MicrosoftDocs
diff --git a/‎articles/role-based-access-control/built-in-roles.md
Lines changed: 9 additions & 11 deletions b/‎articles/role-based-access-control/built-in-roles.md
Lines changed: 9 additions & 11 deletions
@@ -2,12 +2,12 @@
 title: Azure built-in roles - Azure RBAC
 description: This article describes the Azure built-in roles for Azure role-based access control (Azure RBAC). It lists Actions, NotActions, DataActions, and NotDataActions.
 ms.service: role-based-access-control
-ms.topic: reference
+ms.topic: generated-reference
 ms.workload: identity
 author: rolyon
 manager: femila
 ms.author: rolyon
-ms.date: 01/25/2025
+ms.date: 04/25/2025
 ms.custom: generated
 ---
 
@@ -316,9 +316,9 @@ The following table provides a brief description of each built-in role. Click th
 > | <a name='cognitive-services-speech-user'></a>[Cognitive Services Speech User](./built-in-roles/ai-machine-learning.md#cognitive-services-speech-user) | Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models. | f2dc8367-1007-4938-bd23-fe263f013447 |
 > | <a name='cognitive-services-usages-reader'></a>[Cognitive Services Usages Reader](./built-in-roles/ai-machine-learning.md#cognitive-services-usages-reader) | Minimal permission to view Cognitive Services usages. | bba48692-92b0-4667-a9ad-c31c7b334ac2 |
 > | <a name='cognitive-services-user'></a>[Cognitive Services User](./built-in-roles/ai-machine-learning.md#cognitive-services-user) | Lets you read and list keys of Cognitive Services. | a97b65f3-24c7-4388-baec-2e87135dc908 |
-> | <a name='health-bot-admin'></a>[Health Bot Admin](./built-in-roles/ai-machine-learning.md#health-bot-admin) | Users with admin access can sign in, view and edit all of the bot resources, scenarios and configuration setting including the bot instance keys & secrets. | f1082fec-a70f-419f-9230-885d2550fb38 |
-> | <a name='health-bot-editor'></a>[Health Bot Editor](./built-in-roles/ai-machine-learning.md#health-bot-editor) | Users with editor access can sign in, view and edit all the bot resources, scenarios and configuration setting except for the bot instance keys & secrets and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). A read-only access to the bot skills and channels. | af854a69-80ce-4ff7-8447-f1118a2e0ca8 |
-> | <a name='health-bot-reader'></a>[Health Bot Reader](./built-in-roles/ai-machine-learning.md#health-bot-reader) | Users with reader access can sign in, have read-only access to the bot resources, scenarios and configuration setting except for the bot instance keys & secrets (including Authentication, Data Connection and Channels keys) and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). | eb5a76d5-50e7-4c33-a449-070e7c9c4cf2 |
+> | <a name='healthcare-agent-admin'></a>[Healthcare Agent Admin](./built-in-roles/ai-machine-learning.md#healthcare-agent-admin) | Users with admin access can sign in, view and edit all of the bot resources, scenarios and configuration setting including the bot instance keys & secrets. | f1082fec-a70f-419f-9230-885d2550fb38 |
+> | <a name='healthcare-agent-editor'></a>[Healthcare Agent Editor](./built-in-roles/ai-machine-learning.md#healthcare-agent-editor) | Users with editor access can sign in, view and edit all the bot resources, scenarios and configuration setting except for the bot instance keys & secrets and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). A read-only access to the bot skills and channels. | af854a69-80ce-4ff7-8447-f1118a2e0ca8 |
+> | <a name='healthcare-agent-reader'></a>[Healthcare Agent Reader](./built-in-roles/ai-machine-learning.md#healthcare-agent-reader) | Users with reader access can sign in, have read-only access to the bot resources, scenarios and configuration setting except for the bot instance keys & secrets (including Authentication, Data Connection and Channels keys) and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). | eb5a76d5-50e7-4c33-a449-070e7c9c4cf2 |
 > | <a name='search-index-data-contributor'></a>[Search Index Data Contributor](./built-in-roles/ai-machine-learning.md#search-index-data-contributor) | Grants full access to Azure Cognitive Search index data. | 8ebe5a00-799e-43f5-93ac-243d3dce84a7 |
 > | <a name='search-index-data-reader'></a>[Search Index Data Reader](./built-in-roles/ai-machine-learning.md#search-index-data-reader) | Grants read access to Azure Cognitive Search index data. | 1407120a-92aa-4202-b7e9-c0e197c71c8f |
