Merge pull request #8031 from MicrosoftDocs/users/chcomley/pat-entra-faq

PATs/Entra - Update FAQ users and permissions

Author: prmerger-automator[bot]

docs/organizations/accounts/faq-user-and-permissions-management.yml

@@ -9,13 +9,13 @@ metadata:
   ms.topic: faq
   ms.author: chcomley
   author: chcomley
-  ms.date: 05/23/2025
+  ms.date: 06/16/2025
   monikerRange: '<= azure-devops'
 title: User and permissions management FAQs
 summary: |
   [!INCLUDE [version-lt-eq-azure-devops](../../includes/version-lt-eq-azure-devops.md)]
   
-  Learn the answers to the following frequently asked questions (FAQs) about user and permissions management in Azure DevOps. We grouped the FAQs by the following subjects.
+   This article provides answers to frequently asked questions (FAQs) about user and permissions management in Azure DevOps. The FAQs are organized by topic to help you quickly find information about managing users, permissions, access levels, Visual Studio subscriptions, GitHub Enterprise integration, and related administrative tasks.
   <a name="general-permissions"></a>
   
 
@@ -37,15 +37,7 @@ sections:
       - question: |
           Q: How do I find the organization owner?
         answer: |
-          A: If you have at least Basic access, you can find the current owner in your organization settings.
-          
-          1. Go to your **Organization settings**.
-          
-             ![Screenshot showing highlighted Organization settings button.](../../media/settings/open-admin-settings-vert.png)
-          
-          2. Find the current owner.
-          
-             ![Find the current owner in organization information](../../media/find-organization-owner.png)
+          A: If you have at least Basic access, you can find the current owner in your organization settings. For more information, see [Look up the organization owner](../security/look-up-organization-owner.md).
           
       - question: |
           Q: How do I find a Project Collection Administrator?
@@ -54,9 +46,10 @@ sections:
           
           For more information, see [Look up a project collection administrator](../security/look-up-project-collection-administrators.md).
       
-      - question: Why can't users access some features?
+      - question: |
+          Q: Why can't users access some features?
         answer: |
-           Q: They might need a different [access level](../security/access-levels.md#supported-access-levels) assigned, in addition to permissions granted through security groups. For example, [Stakeholder access](../security/stakeholder-access.md) access level provides partial support to select features, allowing users to view and modify work items, but not to use all features.
+          A: They might need a different [access level](../security/access-levels.md#supported-access-levels) assigned, in addition to permissions granted through security groups. For example, [Stakeholder access](../security/stakeholder-access.md) access level provides partial support to select features, allowing users to view and modify work items, but not to use all features.
 
       - question: I accidentally removed my permissions and am unable to grant them again. What should I do?
         answer: |
@@ -110,7 +103,7 @@ sections:
       - question: |
           Q: Which GitHub Enterprise customers are eligible for Azure DevOps access?
         answer: |
-          A: GitHub Enterprise Cloud customers who access GitHub and Azure DevOps with the same Entra tenant. Users must sign in using the same identity in GitHub and Azure DevOps. 
+          A: GitHub Enterprise Cloud customers who access GitHub and Azure DevOps with the same Microsoft Entra tenant. Users must sign in using the same identity in GitHub and Azure DevOps. 
           
           ![Screenshot shows GitHub Enterprise listed as user's access level in Organization settings, Users page.](media/faq/github-enterprise.png)
 
@@ -228,8 +221,14 @@ sections:
         answer: |
           A: By default, [Access via Microsoft Entra FAQs. Microsoft Entra guests can't search the Microsoft Entra ID in the manner required by Azure DevOps](../accounts/faq-azure-access.yml#no-identities).    
   
