MicrosoftDocs
diff --git a/‎power-platform/admin/create-team-template-add-entity-form.md‎
Lines changed: 19 additions & 12 deletions b/‎power-platform/admin/create-team-template-add-entity-form.md‎
Lines changed: 19 additions & 12 deletions
diff --git a/‎power-platform/admin/ip-firewall.md‎
Lines changed: 22 additions & 21 deletions b/‎power-platform/admin/ip-firewall.md‎
Lines changed: 22 additions & 21 deletions
diff --git a/‎power-platform/admin/view-license-consumption-finops-apps.md‎
Lines changed: 9 additions & 8 deletions b/‎power-platform/admin/view-license-consumption-finops-apps.md‎
Lines changed: 9 additions & 8 deletions
@@ -1,5 +1,5 @@
 ---
-title: "Create a team template and add to an entity form  | MicrosoftDocs"
+title: "Create a team template to control access rights for automatically created teams | MicrosoftDocs"
 description: Create a team template and add to an entity form
 author: paulliew
 ms.subservice: admin
@@ -13,22 +13,29 @@ ms.date: 08/22/2023
 search.audienceType: 
   - admin
 ---
+
+
+
+
 # Create a team template to control access rights for automatically created teams
 
 <!-- legacy procedure -->
 
-A team template can be used for the entities that are enabled for automatically created access teams. In the team template, you have to specify the entity type and the access rights on the entity record. For example, you can create a team template for an account entity and specify the Read, Write, and Share access rights on the account record that the team members are granted when the team is automatically created. After you create a team template, you have to customize the entity main form to include the new team template. After you publish customizations, the access team template is added in all record forms for the specified entity in a form of a list. For example, you created a team template called “Sales team” for the account entity. On all account record forms you’ll see the list called “Sales team”. You can add or remove team members using this list.  
+A team template can be used for the entities that are enabled for automatically created access teams. In the team template, you have to specify the entity type and the access rights on the entity record. For example, you can create a team template for an account entity and specify the Read, Write, and Share access rights on the account record that the team members are granted when the team is automatically created. 
+
+After you create a team template, you have to customize the entity main form to include the new team template. After you publish customizations, the access team template is added in all record forms for the specified entity in the form of a list. For example, you created a team template called “Sales team” for the account entity. On all account record forms you’ll see the list called “Sales team”. You can add or remove team members using this list.  
 
 To learn more about creating, using, and adding access teams to a solution, watch the following video.
+
 > [!VIDEO https://www.microsoft.com/videoplayer/embed/RW18Hte] 
 
 
 ## Enable an entity for access teams  
 
-Make sure you have the System Administrator or System Customizer security role or equivalent permissions.
+Make sure you have the system administrator or system customizer security role or equivalent permissions.
 
 Check your security role:
-- Follow the steps in [View your user profile](/powerapps/user/view-your-user-profile).
+- Follow the steps in [View your user information](/powerapps/user/view-your-user-profile).
 - Don’t have the correct permissions? Contact your system administrator.
 
 1. Sign in to the [Power Platform admin center](https://admin.powerplatform.microsoft.com) as an admin (Dynamics 365 admin, Microsoft 365 Global admin, or Microsoft Power Platform admin).
@@ -77,15 +84,15 @@ Check your security role:
 
     The **Set Properties** dialog box appears.  
 
-9. In **Set Properties**, complete the required fields, and then select the **Display label on the Form** check box. 
+9. In **Set Properties**, complete the required fields, and then select the **Display label on the Form** checkbox. 
 
-10. In the **Records** drop-down list, select **All Record Types**.  
+10. In the **Records** dropdown list, select **All Record Types**.  
 
-11. In the **Entity** drop-down list, select **Users**.  
+11. In the **Entity** dropdown list, select **Users**.  
 
-12. In the **Default View** drop-down list, select **Associated Record Team Members**.  
+12. In the **Default View** dropdown list, select **Associated Record Team Members**.  
 
-13. In the **Team Template** drop-down list, select the desired template and choose **Set**.  
+13. In the **Team Template** dropdown list, select the desired template and choose **Set**.  
 
      The team template you selected now appears on the **Main** form.  
 
