Merge pull request #235301 from rolyon/rolyon-rbac-custom-roles-management-group-scope-ga-update

[Azure RBAC] Custom roles for management groups update

Author: prmerger-automator[bot]

articles/governance/management-groups/overview.md

@@ -1,7 +1,7 @@
 ---
 title: Organize your resources with management groups - Azure Governance
 description: Learn about the management groups, how their permissions work, and how to use them.
-ms.date: 01/24/2023
+ms.date: 04/20/2023
 ms.topic: overview
 author: tfitzmac
 ms.author: tomfitz
@@ -139,11 +139,10 @@ details on moving items within the hierarchy.
 
 ## Azure custom role definition and assignment
 
-Azure custom role support for management groups is currently in preview with some
-[limitations](#limitations). You can define the management group scope in the Role Definition's
-assignable scope. That Azure custom role will then be available for assignment on that management
-group and any management group, subscription, resource group, or resource under it. This custom role
-will inherit down the hierarchy like any built-in role.
+You can define a management group as an assignable scope in an Azure custom role definition.
+The Azure custom role will then be available for assignment on that management
+group and any management group, subscription, resource group, or resource under it. The custom role
+will inherit down the hierarchy like any built-in role. For information about the limitations with custom roles and management groups, see [Limitations](#limitations).
 
 ### Example definition
 
@@ -232,13 +231,6 @@ There are limitations that exist when using custom roles on management groups.
   definition's assignable scope. If there's a typo or an incorrect management group ID listed, the
   role definition is still created.
 
-> [!IMPORTANT]
-> Adding a management group to `AssignableScopes` is currently in preview. This preview version is
-> provided without a service-level agreement, and it's not recommended for production workloads.
-> Certain features might not be supported or might have constrained capabilities. For more
-> information, see
-> [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
-
 ## Moving management groups and subscriptions
 
 To move a management group or subscription to be a child of another management group, three rules

articles/role-based-access-control/custom-roles.md

@@ -7,13 +7,13 @@ manager: amycolannino
 ms.service: role-based-access-control
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 04/05/2023
+ms.date: 04/20/2023
 ms.author: rolyon
 ---
 
 # Azure custom roles
 
-If the [Azure built-in roles](built-in-roles.md) don't meet the specific needs of your organization, you can create your own custom roles. Just like built-in roles, you can assign custom roles to users, groups, and service principals at management group (in preview only), subscription, and resource group scopes.
+If the [Azure built-in roles](built-in-roles.md) don't meet the specific needs of your organization, you can create your own custom roles. Just like built-in roles, you can assign custom roles to users, groups, and service principals at management group, subscription, and resource group scopes.
 
 Custom roles can be shared between subscriptions that trust the same Azure AD tenant. There is a limit of **5,000** custom roles per tenant. (For Azure China 21Vianet, the limit is 2,000 custom roles.) Custom roles can be created using the Azure portal, Azure PowerShell, Azure CLI, or the REST API.