Merge pull request #229449 from RoseHJM/ade-mdb-update-rbac

ADE + MDB - Update RBAC instructions

Author: v-dirichards

articles/deployment-environments/how-to-configure-deployment-environments-user.md

@@ -26,41 +26,44 @@ When you assign the role at the project level, the user can perform the precedin
 
 ## Assign permissions to developers for a project
 
-1. Select the project that you want your development team members to be able to access.
-2. Select **Access control (IAM)** from the left menu.
+1. In the Azure portal, go to your project.
 
-   :::image type="content" source=".\media\configure-deployment-environments-user\access-control-page.png" alt-text="Screenshot that shows the link to the access control page.":::
+1. In the left menu, select **Access control (IAM)**.
 
-3. Select **Add** > **Add role assignment**.
+1. Select **Add** > **Add role assignment**.
 
-   :::image type="content" source=".\media\configure-deployment-environments-user\add-role-assignment.png" alt-text="Screenshot that shows the menu option for adding a role assignment.":::
+1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
+    
+    | Setting | Value |
+    | --- | --- |
+    | **Role** | Select **[Deployment Environments User](how-to-configure-deployment-environments-user.md)**. |
+    | **Assign access to** | Select **User, group, or service principal**. |
+    | **Members** | Select the users or groups you want to have access to the project. |
 
-4. On the **Add role assignment** page, on the **Role** tab, search for **deployment environments user**, select the **Deployment Environments User** built-in role, and then select **Next**.
-5. On the **Members** tab, select **+ Select members**.
-6. In **Select members**, select the Active Directory users or groups that you want to add, and then choose **Select**.
-7. On the **Members** tab, select **Review + assign**.
+    :::image type="content" source="media/quickstart-create-configure-projects/add-role-assignment.png" alt-text="Screenshot that shows the Add role assignment pane.":::
 
 The users can now view the project and all the environment types that you've enabled within it. Users who have the Deployment Environments User role can also [create environments from the Azure CLI](./quickstart-create-access-environments.md).
 
 ## Assign permissions to developers for an environment type
 
 1. Select the project that you want your development team members to be able to access.
-2. Select **Environment types**, and then select the ellipsis (**...**) beside the specific environment type.
+1. Select **Environment types**, and then select the ellipsis (**...**) beside the specific environment type.
 
    :::image type="content" source=".\media\configure-deployment-environments-user\project-environment-types.png" alt-text="Screenshot that shows the environment types associated with a project.":::
 
-3. Select **Access control (IAM)**.
-
-   :::image type="content" source=".\media\configure-deployment-environments-user\access-control-page.png" alt-text="Screenshot that shows the link to the access control page.":::
+1. Select **Access control (IAM)**.
 
-4. Select **Add** > **Add role assignment**.
+1. Select **Add** > **Add role assignment**.
 
-   :::image type="content" source=".\media\configure-deployment-environments-user\add-role-assignment.png" alt-text="Screenshot that shows the menu option for adding a role assignment.":::
+1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
+    
+    | Setting | Value |
+    | --- | --- |
+    | **Role** | Select **[Deployment Environments User](how-to-configure-deployment-environments-user.md)**. |
+    | **Assign access to** | Select **User, group, or service principal**. |
+    | **Members** | Select the users or groups you want to have access to the project. |
 
-5. On the **Add role assignment** page, on the **Role** tab, search for **deployment environments user**, select the **Deployment Environments User** built-in role, and then select **Next**.
-6. On the **Members** tab, select **+ Select members**.
-7. In **Select members**, select the Active Directory users or groups that you want to add, and then choose **Select**.
-8. On the **Members** tab, select **Review + assign**.
+    :::image type="content" source="media/quickstart-create-configure-projects/add-role-assignment.png" alt-text="Screenshot that shows the Add role assignment pane.":::
 
 The users can now view the project and the specific environment type that you've granted them access to. Users who have the Deployment Environments User role can also [create environments by using the Azure CLI](./quickstart-create-access-environments.md).
 

articles/deployment-environments/how-to-configure-project-admin.md

@@ -28,25 +28,18 @@ When you assign the role at the project level, the user can perform the precedin
 ## Assign permissions to dev managers for a project
 
 1. Select the project that you want your development team members to be able to access.
-2. Select **Access control (IAM)** from the left menu.
+1. Select **Access control (IAM)** from the left menu.
+1. Select **Add** > **Add role assignment**.
 
