Merge branch 'main' of github.com:github/docs-internal into remove-fpt

content/github/administering-a-repository/about-dependabot-version-updates.md

@@ -44,3 +44,7 @@ You can configure version updates for repositories that contain a dependency man
 {% data reusables.dependabot.supported-package-managers %}
 
 If your repository already uses an integration for dependency management, you will need to disable this before enabling {% data variables.product.prodname_dependabot %}. For more information, see "[About integrations](/github/customizing-your-github-workflow/about-integrations)."
+
+### About notifications for {% data variables.product.prodname_dependabot %} version updates
+
+You can filter your notifications on {% data variables.product.company_short %} to show {% data variables.product.prodname_dependabot %} version updates. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)."

content/github/administering-a-repository/about-releases.md

@@ -25,7 +25,7 @@ You can receive notifications when new releases are published in a repository wi
 
 Anyone with read access to a repository can view and compare releases, but only people with write permissions to a repository can manage releases. For more information, see "[Managing releases in a repository](/github/administering-a-repository/managing-releases-in-a-repository)."
 
-{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@latest" %}
 People with admin permissions to a repository can choose whether {% data variables.large_files.product_name_long %} ({% data variables.large_files.product_name_short %}) objects are included in the ZIP files and tarballs that {% data variables.product.product_name %} creates for each release. For more information, see "[Managing {% data variables.large_files.product_name_short %} objects in archives of your repository](/github/administering-a-repository/managing-git-lfs-objects-in-archives-of-your-repository)."
 {% endif %}
 

content/github/administering-a-repository/about-secret-scanning.md

@@ -8,116 +8,57 @@ redirect_from:
   - /articles/about-token-scanning-for-private-repositories
 versions:
   free-pro-team: '*'
+  enterprise-server: '>=3.0'
 ---
 
+{% data reusables.secret-scanning.beta %}
+{% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
+
 If your project communicates with an external service, you might use a token or private key for authentication. Tokens and private keys are examples of secrets that a service provider can issue. If you check a secret into a repository, anyone who has read access to the repository can use the secret to access the external service with your privileges. We recommend that you store secrets in a dedicated, secure location outside of the repository for your project.
 
-If someone checks a secret from a {% data variables.product.company_short %} partner into a public or private repository, {% data variables.product.prodname_secret_scanning %} can detect the secret and help you mitigate the impact of the leak.
+Service providers can partner with {% data variables.product.company_short %} to provide their secret formats for scanning.{% if currentVersion == "free-pro-team@latest" %} For more information, see "[Secret scanning](/developers/overview/secret-scanning)."
+{% endif %}
 
-Service providers can partner with {% data variables.product.company_short %} to provide their secret formats for scanning. For more information, see "[Secret scanning](/partnerships/secret-scanning)."
+{% data reusables.secret-scanning.about-secret-scanning %}
 
+{% if currentVersion == "free-pro-team@latest" %}
 ### About {% data variables.product.prodname_secret_scanning %} for public repositories
 
- {% data variables.product.prodname_secret_scanning_caps %} is automatically enabled on public repositories, where it scans code for secrets, to check for known secret formats. When a match of your secret format is found in a public repository, {% data variables.product.company_short %} doesn't publicly disclose the information as an alert, but instead sends a payload to an HTTP endpoint of your choice. For an overview of how secret scanning works on public repositories, see "[Secret scanning](/developers/overview/secret-scanning)."
+{% data variables.product.prodname_secret_scanning_caps %} is automatically enabled on public repositories. When you push to a public repository, {% data variables.product.product_name %} scans the content of the commits for secrets. If you switch a private repository to public, {% data variables.product.product_name %} scans the entire repository for secrets.
 
-When you push to a public repository, {% data variables.product.product_name %} scans the content of the commits for secrets. If you switch a private repository to public, {% data variables.product.product_name %} scans the entire repository for secrets.
-
-When {% data variables.product.prodname_secret_scanning %} detects a set of credentials, we notify the service provider who issued the secret. The service provider validates the credential and then decides whether they should revoke the secret, issue a new secret, or reach out to you directly, which will depend on the associated risks to you or the service provider.
+When {% data variables.product.prodname_secret_scanning %} detects a set of credentials, we notify the service provider who issued the secret. The service provider validates the credential and then decides whether they should revoke the secret, issue a new secret, or reach out to you directly, which will depend on the associated risks to you or the service provider. For an overview of how we work with token-issuing partners, see "[Secret scanning](/developers/overview/secret-scanning)."
 
 {% data variables.product.product_name %} currently scans public repositories for secrets issued by the following service providers.
 
-- Adafruit
-- Alibaba Cloud
-- Amazon Web Services (AWS)
-- Atlassian
-- Azure
-- Clojars
-- CloudBees CodeShip
-- Databricks
-- Datadog
-- Discord
-- Doppler
-- Dropbox
-- Dynatrace
-- Finicity
-- Frame.io
-- GitHub
-- GoCardless
-- Google Cloud
-- Hashicorp Terraform
-- Hubspot
-- Mailchimp
-- Mailgun
-- MessageBird
-- npm
-- NuGet
-- Palantir
-- Plivo
-- Postman
-- Proctorio
-- Pulumi
-- Samsara
-- Shopify
-- Slack
-- SSLMate
-- Stripe
-- Tencent Cloud
-- Twilio
+{% data reusables.secret-scanning.partner-secret-list-public-repo %}
 
 ### About {% data variables.product.prodname_secret_scanning %} for private repositories
+{% endif %}
 
-{% data reusables.secret-scanning.beta %}
+{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
+### About {% data variables.product.prodname_secret_scanning %} on {% data variables.product.product_name %}
 
-If you're a repository administrator or an organization owner, you can enable {% data variables.product.prodname_secret_scanning %} for private repositories that are owned by organizations. You can enable  {% data variables.product.prodname_secret_scanning %} for all your repositories, or for all new repositories within your organization. {% data variables.product.prodname_secret_scanning_caps %} is not available for user account-owned private repositories. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" and "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)."
+{% data variables.product.prodname_secret_scanning_caps %} is available on all organization-owned repositories as part of {% data variables.product.prodname_GH_advanced_security %}. It is not available on user-owned repositories.
+{% endif %}
 
-When you push commits to a private repository with {% data variables.product.prodname_secret_scanning %} enabled, {% data variables.product.product_name %} scans the contents of the commits for secrets.
+If you're a repository administrator or an organization owner, you can enable {% data variables.product.prodname_secret_scanning %} for {% if currentVersion == "free-pro-team@latest" %} private{% endif %} repositories that are owned by organizations. You can enable  {% data variables.product.prodname_secret_scanning %} for all your repositories, or for all new repositories within your organization.{% if currentVersion == "free-pro-team@latest" %} {% data variables.product.prodname_secret_scanning_caps %} is not available for user-owned private repositories.{% endif %} For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" and "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)."
 
-When {% data variables.product.prodname_secret_scanning %} detects a secret in a private repository, {% data variables.product.prodname_dotcom %} sends alerts.
+When you push commits to a{% if currentVersion == "free-pro-team@latest" %} private{% endif %} repository with {% data variables.product.prodname_secret_scanning %} enabled, {% data variables.product.prodname_dotcom %} scans the contents of the commits for secrets.
+
+When {% data variables.product.prodname_secret_scanning %} detects a secret in a{% if currentVersion == "free-pro-team@latest" %} private{% endif %} repository, {% data variables.product.prodname_dotcom %} sends alerts.
 
 - {% data variables.product.prodname_dotcom %} sends an email alert to the repository administrators and organization owners.
 
 - {% data variables.product.prodname_dotcom %} displays an alert in the repository. For more information, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning)."
 
-Repository administrators and organization owners can grant users and team access to {% data variables.product.prodname_secret_scanning %} alerts. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
+Repository administrators and organization owners can grant users and teams access to {% data variables.product.prodname_secret_scanning %} alerts. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
 
-To monitor results from {% data variables.product.prodname_secret_scanning %} across your private repositories or your organization, you can use the {% data variables.product.prodname_secret_scanning %} API. For more information about API endpoints, see "[{% data variables.product.prodname_secret_scanning_caps %}](/rest/reference/secret-scanning)."
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
+To monitor results from {% data variables.product.prodname_secret_scanning %} across your private repositories or your organization, you can use the {% data variables.product.prodname_secret_scanning %} API. For more information about API endpoints, see "[{% data variables.product.prodname_secret_scanning_caps %}](/rest/reference/secret-scanning)."{% endif %}
 
-{% data variables.product.product_name %} currently scans private repositories for secrets issued by the following service providers.
+{% data variables.product.prodname_dotcom %}  currently scans{% if currentVersion == "free-pro-team@latest" %} private{% endif %} repositories for secrets issued by the following service providers.
 
-- Adafruit
-- Alibaba Cloud
-- Amazon Web Services (AWS)
-- Atlassian
-- Azure
-- Clojars
-- CloudBees CodeShip
-- Databricks
-- Discord
-- Doppler
-- Dropbox
-- Dynatrace
-- Finicity
-- Frame.io
-- GitHub
-- GoCardless
-- Google Cloud
-- Hashicorp Terraform
-- Hubspot
-- Mailchimp
-- Mailgun
-- npm
-- NuGet
-- Palantir
-- Postman
-- Proctorio
-- Pulumi
-- Samsara
-- Shopify
-- Slack
-- SSLMate
-- Stripe
-- Tencent Cloud
-- Twilio
+{% data reusables.secret-scanning.partner-secret-list-private-repo %}
 
 {% note %}
 

content/github/administering-a-repository/about-securing-your-repository.md

@@ -3,6 +3,7 @@ title: About securing your repository
 intro: '{% data variables.product.product_name %} provides a number of ways that you can help keep your repository secure.'
 versions:
   free-pro-team: '*'
+  enterprise-server: '>=3.0'  
 ---
 
 ### Setting up your repository securely
@@ -13,6 +14,7 @@ The first step to securing a repository is to set up who can see and modify your
 
 {% data variables.product.prodname_dotcom %} has a growing set of security features that help you keep your code secure. You can find these on the **Security** tab for your repository. 
 
+{% if currentVersion == "free-pro-team@latest" %}
 - **Security policy**
   
   Make it easy for people to confidentially report security vulnerabilities they've found in your repository. For more information, see "[Adding a security policy to your repository](/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository)."
@@ -25,10 +27,21 @@ The first step to securing a repository is to set up who can see and modify your
 
   View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)"
   and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
+ {% endif %}
 
+{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
+- **{% data variables.product.prodname_dependabot_alerts %}**
+
+  View alerts about dependencies that are known to contain security vulnerabilities, and manage these alerts. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
+  {% endif %}
+
+{% if currentVersion == "free-pro-team@latest" %}
 - **{% data variables.product.prodname_dependabot %} version updates**
 
   Use {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. This helps reduce your exposure to older versions of dependencies. Using newer versions makes it easier to apply patches if security vulnerabilities are discovered, and also makes it easier for {% data variables.product.prodname_dependabot_security_updates %} to successfully raise pull requests to upgrade vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/github/administering-a-repository/about-dependabot-version-updates)."
+  {% endif %}
+
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
 
 - **{% data variables.product.prodname_code_scanning_capc %} alerts** 
 
@@ -37,6 +50,7 @@ The first step to securing a repository is to set up who can see and modify your
 - **Detected secrets**
 
   View any secrets that {% data variables.product.prodname_dotcom %} has found in your code. You should treat tokens or credentials that have been checked into the repository as compromised. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)."
+  {% endif %}
 
 ### Exploring dependencies 
 {% data variables.product.prodname_dotcom %}'s dependency graph allows you to explore:

content/github/administering-a-repository/changing-the-default-branch.md

@@ -23,7 +23,13 @@ You can choose the default branch for a repository. The default branch is the ba
 {% endnote %}
 {% endif %}
 
-{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
+{% if currentVersion == "free-pro-team@latest" %}
+
+You can also rename the default branch. For more information, see "[Renaming a branch](/github/administering-a-repository/renaming-a-branch)."
+
+{% endif %}
+
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
 
 {% data reusables.branches.set-default-branch %}
 

content/github/administering-a-repository/configuring-secret-scanning-for-your-repositories.md

@@ -1,17 +1,27 @@
 ---
 title: Configuring secret scanning for your repositories
-intro: 'You can configure how {% data variables.product.product_name %} scans your private repositories for secrets.'
-permissions: 'People with admin permissions to a private repository can enable {% data variables.product.prodname_secret_scanning %} for the repository.'
+intro: 'You can configure how {% data variables.product.prodname_dotcom %} scans your repositories for secrets.'
+permissions: 'People with admin permissions to a repository can enable {% data variables.product.prodname_secret_scanning %} for the repository.'
 redirect_from:
   - /github/administering-a-repository/configuring-secret-scanning-for-private-repositories
 product: '{% data reusables.gated-features.secret-scanning %}'
 versions:
   free-pro-team: '*'
+  enterprise-server: '>=3.0'  
 ---
 
 {% data reusables.secret-scanning.beta %}
+{% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
 
-### Enabling {% data variables.product.prodname_secret_scanning %} for private repositories
+{% if currentVersion == "free-pro-team@latest" %}
+{% note %}
+
+**Note:** {% data variables.product.prodname_secret_scanning_caps %} is enabled by default on public repositories and cannot be turned off. You can configure {% data variables.product.prodname_secret_scanning %} for your private repositories only.
+
+{% endnote %}
+{% endif %}
+
+### Enabling {% data variables.product.prodname_secret_scanning %} for {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repositories
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
@@ -24,13 +34,12 @@ versions:
    ![Confirm enabling {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/help/repository/enable-ghas-confirmation-dotcom.png)
 6. When you enable {% data variables.product.prodname_GH_advanced_security %} this may automatically enable {% data variables.product.prodname_secret_scanning %} for the repository (this is controlled by the organization configuration). If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled.
    ![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-dotcom.png){% endif %}
-
    {% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
 4. To the right of "{% data variables.product.prodname_secret_scanning_caps %}", click **Enable**.
    ![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-ghe.png)
    {% endif %}
 
-### Excluding alerts from {% data variables.product.prodname_secret_scanning %} in private repositories
+### Excluding alerts from {% data variables.product.prodname_secret_scanning %} in {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repositories
 
 You can use a *secret_scanning.yml* file to exclude directories from {% data variables.product.prodname_secret_scanning %}. For example, you can exclude directories that contain tests or randomly generated content.
 
