MicrosoftDocs
diff --git a/‎articles/active-directory/governance/access-reviews-overview.md
Lines changed: 5 additions & 5 deletions b/‎articles/active-directory/governance/access-reviews-overview.md
Lines changed: 5 additions & 5 deletions
diff --git a/‎articles/active-directory/governance/conditional-access-exclusion.md
Lines changed: 18 additions & 18 deletions b/‎articles/active-directory/governance/conditional-access-exclusion.md
Lines changed: 18 additions & 18 deletions
@@ -1,6 +1,6 @@
 ---
 title: What are access reviews? - Microsoft Entra | Microsoft Docs
-description: Using Microsoft Entra access reviews, you can control group membership and application access to meet governance, risk management, and compliance initiatives in your organization.
+description: Using access reviews, you can control group membership and application access to meet governance, risk management, and compliance initiatives in your organization.
 services: active-directory
 documentationcenter: ''
 author: amsliu
@@ -11,7 +11,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.topic: overview
 ms.subservice: compliance
-ms.date: 10/29/2020
+ms.date: 12/27/2022
 ms.author: amsliu
 ms.reviewer: mwahl
 ms.collection: M365-identity-device-management
@@ -20,7 +20,7 @@ ms.custom: contperf-fy21q1
 
 # What are access reviews?
 
-Microsoft Entra access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User's access can be reviewed on a regular basis to make sure only the right people have continued access.
+Access reviews in Azure Active Directory (Azure AD), part of Microsoft Entra, enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User's access can be reviewed regularly to make sure only the right people have continued access.
 
 Here's a video that provides a quick overview of access reviews:
 
@@ -38,7 +38,7 @@ Azure AD enables you to collaborate with users from inside your organization and
 
 ## When should you use access reviews?
 
-- **Too many users in privileged roles:** It's a good idea to check how many users have administrative access, how many of them are Global Administrators, and if there are any invited guests or partners that have not been removed after being assigned to do an administrative task. You can recertify the role assignment users in [Azure AD roles](../privileged-identity-management/pim-perform-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) such as Global Administrators, or [Azure resources roles](../privileged-identity-management/pim-perform-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) such as User Access Administrator in the [Microsoft Entra Privileged Identity Management (PIM)](../privileged-identity-management/pim-configure.md) experience.
+- **Too many users in privileged roles:** It's a good idea to check how many users have administrative access, how many of them are Global Administrators, and if there are any invited guests or partners that haven't been removed after being assigned to do an administrative task. You can recertify the role assignment users in [Azure AD roles](../privileged-identity-management/pim-perform-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) such as Global Administrators, or [Azure resources roles](../privileged-identity-management/pim-perform-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) such as User Access Administrator in the [Microsoft Entra Privileged Identity Management (PIM)](../privileged-identity-management/pim-configure.md) experience.
 - **When automation is not possible:** You can create rules for dynamic membership on security groups or Microsoft 365 Groups, but what if the HR data is not in Azure AD or if users still need access after leaving the group to train their replacement? You can then create a review on that group to ensure those who still need access should have continued access.
 - **When a group is used for a new purpose:** If you have a group that is going to be synced to Azure AD, or if you plan to enable the application Salesforce for everyone in the Sales team group, it would be useful to ask the group owner to review the group membership prior to the group being used in a different risk content.
 - **Business critical data access:** for certain resources, such as [business critical applications](identity-governance-applications-prepare.md), it might be required as part of compliance processes to ask people to regularly reconfirm and give a justification on why they need continued access.
@@ -51,7 +51,7 @@ Azure AD enables you to collaborate with users from inside your organization and
 
 ## Where do you create reviews?
 
-Depending on what you want to review, you will create your access review in access reviews, Azure AD enterprise apps (in preview), PIM, or entitlement management.
+Depending on what you want to review, you'll either create your access review in access reviews, Azure AD enterprise apps (in preview), PIM, or entitlement management.
 
 | Access rights of users | Reviewers can be | Review created in | Reviewer experience |
 | --- | --- | --- | --- |
 
@@ -1,6 +1,6 @@
 ---
 title: Manage users excluded from Conditional Access policies
-description: Learn how to use Microsoft Entra access reviews to manage users that have been excluded from Conditional Access policies
+description: Learn how to use access reviews to manage users that have been excluded from Conditional Access policies
 services: active-directory
 documentationcenter: ''
 author: amsliu
@@ -11,7 +11,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.topic: conceptual
 ms.subservice: compliance
-ms.date: 12/23/2020
+ms.date: 12/27/2022
 ms.author: amsliu
 ms.reviewer: mwahl
 ms.collection: M365-identity-device-management
@@ -41,52 +41,52 @@ Another example might be that you have a Conditional Access policy [blocking leg
 
 ## Why are exclusions challenging?
 
-In Azure AD, you can scope a Conditional Access policy to a set of users. You can also configure exclusions by selecting Azure AD roles, individual users, or guests. You should keep in mind that when exclusions are configured, the policy intent can't be enforced on excluded users. If exclusions are configured using a list of users or using legacy on-premises security groups, you will have limited visibility into the exclusions. As a result:
+In Azure AD, you can scope a Conditional Access policy to a set of users. You can also configure exclusions by selecting Azure AD roles, individual users, or guests. You should keep in mind that when exclusions are configured, the policy intent can't be enforced on excluded users. If exclusions are configured using a list of users or using legacy on-premises security groups, you'll have limited visibility into the exclusions. As a result:
 
-- Users may not know that they are excluded.
+- Users may not know that they're excluded.
 
