Merge pull request #241849 from jenniferf-skc/contentfreshness2

Content freshness updates round 2 for 6_16

Author: v-shils

articles/active-directory/cloud-infrastructure-entitlement-management/TOC.yml

@@ -27,16 +27,13 @@
         href: onboard-enable-controller-after-onboarding.md
       - name: Add an account/ subscription/ project after onboarding is complete
         href: onboard-add-account-after-onboarding.md
-    - name: View risk metrics in your authorization system
+    - name: View information about your Authorization Systems
       expanded: false
       items:
       - name: View key statistics and data about your authorization system
         href: ui-dashboard.md
       - name: View data about the activity in your authorization system
         href: product-dashboard.md  
-    - name: View information about your Authorization Systems
-      expanded: false
-      items:
       - name: View and configure settings for data collection
         href: product-data-sources.md
       - name: View current billable resources in your authorization system

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-recommendations-rule.md

@@ -1,14 +1,14 @@
 ---
-title: Generate, view, and apply rule recommendations in the Autopilot dashboard in Permissions Management
-description: How to generate, view, and apply rule recommendations in the Autopilot dashboard in Permissions Management.
+title: Generate, view, and apply rule recommendations in the Microsoft Entra Permissions Management Autopilot dashboard
+description: How to generate, view, and apply rule recommendations in the Microsoft Entra Permissions Management Autopilot dashboard.
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
 ms.service: active-directory 
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/23/2022
+ms.date: 06/16/2023
 ms.author: jfields
 ---
 

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-revoke-task-readonly-status.md

@@ -1,14 +1,14 @@
 ---
-title: Revoke access to high-risk and unused tasks or assign read-only status for Microsoft Azure and Google Cloud Platform (GCP) identities in the Remediation dashboard in Permissions Management
-description: How to revoke access to high-risk and unused tasks or assign read-only status for Microsoft Azure and Google Cloud Platform (GCP) identities in the Remediation dashboard in Permissions Management.
+title: Revoke access to high-risk and unused tasks or assign read-only status for Microsoft Azure and Google Cloud Platform (GCP) identities in the Remediation dashboard
+description: How to revoke access to high-risk and unused tasks or assign read-only status for Microsoft Azure and Google Cloud Platform (GCP) identities in the Remediation dashboard.
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
 ms.service: active-directory 
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/23/2022
+ms.date: 06/16/2023
 ms.author: jfields
 ---
 
@@ -99,7 +99,7 @@ This article describes how you can revoke high-risk and unused tasks or assign r
 - For information on how to create a role/policy, see [Create a role/policy](how-to-create-role-policy.md).
 - For information on how to clone a role/policy, see [Clone a role/policy](how-to-clone-role-policy.md).
 - For information on how to delete a role/policy, see [Delete a role/policy](how-to-delete-role-policy.md).
-- For information on how to modify a role/policy, see Modify a role/policy](how-to-modify-role-policy.md).
+- For information on how to modify a role/policy, see [Modify a role/policy](how-to-modify-role-policy.md).
 - To view information about roles/policies, see [View information about roles/policies](how-to-view-role-policy.md).
 - For information on how to attach and detach permissions for AWS identities, see [Attach and detach policies for AWS identities](how-to-attach-detach-permissions.md).
 - For information on how to add and remove roles and tasks for Azure and GCP identities, see [Add and remove roles and tasks for Azure and GCP identities](how-to-attach-detach-permissions.md).

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-view-role-policy.md

@@ -1,14 +1,14 @@
 ---
-title: View information about roles/ policies in the Remediation dashboard in Permissions Management
-description: How to view and filter information about roles/ policies in the Remediation dashboard in Permissions Management.
+title: View information about roles/ policies in the Remediation dashboard
+description: How to view and filter information about roles/ policies in the Microsoft Entra Permissions Management Remediation dashboard.
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
 ms.service: active-directory 
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/23/2022
+ms.date: 06/16/2023
 ms.author: jfields
 ---
 
@@ -61,9 +61,6 @@ The **Remediation** dashboard in Permissions Management enables system administr
         - The **Role Policy Details** report in CSV format.
         - The **Reports** dashboard where you can configure how and when you can automatically receive reports.
 
-
-
-
 ## Filter information about roles/policies
 
 1. On the Permissions Management home page, select the **Remediation** dashboard, and then select the **Role/Policies** tab.
@@ -91,7 +88,7 @@ The **Remediation** dashboard in Permissions Management enables system administr
 - For information on how to create a role/policy, see [Create a role/policy](how-to-create-role-policy.md).
 - For information on how to clone a role/policy, see [Clone a role/policy](how-to-clone-role-policy.md).
 - For information on how to delete a role/policy, see [Delete a role/policy](how-to-delete-role-policy.md).
-- For information on how to modify a role/policy, see Modify a role/policy](how-to-modify-role-policy.md).
+- For information on how to modify a role/policy, see [Modify a role/policy](how-to-modify-role-policy.md).
 - For information on how to attach and detach permissions AWS identities, see [Attach and detach policies for AWS identities](how-to-attach-detach-permissions.md).
 - For information on how to revoke high-risk and unused tasks or assign read-only status for Azure and GCP identities, see [Revoke high-risk and unused tasks or assign read-only status for Azure and GCP identities](how-to-revoke-task-readonly-status.md)
 - For information on how to create or approve a request for permissions, see [Create or approve a request for permissions](how-to-create-approve-privilege-request.md).