@@ -57,4 +66,4 @@ You can also ignore individual alerts from {% data variables.product.prodname_se
 
 ### Further reading
 
-- "[Managing {% data variables.product.prodname_secret_scanning %} for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-secret-scanning-for-your-organization)"
+- "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)"

content/github/administering-a-repository/index.md

@@ -33,6 +33,7 @@ versions:
     {% link_in_list /restoring-a-deleted-repository %}
 {% topic_link_in_list /managing-branches-in-your-repository %}
     {% link_in_list /viewing-branches-in-your-repository %}
+    {% link_in_list /renaming-a-branch %}
     {% link_in_list /changing-the-default-branch %}
     {% link_in_list /deleting-and-restoring-branches-in-a-pull-request %}
 {% topic_link_in_list /configuring-pull-request-merges %}

content/github/administering-a-repository/managing-alerts-from-secret-scanning.md

@@ -4,6 +4,7 @@ intro: You can view and close alerts for secrets checked in to your repository.
 product: '{% data reusables.gated-features.secret-scanning %}'
 versions:
   free-pro-team: '*'
+  enterprise-server: '>=3.0'
 ---
 
 {% data reusables.secret-scanning.beta %}
@@ -15,13 +16,23 @@ versions:
 3. In the left sidebar, click **Detected secrets**. 
 !["Detected secrets" tab](/assets/images/help/repository/sidebar-secrets.png)
 4. Under "Secret scanning" click the alert you want to view.
-![List of alerts from secret scanning](/assets/images/help/repository/secret-scanning-click-alert.png)
-5. Optionally, use the "Resolve" drop-down menu and click a reason for resolving an alert.
-![Drop-down menu for resolving an alert from secret scanning](/assets/images/help/repository/secret-scanning-resolve-alert.png)
+   {% if currentVersion == "free-pro-team@latest" %}
+   ![List of alerts from secret scanning](/assets/images/help/repository/secret-scanning-click-alert.png)
+   {% endif %}
+   {% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
+   ![List of alerts from secret scanning](/assets/images/help/repository/secret-scanning-click-alert-ghe.png)
+   {% endif %}
+1. Optionally, use the "Mark as" drop-down menu and click a reason for resolving an alert.
+   {% if currentVersion == "free-pro-team@latest" %}
+   ![Drop-down menu for resolving an alert from secret scanning](/assets/images/help/repository/secret-scanning-resolve-alert.png)
+   {% endif %}
+   {% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
+   ![Drop-down menu for resolving an alert from secret scanning](/assets/images/help/repository/secret-scanning-resolve-alert-ghe.png)
+   {% endif %}
 
 ### Securing compromised secrets
 
 Once a secret has been committed to a repository, you should consider the secret compromised. {% data variables.product.prodname_dotcom %} recommends the following actions for compromised secrets:
 
 - For a compromised {% data variables.product.prodname_dotcom %} personal access token, delete the compromised token, create a new token, and update any services that use the old token. For more information, see "[Creating a personal access token for the command line](/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line)."
-- For all other secrets, first verify that the secret committed to {% data variables.product.prodname_dotcom %} is valid. If so, create a new secret, update any services that use the old secret, and then delete the old secret.
+- For all other secrets, first verify that the secret committed to {% data variables.product.product_name %} is valid. If so, create a new secret, update any services that use the old secret, and then delete the old secret.

content/github/administering-a-repository/managing-git-lfs-objects-in-archives-of-your-repository.md

@@ -5,7 +5,7 @@ intro: 'You can choose whether {% data variables.large_files.product_name_long %
 permissions: 'People with admin permissions for a repository can manage whether {% data variables.large_files.product_name_short %} objects are included in archives of the repository.'
 versions:
   free-pro-team: '*'
-  enterprise-server: '=>2.23'
+  enterprise-server: '>3.0'
   github-ae: '*'
 ---
 
@@ -13,7 +13,7 @@ versions:
 
 {% data variables.product.product_name %} creates source code archives of your repository in the form of ZIP files and tarballs. People can download these archives on the main page of your repository or as release assets. By default, {% data variables.large_files.product_name_short %} objects are not included in these archives, only the pointer files to these objects. To improve the usability of archives for your repository, you can choose to include the {% data variables.large_files.product_name_short %} objects instead.
 
-{% if currentVersion != "github-ae@latest" %}
+{% if currentVersion == "free-pro-team@latest" %}
 If you choose to include {% data variables.large_files.product_name_short %} objects in archives of your repository, every download of those archives will count towards bandwidth usage for your account. Each account receives {% data variables.large_files.initial_bandwidth_quota %} per month of bandwidth for free, and you can pay for additional usage. For more information, see "[About storage and bandwidth usage](/github/managing-large-files/about-storage-and-bandwidth-usage)" and "[Managing billing for {% data variables.large_files.product_name_long %}](/github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-git-large-file-storage)."
 {% endif %}
 

content/github/administering-a-repository/managing-releases-in-a-repository.md

@@ -15,7 +15,7 @@ versions:
   github-ae: '*'
 ---
 
-{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion ver_gt "github-ae@latest" %}
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion ver_gt "github-ae@latest" %}
 
 ### About release management
 

content/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository.md

@@ -9,6 +9,7 @@ redirect_from:
   - /github/managing-security-vulnerabilities/managing-alerts-for-vulnerable-dependencies-in-your-organization
 versions:
   free-pro-team: '*'
+  enterprise-server: '>=3.0'
 ---
 
 {% if currentVersion == "free-pro-team@latest" %}
@@ -53,7 +54,12 @@ Organization owners and repository administrators can only grant access to view
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-security-and-analysis %}
 4. Under "Access to alerts", in the search field, start typing the name of the person or team you'd like to find, then click a name in the list of matches.
-  ![Search field for granting people or teams access to security alerts](/assets/images/help/repository/security-and-analysis-security-alerts-person-or-team-search.png)
+   {% if currentVersion == "free-pro-team@latest" %}
+   ![Search field for granting people or teams access to security alerts](/assets/images/help/repository/security-and-analysis-security-alerts-person-or-team-search.png)
+   {% endif %}
+   {% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
+   ![Search field for granting people or teams access to security alerts](/assets/images/help/repository/security-and-analysis-security-alerts-person-or-team-search-ghe.png)
+   {% endif %}
 5. Click **Save changes**.
   !["Save changes" button for changes to security alert settings](/assets/images/help/repository/security-and-analysis-security-alerts-save-changes.png)
 
@@ -63,7 +69,12 @@ Organization owners and repository administrators can only grant access to view
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-security-and-analysis %}
 4. Under "Access to alerts", to the right of the person or team whose access you'd like to remove, click {% octicon "x" aria-label="X symbol" %}.
-  !["x" button to remove someone's access to security alerts for your repository](/assets/images/help/repository/security-and-analysis-security-alerts-username-x.png)
+   {% if currentVersion == "free-pro-team@latest" %}  
+   !["x" button to remove someone's access to security alerts for your repository](/assets/images/help/repository/security-and-analysis-security-alerts-username-x.png)
+   {% endif %}
+   {% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
+   !["x" button to remove someone's access to security alerts for your repository](/assets/images/help/repository/security-and-analysis-security-alerts-username-x-ghe.png)
+   {% endif %}
 
 ### Further reading
 

content/github/administering-a-repository/renaming-a-branch.md

@@ -0,0 +1,24 @@
+---
+title: Renaming a branch
+intro: You can change the name of a branch in a repository.
+permissions: People with write permissions to a repository can rename a branch in the repository. People with admin permissions can rename the default branch.
+versions:
+  free-pro-team: '*'
+---
+
+### About renaming branches
+
+You can rename a branch in a repository on {% data variables.product.product_location %}. For more information about branches, see "[About branches](/github/collaborating-with-issues-and-pull-requests/about-branches)."
+
+If you rename a branch, {% data variables.product.prodname_dotcom %} will automatically redirect links on {% if currentVersion == "free-pro-team@latest" %}{% data variables.product.prodname_dotcom_the_website %}{% else %}{% data variables.product.product_location_enterprise %}{% endif %} that contain the old branch name to the equivalent link on the renamed branch. {% data variables.product.prodname_dotcom %} will also update branch protection policies, as well as the base branch for open pull requests and draft releases.
+
+### Renaming a branch
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.navigate-to-branches %}
+1. In the list of branches, to the right of the branch you want to rename, click {% octicon "pencil" aria-label="The edit icon" %}.
+    ![Pencil icon to the right of branch you want to rename](/assets/images/help/branch/branch-rename-edit.png)
+1. Type a new name for the branch.
+    ![Text field for typing new branch name](/assets/images/help/branch/branch-rename-type.png)
+1. Review the information about local environments, then click **Rename branch**.
+    ![Local environment information and "Rename branch" button](/assets/images/help/branch/branch-rename-rename.png)

content/github/authenticating-to-github/reviewing-your-security-log.md

@@ -246,7 +246,8 @@ An overview of some of the most common actions that are recorded as events in th
 | `change_password` | Triggered when you change your password.
 | `forgot_password` | Triggered when you ask for [a password reset](/articles/how-can-i-reset-my-password).{% endif %}
 | `hide_private_contributions_count` | Triggered when you [hide private contributions on your profile](/articles/publicizing-or-hiding-your-private-contributions-on-your-profile).
-| `login` | Triggered when you log in to {% data variables.product.product_location %}.
+| `login` | Triggered when you log in to {% data variables.product.product_location %}.{% if currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
+`mandatory_message_viewed`   | Triggered when you view a mandatory message (see "[Customizing user messages](/admin/user-management/customizing-user-messages-for-your-enterprise)" for details) | {% endif %}
 | `failed_login` | Triggered when you failed to log in successfully.
 | `remove_email` | Triggered when you remove an email address.
 | `rename` | Triggered when you rename your account.{% if currentVersion == "free-pro-team@latest" %}

content/github/authenticating-to-github/working-with-ssh-key-passphrases.md

@@ -18,12 +18,11 @@ With SSH keys, if someone gains access to your computer, they also gain access t
 You can change the passphrase for an existing private key without regenerating the keypair by typing the following command:
 
 ```shell
-$ ssh-keygen -p
-# Start the SSH key creation process
-> Enter file in which the key is (/Users/<em>you</em>/.ssh/id_rsa): <em>[Hit enter]</em>
-> Key has comment '/Users/<em>you</em>/.ssh/id_rsa'
+$ ssh-keygen -p -f ~/.ssh/id_ed25519
+> Enter old passphrase: <em>[Type old passphrase]</em>
+> Key has comment '<em>your_email@example.com</em>'
 > Enter new passphrase (empty for no passphrase): <em>[Type new passphrase]</em>
-> Enter same passphrase again: <em>[One more time for luck]</em>
+> Enter same passphrase again: <em>[Repeat the new passphrase]</em>
 > Your identification has been saved with the new passphrase.
 ```
 

content/github/committing-changes-to-your-project/creating-a-commit-on-behalf-of-an-organization.md

@@ -26,7 +26,17 @@ Organization's can use the `name@organization.com` email as a public point of co
 
 ### Creating commits with an `on-behalf-of` badge on the command line
 
-{% data reusables.pull_requests.commit-message-with-trailer-beginning %}
+1. Type your commit message and a short, meaningful description of your changes. After your commit description, instead of a closing quotation, add two empty lines.
+  ```shell
+  $ git commit -m "Refactor usability tests.
+  >
+  >
+  ```
+  {% tip %}
+
+  **Tip:** If you're using a text editor on the command line to type your commit message, ensure there are two newlines between the end of your commit description and the `on-behalf-of:` commit trailer.
+
+  {% endtip %}
 
 2. On the next line of the commit message, type `on-behalf-of: @org <name@organization.com>`, then a closing quotation mark.
 

content/github/committing-changes-to-your-project/creating-a-commit-with-multiple-authors.md

@@ -39,7 +39,17 @@ You can use {% data variables.product.prodname_desktop %} to create a commit wit
 
 {% data reusables.pull_requests.collect-co-author-commit-git-config-info %}
 
-{% data reusables.pull_requests.commit-message-with-trailer-beginning %}
+1. Type your commit message and a short, meaningful description of your changes. After your commit description, instead of a closing quotation, add two empty lines.
+  ```shell
+  $ git commit -m "Refactor usability tests.
+  >
+  >
+  ```
+  {% tip %}
+
+  **Tip:** If you're using a text editor on the command line to type your commit message, ensure there are two newlines between the end of your commit description and the `Co-authored-by:` commit trailer.
+
+  {% endtip %}
 
 3. On the next line of the commit message, type `Co-authored-by: name <name@example.com>` with specific information for each co-author. After the co-author information, add a closing quotation mark.
 

content/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning.md

@@ -20,8 +20,8 @@ You can use {% data variables.product.prodname_code_scanning %} to find, triage,
 
 If {% data variables.product.prodname_code_scanning %} finds a potential vulnerability or error in your code, {% data variables.product.prodname_dotcom %} displays an alert in the repository. After you fix the code that triggered the alert, {% data variables.product.prodname_dotcom %} closes the alert. For more information, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository)."
 
-To monitor results from {% data variables.product.prodname_code_scanning %} across your repositories or your organization, you can use the {% data variables.product.prodname_code_scanning %} API.
-For more information about API endpoints, see  "[{% data variables.product.prodname_code_scanning_capc %}](/rest/reference/code-scanning)."
+To monitor results from {% data variables.product.prodname_code_scanning %} across your repositories or your organization, you can use webhooks and the {% data variables.product.prodname_code_scanning %} API. For information about the webhooks for {% data variables.product.prodname_code_scanning %}, see 
+"[Webhook events and payloads](/developers/webhooks-and-events/webhook-events-and-payloads#code_scanning_alert)." For information about API endpoints, see  "[{% data variables.product.prodname_code_scanning_capc %}](/rest/reference/code-scanning)." 
 
 To get started with {% data variables.product.prodname_code_scanning %}, see "[Enabling {% data variables.product.prodname_code_scanning %} for a repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository)."
 
@@ -55,7 +55,7 @@ You can view and contribute to the queries for {% data variables.product.prodnam
 
 ### Further reading
 
-{% if currentVersion == "free-pro-team@latest" %}
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
 - "[About securing your repository](/github/administering-a-repository/about-securing-your-repository)"{% endif %}
 - [{% data variables.product.prodname_security %}](https://securitylab.github.com/)
 - [OASIS Static Analysis Results Interchange Format (SARIF) TC](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=sarif) on the OASIS Committee website

content/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning.md

@@ -238,7 +238,9 @@ In the workflow file, use the `config-file` parameter of the `init` action to sp
     config-file: ./.github/codeql/codeql-config.yml
 ```
 
-The configuration file can be located within the local repository, or in a public, remote repository. For remote repositories, you can use the _owner/repository/file.yml@branch_ syntax. The settings in the file are written in YAML format.
+The configuration file can be located within the local repository, or in a remote, public repository. Using a remote, public repository allows you to specify configuration options for multiple repositories in a single place. When you reference a configuration file located in a remote repository, you can use the _OWNER/REPOSITORY/FILENAME@BRANCH_ syntax. For example, _monacorp/shared/codeql-config.yml@main_. 
+
+The settings in the file are written in YAML format.
 
 #### Specifying additional queries
 

content/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository.md

@@ -44,13 +44,16 @@ You decide how you generate {% data variables.product.prodname_code_scanning %}
 
 In the default {% data variables.product.prodname_codeql_workflow %}, {% data variables.product.prodname_code_scanning %} is configured to analyze your code each time you either push a change to the default branch or any protected branches, or raise a pull request against the default branch. As a result, {% data variables.product.prodname_code_scanning %} will now commence.
 
+### Bulk enabling {% data variables.product.prodname_code_scanning %} 
+You can enable {% data variables.product.prodname_code_scanning %} in many repositories in bulk using a script. For an example of a script that raises pull requests to add a {% data variables.product.prodname_actions %} workflow to multiple repositories, see the [`jhutchings1/Create-ActionsPRs`](https://github.com/jhutchings1/Create-ActionsPRs) repository.
+
 ### Viewing the logging output from {% data variables.product.prodname_code_scanning %}
 
 After enabling {% data variables.product.prodname_code_scanning %} for your repository, you can watch the output of the actions as they run.
 
 {% data reusables.repositories.actions-tab %}
 
-  You'll see a list that includes an entry for running the {% data variables.product.prodname_code_scanning %} workflow.
+  You'll see a list that includes an entry for running the {% data variables.product.prodname_code_scanning %} workflow. The text of the entry is the title you gave your commit message.
 
   ![Actions list showing {% data variables.product.prodname_code_scanning %} workflow](/assets/images/help/repository/code-scanning-actions-list.png)
 

content/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system.md

@@ -27,7 +27,16 @@ You can use the {% data variables.product.prodname_codeql_runner %} to run {% da
 
 The {% data variables.product.prodname_codeql_runner %} is a command-line tool that runs {% data variables.product.prodname_codeql %} analysis on a checkout of a {% data variables.product.prodname_dotcom %} repository. You add the runner to your third-party system, then call the runner to analyze code and upload the results to {% data variables.product.product_location %}. These results are displayed as {% data variables.product.prodname_code_scanning %} alerts in the repository.
 
-{% data reusables.code-scanning.codeql-runner-license %}
+{% note %}
+
+**Notes:** 
+{% if currentVersion == "free-pro-team@latest" %}
+* The {% data variables.product.prodname_codeql_runner %} uses the {% data variables.product.prodname_codeql %} CLI to analyze code and therefore has the same license conditions. It's free to use on public repositories that are maintained on {% data variables.product.prodname_dotcom_the_website %}, and available to use on private repositories that are owned by customers with an {% data variables.product.prodname_advanced_security %} license. For information, see "[{% data variables.product.product_name %} {% data variables.product.prodname_codeql %} Terms and Conditions](https://securitylab.github.com/tools/codeql/license)" and "[{% data variables.product.prodname_codeql %} CLI](https://codeql.github.com/docs/codeql-cli/)."
+{% else %}
+* The {% data variables.product.prodname_codeql_runner %} is available to customers with an {% data variables.product.prodname_advanced_security %} license.
+{% endif %}
+* The {% data variables.product.prodname_codeql_runner %} shouldn't be confused with the {% data variables.product.prodname_codeql %} CLI. The {% data variables.product.prodname_codeql %} CLI is an interactive command-line interface that lets you create {% data variables.product.prodname_codeql %} databases for security research and run {% data variables.product.prodname_codeql %} queries. For more information, see "[{% data variables.product.prodname_codeql %} CLI](https://codeql.github.com/docs/codeql-cli/)."
+{% endnote %}
 
 ### Downloading the {% data variables.product.prodname_codeql_runner %}
 
@@ -50,7 +59,7 @@ On Windows, the `codeql-runner-win.exe` file usually requires no change to permi
 
 ### Adding the {% data variables.product.prodname_codeql_runner %} to your CI system
 
-Once you have downloaded the {% data variables.product.prodname_codeql_runner %} and verified that it can be executed, you should make the runner available to each CI server that you intend to use for {% data variables.product.prodname_code_scanning %}. It is important to notice that each CI server that you intend to use for {% data variables.product.prodname_code_scanning %} needs to have the {% data variables.product.prodname_codeql_runner %}. You might configure each server to copy the runner from a central, internal location, or you could use the REST API to get the runner direct from GitHub, for example: 
+Once you download the {% data variables.product.prodname_codeql_runner %} and verify that it can be executed, you should make the runner available to each CI server that you intend to use for {% data variables.product.prodname_code_scanning %}. For example, you might configure each server to copy the runner from a central, internal location. Alternatively, you could use the REST API to get the runner directly from GitHub, for example: 
 
