Azure · jtracey93 · Aug 31, 2023 · Aug 28, 2023 · Aug 28, 2023 · Aug 28, 2023
@@ -1,3 +1,3 @@
 # This page has moved to our Wiki
 
-Please refer to [Configure Azure Active Directory permissions for Service Principal](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Setup-aad-permissions)
+Please refer to [Configure Microsoft Entra permissions for Service Principal](https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Setup-aad-permissions)
@@ -36,8 +36,8 @@ Networking:
 
 IAM
 
-1) Create Azure AD Group for Subscriptions access
-2) Create Azure AD PIM Entitlement for the scope
+1) Create Microsoft Entra Group for Subscriptions access
+2) Create Microsoft Entra PIM Entitlement for the scope
 
 # File -> New -> Sandbox
 

@@ -31,9 +31,9 @@ A custom ESLZ Policy Initiative specifically fo SQL Databases helps implement fo
 
 ### Encrypt SQL data at rest
 
-SQL database and its backups are prone to risks of getting into hands of malicious actors. It's very easy to restore SQL database from either database files or backup. Without proper defence system in place, malicious actors can have access to all the data.
+SQL database and its backups are prone to risks of getting into hands of malicious actors. It's very easy to restore SQL database from either database files or backup. Without proper defense system in place, malicious actors can have access to all the data.
 
-Ensuring that SQL database is encrypted at rest is one of the first steps towards building SQL database defence strategy. Azure SQL database Transparent Data Encryption (TDE) ensures that data is encrypted at rest without needing any application code level change.
+Ensuring that SQL database is encrypted at rest is one of the first steps towards building SQL database defense strategy. Azure SQL database Transparent Data Encryption (TDE) ensures that data is encrypted at rest without needing any application code level change.
 
 A SQL database with TDE enabled makes it hard for malicious actors to get access to data it holds even if its compromised.
 
@@ -161,7 +161,7 @@ Inability to identify and visualize relationship between Azure platform, Azure s
 
 Azure Monitor Logs along with Azure Log Analytics Workspace help enterprises in dealing with critical conditions using Alerts. Combined together, Azure Monitor Logs and Log Analytics Workspace, empower enterprises to visualize and interact with rich set of log information through dashboards, workbooks and Power BI. Enterprises can use Azure Monitor Logs and Log Analytics Workspace together to configure auto-scaling on VMs to automatically adding or removing instances.
 
-A custom ESLZ policy helps in configuring Log Analytics Workspace with Azure Monitor. This policy deploys pre-packaged dashboard reports referred as Azure Monitor Solutions for specific Azure services such as Azure SQL Database or Azure Active Directory. It also configures data sources such as Linux and Windows VM Performance metrics with Azure Monitor.
+A custom ESLZ policy helps in configuring Log Analytics Workspace with Azure Monitor. This policy deploys pre-packaged dashboard reports referred as Azure Monitor Solutions for specific Azure services such as Azure SQL Database or Microsoft Entra ID. It also configures data sources such as Linux and Windows VM Performance metrics with Azure Monitor.
 
 ## Enable Log Storage and Querying
 

@@ -22,7 +22,7 @@ If the business requirements change over time, the architecture allows for creat
 
 ## Pre-requisites
 
-To deploy this ARM template, your user/service principal must have Owner permission at the Azure Active Directory Tenant root. See the following [instructions](https://learn.microsoft.com/azure/role-based-access-control/elevate-access-global-admin) on how to grant access before you proceed.
+To deploy this ARM template, your user/service principal must have Owner permission at the Microsoft Entra Tenant root. See the following [instructions](https://learn.microsoft.com/azure/role-based-access-control/elevate-access-global-admin) on how to grant access before you proceed.
 
 ## Optional pre-requisites
 

@@ -1,16 +1,16 @@
-# Configure Azure Active Directory permissions for Service Principal
+# Configure Microsoft Entra ID permissions for Service Principal
 
-This article will guide you through the process to add your AzOps service principal to the  Azure Active Directory [Directory Readers](https://learn.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles) role.
+This article will guide you through the process to add your AzOps service principal to the  Microsoft Entra ID [Directory Readers](https://learn.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles) role.
 
