Merge pull request #220313 from MicrosoftDocs/main

Publish to live, Sunday 4 AM PST, 12/4

Author: ttorble

articles/active-directory/governance/TOC.yml

@@ -1,4 +1,4 @@
-- name: Azure AD Identity Governance documentation
+- name: Microsoft Entra Identity Governance documentation
   href: index.yml
 - name: Overview
   expanded: true

articles/active-directory/governance/access-reviews-application-preparation.md

@@ -23,9 +23,9 @@ ms.collection: M365-identity-device-management
 
 # Prepare for an access review of users' access to an application
 
-[Azure Active Directory (Azure AD) Identity Governance](identity-governance-overview.md) allows you to balance your organization's need for security and employee productivity with the right processes and visibility. It provides you with capabilities to ensure that the right people have the right access to the right resources.
+[Microsoft Entra Identity Governance](identity-governance-overview.md) allows you to balance your organization's need for security and employee productivity with the right processes and visibility. It provides you with capabilities to ensure that the right people have the right access to the right resources.
 
-Organizations with compliance requirements or risk management plans will have sensitive or business-critical applications. The application sensitivity may be based on its purpose or the data it contains, such as financial information or personal information of the organization's customers. For those applications, only a subset of all the users in the organization will typically be authorized to have access, and access should only be permitted based on documented business requirements.  Azure AD can be integrated with many popular SaaS applications, on-premises applications, and applications that your organization has developed, using [standard protocol](../fundamentals/auth-sync-overview.md) and API interfaces. Through these interfaces, Azure AD can be the authoritative source to control who has access to those applications.  As you integrate your applications with Azure AD, you can then use Azure AD access reviews to recertify the users who have access to those applications, and remove access of those users who no longer need access.  You can also use other features, including terms of use, conditional access and entitlement management, for governing access to applications, as described in [how to govern access to applications in your environment](identity-governance-applications-prepare.md).
+Organizations with compliance requirements or risk management plans will have sensitive or business-critical applications. The application sensitivity may be based on its purpose or the data it contains, such as financial information or personal information of the organization's customers. For those applications, only a subset of all the users in the organization will typically be authorized to have access, and access should only be permitted based on documented business requirements.  Azure AD can be integrated with many popular SaaS applications, on-premises applications, and applications that your organization has developed, using [standard protocol](../fundamentals/auth-sync-overview.md) and API interfaces. Through these interfaces, Azure AD can be the authoritative source to control who has access to those applications.  As you integrate your applications with Azure AD, you can then use Microsoft Entra access reviews to recertify the users who have access to those applications, and remove access of those users who no longer need access.  You can also use other features, including terms of use, conditional access and entitlement management, for governing access to applications, as described in [how to govern access to applications in your environment](identity-governance-applications-prepare.md).
 
 ## Prerequisites for reviewing access
 
@@ -40,7 +40,7 @@ Also, while not required for reviewing access to an application, we recommend al
 
 ## Determine how the application is integrated with Azure AD
 
-In order for Azure AD access reviews to be used for an application, then the application must first be integrated with Azure AD. An application being integrated with Azure AD means one of two requirements must be met:
+In order for Microsoft Entra access reviews to be used for an application, then the application must first be integrated with Azure AD. An application being integrated with Azure AD means one of two requirements must be met:
 
 * The application relies upon Azure AD for federated SSO, and Azure AD controls authentication token issuance. If Azure AD is the only identity provider for the application, then only users who are assigned to one of the application's roles in Azure AD are able to sign into the application. Those users that are denied by a review lose their application role assignment and can no longer get a new token to sign in to the application.
 * The application relies upon user or group lists that are provided to the application by Azure AD. This fulfillment could be done through a provisioning protocol such as System for Cross-Domain Identity Management (SCIM) or by the application querying Azure AD via Microsoft Graph, or groups that are written to AD DS. Those users that are denied by a review lose their application role assignment or group membership, and when those changes are made available to the application, then the denied users will no longer have access.

articles/active-directory/governance/access-reviews-downloadable-review-history.md

@@ -1,6 +1,6 @@
 ---
-title: Create and manage downloadable access review history report - Azure Active Directory
-description: Using Azure Active Directory access reviews, you can download a review history for access reviews in your organization.
+title: Create and manage downloadable access review history report
+description: Using Microsoft Entra access reviews, you can download a review history for access reviews in your organization.
 services: active-directory
 documentationcenter: ''
 author: amsliu
@@ -14,9 +14,9 @@ ms.date: 02/18/2022
 ms.author: amsliu
 ---
 
-# Create and manage downloadable access review history report in Azure AD access reviews
+# Create and manage downloadable access review history report in Microsoft Entra access reviews
 
-With Azure Active Directory (Azure AD) Access Reviews, you can create a downloadable review history to help your organization gain more insight. The report pulls the decisions that were taken by reviewers when a report is created. These reports can be constructed to include specific access reviews, for a specific time frame, and can be filtered to include different review types and review results.
+With Microsoft Entra Access Reviews, you can create a downloadable review history to help your organization gain more insight. The report pulls the decisions that were taken by reviewers when a report is created. These reports can be constructed to include specific access reviews, for a specific time frame, and can be filtered to include different review types and review results.
 
