Merge pull request #127311 from MicrosoftDocs/master

Merge master to live, 4 AM

Author: ttorble

.openpublishing.redirection.json

@@ -39868,6 +39868,11 @@
       "redirect_url": "/azure/cognitive-services/speech-service/get-started-text-to-speech",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/Speech-Service/scenario-availability.md",
+      "redirect_url": "/azure/cognitive-services/speech-service/speech-sdk",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/cognitive-services/Speech-Service/quickstarts/text-to-speech.md",
       "redirect_url": "/azure/cognitive-services/speech-service/get-started-text-to-speech",

articles/active-directory/governance/entitlement-management-overview.md

@@ -12,10 +12,11 @@ ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: overview
 ms.subservice: compliance
-ms.date: 06/18/2020
+ms.date: 08/25/2020
 ms.author: barclayn
 ms.reviewer: markwahl-msft
 ms.collection: M365-identity-device-management
+ms.custom: contperfq1
 
 
 #Customer intent: As a administrator, I want learn about entitlement management so that see how I can use it to manage access to resources in my organization.
@@ -25,7 +26,7 @@ ms.collection: M365-identity-device-management
 
 Azure Active Directory (Azure AD) entitlement management is an [identity governance](identity-governance-overview.md) feature that  enables organizations to manage identity and access lifecycle at scale, by automating access request workflows, access assignments, reviews, and expiration.
 
-Employees in organizations need access to various groups, applications, and sites to perform their job. Managing this access is challenging, as requirements change - new applications are added or users need additional access rights.  This scenario gets more complicated when you collaborate with outside organizations - you may not know who in the other organization needs access to your organization's resources, and they won't know what applications, groups or sites your organization is using.
+Employees in organizations need access to various groups, applications, and sites to perform their job. Managing this access is challenging, as requirements change - new applications are added or users need additional access rights.  This scenario gets more complicated when you collaborate with outside organizations - you may not know who in the other organization needs access to your organization's resources, and they won't know what applications, groups, or sites your organization is using.
 
 Azure AD entitlement management can help you more efficiently manage access to groups, applications, and SharePoint Online sites for internal users, and also for users outside your organization who need access to those resources.
 
@@ -52,7 +53,10 @@ Here are some of capabilities of entitlement management:
 - Delegate to non-administrators the ability to create access packages. These access packages contain resources that users can request, and the delegated access package managers can define policies with rules for which users can request, who must approve their access, and when access expires.
 - Select connected organizations whose users can request access.  When a user who is not yet in your directory requests access, and is approved, they are automatically invited into your directory and assigned access.  When their access expires, if they have no other access package assignments, their B2B account in your directory can be automatically removed.
 
-You can get started with our [tutorial to create your first access package](entitlement-management-access-package-first.md). You can also read the [common scenarios](entitlement-management-scenarios.md), or watch videos, including
+>[!NOTE]
+>If you are ready to try Entitlement management you can get started with our [tutorial to create your first access package](entitlement-management-access-package-first.md).
+
+You can also read the [common scenarios](entitlement-management-scenarios.md), or watch videos, including
 
 - [How to deploy Azure AD entitlement management in your organization](https://www.youtube.com/watch?v=zaaKvaaYwI4)
 - [How to monitor and scale your use of Azure AD entitlement management](https://www.youtube.com/watch?v=omtNJ7ySjS0)
@@ -66,7 +70,7 @@ Entitlement management introduces to Azure AD the concept of an *access package*
 
 - Membership of Azure AD security groups
 - Membership of Microsoft 365 Groups and Teams
-- Assignment to Azure AD enterprise applications, including SaaS applications and custom-integrated applications that support federation/single sign on and/or provisioning
+- Assignment to Azure AD enterprise applications, including SaaS applications and custom-integrated applications that support federation/single sign-on and/or provisioning
 - Membership of SharePoint Online sites
 