 > | <a name='search-service-contributor'></a>[Search Service Contributor](./built-in-roles/ai-machine-learning.md#search-service-contributor) | Lets you manage Search services, but not access to them. | 7ca78c08-252a-4471-8644-bb5ff32d4ba0 |
@@ -383,8 +383,6 @@ The following table provides a brief description of each built-in role. Click th
 > | <a name='azure-service-bus-data-receiver'></a>[Azure Service Bus Data Receiver](./built-in-roles/integration.md#azure-service-bus-data-receiver) | Allows for receive access to Azure Service Bus resources. | 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0 |
 > | <a name='azure-service-bus-data-sender'></a>[Azure Service Bus Data Sender](./built-in-roles/integration.md#azure-service-bus-data-sender) | Allows for send access to Azure Service Bus resources. | 69a216fc-b8fb-44d8-bc22-1f3c2cd27a39 |
 > | <a name='biztalk-contributor'></a>[BizTalk Contributor](./built-in-roles/integration.md#biztalk-contributor) | Lets you manage BizTalk services, but not access to them. | 5e3c6656-6cfa-4708-81fe-0de47ac73342 |
-> | <a name='chamber-admin'></a>[Chamber Admin](./built-in-roles/integration.md#chamber-admin) | Lets you manage everything under your Modeling and Simulation Workbench chamber. | 4e9b8407-af2e-495b-ae54-bb60a55b1b5a |
-> | <a name='chamber-user'></a>[Chamber User](./built-in-roles/integration.md#chamber-user) | Lets you view everything under your Modeling and Simulation Workbench chamber, but not make any changes. | 4447db05-44ed-4da3-ae60-6cbece780e32 |
 > | <a name='deid-batch-data-owner'></a>[DeID Batch Data Owner](./built-in-roles/integration.md#deid-batch-data-owner) | Create and manage DeID batch jobs. This role is in preview and subject to change. | 8a90fa6b-6997-4a07-8a95-30633a7c97b9 |
 > | <a name='deid-batch-data-reader'></a>[DeID Batch Data Reader](./built-in-roles/integration.md#deid-batch-data-reader) | Read DeID batch jobs. This role is in preview and subject to change. | b73a14ee-91f5-41b7-bd81-920e12466be9 |
 > | <a name='deid-data-owner'></a>[DeID Data Owner](./built-in-roles/integration.md#deid-data-owner) | Full access to DeID data. This role is in preview and subject to change | 78e4b983-1a0b-472e-8b7d-8d770f7c5890 |
@@ -434,8 +432,8 @@ The following table provides a brief description of each built-in role. Click th
 > [!div class="mx-tableFixed"]
 > | Built-in role | Description | ID |
 > | --- | --- | --- |
-> | <a name='app-compliance-automation-administrator'></a>[App Compliance Automation Administrator](./built-in-roles/security.md#app-compliance-automation-administrator) | Create, read, download, modify and delete reports objects and related other resource objects. | 0f37683f-2463-46b6-9ce7-9b788b988ba2 |
-> | <a name='app-compliance-automation-reader'></a>[App Compliance Automation Reader](./built-in-roles/security.md#app-compliance-automation-reader) | Read, download the reports objects and related other resource objects. | ffc6bbe0-e443-4c3b-bf54-26581bb2f78e |
+> | <a name='app-compliance-automation-administrator'></a>[App Compliance Automation Administrator](./built-in-roles/security.md#app-compliance-automation-administrator) | Allows managing App Compliance Automation tool for Microsoft 365 | 0f37683f-2463-46b6-9ce7-9b788b988ba2 |
+> | <a name='app-compliance-automation-reader'></a>[App Compliance Automation Reader](./built-in-roles/security.md#app-compliance-automation-reader) | Allows read-only access to App Compliance Automation tool for Microsoft 365 | ffc6bbe0-e443-4c3b-bf54-26581bb2f78e |
 > | <a name='attestation-contributor'></a>[Attestation Contributor](./built-in-roles/security.md#attestation-contributor) | Can read write or delete the attestation provider instance | bbf86eb8-f7b4-4cce-96e4-18cddf81d86e |
 > | <a name='attestation-reader'></a>[Attestation Reader](./built-in-roles/security.md#attestation-reader) | Can read the attestation provider properties | fd1bd22b-8476-40bc-a0bc-69b95687b9f3 |
 > | <a name='key-vault-administrator'></a>[Key Vault Administrator](./built-in-roles/security.md#key-vault-administrator) | Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Cannot manage key vault resources or manage role assignments. Only works for key vaults that use the 'Azure role-based access control' permission model. | 00482a5a-887f-4fb3-b363-3b7fe8e74483 |
@@ -450,6 +448,7 @@ The following table provides a brief description of each built-in role. Click th
