Skip to content

Commit a8ad178

Browse files
Learn Build Service GitHub AppLearn Build Service GitHub App
authored andcommitted
Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)
2 parents 445980c + 11075e0 commit a8ad178

File tree

142 files changed

+1565
-613
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

142 files changed

+1565
-613
lines changed

.openpublishing.redirection.virtual-desktop.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -189,6 +189,11 @@
189189
"source_path_from_root": "/articles/virtual-desktop/fslogix-office-app-rule-editor.md",
190190
"redirect_url": "/azure/virtual-desktop/install-office-on-wvd-master-image",
191191
"redirect_document_id": false
192+
},
193+
{
194+
"source_path_from_root": "/articles/virtual-desktop/app-attach-glossary.md",
195+
"redirect_url": "/azure/virtual-desktop/what-is-app-attach",
196+
"redirect_document_id": false
192197
}
193198
]
194199
}

articles/active-directory/cloud-infrastructure-entitlement-management/TOC.yml

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -27,16 +27,13 @@
2727
href: onboard-enable-controller-after-onboarding.md
2828
- name: Add an account/ subscription/ project after onboarding is complete
2929
href: onboard-add-account-after-onboarding.md
30-
- name: View risk metrics in your authorization system
30+
- name: View information about your Authorization Systems
3131
expanded: false
3232
items:
3333
- name: View key statistics and data about your authorization system
3434
href: ui-dashboard.md
3535
- name: View data about the activity in your authorization system
3636
href: product-dashboard.md
37-
- name: View information about your Authorization Systems
38-
expanded: false
39-
items:
4037
- name: View and configure settings for data collection
4138
href: product-data-sources.md
4239
- name: View current billable resources in your authorization system
@@ -108,8 +105,6 @@
108105
href: ui-audit-trail.md
109106
- name: Create a custom query
110107
href: how-to-create-custom-queries.md
111-
- name: Generate an on-demand report from a query
112-
href: how-to-audit-trail-results.md
113108
- name: Filter and query user activity
114109
href: product-audit-trail.md
115110
- name: Set activity alerts and triggers
@@ -139,6 +134,8 @@
139134
- name: Create and view reports
140135
expanded: false
141136
items:
137+
- name: Generate an on-demand report from a query
138+
href: how-to-audit-trail-results.md
142139
- name: View system reports in the Reports dashboard
143140
href: product-reports.md
144141
- name: View a list and description of system reports

articles/active-directory/cloud-infrastructure-entitlement-management/all-reports.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,13 @@ ms.service: active-directory
88
ms.subservice: ciem
99
ms.workload: identity
1010
ms.topic: overview
11-
ms.date: 02/23/2022
11+
ms.date: 06/13/2023
1212
ms.author: jfields
1313
---
1414

1515
# View a list and description of system reports
1616

17-
Permissions Management has various types of system reports that capture specific sets of data. These reports allow management, auditors, and administrators to:
17+
Microsoft Entra Permissions Management has various types of system reports that capture specific sets of data. These reports allow management, auditors, and administrators to:
1818

1919
- Make timely decisions.
2020
- Analyze trends and system/user performance.

articles/active-directory/cloud-infrastructure-entitlement-management/faqs.md

Lines changed: 19 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,39 +1,39 @@
11
---
2-
title: Frequently asked questions (FAQs) about Permissions Management
3-
description: Frequently asked questions (FAQs) about Permissions Management.
2+
title: Frequently asked questions (FAQs) about Microsoft Entra Permissions Management
3+
description: Frequently asked questions (FAQs) about Microsoft Permissions Management.
44
services: active-directory
55
author: jenniferf-skc
66
manager: amycolannino
77
ms.service: active-directory
88
ms.subservice: ciem
99
ms.workload: identity
1010
ms.topic: faq
11-
ms.date: 01/25/2023
11+
ms.date: 06/16/2023
1212
ms.author: jfields
1313
---
1414

1515
# Frequently asked questions (FAQs)
1616

17-
This article answers frequently asked questions (FAQs) about Permissions Management.
17+
This article answers frequently asked questions (FAQs) about Microsoft Entra Permissions Management.
1818

19-
## What's Permissions Management?
19+
## What's Microsoft Entra Permissions Management?
2020

21-
Permissions Management is a cloud infrastructure entitlement management (CIEM) solution that provides comprehensive visibility into permissions assigned to all identities. For example, over-privileged workload and user identities, actions, and resources across multicloud infrastructures in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). Permissions Management detects, automatically right-sizes, and continuously monitors unused and excessive permissions. It deepens the Zero Trust security strategy by augmenting the least privilege access principle.
21+
Microsoft Entra Permissions Management (Permissions Management) is a cloud infrastructure entitlement management (CIEM) solution that provides comprehensive visibility into permissions assigned to all identities. For example, over-privileged workload and user identities, actions, and resources across multicloud infrastructures in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). Permissions Management detects, automatically right-sizes, and continuously monitors unused and excessive permissions. It deepens the Zero Trust security strategy by augmenting the least privilege access principle.
2222