 You can also control access to other resources that rely upon Azure AD security groups or Microsoft 365 Groups.  For example:
@@ -97,16 +101,16 @@ The following diagram shows an example of the different elements in entitlement
 
 ## When should I use access packages?
 
-Access packages do not replace other mechanisms for access assignment.  They are most appropriate in situations such as the following:
+Access packages do not replace other mechanisms for access assignment.  They are most appropriate in situations such as:
 
-- Employees need time-limited access for a particular task.  For example, you might use group-based licensing and a dynamic group to ensure all employees have an Exchange Online mailbox, and then use access packages for situations in which employees need additional access,such as to read departmental resources from another department.
-- Access needs to be approved by an employee's manager or other designated individuals.
+- Employees need time-limited access for a particular task.  For example, you might use group-based licensing and a dynamic group to ensure all employees have an Exchange Online mailbox, and then use access packages for situations in which employees need additional access, such as to read departmental resources from another department.
+- Access that requires the approval of an employee's manager or other designated individuals.
 - Departments wish to manage their own access policies for their resources without IT involvement.  
 - Two or more organizations are collaborating on a project, and as a result, multiple users from one organization will need to be brought in via Azure AD B2B to access another organization's resources.
 
 ## How do I delegate access?
 
- Access packages are defined in containers called *catalogs*.  You can have a single catalog for all your access packages, or you can designate individuals to create and own their own catalogs. An administrator can add resources to any catalog, but a non-administrator can only add to a catalog the resources which they own. A catalog owner can add other users as catalog co-owners, or as access package managers.  These scenarios are described further in the article [delegation and roles in Azure AD entitlement management](entitlement-management-delegate.md).
+ Access packages are defined in containers called *catalogs*.  You can have a single catalog for all your access packages, or you can designate individuals to create and own their own catalogs. An administrator can add resources to any catalog, but a non-administrator can only add to a catalog the resources that they own. A catalog owner can add other users as catalog co-owners, or as access package managers.  These scenarios are described further in the article [delegation and roles in Azure AD entitlement management](entitlement-management-delegate.md).
 
 ## Summary of terminology
 
@@ -119,7 +123,7 @@ To better understand entitlement management and its documentation, you can refer
 | assignment | An assignment of an access package to a user ensures the user has all the resource roles of that access package.  Access package assignments typically have a time limit before they expire. |
 | catalog | A container of related resources and access packages.  Catalogs are used for delegation, so that non-administrators can create their own access packages. Catalog owners can add resources they own to a catalog. |
 | catalog creator | A collection of users who are authorized to create new catalogs.  When a non-administrator user who is authorized to be a catalog creator creates a new catalog, they automatically become the owner of that catalog. |
-| connected organization | A external Azure AD directory or domain that you have a relationship with. The users from a connected organization can be specified in a policy as being allowed to request access. |
+| connected organization | An external Azure AD directory or domain that you have a relationship with. The users from a connected organization can be specified in a policy as being allowed to request access. |
 | policy | A set of rules that defines the access lifecycle, such as how users get access, who can approve, and how long users have access through an assignment. A policy is linked to an access package. For example, an access package could have two policies - one for employees to request access and a second for external users to request access. |
 | resource | An asset, such as an Office group, a security group, an application, or a SharePoint Online site, with a role that a user can be granted permissions to. |
 | resource directory | A directory that has one or more resources to share. |
@@ -147,7 +151,7 @@ Azure AD Premium P2 licenses are **not** required for the following tasks:
 - No licenses are required for users who have been delegated administrative tasks, such as catalog creator, catalog owner, and access package manager.
 - No licenses are required for guests who **can** request access packages, but do **not** request an access package.
 
-For each paid Azure AD Premium P2 license that you purchase for your member users (employees), you can use Azure AD B2B to invite up to 5 guest users. These guest users can also use Azure AD Premium P2 features. For more information, see [Azure AD B2B collaboration licensing guidance](../external-identities/licensing-guidance.md).
+For each paid Azure AD Premium P2 license that you purchase for your member users (employees), you can use Azure AD B2B to invite up to five guest users. These guest users can also use Azure AD Premium P2 features. For more information, see [Azure AD B2B collaboration licensing guidance](../external-identities/licensing-guidance.md).
 
