Merge pull request #835 from MicrosoftDocs/main

12/13/2023 AM Publish

docs/external-id/add-users-administrator.md

@@ -13,6 +13,8 @@ ms.author: cmulligan
 author: csmulligan
 manager: celestedg
 ms.collection: M365-identity-device-management
+
+# Customer intent: As a user with limited administrator directory roles, I want to add B2B collaboration users in the Microsoft Entra admin center, so that I can invite guest users to the directory, group, or application and manage their access to resources.
 ---
 
 # Add Microsoft Entra B2B collaboration users in the Microsoft Entra admin center

docs/external-id/add-users-information-worker.md

@@ -15,7 +15,7 @@ manager: celestedg
 ms.custom: "it-pro, seo-update-azuread-jan"
 ms.collection: M365-identity-device-management
 
-# Customer intent: As a tenant administrator, I want to learn how can my users invite guest users to an app.
+# Customer intent: As an application owner in Microsoft Entra, I want to be able to invite guest users to an app and manage their access, so that I can easily share the app with external users and control their permissions.
 ---
 
 # How users in your organization can invite guest users to an app

docs/external-id/auditing-and-reporting.md

@@ -14,7 +14,7 @@ manager: celestedg
 ms.custom: "it-pro, seo-update-azuread-jan"
 ms.collection: M365-identity-device-management
 
-# Customer intent: As a tenant administrator, I want to see access reviews, and system and user activities in my tenant.
+# Customer intent: As an IT admin managing B2B collaboration users, I want to audit and report on guest user activities, so that I can ensure the security and compliance of my organization's resources.
 ---
 
 # Auditing and reporting a B2B collaboration user

docs/external-id/b2b-direct-connect-overview.md

@@ -12,6 +12,8 @@ ms.author: cmulligan
 author: csmulligan
 manager: celestedg
 ms.collection: M365-identity-device-management
+
+# Customer intent: As an IT admin managing collaboration between organizations, I want to configure B2B direct connect settings, so that I can control inbound and outbound access for users and groups from external organizations and ensure secure collaboration.
 ---
 
 # B2B direct connect overview

docs/external-id/b2b-fundamentals.md

@@ -12,6 +12,9 @@ author: csmulligan
 manager: celestedg
 ms.custom: "it-pro"
 ms.collection: M365-identity-device-management
+
+# Customer intent: As an IT admin managing external collaboration in Microsoft Entra, I want to follow best practices and recommendations for securing collaboration with external partners, so that I can ensure a secure and efficient B2B collaboration experience.
+
 ---
 
 # Microsoft Entra B2B best practices

docs/external-id/b2b-quickstart-add-guest-users-portal.md

@@ -11,7 +11,7 @@ ms.service: active-directory
 ms.subservice: B2B
 ms.custom: it-pro, seo-update-azuread-jan, mode-ui
 ms.collection: M365-identity-device-management
-#Customer intent: As a tenant admin, I want to walk through the B2B invitation workflow so that I can understand how to add a guest user in the Microsoft Entra admin center, and understand the end user experience.
+#Customer intent: As an administrator, I want to add a guest user to my Microsoft Entra directory and send them an invitation, so that they can collaborate with my organization using their own work, school, or social account.
 ---
 
 # Quickstart: Add a guest user and send an invitation

docs/external-id/b2b-quickstart-invite-powershell.md

@@ -12,7 +12,7 @@ ms.subservice: B2B
 ms.custom: it-pro, seo-update-azuread-jan, mode-api, has-azure-ad-ps-ref, azure-ad-ref-level-one-done
 ms.collection: M365-identity-device-management
 
-#Customer intent: As a tenant admin, I want to walk through the B2B invitation workflow so that I can understand how to add a user via  PowerShell.
+#Customer intent: As an administrator, I want to add a guest user to my Microsoft Entra directory and send them an invitation via PowerShell, so that they can collaborate with my organization using their own work, school, or social account.
 ---
 