 ## Who can access and request review history
 

articles/active-directory/governance/access-reviews-overview.md

@@ -1,6 +1,6 @@
 ---
-title: What are access reviews? - Azure Active Directory | Microsoft Docs
-description: Using Azure Active Directory access reviews, you can control group membership and application access to meet governance, risk management, and compliance initiatives in your organization.
+title: What are access reviews? - Microsoft Entra | Microsoft Docs
+description: Using Microsoft Entra access reviews, you can control group membership and application access to meet governance, risk management, and compliance initiatives in your organization.
 services: active-directory
 documentationcenter: ''
 author: amsliu
@@ -18,9 +18,9 @@ ms.collection: M365-identity-device-management
 ms.custom: contperf-fy21q1
 ---
 
-# What are Azure AD access reviews?
+# What are Microsoft Entra access reviews?
 
-Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User's access can be reviewed on a regular basis to make sure only the right people have continued access.
+Microsoft Entra access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User's access can be reviewed on a regular basis to make sure only the right people have continued access.
 
 Here's a video that provides a quick overview of access reviews:
 
@@ -38,7 +38,7 @@ Azure AD enables you to collaborate with users from inside your organization and
 
 ## When should you use access reviews?
 
-- **Too many users in privileged roles:** It's a good idea to check how many users have administrative access, how many of them are Global Administrators, and if there are any invited guests or partners that have not been removed after being assigned to do an administrative task. You can recertify the role assignment users in [Azure AD roles](../privileged-identity-management/pim-perform-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) such as Global Administrators, or [Azure resources roles](../privileged-identity-management/pim-perform-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) such as User Access Administrator in the [Azure AD Privileged Identity Management (PIM)](../privileged-identity-management/pim-configure.md) experience.
+- **Too many users in privileged roles:** It's a good idea to check how many users have administrative access, how many of them are Global Administrators, and if there are any invited guests or partners that have not been removed after being assigned to do an administrative task. You can recertify the role assignment users in [Azure AD roles](../privileged-identity-management/pim-perform-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) such as Global Administrators, or [Azure resources roles](../privileged-identity-management/pim-perform-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) such as User Access Administrator in the [Microsoft Entra Privileged Identity Management (PIM)](../privileged-identity-management/pim-configure.md) experience.
 - **When automation is not possible:** You can create rules for dynamic membership on security groups or Microsoft 365 Groups, but what if the HR data is not in Azure AD or if users still need access after leaving the group to train their replacement? You can then create a review on that group to ensure those who still need access should have continued access.
 - **When a group is used for a new purpose:** If you have a group that is going to be synced to Azure AD, or if you plan to enable the application Salesforce for everyone in the Sales team group, it would be useful to ask the group owner to review the group membership prior to the group being used in a different risk content.
 - **Business critical data access:** for certain resources, such as [business critical applications](identity-governance-applications-prepare.md), it might be required as part of compliance processes to ask people to regularly reconfirm and give a justification on why they need continued access.
@@ -51,15 +51,15 @@ Azure AD enables you to collaborate with users from inside your organization and
 
 ## Where do you create reviews?
 
-Depending on what you want to review, you will create your access review in Azure AD access reviews, Azure AD enterprise apps (in preview), Azure AD PIM, or Azure AD entitlement management.
+Depending on what you want to review, you will create your access review in Microsoft Entra access reviews, Azure AD enterprise apps (in preview), Microsoft Entra PIM, or Microsoft Entra entitlement management.
 
 | Access rights of users | Reviewers can be | Review created in | Reviewer experience |
 | --- | --- | --- | --- |
-| Security group members</br>Office group members | Specified reviewers</br>Group owners</br>Self-review | Azure AD access reviews</br>Azure AD groups | Access panel |
-| Assigned to a connected app | Specified reviewers</br>Self-review | Azure AD access reviews</br>Azure AD enterprise apps (in preview) | Access panel |
-| Azure AD role | Specified reviewers</br>Self-review | [Azure AD PIM](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) | Azure portal |
-| Azure resource role | Specified reviewers</br>Self-review | [Azure AD PIM](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) | Azure portal |
-| Access package assignments | Specified reviewers</br>Group members</br>Self-review | Azure AD entitlement management | Access panel |
+| Security group members</br>Office group members | Specified reviewers</br>Group owners</br>Self-review | Microsoft Entra access reviews</br>Azure AD groups | Access panel |
+| Assigned to a connected app | Specified reviewers</br>Self-review | Microsoft Entra access reviews</br>Azure AD enterprise apps (in preview) | Access panel |
+| Azure AD role | Specified reviewers</br>Self-review | [Microsoft Entra PIM](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) | Azure portal |
+| Azure resource role | Specified reviewers</br>Self-review | [Microsoft Entra PIM](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json) | Azure portal |
+| Access package assignments | Specified reviewers</br>Group members</br>Self-review | Microsoft Entra entitlement management | Access panel |
 
