Merge pull request #25749 from microsoftgraph/main

Merge to publish.

Author: Lauragra

api-reference/beta/api/accesspackage-list-accesspackageresourcerolescopes.md

@@ -1,6 +1,6 @@
 ---
 title: "List accessPackageResourceRoleScopes"
-description: "Retrieve a list of accesspackageresourcerolescope objects."
+description: "Retrieve an access package with a list of accessPackageResourceRoleScope objects."
 ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"

api-reference/beta/api/accesspackagecatalog-list-accesspackageresourceroles.md

@@ -1,6 +1,6 @@
 ---
 title: "List accessPackageResourceRoles"
-description: "Retrieve a list of accessPackageResourceRole objects."
+description: "Retrieve a list of accessPackageResourceRole objects of an accessPackageResource in an accessPackageCatalog."
 ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"
@@ -132,9 +132,9 @@ Content-type: application/json
 }
 ```
 
-### Example 2: Retrieve the roles of a resource for a SharePoint Online site
+### Example 2: Retrieve the roles of a resource for a SharePoint site
 
-This is an example of retrieving the roles of a resource, to obtain the **originId** of each role.  This would be used after a SharePoint Online site has been added as a resource to the catalog, as the **originId** of a SharePoint site role, the sequence number of the role in the site, is needed to add the role to an access package.
+The following example shows how to retrieve the roles of a resource, to obtain the **originId** of each role. This would be used after a SharePoint site has been added as a resource to the catalog, as the **originId** of a SharePoint site role, the sequence number of the role in the site, is needed to add the role to an access package.
 
 #### Request
 
@@ -188,7 +188,7 @@ GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
 
 #### Response
 
-The following example shows the response.  The **displayName** is the same as shown in the SharePoint Online view of a site, and the **originId** is the underlying identifier established by SharePoint Online for the role.
+The following example shows the response. The **displayName** is the same as shown in the SharePoint view of a site, and the **originId** is the underlying identifier established by SharePoint for the role.
 
 > **Note:** The response object shown here might be shortened for readability.
 

api-reference/beta/api/accesspackagecatalog-list-accesspackageresources.md

@@ -1,6 +1,6 @@
 ---
 title: "List accessPackageResources"
-description: "Retrieve a list of accesspackageresource objects."
+description: "Retrieve a list of accessPackageResource objects in an accessPackageCatalog."
 ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"

api-reference/beta/api/authorizationpolicy-get.md

@@ -25,6 +25,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "authorizationpolicy_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/authorizationpolicy-get-permissions.md)]
 
+[!INCLUDE [rbac-authorization-policy-apis-read](../includes/rbac-for-apis/rbac-authorization-policy-apis-read.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->

api-reference/beta/api/authorizationpolicy-update.md

@@ -25,7 +25,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "authorizationpolicy_update" } -->
 [!INCLUDE [permissions-table](../includes/permissions/authorizationpolicy-update-permissions.md)]
 
-For delegated scenarios, the user needs to have the *Privileged Role Administrator* [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).
+[!INCLUDE [rbac-authorization-policy-apis-update](../includes/rbac-for-apis/rbac-authorization-policy-apis-update.md)]
 
 ## HTTP request
 

api-reference/beta/api/deviceregistrationpolicy-get.md

@@ -22,12 +22,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "deviceregistrationpolicy_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/deviceregistrationpolicy-get-permissions.md)]
 
-When calling on behalf of a user, the user needs to belong to the following [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json):
-+ Global Reader
-+ Cloud Device Administrator
-+ Intune Administrator
-+ Windows 365 Administrator
-+ Directory Reviewer
+[!INCLUDE [rbac-device-registration-policy-apis-read](../includes/rbac-for-apis/rbac-device-registration-policy-apis-read.md)]
 
 ## HTTP request
 

api-reference/beta/api/deviceregistrationpolicy-update.md

@@ -21,7 +21,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "deviceregistrationpolicy_update" } -->
 [!INCLUDE [permissions-table](../includes/permissions/deviceregistrationpolicy-update-permissions.md)]
 
-When calling on behalf of a user, the user needs the *Cloud Device Administrator* [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).
