Merge pull request #111632 from BethWilke/branch120

Fixing documentation task 1707215

Author: shawnmariejones

articles/automation/automation-onboard-solutions-from-browse.md

@@ -107,7 +107,7 @@ When onboarding multiple machines, there may be machines that show as `Cannot en
 
 **Cause**: This error shows that the VM that you are trying to onboard reports to another workspace.
 
-**Solution**: Click **Use as configuration** to change the targeted Automation Account and Log Analytics workspace.
+**Solution**: Click **Use as configuration** to change the targeted Automation account and Log Analytics workspace.
 
 ### VM reports to a workspace that is not available in this subscription
 

articles/automation/automation-onboard-solutions-from-vm.md

@@ -21,7 +21,7 @@ First, enable one or all three of the solutions on your VM:
 
 1. In the [Azure portal](https://portal.azure.com), select **Virtual machines** or search for and select **Virtual machines** from the Home page.
 2. Select the VM for which you want to enable a solution.
-3. On the VM page, under **Operations**, select **Update management**, **Inventory**, or **Change tracking**. The virtual machine can exist in any region, no matter the location of your Automation account. When onboarding a solution from a VM, you need to have the `Microsoft.OperationalInsights/workspaces/read` permission to determine if the VM is onboarded to a workspace. To learn about additional permissions that are required, see [permissions needed to onboard machines](automation-role-based-access-control.md#onboarding). To learn how to onboard multiple machines at once, see [Onboard Update Management, Change Tracking, and Inventory solutions](automation-onboard-solutions-from-automation-account.md).
+3. On the VM page, under **Operations**, select **Update management**, **Inventory**, or **Change tracking**. The virtual machine can exist in any region, no matter the location of your Automation account. When onboarding a solution from a VM, you need to have the `Microsoft.OperationalInsights/workspaces/read` permission to determine if the VM is onboarded to a workspace. To learn about additional permissions that are required, see [permissions needed to onboard machines](automation-role-based-access-control.md#onboarding-permissions). To learn how to onboard multiple machines at once, see [Onboard Update Management, Change Tracking, and Inventory solutions](automation-onboard-solutions-from-automation-account.md).
 
 4. Select the Azure Log Analytics workspace and Automation account, and then click **Enable** to enable the solution. The solution takes up to 15 minutes to enable.
 

articles/automation/automation-quickstart-create-account.md

@@ -25,7 +25,7 @@ This quickstart guides you in creating an Automation account and running a runbo
     > [!NOTE]
     > You can't change the account name once it has been entered in the user interface. 
 
-2. Click the **Create a resource** button found on the upper left corner of Azure portal.
+2. Click the **Create a resource** button found in the upper left corner of Azure portal.
 
 3. Select **IT & Management Tools**, and then select **Automation**.
 
@@ -46,19 +46,19 @@ This quickstart guides you in creating an Automation account and running a runbo
 
 Run one of the tutorial runbooks.
 
-1. Click **Runbooks** under **PROCESS AUTOMATION**. The list of runbooks is displayed. By default several tutorial runbooks are enabled in the account.
+1. Click **Runbooks** under **Process Automation**. The list of runbooks is displayed. By default, several tutorial runbooks are enabled in the account.
 
     ![Automation account runbooks list](./media/automation-quickstart-create-account/automation-runbooks-overview.png)
 
 1. Select the **AzureAutomationTutorialScript** runbook. This action opens the runbook overview page.
 
     ![Runbook overview](./media/automation-quickstart-create-account/automation-tutorial-script-runbook-overview.png)
 
-1. Click **Start**, and on the **Start Runbook** page, click **OK** to start the runbook.
+1. Click **Start**, and on the Start Runbook page, click **OK** to start the runbook.
 
     ![Runbook job page](./media/automation-quickstart-create-account/automation-tutorial-script-job.png)
 
-1. After the **Job status** becomes **Running**, click **Output** or **All Logs** to view the runbook job output. For this tutorial runbook, the output is a list of your Azure resources.
+1. After the job status becomes `Running`, click **Output** or **All Logs** to view the runbook job output. For this tutorial runbook, the output is a list of your Azure resources.
 
 ## Next steps
 

articles/automation/automation-quickstart-create-runbook.md

@@ -18,7 +18,7 @@ If you don't have an Azure subscription, create a [free Azure account](https://a
 
 Sign in to Azure at https://portal.azure.com.
 
-## Create runbook
+## Create the runbook
 
 First, create a runbook. The sample runbook created in this quickstart outputs `Hello World` by default.
 
