Merge pull request #311723 from habibaum/12Feb-rbac-backlinking

Adding rbac reference backlinking

Author: prmerger-automator[bot]

articles/migrate/best-practices-least-privileged-account.md

@@ -19,6 +19,9 @@ The Azure Migrate appliance is a lightweight tool that discovers on-premises ser
 
 To use these features, you add server and guest credentials in the appliance configuration manager. Following the principle of least privilege helps keep the setup secure and efficient.
 
+>[!IMPORTANT]
+> In addition to configuring least‑privileged credentials for the Azure Migrate appliance, ensure that users are assigned the appropriate Azure Migrate built‑in roles in Azure. These roles provide the minimum required permissions for discovery, assessment, and migration activities. [Learn more](prepare-azure-accounts.md).
+
 ## Discovery of the VMware estate
 
 To discover the basic settings of servers running in the VMware estate, you need the following permissions.

articles/migrate/create-project.md

@@ -27,8 +27,10 @@ Ensure you have the correct permissions to create a project using the following
 
 1. In the Azure portal, open the relevant subscription, and select **Access control (IAM)**.
 2. In **Check access**, find the relevant account, and select it and view permissions. You should have *Azure Migrate Owner* or a role with higher permissions. [Learn more](prepare-azure-accounts.md). 
- > [!Note]
- > Starting November 2025, only users assigned the **Azure Migrate Owner** or a higher privileged role will be able to create Azure Migrate projects. Users without these role assignments will no longer have the required permissions to create new projects.
+
+ > [!NOTE]
+ > - Starting November 2025, only users assigned the **Azure Migrate Owner** or a higher privileged role will be able to create Azure Migrate projects. Users without these role assignments will no longer have the required permissions to create new projects.
+> - For the required Azure Migrate built‑in roles and permission details to create a project and run discovery, assessments, and migrations, see [Prepare Azure accounts for Azure Migrate](prepare-azure-accounts.md).
 
 ::: moniker range="migrate"
 

articles/migrate/migrate-appliance.md

@@ -28,6 +28,8 @@ The Azure Migrate appliance is used in the following scenarios.
 **Discovery and assessment of servers running in Hyper-V environment** | Azure Migrate: Discovery and assessment | Discover servers running in your Hyper-V environment.<br/><br/> Perform discovery of installed software inventory, SQL Server instances and databases, and agentless dependency analysis.<br/><br/> Collect server configuration and performance metadata for assessments.
 **Discovery and assessment of physical or virtualized servers on-premises** |  Azure Migrate: Discovery and assessment |  Discover physical or virtualized servers on-premises.<br/><br/> Perform discovery of installed software inventory, ASP.NET web apps, SQL Server instances and databases, and agentless dependency analysis.<br/><br/> Collect server configuration and performance metadata for assessments.
 
+>[!IMPORTANT]
+> Before deploying the appliance using any method, ensure your Azure account and subscription meet the required role-based access control (RBAC) and permission prerequisites. For more information, see [Prepare Azure accounts for Azure Migrate](prepare-azure-accounts.md).
 
 ## Deployment methods
 

articles/migrate/migrate-services-overview.md

@@ -43,6 +43,9 @@ Watch this video to learn how Azure Migrate delivers enhanced experiences. It he
 > [!VIDEO https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/global/video-embed-one-stream.html?id=08b50a5e-0ee6-4dc5-91d8-9e55350547c6]
 ::: moniker-end
 
+>[!IMPORTANT]
+> For the required Azure Migrate built‑in roles and permission details to create a project and run discovery, assessments, and migrations, see [Prepare Azure accounts for Azure Migrate](prepare-azure-accounts.md).
+
 ### Decide
 
 The first step in a migration journey is to identify your workloads. This process of identification is called *discovery*. To discover your workloads, you can deploy a lightweight [Azure Migrate appliance](migrate-appliance.md) (recommended approach) or quickly import the inventory data for your workloads.

articles/migrate/migrate-support-matrix.md

@@ -45,7 +45,9 @@ Register the Azure Migrate appliance| Azure Migrate uses a lightweight [Azure Mi
 Create a key vault for VMware agentless migration | To migrate VMware VMs with the agentless Azure Migrate and Modernize tool, Azure Migrate creates a key vault to manage access keys to the replication storage account in your subscription. To create the vault, you set permissions (Owner, Contributor, and User Access Administrator) on the resource group where the project resides. | Set up [permissions](./tutorial-discover-vmware.md#prepare-an-azure-user-account).
 
