[Azure AD PIM] remove references to group role assignments

curtand · curtand · commit 70dedb6eab8d · 2020-02-05T09:28:03.000-08:00
diff --git a/articles/active-directory/privileged-identity-management/pim-how-to-add-role-to-user.md b/articles/active-directory/privileged-identity-management/pim-how-to-add-role-to-user.md
@@ -56,24 +56,18 @@ Follow these steps to make a user eligible for an Azure AD admin role.
 
 1. Select a role you want to assign and then click **Select**.
 
-    The **Select a member or group** page opens.
-
-1. Select a member or group you want to assign to the role and then select **Select**.
+1. Select a member to whom you want to assign to the role and then select **Select**.
 
     ![Select a member or group pane](./media/pim-resource-roles-assign-roles/resources-select-member-or-group.png)
 
-    The Membership settings pane opens.
-
-1. In the **Assignment type** list, select **Eligible** or **Active**.
-
-    ![Memberships settings pane](./media/pim-resource-roles-assign-roles/resources-membership-settings-type.png)
-
-    Privileged Identity Management for Azure resources provides two distinct assignment types:
+1. In the **Assignment type** list on the **Membership settings** pane, select **Eligible** or **Active**.
 
     - **Eligible** assignments require the member of the role to perform an action to use the role. Actions might include performing a multi-factor authentication (MFA) check, providing a business justification, or requesting approval from designated approvers.
 
     - **Active** assignments don't require the member to perform any action to use the role. Members assigned as active have the privileges assigned to the role at all times.
 
+    ![Memberships settings pane](./media/pim-resource-roles-assign-roles/resources-membership-settings-type.png)
+
 1. If the assignment should be permanent (permanently eligible or permanently assigned), select the **Permanently** checkbox.
 
     Depending on the role settings, the check box might not appear or might be unmodifiable.
diff --git a/articles/active-directory/privileged-identity-management/pim-how-to-change-default-settings.md b/articles/active-directory/privileged-identity-management/pim-how-to-change-default-settings.md
@@ -84,7 +84,7 @@ Privileged Identity Management provides optional enforcement of Azure Multi-Fact
 
 ### Require Multi-Factor Authentication on active assignment
 
-In some cases, you might want to assign a user or group to a role for a short duration (one day, for example). In this case, the assigned users don't need to request activation. In this scenario, Privileged Identity Management can't enforce multi-factor authentication when the user uses their role assignment because they are already active in the role from the time that it is assigned.
+In some cases, you might want to assign a user to a role for a short duration (one day, for example). In this case, the assigned users don't need to request activation. In this scenario, Privileged Identity Management can't enforce multi-factor authentication when the user uses their role assignment because they are already active in the role from the time that it is assigned.
 
 To ensure that the resource administrator fulfilling the assignment is who they say they are, you can enforce multi-factor authentication on active assignment by checking the **Require Multi-Factor Authentication on active assignment** box.
 
@@ -110,11 +110,11 @@ If you want to require approval to activate a role, follow these steps.
 
 1. Check the **Require approval to activate** check box.
 
-1. Select **Select approvers** to open the **Select a member or group** page.
+1. Select **Select approvers**.
 
     ![Select a user or group pane to select approvers](./media/pim-resource-roles-configure-role-settings/resources-role-settings-select-approvers.png)
 
-1. Select at least one user or group and then click **Select**. You can add any combination of users and groups. You must select at least one approver. There are no default approvers.
+1. Select at least one user and then click **Select**. You must select at least one approver. There are no default approvers.
 
     Your selections will appear in the list of selected approvers.
 
@@ -203,7 +203,7 @@ If you want to delegate the required approval to activate a role, follow these s
 
     ![Azure AD roles - Settings - Require approval](./media/pim-how-to-change-default-settings/pim-directory-roles-settings-require-approval-select-approvers.png)
 
-1. Select one or more approvers in addition to the Privileged role administrator and then click **Select**. You can select users or groups. We recommend that you add at least two approvers. Even if you add yourself as an approver, you can't self-approve a role activation. Your selections will appear in the list of selected approvers.
+1. Select one or more approvers in addition to the Privileged role administrator and then click **Select**. We recommend that you add at least two approvers. Even if you add yourself as an approver, you can't self-approve a role activation. Your selections will appear in the list of selected approvers.
 
 1. After you have specified your all your role settings, select **Save** to save your changes.
 