 # Quickstart: Add a guest user with PowerShell

docs/external-id/b2b-sponsors.md

@@ -13,7 +13,7 @@ author: csmulligan
 manager: CelesteDG
 ms.collection: M365-identity-device-management
 
-# Customer intent: As a tenant administrator, I want to know how to add sponsors to guest users in Microsoft Entra External ID.
+# Customer intent: As a B2B organization administrator, I want to track and manage sponsors for guest users, so that I can ensure accountability and proper governance of external partners in my directory.
 ---
 # Sponsors field for B2B users (preview)
 

docs/external-id/b2b-tutorial-require-mfa.md

@@ -14,7 +14,7 @@ manager: CelesteDG
 ms.custom: "it-pro, seo-update-azuread-jan"
 ms.collection: M365-identity-device-management
 
-# Customer intent: As a tenant administrator, I want to set up MFA requirement for B2B guest users to protect my apps and resources. 
+# Customer intent: As an IT admin managing external B2B guest users, I want to enforce multifactor authentication for access to cloud or on-premises applications, so that I can ensure the security of our resources and protect against unauthorized access.
 ---
 
 # Tutorial: Enforce multifactor authentication for B2B guest users

docs/external-id/bulk-invite-powershell.md

@@ -15,7 +15,7 @@ manager: CelesteDG
 ms.custom: has-azure-ad-ps-ref
 
 ms.collection: M365-identity-device-management
-# Customer intent: As a tenant administrator, I want to send B2B invitations to multiple external users at the same time so that I can avoid having to send individual invitations to each user.
+# Customer intent: As an IT admin managing external partners in Microsoft Entra B2B collaboration, I want to use PowerShell to send bulk invitations to guest users, so that I can efficiently add multiple users to my organization and streamline the onboarding process.
 ---
 
 # Tutorial: Use PowerShell to bulk invite Microsoft Entra B2B collaboration users

docs/external-id/claims-mapping.md

@@ -14,6 +14,9 @@ manager: celestedg
 
 
 ms.collection: M365-identity-device-management
+
+# Customer intent: As a B2B collaboration user, I want to customize the claims issued in the SAML token for my application in Microsoft Entra External ID, so that I can ensure the token contains the specific information I need for user identification and authentication.
+
 ---
 
 # B2B collaboration user claims mapping in Microsoft Entra External ID

docs/external-id/cross-tenant-access-overview.md

@@ -12,6 +12,8 @@ author: csmulligan
 manager: celestedg
 ms.custom: "it-pro"
 ms.collection: M365-identity-device-management
+
+# Customer intent: As an IT admin managing cross-tenant access settings, I want to configure B2B collaboration and B2B direct connect with external organizations, so that I can control inbound and outbound access and manage trust settings for multi-factor authentication and device claims.
 ---
 
 # Overview: Cross-tenant access with Microsoft Entra External ID

docs/external-id/customize-invitation-api.md

@@ -14,7 +14,7 @@ author: csmulligan
 manager: celestedg
 
 ms.collection: M365-identity-device-management
-# Customer intent: As a tenant administrator, I want to customize the invitation process with the API.
+# Customer intent: As an organization administrator, I want to customize the invitation process for external users using the Microsoft Graph REST API, so that I can tailor the onboarding experience and control the notifications sent to the users.
 ---
 # Microsoft Entra B2B collaboration API and customization
 

docs/external-id/hybrid-cloud-to-on-premises.md

@@ -14,7 +14,7 @@ manager: celestedg
 
 ms.collection: M365-identity-device-management
 
-# Customer intent: As a tenant administrator, I want to enable B2B user access to on-premises apps. 
+# Customer intent: As an organization using Microsoft Entra B2B collaboration, I want to grant B2B users access to our on-premises applications, so that they can authenticate and access these apps using SAML-based authentication or integrated Windows authentication with Kerberos constrained delegation.
 ---
 
 # Grant Microsoft Entra B2B users access to your on-premises applications

docs/external-id/hybrid-on-premises-to-cloud.md

@@ -14,7 +14,7 @@ manager: celestedg
 ms.custom: "it-pro, seo-update-azuread-jan"
 ms.collection: M365-identity-device-management
 
