fixes

tfitzmac · tfitzmac · commit 473c426ff4d6 · 2019-06-03T11:46:46.000-07:00
diff --git a/articles/managed-applications/approve-just-in-time-access.md b/articles/managed-applications/approve-just-in-time-access.md
@@ -1,13 +1,13 @@
 ---
-title: Approve just-in-time access for Azure Managed Applications
+title: Configure and approve just-in-time access for Azure Managed Applications
 description: Describes how consumers of Azure Managed Applications approve requests for just-in-time access to a managed application.
 author: MSEvanhi
 ms.service: managed-applications
 ms.topic: conceptual
-ms.date: 05/31/2019
+ms.date: 06/03/2019
 ms.author: evanhi
 ---
-# Approve just-in-time access for Azure Managed Applications
+# Configure and approve just-in-time access for Azure Managed Applications
 
 As a consumer of a managed application, you might not be comfortable giving the publisher permanent access to the managed resource group. To give you greater control over granting access to managed resources, Azure Managed Applications provides a feature called just-in-time (JIT) access, which is currently in preview. It enables you to approve when and for how long the publisher has access to the resource group. The publisher can make required updates during that time, but when that time is over, the publisher's access expires.
 
@@ -38,7 +38,7 @@ This article focuses on the actions consumers take to enable JIT access and appr
 
    ![Configure access](./media/approve-just-in-time-access/configure-jit-access.png)
 
-   You can only enable JIT access during deployment. If you select **No**, you can't enable it later.
+   You can only enable JIT access during deployment. If you select **No**, the publisher gets permanent access to the managed resource group. You can't enable JIT access later.
 
 1. To change the default approval settings, select **Customize JIT Configuration**.
 
@@ -74,7 +74,7 @@ To change the settings for a deployed managed application:
 
 ## Approve requests
 
-When the publisher requests access, you're notified of the request. You can approve JIT access requests either directly through the managed application, or across all managed applications through the Azure AD Privileged Identity Management service.
+When the publisher requests access, you're notified of the request. You can approve JIT access requests either directly through the managed application, or across all managed applications through the Azure AD Privileged Identity Management service. To use just-in-time access, you must have a [Azure Active Directory P2 license](../active-directory/privileged-identity-management/subscription-requirements.md).
 
 To approve requests through the managed application:
 
diff --git a/articles/managed-applications/overview.md b/articles/managed-applications/overview.md
@@ -46,7 +46,7 @@ For information about publishing a managed application to the Marketplace, see [
 
 ## Resource groups for managed applications
 
-Typically, the resources for a managed application are in two resource groups. The consumer manages one resource group, and the publisher manages the other resource group. When defining the managed application, the publisher specifies the levels of access. The published can request either a permanent role assignment, or [just-in-time access](request-just-in-time-access.md) for an assignment that is constrained to a time period.
+Typically, the resources for a managed application are in two resource groups. The consumer manages one resource group, and the publisher manages the other resource group. When defining the managed application, the publisher specifies the levels of access. The publisher can request either a permanent role assignment, or [just-in-time access](request-just-in-time-access.md) for an assignment that is constrained to a time period.
 
 Restricting access for [data operations](../role-based-access-control/role-definitions.md) is currently not supported for all data providers in Azure.
 
diff --git a/articles/managed-applications/request-just-in-time-access.md b/articles/managed-applications/request-just-in-time-access.md
@@ -1,13 +1,13 @@
 ---
-title: Request just-in-time access for Azure Managed Applications
+title: Enable and request just-in-time access for Azure Managed Applications
 description: Describes how publishers of Azure Managed Applications request just-in-time access to a managed application.
 author: MSEvanhi
 ms.service: managed-applications
 ms.topic: conceptual
-ms.date: 05/31/2019
+ms.date: 06/03/2019
 ms.author: evanhi
 ---
-# Request just-in-time access for Azure Managed Applications
+# Enable and request just-in-time access for Azure Managed Applications
 
 Consumers of your managed application may be reluctant to grant you permanent access to the managed resource group. As a publisher of a manager application, you might prefer that consumers know exactly when you need to access the managed resources. To give consumers greater control over granting access to managed resources, Azure Managed Applications provides a feature called just-in-time (JIT) access, which is currently in preview.
 
@@ -40,7 +40,7 @@ In "steps":
     "name": "jitConfiguration",
     "label": "JIT Configuration",
     "subLabel": {
-        "preValidation": "Configure JIT settings for you application",
+        "preValidation": "Configure JIT settings for your application",
         "postValidation": "Done"
     },
     "bladeTitle": "JIT Configuration",
