From a5a352254ff8a10d1eed5aae1c123597eefec2e3 Mon Sep 17 00:00:00 2001
From: Joe Clark <31087804+jc-clark@users.noreply.github.com>
Date: Fri, 18 Oct 2024 11:39:16 -0700
Subject: [PATCH 1/6] Update release-phases variables with new terminology
 (#52466)

Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
---
 .../about-billing-for-your-enterprise.md      |  2 +-
 ...ing-your-configuration-of-default-setup.md |  4 +-
 ...analyzing-your-code-with-codeql-queries.md |  2 +-
 .../customizing-analysis-with-codeql-packs.md |  2 +-
 .../style-guide.md                            | 61 +++++++++++++++++++
 .../github-copilot-features.md                |  2 +-
 .../using-copilot-text-completion.md          |  2 +-
 .../filtering-projects.md                     |  2 +-
 .../searching-discussions.md                  |  2 +-
 .../section-choosing-the-runner-for-a-job.md  |  2 +-
 .../reusables/actions/larger-runners-table.md |  4 +-
 .../actions/supported-github-runners.md       |  4 +-
 .../copilot/about-copilot-chat-in-mobile.md   |  2 +-
 .../rai/copilot/copilot-chat-dotcom-beta.md   |  2 +-
 .../copilot-chat-ide-leveraging-web-search.md |  4 +-
 .../generic-secret-detection-ai.md            |  4 +-
 data/ui.yml                                   |  2 +-
 data/variables/release-phases.yml             | 16 ++---
 src/fixtures/fixtures/data/ui.yml             |  2 +-
 19 files changed, 91 insertions(+), 30 deletions(-)

diff --git a/content/billing/using-the-billing-platform/about-billing-for-your-enterprise.md b/content/billing/using-the-billing-platform/about-billing-for-your-enterprise.md
index 822478ed006c..86e664a48315 100644
--- a/content/billing/using-the-billing-platform/about-billing-for-your-enterprise.md
+++ b/content/billing/using-the-billing-platform/about-billing-for-your-enterprise.md
@@ -59,7 +59,7 @@ Administrators for your enterprise account on {% data variables.product.prodname
 
 ## How do I know which billing platform I'm using?
 
-You have access to the new billing platform if you have an enterprise account, or if you are part of an organization owned by an enterprise account, created after June 2, 2024. Enterprises that participated in the beta program also have access to the new billing platform. See "[AUTOTITLE](/billing/using-the-new-billing-platform/about-the-new-billing-platform-for-enterprises)."
+You have access to the new billing platform if you have an enterprise account, or if you are part of an organization owned by an enterprise account, created after June 2, 2024. Enterprises that participated in the {% data variables.release-phases.private_preview %} also have access to the new billing platform. See "[AUTOTITLE](/billing/using-the-new-billing-platform/about-the-new-billing-platform-for-enterprises)."
 
 {% data reusables.billing.new-billing-platform-permissions %}
 
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md
index bd4687e60b07..d412a8ede0bc 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md
@@ -18,7 +18,7 @@ topics:
 After running an initial analysis of your code with default setup, you may need to make changes to your configuration to better meet your code security needs. For existing configurations of default setup, you can edit:
 * Which languages default setup will analyze.
 * The query suite run during analysis. For more information on the available query suites, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)."{% ifversion codeql-threat-models %}
-* The threat models (beta) to use for analysis. Your choice of threat model determines which sources of tainted data are treated as a risk to your application. During the {% data variables.release-phases.public_preview %}, threat models are supported only for analysis of {% data variables.code-scanning.code_scanning_threat_model_support %}. For more information about threat models, see "[Including local sources of tainted data in default setup](#including-local-sources-of-tainted-data-in-default-setup)."
+* The threat models ({% data variables.release-phases.public_preview %}) to use for analysis. Your choice of threat model determines which sources of tainted data are treated as a risk to your application. During the {% data variables.release-phases.public_preview %}, threat models are supported only for analysis of {% data variables.code-scanning.code_scanning_threat_model_support %}. For more information about threat models, see "[Including local sources of tainted data in default setup](#including-local-sources-of-tainted-data-in-default-setup)."
 {% endif %}
 