 ```shell
 wget https://github.com/github/codeql-action/releases/latest/download/codeql-runner-linux
@@ -59,8 +68,8 @@ chmod +x codeql-runner-linux
 
 In addition to this, each CI server also needs:
 
-- A {% data variables.product.prodname_github_apps %} or personal access token for the {% data variables.product.prodname_codeql_runner %} to use. For private repositories  the token must have the `repo` scope. For public the token needs only the `public_repo` and `repo:security_events` scopes. For information, see "[Building {% data variables.product.prodname_github_apps %}](/developers/apps/building-github-apps)" and "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)."
-- Access to the {% data variables.product.prodname_codeql %} bundle associated with this release of the {% data variables.product.prodname_codeql_runner %}. This package contains the {% data variables.product.prodname_codeql %} CLI, queries, and libraries needed for {% data variables.product.prodname_codeql %} analysis. For information, see "[{% data variables.product.prodname_codeql %} CLI](https://help.semmle.com/codeql/codeql-cli.html)."
+- A {% data variables.product.prodname_github_app %} or personal access token for the {% data variables.product.prodname_codeql_runner %} to use. You must use an access token with the `security_events` scope, or a {% data variables.product.prodname_github_app %} with the `security_events` write permission. For information, see "[Building {% data variables.product.prodname_github_apps %}](/developers/apps/building-github-apps)" and "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)."
+- Access to the {% data variables.product.prodname_codeql %} bundle associated with this release of the {% data variables.product.prodname_codeql_runner %}. This package contains queries and libraries needed for {% data variables.product.prodname_codeql %} analysis, plus the {% data variables.product.prodname_codeql %} CLI, which is used internally by the runner. For information, see "[{% data variables.product.prodname_codeql %} CLI](https://codeql.github.com/docs/codeql-cli/)."
 
 The options for providing access to the {% data variables.product.prodname_codeql %} bundle are:
 

content/github/getting-started-with-github/about-github-advanced-security.md

@@ -43,4 +43,4 @@ For public repositories on {% data variables.product.prodname_dotcom_the_website
 For all other repositories, once you have a license, you can enable and disable these features at the organization or repository level. {% if currentVersion == "free-pro-team@latest" %}For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)" and "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."
 
 For information about purchasing a license for {% data variables.product.prodname_GH_advanced_security %}, contact {% data variables.contact.contact_enterprise_sales %}.
-{% endif %}
+{% endif %}

content/github/getting-started-with-github/github-for-mobile.md

@@ -1,15 +1,18 @@
 ---
 title: GitHub for mobile
-intro: 'Triage, collaborate, and manage your work on {% data variables.product.company_short %} from your mobile device.'
+intro: 'Triage, collaborate, and manage your work on {% data variables.product.product_name %} from your mobile device.'
 versions:
   free-pro-team: '*'
+  enterprise-server: '>=3.0'
 ---
 
+{% data reusables.mobile.ghes-release-phase %}
+
 ### About {% data variables.product.prodname_mobile %}
 
-{% data variables.product.prodname_mobile %} is currently available for {% data variables.product.prodname_dotcom_the_website %} users as an Android and iOS app.
+{% data reusables.mobile.about-mobile %}
 
-{% data variables.product.prodname_mobile %} gives you a way to do high-impact work on {% data variables.product.prodname_dotcom %} quickly and from anywhere. {% data variables.product.prodname_mobile %} is a safe and secure way to access your {% data variables.product.prodname_dotcom %} data through a trusted, first-party client application.
+{% data variables.product.prodname_mobile %} gives you a way to do high-impact work on {% data variables.product.product_name %} quickly and from anywhere. {% data variables.product.prodname_mobile %} is a safe and secure way to access your {% data variables.product.product_name %} data through a trusted, first-party client application.
 
 With {% data variables.product.prodname_mobile %} you can:
 - Manage, triage, and clear notifications
@@ -23,6 +26,30 @@ For more information about notifications for {% data variables.product.prodname_
 
 To install {% data variables.product.prodname_mobile %} for Android or iOS, see [{% data variables.product.prodname_mobile %}](https://github.com/mobile).
 
+### Managing accounts
+
+You can be simultaneously signed into mobile with one user account on {% data variables.product.prodname_dotcom_the_website %} and one user account on {% data variables.product.prodname_ghe_server %}.
+
+{% data reusables.mobile.push-notifications-on-ghes %}
+
+{% data variables.product.prodname_mobile %} may not work with your enterprise if you're required to access your enterprise over VPN.
+
+#### Prerequisites
+
+You must install {% data variables.product.prodname_mobile %} 1.4 or later on your device to use {% data variables.product.prodname_mobile %} with {% data variables.product.prodname_ghe_server %}.
+
+To use {% data variables.product.prodname_mobile %} with {% data variables.product.prodname_ghe_server %}, {% data variables.product.product_location %} must be version 3.0 or greater, and your enterprise owner must enable mobile support for your enterprise. For more information, see "[Release notes](/enterprise-server/admin/release-notes)" and "[Managing {% data variables.product.prodname_mobile %} for your enterprise](/admin/configuration/managing-github-for-mobile-for-your-enterprise)."
+
+During the beta for {% data variables.product.prodname_mobile %} with {% data variables.product.prodname_ghe_server %}, you must be signed in with a user account on {% data variables.product.prodname_dotcom_the_website %}. 
+
+#### Adding, switching, or signing out of accounts
+
+You can sign into mobile with a user account on {% data variables.product.product_location %}. At the bottom of the app, long-press {% octicon "person" aria-label="The person icon" %} **Profile**, then tap {% octicon "plus" aria-label="The plus icon" %} **Add Enterprise Account**. Follow the prompts to sign in.
+
+After you sign into mobile with a user account on {% data variables.product.product_location %}, you can switch between the account and your account on  {% data variables.product.prodname_dotcom_the_website %}.  At the bottom of the app, long-press {% octicon "person" aria-label="The person icon" %} **Profile**, then tap the account you want to switch to.
+
+If you no longer need to access data for your user account on {% data variables.product.product_location %} from {% data variables.product.prodname_mobile %}, you can sign out of the account. At the bottom of the app, long-press {% octicon "person" aria-label="The person icon" %} **Profile**, swipe left on the account to sign out of, then tap **Sign out**.
+
 ### Supported languages for {% data variables.product.prodname_mobile %}
 
 {% data variables.product.prodname_mobile %} is available in the following languages.
@@ -30,6 +57,7 @@ To install {% data variables.product.prodname_mobile %} for Android or iOS, see
 - English
 - Japanese
 - Brazilian Portuguese
+- Simplified Chinese
 - Spanish
 
 If you configure the language on your device to a supported language, {% data variables.product.prodname_mobile %} will default to the language. You can change the language for {% data variables.product.prodname_mobile %} in {% data variables.product.prodname_mobile %}'s **Settings** menu.
@@ -38,9 +66,9 @@ If you configure the language on your device to a supported language, {% data va
 
 {% data variables.product.prodname_mobile %} automatically enables Universal Links for iOS. When you tap any {% data variables.product.product_name %} link, the destination URL will open in {% data variables.product.prodname_mobile %} instead of Safari. For more information, see [Universal Links](https://developer.apple.com/ios/universal-links/) on the Apple Developer site.
 
-To disable Universal Links, long-press any {% data variables.product.prodname_dotcom %} link, then tap **Open**. Every time you tap a {% data variables.product.prodname_dotcom %} link in the future, the destination URL will open in Safari instead of {% data variables.product.prodname_mobile %}.
+To disable Universal Links, long-press any {% data variables.product.product_name %} link, then tap **Open**. Every time you tap a {% data variables.product.product_name %} link in the future, the destination URL will open in Safari instead of {% data variables.product.prodname_mobile %}.
 
-To re-enable Universal Links, long-press any {% data variables.product.prodname_dotcom %} link, then tap **Open in {% data variables.product.prodname_dotcom %}**.
+To re-enable Universal Links, long-press any {% data variables.product.product_name %} link, then tap **Open in {% data variables.product.prodname_dotcom %}**.
 
 ### Sharing feedback
 

content/github/getting-started-with-github/githubs-products.md

@@ -1,5 +1,6 @@
 ---
 title: GitHub's products
+intro: 'An overview of {% data variables.product.prodname_dotcom %}''s products and pricing plans.'
 redirect_from:
   - /articles/github-s-products
   - /articles/githubs-products
@@ -97,7 +98,7 @@ For more information about hosting your own instance of [{% data variables.produ
 
 - {% data variables.contact.github_support %} {% data variables.product.premium_plus_support_plan %}
 - {% data variables.product.prodname_insights %}
-- {% data variables.product.prodname_GH_advanced_security %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/github/getting-started-with-github/about-github-advanced-security)."{% endif %}{% if enterpriseServerVersions contains currentVersion and currentVersion == "enterprise-server@2.22" %}. For more information, see "[About {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning)" (beta).{% endif %}
+- {% data variables.product.prodname_GH_advanced_security %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/github/getting-started-with-github/about-github-advanced-security)."{% endif %}{% if enterpriseServerVersions contains currentVersion and currentVersion == "enterprise-server@2.22" %}. For more information, see "[About {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning)."{% endif %}
 - [{% data variables.product.prodname_learning %} for organizations](https://lab.github.com/organizations)
 
-For more information about signing up for {% data variables.product.prodname_ghe_one %}, contact [{% data variables.product.product_name %}'s Sales team](https://enterprise.github.com/contact).
+For more information about signing up for {% data variables.product.prodname_ghe_one %}, contact {% data variables.contact.contact_enterprise_sales %}.

content/github/managing-large-files/about-storage-and-bandwidth-usage.md

@@ -19,7 +19,7 @@ For example:
 - If you push a 500 MB file to {% data variables.large_files.product_name_short %}, you'll use 500 MB of your allotted storage and none of your bandwidth. If you make a 1 byte change and push the file again, you'll use another 500 MB of storage and no bandwidth, bringing your total usage for these two pushes to 1 GB of storage and zero bandwidth.
 - If you download a 500 MB file that's tracked with LFS, you'll use 500 MB of the repository owner's allotted bandwidth. If a collaborator pushes a change to the file and you pull the new version to your local repository, you'll use another 500 MB of bandwidth, bringing the total usage for these two downloads to 1 GB of bandwidth.
 
-{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
 If {% data variables.large_files.product_name_long %} ({% data variables.large_files.product_name_short %}) objects are included in source code archives for your repository, downloads of those archives will count towards bandwidth usage for the repository. For more information, see "[Managing {% data variables.large_files.product_name_short %} objects in archives of your repository](/github/administering-a-repository/managing-git-lfs-objects-in-archives-of-your-repository)."
 {% endif %}
 

content/github/managing-large-files/configuring-git-large-file-storage.md

@@ -59,5 +59,5 @@ If there are existing files in your repository that you'd like to use {% data va
 
 ### Further reading
 
-- "[Collaboration with {% data variables.large_files.product_name_long %}](/articles/collaboration-with-git-large-file-storage/)"{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
+- "[Collaboration with {% data variables.large_files.product_name_long %}](/articles/collaboration-with-git-large-file-storage/)"{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@latest" %}
 - "[Managing {% data variables.large_files.product_name_short %} objects in archives of your repository](/github/administering-a-repository/managing-git-lfs-objects-in-archives-of-your-repository)"{% endif %}

content/github/managing-security-vulnerabilities/about-dependabot-security-updates.md

@@ -33,3 +33,7 @@ When you merge a pull request that contains a security update, the corresponding
 ### About compatibility scores
 
 {% data variables.product.prodname_dependabot_security_updates %} may include compatibility scores to let you know whether updating a vulnerability could cause breaking changes to your project. These are calculated from CI tests in other public repositories where the same security update has been generated. An update's compatibility score is the percentage of CI runs that passed when updating between specific versions of the dependency.
+
+### About notifications for {% data variables.product.prodname_dependabot %} security updates
+
+You can filter your notifications on {% data variables.product.company_short %} to show {% data variables.product.prodname_dependabot %} security updates. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)."

content/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies.md

@@ -40,7 +40,7 @@ You can configure notification settings for yourself or your organization from t
 
 {% note %}
 
-**Note:** You can filter your {% data variables.product.company_short %} inbox notifications to show {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %}{% else %} security{% endif %} alerts. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#supported-queries-for-custom-filters)."
+**Note:** You can filter your notifications on {% data variables.product.company_short %} to show {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %}{% else %} security{% endif %} alerts. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)."
 
 {% endnote %}
 

content/github/managing-subscriptions-and-notifications-on-github/about-notifications.md

@@ -11,6 +11,10 @@ versions:
   github-ae: '*'
 ---
 
+{% if enterpriseServerVersions contains currentVersion %}
+{% data reusables.mobile.ghes-release-phase %}
+{% endif %}
+
 ### Notifications and subscriptions
 
 You can choose to receive ongoing updates about specific activity on {% data variables.product.product_name %} through a subscription. Notifications are updates that you receive for specific activity that you are subscribed to.
@@ -50,7 +54,7 @@ To unsubscribe from conversations you're automatically subscribed to, you can ch
 
 ### Customizing notifications and subscriptions
 
-You can choose to view your notifications through the notifications inbox at [https://github.com/notifications](https://github.com/notifications){% if currentVersion == "free-pro-team@latest" %} and in the {% data variables.product.prodname_mobile %} app{% endif %}, through your email, or some combination of these options.
+You can choose to view your notifications through the notifications inbox at [https://github.com/notifications](https://github.com/notifications){% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %} and in the {% data variables.product.prodname_mobile %} app{% endif %}, through your email, or some combination of these options.
 
 To customize the types of updates you'd like to receive and where to send those updates, configure your notification settings. For more information, see “[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications).”
 
@@ -58,7 +62,7 @@ To keep your subscriptions manageable, review your subscriptions and watched rep
 
 To customize how you'd like to receive updates for specific pull requests or issues, you can configure your preferences within the issue or pull request. For more information, see “[Triaging a single notification](/github/managing-subscriptions-and-notifications-on-github/triaging-a-single-notification#customizing-when-to-receive-future-updates-for-an-issue-or-pull-request).”
 
