MicrosoftDocs
diff --git a/‎articles/active-directory/privileged-identity-management/pim-resource-roles-approval-workflow.md
Lines changed: 20 additions & 24 deletions b/‎articles/active-directory/privileged-identity-management/pim-resource-roles-approval-workflow.md
Lines changed: 20 additions & 24 deletions
diff --git a/‎articles/active-directory/privileged-identity-management/pim-resource-roles-assign-roles.md
Lines changed: 27 additions & 29 deletions b/‎articles/active-directory/privileged-identity-management/pim-resource-roles-assign-roles.md
Lines changed: 27 additions & 29 deletions
diff --git a/‎articles/active-directory/privileged-identity-management/pim-resource-roles-complete-access-review.md
Lines changed: 21 additions & 13 deletions b/‎articles/active-directory/privileged-identity-management/pim-resource-roles-complete-access-review.md
Lines changed: 21 additions & 13 deletions
@@ -1,5 +1,5 @@
 ---
-title: Approve or deny requests for Azure resource roles in PIM - Azure Active Directory | Microsoft Docs
+title: Approve or deny requests for Azure resource roles in Privileged Identity Management - Azure Active Directory | Microsoft Docs
 description: Learn how to approve or deny requests for Azure resource roles in Azure AD Privileged Identity Management (PIM).
 services: active-directory
 documentationcenter: ''
@@ -11,72 +11,68 @@ ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: pim
-ms.date: 04/09/2019
+ms.date: 10/23/2019
 ms.author: curtand
 ms.custom: pim
 ms.collection: M365-identity-device-management
 ---
 
-# Approve or deny requests for Azure resource roles in PIM
+# Approve or deny requests for Azure resource roles in Privileged Identity Management
 
-With Azure Active Directory (Azure AD) Privileged Identity Management (PIM), you can configure roles to require approval for activation, and choose one or multiple users or groups as delegated approvers. Delegated approvers have 24 hours to approve requests. If a request is not approved within 24 hours, then the eligible user must re-submit a new request. The 24 hour approval time window is not configurable.
+With Privileged Identity Management (PIM) in Azure Active Directory (Azure AD), you can configure roles to require approval for activation, and choose users or groups from your Azure AD organization as delegated approvers. We recommend selecting two or more approvers for each role to reduce workload for the privileged role administrator. Delegated approvers have 24 hours to approve requests. If a request is not approved within 24 hours, then the eligible user must re-submit a new request. The 24 hour approval time window is not configurable.
 
 Follow the steps in this article to approve or deny requests for Azure resource roles.
 
 ## View pending requests
 
-As a delegated approver, you'll receive an email notification when an Azure resource role request is pending your approval. You can view these pending requests in PIM.
+As a delegated approver, you'll receive an email notification when an Azure resource role request is pending your approval. You can view these pending requests in Privileged Identity Management.
 
 1. Sign in to the [Azure portal](https://portal.azure.com/).
 
 1. Open **Azure AD Privileged Identity Management**.
 
-1. Click **Approve requests**.
+1. Select **Approve requests**.
 
     ![Approve requests - Azure resources page showing request to review](./media/pim-resource-roles-approval-workflow/resources-approve-requests.png)
 
     In the **Requests for role activations** section, you'll see a list of requests pending your approval.
 
 ## Approve requests
 
-1. Find and click the request that you want to approve. An approve or deny pane appears.
+1. Find and select the request that you want to approve. An approve or deny page appears.
 
     ![Approve requests - approve or deny pane with details and Justification box](./media/pim-resource-roles-approval-workflow/resources-approve-pane.png)
 
-1. In the **Justification** box, type a reason.
+1. In the **Justification** box, enter the business justification.
 
-1. Click **Approve**.
-
-    A notification appears with your approval.
+1. Select **Approve**. You will receive an Azure notification of your approval.
 
     ![Approve notification showing request was approved](./media/pim-resource-roles-approval-workflow/resources-approve-notification.png)
 
 ## Deny requests
 
-1. Find and click the request that you want to deny. An approve or deny pane appears.
+1. Find and select the request that you want to deny. An approve or deny page appears.
 
     ![Approve requests - approve or deny pane with details and Justification box](./media/pim-resource-roles-approval-workflow/resources-approve-pane.png)
 
-1. In the **Justification** box, type a reason.
-
-1. Click **Deny**.
+1. In the **Justification** box, enter the business justification.
 
-    A notification appears with your denial.
+1. Select **Deny**. A notification appears with your denial.
 