-> Note: The steps below requires you to use an identity that is local to the Azure AD, and **_not_** a Guest user account due to known restrictions.
+> Note: The steps below requires you to use an identity that is local to the Microsoft Entra ID, and **_not_** a Guest user account due to known restrictions.
 
-The service principal used by the Enterprise-Scale reference implementation requires Azure AD directory reader permissions to be able to discover Azure role assignments. These permissions are used to enrich data around the role assignments with additional Azure AD context such as ObjectType and Azure AD Object DisplayName.
+The service principal used by the Enterprise-Scale reference implementation requires Microsoft Entra directory reader permissions to be able to discover Azure role assignments. These permissions are used to enrich data around the role assignments with additional Microsoft Entra context such as ObjectType and Microsoft Entra Object DisplayName.
 
 ## Add service principal to directory role via Azure Portal (Option 1)
 
-1.1 Sign in to the Azure portal or the Azure Active Directory admin center as a Global Administrator. If you are using Azure AD Privileged Identity Management, activate your Global Administrator role assignment.
+1.1 Sign in to the Azure portal or the Microsoft Entra admin center as a Global Administrator. If you are using Microsoft Entra Privileged Identity Management, activate your Global Administrator role assignment.
 
-1.2 Open Azure Active Directory.
+1.2 Open Microsoft Entra ID.
 
 1.3 Under _Manage_ > _Roles and administrators_, select _Directory readers_.
 ![alt](./media/aad-rolesandadministrators.png)
@@ -19,11 +19,11 @@ The service principal used by the Enterprise-Scale reference implementation requ
 
 ![alt](./media/directory-reader.png)
 
-> Note: In case you are using Azure AD Privileged Identity management, ensure you add the service principal to the role with a permanent assignment.
+> Note: In case you are using Microsoft Entra Privileged Identity management, ensure you add the service principal to the role with a permanent assignment.
 
 ## Add service principal to directory role with Azure AD PowerShell (Option 2)
 
-Ensure that you have the [AzureAD PowerShell module installed on your machine](https://learn.microsoft.com/powershell/module/azuread/?view=azureadps-2.0) and that you have connected to Azure AD with the [Connect-AzureAD](https://learn.microsoft.com/powershell/module/azuread/connect-azuread?view=azureadps-2.0) cmdlet.
+Ensure that you have the [AzureAD PowerShell module installed on your machine](https://learn.microsoft.com/powershell/module/azuread/?view=azureadps-2.0) and that you have connected to Microsoft Entra ID with the [Connect-AzureAD](https://learn.microsoft.com/powershell/module/azuread/connect-azuread?view=azureadps-2.0) cmdlet.
 
 
 ````powershell
@@ -49,14 +49,14 @@ if (-not (Get-AzureADServicePrincipal -Filter "DisplayName eq '$ADServicePrincip
 else { 
     Write-Host "$ADServicePrincipal exist" -ForegroundColor 'Green'
     $ServicePrincipal = Get-AzureADServicePrincipal -Filter "DisplayName eq '$ADServicePrincipal'"
-    #Get Azure AD Directory Role
+    #Get Microsoft Entra Directory Role
     $DirectoryRole = Get-AzureADDirectoryRole -Filter "DisplayName eq 'Directory Readers'"
     #Add service principal to Directory Role
     Add-AzureADDirectoryRoleMember -ObjectId $DirectoryRole.ObjectId -RefObjectId $ServicePrincipal.ObjectId
 }
 ````
 
-Please note, it may take up to 15-30 minutes for permission to propagate in Azure AD.
+Please note, it may take up to 15-30 minutes for permission to propagate in Microsoft Entra ID.
 
 ## Next steps
 

@@ -2,19 +2,19 @@
 
 This article will guide you through the process of configuring permissions in your Azure environment to enable ARM tenant level deployments.
 
