apply build review comments

Author: cebundy

docs/pipelines/policies/agent-pool-permissions.md

@@ -1,5 +1,5 @@
 ---
-title: Configure Agent Pool Security in Azure Pipelines
+title: Configure agent pool security in Azure Pipelines
 ms.topic: how-to
 description: Configure agent pool security in Azure Pipelines.
 ms.author: v-catherbund
@@ -112,7 +112,11 @@ To configure security roles for all agent pools in the collection:
 
 1. Go to **Organization settings** ::::image type="icon" source="../../media/icons/team-settings-gear-icon.png" border="false"::: and select **Agent pools**.
 1. Select an agent pool.
+
 1. Select **Security**. 
+
+    :::image type="content" source="media\agent-pools-organization-level-security-dialog.png" alt-text="Screenshot of organization-level security dialog for all agent pools.":::
+
 1. To add users and groups:
     1. Select **Add**
     1. Enter a user or group and select it from the search results.
@@ -154,6 +158,7 @@ To configure security roles for all agent pools in the collection:
     1. Repeat the previous step to add more users and groups.
     1. Select a role and select **Add**. 
 
+    
         :::image type="content" source="media/agent-pool-add-user.png" alt-text="Screenshot of add user dialog for all agent pools.":::
 
 1. To remove a user or group from the list, select the user or group and select the delete button:::image type="icon" source="../../media/icons/delete-icon.png" border="false":::. Inheritance must be turned off or the user or group must not be inherited from the project-level security settings.
@@ -185,6 +190,7 @@ To configure security roles for all agent pools in the collection:
     1. Repeat the previous step to add more users and groups.
     1. Select a role and select **Add**.
 
+        
         :::image type="content" source="media/agent-pool-add-user.png" alt-text="Screenshot of collection-level add user dialog.":::
 
 1. To remove a user or group, select the user or group and select the delete button:::image type="icon" source="../../media/icons/delete-icon.png" border="false":::. 
@@ -217,7 +223,9 @@ To configure security roles for all agent pools in the collection:
     1. Enter a user or group and select it from the search results.
     1. Repeat the previous step to add more users and groups.
     1. Select a role and select **Add**.
+        
         :::image type="content" source="media/agent-pool-add-user.png" alt-text="Screenshot of collection-level add user dialog.":::
+
 1. To remove a user or group from the list, select the user or group and select the delete button:::image type="icon" source="../../media/icons/delete-icon.png" border="false":::. 
 
 1. To change a security role, select the user or group and select the role from the dropdown list.
@@ -235,14 +243,18 @@ The security roles at this level are **Reader**, **Service Account**, and **Admi
 To configure security roles for all agent pools in the collection:
 
 1. Go to **Collection settings** ::::image type="icon" source="../../media/icons/team-settings-gear-icon.png" border="false"::: and select **Agent pools**.
+
 1. Select an agent pool.
+
 1. Select the **Roles** tab. 
 1. To add users and groups:
     1. Select **Add**
     1. Enter a user or group and select it from the search results.
     1. Repeat the previous step to add more users and groups.
     1. Select a role and select **Add**.
+    
         :::image type="content" source="media/agent-pool-add-user.png" alt-text="Screenshot of collection-level add user dialog."::: 
+
 1. To remove a user or group from the list, select the user or group and select the delete button:::image type="icon" source="../../media/icons/delete-icon.png" border="false":::. 
 1. To change a security role, select the user or group and select the role from the dropdown list.
 1. Select the **Save changes** button:::image type="icon" source="media/save-icon.png" border="false"::: to save your changes or the **Reset changes** button:::image type="icon" source="media/reset-icon.png" border="false"::: to revert unsaved changes.
@@ -284,6 +296,7 @@ You can override project-level user and group role assignments, and set pipeline
 To open the security dialog:
 
 1. From your project, select **Project settings** :::image type="icon" source="../../media/icons/team-settings-gear-icon.png" border="false"::: and select **Agent pools**.
+
 1. Select an agent pool.
 1. Select **Security**.
 
