MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 35 additions & 29 deletions b/‎.openpublishing.redirection.json
Lines changed: 35 additions & 29 deletions
diff --git a/‎articles/firewall/monitor-firewall.md
Lines changed: 1 addition & 1 deletion b/‎articles/firewall/monitor-firewall.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/role-based-access-control/TOC.yml
Lines changed: 2 additions & 0 deletions b/‎articles/role-based-access-control/TOC.yml
Lines changed: 2 additions & 0 deletions
diff --git a/‎articles/role-based-access-control/index.yml
Lines changed: 3 additions & 1 deletion b/‎articles/role-based-access-control/index.yml
Lines changed: 3 additions & 1 deletion
diff --git a/‎articles/role-based-access-control/whats-new.md
Lines changed: 59 additions & 0 deletions b/‎articles/role-based-access-control/whats-new.md
Lines changed: 59 additions & 0 deletions
@@ -28,7 +28,7 @@
     {
       "source_path": "articles/partner-solutions/logzio/troubleshoot.md",
       "redirect_url": "/previous-versions/azure/partner-solutions/logzio/troubleshoot",
-       "redirect_document_id": false
+      "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/hdinsight-aks/index.yml",
@@ -41,34 +41,34 @@
       "redirect_document_id": false
     },
     {
-        "source_path_from_root": "/articles/hdinsight-aks/prerequisites-subscription.md",
-        "redirect_url": "/previous-versions/azure/hdinsight-aks/quickstart-prerequisites-subscription",
-        "redirect_document_id": false
+      "source_path_from_root": "/articles/hdinsight-aks/prerequisites-subscription.md",
+      "redirect_url": "/previous-versions/azure/hdinsight-aks/quickstart-prerequisites-subscription",
+      "redirect_document_id": false
     },
     {
-        "source_path_from_root": "/articles/hdinsight-aks/release-notes/index.md",
-        "redirect_url": "/previous-versions/azure/hdinsight-aks/release-notes/hdinsight-aks-release-notes",
-        "redirect_document_id": false
+      "source_path_from_root": "/articles/hdinsight-aks/release-notes/index.md",
+      "redirect_url": "/previous-versions/azure/hdinsight-aks/release-notes/hdinsight-aks-release-notes",
+      "redirect_document_id": false
     },
     {
-        "source_path_from_root": "/articles/hdinsight-aks/prerequisites-resources.md",
-        "redirect_url": "/previous-versions/azure/hdinsight-aks/quickstart-prerequisites-resources",
-        "redirect_document_id": false
-    },    
+      "source_path_from_root": "/articles/hdinsight-aks/prerequisites-resources.md",
+      "redirect_url": "/previous-versions/azure/hdinsight-aks/quickstart-prerequisites-resources",
+      "redirect_document_id": false
+    },
     {
-        "source_path_from_root": "/articles/hdinsight-aks/spark/index.md",
-        "redirect_url": "/previous-versions/azure/hdinsight-aks/spark/hdinsight-on-aks-spark-overview",
-        "redirect_document_id": false
+      "source_path_from_root": "/articles/hdinsight-aks/spark/index.md",
+      "redirect_url": "/previous-versions/azure/hdinsight-aks/spark/hdinsight-on-aks-spark-overview",
+      "redirect_document_id": false
     },
     {
-        "source_path_from_root": "/articles/hdinsight-aks/get-started.md",
-        "redirect_url": "/previous-versions/azure/hdinsight-aks/quickstart-get-started",
-        "redirect_document_id": false
+      "source_path_from_root": "/articles/hdinsight-aks/get-started.md",
+      "redirect_url": "/previous-versions/azure/hdinsight-aks/quickstart-get-started",
+      "redirect_document_id": false
     },
     {
-        "source_path_from_root": "/articles/hdinsight-aks/trino/index.md",
-        "redirect_url": "/previous-versions/azure/hdinsight-aks/trino/trino-overview ",
-        "redirect_document_id": false
+      "source_path_from_root": "/articles/hdinsight-aks/trino/index.md",
+      "redirect_url": "/previous-versions/azure/hdinsight-aks/trino/trino-overview ",
+      "redirect_document_id": false
     },
     {
       "source_path": "articles/hdinsight-aks/cluster-storage.md",
