Updated steps in content for User Story 149483

Author: jenniferf-skc

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-add-remove-user-to-group.md

@@ -21,7 +21,7 @@ This article describes how you can add or remove a new user for a group in Permi
 
 ## Add a user
 
-1. Navigate to the [Microsoft Entra admin center](https://entra.microsoft.com/#home).
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/#home).
 1. From the Azure Active Directory tile, select **Go to Azure Active Directory**. 
 1. From the navigation pane, select the **Groups** drop-down menu, then **All groups**.
 1. Select the group name for the group you want to add the user to.
@@ -37,7 +37,7 @@ This article describes how you can add or remove a new user for a group in Permi
 
 ## Remove a user
 
-1. Navigate to the Microsoft [Entra admin center](https://entra.microsoft.com/#home). 
+1. Sign in to the Microsoft [Entra admin center](https://entra.microsoft.com/#home). 
 1. From the Azure Active Directory tile, select **Go to Azure Active Directory**. 
 1. From the navigation pane, select the **Groups** drop-down menu, then **All groups**.
 1. Select the group name for the group you want to remove the user from.

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-add-account-after-onboarding.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 06/16/2023
+ms.date: 09/13/2023
 ms.author: jfields
 ---
 
@@ -28,7 +28,7 @@ This article describes how to add an Amazon Web Services (AWS) account, Microsof
 
     The **Permissions Management Onboarding - AWS Member Account Details** page displays.
 
-1. Go to **Enter Your AWS Account IDs**, and then select **Add** (the plus **+** sign).
+1. Go to **Enter Your AWS Account IDs**, then select **Add** (the plus **+** sign).
 1. Copy your account ID from AWS and paste it into the **Enter Account ID** box.
 
     The AWS account ID is automatically added to the script.
@@ -54,8 +54,8 @@ This article describes how to add an Amazon Web Services (AWS) account, Microsof
 
     The **Permissions Management Onboarding - Summary** page displays.
 
-1. Go to **Azure subscription IDs**, and then select **Edit** (the pencil icon).
-1. Go to **Enter your Azure Subscription IDs**, and then select **Add subscription** (the plus **+** sign).
+1. Go to **Azure subscription IDs**, then select **Edit** (the pencil icon).
+1. Go to **Enter your Azure Subscription IDs**, then select **Add subscription** (the plus **+** sign).
 1. Copy and paste your subscription ID from Azure and paste it into the subscription ID box.
 
     The subscription ID is automatically added to the subscriptions line in the script.

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-aws.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 08/24/2023
+ms.date: 09/13/2023
 ms.author: jfields
 ---
 
@@ -17,7 +17,7 @@ ms.author: jfields
 This article describes how to onboard an Amazon Web Services (AWS) account in Microsoft Entra Permissions Management.
 
 > [!NOTE]
-> A *global administrator* or *super admin* (an admin for all authorization system types) can perform the tasks in this article after the global administrator has initially completed the steps provided in [Enable Microsoft Entra Permissions Management on your Azure Active Directory tenant](onboard-enable-tenant.md).
+> You must have Global Administrator permissions to perform the tasks in this article.
 
 ## Explanation
 
@@ -126,17 +126,17 @@ Any current or future accounts found get onboarded automatically.
 
 To view status of onboarding after saving the configuration: 
 
-- Navigate to data collectors tab.  
+- Go to **Data Collectors** tab.  
 - Click on the status of the data collector.  
-- View accounts on the In Progress page 
+- View accounts on the **In Progress** page 
 
 #### Option 2: Enter authorization systems
 1. In the **Permissions Management Onboarding - AWS Member Account Details** page, enter the **Member Account Role** and the **Member Account IDs**.
 
      You can enter up to 100 account IDs. Click the plus icon next to the text box to add more account IDs.
 