-  - name: Change app access policies for your organization
+  - name: Change application access policies for your organization
     questions:      
+      
+      - question: |
+          Q: Can I still use PATs for authentication?
+        answer: |
+          A: You can still use personal access tokens (PATs) for authentication, but we recommend using the more secure method, Microsoft Entra tokens, whenever possible. For more information, see [Authenticate to Azure DevOps with Microsoft Entra](../../integrate/get-started/authentication/entra.md).
+
       - question: |
           Q: If I deny access to one authentication method in one organization, does that affect all the organizations that I own?
         answer: |
@@ -248,16 +247,10 @@ sections:
           Q: How do I remove myself from an organization when the owner isn't available to remove me?
         answer: |
           A: To remove yourself from an organization, do the following steps:
-          
           1. Go to [aex.dev.azure.com](https://aex.dev.azure.com).
           2. Select the organization, and then choose **Leave**.
-          
-              ![Member removing their self from the organization](media/faq/member-leave-organization.png)
-          
           3. Confirm that you want to **Leave** the organization.
-          
-              ![Screenshot showing confirmation for leaving the organization.](media/faq/confirm-removal-from-organization.png)
-          
+
           <a name="group-based-licensing"></a>
 
       - question: |
@@ -272,9 +265,6 @@ sections:
         answer: |
           A: Users in the group **TestGroup** lose access to group resources if the users haven't been explicitly assigned to the resources or assigned via a different group rule.
           
-          > [!div class="mx-imgBorder"]
-          > ![remove-test-group-group-rule-managing_group-based-licensing](media/faq/remove-test-group-rule.png)
-          
       - question: |
           Q: Will my Azure DevOps or Microsoft Entra group get deleted if I remove its group rule?
         answer: |
@@ -342,7 +332,7 @@ sections:
       - question: |
           Q: Why can't I find members from my connected Microsoft Entra ID, even though I'm the global admin?
         answer: |
-          A: You're probably a guest in the Microsoft Entra instance that backs Azure DevOps. By default, Microsoft Entra guests can't search in Microsoft Entra ID. That's why you aren't finding users in your connected Microsoft Entra ID to add to your organization.
+          A: You're probably a guest in the Microsoft Entra instance that backs Azure DevOps. By default, Microsoft Entra guests can't search in Microsoft Entra ID, which is why you aren't finding users in your connected Microsoft Entra ID to add to your organization.
           
           First, check to see if you're a Microsoft Entra guest:
           
@@ -359,40 +349,40 @@ sections:
           
           1. [Download and install Microsoft Graph PowerShell](/powershell/microsoftgraph/installation).
               ```
-              PS Install-Module -Name Microsoft Graph
+              PowerShell Install-Module -Name Microsoft Graph
               ```
           2. Open PowerShell and run the following cmdlets.
           
               a. Connect to Microsoft Entra ID:
           
               ```
-              PS Connect-MgGraph -Scopes 'User.Read.All'
+              PowerShell Connect-MgGraph -Scopes 'User.Read.All'
               ```
           
               b. Find the **objectId** of the user:
           
               ```
-              PS Get-MgUser -Filter "UserPrincipalName eq '<YourUPN>'"
+              PowerShell Get-MgUser -Filter "UserPrincipalName eq '<YourUPN>'"
               ```
           
               c. Check the **usertype** attribute for this user to see if they're a guest or member:
           
               ```
-              PS Get-MgUser -UserId <Id> -Property DisplayName, ID, UserPrincipalName, UserType | Select DisplayName, ID, UserPrincipalName, UserType 
+              PowerShell Get-MgUser -UserId <Id> -Property DisplayName, ID, UserPrincipalName, UserType | Select DisplayName, ID, UserPrincipalName, UserType 
               ```
           
               d. Change the **usertype** from **member** to **guest**:
           
               ```
-              PS Update-MgUser -UserID <replace the  ID for the result of the command to search> -UserType Member
+              PowerShell Update-MgUser -UserID <replace the  ID for the result of the command to search> -UserType Member
               ```
           
           <a name="users-delay"></a>
           
       - question: |
           Q: Why don't users appear or disappear promptly in Azure DevOps after I add or delete them in the Users hub?
         answer: |
-          A: If you experience delays finding new users or having deleted users promptly removed from Azure DevOps (for example, in drop-down lists and groups) after you add or delete users, [file a problem report on Developer Community](https://go.microsoft.com/fwlink/?LinkId=820594) so we can investigate.
+          A: If you experience delays finding new users or gettings deleted users promptly removed from Azure DevOps (for example, in drop-down lists and groups) after you add or delete users, [file a problem report on Developer Community](https://go.microsoft.com/fwlink/?LinkId=820594) so we can investigate.
           
           <a name="ChooseOrgAcctMSAcct"></a>