Merge pull request #224993 from MicrosoftDocs/main

Publish to Live Wednesday 4AM PST, 01/25

Author: PMEds28

.openpublishing.redirection.active-directory.json

@@ -11065,6 +11065,11 @@
       "source_path_from_root": "/articles/active-directory/privileged-identity-management/groups-features.md",
       "redirect_url": "azure/active-directory/privileged-identity-management/concept-pim-for-groups",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/cloud-infrastructure-entitlement-management/product-data-inventory.md",
+      "redirect_url": "/azure/active-directory/cloud-infrastructure-entitlement-management/product-data-billable-resources",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory/cloud-infrastructure-entitlement-management/TOC.yml

@@ -32,13 +32,13 @@
         href: ui-dashboard.md
       - name: View data about the activity in your authorization system
         href: product-dashboard.md
-    - name: Configure settings for data collection
+      - name: View current billable resources in your authorization system
+        href: product-data-billable-resources.md  
+    - name: View information about your Authorization Systems
       expanded: false
       items:
       - name: View and configure settings for data collection
         href: product-data-sources.md
-      - name: Display an inventory of created resources and licenses 
-        href: product-data-inventory.md
     - name: Manage organizational and personal information
       expanded: false
       items:
@@ -143,7 +143,7 @@
         href: report-view-system-report.md
       - name: Create, view, and share a custom report
         href: report-create-custom-report.md
-      - name: Generate and download the Permissions analytics report
+      - name: View and download the Permissions analytics report
         href: product-permissions-analytics-reports.md
   - name: Troubleshoot
     expanded: false

articles/active-directory/cloud-infrastructure-entitlement-management/faqs.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: faq
-ms.date: 04/20/2022
+ms.date: 01/25/2023
 ms.author: jfields
 ---
 
@@ -141,7 +141,19 @@ We also have the ability to remove, export or modify specific data should the Gl
 ## Do I require a license to use Entra Permissions Management? 
 
 Yes, as of July 1st, 2022, new customers must acquire a free 45-day trial license or a paid license to use the service. You can enable a trial here: [https://aka.ms/TryPermissionsManagement](https://aka.ms/TryPermissionsManagement) or you can directly purchase resource-based licenses here: [https://aka.ms/BuyPermissionsManagement](https://aka.ms/BuyPermissionsManagement) 
- 
+
+## How is Permissions Management priced? 
+
+Permissions Management is $125 per resources/year ($10.40 per resource/month). Permissions Management requires licenses for workloads, which include any resource that uses compute or memory. 
+
+## Do I need to pay for all resources?
+
+Although Permissions Management supports all resources, Microsoft only requires licenses for certain resources per cloud. To learn more about billable resources, visit [View billable resources listed in your authorization system](product-data-billable-resources.md)
+
+## How do I figure out how many resources I have? 
+
+To find out how many resources you have across your multicloud infrastructure, view the Billable Resources tab in Permissions Management.
+
 ## What do I do if I’m using Public Preview version of Entra Permissions Management?  
 
 If you are using the Public Preview version of Entra Permissions Management, your current deployment(s) will continue to work through October 1st.  

articles/active-directory/cloud-infrastructure-entitlement-management/media/onboard-enable-tenant/billable-resources.png

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/23/2022
+ms.date: 01/25/2023
 ms.author: jfields
 ---
 
@@ -25,6 +25,9 @@ The Permissions Management **Dashboard** provides an overview of the authorizati
 
    The **Permission Creep Index (PCI)** chart updates to display information about the accounts and folders you selected. The number of days since the information was last updated displays in the upper right corner.
 
+   >[!NOTE]
+   >Default and GCP-managed service accounts are not included in the PCI calculation.
+
 1. In the Permission Creep Index (PCI) graph, select a bubble.
 