-# Customer intent: As a tenant administrator, I want to enable locally-managed external partners' access to both local and cloud resources via the Microsoft Entra B2B collaboration.
+# Customer intent: As an IT admin managing partner accounts in a hybrid organization, I want to sync partner accounts from our on-premises directory to the cloud using Microsoft Entra Connect, so that our partners can access the resources they need with the same sign-in credentials for both on-premises and cloud resources.
 ---
 
 # Grant locally managed partner accounts access to cloud resources using Microsoft Entra B2B collaboration

docs/external-id/hybrid-organizations.md

@@ -12,7 +12,7 @@ author: csmulligan
 manager: celestedg
 ms.collection: M365-identity-device-management
 
-# Customer intent: As a tenant administrator, I want to give partners access to both on-premises and cloud resources with Microsoft Entra B2B collaboration. 
+# Customer intent: As an IT admin managing a hybrid organization, I want to grant external partners access to on-premises and cloud-based resources using Microsoft Entra B2B collaboration, so that I can easily manage their access and ensure they can use the same credentials for both environments.
 ---
 
 # Microsoft Entra B2B collaboration for hybrid organizations

docs/external-id/invitation-email-elements.md

@@ -13,6 +13,8 @@ author: csmulligan
 manager: celestedg
 ms.custom: "it-pro, seo-update-azuread-jan"
 ms.collection: M365-identity-device-management
+
+# Customer intent: As a B2B collaboration user, I want to understand the elements of the invitation email, so that I can effectively invite partners to join my organization and provide them with the necessary information to make an informed decision.
 ---
 
 # The elements of the B2B collaboration invitation email

docs/external-id/invite-internal-users.md

@@ -14,7 +14,7 @@ author: csmulligan
 manager: CelesteDG
 
 ms.collection: M365-identity-device-management
-# Customer intent: As a tenant administrator, I want to know how to invite internal users to B2B collaboration.
+# Customer intent: As an IT admin managing internal guest users, I want to invite them to use B2B collaboration, so that they can sign in using their own identities and credentials, eliminating the need for password maintenance or account lifecycle management.
 ---
 
 # Invite internal users to B2B collaboration

docs/external-id/leave-the-organization.md

@@ -17,7 +17,7 @@ manager: celestedg
 ms.collection: M365-identity-device-management
 adobe-target: true
 
-# Customer intent: As a tenant administrator, I want to make sure that guest users can leave the organization.
+# Customer intent: As a Microsoft Entra B2B collaboration or B2B direct connect user, I want to leave an organization, so that I can stop using apps from that organization and end any association with it.
 ---
 
 # Leave an organization as an external user

docs/external-id/redemption-experience.md

@@ -14,7 +14,7 @@ manager: celestedg
 
 ms.collection: M365-identity-device-management
 
-# Customer intent: As a tenant administrator, I want to make sure that guest users can access resources and the consent process.
+# Customer intent: As a Microsoft Entra B2B administrator, I want to understand the redemption process for guest users, so that I can ensure they can access our resources and complete the consent process smoothly.
 ---
 
 # Microsoft Entra B2B collaboration invitation redemption

docs/external-id/reset-redemption-status.md

@@ -14,7 +14,7 @@ author: csmulligan
 manager: celestedg
 
 ms.collection: M365-identity-device-management
-# Customer intent: As a tenant administrator, I want to update the sign-in information for a guest user.
+# Customer intent: As an admin managing guest users in B2B collaboration, I want to reset the redemption status for a guest user, so that I can update their sign-in information and reinvite them without deleting their account.
 ---
 
 # Reset redemption status for a guest user

docs/external-id/troubleshoot.md

@@ -11,6 +11,7 @@ ms.author: cmulligan
 author: csmulligan
 ms.custom: it-pro, seo-update-azuread-jan, has-azure-ad-ps-ref
 ms.collection: M365-identity-device-management
+# Customer intent: As an IT admin troubleshooting Microsoft Entra B2B collaboration, I want to find remedies for common problems, so that I can resolve issues and ensure smooth collaboration between organizations.
 ---
 