 For more information about licenses, see [Assign or remove licenses using the Azure Active Directory portal](../fundamentals/license-users-groups.md).
 

articles/active-directory/privileged-identity-management/groups-assign-member-owner.md

@@ -11,7 +11,7 @@ ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: pim
-ms.date: 07/27/2020
+ms.date: 08/18/2020
 ms.author: curtand
 ms.custom: pim
 ms.collection: M365-identity-device-management
@@ -28,19 +28,14 @@ Azure Active Directory (Azure AD) Privileged Identity Management (PIM) can help
 
 Follow these steps to make a user eligible to be a member or owner of a privileged access group.
 
-1. Sign in to [Privileged Identity Management](https://portal.azure.com/) in the Azure portal with  [Privileged role administrator](../users-groups-roles/directory-assign-admin-roles.md#privileged-role-administrator) role permissions.
+1. [Sign in to Azure AD](https://aad.portal.azure.com) with Global Administrator or group Owner permissions.
+1. Select **Groups** and then select the role-assignable group you want to manage. You can search or filter the list.
 
-    For information about how to grant another administrator access to manage Privileged Identity Management, see [Grant access to other administrators to manage Privileged Identity Management](pim-how-to-give-access-to-pim.md).
+    ![find a role-assignable group to manage in PIM](./media/groups-assign-member-owner/groups-list-in-azure-ad.png)
 
-1. Open **Azure AD Privileged Identity Management**.
+1. Open the group and select **Privileged access (Preview)**.
 
-1. Select **Privileged access (Preview)**.
-
-1. You can search for a group name and use the **Group type** to filter the list to select the group you want to manage.
-
-    ![List of privileged access groups to manage](./media/groups-assign-member-owner/privileged-access-list.png)
-
-1. Under **Manage**, select **Assignments**.
+    ![Open the Privileged Identity Management experience](./media/groups-assign-member-owner/groups-discover-groups.png)
 
 1. Select **Add assignments**.
 
@@ -72,21 +67,20 @@ Follow these steps to make a user eligible to be a member or owner of a privileg
 
 Follow these steps to update or remove an existing role assignment.
 
-1. Open **Azure AD Privileged Identity Management**.
-
-1. Select **Privileged access (Preview)**.
+1. [Sign in to Azure AD](https://aad.portal.azure.com) with Global Administrator or group Owner permissions.
+1. Select **Groups** and then select the role-assignable group you want to manage. You can search or filter the list.
 
-1. You can search for a group name and use the **Group type** to filter the list to select the group you want to manage.
+    ![find a role-assignable group to manage in PIM](./media/groups-assign-member-owner/groups-list-in-azure-ad.png)
 
-    ![List of privileged access groups to manage](./media/groups-assign-member-owner/privileged-access-list.png)
+1. Open the group and select **Privileged access (Preview)**.
 
-1. Under **Manage**, select **Assignments**.
+    ![Open the Privileged Identity Management experience](./media/groups-assign-member-owner/groups-discover-groups.png)
 
 1. Select the role that you want to update or remove.
 
 1. Find the role assignment on the **Eligible roles** or **Active roles** tabs.
 
-    ![Update or remove role assignment](./media/groups-assign-member-owner/groups-add-assignment.png)
+    ![Update or remove role assignment](./media/groups-assign-member-owner/groups-bring-under-management.png)
 
 1. Select **Update** or **Remove** to update or remove the role assignment.
 

articles/active-directory/privileged-identity-management/groups-discover-groups.md

