Preview, link, screenshot updates

Author: rolyon

articles/role-based-access-control/media/role-assignments-list-portal/sub-access-control-role-assignments-eligible.png

@@ -54,7 +54,7 @@ If you want to see which users are using the PIM funcationality, here are option
 
     You can group and sort by **State**, and look for role assignments that aren't the **Active permanent** type.
 
-    :::image type="content" source="./media/role-assignments-list-portal/sub-access-control-role-assignments-eligible.png" alt-text="Screenshot of Access control and Active assignments and Eligible assignments tabs." lightbox="./media/role-assignments-list-portal/sub-access-control-role-assignments-eligible.png":::
+    :::image type="content" source="./media/shared/sub-access-control-role-assignments-eligible.png" alt-text="Screenshot of Access control and Active assignments and Eligible assignments tabs." lightbox="./media/shared/sub-access-control-role-assignments-eligible.png":::
 
 ### Option 2: List using PowerShell
 
@@ -87,7 +87,7 @@ If your organization has process or compliance reasons to limit the use of PIM,
 
     For more information, see [Edit assignment](role-assignments-portal.yml#edit-assignment-(preview)).
 
-    :::image type="content" source="./media/role-assignments-portal/assignment-type-edit.png" alt-text="Screenshot of Edit assignment pane with Assignment type options displayed." lightbox="./media/role-assignments-portal/assignment-type-edit.png":::
+    :::image type="content" source="./media/shared/assignment-type-edit.png" alt-text="Screenshot of Edit assignment pane with Assignment type options displayed." lightbox="./media/shared/assignment-type-edit.png":::
 
 1. When finished, select **Save**.
 

articles/role-based-access-control/media/role-assignments-portal/assignment-type-edit.png renamed to articles/role-based-access-control/media/shared/assignment-type-edit.png

@@ -1,19 +1,15 @@
 ---
-title: Activate eligible Azure role assignments (Preview) - Azure RBAC
+title: Activate eligible Azure role assignments - Azure RBAC
 description: Learn how to activate eligible Azure role assignments in Azure role-based access control (Azure RBAC) using the Azure portal.
 author: rolyon
 manager: amycolannino
 ms.service: role-based-access-control
 ms.topic: how-to
-ms.date: 06/27/2024
+ms.date: 11/11/2024
 ms.author: rolyon
 ---
 
-# Activate eligible Azure role assignments (Preview)
-
-> [!IMPORTANT]
-> Azure role assignment integration with Privileged Identity Management is currently in PREVIEW.
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+# Activate eligible Azure role assignments
 
 Eligible Azure role assignments provide just-in-time access to a role for a limited period of time. Microsoft Entra Privileged Identity Management (PIM) role activation has been integrated into the Access control (IAM) page in the Azure portal. If you have been made eligible for an Azure role, you can activate that role using the Azure portal. This capability is being deployed in stages, so it might not be available yet in your tenant or your interface might look different.
 
@@ -73,5 +69,5 @@ These steps describe how to activate an eligible role assignment using the Azure
 
 ## Next steps
 
-- [Integration with Privileged Identity Management (Preview)](./role-assignments.md#integration-with-privileged-identity-management-preview)
+- [Eligible and time-bound role assignments in Azure RBAC](./pim-integration.md)
 - [Activate my Azure resource roles in Privileged Identity Management](/entra/id-governance/privileged-identity-management/pim-resource-roles-activate-your-roles)

articles/role-based-access-control/media/shared/sub-access-control-role-assignments-eligible.png

@@ -112,7 +112,7 @@ procedureSection:
 
         If you have a Microsoft Entra ID P2 or Microsoft Entra ID Governance license, your **Role assignments** tab is similar to the following screenshot for management group, subscription, and resource group scopes. This capability is being deployed in stages, so it might not be available yet in your tenant or your interface might look different.
 