@@ -1038,7 +1038,7 @@
     {
       "source_path": "articles/defender-for-iot/organizations/legacy-central-management/how-to-troubleshoot-on-premises-management-console.md",
       "redirect_url": "/previous-versions/azure/defender-for-iot/organizations/legacy-central-management/how-to-troubleshoot-on-premises-management-console",
-       "redirect_document_id": false
+      "redirect_document_id": false
     },
     {
       "source_path": "articles/defender-for-iot/organizations/legacy-central-management/legacy-air-gapped-deploy.md",
@@ -1530,7 +1530,7 @@
       "redirect_url": "/previous-versions/azure/partner-solutions/split-experimentation/troubleshoot",
       "redirect_document_id": false
     },
-     {
+    {
       "source_path": "articles/virtual-desktop/virtual-desktop-fall-2019/classic-retirement.md",
       "redirect_url": "/previous-versions/azure/virtual-desktop-classic/classic-retirement",
       "redirect_document_id": false
@@ -3039,7 +3039,8 @@
       "source_path_from_root": "/articles/ddos-protection/telemetry-monitoring-alerting.md",
       "redirect_url": "/azure/ddos-protection/telemetry",
       "redirect_document_id": false
-    },    {
+    },
+    {
       "source_path_from_root": "/articles/ddos-protection/telemetry.md",
       "redirect_url": "/azure/ddos-protection/monitor-ddos-protection",
       "redirect_document_id": false
@@ -3333,7 +3334,7 @@
       "source_path_from_root": "/articles/dns/dns-alerts-metrics.md",
       "redirect_url": "/azure/dns/monitor-dns",
       "redirect_document_id": false
-    },    
+    },
     {
       "source_path_from_root": "/articles/docker/index.yml",
       "redirect_url": "/dotnet/architecture/microservices/container-docker-introduction/docker-defined",
@@ -5708,8 +5709,8 @@
       "source_path_from_root": "/articles/defender-for-iot/device-builders/defender-iot-firmware-analysis-rbac.md",
       "redirect_url": "/azure/firmware-analysis/overview-firmware-analysis",
       "redirect_document_id": false
-     },
-     {
+    },
+    {
       "source_path_from_root": "/articles/virtual-network/ip-services/public-ip-upgrade-portal.md",
       "redirect_url": "/azure/virtual-network/ip-services/public-ip-upgrade",
       "redirect_document_id": false
@@ -5763,7 +5764,7 @@
       "source_path_from_root": "/articles/load-balancer/move-across-regions-external-load-balancer-powershell.md",
       "redirect_url": "/azure/load-balancer/move-across-regions-azure-load-balancer",
       "redirect_document_id": false
-    },    
+    },
     {
       "source_path_from_root": "/articles/load-balancer/move-across-regions-internal-load-balancer-portal.md",
       "redirect_url": "/azure/load-balancer/move-across-regions-azure-load-balancer",
@@ -5872,7 +5873,7 @@
     {
       "source_path": "articles/virtual-desktop/troubleshoot-management-issues.md",
       "redirect_url": "/troubleshoot/azure/virtual-desktop/troubleshoot-management-issues",
-      "redirect_document_id": false  
+      "redirect_document_id": false
     },
     {
       "source_path": "articles/virtual-desktop/troubleshoot-multimedia-redirection.md",
@@ -5943,6 +5944,11 @@
       "source_path_from_root": "/articles/managed-grafana/how-to-share-grafana-workspace.md",
       "redirect_url": "/azure/managed-grafana/how-to-manage-access-permissions-users-identities",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/sentinel/resources.md",
+      "redirect_url": "/azure/sentinel/overview",
+      "redirect_document_id": false
     }
   ]
-}
+}
@@ -86,7 +86,7 @@ In **Resource specific** mode, individual tables in the selected workspace are c
 New resource specific tables are now available in Diagnostic setting that allows you to utilize the following categories:
 
 - [Network rule log](/azure/azure-monitor/reference/tables/azfwnetworkrule) - Contains all Network Rule log data. Each match between data plane and network rule creates a log entry with the data plane packet and the matched rule's attributes.
