Merge pull request #238615 from billmath/govmarketing1

updating
MicrosoftDocs · Jun 30, 2023 · 3709592 · 3709592
2 parents 8e17d4d + 4af3077
commit 3709592
Show file tree

Hide file tree

Showing 47 changed files with 145 additions and 84 deletions.
diff --git a/docs/id-governance/access-reviews-application-preparation.md b/docs/id-governance/access-reviews-application-preparation.md
@@ -31,7 +31,7 @@ Organizations with compliance requirements or risk management plans will have se
 
 To use Azure AD for an access review of access to an application, you must have one of the following licenses in your tenant:
 
-* Azure AD Premium P2
+* Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance
 * Enterprise Mobility + Security (EMS) E5 license
 
 While using the access reviews feature does not require users to have those licenses assigned to them to use the feature, you'll need to have at least as many licenses in your tenant as the number of member (non-guest) users who will be configured as reviewers.

diff --git a/docs/id-governance/access-reviews-external-users.md b/docs/id-governance/access-reviews-external-users.md
@@ -19,7 +19,7 @@ ms.author: owinfrey
 This article describes features and methods that allow you to pinpoint and select external identities so that you can review them and remove them from Azure AD if they're no longer needed. The cloud makes it easier than ever to collaborate with internal or external users. Embracing Office 365, organizations start to see the proliferation of external identities (including guests), as users work together on data, documents, or digital workspaces such as Teams. Organizations need to balance, enabling collaboration and meeting security and governance requirements. Part of these efforts should include evaluating and cleaning out external users, who were invited for collaboration into your tenant, that originating from partner organizations, and removing them from your Azure AD when they're no longer needed.
 
 >[!NOTE]
->A valid Azure AD Premium P2, Enterprise Mobility + Security E5 paid, or trial license is required to use Azure AD access reviews. For more information, see [Azure Active Directory editions](../fundamentals/active-directory-whatis.md).
+>A valid Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance, Enterprise Mobility + Security E5 paid, or trial license is required to use Azure AD access reviews. For more information, see [Azure Active Directory editions](../fundamentals/active-directory-whatis.md).
 
 ## Why review users from external organizations in your tenant?
 

diff --git a/docs/id-governance/access-reviews-overview.md b/docs/id-governance/access-reviews-overview.md
@@ -63,7 +63,10 @@ Depending on what you want to review, you'll either create your access review in
 
 ## License requirements
 
-[!INCLUDE [Azure AD Premium P2 license](../../../includes/active-directory-p2-license.md)]
+[!INCLUDE [active-directory-p2-governance-license.md](../../../includes/active-directory-p2-governance-license.md)]
+
+>[!NOTE]
+>Creating a review on [inactive user](review-recommendations-access-reviews.md#inactive-user-recommendations) and with [use-to-group affiliation](review-recommendations-access-reviews.md#user-to-group-affiliation) recommendations requires a Microsoft Entra ID Governance license.
 
 ## Next steps
 

diff --git a/docs/id-governance/complete-access-review.md b/docs/id-governance/complete-access-review.md
@@ -25,7 +25,7 @@ As an administrator, you [create an access review of groups or applications](cre
 
 ## Prerequisites
 
-- Azure AD Premium P2
+- Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance
 - Global administrator, User administrator, or Identity Governance administrator to manage access of reviews on groups and applications. Global administrators and Privileged Role administrators can manage reviews of role-assignable groups See [Use Azure AD groups to manage role assignments](../roles/groups-concept.md)
 - Security readers have read access.
 

diff --git a/docs/id-governance/conditional-access-exclusion.md b/docs/id-governance/conditional-access-exclusion.md
@@ -22,7 +22,7 @@ ms.collection: M365-identity-device-management
 In an ideal world, all users follow the access policies to secure access to your organization's resources. However, sometimes there are business cases that require you to make exceptions. This article goes over some examples of situations where exclusions may be necessary. You, as the IT administrator, can manage this task, avoid oversight of policy exceptions, and provide auditors with proof that these exceptions are reviewed regularly using Azure Active Directory (Azure AD) access reviews.
 