-   :::image type="content" source=".\media\configure-project-admin\access-control-page.png" alt-text="Screenshot that shows the link to the access control page.":::
+1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
+    
+    | Setting | Value |
+    | --- | --- |
+    | **Role** | Select **DevCenter Project Admin**. |
+    | **Assign access to** | Select **User, group, or service principal**. |
+    | **Members** | Select the users or groups you want to have administrative access to the project. |
 
-3. Select **Add** > **Add role assignment**.
-
-   :::image type="content" source=".\media\configure-project-admin\add-role-assignment.png" alt-text="Screenshot that shows the menu option for adding a role assignment.":::
-
-4. On the **Add role assignment** page, on the **Role** tab, search for **devcenter project admin**, select the **DevCenter Project Admin** built-in role, and then select **Next**.
-
-   :::image type="content" source=".\media\configure-project-admin\built-in-role.png" alt-text="Screenshot that shows selecting the built-in DevCenter Project Admin role.":::
-
-5. On the **Members** tab, select **+ Select members**.
-
-    :::image type="content" source=".\media\configure-project-admin\select-role-members.png" alt-text="Screenshot that shows the link for selecting role members.":::
- 
-1. In **Select members**, select the Active Directory users or groups that you want to add, and then choose **Select**.
-
-7. On the **Members** tab, select **Review + assign**.
+    :::image type="content" source="media/configure-project-admin/add-role-assignment-admin.png" alt-text="Screenshot that shows the Add role assignment pane.":::
 
 The users can now view the project and manage all the environment types that you've enabled within it. DevCenter Project Admin users can also [create environments from the Azure CLI](./quickstart-create-access-environments.md).
 
@@ -57,21 +50,19 @@ The users can now view the project and manage all the environment types that you
 
    :::image type="content" source=".\media\configure-project-admin\project-environment-types.png" alt-text="Screenshot that shows the environment types associated with a project.":::
 
-3. Select **Access control (IAM)**.
-
-   :::image type="content" source=".\media\configure-project-admin\access-control-page.png" alt-text="Screenshot that shows the link to the access control page.":::
-
-4. Select **Add** > **Add role assignment**.
-
-   :::image type="content" source=".\media\configure-project-admin\add-role-assignment.png" alt-text="Screenshot that shows the menu option for adding a role assignment.":::
+1. In the left menu, select **Access control (IAM)**.
 
-5. On the **Add role assignment** page, on the **Role** tab, search for **devcenter project admin**, select the **DevCenter Project Admin** built-in role, and then select **Next**.
+1. Select **Add** > **Add role assignment**.
 
-   :::image type="content" source=".\media\configure-project-admin\built-in-role.png" alt-text="Screenshot that shows selecting the built-in DevCenter Project Admin role.":::
+1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
+    
+    | Setting | Value |
+    | --- | --- |
+    | **Role** | Select **DevCenter Project Admin**. |
+    | **Assign access to** | Select **User, group, or service principal**. |
+    | **Members** | Select the users or groups you want to have administrative access to the environment type. |
 
-6. On the **Members** tab, select **+ Select members**.
-7. In **Select members**, select the Active Directory users or groups that you want to add, and then choose **Select**.
-8. On the **Members** tab, select **Review + assign**.
+    :::image type="content" source="media/configure-project-admin/add-role-assignment-admin.png" alt-text="Screenshot that shows the Add role assignment pane.":::
 
 The users can now view the project and manage only the specific environment type that you've granted them access to. DevCenter Project Admin users can also [create environments by using the Azure CLI](./quickstart-create-access-environments.md).
 

articles/deployment-environments/media/configure-deployment-environments-user/add-role-assignment.png

@@ -65,11 +65,14 @@ In this quickstart you assign the Owner role to the system-assigned managed iden
 
     :::image type="content" source="media/quickstart-create-configure-projects/system-assigned-managed-identity.png" alt-text="Screenshot that shows a system-assigned managed identity with Role assignments highlighted.":::
 
-1. In Azure role assignments, select **Add role assignment (Preview)**, and then enter or select the following information:
-    - In **Scope**, select **Subscription**.
-    - In **Subscription**, select the subscription in which to use the managed identity.
-    - In **Role**, select **Owner**.
-    - Select **Save**.
+1. In Azure role assignments, select **Add role assignment (Preview)**, enter or select the following information, and then select **Save**:
+    
+    |Name     |Value     |
+    |---------|----------|
+    |**Scope**|Subscription|
+    |**Subscription**|Select the subscription in which to use the managed identity.|
+    |**Role**|Owner|
+
 ## Configure a project
 
 To configure a project, add a [project environment type](how-to-configure-project-environment-types.md):
@@ -104,12 +107,13 @@ To configure a project, add a [project environment type](how-to-configure-projec
 
 1. Select **Add** > **Add role assignment**.
 
-    :::image type="content" source="media/quickstart-create-configure-projects/project-access-control-page.png" alt-text="Screenshot that shows the Access control pane.":::
-
-1. In **Add role assignment**, enter the following information, and then select **Save**:
-
-    1. On the **Role** tab, select either [DevCenter Project Admin](how-to-configure-project-admin.md) or [Deployment Environments user](how-to-configure-deployment-environments-user.md).
-    1. On the **Members** tab, select either a **User, group, or service principal** or a **Managed identity** to assign access.
+1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
+    
+    | Setting | Value |
+    | --- | --- |
+    | **Role** | Select **[Deployment Environments User](how-to-configure-deployment-environments-user.md)**. |
+    | **Assign access to** | Select **User, group, or service principal**. |
+    | **Members** | Select the users or groups you want to have access to the project. |
 
