Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into vnet-pl-cosmos

Author: asudbring

articles/active-directory/external-identities/cross-tenant-access-overview.md

@@ -19,6 +19,9 @@ ms.collection: M365-identity-device-management
 Azure AD organizations can use External Identities cross-tenant access settings to manage how they collaborate with other Azure AD organizations and other Microsoft Azure clouds through B2B collaboration and [B2B direct connect](cross-tenant-access-settings-b2b-direct-connect.md). [Cross-tenant access settings](cross-tenant-access-settings-b2b-collaboration.md) give you granular control over how external Azure AD organizations collaborate with you (inbound access) and how your users collaborate with external Azure AD organizations (outbound access). These settings also let you trust multi-factor authentication (MFA) and device claims ([compliant claims and hybrid Azure AD joined claims](../conditional-access/howto-conditional-access-policy-compliant-device.md)) from other Azure AD organizations.
 
 This article describes cross-tenant access settings, which are used to manage B2B collaboration and B2B direct connect with external Azure AD organizations, including across Microsoft clouds. More settings are available for B2B collaboration with non-Azure AD identities (for example, social identities or non-IT managed external accounts). These [external collaboration settings](external-collaboration-settings-configure.md) include options for restricting guest user access, specifying who can invite guests, and allowing or blocking domains.
+
+> [!IMPORTANT]
+> Microsoft is beginning to move customers using cross-tenant access settings to a new storage model on August 30, 2023. You may notice an entry in your audit logs informing you that your cross-tenant access settings were updated as our automated task migrates your settings. For a brief window while the migration processes, you will be unable to make changes to your settings. If you are unable to make a change, you should wait a few moments and try the change again. Once the migration completes, [you will no longer be capped with 25kb of storage space](/azure/active-directory/external-identities/faq#how-many-organizations-can-i-add-in-cross-tenant-access-settings-) and there will be no more limits on the number of partners you can add.
  
 ## Manage external access with inbound and outbound settings
 

articles/active-directory/external-identities/cross-tenant-access-settings-b2b-collaboration.md

@@ -18,6 +18,9 @@ ms.collection: M365-identity-device-management
 
 Use External Identities cross-tenant access settings to manage how you collaborate with other Azure AD organizations through B2B collaboration. These settings determine both the level of *inbound* access users in external Azure AD organizations have to your resources, and the level of *outbound* access your users have to external organizations. They also let you trust multi-factor authentication (MFA) and device claims ([compliant claims and hybrid Azure AD joined claims](../conditional-access/howto-conditional-access-policy-compliant-device.md)) from other Azure AD organizations. For details and planning considerations, see [Cross-tenant access in Azure AD External Identities](cross-tenant-access-overview.md).
 
+> [!IMPORTANT]
+> Microsoft is beginning to move customers using cross-tenant access settings to a new storage model on August 30, 2023. You may notice an entry in your audit logs informing you that your cross-tenant access settings were updated as our automated task migrates your settings. For a brief window while the migration processes, you will be unable to make changes to your settings. If you are unable to make a change, you should wait a few moments and try the change again. Once the migration completes, [you will no longer be capped with 25kb of storage space](/azure/active-directory/external-identities/faq#how-many-organizations-can-i-add-in-cross-tenant-access-settings-) and there will be no more limits on the number of partners you can add.
+
 ## Before you begin
 
   > [!CAUTION]

articles/active-directory/external-identities/cross-tenant-access-settings-b2b-direct-connect.md

@@ -27,6 +27,9 @@ Use cross-tenant access settings to manage how you collaborate with other Azure
 
 Learn more about using cross-tenant access settings to [manage B2B direct connect](b2b-direct-connect-overview.md#managing-cross-tenant-access-for-b2b-direct-connect).
 
+> [!IMPORTANT]
+> Microsoft is beginning to move customers using cross-tenant access settings to a new storage model on August 30, 2023. You may notice an entry in your audit logs informing you that your cross-tenant access settings were updated as our automated task migrates your settings. For a brief window while the migration processes, you will be unable to make changes to your settings. If you are unable to make a change, you should wait a few moments and try the change again. Once the migration completes, [you will no longer be capped with 25kb of storage space](/azure/active-directory/external-identities/faq#how-many-organizations-can-i-add-in-cross-tenant-access-settings-) and there will be no more limits on the number of partners you can add.
+
 ## Before you begin
 
 - Review the [Important considerations](cross-tenant-access-overview.md#important-considerations) section in the [cross-tenant access overview](cross-tenant-access-overview.md) before configuring your cross-tenant access settings.

