Remove Preview tags from DenyAction

Author: timwarner-msft

articles/governance/policy/concepts/effects.md

@@ -2,7 +2,7 @@
 title: Understand how effects work
 description: Azure Policy definitions have various effects that determine how compliance is managed and reported.
 author: timwarner-msft
-ms.date: 10/20/2022
+ms.date: 01/06/2023
 ms.topic: conceptual
 ms.author: timwarner
 ---
@@ -18,7 +18,7 @@ These effects are currently supported in a policy definition:
 - [Audit](#audit)
 - [AuditIfNotExists](#auditifnotexists)
 - [Deny](#deny)
-- [DenyAction (preview)](#denyaction-preview)
+- [DenyAction](#denyaction)
 - [DeployIfNotExists](#deployifnotexists)
 - [Disabled](#disabled)
 - [Manual (preview)](#manual-preview)
@@ -51,10 +51,10 @@ manages the evaluation and outcome and reports the results back to Azure Policy.
   Resource Manager mode.
 - **Deny** is then evaluated. By evaluating deny before audit, double logging of an undesired
   resource is prevented.
-- **Audit** is evaluated. 
-- **Manual** is evaluated. 
-- **AuditIfNotExists** is evaluated. 
-- **denyAction** is evaluated last. 
+- **Audit** is evaluated.
+- **Manual** is evaluated.
+- **AuditIfNotExists** is evaluated.
+- **denyAction** is evaluated last.
 
 After the Resource Provider returns a success code on a Resource Manager mode request,
 **AuditIfNotExists** and **DeployIfNotExists** evaluate to determine whether additional compliance
@@ -453,28 +453,25 @@ location of the Constraint template to use in Kubernetes to limit the allowed co
     }
 }
 ```
-## DenyAction (preview)
+## DenyAction
 
 `DenyAction` is used to block requests on intended action to resources. The only supported action today is `DELETE`. This effect will help prevent any accidental deletion of critical resources.
 
 ### DenyAction evaluation
 
 When a request call with an applicable action name and targeted scope is submitted, `denyAction` prevents the request from succeeding. The request is returned as a `403 (Forbidden)`. In the portal, the Forbidden can be viewed as a status on the deployment that was prevented by the policy
-assignment. 
+assignment.
 
-`Microsoft.Authorization/policyAssignments`, `Microsoft.Authorization/denyAssignments`, `Microsoft.Blueprint/blueprintAssignments`, `Microsoft.Resources/deploymentStacks`, and `Microsoft.Authorization/locks` are all exempt from DenyAction enforcement to prevent lockout scenarios. 
-
-> [!NOTE]
-> Under preview, assignments with `denyAction` effect will show a `Not Started` compliance state.
+`Microsoft.Authorization/policyAssignments`, `Microsoft.Authorization/denyAssignments`, `Microsoft.Blueprint/blueprintAssignments`, `Microsoft.Resources/deploymentStacks`, and `Microsoft.Authorization/locks` are all exempt from DenyAction enforcement to prevent lockout scenarios.
 
 #### Subscription deletion
-Policy won't block removal of resources that happens during a subscription deletion. 
+Policy won't block removal of resources that happens during a subscription deletion.
 
-#### Resource group deletion 
-Policy will evaluate resources that support location and tags against `DenyAction` policies during a resource group deletion. Only policies that have the `cascadeBehaviors` set to `deny` in the policy rule will block a resource group deletion. Policy won't block removal of resources that don't support location and tags nor any policy with `mode:all`. 
+#### Resource group deletion
+Policy will evaluate resources that support location and tags against `DenyAction` policies during a resource group deletion. Only policies that have the `cascadeBehaviors` set to `deny` in the policy rule will block a resource group deletion. Policy won't block removal of resources that don't support location and tags nor any policy with `mode:all`.
 
 #### Cascade deletion
-Cascade deletion occurs when deleting of a parent resource is implicitly deletes all its child resources. Policy won't block removal of child resources when a delete action targets the parent resources. For example, `Microsoft.Insights/diagnosticSettings` is a child resource of `Microsoft.Storage/storageaccounts`. If a `denyAction` policy targets `Microsoft.Insights/diagnosticSettings`, a delete call to the diagnostic setting (child) will fail, but a delete to the storage account (parent) will implicitly delete the diagnostic setting (child). 
+Cascade deletion occurs when deleting of a parent resource is implicitly deletes all its child resources. Policy won't block removal of child resources when a delete action targets the parent resources. For example, `Microsoft.Insights/diagnosticSettings` is a child resource of `Microsoft.Storage/storageaccounts`. If a `denyAction` policy targets `Microsoft.Insights/diagnosticSettings`, a delete call to the diagnostic setting (child) will fail, but a delete to the storage account (parent) will implicitly delete the diagnostic setting (child).
 
 [!INCLUDE [policy-denyAction](../../../../includes/azure-policy-deny-action.md)]
 
@@ -483,16 +480,16 @@ Cascade deletion occurs when deleting of a parent resource is implicitly deletes
 The **details** property of the DenyAction effect has all the subproperties that define the action and behaviors.
 
 - **actionNames** (required)
-  - An _array_  that specifies what actions to prevent from being executed. 
-  - Supported action names are: `delete`. 
+  - An _array_  that specifies what actions to prevent from being executed.
+  - Supported action names are: `delete`.
 - **cascadeBehaviors** (optional)
-  - An _object_ that defines what behavior will be followed when the resource is being implicitly deleted by the removal of a resource group. 
+  - An _object_ that defines what behavior will be followed when the resource is being implicitly deleted by the removal of a resource group.
   - Only supported in policy definitions with [mode](./definition-structure.md#resource-manager-modes) set to `indexed`.
-  - Allowed values are `allow` or `deny`. 
-  - Default value is `deny`. 
+  - Allowed values are `allow` or `deny`.
+  - Default value is `deny`.
 
 ### DenyAction example
-Example: Deny any delete calls targeting database accounts that have a tag environment that equals prod. Since cascade behavior is set to deny, block any DELETE call that targets a resource group with an applicable database account. 
+Example: Deny any delete calls targeting database accounts that have a tag environment that equals prod. Since cascade behavior is set to deny, block any DELETE call that targets a resource group with an applicable database account.
 
 ```json
 {

articles/governance/policy/concepts/evaluate-impact.md

@@ -12,7 +12,7 @@ reviews the request. When the policy definition effect is [Modify](./effects.md#
 [Append](./effects.md#deny), or [DeployIfNotExists](./effects.md#deployifnotexists), Policy alters
 the request or adds to it. When the policy definition effect is [Audit](./effects.md#audit) or
 [AuditIfNotExists](./effects.md#auditifnotexists), Policy causes an Activity log entry to be created
-for new and updated resources. And when the policy definition effect is [Deny](./effects.md#deny) or [DenyAction](./effects.md#denyaction-preview), Policy stops the creation or alteration of the request.
+for new and updated resources. And when the policy definition effect is [Deny](./effects.md#deny) or [DenyAction](./effects.md#denyaction), Policy stops the creation or alteration of the request.
 
 These outcomes are exactly as desired when you know the policy is defined correctly. However, it's
 important to validate a new policy works as intended before allowing it to change or block work. The