Remove preview references

rolyon · rolyon · commit 05e592f42c2e · 2024-01-28T15:04:12.000-08:00
diff --git a/articles/role-based-access-control/best-practices.md b/articles/role-based-access-control/best-practices.md
@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: role-based-access-control
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 11/29/2023
+ms.date: 01/30/2024
 ms.author: rolyon
 
 #Customer intent: As a dev, devops, or it admin, I want to learn how to best use Azure RBAC.
@@ -40,7 +40,7 @@ Some roles are identified as [privileged administrator roles](./role-assignments
 - Remove unnecessary privileged role assignments.
 - Avoid assigning a privileged administrator role when a [job function role](./role-assignments-steps.md#job-function-roles) can be used instead.
 - If you must assign a privileged administrator role, use a narrow scope, such as resource group or resource, instead of a broader scope, such as management group or subscription.
-- If you are assigning a role with permission to create role assignments, consider adding a condition to constrain the role assignment. For more information, see [Delegate Azure role assignment management to others with conditions (preview)](delegate-role-assignments-portal.md).
+- If you are assigning a role with permission to create role assignments, consider adding a condition to constrain the role assignment. For more information, see [Delegate Azure role assignment management to others with conditions](delegate-role-assignments-portal.md).
 
 For more information, see [List or manage privileged administrator role assignments](./role-assignments-list-portal.md#list-or-manage-privileged-administrator-role-assignments).
 
diff --git a/articles/role-based-access-control/conditions-authorization-actions-attributes.md b/articles/role-based-access-control/conditions-authorization-actions-attributes.md
@@ -1,5 +1,5 @@
 ---
-title: Authorization actions and attributes (preview)
+title: Authorization actions and attributes
 description: Supported actions and attributes for Azure role assignment conditions and Azure attribute-based access control (Azure ABAC) in authorization
 services: active-directory
 author: rolyon
@@ -8,17 +8,13 @@ ms.service: role-based-access-control
 ms.subservice: conditions
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 11/29/2023
+ms.date: 01/30/2024
 ms.author: rolyon
 
 #Customer intent: As a dev, devops, or it admin, I want to 
 ---
 
-# Authorization actions and attributes (preview)
-
-> [!IMPORTANT]
-> Delegating Azure role assignment management with conditions is currently in PREVIEW.
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+# Authorization actions and attributes
 
 ## Authorization actions
 
@@ -94,5 +90,5 @@ This section lists the authorization attributes you can use in your condition ex
 
 ## Next steps
 
-- [Examples to delegate Azure role assignment management with conditions (preview)](delegate-role-assignments-examples.md)
-- [Delegate Azure role assignment management to others with conditions (preview)](delegate-role-assignments-portal.md)
+- [Examples to delegate Azure role assignment management with conditions](delegate-role-assignments-examples.md)
+- [Delegate Azure role assignment management to others with conditions](delegate-role-assignments-portal.md)
diff --git a/articles/role-based-access-control/delegate-role-assignments-examples.md b/articles/role-based-access-control/delegate-role-assignments-examples.md
@@ -1,5 +1,5 @@
 ---
-title: Examples to delegate Azure role assignment management with conditions (preview) - Azure ABAC
+title: Examples to delegate Azure role assignment management with conditions - Azure ABAC
 description: Examples to delegate Azure role assignment management to other users by using Azure attribute-based access control (Azure ABAC).
 services: active-directory
 author: rolyon
@@ -9,16 +9,12 @@ ms.subservice: conditions
 ms.topic: conceptual
 ms.workload: identity
 ms.custom: devx-track-azurepowershell
-ms.date: 12/01/2023
+ms.date: 01/30/2024
 ms.author: rolyon
 #Customer intent: As a dev, devops, or it admin, I want to learn about the conditions so that I write more complex conditions.
 ---
 
-# Examples to delegate Azure role assignment management with conditions (preview)
-
-> [!IMPORTANT]
-> Delegating Azure role assignment management with conditions is currently in PREVIEW.
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+# Examples to delegate Azure role assignment management with conditions
 
 This article lists examples of how to delegate Azure role assignment management to other users with conditions.
 
@@ -767,6 +763,6 @@ New-AzRoleAssignment -ObjectId $principalId -Scope $scope -RoleDefinitionId $rol
 
 ## Next steps
 
-- [Authorization actions and attributes (preview)](conditions-authorization-actions-attributes.md)
-- [Azure role assignment condition format and syntax (preview)](conditions-format.md)
-- [Troubleshoot Azure role assignment conditions (preview)](conditions-troubleshoot.md)
+- [Authorization actions and attributes](conditions-authorization-actions-attributes.md)
+- [Azure role assignment condition format and syntax](conditions-format.md)
+- [Troubleshoot Azure role assignment conditions](conditions-troubleshoot.md)
diff --git a/articles/role-based-access-control/delegate-role-assignments-overview.md b/articles/role-based-access-control/delegate-role-assignments-overview.md
@@ -8,7 +8,7 @@ ms.service: role-based-access-control
 ms.subservice: conditions
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 12/01/2023
+ms.date: 01/30/2024
 ms.author: rolyon
 
 #Customer intent: As a dev, devops, or it admin, I want to delegate Azure role assignment management to other users who are closer to the decision, but want to limit the scope of the role assignments.
@@ -52,11 +52,7 @@ Here are the primary issues with the current method of delegating role assignmen
 
 Instead of assigning the Owner or User Access Administrator roles, a more secure method is to constrain a delegate's ability to create role assignments.
 