 >[!NOTE]
-> A valid Azure AD Premium P2, Enterprise Mobility + Security E5 paid, or trial license is required to use Azure AD access reviews. For more information, see [Azure Active Directory editions](../fundamentals/active-directory-whatis.md).
+> A valid Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance, Enterprise Mobility + Security E5 paid, or trial license is required to use Azure AD access reviews. For more information, see [Azure Active Directory editions](../fundamentals/active-directory-whatis.md).
 
 ## Why would you exclude users from policies?
 

diff --git a/docs/id-governance/create-access-review-pim-for-groups.md b/docs/id-governance/create-access-review-pim-for-groups.md
@@ -22,7 +22,7 @@ This article describes how to create one or more access reviews for PIM for Grou
 
 ## Prerequisites
 
-- Azure AD Premium P2.
+- Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance.
 - Only Global administrators and Privileged Role administrators can create reviews on PIM for Groups. For more information, see [Use Azure AD groups to manage role assignments](../roles/groups-concept.md).
 
 For more information, see [License requirements](access-reviews-overview.md#license-requirements).

diff --git a/docs/id-governance/create-access-review.md b/docs/id-governance/create-access-review.md
@@ -10,7 +10,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.topic: how-to
 ms.subservice: compliance
-ms.date: 06/28/2023
+ms.date: 06/30/2023
 ms.author: owinfrey
 ms.reviewer: mwahl
 ms.collection: M365-identity-device-management
@@ -30,7 +30,8 @@ This article describes how to create one or more access reviews for group member
 
 ## Prerequisites
 
-- Azure AD Premium P2.
+- Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance licenses.  
+- Creating a review on [inactive user](review-recommendations-access-reviews.md#inactive-user-recommendations) and with [use-to-group affiliation](review-recommendations-access-reviews.md#user-to-group-affiliation) recommendations requires a Microsoft Entra ID Governance license.
 - Global administrator, User administrator, or Identity Governance administrator to create reviews on groups or applications.
 - Global administrators and Privileged Role administrators can create reviews on role-assignable groups. For more information, see [Use Azure AD groups to manage role assignments](../roles/groups-concept.md).
 - Microsoft 365 and Security group owner.
@@ -201,7 +202,7 @@ A multi-stage review allows the administrator to define two or three sets of rev
 
     ![Screenshot that shows duration and show previous stages setting enabled for multi-stage review.](./media/create-access-review/reveal-multi-stage-results-and-duration.png)
 
-1. The duration of each recurrence are set to the sum of the duration day(s) you specified in each stage.
+1. The duration of each recurrence is set to the sum of the duration day(s) you specified in each stage.
 
 1. Specify the **Review recurrence**, the **Start date**, and **End date** for the review. The recurrence type must be at least as long as the total duration of the recurrence (i.e., the max duration for a weekly review recurrence is 7 days).
 

diff --git a/docs/id-governance/create-lifecycle-workflow.md b/docs/id-governance/create-lifecycle-workflow.md
@@ -23,7 +23,8 @@ You can create and customize workflows for common scenarios by using templates,
 
 ## Prerequisites
 
-The preview of lifecycle workflows requires Azure Active Directory (Azure AD) Premium P2. For more information, see [License requirements](what-are-lifecycle-workflows.md#license-requirements).
+[!INCLUDE [Microsoft Entra ID Governance license](../../../includes/active-directory-entra-governance-license.md)]
+
 
 ## Create a lifecycle workflow by using a template in the Azure portal
 

diff --git a/docs/id-governance/customize-workflow-email.md b/docs/id-governance/customize-workflow-email.md
@@ -30,7 +30,7 @@ For more information on these customizable parameters, see [Common email task pa
 
 ## Prerequisites
 
-- Azure Active Directory (Azure AD) Premium P2. For more information, see [License requirements](what-are-lifecycle-workflows.md#license-requirements).
+[!INCLUDE [Microsoft Entra ID Governance license](../../../includes/active-directory-entra-governance-license.md)]
 
 ## Customize email by using the Azure portal
 

diff --git a/docs/id-governance/delete-lifecycle-workflow.md b/docs/id-governance/delete-lifecycle-workflow.md
@@ -22,7 +22,8 @@ When a workflow is deleted, it enters a soft-delete state. During this period, y
 
