Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

.openpublishing.redirection.virtual-desktop.json

@@ -189,6 +189,11 @@
             "source_path_from_root": "/articles/virtual-desktop/fslogix-office-app-rule-editor.md",
             "redirect_url": "/azure/virtual-desktop/install-office-on-wvd-master-image",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/virtual-desktop/app-attach-glossary.md",
+            "redirect_url": "/azure/virtual-desktop/what-is-app-attach",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory/cloud-infrastructure-entitlement-management/TOC.yml

@@ -27,16 +27,13 @@
         href: onboard-enable-controller-after-onboarding.md
       - name: Add an account/ subscription/ project after onboarding is complete
         href: onboard-add-account-after-onboarding.md
-    - name: View risk metrics in your authorization system
+    - name: View information about your Authorization Systems
       expanded: false
       items:
       - name: View key statistics and data about your authorization system
         href: ui-dashboard.md
       - name: View data about the activity in your authorization system
         href: product-dashboard.md  
-    - name: View information about your Authorization Systems
-      expanded: false
-      items:
       - name: View and configure settings for data collection
         href: product-data-sources.md
       - name: View current billable resources in your authorization system
@@ -108,8 +105,6 @@
         href: ui-audit-trail.md
       - name: Create a custom query
         href: how-to-create-custom-queries.md
-      - name: Generate an on-demand report from a query
-        href: how-to-audit-trail-results.md
       - name: Filter and query user activity
         href: product-audit-trail.md
     - name: Set activity alerts and triggers 
@@ -139,6 +134,8 @@
     - name: Create and view reports 
       expanded: false
       items: 
+      - name: Generate an on-demand report from a query
+        href: how-to-audit-trail-results.md
       - name: View system reports in the Reports dashboard
         href: product-reports.md
       - name: View a list and description of system reports

articles/active-directory/cloud-infrastructure-entitlement-management/all-reports.md

@@ -8,13 +8,13 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: overview
-ms.date: 02/23/2022
+ms.date: 06/13/2023
 ms.author: jfields
 ---
 
 # View a list and description of system reports
 
-Permissions Management has various types of system reports that capture specific sets of data. These reports allow management, auditors, and administrators to:
+Microsoft Entra Permissions Management has various types of system reports that capture specific sets of data. These reports allow management, auditors, and administrators to:
 
 - Make timely decisions.
 - Analyze trends and system/user performance.

articles/active-directory/cloud-infrastructure-entitlement-management/faqs.md

@@ -1,39 +1,39 @@
 ---
-title: Frequently asked questions (FAQs) about Permissions Management
-description: Frequently asked questions (FAQs) about Permissions Management.
+title: Frequently asked questions (FAQs) about Microsoft Entra Permissions Management
+description: Frequently asked questions (FAQs) about Microsoft Permissions Management.
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
 ms.service: active-directory 
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: faq
-ms.date: 01/25/2023
+ms.date: 06/16/2023
 ms.author: jfields
 ---
 
 # Frequently asked questions (FAQs)
 
-This article answers frequently asked questions (FAQs) about Permissions Management.
+This article answers frequently asked questions (FAQs) about Microsoft Entra Permissions Management.
 
-## What's Permissions Management?
+## What's Microsoft Entra Permissions Management?
 
-Permissions Management is a cloud infrastructure entitlement management (CIEM) solution that provides comprehensive visibility into permissions assigned to all identities. For example, over-privileged workload and user identities, actions, and resources across multicloud infrastructures in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). Permissions Management detects, automatically right-sizes, and continuously monitors unused and excessive permissions. It deepens the Zero Trust security strategy by augmenting the least privilege access principle.
+Microsoft Entra Permissions Management (Permissions Management) is a cloud infrastructure entitlement management (CIEM) solution that provides comprehensive visibility into permissions assigned to all identities. For example, over-privileged workload and user identities, actions, and resources across multicloud infrastructures in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). Permissions Management detects, automatically right-sizes, and continuously monitors unused and excessive permissions. It deepens the Zero Trust security strategy by augmenting the least privilege access principle.
 
