MicrosoftDocs
diff --git a/‎docs/external-id/authentication-conditional-access.md
Lines changed: 7 additions & 7 deletions b/‎docs/external-id/authentication-conditional-access.md
Lines changed: 7 additions & 7 deletions
diff --git a/‎docs/external-id/customers/toc.yml
Lines changed: 1 addition & 1 deletion b/‎docs/external-id/customers/toc.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/external-id/customers/tutorial-configure-cloudflare-integration.md
Lines changed: 4 additions & 4 deletions b/‎docs/external-id/customers/tutorial-configure-cloudflare-integration.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎docs/external-id/tenant-restrictions-migration.md
Lines changed: 6 additions & 6 deletions b/‎docs/external-id/tenant-restrictions-migration.md
Lines changed: 6 additions & 6 deletions
diff --git a/‎docs/external-id/tenant-restrictions-v2.md
Lines changed: 1 addition & 1 deletion b/‎docs/external-id/tenant-restrictions-v2.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/fundamentals/licensing-groups-resolve-problems.md
Lines changed: 1 addition & 1 deletion b/‎docs/fundamentals/licensing-groups-resolve-problems.md
Lines changed: 1 addition & 1 deletion
@@ -33,7 +33,7 @@ This article describes the authentication flow for external users who are access
 
 The following diagram illustrates the authentication flow when a Microsoft Entra organization shares resources with users from other Microsoft Entra organizations. This diagram shows how cross-tenant access settings work with Conditional Access policies, such as multifactor authentication, to determine if the user can access resources. This flow applies to both B2B collaboration and B2B direct connect, except as noted in step 6.
 
-[ ![Diagram showing the cross-tenant authentication process.](media/authentication-conditional-access/cross-tenant-auth.png) ](media/authentication-conditional-access/cross-tenant-auth.png#lightbox)
+[![Diagram showing the cross-tenant authentication process.](media/authentication-conditional-access/cross-tenant-auth.png)](media/authentication-conditional-access/cross-tenant-auth.png#lightbox)
 
 |Step  |Description  |
 |---------|---------|
@@ -54,26 +54,26 @@ When a Microsoft Entra organization shares resources with external users with an
 
 The following diagram illustrates the authentication flow when an external user signs in with an account from a non-Microsoft Entra ID identity provider, such as Google, Facebook, or a federated SAML/WS-Fed identity provider.
 
-[ ![Diagram showing the Authentication flow for B2B guest users from an external directory.](media/authentication-conditional-access/authentication-flow-b2b-guests.png) ](media/authentication-conditional-access/authentication-flow-b2b-guests.png#lightbox)
+[![Diagram showing the Authentication flow for B2B guest users from an external directory.](media/authentication-conditional-access/authentication-flow-b2b-guests.png)](media/authentication-conditional-access/authentication-flow-b2b-guests.png#lightbox)
 
 | Step | Description |
 |--------------|-----------------------|
 | **1** | The B2B guest user requests access to a resource. The resource redirects the user to its resource tenant,  a trusted IdP.|
-| **2** | The resource tenant identifies the user as external and redirects the user to the B2B guest user’s IdP. The user performs primary authentication in the IdP.
-| **3** | Authorization policies are evaluated in the B2B guest user's IdP. If the user satisfies these policies, the B2B guest user's IdP issues a token to the user. The user is redirected back to the resource tenant with the token. The resource tenant validates the token and then evaluates the user against its Conditional Access policies. For example, the resource tenant could require the user to perform Microsoft Entra multifactor authentication.
-| **4** | Inbound cross-tenant access settings and Conditional Access policies are evaluated. If all policies are satisfied, the resource tenant issues its own token and redirects the user to its resource.
+| **2** | The resource tenant identifies the user as external and redirects the user to the B2B guest user’s IdP. The user performs primary authentication in the IdP. |
+| **3** | Authorization policies are evaluated in the B2B guest user's IdP. If the user satisfies these policies, the B2B guest user's IdP issues a token to the user. The user is redirected back to the resource tenant with the token. The resource tenant validates the token and then evaluates the user against its Conditional Access policies. For example, the resource tenant could require the user to perform Microsoft Entra multifactor authentication. |
+| **4** | Inbound cross-tenant access settings and Conditional Access policies are evaluated. If all policies are satisfied, the resource tenant issues its own token and redirects the user to its resource. |
 
 ### Example 2: Authentication flow and token for one-time passcode user
 
 The following diagram illustrates the flow when email one-time passcode authentication is enabled and the external user isn't authenticated through other means, such as Microsoft Entra ID, Microsoft account (MSA), or social identity provider.
 