 # Troubleshooting Microsoft Entra B2B collaboration

docs/external-id/tutorial-bulk-invite.md

@@ -13,7 +13,7 @@ ms.author: cmulligan
 author: csmulligan
 manager: CelesteDG
 
-# Customer intent: As a tenant administrator, I want to send B2B invitations to multiple external users at the same time so that I can avoid having to send individual invitations to each user.
+# Customer intent: As an Entra admin, I want to learn how to bulk invite external users to my organization using the Entra admin center, so that I can efficiently manage user invitations and onboarding.
 
 ms.collection: M365-identity-device-management
 ms.custom:  

docs/external-id/use-dynamic-groups.md

@@ -16,7 +16,7 @@ ms.reviewer: mal
 ms.collection: M365-identity-device-management
 ms.custom:  
 
-# Customer intent: As a tenant administrator, I want to learn how to use dynamic groups with B2B collaboration. 
+# Customer intent: As an administrator managing user access in Microsoft Entra B2B collaboration, I want to create dynamic groups based on user attributes, so that I can automatically add or remove members from security groups and provide access to applications or cloud resources.
 ---
 
 # Create dynamic groups in Microsoft Entra B2B collaboration

docs/external-id/user-properties.md

@@ -12,7 +12,7 @@ author: csmulligan
 manager: celestedg
 ms.custom: it-pro, has-azure-ad-ps-ref, azure-ad-ref-level-one-done 
 ms.collection: M365-identity-device-management
-# Customer intent: As a tenant administrator, I want to learn about B2B collaboration guest user properties and states before and after invitation redemption.
+# Customer intent: As an IT admin managing external collaboration in Microsoft Entra, I want to understand the properties and management options for B2B collaboration users, so that I can effectively invite and manage external users accessing apps and resources in my organization.
 ---
 
 # Properties of a Microsoft Entra B2B collaboration user

docs/external-id/user-token.md

@@ -14,7 +14,7 @@ manager: celestedg
 
 ms.collection: M365-identity-device-management
 
-# Customer intent: As a tenant administrator, I want to know what the token looks like for a B2B collaboration user in the resource tenant.
+# Customer intent: As a user of Microsoft Entra B2B collaboration, I want to understand the details and content of user tokens, so that I can effectively manage and authenticate guest accounts in my organization.
 ---
 
 # Understand user tokens in Microsoft Entra B2B collaboration

docs/external-id/what-is-b2b.md

@@ -12,6 +12,7 @@ author: csmulligan
 manager: celestedg
 ms.custom: "it-pro, seo-update-azuread-jan"
 ms.collection: M365-identity-device-management
+# Customer intent: As an administrator managing external collaboration, I want to easily invite guest users from the Azure portal, so that I can securely share my company's applications and services with external partners and maintain control over my corporate data.
 ---
 
 # B2B collaboration overview

docs/external-id/whats-new-docs.md

@@ -9,6 +9,7 @@ ms.topic: reference
 ms.author: cmulligan
 author: csmulligan
 manager: CelesteDG
+# Customer intent: As a Microsoft Entra External ID user, I want to stay updated on the new documentation and significant updates, so that I can stay informed about the changes and improvements in the service.
 ---
 