-        :::image type="content" source="./media/role-assignments-list-portal/sub-access-control-role-assignments-eligible.png" alt-text="Screenshot of Access control and Active assignments and Eligible assignments tabs." lightbox="./media/role-assignments-list-portal/sub-access-control-role-assignments-eligible.png":::
+        :::image type="content" source="./media/shared/sub-access-control-role-assignments-eligible.png" alt-text="Screenshot of Access control and Active assignments and Eligible assignments tabs." lightbox="./media/shared/sub-access-control-role-assignments-eligible.png":::
 
         You see a **State** column with one of the following states:
 

articles/role-based-access-control/pim-integration.md

@@ -6,7 +6,7 @@ metadata:
   author: rolyon
   ms.author: rolyon
   manager: amycolannino
-  ms.date: 08/30/2024
+  ms.date: 11/11/2024
   ms.service: role-based-access-control
   ms.topic: how-to
   ms.custom:
@@ -167,13 +167,9 @@ procedureSection:
         Follow the steps in [Add or edit Azure role assignment conditions](conditions-role-assignments-portal.md#step-3-review-basics).
 
   - title: |
-      Step 6: Select assignment type (Preview)
+      Step 6: Select assignment type
     summary: |
-      > [!IMPORTANT]
-      > Azure role assignment integration with Privileged Identity Management is currently in PREVIEW.
-      > See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
-
-      If you have a Microsoft Entra ID P2 or Microsoft Entra ID Governance license, an **Assignment type** tab will appear for management group, subscription, and resource group scopes. Use eligible assignments to provide just-in-time access to a role. This capability is being deployed in stages, so it might not be available yet in your tenant or your interface might look different. For more information, see [Integration with Privileged Identity Management (Preview)](./role-assignments.md#integration-with-privileged-identity-management-preview).
+      If you have a Microsoft Entra ID P2 or Microsoft Entra ID Governance license, an **Assignment type** tab will appear for management group, subscription, and resource group scopes. Use eligible assignments to provide just-in-time access to a role. This capability is being deployed in stages, so it might not be available yet in your tenant or your interface might look different. For more information, see [Eligible and time-bound role assignments in Azure RBAC](././pim-integration.md).
 
       If you don't want to use the PIM functionality, select the **Active** assignment type and **Permanent** assignment duration options. These settings create a role assignment where the principal always has permissions in the role. 
     steps:
@@ -222,13 +218,9 @@ procedureSection:
         If you don't see the description for the role assignment, click **Edit columns** to add the **Description** column.
 
   - title: |
-      Edit assignment (Preview)
+      Edit assignment
     summary: |
-      > [!IMPORTANT]
-      > Azure role assignment integration with Privileged Identity Management is currently in PREVIEW.
-      > See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
-
-      If you have a Microsoft Entra ID P2 or Microsoft Entra ID Governance license, you can edit your role assignment type settings. For more information, see [Integration with Privileged Identity Management (Preview)](./role-assignments.md#integration-with-privileged-identity-management-preview).
+      If you have a Microsoft Entra ID P2 or Microsoft Entra ID Governance license, you can edit your role assignment type settings. For more information, see [Eligible and time-bound role assignments in Azure RBAC](./pim-integration.md).
     steps:
       - |
         On the **Access control (IAM)** page, click the **Role assignments** tab to view the role assignments at this scope.
@@ -241,7 +233,7 @@ procedureSection:
 
         The **Edit assignment** pane appears where you can update the role assignment type settings. The pane might take a few moments to open.
 
-        :::image type="content" source="./media/role-assignments-portal/assignment-type-edit.png" alt-text="Screenshot of Edit assignment pane with Assignment type options displayed." lightbox="./media/role-assignments-portal/assignment-type-edit.png":::
+        :::image type="content" source="./media/shared/assignment-type-edit.png" alt-text="Screenshot of Edit assignment pane with Assignment type options displayed." lightbox="./media/shared/assignment-type-edit.png":::
       - |
         When finished, click **Save**.
 

