BED-7061 docs: Update HelpTexts for AZ role edges

[martinsohn]

Fixes the BH Docs part of BED-7061

Summary

Updates help text for Azure Entra ID role edges to improve consistency, clarity, and accuracy.

Changes

• Standardized terminology from "AzureAD" to "Entra ID" across all role edges
• Updated edge descriptions to clearly state "The principal has the [Role Name] Entra ID role active"
• Added Microsoft official documentation references for all roles
• Improved cross-referencing between related edges (AZHasRole, AZRoleEligible, AZRoleApprover)
• Enhanced descriptions for PIM (Privileged Identity Management) relationships

Files Modified

• az-app-admin.mdx
• az-cloud-app-admin.mdx
• az-global-admin.mdx
• az-has-role.mdx
• az-privileged-auth-admin.mdx
• az-privileged-role-admin.mdx
• az-role-approver.mdx
• az-role-eligible.mdx

Summary by CodeRabbit

• Documentation
  • Updated Azure AD role documentation with current Microsoft Entra ID terminology for improved accuracy and clarity.
  • Enhanced role descriptions across multiple admin roles (Application Admin, Cloud Application Admin, Global Admin, Privileged Role Admin, and others).
  • Added references to Microsoft Entra built-in roles documentation.
  • Clarified role eligibility and Privileged Identity Management (PIM) concepts.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR modernizes documentation terminology across eight Azure/Entra ID edge resource files, replacing generic role names with standardized "Entra ID role" phrasing and adding corresponding Microsoft Entra built-in roles references throughout.

Changes

Cohort / File(s)	Change Summary
Entra ID Role Documentation Updates docs/resources/edges/az-app-admin.mdx, docs/resources/edges/az-cloud-app-admin.mdx, docs/resources/edges/az-global-admin.mdx, docs/resources/edges/az-privileged-auth-admin.mdx, docs/resources/edges/az-privileged-role-admin.mdx	Updated role descriptions to explicitly reference "Entra ID role" terminology; added References bullets linking to Microsoft Entra built-in roles documentation pages
Generic Role Reference Modernization docs/resources/edges/az-has-role.mdx	Updated description, Abuse Info, and Opsec Considerations to replace "AzureAD admin role" with "Entra ID role"; added Entra ID permissions-reference link and removed Azure RBAC overview link
PIM and Role Eligibility Documentation docs/resources/edges/az-role-approver.mdx, docs/resources/edges/az-role-eligible.mdx	Clarified role approver designation in PIM policies and role eligibility for Entra ID roles; updated wording for clarity; added PIM configuration reference

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

These are homogeneous documentation updates following a consistent pattern of terminology modernization. All changes are editorial, involving description rewording and reference additions with no functional logic alterations.

Possibly related PRs

• BED-6672: Add docs for AZRoleApprover and AZRoleEligible edges #89 — Main PR updating wording and references in multiple edge docs including az-role-approver.mdx and az-role-eligible.mdx with direct overlap in this PR's scope.

Suggested labels

documentation

Suggested reviewers

• jeff-matthews
• Scoubi
• StephenHinck

Poem

🐰 The docs now speak in Entra's name,
Where roles wear titles clear and plain,
Azure Admin days fade away,
While modern references save the day—
A rabbit hops through cleaner prose! 📚✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title 'BED-7061 docs: Update HelpTexts for AZ role edges' clearly describes the main change: updating help text documentation for Azure role edges.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch BED-7061-AZ-role-edges-docs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

docs/resources/edges/az-role-approver.mdx (1)

14-14: Optional: Consider simplifying "prior to".

The phrase "prior to becoming effective" could be simplified to "before becoming effective" for improved readability, though this is a minor stylistic suggestion.

-When a role has an approver for actions, these actions will require a predesignated principal to approve the action prior to becoming effective.
+When a role has an approver for actions, these actions will require a predesignated principal to approve the action before becoming effective.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 15af67e and f641b82.

📒 Files selected for processing (8)

• docs/resources/edges/az-app-admin.mdx (2 hunks)
• docs/resources/edges/az-cloud-app-admin.mdx (2 hunks)
• docs/resources/edges/az-global-admin.mdx (2 hunks)
• docs/resources/edges/az-has-role.mdx (1 hunks)
• docs/resources/edges/az-privileged-auth-admin.mdx (2 hunks)
• docs/resources/edges/az-privileged-role-admin.mdx (1 hunks)
• docs/resources/edges/az-role-approver.mdx (1 hunks)
• docs/resources/edges/az-role-eligible.mdx (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: jeff-matthews
Repo: SpecterOps/bloodhound-docs PR: 89
File: docs/resources/edges/az-role-approver.mdx:14-14
Timestamp: 2025-10-27T15:00:33.251Z
Learning: In the bloodhound-docs repository, documentation content derived from HelpTexts in the code should not be editorially changed unless there's an egregious error. Minor stylistic improvements should be submitted as PRs to the source code instead of being made directly in the documentation.