 # Microsoft Entra External ID: What's new

docs/global-secure-access/concept-clients.md

@@ -0,0 +1,29 @@
+---
+title: Learn about the Global Secure Access clients for Microsoft Entra Private Access and Microsoft Entra Internet Access
+description: Learn about the Global Secure Access clients for Microsoft Entra Private Access and Microsoft Entra Internet Access.
+author: kenwith    
+ms.author: kenwith
+manager: amycolannino
+ms.topic: concept-article
+ms.date: 10/27/2023
+ms.service: network-access
+ms.custom: 
+ms.reviewer: frankgomulka
+---
+
+
+# Global Secure Access clients
+
+The Global Secure Access Client allows organizations control over network traffic at the end-user computing device, giving organizations the ability to route specific traffic profiles through Microsoft Entra Internet Access and Microsoft Entra Private Access. Routing traffic in this method allows for more controls like continuous access evaluation (CAE), device compliance, or multifactor authentication to be required for resource access.
+
+The Global Secure Access Client acquires traffic using a lightweight filter (LWF) driver, while many other security service edge (SSE) solutions integrate as a virtual private network (VPN) connection. This distinction allows the Global Secure Access Client to coexist with these other solutions. The Global Secure Access Client acquires the traffic based on the traffic forwarding profiles you configure prior to other solutions.
+
+
+## Available clients
+
+You install the client on a device, such as computer or phone, and then use Global Secure Access settings in the Microsoft Entra admin center to secure the device. Clients are currently available for Windows and Android. To learn how to install the Windows client, see [Global Secure Access Client for Windows (preview)](how-to-install-windows-client.md). To learn how to install the Android client, see [Global Secure Access Client for Android](./how-to-install-android-client.md).
+
+## Related content
+
+- [Global Secure Access Client for Windows (preview)](how-to-install-windows-client.md)
+- [Global Secure Access Client for Android (preview)](how-to-install-android-client.md)

docs/global-secure-access/concept-internet-access.md

@@ -0,0 +1,46 @@
+---
+title: Learn about Microsoft Entra Internet Access
+description: Learn about how Microsoft Entra Internet Access secures access to the Internet.
+author: kenwith
+ms.author: kenwith
+manager: amycolannino
+ms.topic: how-to
+ms.date: 11/02/2023
+ms.service: network-access
+ms.custom: 
+ms.reviewer: frankgomulka
+
+---
+
+# Learn about Microsoft Entra Internet Access for all apps
+
+Microsoft Entra Internet Access provides an identity-centric Secure Web Gateway (SWG) solution for Software as a Service (SaaS) applications and other Internet traffic. It protects users, devices, and data from the Internet's wide threat landscape with best-in-class security controls and visibility through Traffic Logs.
+
+## Web content filtering
+
+The key introductory feature for Microsoft Entra Internet Access for all apps is **Web content filtering**. This feature provides granular access control for web categories and FQDNs. By explicitly blocking known inappropriate, malicious, or unsafe sites, you protect your users and their devices from any Internet connection whether they're remote or within the corporate network.
+
+Web content filtering is implemented using filtering policies, which are grouped into security profiles, which can be linked to Conditional Access policies. To learn more about Conditional Access, see [Microsoft Entra Conditional Access](/azure/active-directory/conditional-access/).
+
+
+## Security profiles
+
+Security profiles are objects you use to group filtering policies and deliver them through user aware Conditional Access policies. For instance, to block all **News** websites except for `msn.com` for user `[email protected]` you create two web filtering policies and add them to a security profile. You then take the security profile and link it to a Conditional Access policy assigned to `[email protected]`.
+
+```
+"Security Profile for Angie"       <---- the security profile
+    Allow msn.com at priority 100  <---- higher priority filtering policies
+    Block News at priority 200     <---- lower priority filtering policy
+```
+
+## Policy processing logic
+Within a security profile, policies are enforced according to priority ordering with 100 being the highest priority and 65,000 being the lowest priority (similar to traditional firewall logic). As a best practice, add spacing of about 100 between priorities to allow for policy flexibility in the future.
+
+Once you link a security profile to a Conditional Access (CA) policy, if multiple CA policies match, both security profiles are processed in priority ordering of the matching security profiles.
+
+> [!IMPORTANT]
+> If you create a security profile with priority 65,000 then it will apply to all traffic even without linking it to a Conditional Access policy. This can be used to create a baseline policy applying to all Internet Access traffic routed through the service.
+
+## Next steps
+
+- [Configure Web content filtering](how-to-configure-web-content-filtering.md)