 - Users can join the security group to bypass the policy.
 
 - Excluded users may have qualified for the exclusion before but may no longer qualify for it.
 
-Frequently, when you first configure an exclusion, there is a shortlist of users who bypass the policy. Over time, more and more users get added to the exclusion, and the list grows. At some point, you need to review the list and confirm that each of these users is still eligible for exclusion. Managing the exclusion list, from a technical point of view, can be relatively easy, but who makes the business decisions, and how do you make sure it is all auditable? However, if you configure the exclusion using an Azure AD group, you can use access reviews as a compensating control, to drive visibility, and reduce the number of excluded users.
+Frequently, when you first configure an exclusion, there's a shortlist of users who bypass the policy. Over time, more users get added to the exclusion, and the list grows. At some point, you need to review the list and confirm that each of these users is still eligible for exclusion. Managing the exclusion list, from a technical point of view, can be relatively easy, but who makes the business decisions, and how do you make sure it's all auditable? However, if you configure the exclusion using an Azure AD group, you can use access reviews as a compensating control, to drive visibility, and reduce the number of excluded users.
 
 ## How to create an exclusion group in a Conditional Access policy
 
-Follow these steps to create a new Azure AD group and a Conditional Access policy that does not apply to that group.
+Follow these steps to create a new Azure AD group and a Conditional Access policy that doesn't apply to that group.
 
 ### Create an exclusion group
 
 1. Sign in to the Azure portal.
 
-2. In the left navigation, click **Azure Active Directory** and then click **Groups**.
+2. In the left navigation, select **Azure Active Directory** and then select **Groups**.
 
-3. On the top menu, click **New Group** to open the group pane.
+3. On the top menu, select **New Group** to open the group pane.
 
 4. In the **Group type** list, select **Security**. Specify a name and description.
 
 5. Make sure to set the **Membership** type to **Assigned**.
 
-6. Select the users that should be part of this exclusion group and then click **Create**.
+6. Select the users that should be part of this exclusion group and then select **Create**.
 
 ![New group pane in Azure Active Directory](./media/conditional-access-exclusion/new-group.png)
 
 ### Create a Conditional Access policy that excludes the group
 
 Now you can create a Conditional Access policy that uses this exclusion group.
 
-1. In the left navigation, click **Azure Active Directory** and then click **Conditional Access** to open the **Policies** blade.
+1. In the left navigation, select **Azure Active Directory** and then select **Conditional Access** to open the **Policies** blade.
 
-2. Click **New policy** to open the **New** pane.
+2. Select **New policy** to open the **New** pane.
 
 3. Specify a name.
 
-4. Under Assignments click **Users and groups**.
+4. Under Assignments select **Users and groups**.
 
 5. On the **Include** tab, select **All Users**.
 
 6. On the **Exclude** tab, add a checkmark to **Users and groups** and then
-    click **Select excluded users**.
+    select **Select excluded users**.
 
 7. Select the exclusion group you created.
 
@@ -101,7 +101,7 @@ Let's cover two examples where you can use access reviews to manage exclusions i
 
 ## Example 1: Access review for users accessing from blocked countries/regions
 
-Let's say you have a Conditional Access policy that blocks access from certain countries/regions. It includes a group that is excluded from the policy. Here is
+Let's say you have a Conditional Access policy that blocks access from certain countries/regions. It includes a group that is excluded from the policy. Here's
 a recommended access review where members of the group are reviewed.
 
 > [!NOTE] 
@@ -116,7 +116,7 @@ a recommended access review where members of the group are reviewed.
 4. Each user will need to self-attest that they still need access from these blocked countries/regions, therefore they still need to be a member of the
     group.
 
-5. If the user doesn't respond to the review request, they will be automatically removed from the group, and they will no longer have access to the tenant while traveling to these countries/regions.
+5. If the user doesn't respond to the review request, they'll be automatically removed from the group, and they'll no longer have access to the tenant while traveling to these countries/regions.
 
 6. Enable email notifications to let users know about the start and completion of the access review.
 
@@ -146,17 +146,17 @@ that is excluded from the policy. Here is a recommended access review where memb
 
 ## Access review results and audit logs
 
-Now that you have everything in place, group, Conditional Access policy, and access reviews, it is time to monitor and track the results of these reviews.
+Now that you have everything in place, group, Conditional Access policy, and access reviews, it's time to monitor and track the results of these reviews.
 
 1. In the Azure portal, open the **Access reviews** blade.
 
 2. Open the control and program you have created for managing the exclusion group.
 
-3. Click **Results** to see who was approved to stay on the list and who was removed.
+3. Select **Results** to see who was approved to stay on the list and who was removed.
 
     ![Access reviews results show who was approved](./media/conditional-access-exclusion/access-reviews-results.png)
 
-4. Then click **Audit logs** to see the actions that were taken during this review.
+4. Then select **Audit logs** to see the actions that were taken during this review.
 
     ![Access reviews audit logs listing actions](./media/conditional-access-exclusion/access-reviews-audit-logs.png)