-- [NAT rule log](/azure/azure-monitor/reference/tables/azfwnatrule) - Contains all DNAT (Destination Network Address Translation) events log data. Each match between data plane and DNAT rule creates a log entry with the data plane packet and the matched rule's attributes.
+- [NAT rule log](/azure/azure-monitor/reference/tables/azfwnatrule) - Contains all DNAT (Destination Network Address Translation) events log data. Each match between data plane and DNAT rule creates a log entry with the data plane packet and the matched rule's attributes. Asa note, the AZFWNATRule table logs only when a DNAT rule match occurs. If there is no match, no log is generated. 
 - [Application rule log](/azure/azure-monitor/reference/tables/azfwapplicationrule) - Contains all Application rule log data. Each match between data plane and Application rule creates a log entry with the data plane packet and the matched rule's attributes.
 - [Threat Intelligence log](/azure/azure-monitor/reference/tables/azfwthreatintel) - Contains all Threat Intelligence events.
 - [IDPS log](/azure/azure-monitor/reference/tables/azfwidpssignature) - Contains all data plane packets that were matched with one or more IDPS signatures.
 
@@ -9,6 +9,8 @@
     href: conditions-overview.md
   - name: Understand the different roles
     href: rbac-and-directory-admin-roles.md
+  - name: What's new in docs
+    href: whats-new.md
 - name: Quickstarts
   items:
   - name: Check access for a user
 
@@ -11,7 +11,7 @@ metadata:
   author: rolyon
   manager: amycolannino
   ms.author: rolyon
-  ms.date: 03/24/2024
+  ms.date: 02/18/2025
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 
@@ -25,6 +25,8 @@ landingContent:
             url: overview.md
           - text: Understand the different roles
             url: rbac-and-directory-admin-roles.md
+          - text: "What's new in docs"
+            url: whats-new.md
       - linkListType: video
         links: 
           - text: "Microsoft Ignite: Lock down access to Azure"
 
@@ -0,0 +1,59 @@
+---
+title: What's new in Azure RBAC
+description: Learn about the new features and documentation improvements in Azure role-based access control (RBAC).
+author: rolyon
+manager: amycolannino
+ms.service: role-based-access-control
+ms.topic: whats-new
+ms.date: 02/18/2025
+ms.author: rolyon
+
+---
+
+# What's new in Azure RBAC
+
+This article provides information about new features and documentation improvements in Azure role-based access control (RBAC).
+
+## 2025
+
+| Date | Area | Description |
+| --- | --- | --- |
+| February 2025 | Security | Added instructions for how to detect elevate access events using Microsoft Sentinel. See [Detect elevate access events using Microsoft Sentinel](elevate-access-global-admin.md#detect-elevate-access-events-using-microsoft-sentinel). |
+| February 2025 | Permissions | Updated list of permissions for the Azure Container Registry. See [Microsoft.ContainerRegistry](permissions/containers.md#microsoftcontainerregistry). |
+| February 2025 | Roles | Added [Locks Contributor](built-in-roles/security.md#locks-contributor) role. |
+| February 2025 | Subscriptions | Updated list of known impact when transferring a subscription. See [Understand the impact of transferring a subscription](transfer-subscription.md#understand-the-impact-of-transferring-a-subscription). |
+| January 2025 | Security | Preview of elevate access log entries in the Microsoft Entra directory audit logs. See [View elevate access log entries](elevate-access-global-admin.md#view-elevate-access-log-entries). |