     > [!NOTE]
-    > Perform the next 6 steps for each account ID you add.
+    > Do the following steps for each account ID you add:
 
 1. Open another browser window and sign in to the AWS console for the member account.
 
@@ -174,8 +174,8 @@ This option detects all AWS accounts that are accessible through OIDC role acces
 - If AWS SSO is enabled, organization account CFT also adds policy needed to collect AWS SSO configuration details. 
 - Deploy Member account CFT in all the accounts that need to be monitored by Entra Permissions Management. These actions create a cross account role that trusts the OIDC role created earlier. The SecurityAudit policy is attached to the role created for data collection. 
 - Click Verify and Save. 
-- Navigate to newly create Data Collector row under AWSdata collectors. 
-- Click on Status column when the row has “Pending” status 
+- Go to the newly create Data Collector row under AWSdata collectors. 
+- Click on Status column when the row has **Pending** status 
 - To onboard and start collection, choose specific ones from the detected list and consent for collection. 
 
 ### 6. Review and save

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-azure.md

@@ -17,7 +17,7 @@ ms.author: jfields
 This article describes how to onboard a Microsoft Azure subscription or subscriptions on Permissions Management. Onboarding a subscription creates a new authorization system to represent the Azure subscription in Permissions Management.
 
 > [!NOTE]
-> A *global administrator* or *root user* (an admin for all authorization system types) can perform the tasks in this article after the global administrator has initially completed the steps provided in [Enable Permissions Management on your Azure Active Directory tenant](onboard-enable-tenant.md).
+> You must have [Global Administrator](https://aka.ms/globaladmin) permissions to perform the tasks in this article.
 
 ## Explanation
 
@@ -29,8 +29,8 @@ The Permissions Management service is built on Azure, and given you're onboardin
 
 ## Prerequisites
 
-To add Permissions Management to your Azure AD tenant:
-- You must have an Azure AD user account and an Azure command-line interface (Azure CLI) on your system, or an Azure subscription. If you don't already have one, [create a free account](https://azure.microsoft.com/free/).
+To add Permissions Management to your Entra ID tenant:
+- You must have an Entra ID user account and an Azure command-line interface (Azure CLI) on your system, or an Azure subscription. If you don't already have one, [create a free account](https://azure.microsoft.com/free/).
 - You must have **Microsoft.Authorization/roleAssignments/write** permission at the subscription or management group scope to perform these tasks. If you don't have this permission, you can ask someone who has this permission to perform these tasks for you.
 
 ## How to onboard an Azure subscription
@@ -47,33 +47,33 @@ Choose from three options to manage Azure subscriptions.
 
 #### Option 1: Automatically manage 
 
-This option allows subscriptions to be automatically detected and monitored without further work required. A key benefit of automatic management is that any current or future subscriptions found will be onboarded automatically. The steps to detect a list of subscriptions and onboard for collection are as follows:  
+This option lets subscriptions be automatically detected and monitored without further work required. A key benefit of automatic management is that any current or future subscriptions found are onboarded automatically. The steps to detect a list of subscriptions and onboard for collection are as follows:  
 
 - Firstly, grant Reader role to Cloud Infrastructure Entitlement Management application at management group or subscription scope. To do this:  
 
 1. In the EPM portal, left-click the cog on the top right-hand side.  
-1. Navigate to data collectors tab  
-1. Ensure 'Azure' is selected
-1. Click ‘Create Configuration’ 
-1. For onboarding mode, select ‘Automatically Manage’ 
+1. Go to data collectors tab 
+1. Ensure **Azure** is selected.
+1. Click **Create Configuration.**
+1. For onboarding mode, select **Automatically Manage.**
 
     > [!NOTE]
-    > The steps listed on the screen outline how to create the role assignment for the Cloud Infrastructure Entitlements Management application. This can be performed manually in the Entra console, or programmatically with PowerShell or the Azure CLI.
+    > The steps listed on the screen outline how to create the role assignment for the Cloud Infrastructure Entitlements Management application. This is performed manually in the Entra console, or programmatically with PowerShell or the Azure CLI.
 
