Merge branch 'main'

Author: Steve Danielson

docs/organizations/security/about-security-roles.md

@@ -1,7 +1,7 @@
 ---
 title: About pipeline security roles
 titleSuffix: Azure DevOps
-description: Learn about security roles and where they are used to manage select pipeline permissions 
+description: Learn about security roles and where they're used to manage selected pipeline permissions. 
 ms.subservice: azure-devops-security
 ms.author: chcomley
 author: chcomley
@@ -10,62 +10,62 @@ monikerRange: '<= azure-devops'
 ms.date: 10/11/2021
 ---
 
-# About pipeline security roles
+# Pipeline security roles
 
 [!INCLUDE [version-lt-eq-azure-devops](../../includes/version-lt-eq-azure-devops.md)]
 
 <a id="security-roles"></a>
 
-While the majority of features and functional tasks are managed by [individual permissions](about-permissions.md), there are several artifacts and features that the system manages through role-based permissions. You can add users or groups to a role. Each role determines the set of operations that the user can perform as described in the following sections.  
+Security for both build and release pipelines, and task groups, is managed using [task-based permissions](about-permissions.md). Several pipeline resources have their security managed through role-based permissions. Roles can be assigned to users or groups. Each role determines the set of operations that a user can perform, as described in the following sections.
 
-Many role-based permissions can be set for all artifacts of a specific type in a project, or for the project or collection and then selectively inherited for a specific artifact. Role memberships for individual items automatically inherit those set for the project or collection. If required, you can turn off Inheritance for a specific artifact.
+Role-based permissions are set for all resources of a specific type in a project or in an organization or collection. Individual resources inherit the permissions from the project-level settings. Inheritance can be turned off for an individual artifact if necessary.
 
 
 ## Default role assignments
 
-By default, all contributors in a project are members of the User role on each hosted queue.  This allows every contributor in a project to author and run build and release pipelines using hosted queues.
+By default, all contributors in a project are members of the User role on each hosted queue. This role allows every contributor in a project to author and run build and release pipelines using hosted queues.
 
 <a id="agent-queue-security-roles"></a>
 
 ## Agent pool security roles, project-level
 
-You [add users to the following security roles](../../pipelines/policies/set-permissions.md) from the project-level admin context, **Agent Pools** page. For information on adding and managing agent pools, see  [Agent pools](../../pipelines/agents/pools-queues.md).    
+You [add users to the following security roles](../../pipelines/policies/agent-pool-permissions.md) from the project-level admin context, **Agent Pools** page. For information on adding and managing agent pools, see  [Agent pools](../../pipelines/agents/pools-queues.md).    
 
 [!INCLUDE [temp](includes/agent-queue-roles.md)]
 
 <a id="agent-pool-security-roles"></a>
 
 ## Agent pool security roles, organization or collection-level
 
-You [add users to the following security roles](../../pipelines/policies/set-permissions.md) from the **Organization settings** or collection-level admin settings, **Agent Pools** page. For information on adding and managing agent pools, see [Agent pools](../../pipelines/agents/pools-queues.md). 
+You [add users to the following security roles](../../pipelines/policies/agent-pool-permissions.md) from the **Organization settings** or collection-level admin settings, **Agent Pools** page. For information on adding and managing agent pools, see [Agent pools](../../pipelines/agents/pools-queues.md). 
 
 [!INCLUDE [temp](includes/agent-pool-roles.md)]
 
 ## Deployment group security roles
 
-You [add users to the following roles](../../pipelines/policies/set-permissions.md) from **Pipelines** or **Build and Release**.  For information on adding and managing deployment groups, see [Deployment groups](../../pipelines/release/deployment-groups/index.md). 
+You [add users to the following roles](../../pipelines/policies/deployment-group-permissions.md) from **Pipelines** or **Build and Release**. For information on adding and managing deployment groups, see [Deployment groups](../../pipelines/release/deployment-groups/index.md). 
 
 [!INCLUDE [temp](includes/deployment-group-roles.md)]
 
 ## Deployment pool security roles
 
-You [add users to the following roles](../../pipelines/policies/set-permissions.md) from the collection-level admin context, **Deployment Pools** page. To create and manage deployment pools, see [Deployment groups](../../pipelines/release/deployment-groups/index.md).   
+You [add users to the following roles](../../pipelines/policies/deployment-group-permissions.md) from the collection-level admin context, **Deployment Pools** page. To create and manage deployment pools, see [Deployment groups](../../pipelines/release/deployment-groups/index.md).   
 
 [!INCLUDE [temp](includes/deployment-pool-roles.md)]
 
 <a id="library-roles"></a> 
 
 ## Library asset security roles: Variable groups and secure files
 
-You [add users to a library role](../../pipelines/policies/set-permissions.md) from **Pipelines** or **Build and Release**. To learn more about using these library assets, see [Variable groups](../../pipelines/library/variable-groups.md) and [Secure files](../../pipelines/library/secure-files.md)
+You [add users to a library role](../../pipelines/policies/library-permissions.md) from **Pipelines** or **Build and Release**. To learn more about using these library assets, see [Variable groups](../../pipelines/library/variable-groups.md) and [Secure files](../../pipelines/library/secure-files.md).
 
