Merge pull request #234373 from markwahl-msft/mwahl-fun-gov

Azure AD: fundamentals: clarify relationship of Azure AD Premium P2 and Identity Governance

Author: prmerger-automator[bot]

articles/active-directory/fundamentals/3-secure-access-plan.md

@@ -139,16 +139,16 @@ Generally, organizations customize policy, however consider the following parame
 
 ## Access control methods
 
-Some features, for example entitlement management, are available with an Azure AD Premium 2 (P2) license. Microsoft 365 E5 and Office 365 E5 licenses include Azure AD P2 licenses. Learn more in the following entitlement management section.
+Some features, for example entitlement management, are available with an Azure AD Premium 2 (P2) license. Microsoft 365 E5 and Office 365 E5 licenses include Azure AD Premium P2 licenses. Learn more in the following entitlement management section.
 
 > [!NOTE]
-> Licenses are for one user. Therefore users, administrators, and business owners can have delegated access control. This scenario can occur with Azure AD P2 or Microsoft 365 E5, and you don't have to enable licenses for all users. The first 50,000 external users are free. If you don't enable P2 licenses for other internal users, they can't use entitlement management. 
+> Licenses are for one user. Therefore users, administrators, and business owners can have delegated access control. This scenario can occur with Azure AD Premium P2 or Microsoft 365 E5, and you don't have to enable licenses for all users. The first 50,000 external users are free. If you don't enable P2 licenses for other internal users, they can't use entitlement management. 
 
 Other combinations of Microsoft 365, Office 365, and Azure AD have functionality to manage external users. See, [Microsoft 365 guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
 
-## Govern access with Azure AD P2 and Microsoft 365 or Office 365 E5
+## Govern access with Azure AD Premium P2 and Microsoft 365 or Office 365 E5
 
-Azure AD P2 and Microsoft 365 E5 have all the security and governance tools.
+Azure AD Premium P2, included in Microsoft 365 E5, has additional security and governance capabilities.
 
 ### Provision, sign-in, review access, and deprovision access
 
@@ -178,7 +178,7 @@ Use entitlement management to provision and deprovision access to groups and tea
 
 Learn more: [Create a new access package in entitlement management](../governance/entitlement-management-access-package-create.md) 
 
-## Governance with Azure AD P1, Microsoft 365, Office 365 E3
+## Manage access with Azure AD P1, Microsoft 365, Office 365 E3
 
 ### Provision, sign-in, review access, and deprovision access
 

articles/active-directory/fundamentals/9-secure-access-teams-sharepoint.md

@@ -55,7 +55,7 @@ Guest invite settings determine who invites guests and how guests are invited. T
 
 * The IT team:
   * After training is complete, the IT team grants the Guest Inviter role
-  * To enable access reviews, assigns Azure AD P2 license to the Microsoft 365 group owner
+  * Ensures there are sufficient Azure AD Premium P2 licenses for the Microsoft 365 group owners who will review
   * Creates a Microsoft 365 group access review
   * Confirms access reviews occur
   * Removes users added to SharePoint

articles/active-directory/fundamentals/active-directory-deployment-plans.md

@@ -96,9 +96,9 @@ The following list describes features and services for productivity gains in hyb
   * See, [B2B collaboration overview](../external-identities/what-is-b2b.md)
   * See, [Plan an Azure Active Directory B2B collaboration deployment](../fundamentals/secure-external-access-resources.md)
 
-## Governance and reporting
+## Identity Governance and reporting
 
-Use the following list to learn about governance and reporting. Items in the list refer to Microsoft Entra. 
+Use the following list to learn about identity governance and reporting. Items in the list refer to Microsoft Entra.
 