+| January 2025 | Roles | Updated descriptions for roles with `*/read` permissions.<br/>[App Compliance Automation Administrator](built-in-roles/security.md#app-compliance-automation-administrator)<br/>[App Compliance Automation Reader](built-in-roles/security.md#app-compliance-automation-reader)<br/>[Log Analytics Contributor](built-in-roles/analytics.md#log-analytics-contributor)<br/>[Log Analytics Reader](built-in-roles/analytics.md#log-analytics-reader)<br/>[Managed Application Contributor Role](built-in-roles/management-and-governance.md#managed-application-contributor-role)<br/>[Managed Application Operator Role](built-in-roles/management-and-governance.md#managed-application-operator-role)<br/>[Managed Applications Reader](built-in-roles/management-and-governance.md#managed-applications-reader)<br/>[Monitoring Contributor](built-in-roles/monitor.md#monitoring-contributor)<br/>[Monitoring Reader](built-in-roles/monitor.md#monitoring-reader)<br/>[Reader](built-in-roles/general.md#reader)<br/>[Resource Policy Contributor](built-in-roles/management-and-governance.md#resource-policy-contributor)<br/>[Role Based Access Control Administrator](built-in-roles/privileged.md#role-based-access-control-administrator)<br/>[User Access Administrator](built-in-roles/privileged.md#user-access-administrator) |
+| January 2025 | Roles | Added Azure Chaos Studio roles. See [Chaos Studio Experiment Contributor](built-in-roles/devops.md#chaos-studio-experiment-contributor), [Chaos Studio Operator](built-in-roles/devops.md#chaos-studio-operator), and [Chaos Studio Reader](built-in-roles/devops.md#chaos-studio-reader). |
+| January 2025 | Roles | Added Azure Container Registry roles.<br/>[Container Registry Configuration Reader and Data Access Configuration Reader](built-in-roles/containers.md#container-registry-configuration-reader-and-data-access-configuration-reader)<br/>[Container Registry Contributor and Data Access Configuration Administrator](built-in-roles/containers.md#container-registry-contributor-and-data-access-configuration-administrator)<br/>[Container Registry Data Importer and Data Reader](built-in-roles/containers.md#container-registry-data-importer-and-data-reader)<br/>[Container Registry Repository Catalog Lister](built-in-roles/containers.md#container-registry-repository-catalog-lister)<br/>[Container Registry Repository Contributor](built-in-roles/containers.md#container-registry-repository-contributor)<br/>[Container Registry Repository Reader](built-in-roles/containers.md#container-registry-repository-reader)<br/>[Container Registry Repository Writer](built-in-roles/containers.md#container-registry-repository-writer)<br/>[Container Registry Tasks Contributor](built-in-roles/containers.md#container-registry-tasks-contributor)<br/>[Container Registry Transfer Pipeline Contributor](built-in-roles/containers.md#container-registry-transfer-pipeline-contributor) |
+| January 2025 | Roles and permissions | Updated permissions for several roles and resource providers. See [Azure built-in roles](built-in-roles.md) and [Azure permissions](resource-provider-operations.md). |
+| January 2025 | REST API | Updated how to list a role definition with a specified role name. See [List role definitions](role-definitions-list.yml#rest-api). |
+
+## 2024
+
+| Date | Area | Description |
+| --- | --- | --- |
+| December 2024 | Role assignments | Documented check access improvements on the **Access control (IAM) page**. See [Quickstart: Check access for a user to a single Azure resource](check-access.md). |
+| December 2024 | Security | Documented improvements for how to view users with elevated access and how to remove this elevated access. See [View users with elevated access](elevate-access-global-admin.md#view-users-with-elevated-access). |
+| December 2024 | Roles | Added [Compute Gallery Image Reader](built-in-roles/compute.md#compute-gallery-image-reader) role. |
+| December 2024 | Roles | Added [Azure Stack HCI Connected InfraVMs](built-in-roles/hybrid-multicloud.md#azure-stack-hci-connected-infravms) role. |
+| December 2024 | Roles and permissions | Updated permissions for several roles and resource providers. See [Azure built-in roles](built-in-roles.md) and [Azure permissions](resource-provider-operations.md). |
