From 46be4931c3bd11ea2a12f530bed35a7fca43eb91 Mon Sep 17 00:00:00 2001
From: ashtmMSFT <ashtm@microsoft.com>
Date: Tue, 2 Jul 2024 11:20:32 -0400
Subject: [PATCH] Update identity-governance-pim-rules-overview.md

In the "Activation rules" section, the setting marked as #2 seems to be mapped to the incorrect rule. Instead of "Enablement_Admin_Eligibility", it should be "Enablement_EndUser_Assignment". The 'Enforced for caller' column should likely also be updated to 'End User'.

This is further supported by a separate Learn page which shows how to correctly call this API: https://learn.microsoft.com/en-us/graph/how-to-pim-update-rules?tabs=http#example-2-update-the-justification-mfa-and-ticketing-rules-required-on-activation

For more context/repros, please see my confusion (and seeming resolution) on my Q&A post here:
https://learn.microsoft.com/en-us/answers/questions/1656721/pim-activation-settings-for-an-entra-role-exposed
---
 concepts/identity-governance-pim-rules-overview.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/concepts/identity-governance-pim-rules-overview.md b/concepts/identity-governance-pim-rules-overview.md
index 550f1e7aaab..4fe5aa2a571 100644
--- a/concepts/identity-governance-pim-rules-overview.md
+++ b/concepts/identity-governance-pim-rules-overview.md
@@ -56,7 +56,7 @@ The following image shows the activation role settings on the Microsoft Entra ad
 | Number | Microsoft Entra admin center UX Description                                                                                                                                        | Microsoft Graph rule ID / Derived resource type                                                   | Enforced for caller |
 |---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|----------------------|
 | 1      | Activation maximum duration (hours)                                                                                                                                | `Expiration_EndUser_Assignment` / unifiedRoleManagementPolicyExpirationRule                       | End user            |
-| 2      | On activation, require: None, Azure MFA <br/><br/>Require ticket information on activation<br/><br/>Require justification on activation | `Enablement_Admin_Eligibility` / unifiedRoleManagementPolicyEnablementRule                        | Admin               |
+| 2      | On activation, require: None, Azure MFA <br/><br/>Require ticket information on activation<br/><br/>Require justification on activation | `Enablement_EndUser_Assignment` / unifiedRoleManagementPolicyEnablementRule                        | End User               |
 | 3      | On activation, require: Microsoft Entra Conditional Access authentication context (Preview)                                                                               | `AuthenticationContext_EndUser_Assignment` / unifiedRoleManagementPolicyAuthenticationContextRule | End user            |
 | 4      | Require approval to activate                                                                                                                                       | `Approval_EndUser_Assignment` / unifiedRoleManagementPolicyApprovalRule                           | End user            |