-{% if currentVersion == "free-pro-team@latest" %}
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22"%}
 You can enable push notifications in the {% data variables.product.prodname_mobile %} app. For more information, see "[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#enabling-push-notifications-with-github-for-mobile)."
 {% endif %}
 
@@ -88,7 +92,7 @@ From your inbox you can also triage multiple notifications at once. For more inf
 
 ### Customizing your notifications inbox
 
-To focus on a group of notifications in your inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" %} or {% data variables.product.prodname_mobile %}{% endif %}, you can create custom filters. For example, you can create a custom filter for an open source project you contribute to and only see notifications for that repository in which you are mentioned. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox)." For more examples of how to customize your triaging workflow, see "[Customizing a workflow for triaging your notifications](/github/managing-subscriptions-and-notifications-on-github/customizing-a-workflow-for-triaging-your-notifications)."
+To focus on a group of notifications in your inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %} or {% data variables.product.prodname_mobile %}{% endif %}, you can create custom filters. For example, you can create a custom filter for an open source project you contribute to and only see notifications for that repository in which you are mentioned. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox)." For more examples of how to customize your triaging workflow, see "[Customizing a workflow for triaging your notifications](/github/managing-subscriptions-and-notifications-on-github/customizing-a-workflow-for-triaging-your-notifications)."
 
 ### Notification retention policy
 

content/github/managing-subscriptions-and-notifications-on-github/configuring-notifications.md

@@ -19,15 +19,19 @@ versions:
   github-ae: '*'
 ---
 
+{% if enterpriseServerVersions contains currentVersion %}
+{% data reusables.mobile.ghes-release-phase %}
+{% endif %}
+
 ### Notification delivery options
 
 You can receive notifications for activity on {% data variables.product.product_name %} in the following locations.
 
-  - The notifications inbox in the {% data variables.product.product_name %} web interface{% if currentVersion == "free-pro-team@latest" %}
+  - The notifications inbox in the {% data variables.product.product_name %} web interface{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %}
   - The notifications inbox on {% data variables.product.prodname_mobile %}, which syncs with the inbox on {% data variables.product.product_name %}{% endif %}
-  - An email client that uses a verified email address, which can also sync with the notifications inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" %} and {% data variables.product.prodname_mobile %}{% endif %}
+  - An email client that uses a verified email address, which can also sync with the notifications inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %} and {% data variables.product.prodname_mobile %}{% endif %}
 
-{% if currentVersion == "free-pro-team@latest" %}
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %}
 {% data reusables.notifications-v2.notifications-inbox-required-setting %} For more information, see "[Choosing your notification settings](#choosing-your-notification-settings)."
 {% endif %}
 
@@ -35,7 +39,7 @@ You can receive notifications for activity on {% data variables.product.product_
 
 #### Benefits of the notifications inbox
 
-The notifications inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" %} and {% data variables.product.prodname_mobile %}{% endif %} includes triaging options designed specifically for your {% data variables.product.product_name %} notifications flow, including options to:
+The notifications inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %} and {% data variables.product.prodname_mobile %}{% endif %} includes triaging options designed specifically for your {% data variables.product.product_name %} notifications flow, including options to:
   - Triage multiple notifications at once.
   - Mark completed notifications as **Done** and remove them from your inbox. To view all of your notifications marked as **Done**, use the `is:done` query.
   - Save a notification to review later. Saved notifications are flagged in your inbox and kept indefinitely. To view all of your saved notifications, use the `is:saved` query.
@@ -45,7 +49,7 @@ The notifications inbox on {% data variables.product.product_name %}{% if curren
   - Create custom filters to focus on different notifications when you want.
   - Group notifications in your inbox by repository or date to get a quick overview with less context switching
 
-{% if currentVersion == "free-pro-team@latest" %}
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %}
 In addition, the notifications inbox on {% data variables.product.prodname_mobile %} allows you to triage notifications in dark mode and receive push notifications for direct mentions. For more information, see "[Enabling push notifications with GitHub for mobile](#enabling-push-notifications-with-github-for-mobile)" or "[GitHub for mobile](/github/getting-started-with-github/github-for-mobile)."
 {% endif %}
 
@@ -75,7 +79,7 @@ You can customize notifications for a repository, for example, you can choose to
 #### Participating in conversations
 Anytime you comment in a conversation or when someone @mentions your username, you are _participating_ in a conversation. By default, you are automatically subscribed to a conversation when you participate in it. You can unsubscribe from a conversation you've participated in manually by clicking **Unsubscribe** on the issue or pull request or through the **Unsubscribe** option in the notifications inbox.
 
-For conversations you're watching or participating in, you can choose whether you want to receive notifications by email or through the notifications inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" %} and {% data variables.product.prodname_mobile %}{% endif %}.
+For conversations you're watching or participating in, you can choose whether you want to receive notifications by email or through the notifications inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %} and {% data variables.product.prodname_mobile %}{% endif %}.
 
 ![Participating and watching notifications options](/assets/images/help/notifications-v2/participating-and-watching-options.png)
 
@@ -83,7 +87,7 @@ For example:
   - If you don't want notifications to be sent to your email, unselect **email** for participating and watching notifications.
   - If you want to receive notifications by email when you've participated in a conversation, then you can select **email** under "Participating".
 
-If you do not enable watching or participating notifications for web{% if currentVersion == "free-pro-team@latest" %} and mobile{% endif %}, then your notifications inbox will not have any updates.
+If you do not enable watching or participating notifications for web{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %} and mobile{% endif %}, then your notifications inbox will not have any updates.
 
 ### Customizing your email notifications
 
@@ -195,13 +199,15 @@ Choose how you want to receive workflow run updates for repositories that you ar
 
 {% endif %}
 
-{% if currentVersion == "free-pro-team@latest" %}
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %}
 ### Enabling push notifications with {% data variables.product.prodname_mobile %}
 
 When you install {% data variables.product.prodname_mobile %}, you will automatically be opted into web notifications. You can then enable push notifications for direct mentions within the app.
 
 You can only receive notifications for pushes to repositories on {% data variables.product.prodname_mobile %} at this time.
 
+{% data reusables.mobile.push-notifications-on-ghes %}
+
 #### Enabling push notifications with {% data variables.product.prodname_ios %}
 
 1. Above "Home", tap your profile photo.
@@ -210,6 +216,7 @@ You can only receive notifications for pushes to repositories on {% data variabl
 3. To update your notification settings, tap **Push notifications**.
 4. To turn on push notifications for direct mentions, use the **Direct Mentions** toggle.
 
+{% if currentVersion == "free-pro-team@latest" %}
 #### Enabling push notifications with {% data variables.product.prodname_android %}
 
 1. Above "Home", tap your profile photo.
@@ -217,3 +224,4 @@ You can only receive notifications for pushes to repositories on {% data variabl
   ![Settings icon for GitHub for Android](/assets/images/help/mobile/android-settings-icon.png)
 3. To turn on push notifications for direct mentions, use the **Direct mentions** toggle.
 {% endif %}
+{% endif %}

content/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox.md

@@ -1,6 +1,6 @@
 ---
 title: Managing notifications from your inbox
-intro: 'Use your inbox to quickly triage and sync your notifications across email{% if currentVersion == "free-pro-team@latest" %} and mobile{% endif %}.'
+intro: 'Use your inbox to quickly triage and sync your notifications across email{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %} and mobile{% endif %}.'
 redirect_from:
   - /articles/marking-notifications-as-read
   - /articles/saving-notifications-for-later
@@ -10,9 +10,13 @@ versions:
   github-ae: '*'
 ---
 
+{% if enterpriseServerVersions contains currentVersion %}
+{% data reusables.mobile.ghes-release-phase %}
+{% endif %}
+
 ### About your inbox
 
-{% if currentVersion == "free-pro-team@latest" %}
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %}
 {% data reusables.notifications-v2.notifications-inbox-required-setting %} For more information, see "[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#choosing-your-notification-settings)."
 {% endif %}
 
@@ -86,31 +90,16 @@ Custom filters do not currently support:
 
 ### Supported queries for custom filters
 
-There are three types of filters that you can use:
+These are the types of filters that you can use:
   - Filter by repository with `repo:`
   - Filter by discussion type with `is:`
-  - Filter by notification reason with `reason:`
+  - Filter by notification reason with `reason:`{% if currentVersion == "free-pro-team@latest" %}
+  - Filter by notification author with `author:`
+  - Filter by organization with `org:`{% endif %}
 
-To add a `repo:` filter, you must include the owner of the repository in the query. For example, `repo:atom/atom` represents the Atom repository owned by the Atom organization.
+#### Supported `repo:` queries
 
-#### Supported `reason:` queries
-
-To filter notifications by why you've received an update, you can use the `reason:` query. For example, to see notifications when you (or a team you're on) is requested to review a pull request, use `reason:review-requested`. For more information, see "[About notifications](/github/managing-subscriptions-and-notifications-on-github/about-notifications#reasons-for-receiving-notifications)."
-
-| Query | Description |
-|-----------------|-------------|
-| `reason:assign` | When there's an update on an issue or pull request you've been assigned to.
-| `reason:author` | When you opened a pull request or issue and there has been an update or new comment.
-| `reason:comment`| When you commented on an issue, pull request, or team discussion.
-| `reason:participating` | When you have commented on an issue, pull request, or team discussion or you have been @mentioned.
-| `reason:invitation` | When you're invited to a team, organization, or repository.
-| `reason:manual` | When you click **Subscribe** on an issue or pull request you weren't already subscribed to.
-| `reason:mention` | You were directly @mentioned.
-| `reason:review-requested` | You or a team you're on have been requested to review a pull request.{% if currentVersion != "github-ae@latest" %}
-| `reason:security-alert` | When a security alert is issued for a repository.{% endif %}
-| `reason:state-change`  | When the state of a pull request or issue is changed. For example, an issue is closed or a pull request is merged.
-| `reason:team-mention` | When a team you're a member of is @mentioned.
-| `reason:ci-activity` | When a repository has a CI update, such as a new workflow run status.
+To add a `repo:` filter, you must include the owner of the repository in the query: `repo:owner/repository`. An owner is the organization or the user who owns the {% data variables.product.prodname_dotcom %} asset that triggers the notification. For example, `repo:octo-org/octo-repo` will show notifications triggered in the octo-repo repository within the octo-org organization.
 
 #### Supported `is:` queries
 
@@ -137,3 +126,55 @@ You can also use the `is:` query to describe how the notification was triaged.
 - `is:done`
 - `is:unread`
 - `is:read`
+
+#### Supported `reason:` queries
+
+To filter notifications by why you've received an update, you can use the `reason:` query. For example, to see notifications when you (or a team you're on) is requested to review a pull request, use `reason:review-requested`. For more information, see "[About notifications](/github/managing-subscriptions-and-notifications-on-github/about-notifications#reasons-for-receiving-notifications)."
+
+| Query | Description |
+|-----------------|-------------|
+| `reason:assign` | When there's an update on an issue or pull request you've been assigned to.
+| `reason:author` | When you opened a pull request or issue and there has been an update or new comment.
+| `reason:comment`| When you commented on an issue, pull request, or team discussion.
+| `reason:participating` | When you have commented on an issue, pull request, or team discussion or you have been @mentioned.
+| `reason:invitation` | When you're invited to a team, organization, or repository.
+| `reason:manual` | When you click **Subscribe** on an issue or pull request you weren't already subscribed to.
+| `reason:mention` | You were directly @mentioned.
+| `reason:review-requested` | You or a team you're on have been requested to review a pull request.{% if currentVersion != "github-ae@latest" %}
+| `reason:security-alert` | When a security alert is issued for a repository.{% endif %}
+| `reason:state-change`  | When the state of a pull request or issue is changed. For example, an issue is closed or a pull request is merged.
+| `reason:team-mention` | When a team you're a member of is @mentioned.
+| `reason:ci-activity` | When a repository has a CI update, such as a new workflow run status.
+
+{% if currentVersion == "free-pro-team@latest" %}
+#### Supported `author:` queries
+
+To filter notifications by user, you can use the `author:` query. An author is the original author of the thread (issue, pull request, gist, discussions, and so on) for which you are being notified. For example, to see notifications for threads created by the Octocat user, use `author:octocat`.
+
+#### Supported `org:` queries
+
+To filter notifications by organization, you can use the  `org` query. The organization you need to specify in the query is the organization of the repository for which you are being notified on {% data variables.product.prodname_dotcom %}. This query is useful if you belong to several organizations, and want to see notifications for a specific organization.
+
+For example, to see notifications from the octo-org organization, use `org:octo-org`. 
+
+{% endif %}
+
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
+### {% data variables.product.prodname_dependabot %} custom filters
+
+{% if currentVersion == "free-pro-team@latest" %}
+If you use {% data variables.product.prodname_dependabot %} to keep your dependencies up-to-date, you can use and save these custom filters:
+- `is:repository_vulnerability_alert` to show notifications for {% data variables.product.prodname_dependabot_alerts %}.
+- `reason:security_alert` to show notifications for {% data variables.product.prodname_dependabot_alerts %} and security update pull requests.
+- `author:app/dependabot` to show notifications generated by {% data variables.product.prodname_dependabot %}. This includes {% data variables.product.prodname_dependabot_alerts %}, security update pull requests, and version update pull requests.
+
+For more information about {% data variables.product.prodname_dependabot %}, see "[About managing vulnerable dependencies](/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies)."
+{% endif %}
+
+{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21" %}
+If you use {% data variables.product.prodname_dependabot %} to keep your dependencies-up-to-date, you can use and save the `is:repository_vulnerability_alert` custom filter to show notifications for {% data variables.product.prodname_dependabot_alerts %}.
+
+For more information about {% data variables.product.prodname_dependabot %}, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
+{% endif %}
+
+{% endif %}

content/github/managing-your-work-on-github/changing-project-board-visibility.md

@@ -1,6 +1,6 @@
 ---
 title: Changing project board visibility
-intro: 'As an organization owner or project board admin, you can make a project board public or private.'
+intro: 'As an organization owner or project board admin, you can make a project board {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %} or private.'
 redirect_from:
   - /articles/changing-project-board-visibility
 versions:
@@ -13,12 +13,12 @@ versions:
 
 {% tip %}
 
-**Tip:** When you make your project board public, organization members are given read access by default. You can give specific organization members write or admin permissions by giving project board access to teams they're on or by adding them to the project board as a collaborator. For more information, see "[Project board permissions for an organization](/articles/project-board-permissions-for-an-organization)."
+**Tip:** When you make your project board {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %}, organization members are given read access by default. You can give specific organization members write or admin permissions by giving project board access to teams they're on or by adding them to the project board as a collaborator. For more information, see "[Project board permissions for an organization](/articles/project-board-permissions-for-an-organization)."
 
 {% endtip %}
 
-1. Navigate to the project board you want to make public or private.
+1. Navigate to the project board you want to make {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %} or private.
 {% data reusables.project-management.click-menu %}
 {% data reusables.project-management.access-collaboration-settings %}
-4. Under "Visibility", select **Public** or **Private**. Then, click **Save**.
-![Public and private radio buttons](/assets/images/help/projects/project-board-visibility-options.png)
+{% data reusables.project-management.choose-visibility %}
+1. Click **Save**.

content/github/managing-your-work-on-github/copying-a-project-board.md

@@ -27,7 +27,6 @@ A project board's automation is also enabled by default. For more information, s
 ![Field to type a description for the copied project board](/assets/images/help/projects/copied-project-board-description.png)
 7. Optionally, under "Automation settings", select whether you want to copy the configured automatic workflows. This option is enabled by default. For more information, see "[About automation for project boards](/articles/about-automation-for-project-boards/)."
 ![Select automation settings for copied project board](/assets/images/help/projects/copied-project-board-automation-settings.png)
-8. If you are copying an organization-owned project board, under "Visibility", select whether you want your copied project board to be private or public.
-![Select visibility settings for copied project board](/assets/images/help/projects/copied-project-board-visibility-settings.png)
+{% data reusables.project-management.choose-visibility %}
 9. Click **Copy project**.
 ![Confirm Copy button](/assets/images/help/projects/confirm-copy-project-board.png)

content/github/managing-your-work-on-github/creating-a-project-board.md

@@ -30,6 +30,7 @@ You can also configure workflow automations to keep your project board in sync w
 {% data reusables.project-management.click-new-project %}
 {% data reusables.project-management.create-project-name-description %}
 {% data reusables.project-management.choose-template %}
+{% data reusables.project-management.choose-visibility %}
 {% data reusables.project-management.linked-repositories %}
 {% data reusables.project-management.create-project-button %}
 {% data reusables.project-management.add-column-new-project %}
@@ -49,6 +50,7 @@ You can also configure workflow automations to keep your project board in sync w
 {% data reusables.project-management.click-new-project %}
 {% data reusables.project-management.create-project-name-description %}
 {% data reusables.project-management.choose-template %}
+{% data reusables.project-management.choose-visibility %}
 {% data reusables.project-management.linked-repositories %}
 {% data reusables.project-management.create-project-button %}
 {% data reusables.project-management.add-column-new-project %}

content/github/setting-up-and-managing-organizations-and-teams/about-identity-and-access-management-with-saml-single-sign-on.md

@@ -14,7 +14,7 @@ versions:
 
 After you configure SAML SSO, members of your {% data variables.product.prodname_dotcom %} organization will continue to log into their user accounts on {% data variables.product.prodname_dotcom %}. When a member accesses resources within your organization that uses SAML SSO, {% data variables.product.prodname_dotcom %} redirects the member to your IdP to authenticate. After successful authentication, your IdP redirects the member back to {% data variables.product.prodname_dotcom %}, where the member can access your organization's resources.
 
