From 7ea2a3ec73d566b07ae3be90d7363899e5b4dea6 Mon Sep 17 00:00:00 2001
From: Ortagus Winfrey <85191667+OWinfreyATL@users.noreply.github.com>
Date: Tue, 17 Dec 2024 13:35:50 -0500
Subject: [PATCH 1/3] Terms of use added to permissions with least privilege
 role.

---
 docs/identity/role-based-access-control/delegate-by-task.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/identity/role-based-access-control/delegate-by-task.md b/docs/identity/role-based-access-control/delegate-by-task.md
index 45241abfc57..2cb6a55e579 100644
--- a/docs/identity/role-based-access-control/delegate-by-task.md
+++ b/docs/identity/role-based-access-control/delegate-by-task.md
@@ -355,6 +355,8 @@ You can further restrict permissions by assigning roles at smaller scopes or by
 > | Manage terms of use | [Conditional Access Administrator](permissions-reference.md#conditional-access-administrator) | [Security Administrator](permissions-reference.md#security-administrator) |
 > | Read all configuration | [Default user role](../../fundamentals/users-default-permissions.md) |  |
 > | Read named locations | [Default user role](../../fundamentals/users-default-permissions.md) |  |
+> | Read terms of use | [Security Reader](permissions-reference.md#security-reader) |  |
+> | Read which terms of use were accepted by the signed-in user | [Default user role](../../fundamentals/users-default-permissions.md) |  |
 
 ## Security - Identity security score
 

From e40f9657c79327a867e374e861bf787ba0ef4164 Mon Sep 17 00:00:00 2001
From: Ortagus Winfrey <85191667+OWinfreyATL@users.noreply.github.com>
Date: Tue, 17 Dec 2024 14:15:54 -0500
Subject: [PATCH 2/3] Global reader added to read terms of use

---
 docs/identity/role-based-access-control/delegate-by-task.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/identity/role-based-access-control/delegate-by-task.md b/docs/identity/role-based-access-control/delegate-by-task.md
index 2cb6a55e579..82704de6826 100644
--- a/docs/identity/role-based-access-control/delegate-by-task.md
+++ b/docs/identity/role-based-access-control/delegate-by-task.md
@@ -355,7 +355,7 @@ You can further restrict permissions by assigning roles at smaller scopes or by
 > | Manage terms of use | [Conditional Access Administrator](permissions-reference.md#conditional-access-administrator) | [Security Administrator](permissions-reference.md#security-administrator) |
 > | Read all configuration | [Default user role](../../fundamentals/users-default-permissions.md) |  |
 > | Read named locations | [Default user role](../../fundamentals/users-default-permissions.md) |  |
-> | Read terms of use | [Security Reader](permissions-reference.md#security-reader) |  |
+> | Read terms of use | [Security Reader](permissions-reference.md#security-reader) |  [Global Reader](permissions-reference.md#global-reader) |
 > | Read which terms of use were accepted by the signed-in user | [Default user role](../../fundamentals/users-default-permissions.md) |  |
 
 ## Security - Identity security score

From 7165ac7310451d33b3a18508f8f0860051bed494 Mon Sep 17 00:00:00 2001
From: Mamta Kumar <mamkumar@microsoft.com>
Date: Tue, 17 Dec 2024 14:10:00 -0800
Subject: [PATCH 3/3] Update secure-generative-ai.md

---
 docs/architecture/secure-generative-ai.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/architecture/secure-generative-ai.md b/docs/architecture/secure-generative-ai.md
index 5330d6ddbea..d7351486a2a 100644
--- a/docs/architecture/secure-generative-ai.md
+++ b/docs/architecture/secure-generative-ai.md
@@ -29,7 +29,7 @@ This article delves into the specific security challenges that Gen AI poses and
 
 ## Discover overprivileged identities
 
-Ensure that users have the appropriate permissions to comply with the [principal of least privilege](../identity-platform/secure-least-privileged-access.md). Based on our telemetry, over 90% of identities use less than 5% of permissions granted. Over 50% of those permissions are high risk. Compromised accounts can cause catastrophic damage.
+Ensure that users have the appropriate permissions to comply with the [principle of least privilege](../identity-platform/secure-least-privileged-access.md). Based on our telemetry, over 90% of identities use less than 5% of permissions granted. Over 50% of those permissions are high risk. Compromised accounts can cause catastrophic damage.
 
 Multicloud environment management is difficult as Identity and Access Management (IAM) and security teams often need to collaborate cross-functionally. Multicloud environments can limit comprehensive view into identities, permissions, and resources. This limited view increases the attack surface on identities that have overly privileged roles and over permissioned accounts. Risk of compromised unused accounts with high permissions increases as organizations adopt multicloud.