articles/active-directory/cloud-infrastructure-entitlement-management/integration-api.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/23/2022
+ms.date: 06/16/2023
 ms.author: jfields
 ---
 
@@ -27,7 +27,6 @@ The **Integrations** dashboard displays the authorization systems available to y
 1. Select an authorization system tile to view the following integration information:
 
     1. To find out more about the Permissions Management API, select **Permissions Management API**, and then select documentation.
-        <!---Add Link: [documentation](https://developer.cloudknox.io/)--->
 
     1. To view information about service accounts, select **Integration**:
         - **Email**: Lists the email address of the user who created the integration.
@@ -93,9 +92,3 @@ The **Integrations** dashboard displays the authorization systems available to y
     - **Action (after the key rotation period ends)**: Select **Disable Action Key** or **No Action**.
 
 5. Click **Save**.
-
-<!---## Next steps--->
-
-<!---View integrated authorization systems](product-integrations)--->
-<!---[Installation overview](installation.md)--->
-<!---[Sign up and deploy FortSentry registration](fortsentry-registration.md)--->

articles/active-directory/cloud-infrastructure-entitlement-management/multi-cloud-glossary.md

@@ -1,22 +1,22 @@
 ---
-title: Permissions Management glossary
-description:  Permissions Management glossary
+title: Microsoft Entra Permissions Management glossary
+description: Microsoft Entra Permissions Management glossary
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
 ms.service: active-directory 
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 02/23/2022
+ms.date: 06/16/2023
 ms.author: jfields
 ---
 
-# The Permissions Management glossary
+# The Microsoft Entra Permissions Management glossary
 
-This glossary provides a list of some of the commonly used cloud terms in Permissions Management. These terms will help Permissions Management users navigate through cloud-specific terms and cloud-generic terms.
+This glossary provides a list of some of the commonly used cloud terms in Microsoft Entra Permissions Management. These terms help Permissions Management users navigate through cloud-specific terms and cloud-generic terms.
 
-## Commonly-used acronyms and terms
+## Commonly used acronyms and terms
 
 | Term                  | Definition                                          |
 |-----------------------|-----------------------------------------------------|
@@ -51,7 +51,7 @@ This glossary provides a list of some of the commonly used cloud terms in Permis
 | JIT                    | Just in Time access can be seen as a way to enforce the principle of least privilege to ensure users and non-human identities are given the minimum level of privileges. It also ensures that privileged activities are conducted in accordance with an organization's Identity Access Management (IAM), IT Service Management (ITSM), and Privileged Access Management (PAM) policies, with its entitlements and workflows. JIT access strategy enables organizations to maintain a full audit trail of privileged activities so they can easily identify who or what gained access to which systems, what they did at what time, and for how long.     |
 | Least privilege        | Ensures that users only gain access to the specific tools they need to complete a task.  |
 | Multi-tenant            | A single instance of the software and its supporting infrastructure serves multiple customers. Each customer shares the software application and also shares a single database.                    |
-| OIDC                    | OpenID Connect. An authentication protocol that verifies user identity when a user is trying to access a protected HTTPs end point. OIDC is an evolutionary development of ideas implemented earlier in OAuth. |
+| OIDC                    | OpenID Connect. An authentication protocol that verifies user identity when a user is trying to access a protected HTTPS end point. OIDC is an evolutionary development of ideas implemented earlier in OAuth. |
 | PAM                   | Privileged access management. Tools that offer one or more of these features: discover, manage, and govern privileged accounts on multiple systems and applications; control access to privileged accounts, including shared and emergency access; randomize, manage, and vault credentials (password, keys, etc.) for administrative, service, and application accounts; single sign-on (SSO) for privileged access to prevent credentials from being revealed; control, filter, and orchestrate privileged commands, actions, and tasks; manage and broker credentials to applications, services, and devices to avoid exposure; and monitor, record, audit, and analyze privileged access, sessions, and actions. |
 | PASM                  | Privileged accounts are protected by vaulting their credentials. Access to those accounts is then brokered for human users, services, and applications. Privileged session management (PSM) functions establish sessions with possible credential injection and full session recording. Passwords and other credentials for privileged accounts are actively managed and changed at definable intervals or upon the occurrence of specific events. PASM solutions may also provide application-to-application password management (AAPM) and zero-install remote privileged access features for IT staff and third parties that don't require a VPN.  |
 | PEDM                  | Specific privileges are granted on the managed system by host-based agents to logged-in users. PEDM tools provide host-based command control (filtering); application allow, deny, and isolate controls; and/or privilege elevation. The latter is in the form of allowing particular commands to be run with a higher level of privileges. PEDM tools execute on the actual operating system at the kernel or process level. Command control through protocol filtering is explicitly excluded from this definition because the point of control is less reliable. PEDM tools may also provide file integrity monitoring features. |
@@ -75,4 +75,4 @@ This glossary provides a list of some of the commonly used cloud terms in Permis
 
 ## Next steps
 
-- For an overview of Permissions Management, see [What's Permissions Management?](overview.md).
+- For an overview of Permissions Management, see [What's Microsoft Entra Permissions Management?](overview.md).