-## A more secure method: Delegate role assignment management with conditions (preview)
-
-> [!IMPORTANT]
-> Delegating Azure role assignment management with conditions is currently in PREVIEW.
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+## A more secure method: Delegate role assignment management with conditions
 
 Delegating role assignment management with conditions is a way to restrict the role assignments a user can create. In the preceding example, Alice can allow Dara to create some role assignments on her behalf, but not all role assignments. For example, Alice can constrain the roles that Dara can assign and constrain the principals that Dara can assign roles to. This delegation with conditions is sometimes referred to as *constrained delegation* and is implemented using [Azure attribute-based access control (Azure ABAC) conditions](conditions-overview.md).
 
@@ -141,15 +137,15 @@ To delegate role assignment management with conditions, you assign roles as you
 
     Choose from a list of condition templates. Select **Configure** to specify the roles, principal types, or principals.
 
-    For more information, see [Delegate Azure role assignment management to others with conditions (preview)](delegate-role-assignments-portal.md).
+    For more information, see [Delegate Azure role assignment management to others with conditions](delegate-role-assignments-portal.md).
     
     :::image type="content" source="./media/shared/condition-templates.png" alt-text="Screenshot of Add role assignment condition with a list of condition templates." lightbox="./media/shared/condition-templates.png":::
 
     # [Condition editor](#tab/condition-editor)
 
     If the condition templates don't work for your scenario or if you want more control, you can use the condition editor.
 
-    For examples, see [Examples to delegate Azure role assignment management with conditions (preview)](delegate-role-assignments-examples.md).
+    For examples, see [Examples to delegate Azure role assignment management with conditions](delegate-role-assignments-examples.md).
 
     :::image type="content" source="./media/shared/delegate-role-assignments-expression.png" alt-text="Screenshot of condition editor in Azure portal showing a role assignment condition to delegate role assignment management." lightbox="./media/shared/delegate-role-assignments-expression.png":::
 
@@ -248,7 +244,9 @@ To delegate role assignment management with conditions, you assign roles as you
 
 ## Built-in roles with conditions
 
-The [Key Vault Data Access Administrator](built-in-roles.md#key-vault-data-access-administrator) role already has a built-in condition to constrain role assignments. This role enables you to manage access to Key Vault secrets, certificates, and keys. It's exclusively focused on access control without the ability to assign privileged roles such as Owner or User Access Administrator roles. It allows better separation of duties for scenarios like managing encryption at rest across data services to further comply with least privilege principle. The condition constrains role assignments to the following Azure Key Vault roles:
+The [Key Vault Data Access Administrator](built-in-roles.md#key-vault-data-access-administrator) and [Virtual Machine Data Access Administrator (preview)](built-in-roles.md#virtual-machine-data-access-administrator-preview) roles already have a built-in condition to constrain role assignments.
+
+The Key Vault Data Access Administrator role enables you to manage access to Key Vault secrets, certificates, and keys. It's exclusively focused on access control without the ability to assign privileged roles such as Owner or User Access Administrator roles. It allows better separation of duties for scenarios like managing encryption at rest across data services to further comply with least privilege principle. The condition constrains role assignments to the following Azure Key Vault roles:
 
 - [Key Vault Administrator](built-in-roles.md#key-vault-administrator)
 - [Key Vault Certificates Officer](built-in-roles.md#key-vault-certificates-officer)
@@ -267,18 +265,17 @@ If you want to further constrain the Key Vault Data Access Administrator role as
 
 ## Known issues
 
-Here are the known issues related to delegating role assignment management with conditions (preview):
+Here are the known issues related to delegating role assignment management with conditions:
 
 - You can't delegate role assignment management with conditions using [Privileged Identity Management](../active-directory/privileged-identity-management/pim-resource-roles-assign-roles.md).
 - You can't have a role assignment with a Microsoft.Storage data action and an ABAC condition that uses a GUID comparison operator. For more information, see [Troubleshoot Azure RBAC](troubleshooting.md#symptom---authorization-failed).
-- This preview isn't available in Azure Government or Microsoft Azure operated by 21Vianet.
 