-Enterprise owners can also enforce SAML SSO for all organizations in an enterprise account. For more information, see "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account#enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
+Organization owners can enforce SAML SSO for an individual organization, or enterprise owners can enforce SAML SSO for all organizations in an enterprise account. For more information, see "[Enabling SAML single sign-on for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
 
 {% data reusables.saml.outside-collaborators-exemption %}
 
@@ -32,6 +32,8 @@ If members are signed in with a SAML SSO session when they create a new reposito
 
 Organization members must also have an active SAML session to authorize an {% data variables.product.prodname_oauth_app %}. You can opt out of this requirement by contacting {% data variables.contact.contact_support %}. {% data variables.product.product_name %} does not recommend opting out of this requirement, which will expose your organization to a higher risk of account takeovers and potential data loss.
 
+{% data reusables.saml.saml-single-logout-not-supported %}
+
 ### Supported SAML services
 
 {% data reusables.saml.saml-supported-idps %}
@@ -42,12 +44,12 @@ Some IdPs support provisioning access to a  {% data variables.product.prodname_d
 
 After you enable SAML SSO, there are multiple ways you can add new members to your organization. Organization owners can invite new members manually on {% data variables.product.product_name %} or using the API. For more information, see "[Inviting users to join your organization](/articles/inviting-users-to-join-your-organization)" and "[Members](/rest/reference/orgs#add-or-update-organization-membership)."
 
-{% data reusables.organizations.team-synchronization %}
-
 To provision new users without an invitation from an organization owner, you can use the URL `https://github.com/orgs/ORGANIZATION/sso/sign_up`, replacing _ORGANIZATION_ with the name of your organization. For example, you can configure your IdP so that anyone with access to the IdP can click a link on the IdP's dashboard to join your {% data variables.product.prodname_dotcom %} organization.
 
 If your IdP supports SCIM, {% data variables.product.prodname_dotcom %} can automatically invite members to join your organization when you grant access on your IdP. If you remove a member's access to your {% data variables.product.prodname_dotcom %} organization on your SAML IdP, the member will be automatically removed from the {% data variables.product.prodname_dotcom %} organization. For more information, see "[About SCIM](/github/setting-up-and-managing-organizations-and-teams/about-scim)."
 
+{% data reusables.organizations.team-synchronization %}
+
 {% data reusables.saml.saml-single-logout-not-supported %}
 
 ### Further reading

content/github/setting-up-and-managing-organizations-and-teams/about-scim.md

@@ -17,7 +17,7 @@ These identity providers are compatible with the {% data variables.product.produ
 - Okta
 - OneLogin
 
-{% data reusables.scim.enterprise-account-scim %} For more information, see "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account#managing-user-provisioning-for-organizations-in-your-enterprise-account)."
+{% data reusables.scim.enterprise-account-scim %} For more information, see "[About user provisioning for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/about-user-provisioning-for-organizations-in-your-enterprise-account)."
 
 ### Further reading
 

content/github/setting-up-and-managing-organizations-and-teams/index.md

@@ -113,7 +113,6 @@ versions:
     {% link_in_list /preparing-to-require-two-factor-authentication-in-your-organization %}
     {% link_in_list /requiring-two-factor-authentication-in-your-organization %}
     {% link_in_list /managing-security-and-analysis-settings-for-your-organization %}
-    {% link_in_list /managing-secret-scanning-for-your-organization %}
     {% link_in_list /managing-allowed-ip-addresses-for-your-organization %}
     {% link_in_list /restricting-email-notifications-to-an-approved-domain %}
     {% link_in_list /reviewing-the-audit-log-for-your-organization %}

content/github/setting-up-and-managing-organizations-and-teams/managing-secret-scanning-for-your-organization.md

@@ -1,46 +0,0 @@
----
-title: Managing secret scanning for your organization
-intro: 'You can control which repositories in your organization {% data variables.product.product_name %} will scan for secrets.'
-product: '{% data reusables.gated-features.secret-scanning %}'
-permissions: 'Organization owners can manage {% data variables.product.prodname_secret_scanning %} for repositories in the organization.'
-versions:
-  free-pro-team: '*'
----
-
-{% data reusables.secret-scanning.beta %}
-
-### About management of {% data variables.product.prodname_secret_scanning %}
-
-{% data variables.product.prodname_secret_scanning_caps %} can help you mitigate the impact of leaked secrets in your organization's repositories. For more information, see "[About {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/about-secret-scanning)."
-
-You can manage how {% data variables.product.prodname_dotcom %} scans for secrets in existing repositories in your organization. You can also enable or disable {% data variables.product.prodname_secret_scanning %} by default for any new repositories that members create in your organization.
-
-{% data reusables.security.security-and-analysis-features-enable-read-only %}
-
-{% note %}
-
-**Note**: {% data variables.product.prodname_secret_scanning_caps %} is enabled by default for public repositories in your organization and can't be disabled. For more information, see "[About secret scanning for public repositories](/github/administering-a-repository/about-secret-scanning#about-secret-scanning-for-public-repositories)."
-
-{% endnote %}
-
-### Enabling or disabling {% data variables.product.prodname_secret_scanning %} for existing private repositories
-
-{% data reusables.profile.access_profile %}
-{% data reusables.profile.access_org %}
-{% data reusables.organizations.org_settings %}
-{% data reusables.organizations.security-and-analysis %}
-5. To the right of "Secret scanning", click **Disable all** or **Enable all**.
-  !["Enable all" or "Disable all" button for secret scanning](/assets/images/help/organizations/security-and-analysis-disable-or-enable-secret-scanning.png)
-6. Optionally, enable {% data variables.product.prodname_secret_scanning %} by default for new private repositories in your organization.
-  !["Enable by default" option for new repositories](/assets/images/help/organizations/security-and-analysis-secret-scanning-enable-by-default.png)
-7. Click **Disable secret scanning** or **Enable secret scanning** to disable or enable the feature for all the repositories in your organization.
-  ![Button to disable or enable {% data variables.product.prodname_secret_scanning %} ](/assets/images/help/organizations/security-and-analysis-enable-secret-scanning.png)
-
-### Enabling or disabling {% data variables.product.prodname_secret_scanning %} for new private repositories
-
-{% data reusables.profile.access_profile %}
-{% data reusables.profile.access_org %}
-{% data reusables.organizations.org_settings %}
-{% data reusables.organizations.security-and-analysis %}
-5. To the right of "Secret scanning", enable or disable the feature by default for new private repositories in your organization.
-  ![Checkbox for enabling or disabling a feature for new repositories](/assets/images/help/organizations/security-and-analysis-enable-or-disable-secret-scanning-checkbox.png)

content/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization.md

@@ -2,8 +2,11 @@
 title: Managing security and analysis settings for your organization
 intro: 'You can control features that secure and analyze the code in your organization''s projects on {% data variables.product.prodname_dotcom %}.'
 permissions: Organization owners can manage security and analysis settings for repositories in the organization.
+redirect_from:
+  - /github/setting-up-and-managing-organizations-and-teams/managing-secret-scanning-for-your-organization
 versions:
   free-pro-team: '*'
+  enterprise-server: '>=3.0'
 ---
 
 ### About management of security and analysis settings
@@ -53,7 +56,12 @@ You can enable or disable features for all repositories. {% if currentVersion ==
    !["Enable by default" option for new repositories](/assets/images/help/organizations/security-and-analysis-secret-scanning-enable-by-default-ghe.png)
    {% endif %}
 1. Click **Disable FEATURE** or **Enable FEATURE** to disable or enable the feature for all the repositories in your organization.
-  ![Button to disable or enable feature](/assets/images/help/organizations/security-and-analysis-enable-dependency-graph.png)
+   {% if currentVersion == "free-pro-team@latest" %}
+   ![Button to disable or enable feature](/assets/images/help/organizations/security-and-analysis-enable-dependency-graph.png)
+   {% endif %}
+   {% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
+   ![Button to disable or enable feature](/assets/images/help/organizations/security-and-analysis-enable-secret-scanning-ghe.png)
+   {% endif %}
 
 ### Enabling or disabling a feature automatically when new repositories are added
 
@@ -68,6 +76,8 @@ You can enable or disable features for all repositories. {% if currentVersion ==
 
    {% data reusables.advanced-security.note-org-enable-uses-seats %}
 
+{% if currentVersion == "free-pro-team@latest" %}
+
 ### Allowing Dependabot to access private repositories
 
 {% data reusables.dependabot.beta-note %}
@@ -83,13 +93,12 @@ By default, {% data variables.product.prodname_dependabot %} can't update depend
    ![The Repositories list](/assets/images/help/organizations/repositories-dialog.png)
 1. Select the repositories that {% data variables.product.prodname_dependabot %} can access.
 1. Click **Select repositories**.
-
+{% endif %}
 
 ### Further reading
 
-{% if currentVersion == "free-pro-team@latest" %}- "[About securing your repository](/github/administering-a-repository/about-securing-your-repository)"
-- "[About secret scanning](/github/administering-a-repository/about-secret-scanning)"
-- "[Keeping your dependencies updated automatically](/github/administering-a-repository/keeping-your-dependencies-updated-automatically)"
-{% endif %}
+- "[About securing your repository](/github/administering-a-repository/about-securing-your-repository)"
+- "[About secret scanning](/github/administering-a-repository/about-secret-scanning)"{% if currentVersion == "free-pro-team@latest" %}
+- "[Keeping your dependencies updated automatically](/github/administering-a-repository/keeping-your-dependencies-updated-automatically)"{% endif %}
 - "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"
 - "[Managing vulnerabilities in your project's dependencies](/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies)"

content/github/setting-up-and-managing-organizations-and-teams/project-board-permissions-for-an-organization.md

@@ -30,7 +30,7 @@ For example, if an organization owner has given all organization members read pe
 
 ### Project board visibility
 
-{% data reusables.project-management.project-board-visibility %} You can change the project board's visibility from private to public and back again. For more information, see "[Changing project board visibility](/articles/changing-project-board-visibility)."
+{% data reusables.project-management.project-board-visibility %} You can change the project board's visibility from private to {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %} and back again. For more information, see "[Changing project board visibility](/articles/changing-project-board-visibility)."
 
 ### Further reading
 

content/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization.md

@@ -100,25 +100,27 @@ In addition to managing organization-level settings, organization owners have ad
 | Make a repository a template (see "[Creating a template repository](/articles/creating-a-template-repository)") | | | | | **X** |
 | Change a repository's settings | | | | | **X** |
 | Manage team and collaborator access to the repository | | | | | **X** |
-| Edit the repository's default branch | | | | | **X** |
+| Edit the repository's default branch | | | | | **X** |{% if currentVersion == "free-pro-team@latest" %}
+| Rename the repository's default branch (see "[Renaming a branch](/github/administering-a-repository/renaming-a-branch)") | | | | | **X** |
+| Rename a branch other than the repository's default branch (see "[Renaming a branch](/github/administering-a-repository/renaming-a-branch)") | | | **X** | **X** | **X** |{% endif %}
 | Manage webhooks and deploy keys | | | | | **X** |{% if currentVersion == "free-pro-team@latest" %}
 | [Enable the dependency graph](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-and-dependents-of-a-repository) for a private repository | | | | | **X** |
 | Receive [{% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies) in a repository | | | | | **X** |
 | [Dismiss {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository) | | | | | **X** |
-| [Designate additional people or teams to receive {% data variables.product.prodname_dependabot_alerts %}](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository) for vulnerable dependencies | | | | | **X** |
+| [Designate additional people or teams to receive {% data variables.product.prodname_dependabot_alerts %}](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts) for vulnerable dependencies | | | | | **X** |
 | [Manage data use settings for your private repository](/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository) | | | | | **X** |
 | Create [security advisories](/github/managing-security-vulnerabilities/about-github-security-advisories) | | | | | **X** | 
 | Manage access to {% data variables.product.prodname_GH_advanced_security %} features (see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)") | | | | | **X** |{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
 | [View {% data variables.product.prodname_code_scanning %} alerts on pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests) | **X** | **X** | **X** | **X** | **X** |
-| [List, dismiss, and delete {% data variables.product.prodname_code_scanning %} alerts](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository) | | | **X** | **X** | **X** |{% endif %}
+| [List, dismiss, and delete {% data variables.product.prodname_code_scanning %} alerts](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository) | | | **X** | **X** | **X** |{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+| [View {% data variables.product.prodname_secret_scanning %} alerts in a repository, and also resolve, revoke or re-open {% data variables.product.prodname_secret_scanning %} alerts](/github/administering-a-repository/managing-alerts-from-secret-scanning) | | | | | **X** |
+| [Designate additional people or teams to receive {% data variables.product.prodname_secret_scanning %} alerts](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts) in repositories | | | | | **X** |{% endif %}
 | [Manage the forking policy for a repository](/github/administering-a-repository/managing-the-forking-policy-for-your-repository) | | | | | **X** |
 | [Transfer repositories into the organization](/articles/restricting-repository-creation-in-your-organization) | | | | | **X** |
 | [Delete or transfer repositories out of the organization](/articles/setting-permissions-for-deleting-or-transferring-repositories) | | | | | **X** |
 | [Archive repositories](/articles/about-archiving-repositories) | | | | | **X** |{% if currentVersion == "free-pro-team@latest" %}
 | Display a sponsor button (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)") | | | | | **X** |{% endif %}
-| Create autolink references to external resources, like JIRA or Zendesk (see "[Configuring autolinks to reference external resources](/articles/configuring-autolinks-to-reference-external-resources)") | | | | | **X** |{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
-| [View {% data variables.product.prodname_code_scanning %} alerts on pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests) | **X** | **X** | **X** | **X** | **X** |
-| [List, dismiss, and delete {% data variables.product.prodname_code_scanning %} alerts](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository) | | | **X** | **X** | **X** |{% endif %}{% if currentVersion == "free-pro-team@latest" %}
+| Create autolink references to external resources, like JIRA or Zendesk (see "[Configuring autolinks to reference external resources](/articles/configuring-autolinks-to-reference-external-resources)") | | | | | **X** |{% if currentVersion == "free-pro-team@latest" %}
 | [Enable {% data variables.product.prodname_discussions %}](/github/administering-a-repository/enabling-or-disabling-github-discussions-for-a-repository) in a repository | | | | **X** | **X** |
 | [Create and edit categories](/discussions/managing-discussions-for-your-community/managing-categories-for-discussions-in-your-repository) for {% data variables.product.prodname_discussions %} | | | | **X** | **X** |
 | [Move a discussion to a different category](/discussions/managing-discussions-for-your-community/managing-discussions-in-your-repository) | | | **X** | **X** | **X** |

content/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization.md

@@ -63,8 +63,8 @@ To search for specific events, use the `action` qualifier in your query. Actions
 | [`repository_vulnerability_alerts`](#repository_vulnerability_alerts-category-actions) | Contains repository-level configuration activities for {% data variables.product.prodname_dependabot %} alerts. {% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
 | [`secret_scanning`](#secret_scanning-category-actions) | Contains organization-level configuration activities for secret scanning in existing repositories. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)."
 | [`secret_scanning_new_repos`](#secret_scanning_new_repos-category-actions) | Contains organization-level configuration activities for secret scanning for new repositories created in the organization. {% endif %}{% if currentVersion == "free-pro-team@latest" %}
-| [`sponsors`](#sponsors-category-actions) | Contains all events related to sponsor buttons (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)"){% endif %}{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}
-| [`team`](#team-category-actions) | Contains all activities related to teams in your organization.{% endif %}
+| [`sponsors`](#sponsors-category-actions) | Contains all events related to sponsor buttons (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)"){% endif %}
+| [`team`](#team-category-actions) | Contains all activities related to teams in your organization.
 | [`team_discussions`](#team_discussions-category-actions) | Contains activities related to managing team discussions for an organization.
 