 > | <a name='key-vault-reader'></a>[Key Vault Reader](./built-in-roles/security.md#key-vault-reader) | Read metadata of key vaults and its certificates, keys, and secrets. Cannot read sensitive values such as secret contents or key material. Only works for key vaults that use the 'Azure role-based access control' permission model. | 21090545-7ca7-4776-b22c-e363652d74d2 |
 > | <a name='key-vault-secrets-officer'></a>[Key Vault Secrets Officer](./built-in-roles/security.md#key-vault-secrets-officer) | Perform any action on the secrets of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. | b86a8fe4-44ce-4948-aee5-eccb2c155cd7 |
 > | <a name='key-vault-secrets-user'></a>[Key Vault Secrets User](./built-in-roles/security.md#key-vault-secrets-user) | Read secret contents. Only works for key vaults that use the 'Azure role-based access control' permission model. | 4633458b-17de-408a-b874-0445c86b69e6 |
+> | <a name='locks-contributor'></a>[Locks Contributor](./built-in-roles/security.md#locks-contributor) | Can Manage Locks Operations. | 28bf596f-4eb7-45ce-b5bc-6cf482fec137 |
 > | <a name='managed-hsm-contributor'></a>[Managed HSM contributor](./built-in-roles/security.md#managed-hsm-contributor) | Lets you manage managed HSM pools, but not access to them. | 18500a29-7fe2-46b2-a342-b16a415e101d |
 > | <a name='microsoft-sentinel-automation-contributor'></a>[Microsoft Sentinel Automation Contributor](./built-in-roles/security.md#microsoft-sentinel-automation-contributor) | Microsoft Sentinel Automation Contributor | f4c81013-99ee-4d62-a7ee-b3f1f648599a |
 > | <a name='microsoft-sentinel-contributor'></a>[Microsoft Sentinel Contributor](./built-in-roles/security.md#microsoft-sentinel-contributor) | Microsoft Sentinel Contributor | ab8e14d6-4a74-4a29-9ba8-549422addade |
@@ -460,7 +459,6 @@ The following table provides a brief description of each built-in role. Click th
 > | <a name='security-assessment-contributor'></a>[Security Assessment Contributor](./built-in-roles/security.md#security-assessment-contributor) | Lets you push assessments to Microsoft Defender for Cloud | 612c2aa1-cb24-443b-ac28-3ab7272de6f5 |
 > | <a name='security-manager-legacy'></a>[Security Manager (Legacy)](./built-in-roles/security.md#security-manager-legacy) | This is a legacy role. Please use Security Admin instead. | e3d13bf0-dd5a-482e-ba6b-9b8433878d10 |
 > | <a name='security-reader'></a>[Security Reader](./built-in-roles/security.md#security-reader) | View permissions for Microsoft Defender for Cloud. Can view recommendations, alerts, a security policy, and security states, but cannot make changes.<br><br>For Microsoft Defender for IoT, see [Azure user roles for OT and Enterprise IoT monitoring](/azure/defender-for-iot/organizations/roles-azure). | 39bc4728-0917-49c7-9d2c-d95423bc2eb4 |
-> | <a name='locks-contributor'></a>[Locks Contributor](./built-in-roles/security.md#locks-contributor) | Lets you manage locks operations | 28bf596f-4eb7-45ce-b5bc-6cf482fec137 |
 
 ## DevOps
 
@@ -560,7 +558,7 @@ The following table provides a brief description of each built-in role. Click th
 > [!div class="mx-tableFixed"]
 > | Built-in role | Description | ID |
 > | --- | --- | --- |
-> | <a name='azure-resource-bridge-deployment-role'></a>[Azure Resource Bridge Deployment Role](./built-in-roles/hybrid-multicloud.md#azure-resource-bridge-deployment-role) | Azure Resource Bridge Deployment Role | 7b1f81f9-4196-4058-8aae-762e593270df |
+> | <a name='azure-resource-bridge-deployment-role'></a>[Azure Resource Bridge Deployment Role](./built-in-roles/hybrid-multicloud.md#azure-resource-bridge-deployment-role) | Azure Resource Bridge Deployment Role is used only for Azure Stack HCI. | 7b1f81f9-4196-4058-8aae-762e593270df |
 > | <a name='azure-stack-hci-administrator'></a>[Azure Stack HCI Administrator](./built-in-roles/hybrid-multicloud.md#azure-stack-hci-administrator) | Grants full access to the cluster and its resources, including the ability to register Azure Local and assign others as Azure Stack HCI VM Contributor and/or Azure Stack HCI VM Reader | bda0d508-adf1-4af0-9c28-88919fc3ae06 |
 > | <a name='azure-stack-hci-connected-infravms'></a>[Azure Stack HCI Connected InfraVMs](./built-in-roles/hybrid-multicloud.md#azure-stack-hci-connected-infravms) | Role of Arc Integration for Azure Stack HCI Infrastructure Virtual Machines. | c99c945f-8bd1-4fb1-a903-01460aae6068 |
 > | <a name='azure-stack-hci-device-management-role'></a>[Azure Stack HCI Device Management Role](./built-in-roles/hybrid-multicloud.md#azure-stack-hci-device-management-role) | Microsoft.AzureStackHCI Device Management Role | 865ae368-6a45-4bd1-8fbf-0d5151f56fc1 |