Updated to reflect Risk Based Step-up Consent

Added new blurb for new behavior and added previously missing error message.

Author: jesakowi

articles/active-directory/manage-apps/application-sign-in-unexpected-user-consent-error.md

@@ -30,9 +30,12 @@ Certain conditions must be true for a user to consent to the permissions an appl
 
 ## Requesting not authorized permissions error
 * **AADSTS90093:** <clientAppDisplayName> is requesting one or more permissions that you are not authorized to grant. Contact an administrator, who can consent to this application on your behalf.
+* **AADSTS90094:** <clientAppDisplayName> needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.
 
 This error occurs when a user who is not a company administrator attempts to use an application that is requesting permissions that only an administrator can grant. This error can be resolved by an administrator granting access to the application on behalf of their organization.
 
+This error can also occur when a user is prevented from consenting to an application due to Microsoft detecting that the permissions request is risky. In this case, an audit event will also be logged with a Category of "ApplicationManagement", Activity Type of "Consent to application" and Status Reason of "Risky application detected".
+
 ## Policy prevents granting permissions error
 * **AADSTS90093:** An administrator of <tenantDisplayName> has set a policy that prevents you from granting <name of app> the permissions it is requesting. Contact an administrator of <tenantDisplayName>, who can grant permissions to this app on your behalf.