prerequisites

Author: chcomley

docs/includes/prerequisites-project-collection-valid-users-group.md

@@ -0,0 +1,11 @@
+---
+ms.topic: include
+---
+
+**Permissions**: Be a member of the **Project Collection Valid Users** group. Users who are project members are automatically members of this group.
+
+::: moniker range="azure-devops"  
+> [!NOTE]  
+> Users added to the **Project-scoped users** group can't access **Organization settings** other than the **Overview** section if the [**Limit user visibility and collaboration to specific projects** preview feature is enabled](../../user-guide/manage-organization-collection.md#project-scoped-user-group) for the organization.
+
+::: moniker-end  

docs/organizations/security/add-ad-aad-built-in-security-groups.md

@@ -38,7 +38,7 @@ The process for adding an Active Directory group to a built-in security group is
 
 - **Organization connection:** Have your Azure DevOps organization [connected to Microsoft Entra ID](../accounts/connect-organization-to-azure-ad.md).
 - **Permissions:** Be a member of the **Project Collection Administrators** group in Azure DevOps.
-- **Access:** Ensure you have at least **Basic** access in Azure DevOps.
+- **Access:** Have at least **Basic** access in Azure DevOps.
 
 ::: moniker-end
 

docs/organizations/security/add-manage-security-groups.md

@@ -27,13 +27,10 @@ Azure DevOps is pre-configured with default security groups. You can add and man
 > [!NOTE]
 > This article applies to Azure DevOps Services only. For Azure DevOps Server, you can manage security groups using the [**TFSSecurity** command](/azure/devops/server/command-line/tfssecurity-cmd).
 
-
 ## Prerequisites 
 
-- To add and manage security groups, you must be a member of the Project Collection Administrators security group.  
-- You must have installed the Azure DevOps CLI extension as described in [Get started with Azure DevOps CLI](../../cli/index.md).  
-- Sign into Azure DevOps using `az login`.   
-- For the examples in this article, set the default organization as follows: `az devops configure --defaults organization=YourOrganizationURL`.  
+- **Permissions**: Be a member of the **Project Collection Administrators** security group. For more information on tokens, see [Security namespace and permission reference](namespace-reference.md).  
+- **Tools**: Install the Azure DevOps CLI extension as described in [Get started with Azure DevOps CLI](../../cli/index.md). Sign in to Azure DevOps using `az login`.  
 
 ## Security group commands
 

docs/organizations/security/add-remove-manage-user-group-security-group.md

@@ -45,8 +45,9 @@ Azure DevOps uses security groups for the following purposes:
 
 ## Prerequisites
 
-* To manage permissions or groups at the project level, you must be a member of the **Project Administrators** Group. If you created the project, you're automatically added as a member of this group. 
-* To manage permissions or groups at the collection or instance level, you must be a member of the **Project Collection Administrators** Group. If you created the organization or collection, you're automatically added as a member of this group. 
+**Permissions**: 
+* To manage permissions or groups at the project level, be a member of the **Project Administrators** security group. If you created the project, you're automatically added as a member of this group. 
+* To manage permissions or groups at the collection or instance level, be a member of the **Project Collection Administrators** security group. If you created the organization or collection, you're automatically added as a member of this group. 
 
 ::: moniker range="azure-devops"
 > [!NOTE]  

docs/organizations/security/add-users-team-project.md

@@ -32,7 +32,7 @@ In this article, learn how to add users to a team or project. For organizations
 
 [!INCLUDE [temp](../../includes/prerequisites-add-users-server.md)]
 
-If you're new to Azure DevOps, familiarize yourself with the information in the following articles: 
+**Recommended**: If you're new to Azure DevOps, familiarize yourself with the information in the following articles: 
 
 - [Get started with permissions, access levels, and security groups](about-permissions.md)  
 - [About projects and scaling your organization](../projects/about-projects.md)  

docs/organizations/security/change-access-levels.md

@@ -27,9 +27,9 @@ For a simplified overview of the permissions that are assigned to the most commo
 
 ## Prerequisites
 
-* You must be a member of the Administrators group. If you aren't a member, [get added now](/azure/devops/server/admin/add-administrator).
-* To manage access for a large group of users, create either a [Windows group, a group in Active Directory, or Azure DevOps security group](/azure/devops/server/admin/setup-ad-groups), and then add users to those groups.
-* Users must be [added to a project](add-users-team-project.md).
+- **Permissions**: Be a member of the [**Project Administrators** group](../organizations/security/change-project-level-permissions.md). 
+* **Group membership**: To manage access for a large group of users, create either a [Windows group, a group in Active Directory, or Azure DevOps security group](/azure/devops/server/admin/setup-ad-groups), and then add users to those groups.
+* **Project access**: Ensure users are [added to the project](add-users-team-project.md).
 
