Merge pull request #103423 from curtand/pim0205

GitHubber17 · web-flow · commit 301a6fb74dbe · 2020-02-05T12:55:30.000-08:00
[Azure AD PIM] remove references to group role assignments
diff --git a/articles/active-directory/privileged-identity-management/TOC.yml b/articles/active-directory/privileged-identity-management/TOC.yml
@@ -67,7 +67,7 @@
         href: azure-ad-custom-roles-configure.md
     - name: View audit history
       href: pim-how-to-use-audit-log.md
-  - name: Manage Azure resource roles
+  - name: Manage Azure roles
     items:
     - name: Assign roles
       href: pim-resource-roles-assign-roles.md
@@ -97,7 +97,7 @@
         href: pim-how-to-perform-security-review.md
       - name: Complete an access review
         href: pim-how-to-complete-review.md
-    - name: Azure resource roles
+    - name: Azure roles
       items:
       - name: Create an access review
         href: pim-resource-roles-start-access-review.md
diff --git a/articles/active-directory/privileged-identity-management/media/pim-resource-roles-assign-roles/resources-membership-settings-type.png b/articles/active-directory/privileged-identity-management/media/pim-resource-roles-assign-roles/resources-membership-settings-type.png
diff --git a/articles/active-directory/privileged-identity-management/pim-how-to-add-role-to-user.md b/articles/active-directory/privileged-identity-management/pim-how-to-add-role-to-user.md
@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.topic: conceptual
 ms.workload: identity
 ms.subservice: pim
-ms.date: 09/17/2019
+ms.date: 01/05/2020
 ms.author: curtand
 ms.collection: M365-identity-device-management
 ---
@@ -19,7 +19,7 @@ ms.collection: M365-identity-device-management
 
 With Azure Active Directory (Azure AD), a Global administrator can make **permanent** Azure AD admin role assignments. These role assignments can be created using the [Azure portal](../users-groups-roles/directory-assign-admin-roles.md) or using [PowerShell commands](/powershell/module/azuread#directory_roles).
 
-The Azure AD Privileged Identity Management (PIM) service also allows Privileged Role Administrators to make permanent admin role assignments. Additionally, Privileged Role Administrators can make users **eligible** for Azure AD admin roles. An eligible administrator can activate the role when they need it, and then their permissions expire once they're done.
+The Azure AD Privileged Identity Management (PIM) service also allows Privileged role administrators to make permanent admin role assignments. Additionally, Privileged role administrators can make users **eligible** for Azure AD admin roles. An eligible administrator can activate the role when they need it, and then their permissions expire once they're done.
 
 ## Determine your version of PIM
 
@@ -56,19 +56,9 @@ Follow these steps to make a user eligible for an Azure AD admin role.
 
 1. Select a role you want to assign and then click **Select**.
 
-    The **Select a member or group** page opens.
+1. Select a member to whom you want to assign to the role and then select **Select**.
 
-1. Select a member or group you want to assign to the role and then select **Select**.
-
-    ![Select a member or group pane](./media/pim-resource-roles-assign-roles/resources-select-member-or-group.png)
-
-    The Membership settings pane opens.
-
-1. In the **Assignment type** list, select **Eligible** or **Active**.
-
-    ![Memberships settings pane](./media/pim-resource-roles-assign-roles/resources-membership-settings-type.png)
-
-    Privileged Identity Management for Azure resources provides two distinct assignment types:
+1. In the **Assignment type** list on the **Membership settings** pane, select **Eligible** or **Active**.
 
     - **Eligible** assignments require the member of the role to perform an action to use the role. Actions might include performing a multi-factor authentication (MFA) check, providing a business justification, or requesting approval from designated approvers.
 
@@ -78,14 +68,10 @@ Follow these steps to make a user eligible for an Azure AD admin role.
 
     Depending on the role settings, the check box might not appear or might be unmodifiable.
 
-1. To specify a specific assignment duration, clear the check box and modify the start and/or end date and time boxes.
+1. To specify a specific assignment duration, clear the check box and modify the start and/or end date and time boxes. When finished, select **Done**.
 