Learnt from: StephenHinck
Repo: SpecterOps/bloodhound-docs PR: 42
File: docs/install-data-collector/install-azurehound/system-requirements.mdx:70-73
Timestamp: 2025-08-08T15:57:55.743Z
Learning: For AzureHound docs (docs/install-data-collector/install-azurehound/system-requirements.mdx), prefer explicitly stating:
- Directory Reader must be permanently active (not PIM-eligible only).
- Microsoft Graph application permissions (Directory.Read.All, RoleManagement.Read.All) require admin consent.
- Azure Reader role phrasing: “on all Azure subscriptions, ideally assigned at the tenant root group (root management group) scope.”

📚 Learning: 2025-08-08T15:57:55.743Z

Learnt from: StephenHinck
Repo: SpecterOps/bloodhound-docs PR: 42
File: docs/install-data-collector/install-azurehound/system-requirements.mdx:70-73
Timestamp: 2025-08-08T15:57:55.743Z
Learning: For AzureHound docs (docs/install-data-collector/install-azurehound/system-requirements.mdx), prefer explicitly stating:
- Directory Reader must be permanently active (not PIM-eligible only).
- Microsoft Graph application permissions (Directory.Read.All, RoleManagement.Read.All) require admin consent.
- Azure Reader role phrasing: “on all Azure subscriptions, ideally assigned at the tenant root group (root management group) scope.”

Applied to files:

• docs/resources/edges/az-has-role.mdx
• docs/resources/edges/az-privileged-role-admin.mdx
• docs/resources/edges/az-privileged-auth-admin.mdx
• docs/resources/edges/az-app-admin.mdx
• docs/resources/edges/az-cloud-app-admin.mdx
• docs/resources/edges/az-global-admin.mdx

🪛 LanguageTool

docs/resources/edges/az-role-approver.mdx

[style] ~14-~14: ‘prior to’ might be wordy. Consider a shorter alternative.
Context: ...ignated principal to approve the action prior to becoming effective. ## References * ht...

(EN_WORDINESS_PREMIUM_PRIOR_TO)

🔇 Additional comments (8)

docs/resources/edges/az-cloud-app-admin.mdx (1)

3-3: LGTM! Terminology and reference updates are consistent.

The updated description standardizes the role name to "Cloud Application Administrator Entra ID role" and the added Microsoft Entra reference provides official documentation, both improving clarity and consistency across edge documentation.

Also applies to: 19-19

docs/resources/edges/az-role-eligible.mdx (1)

3-3: LGTM! Enhanced cross-referencing and terminology.

The updated description improves clarity by specifying "Entra ID role" and adds a helpful cross-reference to the AZHasRole edge, making it easier for users to understand the relationship between eligibility and active role assignments.

docs/resources/edges/az-global-admin.mdx (1)

3-3: LGTM! Consistent terminology and reference updates.

The description now uses the standardized "Global Administrator Entra ID role" terminology, and the added Microsoft Entra reference provides official documentation for this critical role.

Also applies to: 22-22

docs/resources/edges/az-has-role.mdx (1)

3-3: LGTM! Comprehensive terminology standardization and improved cross-referencing.

The file consistently updates terminology to "Entra ID role" throughout the description, abuse info, and opsec considerations. The added cross-reference to AZRoleEligible and the updated Entra permissions reference improve documentation quality and navigation.

Also applies to: 10-10, 14-14, 17-17

docs/resources/edges/az-privileged-auth-admin.mdx (1)

3-3: LGTM! Terminology and reference updates are consistent.

The description now uses the standardized "Privileged Authentication Administrator Entra ID role" terminology, and the reference text clarification helps users understand the source of the documentation.

Also applies to: 20-20

docs/resources/edges/az-app-admin.mdx (1)

3-3: LGTM! Consistent terminology and reference updates.

The description now uses the standardized "Application Administrator Entra ID role" terminology, and the added Microsoft Entra reference provides official documentation for this role.

Also applies to: 20-20

docs/resources/edges/az-role-approver.mdx (1)

3-3: LGTM! Terminology, technical accuracy, and reference improvements.

The changes improve the documentation by:

• Standardizing to "Entra ID role" terminology
• Using "principal" instead of "account" for technical consistency with other documentation
• Adding a cross-reference to AZRoleEligible
• Adding the PIM configuration reference

Also applies to: 10-10, 17-17

docs/resources/edges/az-privileged-role-admin.mdx (1)

3-3: LGTM! Terminology, content enhancement, and reference improvements.

The changes improve documentation quality by:

• Standardizing to "Privileged Role Administrator Entra ID role" terminology
• Expanding the Abuse Info section with more specific and actionable details about granting admin roles
• Adding the Microsoft Entra reference for official documentation

Also applies to: 11-11, 19-19

[jeff-matthews]

Thanks for the update @martinsohn!