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-add-account-after-onboarding.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/23/2022
+ms.date: 06/16/2023
 ms.author: jfields
 ---
 

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-aws.md

@@ -1,23 +1,23 @@
 ---
-title:  Onboard an Amazon Web Services (AWS) account on Permissions Management
-description: How to onboard an Amazon Web Services (AWS) account on Permissions Management.
+title:  Onboard an Amazon Web Services (AWS) account to Permissions Management
+description: How to onboard an Amazon Web Services (AWS) account to Permissions Management.
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
 ms.service: active-directory 
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 04/20/2022
+ms.date: 06/16/2023
 ms.author: jfields
 ---
 
 # Onboard an Amazon Web Services (AWS) account
 
-This article describes how to onboard an Amazon Web Services (AWS) account on Permissions Management.
+This article describes how to onboard an Amazon Web Services (AWS) account in Microsoft Entra Permissions Management.
 
 > [!NOTE]
-> A *global administrator* or *root user* (an admin for all authorization system types) can perform the tasks in this article after the global administrator has initially completed the steps provided in [Enable Permissions Management on your Azure Active Directory tenant](onboard-enable-tenant.md).
+> A *global administrator* or *super admin* (an admin for all authorization system types) can perform the tasks in this article after the global administrator has initially completed the steps provided in [Enable Microsoft Entra Permissions Management on your Azure Active Directory tenant](onboard-enable-tenant.md).
 
 ## Explanation
 
@@ -31,8 +31,6 @@ There are several moving parts across AWS and Azure, which are required to be co
 * An AWS Cross Account role assumed by OIDC role
 
 
-<!-- diagram from gargi -->
-
 ## Onboard an AWS account
 
 1. If the **Data Collectors** dashboard isn't displayed when Permissions Management launches:

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-azure.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 04/20/2022
+ms.date: 06/16/2023
 ms.author: jfields
 ---
 
@@ -136,5 +136,5 @@ To view status of onboarding after saving the configuration:
 - For information on how to onboard a Google Cloud Platform (GCP) project, see [Onboard a Google Cloud Platform (GCP) project](onboard-gcp.md).
 - For information on how to enable or disable the controller after onboarding is complete, see [Enable or disable the controller](onboard-enable-controller-after-onboarding.md).
 - For information on how to add an account/subscription/project after onboarding is complete, see [Add an account/subscription/project after onboarding is complete](onboard-add-account-after-onboarding.md).
-- For an overview on Permissions Management, see [What's Permissions Management?](overview.md).
+- For an overview on Permissions Management, see [What's Microsoft Entra Permissions Management?](overview.md).
 - For information on how to start viewing information about your authorization system in Permissions Management, see [View key statistics and data about your authorization system](ui-dashboard.md).

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-enable-controller-after-onboarding.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/13/2023
+ms.date: 06/16/2023
 ms.author: jfields
 ---
 
@@ -49,7 +49,7 @@ This article also describes how to enable the controller in Amazon Web Services
 
 ## Enable or disable the controller in Azure
 
-You can enable or disable the controller in Azure at the Subscription level of you Management Group(s).  
+You can enable or disable the controller in Azure at the Subscription level of your Management Group(s).  
 
 1. From the Azure **Home** page, select **Management groups**.
 1. Locate the group for which you want to enable or disable the controller, then select the arrow to expand the group menu and view your subscriptions. Alternatively, you can select the **Total Subscriptions** number listed for your group.
@@ -76,13 +76,13 @@ You can enable or disable the controller in Azure at the Subscription level of y
 
 1. Execute the **gcloud auth login**.
 1. Follow the instructions displayed on the screen to authorize access to your Google account.
-1. Execute the **sh mciem-workload-identity-pool.sh** to create the workload identity pool, provider, and service account.
-1. Execute the **sh mciem-member-projects.sh** to give Permissions Management permissions to access each of the member projects.
+1. Execute the ``sh mciem-workload-identity-pool.sh`` to create the workload identity pool, provider, and service account.
+1. Execute the ``sh mciem-member-projects.sh`` to give Permissions Management permissions to access each of the member projects.
 
     - If you want to manage permissions through Permissions Management, select **Y** to **Enable controller**.
     - If you want to onboard your projects in read-only mode, select **N** to **Disable controller**.
 
-1. Optionally, execute **mciem-enable-gcp-api.sh** to enable all recommended GCP APIs.
+1. Optionally, execute ``mciem-enable-gcp-api.sh`` to enable all recommended GCP APIs.
 
 1. Go to the Permissions Management home page, select **Settings** (the gear icon), and then select the **Data Collectors** subtab.
 1. On the **Data Collectors** dashboard, select **GCP**, and then select **Create Configuration**.