 {% ifversion codeql-model-packs %}
@@ -38,7 +38,7 @@ If you need to change any other aspects of your {% data variables.product.prodna
 1. In the "{% data variables.product.prodname_codeql %} default configuration" window, click {% octicon "pencil" aria-hidden="true" %} **Edit**.
 1. Optionally, in the "Languages" section, select or deselect languages for analysis.
 1. Optionally, in the "Query suite" row of the "Scan settings" section, select a different query suite to run against your code.{% ifversion codeql-threat-models %}
-1. (Beta) Optionally, in the "Threat model" row of the "Scan settings" section, select **Remote and local sources**.
+1. ({% data variables.release-phases.public_preview_caps %}) Optionally, in the "Threat model" row of the "Scan settings" section, select **Remote and local sources**.
 {% endif %}
 1. To update your configuration, as well as run an initial analysis of your code with the new configuration, click **Save changes**. All future analyses will use your new configuration.
 
diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md
index ca20d5dd6f9c..2a59ef1fa5b3 100644
--- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md
+++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md
@@ -74,7 +74,7 @@ You must specify `<database>`, `--format`, and `--output`. You can specify addit
 | <code><span style="white-space: nowrap;">--download</span></code> | {% octicon "x" aria-label="Optional" %}  | Use if some of your {% data variables.product.prodname_codeql %} query packs are not yet on disk and need to be downloaded before running queries. |
 | <code><span style="white-space: nowrap;">--threads</span></code> | {% octicon "x" aria-label="Optional" %}  | Use if you want to use more than one thread to run queries. The default value is `1`. You can specify more threads to speed up query execution. To set the number of threads to the number of logical processors, specify `0`. |
 | <code><span style="white-space: nowrap;">--verbose</span></code> | {% octicon "x" aria-label="Optional" %}  | Use to get more detailed information about the analysis process and diagnostic data from the database creation process. |
-| <code><span style="white-space: nowrap;">--threat-model</span></code> | {% octicon "x" aria-label="Optional" %}  | (Beta) Use to add threat models to configure additional sources in your {% data variables.product.prodname_codeql %} analysis. During the {% data variables.release-phases.public_preview %}, threat models are supported only by Java analysis. For more information, see "[AUTOTITLE](/code-security/codeql-cli/codeql-cli-manual/database-analyze#--threat-modelname)." |
+| <code><span style="white-space: nowrap;">--threat-model</span></code> | {% octicon "x" aria-label="Optional" %}  | ({% data variables.release-phases.public_preview_caps %}) Use to add threat models to configure additional sources in your {% data variables.product.prodname_codeql %} analysis. During the {% data variables.release-phases.public_preview %}, threat models are supported only by Java analysis. For more information, see "[AUTOTITLE](/code-security/codeql-cli/codeql-cli-manual/database-analyze#--threat-modelname)." |
 
 {% note %}
 
diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md
index 4302e1e6ec9b..e04a64042e28 100644
--- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md
+++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md
@@ -49,7 +49,7 @@ You can publish {% data variables.product.prodname_codeql %} packs that you have
 
 ## Downloading and using {% data variables.product.prodname_codeql %} query packs
 
-The {% data variables.product.prodname_codeql_cli %} bundle includes queries that are maintained by {% data variables.product.company_short %} experts, security researchers, and community contributors. If you want to run queries developed by other organizations, {% data variables.product.prodname_codeql %} query packs provide an efficient and reliable way to download and run queries{% ifversion codeql-model-packs %}, while model packs (beta) can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default{% endif %}. For more information about query packs, see "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql-queries)." {% ifversion codeql-model-packs %} For information about writing your own model packs, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-model-pack)."{% endif %}
+The {% data variables.product.prodname_codeql_cli %} bundle includes queries that are maintained by {% data variables.product.company_short %} experts, security researchers, and community contributors. If you want to run queries developed by other organizations, {% data variables.product.prodname_codeql %} query packs provide an efficient and reliable way to download and run queries{% ifversion codeql-model-packs %}, while model packs ({% data variables.release-phases.public_preview %}) can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default{% endif %}. For more information about query packs, see "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql-queries)." {% ifversion codeql-model-packs %} For information about writing your own model packs, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-model-pack)."{% endif %}
 
 Before you can use a {% data variables.product.prodname_codeql %} query pack to analyze a database, you must download any packages you require from the {% data variables.product.company_short %} {% data variables.product.prodname_container_registry %}. This can be done either by using the `--download` flag as part of the `codeql database analyze` command, or running `codeql pack download`. If a package is not publicly available, you will need to use a {% data variables.product.prodname_github_app %} or {% data variables.product.pat_generic %} to authenticate. For more information and an example, see "[AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github#uploading-results-to-github)."
 