     ![Memberships settings - date and time](./media/pim-resource-roles-assign-roles/resources-membership-settings-date.png)
 
-1. When finished, select **Done**.
-
-    ![New assignment - Add](./media/pim-resource-roles-assign-roles/resources-new-assignment-add.png)
-
 1. To create the new role assignment, select **Add**. A notification of the status is displayed.
 
     ![New assignment - Notification](./media/pim-resource-roles-assign-roles/resources-new-assignment-notification.png)
diff --git a/articles/active-directory/privileged-identity-management/pim-how-to-change-default-settings.md b/articles/active-directory/privileged-identity-management/pim-how-to-change-default-settings.md
@@ -11,7 +11,7 @@ ms.service: active-directory
 ms.topic: conceptual
 ms.workload: identity
 ms.subservice: pim
-ms.date: 11/13/2019
+ms.date: 02/05/2020
 ms.author: curtand
 ms.custom: pim
 ms.collection: M365-identity-device-management
@@ -38,12 +38,8 @@ Follow the steps in this article to approve or deny requests for Azure AD roles.
 Follow these steps to open the settings for an Azure AD role.
 
 1. Sign in to [Azure portal](https://portal.azure.com/) with a user in the [Privileged Role Administrator](../users-groups-roles/directory-assign-admin-roles.md#privileged-role-administrator) role.
-
-1. Open **Azure AD Privileged Identity Management**.
-
-1. Select **Azure AD roles**.
-
-1. Select **Role settings**.
+gt
+1. Open **Azure AD Privileged Identity Management** &gt; **Azure AD roles** &gt; **Role settings**.
 
     ![Role settings page listing Azure resource roles](./media/pim-resource-roles-configure-role-settings/resources-role-settings.png)
 
@@ -84,7 +80,7 @@ Privileged Identity Management provides optional enforcement of Azure Multi-Fact
 
 ### Require Multi-Factor Authentication on active assignment
 
-In some cases, you might want to assign a user or group to a role for a short duration (one day, for example). In this case, the assigned users don't need to request activation. In this scenario, Privileged Identity Management can't enforce multi-factor authentication when the user uses their role assignment because they are already active in the role from the time that it is assigned.
+In some cases, you might want to assign a user to a role for a short duration (one day, for example). In this case, the assigned users don't need to request activation. In this scenario, Privileged Identity Management can't enforce multi-factor authentication when the user uses their role assignment because they are already active in the role from the time that it is assigned.
 
 To ensure that the resource administrator fulfilling the assignment is who they say they are, you can enforce multi-factor authentication on active assignment by checking the **Require Multi-Factor Authentication on active assignment** box.
 
@@ -110,11 +106,11 @@ If you want to require approval to activate a role, follow these steps.
 
 1. Check the **Require approval to activate** check box.
 
-1. Select **Select approvers** to open the **Select a member or group** page.
+1. Select **Select approvers**.
 
     ![Select a user or group pane to select approvers](./media/pim-resource-roles-configure-role-settings/resources-role-settings-select-approvers.png)
 
-1. Select at least one user or group and then click **Select**. You can add any combination of users and groups. You must select at least one approver. There are no default approvers.
+1. Select at least one user and then click **Select**. You must select at least one approver. There are no default approvers.
 
     Your selections will appear in the list of selected approvers.
 
@@ -203,7 +199,7 @@ If you want to delegate the required approval to activate a role, follow these s
 
     ![Azure AD roles - Settings - Require approval](./media/pim-how-to-change-default-settings/pim-directory-roles-settings-require-approval-select-approvers.png)
 
-1. Select one or more approvers in addition to the Privileged role administrator and then click **Select**. You can select users or groups. We recommend that you add at least two approvers. Even if you add yourself as an approver, you can't self-approve a role activation. Your selections will appear in the list of selected approvers.
+1. Select one or more approvers in addition to the Privileged role administrator and then click **Select**. We recommend that you add at least two approvers. Even if you add yourself as an approver, you can't self-approve a role activation. Your selections will appear in the list of selected approvers.
 
 1. After you have specified your all your role settings, select **Save** to save your changes.
 
