Acrolinx edits

Author: jenniferf-skc

articles/active-directory/cloud-infrastructure-entitlement-management/permissions-management-quickstart-guide.md

@@ -40,7 +40,7 @@ If the above points are met, continue with:
 
 1. [Enable Microsoft Entra Permissions Management in your organization](onboard-enable-tenant.md)
 
-Ensure you are a *Global Administrator* or *Permissions Management Administrator*. Learn more about [Permissions Management roles and permissions](product-roles-permissions.md). 
+Ensure you're a *Global Administrator* or *Permissions Management Administrator*. Learn more about [Permissions Management roles and permissions](product-roles-permissions.md). 
 
 
 ## Step 2: Onboard your multicloud environment
@@ -62,7 +62,7 @@ The controller gives you the choice to determine the level of access you grant t
 
 > [!NOTE]
 > If you don't enable the controller during onboarding, you have the option to enable it after onboarding is complete. To set the controller in Permissions Management after onboarding, see [Enable or disable the controller after onboarding](onboard-enable-controller-after-onboarding.md).
-> For AWS environments, once you've enabled the controller, you *cannot* disable it. 
+> For AWS environments, once you have enabled the controller, you *cannot* disable it. 
 
 To set the controller settings during onboarding:
 1. Select **Enable** to give read and write access to Permissions Management.
@@ -90,7 +90,7 @@ To configure data collection:
 3. Click **Create configuration**.
 
 ### Onboard Amazon Web Services (AWS)
-Since Permissions Management is hosted on Microsoft Entra, there are additional steps to take to onboard your AWS environment.  
+Since Permissions Management is hosted on Microsoft Entra, there are more steps to take to onboard your AWS environment.  
 
 To connect AWS to Permissions Management, you must create an Entra ID application in the Entra admin center tenant where Permissions Management is enabled. This Entra ID application is used to set up an OIDC connection to your AWS environment.   
 
@@ -104,11 +104,11 @@ Account IDs and roles for:
 - AWS OIDC account: An AWS member account designated by you to create and host the OIDC connection through an OIDC IdP
 - AWS Logging account (optional but recommended) 
 - AWS Management account (optional but recommended)  
-- AWS member accounts to be monitored and managed by Permissions Management (for manual mode) 
+- AWS member accounts monitored and managed by Permissions Management (for manual mode) 
 
 To use **Automatic** or **Select** data collection modes, you must connect your AWS Management account.  
 
-During this step, you have the option to enable the controller by entering the name of the S3 bucket with AWS CloudTrail activity logs (found on AWS Trails). 
+During this step, you can enable the controller by entering the name of the S3 bucket with AWS CloudTrail activity logs (found on AWS Trails). 
 
 To onboard your AWS environment and configure data collection, see [Onboard an Amazon Web Services (AWS) account](onboard-aws.md).
 
@@ -160,9 +160,9 @@ To onboard your GCP environment and configure data collection, see [Onboard a GC
 
 ## Summary
 
-Congratulations! You've finished configuring data collection for your environment(s), and the data collection process has begun.  
+Congratulations! You have finished configuring data collection for your environment(s), and the data collection process has begun.  
 
-The status column in your Permissions Management UI shows you which step of data collection you are at.  
+The status column in your Permissions Management UI shows you which step of data collection you're at.  
 
 
 - **Pending**: Permissions Management has not started detecting or onboarding yet. 

articles/active-directory/cloud-infrastructure-entitlement-management/product-roles-permissions.md

@@ -1,6 +1,7 @@
 ---
 title: Permissions Management required roles and permissions
 description: Review roles and the level of permissions assigned in Microsoft Entra Permissions Management.
+# customerintent: As a cloud administer, I want to understand Permissions Management role assignments, so that I can effectively assign the correct permissions to users.
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
@@ -13,30 +14,30 @@ ms.author: jfields
 ---
 
 
-# [Microsoft Entra Admin Center built-in roles](../azure/active-directory/roles/permissions-reference.md)
+# Microsoft Entra admin center built-in roles
 
-In Microsoft Entra and Microsoft Entra Permissions Management, assigned roles give users different levels of access to monitor and take action in multicloud environments. In the Microsoft Entra Admin Center, review a list of identities assigned to a privileged role and learn more about the level of permissions given to users assigned roles in your organization.
+In Microsoft Azure and Microsoft Entra Permissions Management, assigned roles give users different levels of access to monitor and take action in multicloud environments. In the [Microsoft Entra admin center built-in roles](../roles/permissions-reference.md), review a list of identities assigned to a privileged role and learn more about the level of permissions given to users assigned roles in your organization.
 
 - **Global Administrator**: Manages all aspects of Entra Admin Center and Microsoft services that use Entra Admin Center identities. 
 - **Billing Administrator**: Performs common billing related tasks like updating payment information. 
 - **Permissions Management Administrator**: Manages all aspects of Entra Permissions Management. 
 
-# Permissions Management roles and permissions levels
+## Permissions Management roles and permissions levels
 
 ## Enabling Permissions Management
 - To activate a trial or purchase a license, you must have *Global Administrator* or *Billing Administrator* permissions.
 
 ## Onboarding your Amazon Web Service (AWS), Microsoft Entra, or Google Cloud Platform (GCP) environments
 
 - To configure data collection, you must have *Permissions Management Administrator* or *Global Administrator* permissions. 
-- A user with the ability to create a new app registration in Azure (needed to facilitate the OIDC connection) will be needed for AWS and GCP onboarding.
+- A user with *Global Administrator* or *Permissions Management Administrator* role assignments is required for AWS and GCP onboarding.
 
 ## Notes on permissions and roles in Permissions Management
 
 - Users can have the following permissions:
     - Admin for all authorization system types
     - Admin for selected authorization system types
-- If a user is not an admin, they are assigned Entra Admin Center security group-based, fine-grained permissions for all or selected authorization system types:
+- If a user isn't an admin, they're assigned Entra Admin Center security group-based, fine-grained permissions for all or selected authorization system types:
     - Viewers: View only access to scoped cloud accounts. View the specified AWS accounts, Entra subscriptions, and GCP projects
     - Controller: Modify Cloud Infrastructure Entitlement Management (CIEM) properties and use the Remediation dashboard.
     - Approvers: Able to approve permission requests
@@ -46,21 +47,21 @@ In Microsoft Entra and Microsoft Entra Permissions Management, assigned roles gi
 ## Permissions Management actions and required roles
 
 Remediation
-- To view the Remediation tab, you must have Viewer, Controller, or Approver permissions.
-- To make changes in the Remediation tab, you much have Controller or Approver permissions.
+- To view the Remediation tab, you must have *Viewer*, *Controller*, or *Approver* permissions.
+- To make changes in the **Remediation** tab, you must have *Controller* or *Approver* permissions.
 
 Autopilot
-- To view and make changes in the Autopilot tab, you must be a Permissions Management Administrator.
+- To view and make changes in the **Autopilot** tab, you must be a *Permissions Management Administrator*.
 
 Alert
-- Any user (admin, non-admin) can create an alert. 
+- Any user (admin, nonadmin) can create an alert. 
 - Only the user who creates the alert can edit, rename, deactivate, or delete the alert.
 
 Manage users or groups
 - Only the owner of a group can add or remove a user from the group.
 - Managing users and groups is only done in the Entra Admin Center.
 
 
-# Next steps
+## Next steps
 
 - For information about managing roles, policies and permissions requests in your organization, see [View roles/policies and requests for permission in the Remediation dashboard](ui-remediation.md).