 ## Prerequisites
 
-The preview of lifecycle workflows requires Azure Active Directory (Azure AD) Premium P2. For more information, see [License requirements](what-are-lifecycle-workflows.md#license-requirements).
+[!INCLUDE [Microsoft Entra ID Governance license](../../../includes/active-directory-entra-governance-license.md)]
+
 
 ## Delete a workflow by using the Azure portal
 

diff --git a/docs/id-governance/entitlement-management-access-package-assignments.md b/docs/id-governance/entitlement-management-access-package-assignments.md
@@ -29,7 +29,7 @@ In entitlement management, you can see who has been assigned to access packages,
 To use entitlement management and assign users to access packages, you must have one of the following licenses:
 
 
-- Azure AD Premium P2
+- Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance
 - Enterprise Mobility + Security (EMS) E5 license
 
 ## View who has an assignment

diff --git a/docs/id-governance/entitlement-management-access-package-auto-assignment-policy.md b/docs/id-governance/entitlement-management-access-package-auto-assignment-policy.md
@@ -32,6 +32,10 @@ This article describes how to create an access package automatic assignment poli
 
 You'll need to have attributes populated on the users who will be in scope for being assigned access.  The attributes you can use in the rules criteria of an access package assignment policy are those attributes listed in [supported properties](../enterprise-users/groups-dynamic-membership.md#supported-properties), along with [extension attributes and custom extension properties](../enterprise-users/groups-dynamic-membership.md#extension-properties-and-custom-extension-properties).  These attributes can be brought into Azure AD from [Graph](/graph/api/resources/user), an HR system such as [SuccessFactors](../app-provisioning/sap-successfactors-integration-reference.md), [Azure AD Connect cloud sync](../cloud-sync/how-to-attribute-mapping.md) or [Azure AD Connect sync](../hybrid/how-to-connect-sync-feature-directory-extensions.md).  The rules can include up to 5000 users per policy.
 
+## License requirements
+
+[!INCLUDE [active-directory-entra-governance-license.md](../../../includes/active-directory-entra-governance-license.md)]
+
 ## Create an automatic assignment policy (Preview)
 
 To create a policy for an access package, you need to start from the access package's policy tab. Follow these steps to create a new policy for an access package.

diff --git a/docs/id-governance/entitlement-management-access-package-first.md b/docs/id-governance/entitlement-management-access-package-first.md
@@ -45,7 +45,7 @@ This rest of this article uses the Azure portal to configure and demonstrate ent
 
 To use entitlement management, you must have one of the following licenses:
 
-- Azure AD Premium P2
+- Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance
 - Enterprise Mobility + Security (EMS) E5 license
 
 For more information, see [License requirements](entitlement-management-overview.md#license-requirements).
@@ -84,7 +84,7 @@ An *access package* is a bundle of resources that a team or project needs and is
 
 1. In the left menu, select **Identity Governance**
 
-1. In the left menu, select **Access packages**.  If you see **Access denied**, ensure that an Azure AD Premium P2 license is present in your directory.
+1. In the left menu, select **Access packages**.  If you see **Access denied**, ensure that a Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance license is present in your directory.
 
 1. Select **New access package**.
 

diff --git a/docs/id-governance/entitlement-management-access-package-incompatible.md b/docs/id-governance/entitlement-management-access-package-incompatible.md
@@ -42,7 +42,7 @@ If you’ve been using Microsoft Identity Manager or other on-premises identity
 
 To use entitlement management and assign users to access packages, you must have one of the following licenses:
 
-- Azure AD Premium P2
+- Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance
 - Enterprise Mobility + Security (EMS) E5 license
 
 ## Configure another access package or group membership as incompatible for requesting access to an access package

diff --git a/docs/id-governance/entitlement-management-access-reviews-create.md b/docs/id-governance/entitlement-management-access-reviews-create.md
@@ -27,7 +27,7 @@ To reduce the risk of stale access, you should enable periodic reviews of users
 ## Prerequisites
 
