Merge pull request #111443 from rolyon/rolyon-rbac-custom-roles-ga

[Azure RBAC] Custom roles in portal

Author: shawnmariejones

articles/role-based-access-control/custom-roles-portal.md

@@ -1,5 +1,5 @@
 ---
-title: Create or update Azure custom roles using the Azure portal (Preview) - Azure RBAC
+title: Create or update Azure custom roles using the Azure portal - Azure RBAC
 description: Learn how to create Azure custom roles for Azure role-based access control (Azure RBAC) using the Azure portal. This includes how to list, create, update, and delete custom roles.
 services: active-directory
 documentationcenter: ''
@@ -11,18 +11,13 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 02/26/2020
+ms.date: 04/30/2020
 ms.author: rolyon
 ---
 
-# Create or update Azure custom roles using the Azure portal (Preview)
+# Create or update Azure custom roles using the Azure portal
 
-> [!IMPORTANT]
-> Azure custom roles using the Azure portal is currently in public preview.
-> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
-> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
-
-If the [Azure built-in roles](built-in-roles.md) don't meet the specific needs of your organization, you can create your own Azure custom roles. Just like built-in roles, you can assign custom roles to users, groups, and service principals at subscription and resource group scopes. Custom roles are stored in an Azure Active Directory (Azure AD) directory and can be shared across subscriptions. Each directory can have up to 5000 custom roles. Custom roles can be created using the Azure portal, Azure PowerShell, Azure CLI, or the REST API. This article describes how to create custom roles using the Azure portal (currently in preview).
+If the [Azure built-in roles](built-in-roles.md) don't meet the specific needs of your organization, you can create your own Azure custom roles. Just like built-in roles, you can assign custom roles to users, groups, and service principals at subscription and resource group scopes. Custom roles are stored in an Azure Active Directory (Azure AD) directory and can be shared across subscriptions. Each directory can have up to 5000 custom roles. Custom roles can be created using the Azure portal, Azure PowerShell, Azure CLI, or the REST API. This article describes how to create custom roles using the Azure portal.
 
 ## Prerequisites
 
@@ -73,7 +68,7 @@ If you prefer, you can follow these steps to start a custom role from scratch.
 
 1. In the Azure portal, open a subscription or resource group where you want the custom role to be assignable and then open **Access control (IAM)**.
 
-1. Click **Add** and then click **Add custom role (preview)**.
+1. Click **Add** and then click **Add custom role**.
 
     ![Add custom role menu](./media/custom-roles-portal/add-custom-role-menu.png)
 
@@ -137,7 +132,7 @@ If you prefer, you can specify most of your custom role values in a JSON file. Y
 
 1. In the Azure portal, open the **Access control (IAM)** page.
 
-1. Click **Add** and then click **Add custom role (preview)**.
+1. Click **Add** and then click **Add custom role**.
 
     ![Add custom role menu](./media/custom-roles-portal/add-custom-role-menu.png)
 
@@ -256,7 +251,7 @@ When you exclude a permission, it is added as a `NotActions` or `NotDataActions`
 
 ## Step 5: Assignable scopes
 
-On the **Assignable scopes** tab, you specify where your custom role is available for assignment, such as subscription or resource group. Depending on how you chose to start, this tab might list the scope where you opened the Access control (IAM) page. Setting assignable scope to root scope ("/") is not supported. For this preview, you cannot add a management group as an assignable scope.
+On the **Assignable scopes** tab, you specify where your custom role is available for assignment, such as subscription or resource group. Depending on how you chose to start, this tab might list the scope where you opened the Access control (IAM) page. Setting assignable scope to root scope ("/") is not supported. Currently, you cannot add a management group as an assignable scope.
 
 1. Click **Add assignable scopes** to open the Add assignable scopes pane.
 

articles/role-based-access-control/custom-roles.md

@@ -12,7 +12,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 03/19/2020
+ms.date: 04/30/2020
 ms.author: rolyon
 ms.reviewer: bagovind
 ms.custom: H1Hack27Feb2017
@@ -27,7 +27,7 @@ ms.custom: H1Hack27Feb2017
 
 If the [built-in roles for Azure resources](built-in-roles.md) don't meet the specific needs of your organization, you can create your own custom roles. Just like built-in roles, you can assign custom roles to users, groups, and service principals at management group, subscription, and resource group scopes.
 
-Custom roles can be shared between subscriptions that trust the same Azure AD directory. There is a limit of **5,000** custom roles per directory. (For Azure Germany and Azure China 21Vianet, the limit is 2,000 custom roles.) Custom roles can be created using the Azure portal (Preview), Azure PowerShell, Azure CLI, or the REST API.
+Custom roles can be shared between subscriptions that trust the same Azure AD directory. There is a limit of **5,000** custom roles per directory. (For Azure Germany and Azure China 21Vianet, the limit is 2,000 custom roles.) Custom roles can be created using the Azure portal, Azure PowerShell, Azure CLI, or the REST API.
 
 ## Custom role example
 
@@ -71,7 +71,7 @@ When you create a custom role, it appears in the Azure portal with an orange res
 
 1. Decide how you want to create the custom role
 
-    You can create custom roles using [Azure portal](custom-roles-portal.md) (Preview), [Azure PowerShell](custom-roles-powershell.md), [Azure CLI](custom-roles-cli.md), or the [REST API](custom-roles-rest.md).
+    You can create custom roles using [Azure portal](custom-roles-portal.md), [Azure PowerShell](custom-roles-powershell.md), [Azure CLI](custom-roles-cli.md), or the [REST API](custom-roles-rest.md).
 
 1. Determine the permissions you need
 
@@ -127,6 +127,6 @@ The following list describes the limits for custom roles.
 For more information about custom roles and management groups, see [Organize your resources with Azure management groups](../governance/management-groups/overview.md#custom-rbac-role-definition-and-assignment).
 
 ## Next steps
-- [Create or update Azure custom roles using the Azure portal (Preview)](custom-roles-portal.md)
+- [Create or update Azure custom roles using the Azure portal](custom-roles-portal.md)
 - [Understand role definitions for Azure resources](role-definitions.md)
 - [Troubleshoot RBAC for Azure resources](troubleshooting.md)

articles/role-based-access-control/index.yml

@@ -13,7 +13,7 @@ metadata:
   ms.collection: na
   author: rolyon
   ms.author: rolyon
-  ms.date: 08/26/2019
+  ms.date: 04/30/2020
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 
@@ -72,6 +72,10 @@ landingContent:
         links: 
           - text: Custom roles
             url: custom-roles.md
+      - linkListType: how-to-guide
+        links: 
+          - text: Create a custom role - Portal
+            url: custom-roles-portal.md
       - linkListType: tutorial
         links: 
           - text: Create a custom role - PowerShell