 [!INCLUDE [temp](includes/library-roles.md)]
 
 <a id="service-endpoint-roles"></a> 
 
 ## Service connection security roles
 
-You [add users to the following roles](../../pipelines/policies/set-permissions.md) from the project-level admin context, **Services** page. To create and manage these resources, see [Service connections for build and release](../../pipelines/library/service-endpoints.md).
+You [add users to the following roles](../../pipelines/policies/service-connection-permissions.md) from the project-level admin context, **Services** page. To create and manage these resources, see [Service connections for build and release](../../pipelines/library/service-endpoints.md).
 
 [!INCLUDE [temp](includes/service-endpoint-roles.md)]
 

docs/organizations/security/data-protection.md

@@ -8,7 +8,7 @@ ms.subservice: azure-devops-security
 ms.author: chcomley
 author: chcomley
 ms.reviewer: jominana
-ms.date: 04/19/2024
+ms.date: 05/28/2024
 monikerRange: 'azure-devops'
 ---
 # Data protection overview
@@ -184,7 +184,7 @@ We encrypt data via HTTPS and SSL to help ensure that it isn't intercepted or mo
 - Azure Blob Storage connections are encrypted to help protect your data in transit. For data at rest stored in Azure Blob Storage, Azure DevOps uses [service-side encryption](/azure/storage/common/storage-service-encryption).
 
 > [!NOTE]
-> Azure DevOps is not Federal Information Processing Standards (FIPS) 140-2 or 140-3 compliant.
+> Azure DevOps is Federal Information Processing Standards (FIPS) 140-2 or 140-3 compliant.
 
 The Azure DevOps team uses the Azure infrastructure to log and monitor key aspects of the service. Logging and monitoring help ensure that activities within the service are legitimate, and they help detect breaches or attempted breaches.
 

docs/organizations/security/download-permissions-report-release.md

@@ -15,13 +15,13 @@ ms.date: 07/07/2022
 [!INCLUDE [version-eq-azure-devops](../../includes/version-eq-azure-devops.md)]
 
 
-To determine the effective permissions of users and groups for a release, you can download the permissions report. Requesting the report generates an email with a link to download the report. The report lists the effective permissions for the release you select, for each user and group specified at the time the report is generated. Inherited permissions come from a parent group which you can view from the web portal. The report is a json-formatted report that you can open using Power BI or other json reader.  
+To determine the effective permissions of users and groups for a release, you can download the permissions report. Requesting the report generates an email with a link to download the report. The report lists the effective permissions for the release you select, for each user and group specified at the time the report is generated. Inherited permissions come from a parent group that you can view from the web portal. The report is a json-formatted report that you can open using Power BI or other json reader.  
 
 You can also use the [Permissions Report REST API](/rest/api/azure/devops/permissionsreport/?view=azure-devops-rest-6.1&preserve-view=true) to download the report. 
 
 ## Prerequisites
 
-- To download the permissions report, you must be a member of the **Project Collection Administrators** group. The user interface button won't appear for users who aren't a member of this group. 
+- To download the permissions report, you must be a member of the **Project Collection Administrators** group. The user interface button doesn't appear for users who aren't a member of this group. 
 
 	To find a member of the **Project Collection Administrators** group, see [Look up a project collection administrator](look-up-project-collection-administrators.md).
 
@@ -53,7 +53,7 @@ You can download the report for a specific release from the release's Security d
 
 ## Related articles  
 
-- [Set different levels of pipeline permissions](../../pipelines/policies/permissions.md) 
+- [Set different levels of pipeline permissions](../../pipelines/policies/pipeline-permissions.md) 
 - [Manage permissions with command line tool](manage-tokens-namespaces.md) 
 - [Permissions Report REST API](/rest/api/azure/devops/permissionsreport/?view=azure-devops-rest-6.1&preserve-view=true)
 

docs/organizations/security/includes/library-roles.md

@@ -3,7 +3,7 @@
 > [!div class="mx-tdCol2BreakAll"]  
 > | Role | Description |  
 > |------------|-------------| 
-> | **Administrator** | Can edit/delete and manage security for library items. |
-> | **Creator** | Can create library items. |
-> | **Reader** | Can only read library items. |  
-> | **User** | Can consume library items in pipelines. |  
+> | **Administrator** | Can edit/delete and manage security for library assets. The creator of an asset is automatically given this role for the asset.|
+> | **Creator** | Can create library assets. |
+> | **Reader** | Can only read library assets. |  
+> | **User** | Can consume library assets in pipelines. |  

docs/organizations/security/includes/pipelines-build.md

@@ -13,18 +13,18 @@ ms.date: 08/18/2021
 
 
 
