Updated link text

Author: rolyon

articles/role-based-access-control/best-practices.md

@@ -29,7 +29,7 @@ When planning your access control strategy, it's a best practice to grant users
 
 ![Azure RBAC and least privilege](./media/best-practices/rbac-least-privilege.png)
 
-For information about how to add role assignments, see [Add or remove role assignments](role-assignments-portal.md).
+For information about how to add role assignments, see [Add or remove Azure role assignments using the Azure portal](role-assignments-portal.md).
 
 ## Limit the number of subscription owners
 

articles/role-based-access-control/check-access.md

@@ -53,4 +53,4 @@ You can use the **Access control (IAM)** blade in [Azure role-based access contr
 ## Next steps
 
 > [!div class="nextstepaction"]
-> [Tutorial: Grant a user access to Azure resources using Azure RBAC and the Azure portal](quickstart-assign-role-user-portal.md)
+> [Tutorial: Grant a user access to Azure resources using the Azure portal](quickstart-assign-role-user-portal.md)

articles/role-based-access-control/classic-administrators.md

@@ -67,7 +67,7 @@ Guest users that have been assigned the Co-Administrator role might see some dif
 
 You would expect that user B could manage everything. The reason for this difference is that the Microsoft account is added to the subscription as a guest user instead of a member user. Guest users have different default permissions in Azure AD as compared to member users. For example, member users can read other users in Azure AD and guest users cannot. Member users can register new service principals in Azure AD and guest users cannot.
 
-If a guest user needs to be able to perform these tasks, a possible solution is to assign the specific Azure AD roles the guest user needs. For example, in the previous scenario, you could assign the [Directory Readers](../active-directory/users-groups-roles/directory-assign-admin-roles.md#directory-readers) role to read other users and assign the [Application Developer](../active-directory/users-groups-roles/directory-assign-admin-roles.md#application-developer) role to be able to create service principals. For more information about member and guest users and their permissions, see [What are the default user permissions in Azure Active Directory?](../active-directory/fundamentals/users-default-permissions.md). For more information about granting access for guest users, see [Manage access to Azure resources for external guest users using Azure RBAC](role-assignments-external-users.md).
+If a guest user needs to be able to perform these tasks, a possible solution is to assign the specific Azure AD roles the guest user needs. For example, in the previous scenario, you could assign the [Directory Readers](../active-directory/users-groups-roles/directory-assign-admin-roles.md#directory-readers) role to read other users and assign the [Application Developer](../active-directory/users-groups-roles/directory-assign-admin-roles.md#application-developer) role to be able to create service principals. For more information about member and guest users and their permissions, see [What are the default user permissions in Azure Active Directory?](../active-directory/fundamentals/users-default-permissions.md). For more information about granting access for guest users, see [Add or remove Azure role assignments for external guest users using the Azure portal](role-assignments-external-users.md).
 
 Note that the [Azure built-in roles](../role-based-access-control/built-in-roles.md) are different than the [Azure AD roles](../active-directory/users-groups-roles/directory-assign-admin-roles.md). The built-in roles don't grant any access to Azure AD. For more information, see [Understand the different roles](../role-based-access-control/rbac-and-directory-admin-roles.md).
 
@@ -146,6 +146,6 @@ Follow these steps to view the Account Administrator.
 
 ## Next steps
 
-* [Understand the different roles in Azure](../role-based-access-control/rbac-and-directory-admin-roles.md)
-* [Manage access to Azure resources using Azure RBAC and the Azure portal](../role-based-access-control/role-assignments-portal.md)
+* [Understand the different roles](../role-based-access-control/rbac-and-directory-admin-roles.md)
+* [Add or remove Azure role assignments using the Azure portal](../role-based-access-control/role-assignments-portal.md)
 * [Add or change Azure subscription administrators](../cost-management-billing/manage/add-change-subscription-administrator.md)

articles/role-based-access-control/custom-roles-portal.md

@@ -100,7 +100,7 @@ If you prefer, you can specify most of your custom role values in a JSON file. Y
     }
     ```
 
-1. In the JSON file, specify values for the various properties. Here's an example with some values added. For information about the different properties, see [Understand role definitions](role-definitions.md).
+1. In the JSON file, specify values for the various properties. Here's an example with some values added. For information about the different properties, see [Understand Azure role definitions](role-definitions.md).
 
     ```json
     {
@@ -343,6 +343,6 @@ Follow these steps to view your custom roles.
 
 ## Next steps
 
-- [Tutorial: Create a custom role using Azure PowerShell](tutorial-custom-role-powershell.md)
-- [Custom roles in Azure](custom-roles.md)
+- [Tutorial: Create an Azure custom role using Azure PowerShell](tutorial-custom-role-powershell.md)
+- [Azure custom roles](custom-roles.md)
 - [Azure Resource Manager resource provider operations](resource-provider-operations.md)

articles/role-based-access-control/custom-roles-rest.md

@@ -185,7 +185,7 @@ To create a custom role, use the [Role Definitions - Create Or Update](/rest/api
 
 1. In the `notActions` property, add the operations that are excluded from the allowed `actions`.
 
-1. In the `roleName` and `description` properties, specify a unique role name and a description. For more information about the properties, see [Custom roles](custom-roles.md).
+1. In the `roleName` and `description` properties, specify a unique role name and a description. For more information about the properties, see [Azure custom roles](custom-roles.md).
 
