Merge pull request #134741 from rolyon/rolyon-rbac-terminology-v23

[Azure RBAC] Terminology update v23

Author: PMEds28

articles/devtest-labs/automate-add-lab-user.md

@@ -174,7 +174,7 @@ New-AzureRmRoleAssignment -UserPrincipalName <[email protected]> -RoleDefinition
 To specify the resource to which permissions are being granted can be specified by a combination of `ResourceName`, `ResourceType`, `ResourceGroup` or by the `scope` parameter. Whatever combination of parameters is used, provide enough information to the cmdlet to uniquely identify the Active Directory object (user, group, or service principal), scope (resource group or resource), and role definition.
 
 ## Use Azure Command Line Interface (CLI)
-In Azure CLI, adding a labs user to a lab is done by using the `az role assignment create` command. For more information on Azure CLI cmdlets, see [Manage access to Azure resources using RBAC and Azure CLI](../role-based-access-control/role-assignments-cli.md).
+In Azure CLI, adding a labs user to a lab is done by using the `az role assignment create` command. For more information on Azure CLI cmdlets, see [Add or remove Azure role assignments using Azure CLI](../role-based-access-control/role-assignments-cli.md).
 
 The object that is being granted access can be specified by the `objectId`, `signInName`, `spn` parameters. The lab to which the object is being granted access can be identified by the `scope` url or a combination of the `resource-name`, `resource-type`, and `resource-group` parameters.
 

articles/devtest-labs/configure-shared-image-gallery.md

@@ -11,7 +11,7 @@ DevTest Labs now supports the [Shared Image Gallery](../virtual-machines/windows
 - Managed global replication of images
 - Versioning and grouping of images for easier management
 - Make your images highly available with Zone Redundant Storage (ZRS) accounts in regions that support availability zones. ZRS offers better resilience against zonal failures.
-- Sharing across subscriptions, and even between tenants, using role-based access control (RBAC).
+- Sharing across subscriptions, and even between tenants, using Azure role-based access control (Azure RBAC).
 
 For more information, see [Shared Image Gallery documentation](../virtual-machines/windows/shared-image-galleries.md). 
 

articles/devtest-labs/devtest-lab-add-devtest-user.md

@@ -10,7 +10,7 @@ ms.date: 06/26/2020
 > 
 > 
 
-Access in Azure DevTest Labs is controlled by [Azure role-based access control (Azure RBAC)](../role-based-access-control/overview.md). Using RBAC, you can segregate duties within your team into *roles* where you grant only the amount of access necessary to users to perform their jobs. Three of these Azure roles are *Owner*, *DevTest Labs User*, and *Contributor*. In this article, you learn what actions can be performed in each of the three main Azure roles. From there, you learn how to add users to a lab - both via the portal and via a PowerShell script, and how to add users at the subscription level.
+Access in Azure DevTest Labs is controlled by [Azure role-based access control (Azure RBAC)](../role-based-access-control/overview.md). Using Azure RBAC, you can segregate duties within your team into *roles* where you grant only the amount of access necessary to users to perform their jobs. Three of these Azure roles are *Owner*, *DevTest Labs User*, and *Contributor*. In this article, you learn what actions can be performed in each of the three main Azure roles. From there, you learn how to add users to a lab - both via the portal and via a PowerShell script, and how to add users at the subscription level.
 
 ## Actions that can be performed in each role
 There are three main roles that you can assign a user:

articles/devtest-labs/devtest-lab-concepts.md

@@ -52,7 +52,7 @@ Policies help in controlling cost in your lab. For example, you can create a pol
 Caps is a mechanism to minimize waste in your lab. For example, you can set a cap to restrict the number of VMs that can be created per user, or in a lab.
 
 ## Security levels
-Security access is determined by Azure role-based access control (Azure RBAC). To understand how access works, it helps to understand the differences between a permission, a role, and a scope as defined by RBAC.
+Security access is determined by Azure role-based access control (Azure RBAC). To understand how access works, it helps to understand the differences between a permission, a role, and a scope as defined by Azure RBAC.
 
 * Permission - A permission is a defined access to a specific action (e.g. read-access to all virtual machines).
 * Role - A role is a set of permissions that can be grouped and assigned to a user. For example, the *subscription owner* role has access to all resources within a subscription.

articles/devtest-labs/devtest-lab-faq.md

@@ -63,7 +63,7 @@ DevTest Labs is a free service. Creating labs and configuring policies, template
 ## Security
 
 ### What are the different security levels in DevTest Labs?
-Security access is determined by Role-Based Access Control (RBAC). To learn how access works, it helps to learn the differences between a permission, a role, and a scope, as defined by RBAC.
+Security access is determined by Azure role-based access control (Azure RBAC). To learn how access works, it helps to learn the differences between a permission, a role, and a scope, as defined by Azure RBAC.
 
