Directory consent framework](../develop/consent-framework.md).
 
-Granting tenant-wide admin consent may revoke any permissions which had previously been granted tenant-wide. Permissions which have previously been granted by users on their own behalf will not be affected.
+Granting tenant-wide admin consent may revoke any permissions which had previously been granted tenant-wide for that application. Permissions which have previously been granted by users on their own behalf will not be affected.
 
 ## Prerequisites