diff --git a/content/contributing/style-guide-and-content-model/style-guide.md b/content/contributing/style-guide-and-content-model/style-guide.md
index 1defdb6ef65b..f6677ef84680 100644
--- a/content/contributing/style-guide-and-content-model/style-guide.md
+++ b/content/contributing/style-guide-and-content-model/style-guide.md
@@ -923,7 +923,12 @@ Each release note in a set describes one of the following changes.
 * [Bug fixes](#bug-fixes): fixes to flaws or unexpected behavior
 * [Changes](#changes): notable changes to past behavior
 * [Known issues](#known-issues): issues that {% data variables.product.company_short %} has identified, but cannot or has not yet prioritized
+{%- ifversion ghes < 3.16 %}
 * [Deprecations](#deprecations): removal of a feature or behavior
+{%- else %}
+* [Closing down](#closing-down): the process of being retired and should no longer be relied upon for future work
+* [Retired](#retired): end of a product or feature lifecycle
+{%- endif %}
 * [Errata](#errata): correction to inaccurate release note or documentation
 
 You can also review guidelines for updating release notes in "[Adding or updating a release note](#adding-or-updating-a-release-note)" and "[Removing a release note](#removing-a-release-note)."
@@ -1066,6 +1071,8 @@ A release note for a known issue answers the following questions.
 
 * > After an administrator begins a configuration run, a `No such object error` may occur during the validation phase for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
 
+{% ifversion ghes < 3.16 %}
+
 ### Deprecations
 
 A deprecation release note summarizes a behavior or feature that {% data variables.product.company_short %} has removed or plans to remove. Generally, notes for deprecations are only part of feature releases.
@@ -1092,6 +1099,60 @@ A release note for a deprecation answers the following questions.
 
 * > Commit comments, which are comments that users add directly to a commit outside of a pull request, no longer appear in the pull request timeline. Users could not reply to or resolve these comments. The Timeline events REST API and the GraphQL API's `PullRequest` object also no longer return commit comments.
 
+{% else %}
+
+### Closing down
+
+A release note for a feature that is closing down summarizes a behavior or feature that {% data variables.product.github %} plans to remove. These features are still available for production use and come with the associated support SLAs and technical support obligations. However, they are in the process of being retired and should no longer be relied upon for future work. Closing down is a transitional stage where users are advised to stop using the feature and prepare for its retirement.
+
+#### Writing release notes features that are closing down
+
+A release note for a feature that is closing down answers the following questions.
+
+1. Does this existing functionality apply to me, with my role or access?
+1. What is the functionality that's closing down?
+1. If applicable, what replaces the closing down functionality?
+1. If applicable, where can I read more?
+
+> _AUDIENCE_ (**1**) _DESCRIPTION OF CLOSING DOWN FUNCTIONALITY_ (**2**) _REPLACEMENT FUNCTIONALITY_ (**3**) For more information, see "[_ARTICLE TITLE_](/)" (**4**).
+
+* Notes are in the present tense, or the future tense for upcoming changes. If applicable, specify the upcoming release when the retirement will occur.
+* To reduce repetition and unnecessary words, "now" is usually implied.
+* To clarify actors and impact, avoid passive language when possible.
+* Categorize each feature in a section, under a feature heading.
+
+#### Examples of release notes for features that are closing down
+
+* > **Closing down**: In {% data variables.product.prodname_ghe_server %} 3.8 and later, to ensure instance security, unsecure algorithms will be disabled for SSH connections to the administrative shell.
+
+* > Commit comments, which are comments that users add directly to a commit outside of a pull request, no longer appear in the pull request timeline. Users could not reply to or resolve these comments. The Timeline events REST API and the GraphQL API's `PullRequest` object also no longer return commit comments.
+
+### Retired
+
+Retired products or features are no longer available for new customers, marketed, supported, or documented. At this stage, the product is effectively discontinued, and no new development or fixes will be provided. The only support for retired products may come from existing commitments, such as those required for previously released versions of {% data variables.product.prodname_ghe_server %}. Retiring marks the official end of a product or feature's lifecycle, with no further updates, bug fixes, or user support, signaling a complete transition to newer tools or services.
+
+#### Writing release notes for retired features
+
+A release note for a retired feature answers the following questions.
+
+1. Does this functionality apply to me, with my role or access?
+1. What is the functionality that's retired?
+1. If applicable, what replaces the retired functionality?
+1. If applicable, where can I read more?
+
+> _AUDIENCE_ (**1**) _DESCRIPTION OF RETIRED FUNCTIONALITY_ (**2**) _REPLACEMENT FUNCTIONALITY_ (**3**) For more information, see "[_ARTICLE TITLE_](/)" (**4**).
+
+* Notes are in the present tense.
+* To reduce repetition and unnecessary words, "now" is usually implied.
+* To clarify actors and impact, avoid passive language when possible.
+* Categorize each feature in a section, under a feature heading.
+
+#### Examples of release notes for retired features
+
+* > **Retired**: {% data variables.product.github %} no longer supports required workflows for {% data variables.product.prodname_actions %} in {% data variables.product.prodname_ghe_server %} 3.11 and later. Use repository rulesets instead. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets#require-workflows-to-pass-before-merging)."
+
+{% endif %}
+
 ### Errata
 