 ## Workflow notifications
 
 Here's some information about workflow notifications:
 
-- All members of the approver list are notified by email when a request for a role is pending their review. Email notifications include a direct link to the request, where the approver can approve or deny.
-- Requests are resolved by the first member of the list who approves or denies.
-- When an approver responds to the request, all members of the approver list are notified of the action.
-- Resource administrators are notified when an approved member becomes active in their role.
+- Approvers are notified by email when a request for a role is pending their review. Email notifications include a direct link to the request, where the approver can approve or deny.
+- Requests are resolved by the first approver who approves or denies.
+- When an approver responds to the request, all approvers are notified of the action.
+- Resource administrators are notified when an approved user becomes active in their role.
 
 >[!Note]
->A resource administrator who believes that an approved member should not be active can remove the active role assignment in PIM. Although resource administrators are not notified of pending requests unless they are members of the approver list, they can view and cancel pending requests of all users by viewing pending requests in PIM. 
+>A resource administrator who believes that an approved user should not be active can remove the active role assignment in Privileged Identity Management. Although resource administrators are not notified of pending requests unless they are an approver, they can view and cancel pending requests for all users by viewing pending requests in Privileged Identity Management.
 
 ## Next steps
 
-- [Extend or renew Azure resource roles in PIM](pim-resource-roles-renew-extend.md)
-- [Email notifications in PIM](pim-email-notifications.md)
-- [Approve or deny requests for Azure AD roles in PIM](azure-ad-pim-approval-workflow.md)
+- [Extend or renew Azure resource roles in Privileged Identity Management](pim-resource-roles-renew-extend.md)
+- [Email notifications in Privileged Identity Management](pim-email-notifications.md)
+- [Approve or deny requests for Azure AD roles in Privileged Identity Management](azure-ad-pim-approval-workflow.md)
@@ -1,5 +1,5 @@
 ---
-title: Assign Azure resource roles in PIM - Azure Active Directory | Microsoft Docs
+title: Assign Azure resource roles in Privileged Identity Management - Azure Active Directory | Microsoft Docs
 description: Learn how to assign Azure resource roles in Azure AD Privileged Identity Management (PIM).
 services: active-directory
 documentationcenter: ''
@@ -11,60 +11,58 @@ ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: pim
-ms.date: 04/09/2019
+ms.date: 10/23/2019
 ms.author: curtand
 ms.custom: pim
 ms.collection: M365-identity-device-management
 ---
 
-# Assign Azure resource roles in PIM
+# Assign Azure resource roles in Privileged Identity Management
 
 Azure Active Directory (Azure AD) Privileged Identity Management (PIM) can manage the built-in Azure resource roles, as well as custom roles, including (but not limited to):
 
 - Owner
 - User Access Administrator
 - Contributor
 - Security Admin
-- Security Manager, and more
+- Security Manager
 
 > [!NOTE]
-> Users or members of a group assigned to the Owner or User Access Administrator roles, and Global Administrators that enable subscription management in Azure AD are Resource Administrators. These administrators may assign roles, configure role settings, and review access using PIM for Azure resources. That is, the account won't have the rights to manage PIM for Resources if the user doesn't have a Resource Administrator role. View the list of [built-in roles for Azure resources](../../role-based-access-control/built-in-roles.md).
+> Users or members of a group assigned to the Owner or User Access Administrator subscription roles, and Azure AD Global administrators that enable subscription management in Azure AD have Resource administrator permissions by default. These administrators can assign roles, configure role settings, and review access using Privileged Identity Management for Azure resources. A user can't manage Privileged Identity Management for Resources without Resource administrator permissions. View the list of [built-in roles for Azure resources](../../role-based-access-control/built-in-roles.md).
 
 ## Assign a role
 
 Follow these steps to make a user eligible for an Azure resource role.
 
-1. Sign in to [Azure portal](https://portal.azure.com/) with a user that is a member of the [Privileged Role Administrator](../users-groups-roles/directory-assign-admin-roles.md#privileged-role-administrator) role.
+1. Sign in to [Azure portal](https://portal.azure.com/) with a user that is a member of the [Privileged role administrator](../users-groups-roles/directory-assign-admin-roles.md#privileged-role-administrator) role.
 
-    For information about how to grant another administrator access to manage PIM, see [Grant access to other administrators to manage PIM](pim-how-to-give-access-to-pim.md).
+    For information about how to grant another administrator access to manage Privileged Identity Management, see [Grant access to other administrators to manage Privileged Identity Management](pim-how-to-give-access-to-pim.md).
 
 1. Open **Azure AD Privileged Identity Management**.
 
-    If you haven't started PIM in the Azure portal yet, go to [Start using PIM](pim-getting-started.md).
-
-1. Click **Azure resources**.
+1. Select **Azure resources**.
 