-> Note: The steps below require you to use an identity that is local to the Azure AD, and **_not_** Guest user account due to known restrictions.
+> Note: The steps below require you to use an identity that is local to the Microsoft Entra ID, and **_not_** Guest user account due to known restrictions.
 
-Enterprise-Scale reference implementation requires permission at tenant root scope "/" to be able to configure Management Group and create/move subscription. In order to grant permission at tenant root scope "/", users in "AAD Global Administrators" group can temporarily elevate access, to manage all Azure resources in the directory.
+Enterprise-Scale reference implementation requires permission at tenant root scope "/" to be able to configure Management Group and create/move subscription. In order to grant permission at tenant root scope "/", users in "Microsoft Entra Global Administrators" group can temporarily elevate access, to manage all Azure resources in the directory.
 
 Once the User Access Administrator (UAA) role is enabled, a UAA can grant **_other users and service principals_** within organization to deploy/manage Enterprise-Scale reference implementation by granting "Owner" permission at tenant root scope "/".
 
-Once permission is granted to other **users and service principals**, you can safely disable "User Access Administrator" permission for the "AAD Global Administrator" users. For more information please follow this article [elevated account permissions](https://learn.microsoft.com/azure/role-based-access-control/elevate-access-global-admin)
+Once permission is granted to other **users and service principals**, you can safely disable "User Access Administrator" permission for the "Microsoft Entra Global Administrator" users. For more information please follow this article [elevated account permissions](https://learn.microsoft.com/azure/role-based-access-control/elevate-access-global-admin)
 
 ## 1. Elevate Access to manage Azure resources in the directory
 
-1.1 Sign in to the Azure portal or the Azure Active Directory admin center as a Global Administrator. If you are using Azure AD Privileged Identity Management, activate your Global Administrator role assignment.
+1.1 Sign in to the Azure portal or the Microsoft Entra admin center as a Global Administrator. If you are using Microsoft Entra Privileged Identity Management, activate your Global Administrator role assignment.
 
-1.2 Open Azure Active Directory.
+1.2 Open Microsoft Entra ID.
 
 1.3 Under _Manage_, select _Properties_.
 ![alt](https://learn.microsoft.com/azure/role-based-access-control/media/elevate-access-global-admin/azure-active-directory-properties.png)
@@ -25,7 +25,7 @@ Once permission is granted to other **users and service principals**, you can sa
 
 ## 2. Grant Access to User and/or Service principal at root scope "/" to deploy Enterprise-Scale reference implementation
 
-Please ensure you are logged in as a user with UAA role enabled in AAD tenant and logged in user is not a guest user.
+Please ensure you are logged in as a user with UAA role enabled in Microsoft Entra tenant and logged in user is not a guest user.
 
 Bash
 

@@ -10,7 +10,7 @@ Please refer to [Trey Research reference implementation](https://github.com/Azur
 
 ### Required Permissions
 
-To provision Azure landing zone portal accelerator in your environment, **your user/service principal must have Owner permission at the Azure Active Directory Tenant root**.
+To provision Azure landing zone portal accelerator in your environment, **your user/service principal must have Owner permission at the Microsoft Entra Tenant root**.
 Refer to these [instructions](./Deploying-Enterprise-Scale-Pre-requisites) on how to grant access before you proceed.
 
 ### Subscriptions

@@ -4,7 +4,7 @@ This section will describe how to deploy an the Azure landing zone portal accele
 
 ## 1. Pre-requisites
 
-To provision your Azure landing zones environment with the deployment experience in the Azure portal, your user/service principal must have Owner permission at the Azure Active Directory Tenant root. See the following [instructions](./Deploying-Enterprise-Scale-Pre-requisites) on how to grant access before you proceed.
+To provision your Azure landing zones environment with the deployment experience in the Azure portal, your user/service principal must have Owner permission at the Microsoft Entra Tenant root. See the following [instructions](./Deploying-Enterprise-Scale-Pre-requisites) on how to grant access before you proceed.
 