-[ ![Diagram showing the Authentication flow for B2B guest users with one-time passcode.](media/authentication-conditional-access/authentication-flow-b2b-guests-otp.png) ](media/authentication-conditional-access/authentication-flow-b2b-guests-otp.png#lightbox)
+[![Diagram showing the Authentication flow for B2B guest users with one-time passcode.](media/authentication-conditional-access/authentication-flow-b2b-guests-otp.png)](media/authentication-conditional-access/authentication-flow-b2b-guests-otp.png#lightbox)
 
 | Step | Description |
 |--------------|-----------------------|
 | **1** |The user requests access to a resource in another tenant. The resource redirects the user to its resource tenant, a trusted IdP.|
 | **2** | The resource tenant identifies the user as an external email one-time passcode (OTP) user and sends an email with the OTP to the user.|
-| **3** | The user retrieves the OTP and submits the code. The resource tenant evaluates the user against its Conditional Access policies.
+| **3** | The user retrieves the OTP and submits the code. The resource tenant evaluates the user against its Conditional Access policies. |
 | **4** | Once all Conditional Access policies are satisfied, the resource tenant issues a token and redirects the user to its resource. |
 
 ## Conditional Access for external users
 
@@ -125,7 +125,7 @@ items:
                   - name: Configure app for authentication
                     href: /entra/identity-platform/tutorial-single-page-app-react-configure-authentication
                   - name: Sign in and sign out
-                    href: /entra/identity-platform/tutorial-single-page-app-react-sign-iign-out
+                    href: /entra/identity-platform/tutorial-single-page-app-react-sign-in-sign-out
         - name: Native authentication
           items:
             - name: React
 
@@ -47,12 +47,12 @@ Enable WAF for a domain.
 
 1. In the DNS console, for CNAME, enable the proxy setting.
 
-   [ ![Screenshot of CNAME options.](media/tutorial-configure-cloudflare-integration/proxy-settings.png)](media/tutorial-configure-cloudflare-integration/proxy-settings-expanded.png#lightbox)
+   [![Screenshot of CNAME options.](media/tutorial-configure-cloudflare-integration/proxy-settings.png)](media/tutorial-configure-cloudflare-integration/proxy-settings-expanded.png#lightbox)
 
 2. Under DNS, for **Proxy status**, select **Proxied**.
 3. The status turns orange.
 
-   [ ![Screenshot of proxied status.](media/tutorial-configure-cloudflare-integration/proxied-status.png)](media/tutorial-configure-cloudflare-integration/proxied-status-expanded.png#lightbox)
+   [![Screenshot of proxied status.](media/tutorial-configure-cloudflare-integration/proxied-status.png)](media/tutorial-configure-cloudflare-integration/proxied-status-expanded.png#lightbox)
 
 ## Cloudflare security controls
 
@@ -65,7 +65,7 @@ For optimal protection, we recommend you enable Cloudflare security controls.
 3. Select **DDoS**.
 4. A message appears. 
 
-    [ ![Screenshot of DDoS protection message.](media/tutorial-configure-cloudflare-integration/ddos-message.png)](media/tutorial-configure-cloudflare-integration/ddos-message-expanded.png#lightbox)
+    [![Screenshot of DDoS protection message.](media/tutorial-configure-cloudflare-integration/ddos-message.png)](media/tutorial-configure-cloudflare-integration/ddos-message-expanded.png#lightbox)
 
 ### Bot protection
 
@@ -134,7 +134,7 @@ For the following instructions, you can add custom HTML pages for visitors.
 2. For **Cloudflare Managed Ruleset**, select **Enabled**.
 3. For **Cloudflare OWASP Core Ruleset**, select **Enabled**.
 
-   [ ![Screenshot of rule sets.](media/tutorial-configure-cloudflare-integration/rulesets.png)](media/tutorial-configure-cloudflare-integration/ruleset-expanded.png#lightbox)
+   [![Screenshot of rule sets.](media/tutorial-configure-cloudflare-integration/rulesets.png)](media/tutorial-configure-cloudflare-integration/ruleset-expanded.png#lightbox)
 
 ## Next steps
 
 
@@ -69,15 +69,15 @@ Allow internal identities, such as employees, to access specific external tenant
 1. In **Cross-tenant access settings**, [add each domain/tenant as an organization under Organizational settings](cross-tenant-access-settings-b2b-collaboration.yml#add-an-organization).
 2. To allow all users and groups and allow all applications, for each added organization, [configure outbound access for B2B collaboration](cross-tenant-access-settings-b2b-collaboration.yml#modify-outbound-access-settings). 
 
-   [ ![Screenshot of the Organizational settings tab under cross-tenant access settings.](media/tenant-restrictions-migration/organizational-settings.png)](media/tenant-restrictions-migration/organizational-settings.png#lightbox)
+   [![Screenshot of the Organizational settings tab under cross-tenant access settings.](media/tenant-restrictions-migration/organizational-settings.png)](media/tenant-restrictions-migration/organizational-settings.png#lightbox)
 
 3. To block all users and groups and all applications for B2B collaboration, [configure the default cross-tenant access outbound settings](cross-tenant-access-settings-b2b-collaboration.yml#configure-default-settings). This action applies only to tenants not added in [step 1](#allow-only-internal-identities-access-to-specific-external-tenants).
 