-- Once complete, Click ‘Verify Now & Save’
+- Once complete, Click **Verify Now & Save.**
 
 To view status of onboarding after saving the configuration: 
 
-1. Collectors will now be listed and change through status types. For each collector listed with a status of “Collected Inventory”, click on that status to view further information. 
-1. You can then view subscriptions on the In Progress page 
+1. Collectors are now listed and change through status types. For each collector listed with a status of **Collected Inventory,** click on that status to view further information. 
+1. You can then view subscriptions on the In Progress page.
 
 #### Option 2: Enter authorization systems 
 
-You have the ability to specify only certain subscriptions to manage and monitor with MEPM (up to 100 per collector). Follow the steps below to configure these subscriptions to be monitored: 
+You have the ability to specify only certain subscriptions to manage and monitor with Permissions Management (up to 100 per collector). Follow the steps below to configure these subscriptions to be monitored: 
 
 1. For each subscription you wish to manage, ensure that the ‘Reader’ role has been granted to Cloud Infrastructure Entitlement Management application for the subscription. 
 1. In the EPM portal, click the cog on the top right-hand side. 
-1. Navigate to data collectors tab 
+1. Go to data collectors tab 
 1. Ensure 'Azure' is selected
 1. Click ‘Create Configuration’ 
 1. Select ‘Enter Authorization Systems’ 
@@ -84,31 +84,31 @@ You have the ability to specify only certain subscriptions to manage and monitor
 
 To view status of onboarding after saving the configuration: 
 
-1. Navigate to data collectors tab.  
+1. Go to the **Data Collectors** tab.  
 1. Click on the status of the data collector.  
-1. View subscriptions on the In Progress page 
+1. View subscriptions on the In Progress page.
 
 #### Option 3: Select authorization systems 
 
 This option detects all subscriptions that are accessible by the Cloud Infrastructure Entitlement Management application.  
 
 - Firstly, grant Reader role to Cloud Infrastructure Entitlement Management application at management group or subscription scope.  
 
-1. In the EPM portal, click the cog on the top right-hand side.  
-1. Navigate to data collectors tab
-1. Ensure 'Azure' is selected
-1. Click ‘Create Configuration’ 
-1. For onboarding mode, select ‘Automatically Manage’ 
+1. In the Permissions Management portal, click the cog on the top right-hand side.  
+1. Go to the **Data Collectors** tab.
+1. Ensure **Azure** is selected.
+1. Click **Create Configuration.** 
+1. For onboarding mode, select **Automatically Manage.** 
 
     > [!NOTE]
     > The steps listed on the screen outline how to create the role assignment for the Cloud Infrastructure Entitlements Management application. You can do this manually in the Entra console, or programmatically with PowerShell or the Azure CLI.
 
-- Once complete, Click ‘Verify Now & Save’ 
+- Once complete, Click **Verify Now & Save.** 
 
 To view status of onboarding after saving the configuration: 
 
-1. Navigate to newly create Data Collector row under Azure data collectors. 
-1. Click on Status column when the row has “Pending” status 
+1. Go to newly create Data Collector row under Azure data collectors. 
+1. Click on Status column when the row has **Pending** status 
 1. To onboard and start collection, choose specific ones subscriptions from the detected list and consent for collection.
 
 ### 2. Review and save.

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-enable-controller-after-onboarding.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 08/24/2023
+ms.date: 09/13/2023
 ms.author: jfields
 ---
 
@@ -32,9 +32,9 @@ This article also describes how to disable the controller in Microsoft Azure and
 > [!NOTE]
 >  You can enable the controller in AWS if you disabled it during onboarding. Once you enable the controller in AWS, you can’t disable it.
 
-1. Sign in to the AWS console of the member account in a separate browser window.
-1. Go to the Permissions Management home page, select **Settings** (the gear icon), and then select the **Data Collectors** subtab.
-1. On the **Data Collectors** dashboard, select **AWS**, and then select **Create Configuration**.
+1. In a separate browser window, sign in to the AWS console of the member account.
+1. Go to the Permissions Management home page, select **Settings** (the gear icon), then select the **Data Collectors** subtab.
+1. On the **Data Collectors** dashboard, select **AWS**, then select **Create Configuration**.
 1. On the **Permissions Management Onboarding - AWS Member Account Details** page, select **Launch Template**.
 