@@ -111,10 +118,10 @@ You can add your team template as a component to a [solution](/power-apps/maker/
 1. Select the **Include table metadata** option.
 1. Select **Add**.
 
-> [!NOTE]
-> For custom tables, you will need to select the **Include all objects** option.
+    > [!NOTE]
+    > For custom tables, you'll need to select the **Include all objects** option.
 
-   Add the form where the Team template was added.
+Add the form where the Team template was added.
 
 1. Double-click the table where the updated form resides.
 1. Click the **Forms** link under the **Data experiences** section.
 
@@ -1,7 +1,7 @@
 ---
-title: IP firewall in Power Platform environments (preview)
+title: IP firewall in Power Platform environments
 description: Learn how to configure the IP firewall in Microsoft Power Platform environments to help keep your organizational data secure.
-ms.date: 07/25/2023
+ms.date: 10/31/2023
 ms.topic: how-to
 author: ritesp
 ms.author: ritesp
@@ -11,19 +11,17 @@ ms.custom:
   - bap-template
 ---
 
-# IP firewall in Power Platform environments (preview)
+# IP firewall in Power Platform environments
 
-[!INCLUDE [cc-beta-prerelease-disclaimer](../includes/cc-beta-prerelease-disclaimer.md)]
 
-The IP firewall helps to protect your organizational data by limiting user access to Dataverse from only allowed IP locations. The IP firewall analyses the IP address of each request in real time. For example, suppose the IP firewall is turned on in your production Dataverse environment and allowed IP addresses are in the ranges associated with your office location. If a user tries to access organizational resources from a coffee shop, Dataverse denies access in real time.
+The IP firewall helps to protect your organizational data by limiting user access to Dataverse from only allowed IP locations. The IP firewall analyses the IP address of each request in real time. For example, suppose the IP firewall is turned on in your production Dataverse environment and allowed IP addresses are in the ranges associated with your office locations and not any external IP location like a coffee shop. If a user tries to access organizational resources from a coffee shop, Dataverse denies access in real time.
 
 :::image type="content" source="media/ip-firewall-dataverse-diagram.png" alt-text="Diagram illustrating the IP firewall feature in Dataverse.":::
 
 > [!IMPORTANT]
 >
-> - This is a preview feature.
-> - [!INCLUDE [preview](../includes/cc-preview-features-definition.md)]
 > - The IP firewall feature is only available with [Managed Environments](managed-environment-overview.md).
+> - The IP firewall feature only supports OData endpoints for accessing Dataverse data. Support for [TDS endpoints](settings-features.md#tds-endpoint) will be included in future release.
 
 ## Key benefits
 
@@ -32,7 +30,7 @@ Enabling the IP firewall in your Power Platform environments offers several key
 - **Mitigate insider threats like data exfiltration**: A malicious user who tries to download data from Dataverse using a client tool like Excel or Power BI from a disallowed IP location is blocked from doing so in real time.
 - **Prevent token replay attacks**: If a user steals an access token and tries to use it to access Dataverse from outside allowed IP ranges, Dataverse denies the attempt in real time.
 
-IT firewall protection works in both interactive and noninteractive scenarios.
+IP firewall protection works in both interactive and noninteractive scenarios.
 
 ## How does the IP firewall work?
 
@@ -49,12 +47,12 @@ When a request is made to Dataverse, the request IP address is evaluated in real
 1. Select **Environments**, and then select an environment.
 1. Select **Settings** > **Product** > **Privacy + Security**.
 1. Under **IP address settings**, set **Enable IP address based firewall rule** to **On**.
-1. Under **Allowed list of IPv4 or IPv6 ranges**, specify the allowed IP ranges in classless interdomain routing (CIDR) format. If you have multiple IP ranges, separate them with a comma. This field accepts up to 4,000 alphanumeric characters and allows a maximum of 200 IP ranges.
+1. Under **Allowed list of IPv4 ranges**, specify the allowed IP ranges in classless interdomain routing (CIDR) format as per [RFC 4632](https://datatracker.ietf.org/doc/html/rfc4632). If you have multiple IP ranges, separate them with a comma. This field accepts up to 4,000 alphanumeric characters and allows a maximum of 200 IP ranges.
 1. Select other settings, as appropriate:
 