 You can search for specific sets of actions using these terms. For example:
@@ -572,7 +572,6 @@ For more information, see "[Restricting publication of {% data variables.product
 | `waitlist_join` | Triggered when you join the waitlist to become a sponsored organization (see "[Setting up {% data variables.product.prodname_sponsors %} for your organization](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-organization)")
 {% endif %}
 
-{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}
 #### `team` category actions
 
 | Action | Description
@@ -581,11 +580,12 @@ For more information, see "[Restricting publication of {% data variables.product
 | `add_repository` | Triggered when a team is given control of a repository.
 | `change_parent_team` | Triggered when a child team is created or [a child team's parent is changed](/articles/moving-a-team-in-your-organization-s-hierarchy).
 | `change_privacy` | Triggered when a team's privacy level is changed.
-| `create` | Triggered when a new team is created.
-| `destroy` | Triggered when a team is deleted from the organization.
+| `create` | Triggered when a new team is created.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
+`demote_maintainer` | Triggered when a user was demoted from a team maintainer to a team member. For more information, see "[Giving "team maintainer" permissions to an organization member](/github/setting-up-and-managing-organizations-and-teams/giving-team-maintainer-permissions-to-an-organization-member)."{% endif %}
+| `destroy` | Triggered when a team is deleted from the organization.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
+`team.promote_maintainer` | Triggered when a user was promoted from a team member to a team maintainer. For more information, see "[Giving "team maintainer" permissions to an organization member](/github/setting-up-and-managing-organizations-and-teams/giving-team-maintainer-permissions-to-an-organization-member)."{% endif %}
 | `remove_member` | Triggered when a member of an organization is [removed from a team](/articles/removing-organization-members-from-a-team).
 | `remove_repository` | Triggered when a repository is no longer under a team's control.
-{% endif %}
 
 #### `team_discussions` category actions
 

content/github/setting-up-and-managing-organizations-and-teams/synchronizing-a-team-with-an-identity-provider-group.md

@@ -15,6 +15,8 @@ versions:
 
 You can connect up to five IdP groups to a {% data variables.product.prodname_dotcom %} team. An IdP group can be assigned to multiple {% data variables.product.prodname_dotcom %} teams without restriction.
 
+Team synchronization does not support IdP groups with more than 5000 members. 
+
 Once a {% data variables.product.prodname_dotcom %} team is connected to an IdP group, your IdP administrator must make team membership changes through the identity provider. You cannot manage team membership on {% data variables.product.product_name %} or using the API.
 
 All team membership changes made through your IdP will appear in the audit log on {% data variables.product.product_name %} as changes made by the team synchronization bot. Your IdP will send team membership data to {% data variables.product.prodname_dotcom %} once every hour.
@@ -28,19 +30,22 @@ You can also manage team synchronization with the API. For more information, see
 
 ### Requirements for members of synchronized teams
 
-After you connect a team to an IdP group, membership data for each team member will synchronize if the person continues to authenticate using SAML SSO with the same SSO identity on {% data variables.product.prodname_dotcom %}, and if the person remains a member of the connected IdP group.
+After you connect a team to an IdP group, team synchronization will add each member of the IdP group to the corresponding team on {% data variables.product.prodname_dotcom %} only if:
+- The person is a member of the organization on {% data variables.product.prodname_dotcom %}.
+- The person has already logged in with their user account on {% data variables.product.prodname_dotcom %} and authenticated to the organization or enterprise account via SAML single sign-on at least once.
+- The person's SSO identity is a member of the IdP group.  
 
-Existing teams or group members can be automatically removed from the team on {% data variables.product.prodname_dotcom %}. Any existing teams or group members not authenticating to the organization or enterprise account using SSO may lose access to repositories. Any existing teams or group members not in the connected IdP group may potentially lose access to repositories.
+Existing teams or group members who do not meet these criteria will be automatically removed from the team on {% data variables.product.prodname_dotcom %} and lose access to repositories. Revoking a user's linked identity will also remove the user from from any teams mapped to IdP groups. For more information, see "[Viewing and managing a member's SAML access to your organization](/github/setting-up-and-managing-organizations-and-teams/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity)" and "[Viewing and managing a user's SAML access to your enterprise](/github/setting-up-and-managing-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise#viewing-and-revoking-a-linked-identity)."
 
 A removed team member can be added back to a team automatically once they have authenticated to the organization or enterprise account using SSO and are moved to the connected IdP group.
 
-To avoid unintentionally removing team members, we recommend enforcing SAML SSO in your organization or enterprise account, creating new teams to synchronize membership data, and checking IdP group membership before synchronizing existing teams. For more information, see "[Enforcing SAML single sign-on for your organization](/articles/enforcing-saml-single-sign-on-for-your-organization)."
+To avoid unintentionally removing team members, we recommend enforcing SAML SSO in your organization or enterprise account, creating new teams to synchronize membership data, and checking IdP group membership before synchronizing existing teams. For more information, see "[Enforcing SAML single sign-on for your organization](/articles/enforcing-saml-single-sign-on-for-your-organization)" and "[Enabling SAML single sign-on for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
 
-If your organization is owned by an enterprise account, enabling team synchronization for the enterprise account will override your organization-level team synchronization settings. For more information, see "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account#managing-team-synchronization-for-organizations-in-your-enterprise-account)."
+If your organization is owned by an enterprise account, enabling team synchronization for the enterprise account will override your organization-level team synchronization settings. For more information, see "[Managing team synchronization for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise-account)."
 
 ### Prerequisites
 
-Before you can connect a team with an identity provider group, an organization or enterprise owner must enable team synchronization for your organization or enterprise account. For more information, see "[Managing team synchronization for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-team-synchronization-for-your-organization)" and "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account#managing-team-synchronization-for-organizations-in-your-enterprise-account)."
+Before you can connect a team with an identity provider group, an organization or enterprise owner must enable team synchronization for your organization or enterprise account. For more information, see "[Managing team synchronization for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-team-synchronization-for-your-organization)" and "[Managing team synchronization for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise-account)."
 
 To avoid unintentionally removing team members, visit the administrative portal for your IdP and confirm that each current team member is also in the IdP groups that you want to connect to this team. If you don't have this access to your identity provider, you can reach out to your IdP administrator.
 

content/github/setting-up-and-managing-organizations-and-teams/viewing-and-managing-a-members-saml-access-to-your-organization.md

@@ -20,6 +20,8 @@ You can view and revoke each member's linked identity, active sessions, and auth
 
 {% data reusables.saml.about-linked-identities %}
 
+{% data reusables.identity-and-permissions.revoking-identity-team-sync %}
+
 {% data reusables.profile.access_profile %}
 {% data reusables.profile.access_org %}
 {% data reusables.organizations.people %}

content/github/setting-up-and-managing-your-enterprise/about-identity-and-access-management-for-your-enterprise-account.md

@@ -0,0 +1,31 @@
+---
+title: About identity and access management for your enterprise account
+intro: You can centrally manage access to your enterprise's resources, organization membership, and team membership using your identity provider (IdP).
+product: '{% data reusables.gated-features.enterprise-accounts %}'
+versions:
+  free-pro-team: '*'
+---
+
+### About identity and access management for your enterprise account
+
+{% data reusables.saml.dotcom-saml-explanation %} {% data reusables.saml.about-saml-enterprise-accounts %} For more information, see "[Enabling SAML single sign-on for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
+
+After you enable SAML SSO, depending on the IdP you use, you may be able to enable additional identity and access management features.
+
+{% data reusables.saml.about-user-provisioning-enterprise-account %} For more information, see "[About user provisioning for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/about-user-provisioning-for-organizations-in-your-enterprise-account)."
+
+If you use Azure AD as your IDP, you can use team synchronization to manage team membership within each organization. {% data reusables.identity-and-permissions.about-team-sync %} For more information, see "[Managing team synchronization for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise-account)."
+
+### Supported IdPs
+
+We test and officially support the following IdPs. For SAML SSO, we offer limited support for all identity providers that implement the SAML 2.0 standard. For more information, see the [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website.
+
+IdP | SAML | User provisioning | Team synchronization | 
+--- | :--: | :---------------: | :-------: |
+Active Directory Federation Services (AD FS) | {% octicon "check-circle-fill" aria-label= "The check icon" %} | | |
+Azure Active Directory (Azure AD) | {% octicon "check-circle-fill" aria-label="The check icon" %} | | {% octicon "check-circle-fill" aria-label="The check icon" %} |
+Okta | {% octicon "check-circle-fill" aria-label="The check icon" %} | {% octicon "check-circle-fill" aria-label= "The check icon" %} | |
+OneLogin | {% octicon "check-circle-fill" aria-label="The check icon" %} | | |
+PingOne | {% octicon "check-circle-fill" aria-label="The check icon" %} | | |
+Shibboleth | {% octicon "check-circle-fill" aria-label="The check icon" %} | | |
+

content/github/setting-up-and-managing-your-enterprise/about-user-provisioning-for-organizations-in-your-enterprise-account.md

@@ -0,0 +1,28 @@
+---
+title: About user provisioning for organizations in your enterprise account
+intro: You can manage organization membership in an enterprise account directly from an identity provider (IdP).
+product: '{% data reusables.gated-features.enterprise-accounts %}'
+versions:
+  free-pro-team: '*'
+---
+
+{% data reusables.enterprise-accounts.user-provisioning-release-stage %}
+
+{% data reusables.saml.about-user-provisioning-enterprise-account %}
+
+{% data reusables.scim.enterprise-account-scim %} Optionally, you can also enable SAML provisioning and, separately, deprovisioning.
+
+If you configure SCIM for the {% data variables.product.product_name %} application in your IdP, each time you make changes to group membership in your IdP, your IdP will make a SCIM call to {% data variables.product.prodname_dotcom %} to update the corresponding organization's membership. If you enable SAML provisioning, each time an enterprise member accesses a resource protected by your enterprise account's SAML configuration, that SAML assertion will trigger provisioning.
+
+For each SCIM call or SAML assertion, {% data variables.product.product_name %} will check the IdP groups the user belongs to and perform the following operations:
+
+- If the user is a member of an IdP group that corresponds to an organization owned by your enterprise account, and the user is not currently a member of that organization, add the user to the organization (SAML assertion) or send the user an email invitation to join the organization (SCIM call).
+- Cancel any existing invitations for the user to join an organization owned by your enterprise account.
+
+For each SCIM call and, if you enable SAML deprovisioning, each SAML assertion, {% data variables.product.product_name %} will also perform the following operation:
+
+- If the user is not a member of an IdP group that corresponds to an organization owned by your enterprise account, and the user is currently a member of that organization, remove the user from the organization.
+
+If deprovisioning removes the last remaining owner from an organization, the organization will become unowned. Enterprise owners can assume ownership of unowned organizations. For more information, see "[Managing unowned organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/managing-unowned-organizations-in-your-enterprise-account)."
+
+To enable user provisioning for your enterprise account using Okta, see "[Configuring SAML single sign-on and SCIM for your enterprise account using Okta](/github/setting-up-and-managing-your-enterprise/configuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta)."

content/github/setting-up-and-managing-your-enterprise/configuring-identity-and-access-management-for-your-enterprise-account.md

@@ -0,0 +1,9 @@
+---
+title: Configuring identity and access management for your enterprise account
+intro: You can manage SAML single sign-on, user provisioning, and team synchronization for your enterprise. 
+product: '{% data reusables.gated-features.enterprise-accounts %}'
+mapTopic: true
+versions:
+  free-pro-team: '*'
+---
+

content/github/setting-up-and-managing-your-enterprise/configuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta.md

@@ -56,7 +56,7 @@ After you enable SCIM, the following provisioning features are available for any
 1. To the right of the drop-down menu, type `.*.*`.
 1. Click **Save**.
 {% data reusables.saml.okta-view-setup-instructions %}
-1. Enable SAML for your enterprise account using the information in the setup instructions. For more information, see "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account#enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
+1. Enable SAML for your enterprise account using the information in the setup instructions. For more information, see "[Enabling SAML single sign-on for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
 
 ### Creating groups in Okta
 

content/github/setting-up-and-managing-your-enterprise/enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account.md

@@ -0,0 +1,47 @@
+---
+title: Enabling SAML single sign-on for organizations in your enterprise account
+intro: 'You can control and secure access to resources like repositories, issues, and pull requests by enabling SAML single sign-on (SSO) and centralized authentication through an IdP across all organizations owned by an enterprise account.'
+product: '{% data reusables.gated-features.enterprise-accounts %}'
+permissions: Enterprise owners can enable SAML single sign-on for organizations in an enterprise account.
+versions:
+  free-pro-team: '*'
+---
+
+### About SAML single sign-on for enterprise accounts
+
+{% data reusables.saml.dotcom-saml-explanation %} For more information, see "[About identity and access management with SAML single sign-on](/github/setting-up-and-managing-organizations-and-teams/about-identity-and-access-management-with-saml-single-sign-on)."
+
+{% data reusables.saml.about-saml-enterprise-accounts %}
+
+{% data reusables.saml.about-saml-access-enterprise-account %} For more information, see "[Viewing and managing a user's SAML access to your enterprise account](/github/setting-up-and-managing-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise-account)."
+
+{% data reusables.saml.saml-supported-idps %}
+
+{% data reusables.scim.enterprise-account-scim %} If you're not participating in the private beta, SCIM is not supported for enterprise accounts. For more information, see "[About user provisioning for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/about-user-provisioning-for-organizations-in-your-enterprise-account)."
+
+### Enabling SAML single-sign on for organizations in your enterprise account
+
+{% note %}
+
+**Note:** Enabling authentication with SAML single sign-on for your enterprise account will override any existing organization-level SAML configurations.
+
+{% endnote %}
+
+For more detailed information about how to enable SAML using Okta, see "[Configuring SAML single sign-on and SCIM for your enterprise account using Okta](/github/setting-up-and-managing-your-enterprise/configuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta)."
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.security-tab %}
+4. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
+5. Under "SAML single sign-on", select **Enable SAML authentication**.
+  ![Checkbox for enabling SAML SSO](/assets/images/help/business-accounts/enable-saml-auth-enterprise.png)
+6. In the **Sign on URL** field, type the HTTPS endpoint of your IdP for single sign-on requests. This value is available in your IdP configuration.
+![Field for the URL that members will be forwarded to when signing in](/assets/images/help/saml/saml_sign_on_url_business.png)
+7. Optionally, in the **Issuer** field, type your SAML issuer URL to verify the authenticity of sent messages.
+![Field for the SAML issuer's name](/assets/images/help/saml/saml_issuer.png)
+8. Under **Public Certificate**, paste a certificate to verify SAML responses.
+![Field for the public certificate from your identity provider](/assets/images/help/saml/saml_public_certificate.png)
+9. To verify the integrity of the requests from your SAML issuer, click {% octicon "pencil" aria-label="The edit icon" %}. Then in the "Signature Method" and "Digest Method" drop-downs, choose the hashing algorithm used by your SAML issuer.
+![Drop-downs for the Signature Method and Digest method hashing algorithms used by your SAML issuer](/assets/images/help/saml/saml_hashing_method.png)
+10. Before enabling SAML SSO for your enterprise, click **Test SAML configuration** to ensure that the information you've entered is correct. ![Button to test SAML configuration before enforcing](/assets/images/help/saml/saml_test.png)
+11. Click **Save**.

content/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account.md

@@ -91,104 +91,6 @@ You can also configure allowed IP addresses for an individual organization. For
 