 ## License requirements
 

articles/active-directory/governance/check-status-workflow.md

@@ -1,5 +1,5 @@
 ---
-title: Check status of a Lifecycle workflow - Azure Active Directory
+title: Check status of a Lifecycle workflow
 description: This article guides a user on checking the status of a Lifecycle workflow
 author: OWinfreyATL
 ms.author: owinfrey

articles/active-directory/governance/complete-access-review.md

@@ -1,6 +1,6 @@
 ---
-title: Complete an access review of groups & applications - Azure AD
-description: Learn how to complete an access review of group members or application access in Azure Active Directory access reviews.
+title: Complete an access review of groups & applications
+description: Learn how to complete an access review of group members or application access in Microsoft Entra access reviews.
 services: active-directory
 documentationcenter: ''
 author: amsliu
@@ -17,7 +17,7 @@ ms.reviewer: mwahl
 ms.collection: M365-identity-device-management
 ---
 
-# Complete an access review of groups and applications in Azure AD access reviews
+# Complete an access review of groups and applications in Microsoft Entra access reviews
 
 As an administrator, you [create an access review of groups or applications](create-access-review.md) and reviewers [perform the access review](perform-access-review.md). This article describes how to see the results of the access review and apply them.
 

articles/active-directory/governance/conditional-access-exclusion.md

@@ -1,6 +1,6 @@
 ---
 title: Manage users excluded from Conditional Access policies
-description: Learn how to use Azure Active Directory (Azure AD) access reviews to manage users that have been excluded from Conditional Access policies
+description: Learn how to use Microsoft Entra access reviews to manage users that have been excluded from Conditional Access policies
 services: active-directory
 documentationcenter: ''
 author: amsliu
@@ -17,7 +17,7 @@ ms.reviewer: mwahl
 ms.collection: M365-identity-device-management
 ---
 
-# Use Azure AD access reviews to manage users excluded from Conditional Access policies
+# Use Microsoft Entra access reviews to manage users excluded from Conditional Access policies
 
 In an ideal world, all users follow the access policies to secure access to your organization's resources. However, sometimes there are business cases that require you to make exceptions. This article goes over some examples of situations where exclusions may be necessary. You, as the IT administrator, can manage this task, avoid oversight of policy exceptions, and provide auditors with proof that these exceptions are reviewed regularly using Azure Active Directory (Azure AD) access reviews.
 
@@ -142,7 +142,7 @@ that is excluded from the policy. Here is a recommended access review where memb
     ![Create an access review pane for example 2](./media/conditional-access-exclusion/create-access-review-2.png)
 
 >[!IMPORTANT] 
->If you have many exclusion groups and therefore need to create multiple access reviews, we now have an API in the Microsoft Graph beta   endpoint that allows you to create and manage them programmatically. To get started, see the [Azure AD access reviews API reference](/graph/api/resources/accessreviewsv2-overview) and [Example of retrieving Azure AD access reviews via Microsoft Graph](https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Example-of-retrieving-Azure-AD-access-reviews-via-Microsoft/td-p/236096).
+>If you have many exclusion groups and therefore need to create multiple access reviews, we now have an API in the Microsoft Graph beta   endpoint that allows you to create and manage them programmatically. To get started, see the [Microsoft Entra access reviews API reference](/graph/api/resources/accessreviewsv2-overview) and [Example of retrieving Microsoft Entra access reviews via Microsoft Graph](https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Example-of-retrieving-Azure-AD-access-reviews-via-Microsoft/td-p/236096).
 
 ## Access review results and audit logs
 
@@ -160,7 +160,7 @@ Now that you have everything in place, group, Conditional Access policy, and acc
 
     ![Access reviews audit logs listing actions](./media/conditional-access-exclusion/access-reviews-audit-logs.png)
 
-As an IT administrator, you know that managing exclusion groups to your policies is sometimes inevitable. However, maintaining these groups, reviewing them on a regular basis by the business owner or the users themselves, and auditing these changes can be made easier with Azure AD access reviews.
+As an IT administrator, you know that managing exclusion groups to your policies is sometimes inevitable. However, maintaining these groups, reviewing them on a regular basis by the business owner or the users themselves, and auditing these changes can be made easier with Microsoft Entra access reviews.
 
 ## Next steps