 
 ## What are the prerequisites to use Permissions Management?
 
 Permissions Management supports data collection from AWS, GCP, and/or Microsoft Azure. For data collection and analysis, customers are required to have an Azure Active Directory (Azure AD) account to use Permissions Management.
 
-## Can a customer use Permissions Management if they have other identities with access to their IaaS platform that aren't yet in Azure AD (for example, if part of their business has Okta or AWS Identity & Access Management (IAM))?
+## Can a customer use Permissions Management if they have other identities with access to their IaaS platform that aren't yet in Azure AD?
 
-Yes, a customer can detect, mitigate, and monitor the risk of 'backdoor' accounts that are local to AWS IAM, GCP, or from other identity providers such as Okta or AWS IAM.
+Yes, a customer can detect, mitigate, and monitor the risk for AWS IAM or GCP accounts, or from other identity providers such as Okta or AWS IAM.
 
 ## Where can customers access Permissions Management?
 
 Customers can access the Permissions Management interface from the [Microsoft Entra admin center](https://entra.microsoft.com/) .
 
-## Can non-cloud customers use Permissions Management on-premises?
+## Can noncloud customers use Permissions Management on-premises?
 
 No, Permissions Management is a hosted cloud offering.
 
@@ -47,9 +47,9 @@ Yes, Permissions Management is currently for tenants hosted in the European Unio
 
 ## If I'm already using Azure AD  Privileged Identity Management (PIM) for Azure, what value does Permissions Management provide?
 
-Permissions Management complements Azure AD PIM. Azure AD PIM provides just-in-time access for admin roles in Azure (as well as Microsoft Online Services and apps that use groups), while Permissions Management allows multicloud discovery, remediation, and monitoring of privileged access across Azure, AWS, and GCP.
+Permissions Management complements Azure AD PIM. Azure AD PIM provides just-in-time access for admin roles in Azure and Microsoft Online Services and apps that use groups. Permissions Management allows multicloud discovery, remediation, and monitoring of privileged access across Azure, AWS, and GCP.
 
-## What public cloud infrastructures are supported by Permissions Management?
+## What public cloud infrastructures does Permissions Management support?
 
 Permissions Management currently supports the three major public clouds: Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.
 
@@ -71,11 +71,11 @@ No, Permissions Management is currently not available in sovereign Clouds.
 
 ## How does Permissions Management collect insights about permissions usage?
 
-Permissions Management has a data collector that collects access permissions assigned to various identities, activity logs, and resources metadata. This gathers full visibility into permissions granted to all identities to access the resources and details on usage of granted permissions.
+Permissions Management has a data collector that collects access permissions that are assigned to various identities, activity logs, and resources metadata. The data collector provides full visibility into permissions granted to all identities to access the resources and details on usage of granted permissions.
 
 ## How does Permissions Management evaluate cloud permissions risk?
 
-Permissions Management offers granular visibility into all identities and their permissions granted versus used, across cloud infrastructures to uncover any action performed by any identity on any resource. This isn't limited to just user identities, but also workload identities such as virtual machines, access keys, containers, and scripts. The dashboard gives an overview of permission profile to locate the riskiest identities and resources.
+Permissions Management offers granular visibility into all identities and their permissions granted versus used, across cloud infrastructures to uncover any action performed by any identity on any resource. The visibility isn't limited to just user identities, but also workload identities such as virtual machines, access keys, containers, and scripts. The dashboard gives an overview of permission profile to locate the riskiest identities and resources.
 
 ## What is the Permissions Creep Index?
 
@@ -95,7 +95,7 @@ Just-in-time (JIT) access is a method used to enforce the principle of least pri
 
 ## How can customers monitor permissions usage with Permissions Management?
 
-Customers only need to track the evolution of their Permission Creep Index to monitor permissions usage. They can do this in the "Analytics" tab in their Permissions Management dashboard where they can see how the PCI of each identity or resource is evolving over time.
+Customers only need to track the evolution of their Permission Creep Index (PCI) to monitor permissions usage. Customers can monitor PCI in the **Analytics** tab from their Permissions Management dashboard.
 