     The **AWS CloudFormation create stack** page opens, displaying the template.
@@ -52,7 +52,7 @@ This article also describes how to disable the controller in Microsoft Azure and
     This AWS CloudFormation stack creates a collection role in the member account with necessary permissions (policies) for data collection. A trust policy is set on this role to allow the OIDC role created in your AWS OIDC account to access it. These entities are listed in the **Resources** tab of your CloudFormation stack.
 
 1. Return to Permissions Management, and on the Permissions Management **Onboarding - AWS Member Account Details** page, select **Next**.
-1. On **Permissions Management Onboarding – Summary** page, review the information you've added, and then select **Verify Now & Save**.
+1. On **Permissions Management Onboarding – Summary** page, review the information you've added, then select **Verify Now & Save**.
 
     The following message appears: **Successfully created configuration.**
 
@@ -70,13 +70,13 @@ You can enable or disable the controller in Azure at the Subscription level of y
     - If you have read-only permission, the **Role** column displays **Reader**.
     - If you have administrative permission, the **Role** column displays **User Access Administrator**.
 
-1. To add the administrative role assignment, return to the **Access control (IAM)** page, and then select **Add role assignment**.
+1. To add the administrative role assignment, return to the **Access control (IAM)** page, then select **Add role assignment**.
 1. Add or remove the role assignment for Cloud Infrastructure Entitlement Management.
 
-1. Go to the Permissions Management home page, select **Settings** (the gear icon), and then select the **Data Collectors** subtab.
-1. On the **Data Collectors** dashboard, select **Azure**, and then select **Create Configuration**.
-1. On the **Permissions Management Onboarding - Azure Subscription Details** page, enter the **Subscription ID**, and then select **Next**.
-1. On **Permissions Management Onboarding – Summary** page, review the controller permissions, and then select **Verify Now & Save**.
+1. Go to the Permissions Management home page, select **Settings** (the gear icon), then select the **Data Collectors** subtab.
+1. On the **Data Collectors** dashboard, select **Azure**, then select **Create Configuration**.
+1. On the **Permissions Management Onboarding - Azure Subscription Details** page, enter the **Subscription ID**, then select **Next**.
+1. On **Permissions Management Onboarding – Summary** page, review the controller permissions, then select **Verify Now & Save**.
 
     The following message appears: **Successfully Created Configuration.**
 
@@ -93,12 +93,12 @@ You can enable or disable the controller in Azure at the Subscription level of y
 
 1. Optionally, execute ``mciem-enable-gcp-api.sh`` to enable all recommended GCP APIs.
 
-1. Go to the Permissions Management home page, select **Settings** (the gear icon), and then select the **Data Collectors** subtab.
+1. Go to the Permissions Management home page, select **Settings** (the gear icon), then select the **Data Collectors** subtab.
 1. On the **Data Collectors** dashboard, select **GCP**, and then select **Create Configuration**.
 1. On the **Permissions Management Onboarding - Azure AD OIDC App Creation** page, select **Next**.
 1. On the **Permissions Management Onboarding - GCP OIDC Account Details & IDP Access** page, enter the **OIDC Project Number** and **OIDC Project ID**, and then select **Next**.
-1. On the **Permissions Management Onboarding - GCP Project IDs** page, enter the **Project IDs**, and then select **Next**.
-1. On the **Permissions Management Onboarding – Summary** page, review the information you've added, and then select **Verify Now & Save**.
+1. On the **Permissions Management Onboarding - GCP Project IDs** page, enter the **Project IDs**, then select **Next**.
+1. On the **Permissions Management Onboarding – Summary** page, review the information you've added, then select **Verify Now & Save**.
 
     The following message appears: **Successfully Created Configuration.**