2323

2424
## What are the prerequisites to use Permissions Management?
2525

2626
Permissions Management supports data collection from AWS, GCP, and/or Microsoft Azure. For data collection and analysis, customers are required to have an Azure Active Directory (Azure AD) account to use Permissions Management.
2727

28-
## Can a customer use Permissions Management if they have other identities with access to their IaaS platform that aren't yet in Azure AD (for example, if part of their business has Okta or AWS Identity & Access Management (IAM))?
28+
## Can a customer use Permissions Management if they have other identities with access to their IaaS platform that aren't yet in Azure AD?
2929

30-
Yes, a customer can detect, mitigate, and monitor the risk of 'backdoor' accounts that are local to AWS IAM, GCP, or from other identity providers such as Okta or AWS IAM.
30+
Yes, a customer can detect, mitigate, and monitor the risk for AWS IAM or GCP accounts, or from other identity providers such as Okta or AWS IAM.
3131

3232
## Where can customers access Permissions Management?
3333

3434
Customers can access the Permissions Management interface from the [Microsoft Entra admin center](https://entra.microsoft.com/) .
3535

36-
## Can non-cloud customers use Permissions Management on-premises?
36+
## Can noncloud customers use Permissions Management on-premises?
3737

3838
No, Permissions Management is a hosted cloud offering.
3939

@@ -47,9 +47,9 @@ Yes, Permissions Management is currently for tenants hosted in the European Unio
4747

4848
## If I'm already using Azure AD Privileged Identity Management (PIM) for Azure, what value does Permissions Management provide?
4949

50-
Permissions Management complements Azure AD PIM. Azure AD PIM provides just-in-time access for admin roles in Azure (as well as Microsoft Online Services and apps that use groups), while Permissions Management allows multicloud discovery, remediation, and monitoring of privileged access across Azure, AWS, and GCP.
50+
Permissions Management complements Azure AD PIM. Azure AD PIM provides just-in-time access for admin roles in Azure and Microsoft Online Services and apps that use groups. Permissions Management allows multicloud discovery, remediation, and monitoring of privileged access across Azure, AWS, and GCP.
5151

52-
## What public cloud infrastructures are supported by Permissions Management?
52+
## What public cloud infrastructures does Permissions Management support?
5353

5454
Permissions Management currently supports the three major public clouds: Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.
5555

@@ -71,11 +71,11 @@ No, Permissions Management is currently not available in sovereign Clouds.
7171

7272
## How does Permissions Management collect insights about permissions usage?
7373

74-
Permissions Management has a data collector that collects access permissions assigned to various identities, activity logs, and resources metadata. This gathers full visibility into permissions granted to all identities to access the resources and details on usage of granted permissions.
74+
Permissions Management has a data collector that collects access permissions that are assigned to various identities, activity logs, and resources metadata. The data collector provides full visibility into permissions granted to all identities to access the resources and details on usage of granted permissions.
7575

7676
## How does Permissions Management evaluate cloud permissions risk?
7777

78-
Permissions Management offers granular visibility into all identities and their permissions granted versus used, across cloud infrastructures to uncover any action performed by any identity on any resource. This isn't limited to just user identities, but also workload identities such as virtual machines, access keys, containers, and scripts. The dashboard gives an overview of permission profile to locate the riskiest identities and resources.
78+
Permissions Management offers granular visibility into all identities and their permissions granted versus used, across cloud infrastructures to uncover any action performed by any identity on any resource. The visibility isn't limited to just user identities, but also workload identities such as virtual machines, access keys, containers, and scripts. The dashboard gives an overview of permission profile to locate the riskiest identities and resources.
7979

8080
## What is the Permissions Creep Index?
8181

@@ -95,7 +95,7 @@ Just-in-time (JIT) access is a method used to enforce the principle of least pri
9595

9696
## How can customers monitor permissions usage with Permissions Management?
9797

98-
Customers only need to track the evolution of their Permission Creep Index to monitor permissions usage. They can do this in the "Analytics" tab in their Permissions Management dashboard where they can see how the PCI of each identity or resource is evolving over time.
98+
Customers only need to track the evolution of their Permission Creep Index (PCI) to monitor permissions usage. Customers can monitor PCI in the **Analytics** tab from their Permissions Management dashboard.
9999