+| November 2024 | Role assignments | General availability of the integration of Azure RBAC and Microsoft Entra Privileged Identity Management (PIM) to create eligible and time-bound role assignments. See [Eligible and time-bound role assignments in Azure RBAC](pim-integration.md), [Assign Azure roles using the Azure portal](role-assignments-portal.yml#step-6-select-assignment-type), and [Activate eligible Azure role assignments](role-assignments-eligible-activate.md). |
+| November 2024 | Roles | Added [Azure Managed Grafana Workspace Contributor](built-in-roles/monitor.md#azure-managed-grafana-workspace-contributor) role. |
+| October 2024 | Roles | Added Azure Service Fabric roles. See [Service Fabric Cluster Contributor](built-in-roles/containers.md#service-fabric-cluster-contributor) and [Service Fabric Managed Cluster Contributor](built-in-roles/containers.md#service-fabric-managed-cluster-contributor). |
+| October 2024 | Roles | Updated [Cognitive Services Data Reader](built-in-roles/ai-machine-learning.md#cognitive-services-data-reader) role. |
+| September 2024 | Roles | Added Azure Kubernetes roles. See [Azure Kubernetes Service Arc Cluster Admin Role](built-in-roles/containers.md#azure-kubernetes-service-arc-cluster-admin-role), [Azure Kubernetes Service Arc Cluster User Role](built-in-roles/containers.md#azure-kubernetes-service-arc-cluster-user-role), and [Azure Kubernetes Service Arc Contributor Role](built-in-roles/containers.md#azure-kubernetes-service-arc-contributor-role). |
+| September 2024 | Roles and permissions | Added de-identification service roles in Azure Health Data Services. See [DeID Batch Data Owner](built-in-roles/integration.md#deid-batch-data-owner), [DeID Batch Data Reader](built-in-roles/integration.md#deid-batch-data-reader), [DeID Data Owner](built-in-roles/integration.md#deid-data-owner), [DeID Realtime Data User](built-in-roles/integration.md#deid-realtime-data-user), and [Microsoft.HealthDataAIServices](permissions/integration.md#microsofthealthdataaiservices). |
+| September 2024 | Roles | Added app configuration roles. See [App Configuration Contributor](built-in-roles/integration.md#app-configuration-contributor) and [App Configuration Reader](built-in-roles/integration.md#app-configuration-reader). |
+| September 2024 | Roles | Added Privileged category. See [Azure built-in roles for Privileged](built-in-roles/privileged.md). |
+| August 2024 | Security | Updates about classic administrators retirement. See [Azure classic subscription administrators](classic-administrators.md). |
+| August 2024 | Role assignments | Updates to scope for the integration of Azure RBAC and Microsoft Entra Privileged Identity Management (PIM). See [Eligible and time-bound role assignments in Azure RBAC](pim-integration.md). |
+| July 2024 | Roles | Added Azure Compute Gallery roles. See [Compute Gallery Artifacts Publisher](built-in-roles/compute.md#compute-gallery-artifacts-publisher) and [Compute Gallery Sharing Admin](built-in-roles/compute.md#compute-gallery-sharing-admin). |
+| June 2024 | Roles | Added Azure AI roles. See [Azure AI Developer](built-in-roles/ai-machine-learning.md#azure-ai-developer), [Azure AI Enterprise Network Connection Approver](built-in-roles/ai-machine-learning.md#azure-ai-enterprise-network-connection-approver), and [Azure AI Inference Deployment Operator](built-in-roles/ai-machine-learning.md#azure-ai-inference-deployment-operator). |
+| June 2024 | Role assignments | Preview of the integration of Azure RBAC and Microsoft Entra Privileged Identity Management (PIM) to create eligible and time-bound role assignments. See [Eligible and time-bound role assignments in Azure RBAC](pim-integration.md), [Assign Azure roles using the Azure portal](role-assignments-portal.yml#step-6-select-assignment-type), and [Activate eligible Azure role assignments](role-assignments-eligible-activate.md). |
+
+## Related content
+
+- [Azure documentation](/azure/)
+- [Azure Updates](https://azure.microsoft.com/updates/)
+- [Microsoft Azure Blog - Announcements](https://azure.microsoft.com/blog/content-type/announcements/)