 1. Use the **Resource filter** to filter the list of managed resources.
 
     ![List of Azure resources to manage](./media/pim-resource-roles-assign-roles/resources-list.png)
 
-1. Click the resource you want to manage, such as a subscription or management group.
+1. Select the resource you want to manage, such as a subscription or management group.
 
-1. Under Manage, click **Roles** to see the list of roles for Azure resources.
+1. Under Manage, select **Roles** to see the list of roles for Azure resources.
 
     ![Azure resources roles](./media/pim-resource-roles-assign-roles/resources-roles.png)
 
-1. Click **Add member** to open the New assignment pane.
+1. Select **Add member** to open the New assignment pane.
 
-1. Click **Select a role** to open the Select a role pane.
+1. Select **Select a role** to open the Select a role pane.
 
     ![New assignment pane](./media/pim-resource-roles-assign-roles/resources-select-role.png)
 
-1. Click a role you want to assign and then click **Select**.
+1. Select a role you want to assign and then click **Select**.
 
     The Select a member or group pane opens.
 
-1. Click a member or group you want to assign to the role and then click **Select**.
+1. Select a member or group you want to assign to the role and then click **Select**.
 
     ![Select a member or group pane](./media/pim-resource-roles-assign-roles/resources-select-member-or-group.png)
 
@@ -74,25 +72,25 @@ Follow these steps to make a user eligible for an Azure resource role.
 
     ![Memberships settings pane](./media/pim-resource-roles-assign-roles/resources-membership-settings-type.png)
 
-    PIM for Azure resources provides two distinct assignment types:
+    Privileged Identity Management for Azure resources provides two distinct assignment types:
 
     - **Eligible** assignments require the member of the role to perform an action to use the role. Actions might include performing a multi-factor authentication (MFA) check, providing a business justification, or requesting approval from designated approvers.
 
     - **Active** assignments don't require the member to perform any action to use the role. Members assigned as active have the privileges assigned to the role at all times.
 
-1. If the assignment should be permanent (permanently eligible or permanently assigned), select the **Permanently** check box.
+1. If the assignment should be permanent (permanently eligible or permanently assigned), select the **Permanently** checkbox.
 
     Depending on the role settings, the check box might not appear or might be unmodifiable.
 
 1. To specify a specific assignment duration, clear the check box and modify the start and/or end date and time boxes.
 
     ![Memberships settings - date and time](./media/pim-resource-roles-assign-roles/resources-membership-settings-date.png)
 
-1. When finished, click **Done**.
+1. When finished, select **Done**.
 
     ![New assignment - Add](./media/pim-resource-roles-assign-roles/resources-new-assignment-add.png)
 
-1. To create the new role assignment, click **Add**. A notification of the status is displayed.
+1. To create the new role assignment, select **Add**. A notification of the status is displayed.
 
     ![New assignment - Notification](./media/pim-resource-roles-assign-roles/resources-new-assignment-notification.png)
 
@@ -102,26 +100,26 @@ Follow these steps to update or remove an existing role assignment.
 
 1. Open **Azure AD Privileged Identity Management**.
 
-1. Click **Azure resources**.
+1. Select **Azure resources**.
 
-1. Click the resource you want to manage, such as a subscription or management group.
+1. Select the resource you want to manage, such as a subscription or management group.
 
-1. Under Manage, click **Roles** to see the list of roles for Azure resources.
+1. Under Manage, select **Roles** to see the list of roles for Azure resources.
 
     ![Azure resource roles - Select role](./media/pim-resource-roles-assign-roles/resources-update-select-role.png)
 
-1. Click the role that you want to update or remove.
+1. Select the role that you want to update or remove.
 
 1. Find the role assignment on the **Eligible roles** or **Active roles** tabs.
 
     ![Update or remove role assignment](./media/pim-resource-roles-assign-roles/resources-update-remove.png)
 
-1. Click **Update** or **Remove** to update or remove the role assignment.
+1. Select **Update** or **Remove** to update or remove the role assignment.
 
-    For information about extending a role assignment, see [Extend or renew Azure resource roles in PIM](pim-resource-roles-renew-extend.md).
+    For information about extending a role assignment, see [Extend or renew Azure resource roles in Privileged Identity Management](pim-resource-roles-renew-extend.md).
 