+[!INCLUDE [rbac-device-registration-policy-apis-update](../includes/rbac-for-apis/rbac-device-registration-policy-apis-update.md)]
 
 ## HTTP request
 

api-reference/beta/api/entitlementmanagement-list-accesspackageassignmentpolicies.md

@@ -1,6 +1,6 @@
 ---
 title: "List accessPackageAssignmentPolicies"
-description: "Retrieve a list of accessPackageAssignmentPolicy objects."
+description: "Retrieve a list of accessPackageAssignmentPolicy objects in Microsoft Entra entitlement management."
 ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"
@@ -13,7 +13,7 @@ Namespace: microsoft.graph
 
 [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
 
-In [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md), retrieve a list of [accessPackageAssignmentPolicy](../resources/accesspackageassignmentpolicy.md) objects. If the delegated user is in a directory role, the resulting list includes all the assignment policies that the caller has access to read, across all catalogs and access packages.  If the delegated user is an access package manager or catalog owner, they should instead retrieve the policies for the access packages they can read with [list accessPackages](entitlementmanagement-list-accesspackages.md) by including `$expand=accessPackageAssignmentPolicies` in the query.
+Retrieve a list of [accessPackageAssignmentPolicy](../resources/accesspackageassignmentpolicy.md) objects in [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md). If the delegated user is in a directory role, the resulting list includes all the assignment policies that the caller has access to read, across all catalogs and access packages.  If the delegated user is an access package manager or catalog owner, they should instead retrieve the policies for the access packages they can read with [list accessPackages](entitlementmanagement-list-accesspackages.md) by including `$expand=accessPackageAssignmentPolicies` in the query.
 
 [!INCLUDE [national-cloud-support](../../includes/global-us.md)]
 

api-reference/beta/api/entitlementmanagement-list-accesspackageassignments.md

@@ -1,6 +1,6 @@
 ---
 title: "List accessPackageAssignments"
-description: "Retrieve a list of accesspackageassignment objects."
+description: "Retrieve a list of accessPackageAssignment objects in Microsoft Entra entitlement management."
 ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"
@@ -13,7 +13,7 @@ Namespace: microsoft.graph
 
 [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
 
-In [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md), retrieve a list of [accessPackageAssignment](../resources/accesspackageassignment.md) objects. For directory-wide administrators, the resulting list includes all the assignments, current and well as expired, that the caller has access to read, across all catalogs and access packages.  If the caller is on behalf of a delegated user who is assigned only to catalog-specific delegated administrative roles, the request must supply a filter to indicate a specific access package, such as: `$filter=accessPackage/id eq 'a914b616-e04e-476b-aa37-91038f0b165b'`.
+Retrieve a list of [accessPackageAssignment](../resources/accesspackageassignment.md) objects in [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md). For directory-wide administrators, the resulting list includes all the assignments, current and well as expired, that the caller has access to read, across all catalogs and access packages.  If the caller is on behalf of a delegated user who is assigned only to catalog-specific delegated administrative roles, the request must supply a filter to indicate a specific access package, such as: `$filter=accessPackage/id eq 'a914b616-e04e-476b-aa37-91038f0b165b'`.
 
 
 [!INCLUDE [national-cloud-support](../../includes/global-us.md)]

api-reference/beta/api/entitlementmanagement-post-accesspackageassignmentpolicies.md

@@ -1,6 +1,6 @@
 ---
 title: "Create accessPackageAssignmentPolicy"
-description: "Use this API to create a new accessPackageAssignmentPolicy."
+description: "Create a new accessPackageAssignmentPolicy object in Microsoft Entra entitlement management."
 ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"
@@ -13,7 +13,7 @@ Namespace: microsoft.graph
 
 [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
 
-In [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md), create a new [accessPackageAssignmentPolicy](../resources/accesspackageassignmentpolicy.md) object.
+Create a new [accessPackageAssignmentPolicy](../resources/accesspackageassignmentpolicy.md) object in [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md).
 
 [!INCLUDE [national-cloud-support](../../includes/global-us.md)]