 ::: moniker range="migrate-classic"
-Refer [this article](prepare-azure-accounts.md) to prepare Azure accounts.
+
+>[!IMPORTANT]
+> For detailed information about Azure Migrate built‑in roles and the permissions required for different migration tasks, see [Azure Migrate built‑in roles](prepare-azure-accounts.md).
 
 ## Supported geographies
 

articles/migrate/tutorial-discover-vmware.md

@@ -51,6 +51,9 @@ Requirement | Details
 ## Prepare an Azure user account
 Refer [this article](prepare-azure-accounts.md) to prepare Azure accounts.
 
+>[!IMPORTANT]
+> Ensure the Azure user account has the required Azure Migrate built-in roles to create projects, register appliances, and access discovery results. To understand the minimum role requirements, see [Azure Migrate built‑in roles](prepare-azure-accounts.md).
+
 ## Prepare VMware
 
 On vCenter Server, check that your account has [permissions](migrate-support-matrix-vmware-migration.md#vmware-vsphere-requirements-agentless) to create a VM by using a VMware Open Virtualization Appliance (OVA) virtual machine (VM) installation file. You must have these [permissions](migrate-support-matrix-vmware-migration.md#vmware-vsphere-requirements-agentless) when you deploy the Azure Migrate appliance as a VMware VM by using an OVA file.

articles/migrate/tutorial-migrate-hyper-v.md

@@ -43,6 +43,7 @@ Before you begin this tutorial, you should:
 1. We recommend that you [assess Hyper-V VMs](tutorial-assess-hyper-v.md) before you migrate them to Azure, but you don't have to.
 1. Go to the already created project or [create a new project](./create-manage-projects.md).
 1. Verify permissions for your Azure account. Your Azure account needs permissions to create a VM, write to an Azure managed disk, and manage failover operations for the Recovery Services vault associated with your Azure Migrate project.
+1. For the required Azure Migrate built‑in roles and permission details to create a project and run discovery, assessments, and migrations, see [Prepare Azure accounts for Azure Migrate](prepare-azure-accounts.md).
 
 > [!NOTE]
 > If you're planning to upgrade your Windows operating system (OS), Azure Migrate and Modernize might download the Windows SetupDiag for error details in case upgrade fails. Ensure that the VM created in Azure after the migration has access to [SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142). If there's no access to SetupDiag, you might not be able to get detailed OS upgrade failure error codes, but the upgrade can still proceed.

articles/migrate/tutorial-migrate-physical-virtual-machines.md

@@ -62,6 +62,9 @@ Task | Details
 Create an Azure Migrate project | Your Azure account needs Contributor or Owner permissions to [create a new project](./create-manage-projects.md).
 Verify permissions for your Azure account | Your Azure account needs permissions to create a VM and write to an Azure managed disk.
 
+>[!NOTE]
+> For the required Azure Migrate built‑in roles and permission details to create a project and run discovery, assessments, and migrations, see [Prepare Azure accounts for Azure Migrate](prepare-azure-accounts.md).
+
 ### Assign permissions to create a project
 
 1. In the Azure portal, open the subscription and select **Access control (IAM)**.

articles/migrate/tutorial-migrate-vmware.md

@@ -41,6 +41,7 @@ Before you begin this tutorial, you should:
 2. We recommend that you complete the second tutorial to [assess VMware VMs](./tutorial-assess-vmware-azure-vm.md) before migrating them to Azure, but you don't have to.
 3. Go to the already created project or [create a new project](create-manage-projects.md)
 4. Verify permissions for your Azure account - Your Azure account needs permissions to create a VM, and write to an Azure managed disk.
+5.  For the required Azure Migrate built‑in roles and permission details to create a project and run discovery, assessments, and migrations, see [Prepare Azure accounts for Azure Migrate](prepare-azure-accounts.md).
 
 > [!NOTE]
 > If you're planning to upgrade your Windows operating system, Azure Migrate may download the Windows SetupDiag for error details in case upgrade fails. Ensure the VM created in Azure post the migration has access to [SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142). In case there's no access to SetupDiag, you may not be able to get detailed OS upgrade failure error codes but the upgrade can still proceed.