 - **Permission**: A permission is a defined access to a specific action. For example, a permission can be read access to all VMs.
 - **Role**: A role is a set of permissions that can be grouped and assigned to a user. For example, a user with a subscription owner role has access to all resources within a subscription.
@@ -78,7 +78,7 @@ You also can create custom roles in DevTest Labs. To learn how to create custom
 
 Because scopes are hierarchical, when a user has permissions at a certain scope, the user is automatically granted those permissions at every lower-level scope in the scope. For instance, if a user is assigned the role of subscription owner, the user has access to all resources in a subscription. These resources include VMs, virtual networks, and labs. A subscription owner automatically inherits the role of lab owner. However, the opposite is not true. A lab owner has access to a lab, which is a lower scope than the subscription level. So, a lab owner can't see VMs, virtual networks, or any other resources that are outside the lab.
 
-### How do I define role-based access control for my DevTest Labs environments to ensure that IT can govern while developers/test can do their work?
+### How do I define Azure role-based access control for my DevTest Labs environments to ensure that IT can govern while developers/test can do their work?
 There is a broad pattern, however the detail depends on your organization.
 
 Central IT should own only what is necessary and enable the project and application teams to have the needed level of control. Typically, it means that central IT owns the subscription and handles core IT functions such as networking configurations. The set of **owners** for a subscription should be small. These owners can nominate additional owners when there's a need, or apply subscription-level policies, for example “No Public IP”.
@@ -87,7 +87,7 @@ There may be a subset of users that require access across a subscription, such a
 
 The DevTest Labs resource should be owned by owners who are close to the project/application team. It's because they understand their requirements for machines, and required software. In most organizations, the owner of this DevTest Labs resource is commonly the project/development lead. This owner can manage users and policies within the lab environment and can manage all VMs in the DevTest Labs environment.
 
-The project/application team members should be added to the **DevTest Labs Users** role. These users can create virtual machines (in-line with the lab and subscription-level policies). They can also manage their own virtual machines. They can't manage virtual machines that belong to other users.
+The project/application team members should be added to the **DevTest Labs User** role. These users can create virtual machines (in-line with the lab and subscription-level policies). They can also manage their own virtual machines. They can't manage virtual machines that belong to other users.
 
 For more information, see [Azure enterprise scaffold – prescriptive subscription governance documentation](/azure/architecture/cloud-adoption/appendix/azure-scaffold).
 

articles/devtest-labs/devtest-lab-grant-user-permissions-to-specific-lab-policies.md

@@ -10,13 +10,13 @@ ms.date: 06/26/2020
 This article illustrates how to use PowerShell to grant users permissions to a particular lab policy. That way, permissions can be applied based on each user's needs. For example, you might want to grant a particular user the ability to change the VM policy settings, but not the cost policies.
 
 ## Policies as resources
-As discussed in the [Azure role-based access control (Azure RBAC)](../role-based-access-control/role-assignments-portal.md) article, RBAC enables fine-grained access management of resources for Azure. Using RBAC, you can segregate duties within your DevOps team and grant only the amount of access to users that they need to perform their jobs.
+As discussed in the [Azure role-based access control (Azure RBAC)](../role-based-access-control/role-assignments-portal.md) article, Azure RBAC enables fine-grained access management of resources for Azure. Using Azure RBAC, you can segregate duties within your DevOps team and grant only the amount of access to users that they need to perform their jobs.
 
-In DevTest Labs, a policy is a resource type that enables the RBAC action **Microsoft.DevTestLab/labs/policySets/policies/**. Each lab policy is a resource in the Policy resource type, and can be assigned as a scope to an Azure role.
+In DevTest Labs, a policy is a resource type that enables the Azure RBAC action **Microsoft.DevTestLab/labs/policySets/policies/**. Each lab policy is a resource in the Policy resource type, and can be assigned as a scope to an Azure role.
 
 For example, in order to grant users read/write permission to the **Allowed VM Sizes** policy, you would create a custom role that works with the **Microsoft.DevTestLab/labs/policySets/policies/** action, and then assign the appropriate users to this custom role in the scope of **Microsoft.DevTestLab/labs/policySets/policies/AllowedVmSizesInLab**.
 
-To learn more about custom roles in RBAC, see the [Custom roles access control](../role-based-access-control/custom-roles.md).
+To learn more about custom roles in Azure RBAC, see the [Azure custom roles](../role-based-access-control/custom-roles.md).
 