@@ -80,7 +80,7 @@ Once the runbook is published, the overview page is shown.
 
    ![Runbook test job](./media/automation-quickstart-create-runbook/automation-job-page.png)
 
-1. When the **Job status** is set to **Running** or **Completed**, click **Output** to open the Output pane and view the runbook output.
+1. When the job status is `Running` or `Completed`, click **Output** to open the Output pane and view the runbook output.
 
    ![Runbook test job](./media/automation-quickstart-create-runbook/automation-hello-world-runbook-job-output.png)
 

articles/automation/automation-role-based-access-control.md

@@ -11,6 +11,9 @@ ms.topic: conceptual
 
 Role-based access control (RBAC) enables access management for Azure resources. Using [RBAC](../role-based-access-control/overview.md), you can segregate duties within your team and grant only the amount of access to users, groups, and applications that they need to perform their jobs. You can grant role-based access to users using the Azure portal, Azure Command-Line tools, or Azure Management APIs.
 
+>[!NOTE]
+>This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see [Introducing the new Azure PowerShell Az module](https://docs.microsoft.com/powershell/azure/new-azureps-module-az?view=azps-3.5.0). For Az module installation instructions on your Hybrid Runbook Worker, see [Install the Azure PowerShell Module](https://docs.microsoft.com/powershell/azure/install-az-ps?view=azps-3.5.0). For your Automation account, you can update your modules to the latest version using [How to update Azure PowerShell modules in Azure Automation](automation-update-azure-modules.md).
+
 ## Roles in Automation accounts
 
 In Azure Automation, access is granted by assigning the appropriate RBAC role to users, groups, and applications at the Automation account scope. Following are the built-in roles supported by an Automation account:
@@ -198,11 +201,11 @@ A User Access Administrator can manage user access to Azure resources. The follo
 |Microsoft.Authorization/*|Manage authorization|
 |Microsoft.Support/*|Create and manage support tickets|
 
-## Onboarding
+## Onboarding permissions
 
-The following tables show the minimum required permissions needed for onboarding virtual machines for the change tracking or update management solutions.
+The following sections describe the minimum required permissions needed for onboarding virtual machines for the change tracking or update management solutions.
 
-### Onboarding from a virtual machine
+### Permissions for onboarding from a VM
 
 |**Action**  |**Permission**  |**Minimum scope**  |
 |---------|---------|---------|
@@ -224,7 +227,7 @@ The following tables show the minimum required permissions needed for onboarding
 
 <sup>1</sup> This permission is needed to onboard through the VM portal experience.
 
-### Onboarding from Automation account
+### Permissions for onboarding from Automation account
 
 |**Action**  |**Permission** |**Minimum Scope**  |
 |---------|---------|---------|
@@ -244,7 +247,7 @@ The following tables show the minimum required permissions needed for onboarding
 |Create / edit saved search     | Microsoft.OperationalInsights/workspaces/write           | Workspace        |
 |Create / edit scope config  | Microsoft.OperationalInsights/workspaces/write   | Workspace|
 
-## Update management
+## Update management permissions
 
 Update management reaches across multiple services to provide its service. The following table shows the permissions needed to manage update management deployments:
 
@@ -259,12 +262,12 @@ Update management reaches across multiple services to provide its service. The f
 
 ## Configure RBAC for your Automation account
 
-The following section shows you how to configure RBAC on your Automation account through the [portal](#configure-rbac-using-the-azure-portal) and [PowerShell](#configure-rbac-using-powershell).
+The following section shows you how to configure RBAC on your Automation account through the [Azure portal](#configure-rbac-using-the-azure-portal) and [PowerShell](#configure-rbac-using-powershell).
 
 ### Configure RBAC using the Azure portal
 
 1. Log in to the [Azure portal](https://portal.azure.com/) and open your Automation account from the Automation Accounts page.
-2. Click on the **Access control (IAM)** control at the top left corner to open the Access control (IAM) page. You can use this page to add new users, groups, and applications to manage your Automation account and view existing roles that are configurable for the Automation account.
+2. Click on **Access control (IAM)** to open the Access control (IAM) page. You can use this page to add new users, groups, and applications to manage your Automation account and view existing roles that are configurable for the Automation account.
 3. Click the **Role assignments** tab.
 
    ![Access button](media/automation-role-based-access-control/automation-01-access-button.png)
@@ -275,7 +278,7 @@ The following section shows you how to configure RBAC on your Automation account
 
 2. Select a role from the list of available roles. You can choose any of the available built-in roles that an Automation account supports or any custom role you may have defined.
 
