Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

articles/active-directory/cloud-infrastructure-entitlement-management/cloudknox-faqs.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: faq
-ms.date: 02/23/2022
+ms.date: 04/20/2022
 ms.author: v-ydequadros
 ---
 
@@ -18,6 +18,9 @@ ms.author: v-ydequadros
 > CloudKnox Permissions Management (CloudKnox) is currently in PREVIEW.
 > Some information relates to a prerelease product that may be substantially modified before it's released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
+> [!NOTE] 
+> The CloudKnox Permissions Management (CloudKnox) PREVIEW is currently not available for tenants hosted in the European Union (EU).
+
 
 This article answers frequently asked questions (FAQs) about CloudKnox Permissions Management (CloudKnox).
 
@@ -46,6 +49,10 @@ No, CloudKnox is a hosted cloud offering.
 
 Yes, non-Azure customers can use our solution. CloudKnox is a multi-cloud solution so even customers who have no subscription to Azure can benefit from it.
 
+## Is CloudKnox available for tenants hosted in the European Union (EU)?
+
+No, the CloudKnox Permissions Management (CloudKnox) PREVIEW is currently not available for tenants hosted in the European Union (EU).
+
 ## If I’m already using Azure AD  Privileged Identity Management (PIM) for Azure, what value does CloudKnox provide?
 
 CloudKnox complements Azure AD PIM. Azure AD PIM provides just-in-time access for admin roles in Azure (as well as Microsoft Online Services and apps that use groups), while CloudKnox allows multi-cloud discovery, remediation, and monitoring of privileged access across Azure, AWS, and GCP. 
@@ -109,9 +116,9 @@ Customers only need to track the evolution of their Permission Creep Index to mo
 ## Can customers generate permissions usage reports?
 
 Yes, CloudKnox has various types of system report available that capture specific data sets. These reports allow customers to:
-- Make timely decisions
-- Analyze usage trends and system/user performance
-- Identify high-risk areas
+- Make timely decisions.
+- Analyze usage trends and system/user performance.
+- Identify high-risk areas.
 
 For information about permissions usage reports, see [Generate and download the Permissions analytics report](cloudknox-product-permissions-analytics-reports.md).
 

articles/active-directory/cloud-infrastructure-entitlement-management/cloudknox-onboard-aws.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/10/2022
+ms.date: 04/20/2022
 ms.author: v-ydequadros
 ---
 
@@ -18,6 +18,9 @@ ms.author: v-ydequadros
 > CloudKnox Permissions Management (CloudKnox) is currently in PREVIEW.
 > Some information relates to a prerelease product that may be substantially modified before it's released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
+> [!NOTE] 
+> The CloudKnox Permissions Management (CloudKnox) PREVIEW is currently not available for tenants hosted in the European Union (EU).
+
 
 This article describes how to onboard an Amazon Web Services (AWS) account on CloudKnox Permissions Management (CloudKnox).
 

articles/active-directory/cloud-infrastructure-entitlement-management/cloudknox-onboard-azure.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/10/2022
+ms.date: 04/20/2022
 ms.author: v-ydequadros
 ---
 
@@ -18,6 +18,9 @@ ms.author: v-ydequadros
 > CloudKnox Permissions Management (CloudKnox) is currently in PREVIEW.
 > Some information relates to a prerelease product that may be substantially modified before it's released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
+> [!NOTE] 
+> The CloudKnox Permissions Management (CloudKnox) PREVIEW is currently not available for tenants hosted in the European Union (EU).
+
 This article describes how to onboard a Microsoft Azure subscription or subscriptions on CloudKnox Permissions Management (CloudKnox). Onboarding a subscription creates a new authorization system to represent the Azure subscription in CloudKnox. 
 
 > [!NOTE] 

articles/active-directory/cloud-infrastructure-entitlement-management/cloudknox-onboard-enable-tenant.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/14/2022
+ms.date: 04/20/2022
 ms.author: v-ydequadros
 ---
 
@@ -18,6 +18,12 @@ ms.author: v-ydequadros
 > CloudKnox Permissions Management (CloudKnox) is currently in PREVIEW.
 > Some information relates to a prerelease product that may be substantially modified before it's released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
+
+> [!NOTE] 
+> The CloudKnox Permissions Management (CloudKnox) PREVIEW is currently not available for tenants hosted in the European Union (EU).
+
+
+
 This article describes how to enable CloudKnox Permissions Management (CloudKnox) in your organization. Once you've enabled CloudKnox, you can connect it to your Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) platforms.
 