 ## License requirements
 
 [!INCLUDE [Azure AD free license](../../includes/active-directory-free-license.md)]
 
 ## Next steps
 
-- [Delegate Azure role assignment management to others with conditions (preview)](delegate-role-assignments-portal.md)
+- [Delegate Azure role assignment management to others with conditions](delegate-role-assignments-portal.md)
 - [What is Azure attribute-based access control (Azure ABAC)?](conditions-overview.md)
-- [Examples to delegate Azure role assignment management with conditions (preview)](delegate-role-assignments-examples.md)
+- [Examples to delegate Azure role assignment management with conditions](delegate-role-assignments-examples.md)
diff --git a/articles/role-based-access-control/delegate-role-assignments-portal.md b/articles/role-based-access-control/delegate-role-assignments-portal.md
@@ -1,5 +1,5 @@
 ---
-title: Delegate Azure role assignment management to others with conditions (preview) - Azure ABAC
+title: Delegate Azure role assignment management to others with conditions - Azure ABAC
 description: How to delegate Azure role assignment management to other users by using Azure attribute-based access control (Azure ABAC).
 services: active-directory
 author: rolyon
@@ -8,17 +8,13 @@ ms.service: role-based-access-control
 ms.subservice: conditions
 ms.topic: how-to
 ms.workload: identity
-ms.date: 12/01/2023
+ms.date: 01/30/2024
 ms.author: rolyon
 
 #Customer intent: As a dev, devops, or it admin, I want to delegate Azure role assignment management to other users who are closer to the decision, but want to limit the scope of the role assignments.
 ---
 
-# Delegate Azure role assignment management to others with conditions (preview)
-
-> [!IMPORTANT]
-> Delegating Azure role assignment management with conditions is currently in PREVIEW.
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+# Delegate Azure role assignment management to others with conditions
 
 As an administrator, you might get several requests to grant access to Azure resources that you want to delegate to someone else. You could assign a user the [Owner](built-in-roles.md#owner) or [User Access Administrator](built-in-roles.md#user-access-administrator) roles, but these are highly privileged roles. This article describes a more secure way to [delegate role assignment management](delegate-role-assignments-overview.md) to other users in your organization, but add restrictions for those role assignments. For example, you can constrain the roles that can be assigned or constrain the principals the roles can be assigned to.
 
@@ -39,7 +35,7 @@ To help determine the permissions the delegate needs, answer the following quest
 - Which principals can the delegate assign roles to?
 - Can delegate remove any role assignments?
 
-Once you know the permissions that delegate needs, you use the following steps to add a condition to the delegate's role assignment. For example conditions, see [Examples to delegate Azure role assignment management with conditions (preview)](delegate-role-assignments-examples.md).
+Once you know the permissions that delegate needs, you use the following steps to add a condition to the delegate's role assignment. For example conditions, see [Examples to delegate Azure role assignment management with conditions](delegate-role-assignments-examples.md).
 
 ## Step 2: Start a new role assignment
 
diff --git a/articles/role-based-access-control/role-assignments-list-portal.md b/articles/role-based-access-control/role-assignments-list-portal.md
@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: role-based-access-control
 ms.topic: how-to
 ms.workload: identity
-ms.date: 11/29/2023
+ms.date: 01/30/2024
 ms.author: rolyon
 ---
 
@@ -70,7 +70,7 @@ On the **Role assignments** tab, you can list and see the count of privileged ad
 
 1. To manage privileged administrator role assignments, see the **Privileged** card and click **View assignments**.
 
-    On the **Manage privileged role assignments** page, you can add a condition to constrain the privileged role assignment or remove the role assignment. For more information, see [Delegate Azure role assignment management to others with conditions (preview)](delegate-role-assignments-portal.md).
+    On the **Manage privileged role assignments** page, you can add a condition to constrain the privileged role assignment or remove the role assignment. For more information, see [Delegate Azure role assignment management to others with conditions](delegate-role-assignments-portal.md).
 
     :::image type="content" source="./media/role-assignments-list-portal/access-control-role-assignments-privileged-manage.png" alt-text="Screenshot of Manage privileged role assignments page showing how to add conditions or remove role assignments." lightbox="./media/role-assignments-list-portal/access-control-role-assignments-privileged-manage.png":::
 
diff --git a/articles/role-based-access-control/role-assignments-portal.md b/articles/role-based-access-control/role-assignments-portal.md
@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: role-based-access-control
 ms.topic: how-to
 ms.workload: identity
-ms.date: 12/01/2023
+ms.date: 01/30/2024
 ms.author: rolyon
 ms.custom: contperf-fy21q3-portal,subject-rbac-steps
 ---
@@ -138,7 +138,7 @@ If you selected one of the following privileged roles, follow the steps in this
 
 1. Click **Add condition** to add a condition that constrains the roles and principals this user can assign roles to.
 
-1. Follow the steps in [Delegate Azure role assignment management to others with conditions (preview)](delegate-role-assignments-portal.md#step-3-add-a-condition).
+1. Follow the steps in [Delegate Azure role assignment management to others with conditions](delegate-role-assignments-portal.md#step-3-add-a-condition).
 
 # [Storage condition](#tab/storage-condition)
 