-3. Type the username of the user that you want to give permissions to in the **Select** field. Choose the user from the list and click **Save**.
+3. Type the name of the user that you want to give permissions to in the **Select** field. Choose the user from the list and click **Save**.
 
    ![Add users](media/automation-role-based-access-control/automation-04-add-users.png)
 
@@ -305,10 +308,10 @@ You can remove the access permission for a user who is not managing the Automati
 
 You can also configure role-based access to an Automation account using the following [Azure PowerShell cmdlets](../role-based-access-control/role-assignments-powershell.md):
 
-[Get-AzureRmRoleDefinition](/previous-versions/azure/mt603792(v=azure.100)) lists all RBAC roles that are available in Azure Active Directory. You can use this cmdlet with the *Name* parameter to list all the actions that a specific role can perform.
+[Get-AzRoleDefinition](https://docs.microsoft.com/powershell/module/Az.Resources/Get-AzRoleDefinition?view=azps-3.7.0) lists all RBAC roles that are available in Azure Active Directory. You can use this cmdlet with the `Name` parameter to list all the actions that a specific role can perform.
 
 ```azurepowershell-interactive
-Get-AzureRmRoleDefinition -Name 'Automation Operator'
+Get-AzRoleDefinition -Name 'Automation Operator'
 ```
 
 The following is the example output:
@@ -324,12 +327,12 @@ NotActions       : {}
 AssignableScopes : {/}
 ```
 
-[Get-AzureRmRoleAssignment](/previous-versions/azure/mt619413(v=azure.100)) lists Azure AD RBAC role assignments at the specified scope. Without any parameters, this cmdlet returns all the role assignments made under the subscription. Use the *ExpandPrincipalGroups* parameter to list access assignments for the specified user, as well as the groups that the user belongs to.
+[Get-AzRoleAssignment](https://docs.microsoft.com/powershell/module/az.resources/get-azroleassignment?view=azps-3.7.0) lists Azure AD RBAC role assignments at the specified scope. Without any parameters, this cmdlet returns all the role assignments made under the subscription. Use the `ExpandPrincipalGroups` parameter to list access assignments for the specified user, as well as the groups that the user belongs to.
 
 **Example:** Use the following cmdlet to list all the users and their roles within an Automation account.
 
 ```azurepowershell-interactive
-Get-AzureRMRoleAssignment -scope '/subscriptions/<SubscriptionID>/resourcegroups/<Resource Group Name>/Providers/Microsoft.Automation/automationAccounts/<Automation account name>'
+Get-AzRoleAssignment -Scope '/subscriptions/<SubscriptionID>/resourcegroups/<Resource Group Name>/Providers/Microsoft.Automation/automationAccounts/<Automation account name>'
 ```
 
 The following is the example output:
@@ -346,12 +349,12 @@ ObjectId           : 15f26a47-812d-489a-8197-3d4853558347
 ObjectType         : User
 ```
 
-Use [New-AzureRmRoleAssignment](/previous-versions/azure/mt603580(v=azure.100)) to assign access to users, groups, and applications to a particular scope.
+Use [New-AzRoleAssignment](https://docs.microsoft.com/powershell/module/Az.Resources/New-AzRoleAssignment?view=azps-3.7.0) to assign access to users, groups, and applications to a particular scope.
 
 **Example:** Use the following command to assign the "Automation Operator" role for a user in the Automation account scope.
 
 ```azurepowershell-interactive
-New-AzureRmRoleAssignment -SignInName <sign-in Id of a user you wish to grant access> -RoleDefinitionName 'Automation operator' -Scope '/subscriptions/<SubscriptionID>/resourcegroups/<Resource Group Name>/Providers/Microsoft.Automation/automationAccounts/<Automation account name>'
+New-AzRoleAssignment -SignInName <sign-in Id of a user you wish to grant access> -RoleDefinitionName 'Automation operator' -Scope '/subscriptions/<SubscriptionID>/resourcegroups/<Resource Group Name>/Providers/Microsoft.Automation/automationAccounts/<Automation account name>'
 ```
 
 The following is the example output:
@@ -368,25 +371,25 @@ ObjectId           : f5ecbe87-1181-43d2-88d5-a8f5e9d8014e
 ObjectType         : User
 ```
 
-Use [Remove-AzureRmRoleAssignment](/previous-versions/azure/mt603781(v=azure.100)) to remove access of a specified user, group, or application from a particular scope.
+Use [Remove-AzRoleAssignment](https://docs.microsoft.com/powershell/module/Az.Resources/Remove-AzRoleAssignment?view=azps-3.7.0) to remove access of a specified user, group, or application from a particular scope.
 
-**Example:** Use the following command to remove the user from the “Automation Operator” role in the Automation account scope.
+**Example:** Use the following command to remove the user from the Automation Operator role in the Automation account scope.
 