-| Task                    | Readers | Contributors | Build Admins | Project Admins | 
-|-------------------------|---------|--------------|--------------|----------------|
-| View builds             | ✔️      |     ✔️      | ✔️           | ✔️            | 
-| View build pipeline      | ✔️     | ✔️          | ✔️           | ✔️            | 
-| Administer build permissions|     |              | ✔️           | ✔️            | 
-| Delete or edit build pipeline|    |   ✔️         | ✔️           | ✔️            | 
-| Delete or destroy builds |              |         | ✔️          | ✔️             | 
-|Edit build quality        |              |  ✔️       | ✔️          | ✔️          | 
-|Manage build qualities    |              |         |      ✔️        | ✔️          | 
-|Manage build queue        |              |         | ✔️          | ✔️             | 
-|Override check-in validation by build|              |         |             | ✔️  | 
-|Queue builds              |              |     ✔️    | ✔️          | ✔️           | 
-|Retain indefinitely       |        ✔️|   ✔️      |       ✔️       | ✔️            | 
-|Stop builds               | ||✔️|✔️|
-|Update build information ||||✔️|
+| Task | Readers | Contributors | Build Admins | Project Admins | 
+|------|:-------:|:------------:|:------------:|:--------------:|
+| View builds             |✔️|✔️|✔️|✔️| 
+| View build pipeline      |✔️|✔️|✔️|✔️| 
+| Administer build permissions| | |✔️|✔️| 
+| Delete or edit build pipeline| |✔️|✔️|✔️| 
+| Delete or destroy builds | | |✔️|✔️| 
+|Edit build quality        | |✔️|✔️|✔️| 
+|Manage build qualities    | | |✔️|✔️| 
+|Manage build queue        | | |✔️|✔️| 
+|Override check-in validation by build| | | |✔️| 
+|Queue builds              | |✔️|✔️|✔️| 
+|Retain indefinitely       |✔️|✔️|✔️|✔️| 
+|Stop builds               | | |✔️|✔️|
+|Update build information | | | |✔️|

docs/organizations/security/includes/pipelines-release.md

@@ -20,19 +20,19 @@ View releases
 -->
 
 
-| Task                    | Stakeholders | Readers | Contributors | Project Admins | Release Admins |
-|-------------------------|---------------|----------|---------------|-------------|----------------|
-| Approve releases                 | ✔️          |         | ✔️           | ✔️            | ✔️ |
-| View releases                    | ✔️          | ✔️      | ✔️          | ✔️             | ✔️ |
-| View release pipeline            |              | ✔️     | ✔️           | ✔️            | ✔️ |
-| Administer release permissions   |              |         |              | ✔️            | ✔️ |
-| Delete release pipeline or stage |              |         | ✔️          | ✔️             | ✔️ |
-| Delete releases                  |              |         | ✔️          | ✔️             | ✔️ |
-| Edit release pipeline            |              |         |              | ✔️            | ✔️ |
-| Edit release stage               |              |         | ✔️          | ✔️             | ✔️ |
-| Manage deployments               |              |         |              | ✔️            | ✔️ |
-| Manage release approvers         |              |         | ✔️          | ✔️             | ✔️ |
-| Manage releases                  |              |         |              | ✔️            | ✔️ |
+| Task | Stakeholders | Readers | Contributors | Project Admins | Release Admins |
+|------|:------------:|:-------:|:------------:|:--------------:|:--------------:|
+| Approve releases  |✔️| |✔️|✔️|✔️|
+| View releases     |✔️|✔️|✔️|✔️|✔️|
+| View release pipeline  | |✔️|✔️|✔️|✔️|
+| Administer release permissions   | | | |✔️|✔️|
+| Delete release pipeline or stage | | |✔️|✔️|✔️|
+| Delete releases                  | | |✔️|✔️|✔️|
+| Edit release pipeline            | | | ✔️|✔️|✔️|
+| Edit release stage               | | |✔️|✔️|✔️|
+| Manage deployments               | | | ✔️|✔️|✔️|
+| Manage release approvers         | | |✔️|✔️|✔️|
+| Manage releases                  | | |✔️|✔️|✔️|
 
 
 

docs/organizations/security/includes/task-groups.md

@@ -15,8 +15,8 @@ Edit task group
 
 -->
 
-|Task|Readers|Contributors|Build Admins|Project Admins|Release Admins|
-|----|-------|------------|------------|--------------|--------------|
-|Administer task group permissions| | |✔️|✔️|✔️|  
-|Delete task group| | |✔️|✔️|✔️|  
-|Edit task group|  | |✔️|✔️|✔️|  
+|Task                             |Readers|Contributors|Build Admins|Project Admins|Release Admins|
+|----                             |:-------:|:------------:|:------------:|:--------------:|--------------|
+|Administer task group permissions|       |            |✔️          |✔️           |✔️           |  
+|Delete task group                |       |            |✔️          |✔️           |✔️           |  
+|Edit task group                  |       |✔️         |✔️          |✔️           |✔️           |