    - **Service tags to be allowed by IP firewall**: From the list, select service tags that can bypass IP firewall restrictions.
-   - **Allow access for Microsoft trusted services**: This setting allows service tags `PowerPlatformInfra`, `GenevaSynthetics`, and `GenevaActions` and internal first-party applications to access the Power Platform environment with Dataverse. Enabled by default.
-   - **Allow access for all application users**: This setting allows all application users third-party and first-party access to Dataverse APIs. Enabled by default.
+   - **Allow access for Microsoft trusted services**: This setting enables Microsoft trusted services like monitoring and [support user](support-environment.md) etc. to bypass the IP firewall restrictions to access the Power Platform environment with Dataverse. Enabled by default.
+   - **Allow access for all application users**: This setting allows [all application users](system-application-users.md) third-party and first-party access to Dataverse APIs. Enabled by default.
    - [**Enable IP firewall in audit-only mode**](#what-is-audit-only-mode): This setting enables the IP firewall but allows requests regardless of their IP address. Enabled by default.
    - **Reverse proxy IP addresses**: If your organization has reverse proxies configured, enter the IP addresses of one or more, separated by commas. The reverse proxy setting applies to both IP-based cookie binding and the IP firewall.
 
@@ -75,6 +73,8 @@ You should test the IP firewall to verify that it's working.
 
    You should have the access to the environment that's defined by your security role.
 
+We recommend that you should test the IP firewall in your test environment first, followed by audit-only mode in Production environment before ennforcing the IP firewall on your Production environment.
+
 ## Frequently asked questions (FAQ)
 
 ### What does the IP firewall cover in Power Platform?
@@ -83,31 +83,31 @@ The IP firewall is supported in any Power Platform environment that includes Dat
 
 ### How soon does a change to the IP address list take effect?
 
-Changes to the list of allowed IP addresses or ranges typically take effect in about five minutes.
+Changes to the list of allowed IP addresses or ranges typically take effect in about 5-10 minutes.
 
 ### Does this feature work in real time?
 
-IP firewall protection works in real time. Since the feature works at the network layer, it evaluates the request even before the authentication flow begins.
+IP firewall protection works in real time. Since the feature works at the network layer, it evaluates the request after the authentication request is completed.
 
 ### Is this feature enabled by default in all environments?
 
-The IP firewall isn't enabled by default. The Power Platform administrator needs to enable it in relevant environments.
+The IP firewall isn't enabled by default. The Power Platform administrator needs to enable it for Managed Environments.
 
 ### What is audit-only mode?
 
-In audit-only mode, the IP firewall identifies the IP addresses that are making calls to the environment and allows them all, whether they're in an allowed range or not. It's helpful when you're configuring restrictions on a Power Platform environment. We recommend that you enable audit-only mode for at least a week and disable it only after careful review of the audit logs.
+In audit-only mode, the IP firewall identifies the IP addresses that are making calls to the environment and allows them all, whether they're in an allowed range or not. It's helpful when you're configuring restrictions on a Power Platform environment. We recommend that you enable audit-only mode for at least a week and disable it only after careful review of the [audit logs](#how-do-i-download-the-audit-log-for-audit-only-mode).
 
 ### Is this feature available in all the environments?
 
-The IP firewall is available in Managed Environments only.
+The IP firewall is available for [Managed Environments](managed-environment-overview.md) only.
 
 ### Is there a limit on the number of IP addresses that I can add in the IP address text box?
 
-You can add up to 200 IP addresses, separated by commas.
+You can add up to 200 IP addresses ranges in CIDR format as per [RFC 4632](https://datatracker.ietf.org/doc/html/rfc4632), separated by commas.
 
-### What should I do if I'm locked out due to incorrect configuration of IP addresses in the IP firewall?
+### What should I do if requests to Dataverse starts to fail?
 
-If the IP firewall is misconfigured, contact Microsoft Customer Support to get the environment unlocked.
+An incorrect configuration of IP ranges for IP firewall might be causing this issue. You can check and verify the IP ranges on the IP firewall settings page. We recommend that you turn on the IP firewall in Audit-only mode before enforcing it.
 
 ### How do I download the audit log for audit-only mode?
 
@@ -119,8 +119,6 @@ Use the Dataverse OData API to download the audit log data in JSON format. The f
 - Set the action value to **118** for this event.
 - Set the number of items to return in **top=1** or specific the number you want to return.
 
