Update New-ApplicationAccessPolicy.md

Updates to reflect the additional number of policies now allowed, updates to clarify the policy types attribute.

Author: msftnelder

exchange/exchange-ps/exchange/New-ApplicationAccessPolicy.md

@@ -14,7 +14,7 @@ ms.reviewer:
 ## SYNOPSIS
 This cmdlet is available only in the cloud-based service.
 
-Use the New-ApplicationAccessPolicy cmdlet to restrict or deny access for an application that is using Outlook REST APIs or Microsoft Graph APIs to a specific set of mailboxes. These policies are complementary to the permission scopes that are declared by the application.
+Use the New-ApplicationAccessPolicy cmdlet to restrict or deny access for an application that is using Outlook REST APIs, Microsoft Graph APIs or the EWS APIs to a specific set of mailboxes. These policies are complementary to the permission scopes that are declared by the application.
 
 **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell).
 
@@ -33,7 +33,7 @@ New-ApplicationAccessPolicy -AccessRight <ApplicationAccessPolicyRight> -AppId <
 ## DESCRIPTION
 You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
 
-A limit of 100 policies per Microsoft 365 tenant is enforced as of today. An error message stating "A tenant cannot have more than 100 policies." will be displayed if this number is exceeded.
+A limited number of policies can be created per Microsoft 365 tenant. Each tenant has a fixed amount of space for these policies. An error message stating "The total size of App Access Policies exceeded the limit." will be displayed if the amount of space is consumed. To maximize the number of policies you can create, set a blank one charachter description to avoid an auto-generated description consuming additional space. By doing this, tenants should expect to be able to create aproximately 300 policies (versus a previous limit of 100 policies). 
 
 While the scope-based resource access like Mail.Read or Calendar.Read is effective to ensure that the application can only read mails or events within a mailbox and not do anything else; Application Access Policy feature allows admins to enforce limits that are based on a list of mailboxes. For example, in a global organization apps developed for one country shouldn't have access to data from other countries or a CRM integration application should only access calendar of the Sales organization and no other departments.
 
@@ -69,7 +69,7 @@ This example creates a new application access policy with the following settings
 - AccessRight: RestrictAccess
 - AppIDs: e7e4dbfc-046f-4074-9b3b-2ae8f144f59b
 - PolicyScopeGroupId: [email protected]
-- Description: Restrict this app to members of security group EvenUsers.
+- Description: Restrict this app to only access members of security group EvenUsers.
 
 ### Example 3
 ```powershell
@@ -86,7 +86,7 @@ This example creates a new application access policy with the following settings
 ## PARAMETERS
 
 ### -AccessRight
-The AccessRight parameter specifies the permission that you want to assign in the application access policy. Valid values are:
+The AccessRight parameter specifies the restriction type that you want to assign in the application access policy. RestrictAccess allows the associated app to only access data associated with mailboxes in the PolicyScopeGroupID. DenyAccess allows the associated app to only access data not associated with mailboxes in the PolicyScopeGroupID. Valid values are:
 
 - RestrictAccess
 - DenyAccess