     :::image type="content" source="media/quickstart-create-configure-projects/add-role-assignment.png" alt-text="Screenshot that shows the Add role assignment pane.":::
 

articles/deployment-environments/media/configure-deployment-environments-user/project-environment-types.png

@@ -74,35 +74,30 @@ Follow these steps to manually assign each role:
 
 1. Select the **Access Control (IAM)** menu item.
 
-1. Select **+ Add** > **Add role assignment**.
+1. Select **Add** > **Add role assignment**.
 
-1. On the Role tab, select **Reader**, and then select **Next**.
-
-1. On the Members tab, select **+ Select Members**.
-
-1. In Select members, search for *Windows 365*, select **Windows 365** from the list, and then select **Select**. 
-
-1. On the Members tab, select **Next**.
-
-1. On the Review + assign tab, select **Review + assign**.
+1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
+    
+    | Setting | Value |
+    | --- | --- |
+    | **Role** | Select **Reader**. |
+    | **Assign access to** | Select **User, group, or service principal**. |
+    | **Members** | Search for and select **Windows 365**. |
 
 #### Dev center Managed Identity
 1. Open the gallery you want to attach to the dev center from the [Azure portal](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Compute%2Fgalleries). You can also search for Azure Compute Galleries to find your gallery.
 
 1. Select **Access Control (IAM)** from the left menu.
 
-1. Select **+ Add** > **Add role assignment**.
-
-1. On the Role tab, select the **Contributor** role, and then select **Next**.
-
-1. On the Members tab, under **Assign access to**, select **Managed Identity**, and then select **+ Select Members**.
-
-1. In Select managed identities, search for and select the user assigned managed identity you created in "Create a Dev center Managed Identity" and then select 
-**Select**.
-
-1. On the Members tab, select **Next**.
+1. Select **Add** > **Add role assignment**.
 
-1. On the Review + assign tab, select **Review + assign**.
+1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
+    
+    | Setting | Value |
+    | --- | --- |
+    | **Role** | Select **Contributor**. |
+    | **Assign access to** | Select **Managed Identity**. |
+    | **Members** | Search for and select the user assigned managed identity you created in [Add a user assigned identity to dev center](#add-a-user-assigned-identity-to-dev-center). |
 
 You can use the same managed identity in multiple DevCenters and Azure Compute Galleries. Any DevCenter with the managed identity added will have the necessary permissions to the images in the Azure Compute Gallery you've added the owner role assignment to.
 

articles/deployment-environments/media/configure-project-admin/add-role-assignment-admin.png

@@ -36,25 +36,17 @@ A DevCenter Dev Box User can:
 
 1. Select **Access Control (IAM)** from the left menu.
 
-   :::image type="content" source="./media/how-to-dev-box-user/access-control-tab.png " alt-text="Screenshot showing the Project Access control page with the Access Control link highlighted.":::
-
 1. Select **Add** > **Add role assignment**.
- 
-   :::image type="content" source="./media/how-to-dev-box-user/add-role-assignment.png" alt-text="Screenshot showing the Add menu with Add role assignment highlighted.":::
-
-1. On the Add role assignment page, on the Role tab, search for *devcenter dev box user*, select the **DevCenter Dev Box User** built-in role, and then select **Next**.
- 
-   :::image type="content" source="./media/how-to-dev-box-user/dev-box-user-role.png" alt-text="Screenshot showing the search box.":::
 
-1. On the Members tab, select **+ Select Members**.
- 
-   :::image type="content" source="./media/how-to-dev-box-user/dev-box-user-select-members.png" alt-text="Screenshot showing the Members tab with Select members highlighted.":::
-
-1. In **Select members**, select the Active Directory Users or Groups you want to add, and then select **Select**.
- 
-   :::image type="content" source="./media/how-to-dev-box-user/select-members-search.png" alt-text="Screenshot showing the Select members pane with a user account highlighted.":::
+1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
+    
+    | Setting | Value |
+    | --- | --- |
+    | **Role** | Select **DevCenter Dev Box User**. |
+    | **Assign access to** | Select **User, group, or service principal**. |
+    | **Members** | Select the users or groups you want to have access to the project. |
 
-1. On the Members tab, select **Review + assign**.
+    :::image type="content" source="media/how-to-dev-box-user/add-role-assignment-user.png" alt-text="Screenshot that shows the Add role assignment pane.":::
 
 The user will now be able to view the project and all the pools within it. Dev box users can create dev boxes from any of the pools and manage those dev boxes from the [developer portal](https://aka.ms/devbox-portal).