Merge pull request #134120 from kenwith/patch-71

PRMerger16 · web-flow · commit 65eea958c582 · 2020-10-15T14:39:13.000-07:00
Updates note.
diff --git a/articles/active-directory/external-identities/hybrid-cloud-to-on-premises.md b/articles/active-directory/external-identities/hybrid-cloud-to-on-premises.md
@@ -41,7 +41,7 @@ To provide B2B users access to on-premises applications that are secured with In
 - **Authorization via a B2B user object in the on-premises directory**. The application must be able to perform user access checks, and grant access to the correct resources. IWA and KCD require a user object in the on-premises Windows Server Active Directory to complete this authorization. As described in [How single sign-on with KCD works](../manage-apps/application-proxy-configure-single-sign-on-with-kcd.md#how-single-sign-on-with-kcd-works), Application Proxy needs this user object to impersonate the user and get a Kerberos token to the app. 
 
    > [!NOTE]
-   > When you configure the Azure AD Application Proxy, ensure that **Delegated Logon Identity** is set to **User principal name** (default) for IWA single sign-on.
+   > When you configure the Azure AD Application Proxy, ensure that **Delegated Logon Identity** is set to **User principal name** (default) in the single sign-on configuration for Integrated Windows Authentication (IWA).
 
    For the B2B user scenario, there are two methods available that you can use to create the guest user objects that are required for authorization in the on-premises directory:
 