 ## Open access levels
 

docs/organizations/security/change-organization-collection-level-permissions.md

@@ -46,13 +46,13 @@ You might find the following articles helpful:
 
 ## Prerequisites
 
-**Security groups:**
-- You must be a member of the **Project Collection Administrators** security group to manage permissions or groups at the organization or collection level. If you created the organization or collection, you're automatically a member of this group. To be added to this group, request permissions from a [member of the **Project Collection Administrators** group](look-up-project-collection-administrators.md).
-- Ensure security groups in Microsoft Entra ID or Active Directory are defined before adding them. For more information, see [Add Active Directory / Microsoft Entra users or groups to a built-in security group](add-ad-aad-built-in-security-groups.md).
+**Permissions:**
+- To manage permissions or groups at the organization or collection level, be a member of the [**Project Collection Administrators** security group](look-up-project-collection-administrators.md) . If you created the organization or collection, you're automatically a member of this group.
+- **Directory services**: Ensure security groups in Microsoft Entra ID or Active Directory are defined before adding them. For more information, see [Add Active Directory / Microsoft Entra users or groups to a built-in security group](add-ad-aad-built-in-security-groups.md).
 
 ::: moniker range="azure-devops"
 > [!NOTE]   
->- Users in the **Project-Scoped Users** group can't access most **Organization settings** pages, including **Permissions**. For more information, see [Manage your organization, limit user visibility for projects, and more](../../user-guide/manage-organization-collection.md#project-scoped-user-group).
+>- Users in the **Project-scoped Users** group can't access most organization settings, including permissions. For more information, see [Manage your organization, limit user visibility for projects, and more](../../user-guide/manage-organization-collection.md#project-scoped-user-group).
 >- Users with **Stakeholder** access can't access specific features even if they have permissions to those features. For more information, see [Stakeholder access quick reference](stakeholder-access.md).
 
 ::: moniker-end  

docs/organizations/security/change-project-level-permissions.md

@@ -33,11 +33,11 @@ By default, members of the **Contributors** group are assigned the **Create tag
 
 ## Prerequisites
 
-- To manage permissions or groups at the project level, you must be a member of the **Project Administrators** security group. If you created the project, you're automatically added as a member of this group. To get added to this group, you need to request permissions from a member of the **Project Administrators** group. See [Look up a project administrator](look-up-project-administrators.md).
-- To add security groups defined in Microsoft Entra ID or Active Directory, make sure the security groups are first defined. For more information, see [Add Active Directory / Microsoft Entra users or groups to a built-in security group](add-ad-aad-built-in-security-groups.md).
+- **Permissions**: To manage permissions or groups at the project level, be a member of the [**Project Administrators** security group](look-up-project-administrators.md). If you created the project, you're automatically added as a member of this group.
+- **Directory services**: To add security groups in Microsoft Entra ID or Active Directory, ensure the security groups are already defined. For more information, see [Add Active Directory / Microsoft Entra users or groups to a built-in security group](add-ad-aad-built-in-security-groups.md).
 
 > [!NOTE]   
-> Users granted **Stakeholder** access, can't access select features even if granted permissions to those features. For more information, see [Stakeholder access quick reference](stakeholder-access.md).
+> Users granted **Stakeholder** access can't access select features even if granted permissions to those features. For more information, see [Stakeholder access quick reference](stakeholder-access.md).
 
 <a id="add-user-group"></a>
 

docs/organizations/security/download-permissions-report-release.md

@@ -14,17 +14,13 @@ ms.date: 07/07/2022
 
 [!INCLUDE [version-eq-azure-devops](../../includes/version-eq-azure-devops.md)]
 
- 
 To determine the effective permissions of users and groups for a release, you can download the permissions report. Requesting the report generates an email with a link to download the report. The report lists the effective permissions for the release you select, for each user and group specified at the time the report is generated. Inherited permissions come from a parent group that you can view from the web portal. The report is a json-formatted report that you can open using Power BI or other json reader.  
 
 You can also use the [Permissions Report REST API](/rest/api/azure/devops/permissionsreport/?view=azure-devops-rest-6.1&preserve-view=true) to download the report. 
 