     The following shows an example of a request body:
 
@@ -337,5 +337,5 @@ To delete a custom role, use the [Role Definitions - Delete](/rest/api/authoriza
 ## Next steps
 
 - [Azure custom roles](custom-roles.md)
-- [Manage access to Azure resources using Azure RBAC and the REST API](role-assignments-rest.md)
+- [Add or remove Azure role assignments using the REST API](role-assignments-rest.md)
 - [Azure REST API Reference](/rest/api/azure/)

articles/role-based-access-control/custom-roles.md

@@ -85,7 +85,7 @@ When you create a custom role, it appears in the Azure portal with an orange res
 
     Once you have your custom role, you have to test it to verify that it works as you expect. If you need to make adjustments later, you can update the custom role.
 
-For a step-by-step tutorial on how to create a custom role, see [Tutorial: Create a custom role using Azure PowerShell](tutorial-custom-role-powershell.md) or [Tutorial: Create a custom role using Azure CLI](tutorial-custom-role-cli.md).
+For a step-by-step tutorial on how to create a custom role, see [Tutorial: Create an Azure custom role using Azure PowerShell](tutorial-custom-role-powershell.md) or [Tutorial: Create an Azure custom role using Azure CLI](tutorial-custom-role-cli.md).
 
 ## Custom role properties
 

articles/role-based-access-control/deny-assignments-rest.md

@@ -87,7 +87,7 @@ To get information about a deny assignment, you must have:
 
 ## List deny assignments at the root scope (/)
 
-1. Elevate your access as described in [Elevate access for a Global Administrator in Azure Active Directory](elevate-access-global-admin.md).
+1. Elevate your access as described in [Elevate access to manage all Azure subscriptions and management groups](elevate-access-global-admin.md).
 
 1. Use the following request:
 
@@ -108,5 +108,5 @@ To get information about a deny assignment, you must have:
 ## Next steps
 
 - [Understand Azure deny assignments](deny-assignments.md)
-- [Elevate access for a Global Administrator in Azure Active Directory](elevate-access-global-admin.md)
+- [Elevate access to manage all Azure subscriptions and management groups](elevate-access-global-admin.md)
 - [Azure REST API Reference](/rest/api/azure/)

articles/role-based-access-control/elevate-access-global-admin.md

@@ -80,7 +80,7 @@ Follow these steps to elevate access for a Global Administrator using the Azure
 
 1. Make the changes you need to make at the elevated access.
 
-    For information about assigning roles, see [Manage access using Azure RBAC and the Azure portal](role-assignments-portal.md). If you are using Azure AD Privileged Identity Management (PIM), see [Discover Azure resources to manage in PIM](../active-directory/privileged-identity-management/pim-resource-roles-discover-resources.md) or [Assign Azure resource roles in PIM](../active-directory/privileged-identity-management/pim-resource-roles-assign-roles.md).
+    For information about assigning roles, see [Add or remove Azure role assignments using the Azure portal](role-assignments-portal.md). If you are using Azure AD Privileged Identity Management (PIM), see [Discover Azure resources to manage in PIM](../active-directory/privileged-identity-management/pim-resource-roles-discover-resources.md) or [Assign Azure resource roles in PIM](../active-directory/privileged-identity-management/pim-resource-roles-assign-roles.md).
 
 ### Remove elevated access
 
@@ -318,5 +318,5 @@ When you call `elevateAccess`, you create a role assignment for yourself, so to
 
 ## Next steps
 
-- [Understand the different roles in Azure](rbac-and-directory-admin-roles.md)
-- [Manage access to Azure resources using Azure RBAC and the REST API](role-assignments-rest.md)
+- [Understand the different roles](rbac-and-directory-admin-roles.md)
+- [Add or remove Azure role assignments using the REST API](role-assignments-rest.md)

articles/role-based-access-control/index.yml

@@ -1,10 +1,10 @@
 ### YamlMime:Landing
 
-title: Azure role-based access control (Azure RBAC) documentation
+title: Azure RBAC documentation
 summary: Azure role-based access control (Azure RBAC) is a system that provides fine-grained access management of Azure resources. Using Azure RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs.
 
 metadata:
-  title: Azure role-based access control (Azure RBAC) documentation
+  title: Azure RBAC documentation
   description: Learn about Azure role-based access control (Azure RBAC) to manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
   services: role-based-access-control
   ms.service: role-based-access-control
@@ -66,7 +66,7 @@ landingContent:
           - text: Template
             url: role-assignments-template.md
   # Card
-  - title: Create custom roles
+  - title: Create and update custom roles
     linkLists: 
       - linkListType: overview
         links: 

articles/role-based-access-control/overview.md

@@ -126,7 +126,7 @@ The following are the high-level steps that Azure RBAC uses to determine if you
 
 ## Next steps
 
-- [Quickstart: View the access a user has to Azure resources using the Azure portal](check-access.md)
-- [Manage access to Azure resources using Azure RBAC and the Azure portal](role-assignments-portal.md)
-- [Understand the different roles in Azure](rbac-and-directory-admin-roles.md)
+- [Quickstart: View the access a user has to Azure resources](check-access.md)
+- [Add or remove Azure role assignments using the Azure portal](role-assignments-portal.md)
+- [Understand the different roles](rbac-and-directory-admin-roles.md)
 - [Cloud Adoption Framework: Resource access management in Azure](/azure/cloud-adoption-framework/govern/resource-consistency/resource-access-management)