     The bubble displays the number of identities that are considered high-risk.

articles/active-directory/cloud-infrastructure-entitlement-management/product-dashboard.md

@@ -0,0 +1,42 @@
+---
+title: View current billable resources in your authorization systems
+description: How to view current billable resources in your authorization system in Permissions Management.
+services: active-directory
+author: jenniferf-skc
+manager: amycolannino
+ms.service: active-directory 
+ms.subservice: ciem
+ms.workload: identity
+ms.topic: how-to
+ms.date: 01/25/2023
+ms.author: jfields
+---
+
+# View billable resources listed in your authorization system
+
+Gain insight into current billable resources listed in your authorization system. In Microsoft Entra Permissions Management, a billable resource is defined as a cloud service that uses compute or memory and requires a license. The Permissions Management Billable Resources tab shows you which resources are in your authorization system, and how many of them you're being billed for.
+
+Here is the current list of resources per cloud provider. This list is subject to change as cloud providers add more services in the future.
+
+:::image type="content" source="media/onboard-enable-tenant/billable-resources.png" alt-text="A table of current Microsoft billable resources." lightbox="media/onboard-enable-tenant/billable-resources.png":::
+
+## View resources in your authorization system
+
+1. To access your billable resource information, from the Permissions Management home page, select Settings (gear icon).
+1. Select the Billable Resources tab.
+1. Select your Authorization System:
+
+    - **AWS** for Amazon Web Services.
+    - **Azure** for Microsoft Azure.
+    - **GCP** for Google Cloud Platform.
+
+    The interface displays information showing which resource you have in your Authorization System per category.
+
+1. To change the columns displayed in the table, select **Columns**, and then select the information you want to display.
+
+    - To discard your changes, select **Reset to default**.
+
+
+## Next steps
+
+- For information about viewing and configuring settings for collecting data from your authorization system and its associated accounts, see [View and configure settings for data collection](product-data-sources.md).

articles/active-directory/cloud-infrastructure-entitlement-management/product-data-billable-resources.md

@@ -1,14 +1,14 @@
 ---
-title: View and configure settings for data collection from your authorization system in Permissions Management
-description: How to view and configure settings for collecting data from your authorization system in Permissions Management.
+title: View and configure settings for data collection
+description: How to view and configure settings for collecting data from your authorization system.
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
 ms.service: active-directory 
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/23/2022
+ms.date: 01/25/2023
 ms.author: jfields
 ---
 

articles/active-directory/cloud-infrastructure-entitlement-management/product-data-inventory.md

@@ -1,99 +1,71 @@
 ---
-title: Generate and download the Permissions analytics report in Permissions Management
-description: How to generate and download the Permissions analytics report in Permissions Management.
+title: View and download the Permissions Analytics Report in Permissions Management
+description: How to view and download the Permissions Analytics Report in Permissions Management.
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
 ms.service: active-directory 
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 01/20/2023
+ms.date: 01/25/2023
 ms.author: jfields
 ---
 
-# Generate and download the Permissions analytics report
-
-This article describes how to generate and download the **Permissions analytics report** in Permissions Management for AWS, Azure, and GCP. You can generate the report in Excel format, and also as a PDF.
-
-
-## Generate the Permissions analytics report
-
-1. In the Permissions Management home page, select the **Reports** tab, and then select the **Systems Reports** subtab.
-
-    The **Systems Reports** subtab displays a list of reports the **Reports** table.
-1. Select **Permissions Analytics Report** from the list. o download the report, select the down arrow to the right of the report name, or from the ellipses **(...)** menu, select **Download**.
-
-    The following message displays: **Successfully Started To Generate On Demand Report.**
-
-1. For detailed information in the report, select the right arrow next to one of the following categories. Or, select the required category under the **Findings** column.
-
-    - **AWS**
-        - Inactive Identities
-            - Users
-            - Roles
-            - Resources
-            - Serverless Functions
-        - Inactive Groups
-        - Super Identities
-            - Users
-            - Roles
-            - Resources
-            - Serverless Functions
-        - Over-Provisioned Active Identities
-            - Users
-            - Roles
-            - Resources
-            - Serverless Functions
-        - PCI Distribution
-        - Privilege Escalation
-            - Users
-            - Roles
-            - Resources
-        - S3 Bucket Encryption
-            - Unencrypted Buckets
-            - SSE-S3 Buckets
-        - S3 Buckets Accessible Externally
-        - EC2 S3 Buckets Accessibility
-        - Open Security Groups
-        - Identities That Can Administer Security Tools
-            - Users
-            - Roles
-            - Resources
-            - Serverless Functions
-        - Identities That Can Access Secret Information
-            - Users
-            - Roles
-            - Resources
-            - Serverless Functions
-        - Cross-Account Access
-            - External Accounts
-            - Roles That Allow All Identities
-        - Hygiene: MFA Enforcement
-        - Hygiene: IAM Access Key Age
-        - Hygiene: Unused IAM Access Keys
-        - Exclude From Reports
-            - Users
-            - Roles
-            - Resources
-            - Serverless Functions
-            - Groups
-            - Security Groups
-            - S3 Buckets
-
-
-1. Select a category and view the following columns of information:
-
-    - **User**, **Role**, **Resource**, **Serverless Function Name**: Displays the name of the identity.
-    - **Authorization System**: Displays the authorization system to which the identity belongs.
-    - **Domain**: Displays the domain name to which the identity belongs.
-    - **Permissions**: Displays the maximum number of permissions that the identity can be granted.
-        - **Used**: Displays how many permissions that the identity has used.
-        - **Granted**: Displays how many permissions that the identity has been granted.
-    - **PCI**: Displays the permission creep index (PCI) score of the identity.
-    - **Date Last Active On**: Displays the date that the identity was last active.
-    - **Date Created On**: Displays the date when the identity was created.
+# View and download the Permissions analytics report
 