 ## Prerequisites
 
-- To download the permissions report, you must be a member of the **Project Collection Administrators** group. The user interface button doesn't appear for users who aren't a member of this group. 
-
-	To find a member of the **Project Collection Administrators** group, see [Look up a project collection administrator](look-up-project-collection-administrators.md).
-
+**Permissions**: To download the permissions report, be a member of the [**Project Collection Administrators** group](look-up-project-collection-administrators.md). The user interface option isn't available for users who aren't a member of this group.
 
 ## Open the security dialog for the release
 

docs/organizations/security/download-permissions-report.md

@@ -21,8 +21,7 @@ You can also use the [Permissions Report REST API](/rest/api/azure/devops/permis
 
 ## Prerequisites
 
-- To download the permissions report, you must be a member of the Project Collection Administrators group. The user interface button won't appear for users who aren't a member of this group. 
-
+**Permissions**: To download the permissions report, be a member of the [**Project Collection Administrators** group](look-up-project-collection-administrators.md). The user interface option isn't available for users who aren't a member of this group.
 
 ## Open Project Settings>Repositories  
 

docs/organizations/security/export-users-audit-log.md

@@ -26,17 +26,15 @@ You can get a list of users and groups that have access to your organization in
 You can get a list of users and groups that have access to your Azure DevOps Server instance by exporting the audit log. The audit log also indicates access levels.
 ::: moniker-end
 
-
-
 ## Prerequisites
 
 ::: moniker range="azure-devops"
 
-* You must be the **Organization owner** or a member of the **Project Collection Administrators** group. For more information, see [Change project collection-level permissions](change-organization-collection-level-permissions.md).
+**Permissions**: Be a member of the [**Project Collection Administrators** group](change-organization-collection-level-permissions.md). Organization owners are automatically members of this group.
   ::: moniker-end
 
   ::: moniker range="< azure-devops"
-* You must be a member of the Administrators group. If you aren't a member, get added now. For more information, see [Add administrators](/azure/devops/server/admin/add-administrator).
+**Permissions**: Be a member of the [**Administrators** group](/azure/devops/server/admin/add-administrator).
   ::: moniker-end
 
 ## Export a list of users

docs/organizations/security/get-started-stakeholder.md

@@ -28,20 +28,19 @@ For more information, see the [Stakeholder access quick reference](stakeholder-a
 
 ## Prerequisites
 
-**Private project:**
-
-- You must have Stakeholder access and be a member of the Contributors or Project Administrators group. You can view boards, open and modify work items, and add child tasks to a checklist. You can't reorder or reparent a backlog item by using the drag-and-drop method. You can't update a field on a card.
-
-**Public project:**
-
-- You must have Stakeholder access and be a member of the Contributors or Project Administrators group to have full access to all Azure Boards features. For more information, see [Default permissions quick reference](../security/permissions-access.md).
+**Private project:** 
+- **Access levels**: Have **Stakeholder** access.
+  ::: moniker range="azure-devops"
+   To get access as a Stakeholder, ask your organization owner or Project Collection Administrator to add you to a project with Stakeholder access. For more information, see [Add organization users and manage access](../accounts/add-organization-users.md).
+   ::: moniker-end
+   ::: moniker range="< azure-devops"
+   To get access as a Stakeholder, ask your server administrator to add you to a security group that has Stakeholder access. For more information, see [Change access levels](change-access-levels.md).
+   ::: moniker-end    
+- **Permissions**: Be a member of the **Contributors** or **Project Administrators** group. You can view boards, open and modify work items, and add child tasks to a checklist. You can't reorder or reparent a backlog item by using the drag-and-drop method. You can't update a field on a card.
 
-::: moniker range="azure-devops"
-To get access as a Stakeholder, ask your organization owner or Project Collection Administrator to add you to a project with Stakeholder access. For more information, see [Add organization users and manage access](../accounts/add-organization-users.md).
-::: moniker-end  
-::: moniker range="< azure-devops"
-To get access as a Stakeholder, ask your server administrator to add you to a security group that has Stakeholder access. For more information, see [Change access levels](change-access-levels.md).
-::: moniker-end  
+**Public project:** 
+- **Access levels**: Have **Stakeholder** access.
+- **Permissions**: Be a member of the **Contributors** or **Project Administrators** group to have full access to all Azure Boards features. For more information, see [Default permissions quick reference](../security/permissions-access.md).
 