articles/active-directory/fundamentals/security-defaults.md

@@ -7,7 +7,7 @@ ms.service: active-directory
 ms.subservice: conditional-access
 ms.custom: has-azure-ad-ps-ref
 ms.topic: conceptual
-ms.date: 07/31/2023
+ms.date: 08/29/2023
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -57,7 +57,7 @@ To configure security defaults in your directory, you must be assigned at least
 To enable security defaults:
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/).
-1. Browse to **Microsoft Entra ID (Azure AD)** > **Properties**.
+1. Browse to **Identity** > **Overview** > **Properties**.
    1. Select **Manage security defaults**.
 1. Set **Security defaults** to **Enabled**.
 1. Select **Save**.
@@ -187,7 +187,7 @@ Organizations that choose to implement Conditional Access policies that replace
 To disable security defaults in your directory:
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/).
-1. Browse to **Microsoft Entra ID (Azure AD)** > **Properties**.
+1. Browse to **Identity** > **Overview** > **Properties**.
    1. Select **Manage security defaults**.
 1. Set **Security defaults** to **Disabled (not recommended)**.
 1. Select **Save**.

articles/active-directory/governance/complete-access-review.md

@@ -34,6 +34,8 @@ For more information, see [License requirements](access-reviews-overview.md#lice
 
 ## View the status of an access review
 
+[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
+
 You can track the progress of access reviews as they're completed.
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Identity Governance Administrator](../roles/permissions-reference.md#identity-governance-administrator).

articles/active-directory/governance/create-access-review-pim-for-groups.md

@@ -29,6 +29,8 @@ For more information, see [License requirements](access-reviews-overview.md#lice
 
 ## Create a PIM for Groups access review
 
+[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
+
 ### Scope
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Identity Governance Administrator](../roles/permissions-reference.md#identity-governance-administrator).

articles/active-directory/governance/create-access-review.md

@@ -265,6 +265,8 @@ Use the following instructions to create an access review on a team with shared
 
 ## Allow group owners to create and manage access reviews of their groups
 
+[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
+
 The prerequisite role is a Global or User administrator.
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Identity Governance Administrator](../roles/permissions-reference.md#identity-governance-administrator).

articles/active-directory/governance/create-lifecycle-workflow.md

@@ -28,7 +28,7 @@ You can create and customize workflows for common scenarios by using templates,
 
 ## Create a lifecycle workflow by using a template in the Microsoft Entra admin center
 
-
+[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
 If you're using the Microsoft Entra admin center to create a workflow, you can customize existing templates to meet your organization's needs. These templates include one for pre-hire common scenarios.
 

articles/active-directory/governance/entitlement-management-access-package-approval-policy.md

@@ -48,13 +48,15 @@ For a demonstration of how to add a multi-stage approval to a request policy, wa
 
 ## Change approval settings of an existing access package assignment policy
 
+[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
+
 Follow these steps to specify the approval settings for requests for the access package through a policy:
 
-**Prerequisite role:** Global administrator, Identity Governance administrator, User administrator, Catalog owner, or Access package manager
+**Prerequisite role:** Global administrator, Identity Governance Administrator, User Administrator, Catalog owner, or Access package manager
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Identity Governance Administrator](../roles/permissions-reference.md#identity-governance-administrator).
 
-1. Browse to **Identity governance** > **Entitlement management** > **Access package**.
+1. Browse to **Identity governance** > **Entitlement management** > **Access packages**.
 
 1. On the **Access packages** page open an access package.
 

articles/active-directory/governance/entitlement-management-access-package-assignments.md

@@ -35,6 +35,8 @@ To use entitlement management and assign users to access packages, you must have
 
 ## View who has an assignment
 
+[!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
+
 **Prerequisite role:** Global administrator, Identity Governance administrator, User administrator, Catalog owner, Access package manager or Access package assignment manager
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Identity Governance Administrator](../roles/permissions-reference.md#identity-governance-administrator).
@@ -76,7 +78,7 @@ $assignments | ft Id,state,{$_.Target.id},{$_.Target.displayName}
 
 In some cases, you might want to directly assign specific users to an access package so that users don't have to go through the process of requesting the access package. To directly assign users, the access package must have a policy that allows administrator direct assignments.
 
-**Prerequisite role:** Global administrator, User administrator, Catalog owner, Access package manager or Access package assignment manager
+**Prerequisite role:** Global Administrator, User Administrator, Identity Governance Administrator, Catalog owner, Access package manager or Access package assignment manager
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Identity Governance Administrator](../roles/permissions-reference.md#identity-governance-administrator).