 ```azurepowershell-interactive
-Remove-AzureRmRoleAssignment -SignInName <sign-in Id of a user you wish to remove> -RoleDefinitionName 'Automation Operator' -Scope '/subscriptions/<SubscriptionID>/resourcegroups/<Resource Group Name>/Providers/Microsoft.Automation/automationAccounts/<Automation account name>'
+Remove-AzRoleAssignment -SignInName <sign-in Id of a user you wish to remove> -RoleDefinitionName 'Automation Operator' -Scope '/subscriptions/<SubscriptionID>/resourcegroups/<Resource Group Name>/Providers/Microsoft.Automation/automationAccounts/<Automation account name>'
 ```
 
-In the preceding examples, replace "sign-in ID of a user you wish to remove", "SubscriptionID", "Resource Group Name", and Automation account name" with your account details. Choose **yes** when prompted to confirm before continuing to remove user role assignments.
+In the preceding example, replace `sign-in ID of a user you wish to remove`, `SubscriptionID`, `Resource Group Name`, and `Automation account name` with your account details. Choose **yes** when prompted to confirm before continuing to remove user role assignments.
 
-### User experience for Automation operator role - Automation account
+### User experience for Automation Operator role - Automation account
 
 When a user assigned to the Automation Operator role on the Automation account scope views the Automation account to which he/she is assigned, the user can only view the list of runbooks, runbook jobs, and schedules created in the Automation account. This user cannot view the definitions of these items. The user can start, stop, suspend, resume, or schedule the runbook job. However, the user does not have access to other Automation resources, such as configurations, hybrid worker groups, or DSC nodes.
 
 ![No access to resources](media/automation-role-based-access-control/automation-10-no-access-to-resources.png)
 
 ## Configure RBAC for runbooks
 
-Azure Automation allows you to assign RBAC to specific runbooks. To do this, run the following script to add a user to a specific runbook. An Automation Account Admin or a Tenant Admin can run this script.
+Azure Automation allows you to assign RBAC to specific runbooks. To do this, run the following script to add a user to a specific runbook. An Automation Account Administrator or a Tenant Administrator can run this script.
 
 ```azurepowershell-interactive
 $rgName = "<Resource Group Name>" # Resource Group name for the Automation account
@@ -395,19 +398,19 @@ $rbName = "<Name of Runbook>" # Name of the runbook
 $userId = "<User ObjectId>" # Azure Active Directory (AAD) user's ObjectId from the directory
 
 # Gets the Automation account resource
-$aa = Get-AzureRmResource -ResourceGroupName $rgName -ResourceType "Microsoft.Automation/automationAccounts" -ResourceName $automationAccountName
+$aa = Get-AzResource -ResourceGroupName $rgName -ResourceType "Microsoft.Automation/automationAccounts" -ResourceName $automationAccountName
 
 # Get the Runbook resource
-$rb = Get-AzureRmResource -ResourceGroupName $rgName -ResourceType "Microsoft.Automation/automationAccounts/runbooks" -ResourceName "$automationAccountName/$rbName"
+$rb = Get-AzResource -ResourceGroupName $rgName -ResourceType "Microsoft.Automation/automationAccounts/runbooks" -ResourceName "$automationAccountName/$rbName"
 
 # The Automation Job Operator role only needs to be run once per user.
-New-AzureRmRoleAssignment -ObjectId $userId -RoleDefinitionName "Automation Job Operator" -Scope $aa.ResourceId
+New-AzRoleAssignment -ObjectId $userId -RoleDefinitionName "Automation Job Operator" -Scope $aa.ResourceId
 
 # Adds the user to the Automation Runbook Operator role to the Runbook scope
-New-AzureRmRoleAssignment -ObjectId $userId -RoleDefinitionName "Automation Runbook Operator" -Scope $rb.ResourceId
+New-AzRoleAssignment -ObjectId $userId -RoleDefinitionName "Automation Runbook Operator" -Scope $rb.ResourceId
 ```
 
-Once the script has run, have the user log in to the Azure portal and view **All Resources**. In the list, the user can see the runbook for which he/she has been added as an Automation Runbook Operator.
+Once the script has run, have the user log in to the Azure portal and select **All Resources**. In the list, the user can see the runbook for which he/she has been added as an Automation Runbook Operator.
 
 ![Runbook RBAC in the portal](./media/automation-role-based-access-control/runbook-rbac.png)