@@ -322,6 +335,7 @@ When you explicitly set a role, the inheritance for that user or group is turned
 To add project users or groups that aren't listed in the security dialog:
 
 1. Select the **Add** button.
+
 1. Enter the user or group in the search bar, then select the user or group from the search result. You can add multiple users and groups.
 1. Select the **Role**.
 1. Select **Add** to save the changes.
@@ -356,6 +370,7 @@ When you explicitly set a role, the inheritance for that user or group is turned
 To add project users or groups that aren't listed in the security dialog:
 
 1. Select the **Add** button.
+
 1. Enter the user or group in the search bar, then select the user or group from the search result. You can add multiple users and groups.
 1. Select the **Role**.
 1. Select **Add** to save the changes.

docs/pipelines/policies/deployment-group-permissions.md

@@ -1,5 +1,5 @@
 ---
-title: Configure Deployment Group Security in Azure Pipelines
+title: Configure deployment group security in Azure Pipelines
 ms.topic: how-to
 description: Configure security for the deployment groups in Azure Pipelines.
 ms.author: v-catherbund

docs/pipelines/policies/environment-permissions.md

@@ -1,5 +1,5 @@
 ---
-title: Configure Security for Environments in Azure Pipelines
+title: Configure security for environments in Azure Pipelines
 ms.topic: how-to
 description: Configure security for the environments in Azure Pipelines.
 ms.author: v-catherbund
@@ -12,9 +12,9 @@ monikerRange: '>= azure-devops-2020'
 
 [!INCLUDE [version-lt-eq-azure-devops](../../includes/version-gt-eq-2020.md)]
 
-This article provides guidance on managing security for environments in Azure Pipelines. Environments group together deployment targets for use with YAML pipelines. However, they are not supported in classic pipelines. 
+This article provides guidance on managing security for environments in Azure Pipelines. Environments group together deployment targets for use with YAML pipelines. However, they aren't supported in classic pipelines. 
 
-By default, all environments in a project inherit security roles that are assigned to a set of default users and groups at the project level. Security settings can be managed at both the project level and the object level for individual environments..
+By default, all environments in a project inherit security roles that are assigned to a set of default users and groups at the project level. Security settings can be managed at both the project level and the object level for individual environments.
 
 Security roles for environments are:
 
@@ -34,7 +34,7 @@ The default user and group role assignments are:
 | [*project name*]\Project Administrators | Creator |
 | [*project name*]\Project Valid Users | Reader |
 
-The creator of an environment is automatically assigned the **Administrator** role for that environment, and this assignment cannot be changed.
+The creator of an environment is automatically assigned the **Administrator** role for that environment, and this assignment can't be changed.
 
 ## Prerequisites
 

docs/pipelines/policies/library-permissions.md

@@ -1,5 +1,5 @@
 ---
-title: Configure Library Security in Azure Pipelines
+title: Configure library security in Azure Pipelines
 ms.topic: how-to
 description: Configure security for the library and library assets in Azure Pipelines.
 ms.author: v-catherbund
@@ -67,6 +67,12 @@ To add project users or groups that aren't listed in the security dialog:
 
 ::: moniker-end
 
+::: moniker range="< azure-devops-2020"
+
+You can manage access for all library assets, such as [variable groups](../library/variable-groups.md) and [secure files](../library/secure-files.md), from the project-level library security settings.
+
+::: moniker-end
+
 ## Set secure file security roles
 
 Security roles for **Secure files** are inherited from the project-level library role assignments by default. You can override these assignments for an individual file. To remove an inherited user or group, or lower the privilege level of an inherited role, you must disable inheritance.

docs/pipelines/policies/media/agent-pools-indivdual-pool-security.png docs/pipelines/policies/media/agent-pools-individual-pool-security.png

@@ -13,13 +13,13 @@ monikerRange: '<= azure-devops'
 
 [!INCLUDE [version-lt-eq-azure-devops](../../includes/version-lt-eq-azure-devops.md)]
 
-Azure Pipelines security helps you control access to your pipelines and pipeline resources. Access is managed through a hierarchial system of built-in and custom security groups and users.  
+Azure Pipelines security helps you control access to your pipelines and pipeline resources. Access is managed through a hierarchical system of built-in and custom security groups and users.  
 
 Pipeline resources are features and objects that are used in pipelines, but exist outside of the pipeline itself. For example, release pipelines, task groups, agent pools, and service connections are all pipeline resources. 
 
-Upon the creation of a pipeline or resource, a set of built-in security groups and users are assigned access permissions or roles at the project level. These project-level security settings are then inherited at the object level for individual objects. For instance, when you create a pipeline, a default set of users and groups are assigned permissions at the project level. These security settings are subsequently inherited at the object level for all pipelines within the project.
+Upon the creation of a pipeline or resource, a set of built-in security groups and users are assigned access permissions or roles at the project level. These project-level security settings are then inherited at the object level for individual objects. For instance, when you create a pipeline, a default set of users and groups is assigned permissions at the project level. These security settings are then inherited at the object level for all pipelines within the project.
 
-Commonly, administrator groups are given full access to all pipelines and resources. Contributors are often granted access to manage resources and pipelines, while readers are given view-only access.  Users are assigned to security groups based on their role in the project and the permissions they need to perform their tasks.
+Commonly, administrator groups are given full access to all pipelines and resources. Contributors are often granted access to manage resources and pipelines, while readers are given view-only access. Users are assigned to security groups based on their role in the project and the permissions they need to perform their tasks.
 