articles/role-based-access-control/role-assignments-eligible-activate.md

@@ -4,7 +4,7 @@ description: Learn about Azure role assignments in Azure role-based access contr
 author: rolyon
 ms.service: role-based-access-control
 ms.topic: conceptual
-ms.date: 08/30/2024
+ms.date: 11/11/2024
 ms.author: rolyon
 ---
 # Understand Azure role assignments
@@ -148,37 +148,8 @@ The preceding condition allows users to read blobs with a blob index tag key of
 
 For more information about conditions, see [What is Azure attribute-based access control (Azure ABAC)?](conditions-overview.md)
 
-## Integration with Privileged Identity Management (Preview)
-
-> [!IMPORTANT]
-> Azure role assignment integration with Privileged Identity Management is currently in PREVIEW.
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
-
-If you have a Microsoft Entra ID P2 or Microsoft Entra ID Governance license, [Microsoft Entra Privileged Identity Management (PIM)](/entra/id-governance/privileged-identity-management/pim-configure) is integrated into role assignment steps. For example, you can assign roles to users for a limited period of time. You can also make users eligible for role assignments so that they must activate to use the role, such as request approval. Eligible role assignments provide just-in-time access to a role for a limited period of time. You can't create eligible role assignments for applications, service principals, or managed identities because they can't perform the activation steps. You can create eligible role assignments at management group, subscription, and resource group scope, but not at resource scope. This capability is being deployed in stages, so it might not be available yet in your tenant or your interface might look different.
-
-The assignment type options available to you might vary depending or your PIM policy. For example, PIM policy defines whether permanent assignments can be created, maximum duration for time-bound assignments, roles activations requirements (approval, multifactor authentication, or Conditional Access authentication context), and other settings. For more information, see [Configure Azure resource role settings in Privileged Identity Management](/entra/id-governance/privileged-identity-management/pim-resource-roles-configure-role-settings).
-
-If you don't want to use the PIM functionality, select the **Active** assignment type and **Permanent** assignment duration options. These settings create a role assignment where the principal always has permissions in the role. 
-
-:::image type="content" source="./media/shared/assignment-type-eligible.png" alt-text="Screenshot of Add role assignment with Assignment type options displayed." lightbox="./media/shared/assignment-type-eligible.png":::
-
-To better understand PIM, you should review the following terms.
-
-| Term or concept | Role assignment category | Description |
-| --- | --- | --- |
-| eligible | Type | A role assignment that requires a user to perform one or more actions to use the role. If a user has been made eligible for a role, that means they can activate the role when they need to perform privileged tasks. There's no difference in the access given to someone with a permanent versus an eligible role assignment. The only difference is that some people don't need that access all the time. |
-| active | Type | A role assignment that doesn't require a user to perform any action to use the role. Users assigned as active have the privileges assigned to the role. |
-| activate |  | The process of performing one or more actions to use a role that a user is eligible for. Actions might include performing a multifactor authentication (MFA) check, providing a business justification, or requesting approval from designated approvers. |
-| permanent eligible | Duration | A role assignment where a user is always eligible to activate the role. |
-| permanent active | Duration | A role assignment where a user can always use the role without performing any actions. |
-| time-bound eligible | Duration | A role assignment where a user is eligible to activate the role only within start and end dates. |
-| time-bound active | Duration | A role assignment where a user can use the role only within start and end dates. |
-| just-in-time (JIT) access |  | A model in which users receive temporary permissions to perform privileged tasks, which prevents malicious or unauthorized users from gaining access after the permissions have expired. Access is granted only when users need it. |
-| principle of least privilege access |  | A recommended security practice in which every user is provided with only the minimum privileges needed to accomplish the tasks they're authorized to perform. This practice minimizes the number of Global Administrators and instead uses specific administrator roles for certain scenarios. |
-
-For more information, see [What is Microsoft Entra Privileged Identity Management?](/entra/id-governance/privileged-identity-management/pim-configure).
-
 ## Next steps
 
 - [Delegate Azure access management to others](delegate-role-assignments-overview.md)
 - [Steps to assign an Azure role](role-assignments-steps.md)
+- [Eligible and time-bound role assignments in Azure RBAC](./pim-integration.md)