diff --git a/baton/microsoft-entra.mdx b/baton/microsoft-entra.mdx
index 7dc7271..58d0990 100644
--- a/baton/microsoft-entra.mdx
+++ b/baton/microsoft-entra.mdx
@@ -21,7 +21,7 @@ The Entra ID connector supports [automatic account provisioning and deprovisioni
 
 When a new account is created by ConductorOne, the account's password will be sent to a [vault](/product/admin/vaults).
 
-*Due to limitations of the Microsoft Graph API, the connector cannot provision Mail Enabled Security groups or Distribution groups. 
+*Due to limitations of the Microsoft Graph API and Office 365 Exchange Online API, the connector cannot provision Mail Enabled Security groups or Distribution groups using OAuth. 
 
 ## Gather Entra ID credentials 
 
@@ -144,13 +144,10 @@ Locate your new **ConductorOne** app.
 </Steps>
 **That's it!** Next, move on to the connector configuration instructions. 
 
-## Optional: Configure Exchange groups provisioning 
+## Optional: Configure Exchange groups provisioning with **Client secret** based auth
 
-To set up the connector to support provisioning members to Exchange groups, which are distribution lists and mailed security groups, follow these steps:
+To set up the connector to support provisioning owners and members to Exchange groups, which are distribution lists and mailed security groups, follow these steps:
 
-<Tip>
-Note: Provisioning users as owners of Exchange groups is not supported; users can only be added as members.
-</Tip>
 <Steps>
 <Step>
 In the Microsoft Entra Admin Center, navigate to **App registrations** and click the name of the app you created for this connector. 
@@ -194,7 +191,7 @@ Check **Permanently assigned** and add a justification, such as:
 Click **Assign**. 
 </Step>
 </Steps>
-**That's it!** Your connector is now ready to allow the provisioning of users as members in Exchange groups.
+**That's it!** Your connector is now ready to allow the provisioning of users as owners and members in Exchange groups.
    
 ## Configure the Entra ID connector