Live publish for 17 June 2024.

power-platform/admin/assign-security-roles.md

@@ -8,7 +8,7 @@ ms.author: sericks
 ms.custom: "admin-security"
 ms.component: pa-admin
 ms.topic: conceptual
-ms.date: 03/29/2024
+ms.date: 06/17/2024
 search.audienceType: 
   - admin
 contributors:
@@ -56,6 +56,9 @@ When the [allow record ownership across business units](wp-security-cds.md#enabl
 > [!IMPORTANT] 
 > You must assign at least one security role to every user either directly or indirectly as a member of a [group team](manage-group-teams.md). The service doesn't allow access to users who don't have at least one security role.
 
+> [!NOTE]
+> The panel shown above shows and manages only direct role assignments for the user. [Manage group teams](manage-group-teams.md) explains how to see and manage roles assigned as a member of a [group team](manage-group-teams.md).
+
 ## User settings privileges for record ownership across business units
 
 If you have enabled [allow record ownership across business units](wp-security-cds.md#enable-the-matrix-data-access-structure), your users can access data in other business units by having a security role from these other business units directly assigned to them. The user also needs a security role assigned from the user's business unit with  privileges from the following tables in order to update the user UI settings:  

power-platform/admin/customer-managed-key.md

@@ -5,7 +5,7 @@ author: paulliew
 ms.author: paulliew
 ms.reviewer: sericks, matp, ratrtile
 ms.topic: how-to
-ms.date: 05/10/2024
+ms.date: 06/17/2024
 ms.custom: template-how-to
 contributors:
 - kavehkazms
@@ -66,6 +66,9 @@ Currently, all your customer data stored *only* in the following apps and servic
 > [!NOTE]
 > Power Apps display names, descriptions, and connection metadata continues to be encrypted with a Microsoft-managed key.
 
+> [!NOTE]
+> Data analyzed by solution checker enforcement during a solution check continues to be encrypted with a Microsoft-managed key.
+
 Environments with finance and operations apps where [Power Platform integration is enabled](/dynamics365/fin-ops-core/dev-itpro/power-platform/enable-power-platform-integration) can also be encrypted. Finance and operations environments without Power Platform integration will continue to use the default Microsoft managed key to encrypt data. More information: [Encryption in finance and operations apps](/dynamics365/fin-ops-core/dev-itpro/sysadmin/customer-managed-keys)
 
 :::image type="content" source="media/cmk-power-platform-diagram.png" alt-text="Customer-managed encryption key in the Power Platform":::
@@ -465,7 +468,7 @@ You can see the [environment history](environments-overview.md#environment-histo
 
 ### Change the environment's encryption key with a new enterprise policy and key
 
-To change your encryption key, create a new key and a new enterprise policy. You can then change the enterprise policy by removing the environments and then adding the environments to the new enterprise policy. The system is down 2 times when changing to a new enterprise policy - 1) to revert the encryption to Microsoft Managed key and 2) to apply the new enterprise policy.
+To change your encryption key, create a new key and a new enterprise policy. You can then change the enterprise policy by removing the environments and then adding the environments to the new enterprise policy. The system is down two times when changing to a new enterprise policy - 1) to revert the encryption to Microsoft Managed key and 2) to apply the new enterprise policy.
 
  > [!Recommendation]
  > To rotate the encryption key, we recommend using the Key vaults' [**New version** or setting a **Rotation policy**. ](customer-managed-key.md#rotate-the-environments-encryption-key-with-a-new-key-version)