 ## Next steps
 
-- [Extend or renew Azure resource roles in PIM](pim-resource-roles-renew-extend.md)
-- [Configure Azure resource role settings in PIM](pim-resource-roles-configure-role-settings.md)
-- [Assign Azure AD roles in PIM](pim-how-to-add-role-to-user.md)
+- [Extend or renew Azure resource roles in Privileged Identity Management](pim-resource-roles-renew-extend.md)
+- [Configure Azure resource role settings in Privileged Identity Management](pim-resource-roles-configure-role-settings.md)
+- [Assign Azure AD roles in Privileged Identity Management](pim-how-to-add-role-to-user.md)
@@ -1,5 +1,5 @@
 ---
-title: Complete an access review of Azure resource roles in PIM - Azure Active Directory | Microsoft Docs
+title: Complete an access review of Azure resource roles in Privileged Identity Management - Azure Active Directory | Microsoft Docs
 description: Learn how to complete an access review of Azure resource roles in Azure AD Privileged Identity Management (PIM).
 services: active-directory
 documentationcenter: ''
@@ -11,19 +11,21 @@ ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: pim
-ms.date: 04/02/2018
+ms.date: 10/23/2019
 ms.author: curtand
 ms.custom: pim
 ms.collection: M365-identity-device-management
 ---
 
-# Complete an access review of Azure resource roles in PIM
-Privileged role administrators can review privileged access after an [access review has been started](pim-resource-roles-start-access-review.md). Azure Active Directory (Azure AD) Privileged Identity Management (PIM) automatically sends an email that prompts users to review their access. If a user doesn't receive an email, you can send them the instructions for [how to perform an access review](pim-resource-roles-perform-access-review.md).
+# Complete an access review of Azure resource roles in Privileged Identity Management
+
+Privileged role administrators can review privileged access after they [start an access review](pim-resource-roles-start-access-review.md). Privileged Identity Management (PIM) in Azure Active Directory (Azure AD)automatically sends an email that prompts users to review their access. If a user doesn't receive an email, you can send them the instructions for [how to perform an access review](pim-resource-roles-perform-access-review.md).
 
 After the access review period is over, or after all the users have finished their self-review, follow the steps in this article to manage the review and see the results.
 
 ## Manage access reviews
-1. Go to the [Azure portal](https://portal.azure.com/). Then, on the dashboard, select the **Azure resources** application.
+
+1. Go to the [Azure portal](https://portal.azure.com/). On the dashboard, select the **Azure resources** service.
 
 2. Select your resource.
 
@@ -33,33 +35,39 @@ After the access review period is over, or after all the users have finished the
 
 4. Select the access review that you want to manage.
 
-On the detail blade of the access review, there are a number of options for managing that review. The options are as follows:
+On the detail page for the access review, there are a number of options for managing that review. The options are as follows:
 
 ![Options for managing a review - Stop, Reset, Apply, Delete](media/pim-resource-roles-complete-access-review/rbac-access-review-menu.png)
 
 ### Stop
-All access reviews have an end date, but you can use the **Stop** button to finish it early. All users who haven't finished their review by this time won't be able to finish it after you stop the review. You can't restart a review after it's been stopped.
+
+All access reviews have an end date. Select **Stop** to finish it early. Any users who hasn't finished their review by this time won't be able to finish it after you stop the review. You can't restart a review after it's been stopped.
 
 ### Reset
-You can reset an access review to remove all decisions that are made on it. After you've reset an access review, all users are marked as unreviewed again. 
+
+You can reset an access review to remove all decisions that are made on it. After you've reset an access review, all users are marked as unreviewed again.
 
 ### Apply
-After an access review is complete, use the **Apply** button to implement the outcome of the review. If a user's access was denied in the review, this step removes their role assignment.  
+
+After an access review is complete, select **Apply** to implement the outcome of the review. If a user's access was denied in the review, this step removes their role assignment.  
 
 ### Delete
-If you aren't interested in the review any more, delete it. The **Delete** button removes the review from the PIM application.
+
+If you aren't interested in the review any more, delete it. Select **Delete** yo remove the review from the Privileged Identity Management service.
 
 ## Results
-On the **Results** page, view and download a list of your review results. 
+
+On the **Results** page, view and download a list of your review results.
 
 ![Results page listing users, outcome, reason, reviewed by, applied by, and apply result](media/pim-resource-roles-complete-access-review/rbac-access-review-results.png)
 
 ## Reviewers
+
 View and add reviewers to your existing access review. Remind reviewers to complete their reviews.
 
 ![Reviewers page listing name and user principal name](media/pim-resource-roles-complete-access-review/rbac-access-review-reviewers.png)
 
 ## Next steps
 
-- [Start an access review for Azure resource roles in PIM](pim-resource-roles-start-access-review.md)
-- [Perform an access review of my Azure resource roles in PIM](pim-resource-roles-perform-access-review.md)
+- [Start an access review for Azure resource roles in Privileged Identity Management](pim-resource-roles-start-access-review.md)
+- [Perform an access review of my Azure resource roles in Privileged Identity Management](pim-resource-roles-perform-access-review.md)