+This article describes how to view and download the **Permissions analytics report** in Permissions Management for AWS, Azure, and GPC authorization systems.
+
+>[!NOTE]
+>The Permissions analytics report can be downloaded in Excel and PDF formats.
+
+## View the Permissions Analytics Report in the Permissions Management UI
+
+You can view the Permissions Analytics Report information directly in the Permissions Management UI.
+
+1. In Permissions Management, select **Reports** in the navigation menu.
+2. Locate the **Permissions Analytics Report** in the list, then select it.
+3. View detailed report information from the list of categories that are displayed.
+   >[!NOTE]
+   > Categories will vary depending on which Authorization System you are viewing.
+
+4. To view more detailed information into each category, select the drop-down arrow next to the category name.
+
+
+## Download the Permissions Analytics Report in Excel format
+
+1. From the Permissions Management home page, select the **Reports** tab, then select the **Systems Reports** subtab.
+    
+    The **Systems Reports** subtab displays a list of report names in the **Reports** table.
+2. Locate the **Permissions Analytics Report** in the list.
+3. To download the report in Excel format, click on the ellipses **(...)**, the select **Generate & Download**.
+    
+    The Permissions Analytics Report screen is displayed.
+4. Click on **Report Format** and make sure that **XLSX** is selected.
+5. Click on **Schedule** and, if you want to download this report regularly, select the frequency for which you want it downloaded. You can also leave this at the default setting of **None**.
+6. Click on **Authorization Systems** and select which system you want to download the report for (AWS, Azure, or GCP).
+   >[!NOTE]
+   > To download a report for all Authorization Systems, check the **Collate** box. This will combine all selected Authorization Systems into one report.
+7. Click **Save**
+
+    The following message displays: **Report has been created**.
+
+    Once the Excel file is generated, the report is automatically sent to your email.
+
+## Download the Permissions Analytics Report in PDF format
+
+1. From the Permissions Management home page, select the **Reports** tab, then select the **Systems Reports** subtab.
+    
+    The **Systems Reports** subtab displays a list of reports names in the **Reports** table.
+2. Locate the **Permissions Analytics Report** in the list, then select it.
+3. Select which Authorization System you want to generate the PDF download for (AWS, Azure, or GCP).
+   >[!NOTE]
+   > The PDF can only be downloaded for one Authorization System at a time. If more than one Authorization System is selected, the **Export PDF** button will be disabled. 
+4. To download the report in PDF format, click on **Export PDF**.
+    
+    The following message displays: **Successfully started to generate PDF report**. 
+    
+    Once the PDF is generated, the report is automatically sent to your email.
 
 
 <!---## Add and remove tags in the Permissions analytics report