[Outlook] (NAA) add q&A to FAQ (#4980)

* Add deployment article for admin consent

* Apply suggestions from code review

Co-authored-by: Linda Cannon <[email protected]>

* Add publish article to TOC

* remove test from headings

* add new q+a and other recent info updates

* Apply suggestions from code review

Co-authored-by: Linda Cannon <[email protected]>

* make note more readable

* fix link

* add new publishers that have updated their add-ins

* fix link

* Apply suggestions from code review

Co-authored-by: Sam Ramon <[email protected]>

* how to determine user online or on-premise

* clarify add-in isn't blocked, just the new version

* fix link

* Update docs/outlook/faq-nested-app-auth-outlook-legacy-tokens.md

Co-authored-by: Alex Jerabek <[email protected]>

---------

Co-authored-by: Linda Cannon <[email protected]>
Co-authored-by: Sam Ramon <[email protected]>
Co-authored-by: Alex Jerabek <[email protected]>

Author: 4 people

docs/includes/deploy-updates-that-require-admin-consent.md

@@ -1,4 +1,4 @@
-When you add features or fix bugs in your add-in, you'll need to deploy the updates. If your add-in is deployed by one or more admins to their organizations, some manifest changes will require the admin to consent to the updates. Users will be blocked from the add-in until consent is granted. The following manifest changes will require the admin to consent again.
+When you add features or fix bugs in your add-in, you'll need to deploy the updates. If your add-in is deployed by one or more admins to their organizations, some manifest changes will require the admin to consent to the updates. Users remain on the existing version of the add-in until the admin consents to the updates. The following manifest changes will require the admin to consent again.
 
 - Changes to requested permissions. See [Requesting permissions for API use in add-ins](../develop/requesting-permissions-for-api-use-in-content-and-task-pane-add-ins.md) and [Understanding Outlook add-in permissions](../outlook/understanding-outlook-add-in-permissions.md).
 - Additional or changed [Scopes](/javascript/api/manifest/scopes). (Not applicable if the add-in uses the unified manifest for Microsoft 365.)

docs/outlook/faq-nested-app-auth-outlook-legacy-tokens.md

@@ -4,7 +4,7 @@ description: Nested app authentication and Outlook legacy tokens deprecation FAQ
 ms.service: microsoft-365
 ms.subservice: add-ins
 ms.topic: faq
-ms.date: 12/18/2024
+ms.date: 12/30/2024
 ---
 
 # Nested app authentication and Outlook legacy tokens deprecation FAQ
@@ -226,6 +226,10 @@ Passing the ID token over a network call to enable or authorize access to a serv
 
 It's very important that you always request an access token to your own services. The access token also includes the same ID claims, so you don't need to pass the ID token. Instead create a custom scope for your service. For more information about app registration settings for your own services, see [Protected web API: App registration](/entra/identity-platform/scenario-protected-web-api-app-registration). When your service receives the access token, it can validate it, and use ID claims from inside the access token.
 
+## How do I determine if the user is an online or on-premise account?
+
+You can determine if the signed-in user has an Exchange Online account or on-premise Exchange account by using the [Office.UserProfile.accountType](/javascript/api/outlook/office.userprofile) property. If the account type property value is **enterprise**, then the mailbox is on an on-premises Exchange server. Note that volume-licensed perpetual Outlook 2016 doesn’t support the **accountType** property. To work around this, call the [ResolveNames](/exchange/client-developer/web-service-reference/resolvenames-operation) operation in Exchange Web Service (EWS) in the Exchange on-premise server to get the recipient types.
+
 ## Related content
 
 - [Enable SSO in an Office Add-in using nested app authentication](../develop/enable-nested-app-authentication-in-your-add-in.md).