-Reach out to Microsoft Support to get the API enabled for your Power Platform environment.
-
 ### My Power Automate flows aren't working as expected after configuring the IP firewall on my Power Platform environment. What should I do?
 
 In the IP firewall settings, allow the service tags listed in [Managed connectors outbound IP addresses](/connectors/common/outbound-ip-addresses).
@@ -129,6 +127,9 @@ In the IP firewall settings, allow the service tags listed in [Managed connector
 
 Make sure your reverse proxy is configured to send the client IP address in the forwarded header.
 
+### Some of the calls from Power BI are failing after i enabled the IP firewall on the Power Platform environment.
+Currently, you can ony use IP firewall for OData endpoints in Dataverse to access data from configured IP location. If you want to continue using [TDS endpoints](settings-features.md#tds-endpoint), you will need to disable IP firewall in the environment.
+
 ## Next steps
 
 [Security in Microsoft Dataverse](wp-security.md)
@@ -23,7 +23,7 @@ You can use the **Licenses (preview)** page in the [Power Platform admin center]
 - What types of finance and operations licenses do you have available for your tenant?
 - How many licenses have been assigned to users?
 - How many roles have been assigned to users in different finance and operations environments, and what licenses are needed based on their role assignment?
-- Are there additional licenses needed based on role assignments in your tenant?
+- Are additional licenses needed based on role assignments in your tenant?
 
 > [!IMPORTANT]
 >
@@ -35,14 +35,14 @@ You can use the **Licenses (preview)** page in the [Power Platform admin center]
 
 To see an overview of license usage:
 
-1. Sign in to the [Power Platform admin center](https://admin.powerplatform.microsoft.com/)
-1. From **Billing (preview)** select **Licences (preview)**.
+1. Sign in to the [Power Platform admin center](https://admin.powerplatform.microsoft.com/).
+1. From **Billing (preview)**, select **Licenses (preview)**.
 1. Select the **Overview** tab.
 1. Select **Finance and operations** from the **Product** list.
 
 ### User license level overview
 
-The **User license level overview** section provides a summary count of user licenses available, assigned, and required for the tenant for Finance and Operations environments.
+The **User license level overview** section provides a summary count of user licenses available, assigned, and required for the tenant for finance and operations environments.
 
 | Information | Description |
 | ------- | ----------- |
@@ -54,7 +54,7 @@ The **User license level overview** section provides a summary count of user lic
 
 You can view the individual licenses mapped to a license level, and the number of seats available for the individual license by selecting the number in the **Available seats** for a specific user license level.
 
-### Drill down view
+### Drill-down view
 
 Select the specific **User license level** to see a list, and additional details of users who are required to have the selected license.
 
@@ -67,14 +67,15 @@ Select the specific **User license level** to see a list, and additional details
 | Required license | Mapped user license level for the role license. |
 | Assigned license | The license assigned to the user. |
 
-The following is a screenshot of the **Licences (preview)** page displaying **User license level**.
+The following is a screenshot of the **Licenses (preview)** page displaying **User license level**.
 
 :::image type="content" source="media/admin-view-user-licenses/finops-apps-drill-down.png" alt-text="Screenshot of the Licenses (preview) page, including User license level.":::
 
 You can filter the view using **Environment, Security role, Role license** and **Assigned license** filters.
-Select an **Email/User ID** to view the details of all roles assigned to the selected user across all finance and operations environments in the tenant. This view also provides recommendations on what licenses should be assigned to the user based on the user's assigned roles. This can be see in the following image.
 
-:::image type="content" source="media/admin-view-user-licenses/finops-apps-email-userid-sort.png" alt-text="Screenshot of the details of all roles assigned to a selected user across all finance and operations enviornments in a tenant.":::
+Select an **Email/User ID** to view the details of all roles assigned to the selected user across all finance and operations environments in the tenant. This view also provides recommendations on what licenses should be assigned to the user based on the user's assigned roles. This can be seen in the following image.
+
+:::image type="content" source="media/admin-view-user-licenses/finops-apps-email-userid-sort.png" alt-text="Screenshot of the details of all roles assigned to a selected user across all finance and operations environments in a tenant.":::
 
 ## Download