 > [!NOTE] 

articles/active-directory/cloud-infrastructure-entitlement-management/cloudknox-onboard-gcp.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/14/2022
+ms.date: 04/20/2022
 ms.author: v-ydequadros
 ---
 
@@ -18,6 +18,11 @@ ms.author: v-ydequadros
 > CloudKnox Permissions Management (CloudKnox) is currently in PREVIEW.
 > Some information relates to a prerelease product that may be substantially modified before it's released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
+
+> [!NOTE] 
+> The CloudKnox Permissions Management (CloudKnox) PREVIEW is currently not available for tenants hosted in the European Union (EU).
+
+
 This article describes how to onboard a Google Cloud Platform (GCP) project on CloudKnox Permissions Management (CloudKnox).
 
 > [!NOTE]

articles/active-directory/cloud-infrastructure-entitlement-management/cloudknox-overview.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: overview
-ms.date: 03/10/2022
+ms.date: 04/20/2022
 ms.author: v-ydequadros
 ---
 
@@ -19,6 +19,9 @@ ms.author: v-ydequadros
 > CloudKnox Permissions Management (CloudKnox) is currently in PREVIEW.
 > Some information relates to a prerelease product that may be substantially modified before it's released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
+> [!NOTE] 
+> The CloudKnox Permissions Management (CloudKnox) PREVIEW is currently not available for tenants hosted in the European Union (EU).
+
 ## Overview
 
 CloudKnox Permissions Management (CloudKnox) is a cloud infrastructure entitlement management (CIEM) solution that provides comprehensive visibility into permissions assigned to all identities. For example, over-privileged workload and user identities, actions, and resources across multi-cloud infrastructures in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). 

articles/active-directory/cloud-infrastructure-entitlement-management/cloudknox-training-videos.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/14/2022
+ms.date: 04/20/2022
 ms.author: v-ydequadros
 ---
 
@@ -31,33 +31,7 @@ To view a video on how to configure and onboard Amazon Web Services (AWS) accoun
 
 To view a video on how to configure and onboard Google Cloud Platform (GCP) accounts in CloudKnox, select [Configure and onboard GCP accounts](https://www.youtube.com/watch?app=desktop&v=W3epcOaec28).
 
-<!---## Privilege on demand (POD) work flows
 
-- View a step-by-step video on the [privilege on demand (POD) work flow from the Just Enough Permissions (JEP) Controller](https://vimeo.com/461508166/3d88107f41).
-
-## Usage analytics
-
-- View a step-by-step video on [usage analytics](https://vimeo.com/461509556/b7bb392b83).
-
-## Just Enough Permissions (JEP) roles and policies
-
-- View a step-by-step video on [how to use and interpret data on the Role/Policy tab under the JEP Controller](https://vimeo.com/461510754/3dd31d85b7).
-
-## Attach or detach permissions for users, roles, and resources
-
-- View a step-by-step video on [how to attach and detach permissions for users, roles, and resources](https://vimeo.com/461512552/6f6a06e6c1).
-
-## Audit trails
-
-- View a step-by-step video on [how to use the audit trail](https://vimeo.com/461513290/b431a38b6c).
-
-## Alert triggers
-
-- View a step-by-step video on [how to create an alert trigger](https://vimeo.com/461881849/019c843cc6).
-
-## Group permissions
-
-- View a step-by-step video on [how to create group-based permissions](https://vimeo.com/462797947/d041de9157).--->
 
 
 ## Next steps

articles/active-directory/privileged-identity-management/media/pim-resource-roles-assign-roles/new-assignment-condition-expression.png

@@ -10,7 +10,7 @@ ms.topic: how-to
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: pim
-ms.date: 02/02/2022
+ms.date: 04/18/2022
 ms.author: curtand
 ms.custom: pim
 ms.collection: M365-identity-device-management
@@ -86,6 +86,14 @@ Follow these steps to make a user eligible for an Azure resource role.
 
 1. To specify a specific assignment duration, change the start and end dates and times.
 
+1. If the role has been defined with actions that permit assignments to that role with conditions, then you can select **Add condition** to add a condition based on the principal user and resource attributes that are part of the assignment.
+
+    ![New assignment - Conditions](./media/pim-resource-roles-assign-roles/new-assignment-conditions.png)
+    
+    Conditions can be entered in the expression builder. 
+
+    ![New assignment - Condition built from an expression](./media/pim-resource-roles-assign-roles/new-assignment-condition-expression.png)
+
 1. When finished, select **Assign**.
 
 1. After the new role assignment is created, a status notification is displayed.