 ### Optional pre-requisites
 

@@ -4,7 +4,7 @@ This section will describe how to deploy the Azure landing zone portal accelerat
 
 ## 1. Pre-requisites
 
-To provision your Azure environment with the deployment experience in the Azure portal, your user/service principal must have Owner permission at the Azure Active Directory Tenant root. See the following [instructions](./Deploying-Enterprise-Scale-Pre-requisites) on how to grant access before you proceed.
+To provision your Azure environment with the deployment experience in the Azure portal, your user/service principal must have Owner permission at the Microsoft Entra Tenant root. See the following [instructions](./Deploying-Enterprise-Scale-Pre-requisites) on how to grant access before you proceed.
 
 ### Optional pre-requisites
 

@@ -6,7 +6,7 @@ Enterprise-Scale can bootstrap an entire Azure tenant without any infrastructure
 
 This requires the following:
 
-*    A user that is Global Admin in the Azure Active Directory
+*    A user that is Global Admin in the Microsoft Entra ID
 
 *   Elevation of privileges of this user which grants him/her the “User Access Administrator” permission at the tenant root scope
 
@@ -16,7 +16,7 @@ This requires the following:
 
 1.1  Sign into the Azure portal as a user being Global Administrator
 
-1.2  Open Azure Active Directory
+1.2  Open Microsoft Entra ID
 
 1.3  Under *Manage*, select *Properties
 

@@ -4,7 +4,7 @@ This section will describe how to deploy Azure landing zone portal accelerator w
 
 ## 1. Pre-requisites
 
-To provision your Azure environment with the deployment experience in the Azure portal, your user/service principal must have Owner permission at the Azure Active Directory Tenant root. See the following [instructions](./Deploying-Enterprise-Scale-Pre-requisites) on how to grant access before you proceed.
+To provision your Azure environment with the deployment experience in the Azure portal, your user/service principal must have Owner permission at the Microsoft Entra ID Tenant root. See the following [instructions](./Deploying-Enterprise-Scale-Pre-requisites) on how to grant access before you proceed.
 
 ### Optional pre-requisites
 

@@ -17,7 +17,7 @@ Azure landing zone portal accelerator can bootstrap an entire Azure tenant witho
 
 This requires the following:
 
-*    A user that is Global Admin in the Azure Active Directory
+*    A user that is Global Admin in the Microsoft Entra ID
 
 *   Elevation of privileges of this user which grants him/her the “User Access Administrator” permission at the tenant root scope
 
@@ -27,7 +27,7 @@ This requires the following:
 
 1.1  Sign into the Azure portal as a user being Global Administrator
 
-1.2  Open Azure Active Directory
+1.2  Open Microsoft Entra ID
 
 1.3  Under *Manage*, select *Properties
 

@@ -125,7 +125,7 @@ Stay tuned to our [What's New page](https://github.com/Azure/Enterprise-Scale/wi
 
 ## What happens if I have existing Management Groups that have the same Name/IDs as ones that will be deployed in the ALZ Portal Accelerator?
 
-As raised in issue [#1080](https://github.com/Azure/Enterprise-Scale/issues/1080) it is possible for you to deploy the ALZ Portal Accelerator in a AAD Tenant with existing Management Groups. If these existing Management Groups have the same Name/ID (not Display Name) as the ones deployed as part of the ALZ Portal Accelerator these existing Management Groups will be targeted in the deployment and brought into the ALZ hierarchy and deployment. This means that the Management Groups will be:
+As raised in issue [#1080](https://github.com/Azure/Enterprise-Scale/issues/1080) it is possible for you to deploy the ALZ Portal Accelerator in a Microsoft Entra Tenant with existing Management Groups. If these existing Management Groups have the same Name/ID (not Display Name) as the ones deployed as part of the ALZ Portal Accelerator these existing Management Groups will be targeted in the deployment and brought into the ALZ hierarchy and deployment. This means that the Management Groups will be:
 
 - Display Name will be changed to ALZ default for that Management Group
 - Moved into the ALZ Management Group hierarchy