Merge pull request #208059 from weznagwama/new-data-collector-ui

Stacyrch140 · web-flow · commit 4a88f6c6e32b · 2022-08-22T23:09:00.000-04:00
UI changes added for onbaording authorization systems for Azure and GCP
diff --git a/articles/active-directory/cloud-infrastructure-entitlement-management/onboard-azure.md b/articles/active-directory/cloud-infrastructure-entitlement-management/onboard-azure.md
@@ -13,7 +13,7 @@ ms.author: kenwith
 
 # Onboard a Microsoft Azure subscription
 
-This article describes how to onboard a Microsoft Azure subscription or subscriptions on Permissions Management (Permissions Management). Onboarding a subscription creates a new authorization system to represent the Azure subscription in Permissions Management.
+This article describes how to onboard a Microsoft Azure subscription or subscriptions on Permissions Management. Onboarding a subscription creates a new authorization system to represent the Azure subscription in Permissions Management.
 
 > [!NOTE]
 > A *global administrator* or *super admin* (an admin for all authorization system types) can perform the tasks in this article after the global administrator has initially completed the steps provided in [Enable Permissions Management on your Azure Active Directory tenant](onboard-enable-tenant.md).
@@ -28,7 +28,7 @@ To add Permissions Management to your Azure AD tenant:
 
 1. If the **Data Collectors** dashboard isn't displayed when Permissions Management launches:
 
-    - In the Permissions Management home page, select **Settings** (the gear icon), and then select the **Data Collectors** subtab.
+    - In the Permissions Management home page, select **Settings** (the gear icon, top right), and then select the **Data Collectors** subtab.
 
 1. On the **Data Collectors** dashboard, select **Azure**, and then select **Create Configuration**.
 
@@ -38,19 +38,22 @@ Choose from 3 options to manage Azure subscriptions.
 
 #### Option 1: Automatically manage 
 
-This option allows subscriptions to be automatically detected and monitored without additional configuration. Steps to detect list of subscriptions and onboard for collection:  
+This option allows subscriptions to be automatically detected and monitored without extra configuration.A key benefit of automatic management is that any current or future subscriptions found get onboarded automatically. Steps to detect list of subscriptions and onboard for collection:  
 
-- Grant Reader role to Cloud Infrastructure Entitlement Management application at management group or subscription scope.  
+- Firstly, grant Reader role to Cloud Infrastructure Entitlement Management application at management group or subscription scope.  
 
-Any current or future subscriptions found get onboarded automatically. 
-
- To view status of onboarding after saving the configuration: 
-
-1. In the MEPM portal, click the cog on the top right-hand side.  
-1. Navigate to data collectors tab.  
+1. In the EPM portal, left-click the cog on the top right-hand side.  
+1. Navigate to data collectors tab  
+1. Ensure 'Azure' is selected
 1. Click ‘Create Configuration’ 
 1. For onboarding mode, select ‘Automatically Manage’ 
-1. Click ‘Verify Now & Save’ 
+
+The steps listed on the screen outline how to create the role assignment for the Cloud Infrastructure Entitlements Management application. This can be performed manually in the Entra console, or programatically with PowerShell or the Azure CLI.
+
+Lastly, Click ‘Verify Now & Save’ 
+
+To view status of onboarding after saving the configuration: 
+
 1. Collectors will now be listed and change through status types. For each collector listed with a status of “Collected Inventory”, click on that status to view further information. 
 1. You can then view subscriptions on the In Progress page 
 
@@ -59,8 +62,9 @@ Any current or future subscriptions found get onboarded automatically.
 You have the ability to specify only certain subscriptions to manage and monitor with MEPM (up to 10 per collector). Follow the steps below to configure these subscriptions to be monitored: 
 
 1. For each subscription you wish to manage, ensure that the ‘Reader’ role has been granted to Cloud Infrastructure Entitlement Management application for this subscription. 
-1. In the MEPM portal, click the cog on the top right-hand side. 
+1. In the EPM portal, click the cog on the top right-hand side. 
 1. Navigate to data collectors tab 
+1. Ensure 'Azure' is selected
 1. Click ‘Create Configuration’ 
 1. Select ‘Enter Authorization Systems’ 
 1. Under the Subscription IDs section, enter a desired subscription ID into the input box. Click the “+” up to 9 additional times, putting a single subscription ID into each respective input box. 
@@ -78,8 +82,20 @@ To view status of onboarding after saving the configuration:
 
 This option detects all subscriptions that are accessible by the Cloud Infrastructure Entitlement Management application.  
 