 ## Can customers generate permissions usage reports?
 
@@ -140,7 +140,7 @@ We also have the ability to remove, export or modify specific data should the Gl
 
 ## Do I require a license to use Entra Permissions Management? 
 
-Yes, as of July 1st, 2022, new customers must acquire a free 45-day trial license or a paid license to use the service. You can enable a trial here: [https://aka.ms/TryPermissionsManagement](https://aka.ms/TryPermissionsManagement) or you can directly purchase resource-based licenses here: [https://aka.ms/BuyPermissionsManagement](https://aka.ms/BuyPermissionsManagement) 
+Yes, as of July 1, 2022, new customers must acquire a free 45-day trial license or a paid license to use the service. You can enable a trial here: [https://aka.ms/TryPermissionsManagement](https://aka.ms/TryPermissionsManagement) or you can directly purchase resource-based licenses here: [https://aka.ms/BuyPermissionsManagement](https://aka.ms/BuyPermissionsManagement) 
 
 ## How is Permissions Management priced? 
 
@@ -152,13 +152,7 @@ Although Permissions Management supports all resources, Microsoft only requires
 
 ## How do I figure out how many resources I have? 
 
-To find out how many resources you have across your multicloud infrastructure, select Settings (gear icon) and view the Billable Resources tab in Permissions Management.
-
-## What do I do if I’m using Public Preview version of Entra Permissions Management?  
-
-If you are using the Public Preview version of Entra Permissions Management, your current deployment(s) will continue to work through October 1st.  
-
-After October 1st you will need to move over to use the newly released version of the service and enable a 45-day trial or purchase licenses to continue using the service.  
+To find out how many resources you have across your multicloud infrastructure, select Settings (gear icon) and view the Billable Resources tab in Permissions Management. 
 
 ## What do I do if I’m using the legacy version of the CloudKnox service?  
 
@@ -178,13 +172,14 @@ Where xx-XX is one of the following available language parameters: 'cs-CZ', 'de-
 
 ## Resources
 
-- [Public Preview announcement blog](https://www.aka.ms/CloudKnox-Public-Preview-Blog)
+- [Microsoft Entra (Azure AD) blog](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/bg-p/Identity)
 - [Permissions Management web page](https://microsoft.com/security/business/identity-access-management/permissions-management)
 - For more information about Microsoft's privacy and security terms, see [Commercial Licensing Terms](https://www.microsoft.com/licensing/terms/product/ForallOnlineServices/all). 
 - For more information about Microsoft's data processing and security terms when you subscribe to a product, see [Microsoft Products and Services Data Protection Addendum (DPA)](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).
 - For more information, see [Azure Data Subject Requests for the GDPR and CCPA](/compliance/regulatory/gdpr-dsr-azure).
 
 ## Next steps
 
-- For an overview of Permissions Management, see [What's Permissions Management?](overview.md).
+- For an overview of Permissions Management, see [What's Microsoft Entra Permissions Management?](overview.md).
+- Deepen your learning with the [Introduction to Microsoft Entra Permissions Management](https://go.microsoft.com/fwlink/?linkid=2240016) learn module.
 - For information on how to onboard Permissions Management in your organization, see [Enable Permissions Management in your organization](onboard-enable-tenant.md).

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-add-remove-role-task.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/23/2022
+ms.date: 06/16/2023
 ms.author: jfields
 ---
 
@@ -103,11 +103,9 @@ This article describes how you can add and remove roles and tasks for Microsoft
 
 
 - For information on how to view existing roles/policies, requests, and permissions, see [View roles/policies, requests, and permission in the Remediation dashboard](ui-remediation.md).
+- To view information about roles/policies, see [View information about roles/policies](how-to-view-role-policy.md).
 - For information on how to create a role/policy, see [Create a role/policy](how-to-create-role-policy.md).
 - For information on how to clone a role/policy, see [Clone a role/policy](how-to-clone-role-policy.md).
 - For information on how to delete a role/policy, see [Delete a role/policy](how-to-delete-role-policy.md).
-- For information on how to modify a role/policy, see Modify a role/policy](how-to-modify-role-policy.md).
-- To view information about roles/policies, see [View information about roles/policies](how-to-view-role-policy.md).
-- For information on how to attach and detach permissions for Amazon Web Services (AWS) identities, see [Attach and detach policies for AWS identities](how-to-attach-detach-permissions.md).
-- For information on how to revoke high-risk and unused tasks or assign read-only status for Microsoft Azure and Google Cloud Platform (GCP) identities, see [Revoke high-risk and unused tasks or assign read-only status for Azure and GCP identities](how-to-revoke-task-readonly-status.md)
-For information on how to create or approve a request for permissions, see [Create or approve a request for permissions](how-to-create-approve-privilege-request.md).
+- For information on how to modify a role/policy, see [Modify a role/policy](how-to-modify-role-policy.md).
+- For information on how to attach and detach permissions for Amazon Web Services (AWS) identities, see [Attach and detach policies for AWS identities](how-to-attach-detach-permissions.md).