 ## Sign in to a project
 

docs/organizations/security/look-up-organization-owner.md

@@ -21,7 +21,7 @@ To change the **Organization owner**, see [Change organization owner](../account
 
 ## Prerequisites
 
-* To look up the owner or view organization settings, you must be a member of the **Project Collection Valid Users** group. Users added to a project are automatically included in this group. 
+[!INCLUDE [prerequisites-project-collection-valid-users-group](../../includes/prerequisites-project-collection-valid-users-group.md)]
 
 <a name="find-owner"></a>
 

docs/organizations/security/look-up-project-administrators.md

@@ -28,7 +28,7 @@ To add users to the **Project Administrators** group or change a project-level p
 
 ## Prerequisites
 
-You must be a member of the **Project Collection Valid Users** group to look up members of the **Project Administrators** group. Users added to a project are automatically added to this group. 
+[!INCLUDE [prerequisites-project-collection-valid-users-group](../../includes/prerequisites-project-collection-valid-users-group.md)]
 
 ## Identify members of the Project Administrators group
 

docs/organizations/security/look-up-project-collection-administrators.md

@@ -40,13 +40,8 @@ For more information, see [Get started with permissions and security groups](abo
 
 ## Prerequisites
 
-You must be a member of the **Project Collection Valid Users** group to look up members of the **Project Collection Administrators** group. Users added to a project are automatically added to this group. 
- 
-::: moniker range="azure-devops"  
-> [!NOTE]  
-> Users added to the **Project-Scoped Users** group can't access **Organization settings** other than the **Overview** section if the [**Limit user visibility and collaboration to specific projects** preview feature is enabled](../../user-guide/manage-organization-collection.md#project-scoped-user-group) for the organization.
+[!INCLUDE [prerequisites-project-collection-valid-users-group](../../includes/prerequisites-project-collection-valid-users-group.md)]
 
-::: moniker-end  
 
 ## Show members of the Project Collection Administrators group
 

docs/organizations/security/manage-tokens-namespaces.md

@@ -29,12 +29,12 @@ Azure DevOps grants a number of permissions by default to members of default sec
 > 
 ## Prerequisites 
 
-- To manage tokens and namespaces, you must be a member of the Project Collection Administrators security group. For more information on tokens, see [Security namespace and permission reference](namespace-reference.md).  
-- You must have installed the Azure DevOps CLI extension as described in [Get started with Azure DevOps CLI](../../cli/index.md).  
-- Sign into Azure DevOps using `az login`.  
-- For the examples in this article, set the default organization as follows: 
-    - For **Azure DevOps Services**:  `az devops configure --defaults organization=YourOrganizationURL`.  
-    - For **Azure DevOps Server**: `az devops configure --defaults organization=https://ServerName/CollectionName`
+- **Permissions**: Be a member of the **Project Collection Administrators** security group. For more information on tokens, see [Security namespace and permission reference](namespace-reference.md).  
+- **Tools**: Install the Azure DevOps CLI extension as described in [Get started with Azure DevOps CLI](../../cli/index.md).  
+  - Sign into Azure DevOps using `az login`.  
+  - For the examples in this article, set the default organization as follows: 
+    - **Azure DevOps Services**:  `az devops configure --defaults organization=YourOrganizationURL`.  
+    - **Azure DevOps Server**: `az devops configure --defaults organization=https://ServerName/CollectionName`
 
 ## Security permission commands
 

docs/organizations/security/permissions-lookup-guide.md

@@ -26,20 +26,20 @@ Values in parenthesis indicate what level the permission is managed:
 
 ::: moniker range="azure-devops"
 
-- **Object**: Permissions are managed at the object-level    
-- **Project**: Permissions are managed at the project level
-- **Collection**: Permissions are managed at the organization level  
+- **Object**: Permissions are managed at the object level.    
+- **Project**: Permissions are managed at the project level.
+- **Collection**: Permissions are managed at the organization level.  
 - **Role**: Permissions are managed through a security role.   
 - **Team**: Permissions are managed via the team administrator role.
 ::: moniker-end
 
 ::: moniker range="< azure-devops"
 
-- **Object**: Permissions are managed at the object-level    
-- **Project**: Permissions are managed at the project level
-- **Collection**: Permissions are managed at the account or project collection level  
+- **Object**: Permissions are managed at the object level.    
+- **Project**: Permissions are managed at the project level.
+- **Collection**: Permissions are managed at the account or project collection level.  
 - **Role**: Permissions are managed through a security role.  
-- **Server**: Permissions are managed at the instance level for a server   
+- **Server**: Permissions are managed at the instance level for a server.   
 - **Team**: Permissions are managed via the team administrator role.
 ::: moniker-end