 To enable reviews of access packages, you must meet the prerequisites for creating an access package:
-- Azure AD Premium P2
+- Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance
 - Global administrator, Identity Governance administrator, User administrator, Catalog owner, or Access package manager
 
 For more information, see [License requirements](entitlement-management-overview.md#license-requirements).

diff --git a/docs/id-governance/entitlement-management-access-reviews-review-access.md b/docs/id-governance/entitlement-management-access-reviews-review-access.md
@@ -27,7 +27,7 @@ Entitlement management simplifies how enterprises manage access to groups, appli
 ## Prerequisites
 
 To review users' active access package assignments, the creator of a review must satisfy these prerequisites:
-- Azure AD Premium P2
+- Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance
 - Global administrator, Identity Governance administrator, or User administrator
 
 For more information, see [License requirements](entitlement-management-overview.md#license-requirements).

diff --git a/docs/id-governance/entitlement-management-group-licenses.md b/docs/id-governance/entitlement-management-group-licenses.md
@@ -28,7 +28,7 @@ In this tutorial, you play the role of an IT administrator for Woodgrove Bank. Y
 
 To use entitlement management, you must have one of these licenses:
 
-- Azure AD Premium P2
+- Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance
 - Enterprise Mobility + Security (EMS) E5
 
 For more information, see [License requirements](entitlement-management-overview.md#license-requirements).

diff --git a/docs/id-governance/entitlement-management-logic-apps-integration.md b/docs/id-governance/entitlement-management-logic-apps-integration.md
@@ -43,6 +43,11 @@ Entitlement management use cases that can be integrated with Logic Apps include
 
 These triggers to Logic Apps are controlled in a tab within access package policies called **Rules**. Additionally, a **Custom Extensions** tab on the Catalog page shows all added Logic Apps extensions for a given Catalog. This article describes how to create and add logic apps to catalogs and access packages in entitlement management. 
 
+## License requirements
+
+[!INCLUDE [active-directory-entra-governance-license.md](../../../includes/active-directory-entra-governance-license.md)]
+
+
 ## Create and add a Logic App workflow to a catalog for use in entitlement management 
 
 **Prerequisite roles:** Global administrator, Identity Governance administrator, Catalog owner or Resource Group Owner 

diff --git a/docs/id-governance/entitlement-management-onboard-external-user.md b/docs/id-governance/entitlement-management-onboard-external-user.md
@@ -25,7 +25,7 @@ In this tutorial, you work for WoodGrove Bank as an IT administrator. You’ve b
 Approval is needed by an internal sponsor for collaborating organizations. Also, you've been informed that the partner's access needs to expire after 60 days.
 To use entitlement management, you must have one of the following licenses:
 
-- Azure AD Premium P2
+- Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance
 - Enterprise Mobility + Security (EMS) E5 license
 
 For more information, see [License requirements](entitlement-management-overview.md#license-requirements).
@@ -38,7 +38,7 @@ For more information, see [License requirements](entitlement-management-overview
 
 2. In the left menu, select **Identity Governance**.
 
-3. In the left menu, select **Access packages**. If you see Access denied, ensure that an Azure AD Premium P2 license is present in your directory.
+3. In the left menu, select **Access packages**. If you see Access denied, ensure that a Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance license is present in your directory.
 
 4. Select **New access package**.
 

diff --git a/docs/id-governance/entitlement-management-overview.md b/docs/id-governance/entitlement-management-overview.md
@@ -138,25 +138,25 @@ To better understand entitlement management and its documentation, you can refer
 
 ## License requirements
 
-[!INCLUDE [Azure AD Premium P2 license](../../../includes/active-directory-p2-license.md)]
+[!INCLUDE [active-directory-p2-governance-license.md](../../../includes/active-directory-p2-governance-license.md)]
 
 ### How many licenses must you have?
 
-Ensure that your directory has at least as many Azure AD Premium P2 licenses as you have:
+Ensure that your directory has at least as many Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance licenses as you have:
 
 - Member users who *can* request an access package.
 - Member users who *request* an access package.
 - Member users who *approve requests* for an access package.
 - Member users who *review assignments* for an access package.
 - Member users who have a *direct assignment* or an *automatic assignment* to an access package.
 