 ## Creating a lab custom role using PowerShell
 In order to get started, you’ll need to [install Azure PowerShell](/powershell/azure/install-az-ps). 

articles/devtest-labs/devtest-lab-guidance-governance-cost-ownership.md

@@ -29,9 +29,9 @@ Only active Visual Studio subscribers (standard subscriptions, annual cloud subs
 
 If you decide to use the DevTest offer, note that this benefit is exclusively for development and testing your applications. Usage within the subscription does not carry a financially-backed SLA, except for the use of Azure DevOps and HockeyApp.
 
-## Define a role-based access across your organization
+## Define role-based access across your organization
 ### Question
-How do I define role-based access control for my DevTest Labs environments to ensure that IT can govern while developers/test can do their work? 
+How do I define Azure role-based access control for my DevTest Labs environments to ensure that IT can govern while developers/test can do their work? 
 
 ### Answer
 There is a broad pattern, however the detail depends on your organization.

articles/devtest-labs/devtest-lab-guidance-orchestrate-implementation.md

@@ -31,7 +31,7 @@ Once the network topology is in place, the first/pilot lab can be created by tak
 
 1. Create an initial DevTest Labs environment.
 2. Determine allowable VM images and sizes for use with lab. Decide whether custom images can be uploaded into Azure for use with DevTest Labs.
-3. Secure access to the lab by creating initial Role Base Access Controls (RBAC) for the lab (lab owners and lab users). We recommend that you use synchronized active directory accounts with Azure Active Directory for identity with DevTest Labs.
+3. Secure access to the lab by creating initial Azure role-based access control (Azure RBAC) for the lab (lab owners and lab users). We recommend that you use synchronized active directory accounts with Azure Active Directory for identity with DevTest Labs.
 4. Configure DevTest Labs to use policies such as schedules, cost management, claimable VMs, custom images, or formulas.
 5. Establish an online repository such as Azure Repos/Git.
 6. Decide on the use of public or private repositories or combination of both. Organize JSON Templates for deployments and long-term sustainment.

articles/devtest-labs/devtest-lab-reference-architecture.md

@@ -19,7 +19,7 @@ This article provides reference architecture to help you deploy a solution based
 These are the key elements of the reference architecture:
 
 - **Azure Active Directory (Azure AD)**: DevTest Labs uses the [Azure AD service for identity management](../active-directory/fundamentals/active-directory-whatis.md). Consider these two key aspects when you give users access to an environment based on DevTest Labs:
-    - **Resource management**: It provides access to the Azure portal to manage resources (create virtual machines; create environments; start, stop, restart, delete, and apply artifacts; and so on). Resource management is done in Azure by using role-based access control (RBAC). You assign roles to users and set resource and access-level permissions.
+    - **Resource management**: It provides access to the Azure portal to manage resources (create virtual machines; create environments; start, stop, restart, delete, and apply artifacts; and so on). Resource management is done by using Azure role-based access control (Azure RBAC). You assign roles to users and set resource and access-level permissions.
     - **Virtual machines (network-level)**: In the default configuration, virtual machines use a local admin account. If there's a domain available ([Azure AD Domain Services](../active-directory-domain-services/overview.md), an on-premises domain, or a cloud-based domain), machines can be joined to the domain. Users can then use their domain-based identities to connect to the VMs.
 - **On-premises connectivity**: In our architecture diagram, [ExpressRoute](../expressroute/expressroute-introduction.md) is used. But you can also use a [site-to-site VPN](../vpn-gateway/vpn-gateway-about-vpn-gateway-settings.md). Although ExpressRoute isn't required for DevTest Labs, it’s commonly used in enterprises. ExpressRoute is required only if you need access to corporate resources. Common scenarios are:
     - You have on-premises data that can't be moved to the cloud.

articles/devtest-labs/encrypt-disks-customer-managed-keys.md

@@ -30,7 +30,7 @@ The following section shows how a lab owner can set up encryption using a custom
 1. For the lab to handle encryption for all the lab OS disks, lab owner needs to explicitly grant the lab’s **system-assigned identity** reader role on the disk encryption set as well as virtual machine contributor role on the underlying Azure subscription. Lab owner can do so by completing the following steps:
 
 
-    1. Ensure you are a member of [User Access Admin role](../role-based-access-control/built-in-roles.md#user-access-administrator) at the Azure subscription level so that you can manage user access to Azure resources. 
+    1. Ensure you are a member of [User Access Administrator role](../role-based-access-control/built-in-roles.md#user-access-administrator) at the Azure subscription level so that you can manage user access to Azure resources. 
     1. On the **Disk Encryption Set** page, select **Access control (IAM)** on the left menu. 
     1. Select **+ Add** on the toolbar and select **Add a role assignment**.