 {% data reusables.github-actions.ip-allow-list-self-hosted-runners %}
 
-### Enabling SAML single sign-on for organizations in your enterprise account
-
-{% data reusables.saml.dotcom-saml-explanation %} For more information, see "[About identity and access management with SAML single sign-on](/github/setting-up-and-managing-organizations-and-teams/about-identity-and-access-management-with-saml-single-sign-on)."
-
-Enterprise owners can enable SAML SSO and centralized authentication through a SAML IdP across all organizations owned by an enterprise account. After you enable SAML SSO for your enterprise account, SAML SSO is enabled by default for all organizations owned by your enterprise account. All members will be required to authenticate using SAML SSO to gain access to the organizations where they are a member, and enterprise owners will be required to authenticate using SAML SSO when accessing an enterprise account.
-
-{% data reusables.saml.about-saml-access-enterprise-account %} For more information, see "[Viewing and managing a user's SAML access to your enterprise account](/github/setting-up-and-managing-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise-account)."
-
-{% data reusables.saml.saml-supported-idps %}
-
-{% data reusables.scim.enterprise-account-scim %} If you're not participating in the private beta, SCIM is not supported for enterprise accounts. For more information, see "[Managing user provisioning for organizations in your enterprise account](#managing-user-provisioning-for-organizations-in-your-enterprise-account)."
-
-{% note %}
-
-**Note:** Enabling authentication with SAML single sign-on for your enterprise account will override any existing organization-level SAML configurations.
-
-{% endnote %}
-
-For more detailed information about how to enable SAML using Okta, see "[Configuring SAML single sign-on and SCIM for your enterprise account using Okta](/github/setting-up-and-managing-your-enterprise/configuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta).
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.security-tab %}
-4. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
-5. Under "SAML single sign-on", select **Enable SAML authentication**.
-  ![Checkbox for enabling SAML SSO](/assets/images/help/business-accounts/enable-saml-auth-enterprise.png)
-6. In the **Sign on URL** field, type the HTTPS endpoint of your IdP for single sign-on requests. This value is available in your IdP configuration.
-![Field for the URL that members will be forwarded to when signing in](/assets/images/help/saml/saml_sign_on_url_business.png)
-7. Optionally, in the **Issuer** field, type your SAML issuer's name. This verifies the authenticity of sent messages.
-![Field for the SAML issuer's name](/assets/images/help/saml/saml_issuer.png)
-8. Under **Public Certificate**, paste a certificate to verify SAML responses.
-![Field for the public certificate from your identity provider](/assets/images/help/saml/saml_public_certificate.png)
-9. To verify the integrity of the requests from your SAML issuer, click {% octicon "pencil" aria-label="The edit icon" %}. Then in the Signature Method and Digest Method drop-downs, choose the hashing algorithm used by your SAML issuer.
-![Drop-downs for the Signature Method and Digest method hashing algorithms used by your SAML issuer](/assets/images/help/saml/saml_hashing_method.png)
-10. Before enabling SAML SSO for your enterprise, click **Test SAML configuration** to ensure that the information you've entered is correct. ![Button to test SAML configuration before enforcing](/assets/images/help/saml/saml_test.png)
-11. Click **Save**.
-
-### Managing user provisioning for organizations in your enterprise account
-
-Enterprise owners can manage organization membership in an enterprise account directly from an identity provider (IdP).
-
-{% data reusables.enterprise-accounts.user-provisioning-release-stage %}
-
-{% data reusables.saml.about-user-provisioning-enterprise-account %}
-
-{% data reusables.scim.enterprise-account-scim %} Optionally, you can also enable SAML provisioning and, separately, deprovisioning.
-
-If you configure SCIM in your IdP, each time you make changes to group membership in your IdP, your IdP will make a SCIM call to {% data variables.product.prodname_dotcom %} to update the corresponding organization's membership. If you enable SAML provisioning, each time an enterprise member accesses a resource protected by your enterprise account's SAML configuration, that SAML assertion will trigger provisioning.
-
-For each SCIM call or SAML assertion, {% data variables.product.product_name %} will check the IdP groups the user belongs to and perform the following operations:
-
-- If the user is a member of an IdP group that corresponds to an organization owned by your enterprise account, and the user is not currently a member of that organization, add the user to the organization (SAML assertion) or send the user an email invitation to join the organization (SCIM call).
-- Cancel any existing invitations for the user to join an organization owned by your enterprise account.
-
-For each SCIM call and, if you enable SAML deprovisioning, each SAML assertion, {% data variables.product.product_name %} will also perform the following operation:
-
-- If the user is not a member of an IdP group that corresponds to an organization owned by your enterprise account, and the user is currently a member of that organization, remove the user from the organization.
-
-If deprovisioning removes the last remaining owner from an organization, the organization will become unowned. Enterprise owners can assume ownership of unowned organizations. For more information, see "[Managing unowned organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/managing-unowned-organizations-in-your-enterprise-account)."
-
-To enable user provisioning for your enterprise account using Okta, see "[Configuring SAML single sign-on and SCIM for your enterprise account using Okta](/github/setting-up-and-managing-your-enterprise/configuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta)."
-
-### Managing team synchronization for organizations in your enterprise account
-
-Enterprise owners can enable team synchronization between an IdP and {% data variables.product.product_name %} to allow organization owners and team maintainers to connect teams in the organizations owned by your enterprise account with IdP groups.
-
-{% data reusables.identity-and-permissions.about-team-sync %}
-
-You can use team synchronization with your enterprise account with Azure AD.
-
-{% data reusables.identity-and-permissions.sync-team-with-idp-group %}
-
-{% data reusables.identity-and-permissions.team-sync-disable %}
-
-You can also configure and manage team synchronization for an individual organization. For more information, see "[Managing team synchronization for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-team-synchronization-for-your-organization)."
-
-#### Prerequisites
-
-Before you can enable team synchronization for your enterprise account:
-  - You or your Azure AD administrator must be a Global administrator or a Privileged Role administrator in Azure AD.
-  - You must enable SAML single sign-on for organizations in your enterprise account with your supported IdP. For more information, see "[Enabling SAML single sign-on for organizations in your enterprise account](#enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
-  - You must authenticate to your enterprise account using SAML SSO and the supported IdP. For more information, see "[Authenticating with SAML single sign-on](/articles/authenticating-with-saml-single-sign-on)."
-
-#### Managing team synchronization for Azure AD
-
-{% data reusables.identity-and-permissions.team-sync-azure-permissions %}
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.security-tab %}
-{% data reusables.identity-and-permissions.team-sync-confirm-saml %}
-{% data reusables.identity-and-permissions.enable-team-sync-azure %}
-{% data reusables.identity-and-permissions.team-sync-confirm %}
-7. Review the identity provider tenant information you want to connect to your enterprise account, then click **Approve**.
-  ![Pending request to enable team synchronization to a specific IdP tenant with option to approve or cancel request](/assets/images/help/teams/approve-team-synchronization.png)
-8. To disable team synchronization, click **Disable team synchronization**.
-  ![Disable team synchronization](/assets/images/help/teams/disable-team-synchronization.png)
-
 ### Managing your enterprise account's SSH certificate authorities
 
 Enterprise owners can add and delete an enterprise account's SSH certificate authorities (CA).
@@ -213,3 +115,7 @@ Deleting a CA cannot be undone. If you want to use the same CA in the future, yo
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.security-tab %}
 {% data reusables.organizations.delete-ssh-ca %}
+
+### Further reading
+
+- "[Configuring identity and access management for your enterprise account](/github/setting-up-and-managing-your-enterprise/configuring-identity-and-access-management-for-your-enterprise-account)"

content/github/setting-up-and-managing-your-enterprise/index.md

@@ -28,14 +28,20 @@ versions:
     {% link_in_list /managing-unowned-organizations-in-your-enterprise-account %}
     {% link_in_list /viewing-the-audit-logs-for-organizations-in-your-enterprise-account %}
     {% link_in_list /configuring-webhooks-for-organization-events-in-your-enterprise-account %}
+{% topic_link_in_list /configuring-identity-and-access-management-for-your-enterprise-account %}
+    {% link_in_list /about-identity-and-access-management-for-your-enterprise-account %}
+    {% link_in_list /enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account %}
+    {% link_in_list /about-user-provisioning-for-organizations-in-your-enterprise-account %}
+    {% link_in_list /configuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta %}
+    {% link_in_list /managing-team-synchronization-for-organizations-in-your-enterprise-account %}
 {% topic_link_in_list /setting-policies-for-organizations-in-your-enterprise-account %}
     {% link_in_list /enforcing-repository-management-policies-in-your-enterprise-account %}
     {% link_in_list /enforcing-project-board-policies-in-your-enterprise-account %}
     {% link_in_list /enforcing-team-policies-in-your-enterprise-account %}
     {% link_in_list /enforcing-security-settings-in-your-enterprise-account %}
-    {% link_in_list /configuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta %}
     {% link_in_list /verifying-your-enterprise-accounts-domain %}
     {% link_in_list /restricting-email-notifications-for-your-enterprise-account-to-approved-domains %}
     {% link_in_list /enforcing-a-policy-on-dependency-insights-in-your-enterprise-account %}
     {% link_in_list /enforcing-github-actions-policies-in-your-enterprise-account %}
     {% link_in_list /configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account %}
+

content/github/setting-up-and-managing-your-enterprise/managing-licenses-for-visual-studio-subscription-with-github-enterprise.md

@@ -15,7 +15,9 @@ versions:
 
 {% data variables.product.prodname_vss_ghe %} is a combined offering from Microsoft that allows a subscriber to use both {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_vs %}. {% data variables.product.prodname_vss_ghe %} is available from Microsoft under the terms of the Microsoft Enterprise Agreement. For more information, see [{% data variables.product.prodname_vss_ghe %}](https://visualstudio.microsoft.com/subscriptions/visual-studio-github/) on the {% data variables.product.prodname_vs %} website.
 
-After you assign a license for {% data variables.product.prodname_vss_ghe %}  to a subscriber, the subscriber will use the {% data variables.product.prodname_enterprise %} portion of the license by joining an organization in your enterprise account with a user account on {% data variables.product.prodname_dotcom_the_website %}.
+After you assign a license for {% data variables.product.prodname_vss_ghe %} to a subscriber, the subscriber will use the {% data variables.product.prodname_enterprise %} portion of the license by joining an organization in your enterprise account with a user account on {% data variables.product.prodname_dotcom_the_website %}. If the email address for the user account of an enterprise member on {% data variables.product.prodname_dotcom_the_website %} matches the User Primary Name (UPN) for a subscriber to your {% data variables.product.prodname_vs %} account, the {% data variables.product.prodname_vs %} subscriber will automatically consume one license for {% data variables.product.prodname_vss_ghe %}.
+
+The total quantity of your licenses for your enterprise on {% data variables.product.prodname_dotcom %} is the sum of any standard {% data variables.product.prodname_enterprise %} licenses and the number of {% data variables.product.prodname_vs %} subscription licenses that include access to {% data variables.product.prodname_dotcom %}. If the user account for an enterprise member does not correspond with the email address for a {% data variables.product.prodname_vs %} subscriber, the license that the user account consumes is unavailable for a {% data variables.product.prodname_vs %} subscriber.
 
 For more information about {% data variables.product.prodname_enterprise %}, see "[{% data variables.product.company_short %}'s products](/github/getting-started-with-github/githubs-products#github-enterprise)." For more information about accounts on {% data variables.product.prodname_dotcom_the_website %}, see "[Types of {% data variables.product.prodname_dotcom %} accounts](/github/getting-started-with-github/types-of-github-accounts)."
 
@@ -27,11 +29,13 @@ For more information about {% data variables.product.prodname_enterprise %}, see
 
 3. On {% data variables.product.prodname_dotcom_the_website %}, create at least one organization owned by your enterprise account. For more information, see "[Adding organizations to your enterprise account](/github/setting-up-and-managing-your-enterprise/adding-organizations-to-your-enterprise-account)."
 
-4. The subscriber must create a user account on {% data variables.product.prodname_dotcom_the_website %}, and the email address for the account must be the same email address as the email address in the {% data variables.product.prodname_vs %} portal. For more information, see "[Signing up for {% data variables.product.prodname_dotcom %}](/github/getting-started-with-github/signing-up-for-github)" and "[Managing email preferences](/github/setting-up-and-managing-your-github-user-account/managing-email-preferences)."
-
 ### Inviting a subscriber to use {% data variables.product.prodname_enterprise %}
 
-To use the {% data variables.product.prodname_enterprise %} portion of the license, the subscriber must join an organization owned by your enterprise account on {% data variables.product.prodname_dotcom_the_website %}. Organization owners can invite new members to an organization. For more information, see "[Inviting users to join your organization](/github/setting-up-and-managing-organizations-and-teams/inviting-users-to-join-your-organization)."
+To use the {% data variables.product.prodname_enterprise %} portion of the license, the subscriber's user account on {% data variables.product.prodname_dotcom_the_website %} must be or become a member of an organization owned by your enterprise on {% data variables.product.prodname_dotcom_the_website %}.
+
+Organization owners can invite new members to an organization by email address. The email address that the organization owner invites must match the {% data variables.product.prodname_vs %} subscriber's User Primary Name (UPN), which should be an email address. The subscriber can accept the invitation with an existing user account on {% data variables.product.prodname_dotcom_the_website %} or create a new account.
+
+For more information, see "[Inviting users to join your organization](/github/setting-up-and-managing-organizations-and-teams/inviting-users-to-join-your-organization)," "[Signing up for {% data variables.product.prodname_dotcom %}](/github/getting-started-with-github/signing-up-for-github)," and "[Managing email preferences](/github/setting-up-and-managing-your-github-user-account/managing-email-preferences)."
 
 ### Viewing {% data variables.product.prodname_enterprise %} licensing
 

content/github/setting-up-and-managing-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise-account.md

@@ -0,0 +1,43 @@
+---
+title: Managing team synchronization for organizations in your enterprise account
+intro: 'You can enable team synchronization between an identity provider (IdP) and {% data variables.product.product_name %} to allow organizations owned by your enterprise account to manage team membership through IdP groups.'
+product: '{% data reusables.gated-features.enterprise-accounts %}'
+permissions: Enterprise owners can manage team synchronization for an enterprise account.
+versions:
+  free-pro-team: '*'
+---
+
+### About team synchronization for enterprise accounts
+
+If you use Azure AD as your IdP, you can enable team synchronization for your enterprise account to allow organization owners and team maintainers to synchronize teams in the organizations owned by your enterprise accounts with IdP groups.
+
+{% data reusables.identity-and-permissions.about-team-sync %}
+
+{% data reusables.identity-and-permissions.sync-team-with-idp-group %}
+
+{% data reusables.identity-and-permissions.team-sync-disable %}
+
+You can also configure and manage team synchronization for an individual organization. For more information, see "[Managing team synchronization for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-team-synchronization-for-your-organization)."
+
+### Prerequisites
+
+You or your Azure AD administrator must be a Global administrator or a Privileged Role administrator in Azure AD.
+ 
+You must enable SAML single sign-on for organizations in your enterprise account with your supported IdP. For more information, see "[Enabling SAML single sign-on for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
+
+You must authenticate to your enterprise account using SAML SSO and the supported IdP. For more information, see "[Authenticating with SAML single sign-on](/articles/authenticating-with-saml-single-sign-on)."
+
+### Managing team synchronization for Azure AD
+
+{% data reusables.identity-and-permissions.team-sync-azure-permissions %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.security-tab %}
+{% data reusables.identity-and-permissions.team-sync-confirm-saml %}
+{% data reusables.identity-and-permissions.enable-team-sync-azure %}
+{% data reusables.identity-and-permissions.team-sync-confirm %}
+7. Review the details for the IdP tenant you want to connect to your enterprise account, then click **Approve**.
+  ![Pending request to enable team synchronization to a specific IdP tenant with option to approve or cancel request](/assets/images/help/teams/approve-team-synchronization.png)
+8. To disable team synchronization, click **Disable team synchronization**.
+  ![Disable team synchronization](/assets/images/help/teams/disable-team-synchronization.png)

content/github/setting-up-and-managing-your-enterprise/managing-unowned-organizations-in-your-enterprise-account.md