 You can add and delete users and groups and change their permissions and roles at both the project- and object-levels. Object-level inheritance can be enabled and disabled.  
 

docs/pipelines/policies/media/agent-pools-permissions-add-user.png

@@ -1,5 +1,5 @@
 ---
-title: Set Build Pipeline Permissions in Azure Pipelines 
+title: Set build pipeline permissions in Azure Pipelines 
 ms.topic: how-to
 description: Understand how to set project and object level permissions to securely manage build pipelines.
 ms.author: v-catherbund
@@ -129,7 +129,7 @@ Follow these steps to configure project-level permissions for users and groups a
 
 1. To add users or groups that aren't listed in the permissions dialog, select **Add**, enter the user or group, and select **Save changes**. 
 
-    :::image type="content" source="media/pipeline-security-add-user-2019.png" alt-text="Screenshot of pipeline security add user or group selection":::
+    :::image type="content" source="media/pipeline-security-add-user-2019.png" alt-text="Screenshot of pipeline security add user or group selection.":::
 
 1. Select a user or group and set the permissions.
 

docs/pipelines/policies/media/devops-services-pipeline-manage-security.png

@@ -1,5 +1,5 @@
 ---
-title: Set Release Pipeline Permissions in Azure Pipelines
+title: Set release pipeline permissions in Azure Pipelines
 ms.topic: how-to
 description: Learn how to set user and group permissions to securely manage release pipelines.
 ms.author: v-catherbund
@@ -180,7 +180,7 @@ You can set the permissions to **Allow**, **Deny**, or to **Not set** if the per
 
 1. To add users or groups that aren't listed in the permissions dialog, select **Add**, enter the user or group, and select **Save changes**. 
 
-1. Select a user and group and set the permission to **Allow**, **Deny**, or **Not set**, or the inherited value (for example, **Allow (inherited).
+1. Select a user and group and set the permission to **Allow**, **Deny**, or **Not set**, or the inherited value (for example, **Allow (inherited)**).
 
     :::image type="content" source="media/releases-individual-pipeline-permissions-2019.png" alt-text="Screenshot of release pipeline security add user or group selection.":::
 

docs/pipelines/policies/media/indivdual-service-connection-permission-user-dialog.png

@@ -1,5 +1,5 @@
 ---
-title: Configure Service Connections Security in Azure Pipelines
+title: Configure service connections security in Azure Pipelines
 ms.topic: how-to
 description: Configure security for service connection in Azure Pipelines.
 ms.author: v-catherbund
@@ -121,7 +121,7 @@ Follow these steps to configure security roles for an individual service connect
 
 1. In the **User permissions** section of the **Security** dialog, select **Project** to manage project-level users and groups, or **Organization** to manage organization- or collection-level users and groups.
 
-   :::image type="content" source="media/indivdual-service-connection-permission-user-dialog.png" alt-text="Screenshot of user permissions dialog for individual service connections.":::
+   :::image type="content" source="media/individual-service-connection-permission-user-dialog.png" alt-text="Screenshot of user permissions dialog for individual service connections.":::
 
 1. Select users and groups and change their roles. To lower the privilege level of an inherited role, inheritance must be disabled.
 1. To remove a user or group, select the user or group and select the delete button:::image type="icon" source="../../media/icons/delete-icon.png" border="false":::. Inherited users and groups can't be removed unless inheritance is disabled.

docs/pipelines/policies/media/individual-pipeline-security-dialog.png

@@ -1,5 +1,5 @@
 ---
-title: Set Task Group Permissions in Azure Pipelines
+title: Set task group permissions in Azure Pipelines
 ms.topic: how-to
 description: Learn how to set user and group permissions to securely manage task groups.
 ms.author: v-catherbund
@@ -89,7 +89,7 @@ Follow these steps to set permissions for project-level task groups:
 
 1. Select **Security**.
 
-    :::image type="content" source="media/task-group-security-project.png" alt-text="Select Task groups security selection.":::
+    :::image type="content" source="media/task-group-security-project.png" alt-text="Screenshot of task groups security selection.":::
 
 1. To add users or groups that aren't listed in the permissions dialog, select **Add**, enter the user or group, and select **Save changes**. 
 
@@ -201,6 +201,8 @@ Follow these steps to set permissions for a task group:
 
 1. From your project, select **Pipelines** > **Task groups**. 
 
+    :::image type="content" source="media/task-group-menu-item-2019.png" alt-text="Screenshot of Task group selection.":::
+
 1. Select a task group. 
 
 1. Select **More commands** :::image type="icon" source="../../media/icons/actions-icon.png" border="false"::: > **Security**.