-1. Grant Reader role to Cloud Infrastructure Entitlement Management application at management group or subscription(s) scope. 
-1. Click Verify and Save. 
+- Firstly, grant Reader role to Cloud Infrastructure Entitlement Management application at management group or subscription scope.  
+
+1. In the EPM portal, click the cog on the top right-hand side.  
+1. Navigate to data collectors tab
+1. Ensure 'Azure' is selected
+1. Click ‘Create Configuration’ 
+1. For onboarding mode, select ‘Automatically Manage’ 
+
+The steps listed on the screen outline how to create the role assignment for the Cloud Infrastructure Entitlements Management application. You can do this manually in the Entra console, or programatically with PowerShell or the Azure CLI.
+
+Lastly, Click ‘Verify Now & Save’ 
+
+To view status of onboarding after saving the configuration: 
+
 1. Navigate to newly create Data Collector row under Azure data collectors. 
 1. Click on Status column when the row has “Pending” status 
 1. To onboard and start collection, choose specific ones subscriptions from the detected list and consent for collection.
diff --git a/articles/active-directory/cloud-infrastructure-entitlement-management/onboard-gcp.md b/articles/active-directory/cloud-infrastructure-entitlement-management/onboard-gcp.md
@@ -48,14 +48,18 @@ Choose from 3 options to manage GCP projects.
 
 This option allows projects to be automatically detected and monitored without additional configuration. Steps to detect list of projects and onboard for collection:  
 
-- Grant Viewer and Security Reviewer role to service account created in previous step at organization, folder or project scope.  
+Firstly, grant Viewer and Security Reviewer role to service account created in previous step at organization, folder or project scope. 
+
+Once done, the steps are listed in the screen to do this manually in the GPC console, or programatically with the gcloud CLI.
+
+Once this has been configured, click next, then 'Verify Now & Save'.
 
 Any current or future projects found get onboarded automatically. 
 
 To view status of onboarding after saving the configuration: 
 
-- Navigate to data collectors tab.  
-- Click on the status of the data collector.  
+- Navigate to data collectors tab
+- Click on the status of the data collector
 - View projects on the In Progress page 
 
 #### Option 2: Enter authorization systems 
@@ -76,11 +80,13 @@ To view status of onboarding after saving the configuration:
 
 This option detects all projects that are accessible by the Cloud Infrastructure Entitlement Management application.  
 
-- Grant Viewer and Security Reviewer role to service account created in previous step at organization, folder or project scope. 
-- Click Verify and Save. 
-- Navigate to newly create Data Collector row under GCP data collectors. 
+- Firstly, grant Viewer and Security Reviewer role to service account created in previous step at organization, folder or project scope
+- Once done, the steps are listed in the screen to do this manually in the GPC console, or programatically with the gcloud CLI
+- Click Next
+- Click 'Verify Now & Save' 
+- Navigate to newly create Data Collector row under GCP data collectors
 - Click on Status column when the row has “Pending” status 
-- To onboard and start collection, choose specific ones from the detected list and consent for collection. 
+- To onboard and start collection, choose specific ones from the detected list and consent for collection
 
 ### 3. Set up GCP member projects.
 
diff --git a/articles/active-directory/cloud-infrastructure-entitlement-management/overview.md b/articles/active-directory/cloud-infrastructure-entitlement-management/overview.md
@@ -32,6 +32,9 @@ Organizations have to consider permissions management as a central piece of thei
 
 Permissions Management  allows customers to address three key use cases: *discover*, *remediate*, and *monitor*.
 
+Permissions Management has been designed in such a way that we recommended your organization sequentially 'step-through' each of the below phases in order to gain insights into permissions across the organization. This is because you generally cannot action what is yet to be discovered, likewise you cannot continually evaluate what is yet to be remediated.
+
+
 ### Discover
 
 Customers can assess permission risks by evaluating the gap between permissions granted and permissions used.
@@ -61,7 +64,7 @@ Permissions Management  deepens Zero Trust security strategies by augmenting the
 - Automate least privilege access: Use access analytics to ensure identities have the right permissions, at the right time.
 - Unify access policies across infrastructure as a service (IaaS) platforms: Implement consistent security policies across your cloud infrastructure.
 
-
+Once your organization has explored and implemented the discover, remediation and monitor phases, you have established one of the core pillars of a modern zero-trust security strategy.
 
 ## Next steps
 