100100
## Can customers generate permissions usage reports?
101101

@@ -140,7 +140,7 @@ We also have the ability to remove, export or modify specific data should the Gl
140140

141141
## Do I require a license to use Entra Permissions Management?
142142

143-
Yes, as of July 1st, 2022, new customers must acquire a free 45-day trial license or a paid license to use the service. You can enable a trial here: [https://aka.ms/TryPermissionsManagement](https://aka.ms/TryPermissionsManagement) or you can directly purchase resource-based licenses here: [https://aka.ms/BuyPermissionsManagement](https://aka.ms/BuyPermissionsManagement)
143+
Yes, as of July 1, 2022, new customers must acquire a free 45-day trial license or a paid license to use the service. You can enable a trial here: [https://aka.ms/TryPermissionsManagement](https://aka.ms/TryPermissionsManagement) or you can directly purchase resource-based licenses here: [https://aka.ms/BuyPermissionsManagement](https://aka.ms/BuyPermissionsManagement)
144144

145145
## How is Permissions Management priced?
146146

@@ -152,13 +152,7 @@ Although Permissions Management supports all resources, Microsoft only requires
152152

153153
## How do I figure out how many resources I have?
154154

155-
To find out how many resources you have across your multicloud infrastructure, select Settings (gear icon) and view the Billable Resources tab in Permissions Management.
156-
157-
## What do I do if I’m using Public Preview version of Entra Permissions Management?
158-
159-
If you are using the Public Preview version of Entra Permissions Management, your current deployment(s) will continue to work through October 1st.
160-
161-
After October 1st you will need to move over to use the newly released version of the service and enable a 45-day trial or purchase licenses to continue using the service.
155+
To find out how many resources you have across your multicloud infrastructure, select Settings (gear icon) and view the Billable Resources tab in Permissions Management.
162156

163157
## What do I do if I’m using the legacy version of the CloudKnox service?
164158

@@ -178,13 +172,14 @@ Where xx-XX is one of the following available language parameters: 'cs-CZ', 'de-
178172

179173
## Resources
180174

181-
- [Public Preview announcement blog](https://www.aka.ms/CloudKnox-Public-Preview-Blog)
175+
- [Microsoft Entra (Azure AD) blog](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/bg-p/Identity)
182176
- [Permissions Management web page](https://microsoft.com/security/business/identity-access-management/permissions-management)
183177
- For more information about Microsoft's privacy and security terms, see [Commercial Licensing Terms](https://www.microsoft.com/licensing/terms/product/ForallOnlineServices/all).
184178
- For more information about Microsoft's data processing and security terms when you subscribe to a product, see [Microsoft Products and Services Data Protection Addendum (DPA)](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).
185179
- For more information, see [Azure Data Subject Requests for the GDPR and CCPA](/compliance/regulatory/gdpr-dsr-azure).
186180

187181
## Next steps
188182

189-
- For an overview of Permissions Management, see [What's Permissions Management?](overview.md).
183+
- For an overview of Permissions Management, see [What's Microsoft Entra Permissions Management?](overview.md).
184+
- Deepen your learning with the [Introduction to Microsoft Entra Permissions Management](https://go.microsoft.com/fwlink/?linkid=2240016) learn module.
190185
- For information on how to onboard Permissions Management in your organization, see [Enable Permissions Management in your organization](onboard-enable-tenant.md).

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-add-remove-role-task.md

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ ms.service: active-directory
88
ms.subservice: ciem
99
ms.workload: identity
1010
ms.topic: how-to
11-
ms.date: 02/23/2022
11+
ms.date: 06/16/2023
1212
ms.author: jfields
1313
---
1414

@@ -103,11 +103,9 @@ This article describes how you can add and remove roles and tasks for Microsoft
103103

104104

105105
- For information on how to view existing roles/policies, requests, and permissions, see [View roles/policies, requests, and permission in the Remediation dashboard](ui-remediation.md).
106+
- To view information about roles/policies, see [View information about roles/policies](how-to-view-role-policy.md).
106107
- For information on how to create a role/policy, see [Create a role/policy](how-to-create-role-policy.md).
107108
- For information on how to clone a role/policy, see [Clone a role/policy](how-to-clone-role-policy.md).
108109
- For information on how to delete a role/policy, see [Delete a role/policy](how-to-delete-role-policy.md).
109-
- For information on how to modify a role/policy, see Modify a role/policy](how-to-modify-role-policy.md).
110-
- To view information about roles/policies, see [View information about roles/policies](how-to-view-role-policy.md).
111-
- For information on how to attach and detach permissions for Amazon Web Services (AWS) identities, see [Attach and detach policies for AWS identities](how-to-attach-detach-permissions.md).
112-
- For information on how to revoke high-risk and unused tasks or assign read-only status for Microsoft Azure and Google Cloud Platform (GCP) identities, see [Revoke high-risk and unused tasks or assign read-only status for Azure and GCP identities](how-to-revoke-task-readonly-status.md)
113-
For information on how to create or approve a request for permissions, see [Create or approve a request for permissions](how-to-create-approve-privilege-request.md).
110+
- For information on how to modify a role/policy, see [Modify a role/policy](how-to-modify-role-policy.md).
111+
- For information on how to attach and detach permissions for Amazon Web Services (AWS) identities, see [Attach and detach policies for AWS identities](how-to-attach-detach-permissions.md).