 Learn more: [Secure access for a connected world—meet Microsoft Entra](https://www.microsoft.com/en-us/security/blog/?p=114039)
 
@@ -112,8 +112,6 @@ Learn more: [Secure access for a connected world—meet Microsoft Entra](https:/
   * See, [Plan a Microsoft Entra access reviews deployment](../governance/deploy-access-reviews.md)  
 * **Identity governance** - Meet your compliance and risk management objectives for access to critical applications. Learn how to enforce accurate access.
   * See, [Govern access for applications in your environment](../governance/identity-governance-applications-prepare.md)
-  
-Learn more: [Azure governance documentation](../../governance/index.yml)
 
 ## Best practices for a pilot
 

articles/active-directory/fundamentals/active-directory-ops-guide-auth.md

@@ -44,7 +44,6 @@ As you review your list, you may find you need to either assign an owner for tas
 #### Owner recommended reading
 
 - [Assigning administrator roles in Azure Active Directory](../roles/permissions-reference.md)
-- [Governance in Azure](../../governance/index.yml)
 
 ## Credentials management
 
@@ -246,7 +245,7 @@ Conditional Access is an essential tool for improving the security posture of yo
 - Plan for [break glass](../roles/security-planning.md#break-glass-what-to-do-in-an-emergency) accounts without MFA controls
 - Ensure a consistent experience across Microsoft 365 client applications, for example, Teams, OneDrive, Outlook, etc.) by implementing the same set of controls for services such as Exchange Online and SharePoint Online
 - Assignment to policies should be implemented through groups, not individuals
-- Do regular reviews of the exception groups used in policies to limit the time users are out of the security posture. If you own Azure AD P2, then you can use access reviews to automate the process
+- Do regular reviews of the exception groups used in policies to limit the time users are out of the security posture. If you own Azure AD Premium P2, then you can use access reviews to automate the process
 
 #### Conditional Access recommended reading
 

articles/active-directory/fundamentals/active-directory-ops-guide-govern.md

@@ -45,7 +45,6 @@ As you review your list, you may find you need to either assign an owner for tas
 #### Owner recommended reading
 
 - [Assigning administrator roles in Azure Active Directory](../roles/permissions-reference.md)
-- [Governance in Azure](../../governance/index.yml)
 
 ### Configuration changes testing
 

articles/active-directory/fundamentals/active-directory-ops-guide-iam.md

@@ -41,7 +41,6 @@ As you review your list, you may find you need to either assign an owner for tas
 #### Assigning owners recommended reading
 
 - [Assigning administrator roles in Azure Active Directory](../roles/permissions-reference.md)
-- [Governance in Azure](../../governance/index.yml)
 
 ## On-premises identity synchronization
 

articles/active-directory/fundamentals/active-directory-ops-guide-intro.md

@@ -25,7 +25,7 @@ This operations reference guide describes the checks and actions you should take
 Some recommendations here might not be applicable to all customers’ environment, for example, AD FS best practices might not apply if your organization uses password hash sync.
 
 > [!NOTE]
-> These recommendations are current as of the date of publishing but can change over time. Organizations should continuously evaluate their identity practices as Microsoft products and services evolve over time. Recommendations can change when organizations subscribe to a different Azure AD Premium license. For example, Azure AD Premium P2 will include more governance recommendations.
+> These recommendations are current as of the date of publishing but can change over time. Organizations should continuously evaluate their identity practices as Microsoft products and services evolve over time. Recommendations can change when organizations subscribe to a different Azure AD Premium license.
 
 ## Stakeholders
 

articles/active-directory/fundamentals/active-directory-ops-guide-ops.md

@@ -45,7 +45,6 @@ As you review your list, you may find you need to either assign an owner for tas
 #### Owners recommended reading
 
 - [Assigning administrator roles in Azure Active Directory](../roles/permissions-reference.md)
-- [Governance in Azure](../../governance/index.yml)
 
 ## Hybrid management
 

articles/active-directory/fundamentals/concept-secure-remote-workers.md

@@ -94,7 +94,7 @@ The following table is intended to highlight the key actions for the following l
 
 The following table is intended to highlight the key actions for the following license subscriptions:
 
-- Azure Active Directory Premium P2 (Azure AD P2)
+- Azure Active Directory Premium P2
 - Enterprise Mobility + Security (EMS E5)
 - Microsoft 365 (E5, A5)