@@ -1,6 +1,6 @@
 ---
-title: Identify a group to manage in Privileged Identity Management - Azure AD | Microsoft Docs
-description: Learn how to onboard role-assignable groups to manage as privileged access groups in Privileged Identity Management (PIM).
+title: Manage role-assignable groups as privileged access groups - Azure AD | Microsoft Docs
+description: Consent to onboard role-assignable groups to manage as privileged access groups in Privileged Identity Management (PIM).
 services: active-directory
 documentationcenter: ''
 author: curtand
@@ -11,34 +11,38 @@ ms.topic: how-to
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: pim
-ms.date: 08/03/2020
+ms.date: 08/17/2020
 ms.author: curtand
 ms.collection: M365-identity-device-management
 ---
 
-# Bring a privileged access groups (preview) into Privileged Identity Management
+# Manage privileged access groups (preview) in Privileged Identity Management
 
 In Azure Active Directory (Azure AD), you can assign Azure AD built-in roles to cloud groups to simplify how you manage role assignments. To protect Azure AD roles and to secure access, you can now use Privileged Identity Management (PIM) to manage just-in-time access for members or owners of these groups. To manage an Azure AD role-assignable group as a privileged access group in Privileged Identity Management, you must bring it under management in PIM.
 
 ## Identify groups to manage
 
-You can create a role-assignable group in Azure AD as described in [Create a role-assignable group in Azure Active Directory](../users-groups-roles/roles-groups-create-eligible.md). You have be an owner of the group to bring it under management with Privileged Identity Management.
+You can create a role-assignable group in Azure AD as described in [Create a role-assignable group in Azure Active Directory](../users-groups-roles/roles-groups-create-eligible.md). You have be an owner of the group to bring it under management in Privileged Identity Management.
 
-1. [Sign in to Azure AD](https://aad.portal.azure.com) with Privileged Role Administrator role permissions.
-1. Select **Groups** and then select the role-assignable group you want to manage in PIM. You can search and filter the list.
+1. [Sign in to Azure AD](https://aad.portal.azure.com) with Privileged Role Administrator permissions.
+1. Select **Groups** and then select the role-assignable group you want to manage. You can search or filter the list.
 
     ![find a role-assignable group to manage in PIM](./media/groups-discover-groups/groups-list-in-azure-ad.png)
 
 1. Open the group and select **Privileged access (Preview)**.
 
     ![Open the Privileged Identity Management experience](./media/groups-discover-groups/groups-discover-groups.png)
 
+1. If your groups hasn't yet been brought under management in PIM, select **Enable privileged access** to consent to management. Only the Global Administrator or Owner of a group can give this consent.
+
+    ![consent to manage the group in Privileged Identity Management if required](./media/groups-discover-groups/consent-page.png)
+
 1. Start managing assignments in PIM.
 
     ![Manage assignments in Privileged Identity Management](./media/groups-discover-groups/groups-bring-under-management.png)
 
 > [!NOTE]
-> Once a privileged access group is managed, it can't be taken out of management. This prevents another resource administrator from removing Privileged Identity Management settings.
+> Once a privileged access group is managed, it can't be taken out of management. This prevents another administrator from removing Privileged Identity Management settings.
 
 ## Next steps
 

articles/active-directory/privileged-identity-management/media/groups-assign-member-owner/groups-bring-under-management.png

@@ -24,6 +24,7 @@ You need the Azure CLI version 2.0.76 or later installed and configured. Run `a
 
 AKS clusters can currently be created using availability zones in the following regions:
 
+* Australia East
 * Central US
 * East US 2
 * East US

articles/active-directory/privileged-identity-management/media/groups-assign-member-owner/groups-discover-groups.png

@@ -27,7 +27,7 @@ When you want to update the credentials for an AKS cluster, you can choose to ei
 * Update the credentials for the existing service principal.
 * Create a new service principal and update the cluster to use these new credentials. 
 
-> ![WARNING]
+> [!WARNING]
 > If you choose to create a *new* service principal, updating a large AKS cluster to use these credentials may take a long time to complete.
 
 ### Check the expiration date of your service principal