-For guest users, licensing needs will depend on the [licensing model](../external-identities/external-identities-pricing.md) you’re using. However, the below guest users’ activities are considered Azure AD Premium P2 usage:
+For guest users, licensing needs will depend on the [licensing model](../external-identities/external-identities-pricing.md) you’re using. However, the below guest users’ activities are considered Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance usage:
 - Guest users who *request* an access package.
 - Guest users who *approve requests* for an access package.
 - Guest users who *review assignments* for an access package.
 - Guest users who have a *direct assignment* to an access package.
 
-Azure AD Premium P2 licenses are **not** required for the following tasks:
+Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance licenses are **not** required for the following tasks:
 
 - No licenses are required for users with the Global Administrator role who set up the initial catalogs, access packages, and policies, and delegate administrative tasks to other users.
 - No licenses are required for users who have been delegated administrative tasks, such as catalog creator, catalog owner, and access package manager.

diff --git a/docs/id-governance/entitlement-management-reprocess-access-package-assignments.md b/docs/id-governance/entitlement-management-reprocess-access-package-assignments.md
@@ -33,7 +33,7 @@ This article describes how to reprocess assignments in an existing access packag
 
 To use entitlement management and assign users to access packages, you must have one of the following licenses:
 
-- Azure AD Premium P2
+- Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance
 - Enterprise Mobility + Security (EMS) E5 license
 
 ## Open an existing access package and reprocess user assignments

diff --git a/docs/id-governance/entitlement-management-reprocess-access-package-requests.md b/docs/id-governance/entitlement-management-reprocess-access-package-requests.md
@@ -32,7 +32,7 @@ This article describes how to reprocess requests for an existing access package.
 
 To use entitlement management and assign users to access packages, you must have one of the following licenses:
 
-- Azure AD Premium P2
+- Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance
 - Enterprise Mobility + Security (EMS) E5 license
 
 ## Open an existing access package and reprocess user requests

diff --git a/docs/id-governance/entitlement-management-troubleshoot.md b/docs/id-governance/entitlement-management-troubleshoot.md
@@ -26,9 +26,9 @@ This article describes some items you should check to help you troubleshoot enti
 
 ## Administration
 
-* If you get an access denied message when configuring entitlement management, and you're a Global administrator, ensure that your directory has an [Azure AD Premium P2 (or EMS E5) license](entitlement-management-overview.md#license-requirements).  If you've recently renewed an expired Azure AD Premium P2 subscription, then it may take 8 hours for this license renewal to be visible.
+* If you get an access denied message when configuring entitlement management, and you're a Global administrator, ensure that your directory has an [Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance (or EMS E5) license](entitlement-management-overview.md#license-requirements).  If you've recently renewed an expired Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance subscription, then it may take 8 hours for this license renewal to be visible.
 
-* If your tenant's Azure AD Premium P2 license has expired, then you won't be able to process new access requests or perform access reviews.  
+* If your tenant's Microsoft Azure AD Premium P2 or Microsoft Entra ID Governance license has expired, then you won't be able to process new access requests or perform access reviews.  
 
 * If you get an access denied message when creating or viewing access packages, and you're a member of a Catalog creator group, you must [create a catalog](entitlement-management-catalog-create.md) prior to creating your first access package.
 

diff --git a/docs/id-governance/entitlement-management-verified-id-settings.md b/docs/id-governance/entitlement-management-verified-id-settings.md
@@ -32,8 +32,14 @@ This article describes how to configure the verified ID requirement settings for
 
 Before you begin, you must set up your tenant to use the [Microsoft Entra Verified ID service](../verifiable-credentials/decentralized-identifier-overview.md). You can find detailed instructions on how to do that here: [Configure your tenant for Microsoft Entra Verified ID](../verifiable-credentials/verifiable-credentials-configure-tenant.md). 
 
+
+## License requirements
+
+[!INCLUDE [active-directory-entra-governance-license.md](../../../includes/active-directory-entra-governance-license.md)]
+
 ## Create an access package with verified ID requirements
 
+
 To add a verified ID requirement to an access package, you must start from the access package’s requests tab. Follow these steps to add a verified ID requirement to a new access package.