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-add-remove-user-to-group.md

@@ -1,18 +1,18 @@
 ---
-title: Add or remove a user in Permissions Management through the Microsoft Entra admin center
-description: How to add or remove a user in Permissions Management through Azure Active Directory (AD).
+title: Add or remove a user in Microsoft Entra Permissions Management through the Microsoft Entra admin center
+description: How to add or remove a user in Microsoft Entra Permissions Management through the Microsoft Enter admin center.
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
 ms.service: active-directory 
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 12/28/2022
+ms.date: 06/16/2023
 ms.author: jfields
 ---
 
-# Add or remove a user in Permissions Management
+# Add or remove a user in Microsoft Entra Permissions Management
 
 This article describes how you can add or remove a new user for a group in Permissions Management. 
 

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-attach-detach-permissions.md

@@ -1,5 +1,5 @@
 ---
-title: Attach and detach permissions for users, roles, and groups for Amazon Web Services (AWS) identities in the Remediation dashboard in Permissions Management
+title: Attach and detach permissions for users, roles, and groups for Amazon Web Services (AWS) identities in the Remediation dashboard
 description: How to attach and detach permissions for users, roles, and groups for Amazon Web Services (AWS) identities in the Remediation dashboard in Permissions Management.
 services: active-directory
 author: jenniferf-skc
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/23/2022
+ms.date: 06/16/2023
 ms.author: jfields
 ---
 
@@ -68,11 +68,11 @@ This article describes how you can attach and detach permissions for users, role
 ## Next steps
 
 
-- For information on how to view existing roles/policies, requests, and permissions, see [View roles/policies, requests, and permission in the Remediation dashboard](ui-remediation.md).
-- For information on how to create a role/policy, see [Create a role/policy](how-to-create-role-policy.md).
-- For information on how to clone a role/policy, see [Clone a role/policy](how-to-clone-role-policy.md).
-- For information on how to delete a role/policy, see [Delete a role/policy](how-to-delete-role-policy.md).
-- For information on how to modify a role/policy, see Modify a role/policy](how-to-modify-role-policy.md).
+- To view existing roles/policies, requests, and permissions, see [View roles/policies, requests, and permission in the Remediation dashboard](ui-remediation.md).
+- To create a role/policy, see [Create a role/policy](how-to-create-role-policy.md).
+- To clone a role/policy, see [Clone a role/policy](how-to-clone-role-policy.md).
+- To delete a role/policy, see [Delete a role/policy](how-to-delete-role-policy.md).
+- To modify a role/policy, see [Modify a role/policy](how-to-modify-role-policy.md).
 - To view information about roles/policies, see [View information about roles/policies](how-to-view-role-policy.md).
-- For information on how to revoke high-risk and unused tasks or assign read-only status for Microsoft Azure and Google Cloud Platform (GCP) identities, see [Revoke high-risk and unused tasks or assign read-only status for Azure and GCP identities](how-to-revoke-task-readonly-status.md)
-For information on how to create or approve a request for permissions, see [Create or approve a request for permissions](how-to-create-approve-privilege-request.md).
+- To revoke high-risk and unused tasks or assign read-only status for Microsoft Azure and Google Cloud Platform (GCP) identities, see [Revoke high-risk and unused tasks or assign read-only status for Azure and GCP identities](how-to-revoke-task-readonly-status.md)
+To create or approve a request for permissions, see [Create or approve a request for permissions](how-to-create-approve-privilege-request.md).