-   [ ![Screenshot of the Default settings tab under cross-tenant access settings.](media/tenant-restrictions-migration/default-settings.png)](media/tenant-restrictions-migration/default-settings.png#lightbox)
+   [![Screenshot of the Default settings tab under cross-tenant access settings.](media/tenant-restrictions-migration/default-settings.png)](media/tenant-restrictions-migration/default-settings.png#lightbox)
 
 4. In **Tenant restrictions** defaults, create the policy ID (if not created) and [configure the policy to block all users, groups, and external applications](tenant-restrictions-v2.md#configure-server-side-tenant-restrictions-v2-cloud-policy). This action applies only to tenants not added in [step 1](#allow-only-internal-identities-access-to-specific-external-tenants).
 
-   [ ![Screenshot of the Tenant restrictions defaults.](media/tenant-restrictions-migration/tenant-restrictions-default.png)](media/tenant-restrictions-migration/tenant-restrictions-default.png#lightbox)
+   [![Screenshot of the Tenant restrictions defaults.](media/tenant-restrictions-migration/tenant-restrictions-default.png)](media/tenant-restrictions-migration/tenant-restrictions-default.png#lightbox)
 
 ### Allow internal and external identities to access specific external tenants 
 
@@ -87,15 +87,15 @@ Allow internal identities such as employees, and external identities such as con
 2. For each added organization to enable internal identities, [configure Outbound access for B2B collaboration](cross-tenant-access-settings-b2b-collaboration.yml#modify-outbound-access-settings) to allow all users, groups, and applications.
 3. For each added organization to enable external identities, [configure the organization tenant restrictions](tenant-restrictions-v2.md#step-2-configure-tenant-restrictions-v2-for-specific-partners) to allow all users, groups, and applications.  
 
-   [ ![Screenshot of Outbound access and Tenant restrictions details under Organizational settings.](media/tenant-restrictions-migration/organizational-settings-outbound.png)](media/tenant-restrictions-migration/organizational-settings-outbound.png#lightbox)
+   [![Screenshot of Outbound access and Tenant restrictions details under Organizational settings.](media/tenant-restrictions-migration/organizational-settings-outbound.png)](media/tenant-restrictions-migration/organizational-settings-outbound.png#lightbox)
 
 4. To block all users, groups, and applications for B2B collaboration, [configure the default Cross Tenant Access outbound access settings](cross-tenant-access-settings-b2b-collaboration.yml#configure-default-settings). This action applies only to tenants not added in [step 1](#allow-internal-and-external-identities-to-access-specific-external-tenants).
 
-   [ ![Screenshot of Outbound access settings under Default settings.](media/tenant-restrictions-migration/default-settings-outbound.png)](media/tenant-restrictions-migration/default-settings-outbound.png#lightbox)
+   [![Screenshot of Outbound access settings under Default settings.](media/tenant-restrictions-migration/default-settings-outbound.png)](media/tenant-restrictions-migration/default-settings-outbound.png#lightbox)
 
 5. In **Tenant restrictions defaults**, [create the policy ID (if not created) and configure the policy to block all users, groups, and external applications](tenant-restrictions-v2.md#configure-server-side-tenant-restrictions-v2-cloud-policy). This action applies only to tenants not added in [step 1](#allow-internal-and-external-identities-to-access-specific-external-tenants).
 
-   [ ![Screenshot of Tenant restrictions, with external users and groups, also external apps.](media/tenant-restrictions-migration/tenant-restrictions-applies.png)](media/tenant-restrictions-migration/tenant-restrictions-applies.png#lightbox)
+   [![Screenshot of Tenant restrictions, with external users and groups, also external apps.](media/tenant-restrictions-migration/tenant-restrictions-applies.png)](media/tenant-restrictions-migration/tenant-restrictions-applies.png#lightbox)
 
    > [!NOTE]
    > To target consumer Microsoft accounts (MSAs), add an organization with the following tenant ID: 9188040d-6c67-4c5b-b112-36a304b66dad. 
 
@@ -342,7 +342,7 @@ To ensure sign-ins are restricted on all devices and apps in your corporate netw
 
    |Header name  |Header Value  | Sample Value |
    |---------|---------|-----------------|
-   |`sec-Restrict-Tenant-Access-Policy`     |  `<TenantId>:<policyGuid>`       | aaaabbbb-0000-cccc-1111-dddd2222eeee:1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5
+   |`sec-Restrict-Tenant-Access-Policy`     |  `<TenantId>:<policyGuid>`       | aaaabbbb-0000-cccc-1111-dddd2222eeee:1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5|
 
    - `TenantID` is your Microsoft Entra tenant ID. Find this value by signing in to the [Microsoft Entra admin center](https://entra.microsoft.com) as an administrator and browsing to **Identity** > **Overview** and selecting the **Overview** tab.
    - `policyGUID` is the object ID for your cross-tenant access policy. Find this value by calling `/crosstenantaccesspolicy/default` and using the “id” field returned.
 
@@ -1,7 +1,7 @@
 ---
 title: Resolve group license assignment problems.
 description: How to identify and resolve license assignment problems when you're using Microsoft Entra group-based licensing.
-keywords: Microft Entra ID licensing
+keywords: Microsoft Entra ID licensing
 author: barclayn
 manager: femila
 ms.service: entra-id