@@ -9,7 +9,7 @@ versions:
   free-pro-team: '*'
 ---
 
-If you enable user deprovisioning to manage organization membership in your enterprise account, you could end up with an organization that has no organization owners. For more information, see "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account#managing-user-provisioning-for-organizations-in-your-enterprise-account)."
+If you enable user deprovisioning to manage organization membership in your enterprise account, you could end up with an organization that has no organization owners. For more information, see "[About user provisioning for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/about-user-provisioning-for-organizations-in-your-enterprise-account)."
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 2. To the right of the search field, click **X unowned**.

content/github/setting-up-and-managing-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise.md

@@ -18,6 +18,8 @@ When you enable SAML single sign-on for your enterprise account, each enterprise
 
 {% data reusables.saml.about-linked-identities %}
 
+{% data reusables.identity-and-permissions.revoking-identity-team-sync %}
+
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.people-tab %}
 {% data reusables.saml.click-person-revoke-identity %}

content/github/setting-up-and-managing-your-enterprise/viewing-the-subscription-and-usage-for-your-enterprise-account.md

@@ -22,7 +22,8 @@ For more information about managing billing managers, see "[Inviting people to m
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.license-tab %}
-4. Under "User {% if currentVersion == "free-pro-team@latest" %}Licenses{% else %}licenses{% endif %}", view your total licenses, number of consumed licenses, and your subscription expiration date.
+1. Under "User {% if currentVersion == "free-pro-team@latest" %}Licenses{% else %}licenses{% endif %}", view your total licenses, number of consumed licenses, and your subscription expiration date.
   {% if currentVersion == "free-pro-team@latest" %}![License and subscription information in enterprise billing settings](/assets/images/help/business-accounts/billing-license-info.png){% else %}
   ![License and subscription information in enterprise billing settings](/assets/images/enterprise/enterprises/enterprise-server-billing-license-info.png){% endif %}
-5. To view details of the user licenses currently in use, click **View {% if currentVersion == "free-pro-team@latest" %}details{% else %}users{% endif %}**.
+1. Optionally, to view details for license usage or download a {% if currentVersion == "free-pro-team@latest" %}CSV{% elsif enterpriseServerVersions contains currentVersion %}JSON{% endif %} file with license details{% if currentVersion == "free-pro-team@latest" %}, to the right of "User Licenses"{% endif %}, click **View {% if currentVersion == "free-pro-team@latest" %}details{% elsif enterpriseServerVersions contains currentVersion %}users{% endif %}** or {% if currentVersion == "free-pro-team@latest" %}{% octicon "download" aria-label="The download icon" %}{% elsif enterpriseServerVersions contains currentVersion %}**Export license usage**{% endif %}.{% if currentVersion == "free-pro-team@latest" %}
+  !["View details" button and button with download icon to the right of "User Licenses"](/assets/images/help/business-accounts/billing-license-info-click-view-details-or-download.png){% endif %}

content/github/setting-up-and-managing-your-github-user-account/permission-levels-for-a-user-account-repository.md

@@ -29,7 +29,8 @@ The repository owner has full control of the repository. In addition to the acti
 | :- | :- |
 | {% if currentVersion == "free-pro-team@latest" %}Invite collaborators{% else %}Add collaborators{% endif %} | "[Inviting collaborators to a personal repository](/github/setting-up-and-managing-your-github-user-account/inviting-collaborators-to-a-personal-repository)" |
 | Change the visibility of the repository | "[Setting repository visibility](/github/administering-a-repository/setting-repository-visibility)" |{% if currentVersion == "free-pro-team@latest" %}
-| Limit interactions with the repository | "[Limiting interactions in your repository](/github/building-a-strong-community/limiting-interactions-in-your-repository)" |{% endif %}
+| Limit interactions with the repository | "[Limiting interactions in your repository](/github/building-a-strong-community/limiting-interactions-in-your-repository)" |{% endif %}{% if currentVersion == "free-pro-team@latest" %}
+| Rename a branch, including the default branch | "[Renaming a branch](/github/administering-a-repository/renaming-a-branch)" |{% endif %}
 | Merge a pull request on a protected branch, even if there are no approving reviews | "[About protected branches](/github/administering-a-repository/about-protected-branches)" |
 | Delete the repository | "[Deleting a repository](/github/administering-a-repository/deleting-a-repository)" |
 | Manage the repository's topics | "[Classifying your repository with topics](/github/administering-a-repository/classifying-your-repository-with-topics)" |{% if currentVersion == "free-pro-team@latest" %}
@@ -61,7 +62,8 @@ Collaborators can also perform the following actions.
 
 | Action | More information |
 | :- | :- |
-| Fork the repository | "[About forks](/github/collaborating-with-issues-and-pull-requests/about-forks)" |
+| Fork the repository | "[About forks](/github/collaborating-with-issues-and-pull-requests/about-forks)" |{% if currentVersion == "free-pro-team@latest" %}
+| Rename a branch other than the default branch | "[Renaming a branch](/github/administering-a-repository/renaming-a-branch)" |{% endif %}
 | Create, edit, and delete comments on commits, pull requests, and issues in the repository | <ul><li>"[About issues](/github/managing-your-work-on-github/about-issues)"</li><li>"[Commenting on a pull request](/github/collaborating-with-issues-and-pull-requests/commenting-on-a-pull-request)"</li><li>"[Managing disruptive comments](/github/building-a-strong-community/managing-disruptive-comments)"</li></ul> |
 | Create, assign, close, and re-open issues in the repository | "[Managing your work with issues](/github/managing-your-work-on-github/managing-your-work-with-issues)" |
 | Manage labels for issues and pull requests in the repository | "[Labeling issues and pull requests](/github/managing-your-work-on-github/labeling-issues-and-pull-requests)" |

content/github/setting-up-and-managing-your-github-user-account/permission-levels-for-user-owned-project-boards.md

@@ -22,7 +22,7 @@ There are three levels of permissions for project board collaborators:
 The project board owner and collaborators with admin access have full control of the project board. In addition to all the permissions allowed by project board collaborators, a project board owner and collaborator with admin access can:
 
 - [Manage, view, and add collaborators](/articles/managing-access-to-your-user-account-s-project-boards)
-- [Configure a project board as public or private](/articles/changing-project-board-visibility)
+- [Configure a project board as {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %} or private](/articles/changing-project-board-visibility)
 - [Delete a project board](/articles/deleting-a-project-board/)
 - [Close a project board](/articles/closing-a-project-board/)
 - [Reopen a closed project board](/articles/reopening-a-closed-project-board)
@@ -51,7 +51,7 @@ Collaborators with write access to a user-owned project board can:
 
 ### Project board visibility
 
-You can change the project board's visibility from private to public and back again. By default, user-owned project boards are private. For more information, see "[Changing project board visibility](/articles/changing-project-board-visibility)."
+You can change the project board's visibility from private to {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %} and back again. By default, user-owned project boards are private. For more information, see "[Changing project board visibility](/articles/changing-project-board-visibility)."
 
 ### Further reading
 

content/github/supporting-the-open-source-community-with-github-sponsors/viewing-your-sponsors-and-sponsorships.md

@@ -20,16 +20,15 @@ You can view analytics on your current and past sponsorships, the payments you'v
 ### Viewing recent sponsorship activity
 
 {% data reusables.sponsors.navigate-to-sponsors-dashboard %}
-1. In the left sidebar, click **Activity**.
-  ![Activity tab](/assets/images/help/sponsors/activity-tab.png)
+{% data reusables.sponsors.activity-tab %}
 
 ### Exporting your sponsorship data
 
-If you have sponsors, you can export your sponsorship data. {% data variables.product.prodname_dotcom %} will send you an email with export data for all of your sponsors for the month you select. After the export is complete, you can export another month of data. You can export up to 10 sets of data per hour for any of your sponsored accounts.
+You can export your sponsorship transactions by month. {% data variables.product.company_short %} will send you an email with transaction data for all of your sponsors for the month you select. After the export is complete, you can export another month of data. You can export up to 10 sets of data per hour for any of your sponsored accounts.
 
 {% data reusables.sponsors.navigate-to-sponsors-dashboard %}
-{% data reusables.sponsors.navigate-to-sponsors-tab %}
-1. Click **Export all**.
-  ![Export all button](/assets/images/help/sponsors/export-all.png)
+{% data reusables.sponsors.activity-tab %}
+1. Click {% octicon "download" aria-label="The download icon" %} **Export**.
+  ![Export button](/assets/images/help/sponsors/export-all.png)
 1. Choose a timeframe and a format for the data you'd like to export, then click **Start export**.
   ![Options for data export](/assets/images/help/sponsors/export-your-sponsors.png)

content/github/using-git/adding-a-remote.md

@@ -37,7 +37,7 @@ You may encounter these errors when trying to add a remote.
 This error means you've tried to add a remote with a name that already exists in your local repository:
 
 ```shell
-$ git remote add origin https://{% data variables.command_line.codeblock %}/octocat/Spoon-Knife
+$ git remote add origin https://{% data variables.command_line.codeblock %}/octocat/Spoon-Knife.git
 > fatal: remote origin already exists.
 ```
 

content/github/working-with-github-support/about-github-support.md

@@ -23,9 +23,9 @@ To see if there are currently any incidents affecting services on {% data variab
 
 ### Contacting {% data variables.contact.github_support %}
 
-{% data variables.product.prodname_free_user %} user and organization accounts can use the {% data variables.contact.community_support_forum %} to browse topics, ask questions, share solutions, and interact directly with {% data variables.contact.community_support %}. You can also contact {% data variables.contact.contact_support %} to report account, security, and abuse issues.
+You can use the {% data variables.contact.community_support_forum %} to browse topics, ask questions, share solutions, and interact directly with {% data variables.contact.community_support %}. 
 
-On paid accounts, you can either contact {% data variables.contact.contact_support %} and, depending on your plan, contact {% data variables.contact.premium_support %} or {% data variables.contact.contact_ent_support %}. For more information about contacting {% data variables.contact.premium_support %}, see "[About {% data variables.contact.premium_support %} for {% data variables.product.prodname_ghe_cloud %}](/articles/about-github-premium-support-for-github-enterprise-cloud) or "[About {% data variables.contact.premium_support %} for {% data variables.product.prodname_ghe_server %}](/enterprise/admin/enterprise-support/about-github-premium-support-for-github-enterprise)."
+To report account, security, and abuse issues, or to receive assisted support for a paid account, visit the {% data variables.contact.contact_support_portal %}. If you are an administrator for {% data variables.product.prodname_ghe_server %} without a user account on {% data variables.product.prodname_dotcom_the_website %}, visit the {% data variables.contact.contact_enterprise_portal %}.
 
 ### Granting {% data variables.contact.github_support %} temporary access to a private repository
 

content/github/writing-on-github/creating-gists.md

@@ -1,6 +1,6 @@
 ---
 title: Creating gists
-intro: 'You can create two kinds of gists: public and secret. Create a public gist if you''re ready to share your ideas with the world or a secret gist if you''re not.'
+intro: 'You can create two kinds of gists: {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %} and secret. Create {% if currentVersion == "github-ae@latest" %}an internal{% else %}a public{% endif %} gist if you''re ready to share your ideas with {% if currentVersion == "github-ae@latest" %}enterprise members{% else %}the world{% endif %} or a secret gist if you''re not.'
 redirect_from:
   - /articles/about-gists/
   - /articles/cannot-delete-an-anonymous-gist/
@@ -14,11 +14,13 @@ versions:
 
 ### About gists
 
-Every gist is a Git repository, which means that it can be forked and cloned. If you are signed in to {% data variables.product.product_name %} when you create a gist, the gist will be associated with your account and you will see it in your list of gists when you navigate to your {% data variables.gists.gist_homepage %}.
+Every gist is a Git repository, which means that it can be forked and cloned. {% if currentVersion != "github-ae@latest" %}If you are signed in to {% data variables.product.product_name %} when{% else %}When{% endif %} you create a gist, the gist will be associated with your account and you will see it in your list of gists when you navigate to your {% data variables.gists.gist_homepage %}.
 
-Gists can be public or secret. Public gists show up in {% data variables.gists.discover_url %}, where people can browse new gists as they're created. They're also searchable, so you can use them if you'd like other people to find and see your work. {% data reusables.gist.cannot-convert-public-gists-to-secret %}
+Gists can be {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %} or secret. {% if currentVersion == "github-ae@latest" %}Internal{% else %}Public{% endif %} gists show up in {% data variables.gists.discover_url %}, where {% if currentVersion == "github-ae@latest" %}enterprise members{% else %}people{% endif %} can browse new gists as they're created. They're also searchable, so you can use them if you'd like other people to find and see your work.
 
-Secret gists don't show up in {% data variables.gists.discover_url %} and are not searchable. {% data reusables.gist.cannot-convert-public-gists-to-secret %} Secret gists aren't private. If you send the URL of a secret gist to a friend, they'll be able to see it. However, if someone you don't know discovers the URL, they'll also be able to see your gist. If you need to keep your code away from prying eyes, you may want to [create a private repository](/articles/creating-a-new-repository) instead.
+Secret gists don't show up in {% data variables.gists.discover_url %} and are not searchable. Secret gists aren't private. If you send the URL of a secret gist to {% if currentVersion == "github-ae@latest" %}another enterprise member{% else %}a friend {% endif %}, they'll be able to see it. However, if {% if currentVersion == "github-ae@latest" %}any other enterpise member{% else %}someone you don't know{% endif %} discovers the URL, they'll also be able to see your gist. If you need to keep your code away from prying eyes, you may want to [create a private repository](/articles/creating-a-new-repository) instead.
+
+{% data reusables.gist.cannot-convert-public-gists-to-secret %}
 
 {% if enterpriseServerVersions contains currentVersion %}
 
@@ -39,7 +41,7 @@ You can pin gists to your profile so other people can see them easily. For more
 
 {% endif %}
 
-You can discover gists others have created by going to the {% data variables.gists.gist_homepage %} and clicking **All Gists**. This will take you to a page of all gists sorted and displayed by time of creation or update. You can also search gists by language with {% data variables.gists.gist_search_url %}. Gist search uses the same search syntax as [code search](/articles/searching-code).
+You can discover {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %} gists others have created by going to the {% data variables.gists.gist_homepage %} and clicking **All Gists**. This will take you to a page of all gists sorted and displayed by time of creation or update. You can also search gists by language with {% data variables.gists.gist_search_url %}. Gist search uses the same search syntax as [code search](/articles/searching-code).
 
 Since gists are Git repositories, you can view their full commit history, complete with diffs. You can also fork or clone gists. For more information, see ["Forking and cloning gists"](/articles/forking-and-cloning-gists).
 
@@ -71,13 +73,8 @@ You can also create a gist using the {% data variables.product.prodname_cli %}.
 4. Type the text of your gist into the gist text box.
 ![Gist text box](/assets/images/help/gist/gist_text_box.png)
 
-5. Do one of the following:
-    - To create a public gist, click **Create public gist**.
-    - To create a secret gist, click **Create secret Gist**.
-  ![Gist create button](/assets/images/help/gist/gist_create_btn.png)
+5. Optionally, to create {% if currentVersion == "github-ae@latest" %}an internal{% else %}a public{% endif %} gist, click {% octicon "triangle-down" aria-label="The downwards triangle icon" %}, then click **Create {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %} gist**. 
+![Drop-down menu to select gist visibility]{% if currentVersion == "github-ae@latest" %}(/assets/images/help/gist/gist-visibility-drop-down-ae.png){% else %}(/assets/images/help/gist/gist-visibility-drop-down.png){% endif %}
 
-  {% note %}
-
-  **Note:** {% data reusables.gist.cannot-convert-public-gists-to-secret %}
-
-  {% endnote %}
+6. Click **Create secret Gist** or **Create {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %} gist**. 
+  ![Button to create gist](/assets/images/help/gist/create-secret-gist-button.png)

content/github/writing-on-github/forking-and-cloning-gists.md

@@ -11,7 +11,7 @@ versions:
 
 ### Forking gists
 
-Each gist indicates which forks have activity, making it easy to find interesting changes from coworkers or complete strangers.
+Each gist indicates which forks have activity, making it easy to find interesting changes from others.
 
 ![Gist forks](/assets/images/help/gist/gist_forks.png)