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-add-remove-user-to-group.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,18 @@
11
---
2-
title: Add or remove a user in Permissions Management through the Microsoft Entra admin center
3-
description: How to add or remove a user in Permissions Management through Azure Active Directory (AD).
2+
title: Add or remove a user in Microsoft Entra Permissions Management through the Microsoft Entra admin center
3+
description: How to add or remove a user in Microsoft Entra Permissions Management through the Microsoft Enter admin center.
44
services: active-directory
55
author: jenniferf-skc
66
manager: amycolannino
77
ms.service: active-directory
88
ms.subservice: ciem
99
ms.workload: identity
1010
ms.topic: how-to
11-
ms.date: 12/28/2022
11+
ms.date: 06/16/2023
1212
ms.author: jfields
1313
---
1414

15-
# Add or remove a user in Permissions Management
15+
# Add or remove a user in Microsoft Entra Permissions Management
1616

1717
This article describes how you can add or remove a new user for a group in Permissions Management.
1818

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-attach-detach-permissions.md

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
title: Attach and detach permissions for users, roles, and groups for Amazon Web Services (AWS) identities in the Remediation dashboard in Permissions Management
2+
title: Attach and detach permissions for users, roles, and groups for Amazon Web Services (AWS) identities in the Remediation dashboard
33
description: How to attach and detach permissions for users, roles, and groups for Amazon Web Services (AWS) identities in the Remediation dashboard in Permissions Management.
44
services: active-directory
55
author: jenniferf-skc
@@ -8,7 +8,7 @@ ms.service: active-directory
88
ms.subservice: ciem
99
ms.workload: identity
1010
ms.topic: how-to
11-
ms.date: 02/23/2022
11+
ms.date: 06/16/2023
1212
ms.author: jfields
1313
---
1414

@@ -68,11 +68,11 @@ This article describes how you can attach and detach permissions for users, role
6868
## Next steps
6969

7070

71-
- For information on how to view existing roles/policies, requests, and permissions, see [View roles/policies, requests, and permission in the Remediation dashboard](ui-remediation.md).
72-
- For information on how to create a role/policy, see [Create a role/policy](how-to-create-role-policy.md).
73-
- For information on how to clone a role/policy, see [Clone a role/policy](how-to-clone-role-policy.md).
74-
- For information on how to delete a role/policy, see [Delete a role/policy](how-to-delete-role-policy.md).
75-
- For information on how to modify a role/policy, see Modify a role/policy](how-to-modify-role-policy.md).
71+
- To view existing roles/policies, requests, and permissions, see [View roles/policies, requests, and permission in the Remediation dashboard](ui-remediation.md).
72+
- To create a role/policy, see [Create a role/policy](how-to-create-role-policy.md).
73+
- To clone a role/policy, see [Clone a role/policy](how-to-clone-role-policy.md).
74+
- To delete a role/policy, see [Delete a role/policy](how-to-delete-role-policy.md).
75+
- To modify a role/policy, see [Modify a role/policy](how-to-modify-role-policy.md).
7676
- To view information about roles/policies, see [View information about roles/policies](how-to-view-role-policy.md).
77-
- For information on how to revoke high-risk and unused tasks or assign read-only status for Microsoft Azure and Google Cloud Platform (GCP) identities, see [Revoke high-risk and unused tasks or assign read-only status for Azure and GCP identities](how-to-revoke-task-readonly-status.md)
78-
For information on how to create or approve a request for permissions, see [Create or approve a request for permissions](how-to-create-approve-privilege-request.md).
77+
- To revoke high-risk and unused tasks or assign read-only status for Microsoft Azure and Google Cloud Platform (GCP) identities, see [Revoke high-risk and unused tasks or assign read-only status for Azure and GCP identities](how-to-revoke-task-readonly-status.md)
78+
To create or approve a request for permissions, see [Create or approve a request for permissions](how-to-create-approve-privilege-request.md).

0 commit comments

Comments
 (0)