 Errata corrects inaccurate information previously published in the release notes or documentation for a release.
diff --git a/content/copilot/about-github-copilot/github-copilot-features.md b/content/copilot/about-github-copilot/github-copilot-features.md
index dc185efb733b..92df92fc00b5 100644
--- a/content/copilot/about-github-copilot/github-copilot-features.md
+++ b/content/copilot/about-github-copilot/github-copilot-features.md
@@ -30,7 +30,7 @@ A chat-like interface in the terminal, where you can ask questions about the com
 
 AI-generated summaries of the changes that were made in a pull request, which files they impact, and what a reviewer should focus on when they conduct their review.
 
-### {% data variables.product.prodname_copilot_autocomplete_pr %} (beta)
+### {% data variables.product.prodname_copilot_autocomplete_pr %} ({% data variables.release-phases.public_preview %})
 
 AI-generated text completion to help you write pull request descriptions quickly and accurately.
 
diff --git a/content/copilot/using-github-copilot/using-copilot-text-completion.md b/content/copilot/using-github-copilot/using-copilot-text-completion.md
index f8c85a422e60..e133cfad4ae0 100644
--- a/content/copilot/using-github-copilot/using-copilot-text-completion.md
+++ b/content/copilot/using-github-copilot/using-copilot-text-completion.md
@@ -35,4 +35,4 @@ You can use {% data variables.product.prodname_copilot_autocomplete_pr %} in the
 You can disable or enable {% data variables.product.prodname_copilot_autocomplete_pr %} for your pull request descriptions. Your preference will be saved for future pull requests.
 
 1. On {% data variables.product.github %}, create a pull request.
-1. At the top of the description field, select {% octicon "copilot" aria-hidden="true" %} then hover over **Autocomplete (Beta)**, and click **Disabled** or **Enabled**.
+1. At the top of the description field, select {% octicon "copilot" aria-hidden="true" %} then hover over **Autocomplete ({% data variables.release-phases.public_preview_caps %})**, and click **Disabled** or **Enabled**.
diff --git a/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/filtering-projects.md b/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/filtering-projects.md
index edb96e107a9d..71d79e160ab8 100644
--- a/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/filtering-projects.md
+++ b/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/filtering-projects.md
@@ -39,7 +39,7 @@ You can use filters to produce views for very specific purposes. For example, yo
 | <code>label:<em>LABEL</em></code> | **label:bug** will show items with the "bug" label applied.
 | <code>field:<em>VALUE</em></code> | **status:done** will show items with the "status" field set to "done."
 | <code>reviewers:<em>USERNAME</em> | **reviewers:octocat** will show items that have been reviewed by @octocat.
-| <code>milestone:&quot;<em>MILESTONE</em>&quot; | **milestone:"Beta release"** will show items assigned to the "Beta release" milestone.
+| <code>milestone:&quot;<em>MILESTONE</em>&quot; | **milestone:"QA release"** will show items assigned to the "QA release" milestone.
 
 ## Combining filters
 
diff --git a/content/search-github/searching-on-github/searching-discussions.md b/content/search-github/searching-on-github/searching-discussions.md
index 04405af34a8f..d61a90af8264 100644
--- a/content/search-github/searching-on-github/searching-discussions.md
+++ b/content/search-github/searching-on-github/searching-discussions.md
@@ -107,7 +107,7 @@ You can use the `involves` qualifier to find discussions that involve a certain
 | Qualifier | Example |
 | :- | :- |
 | <code>involves:<em>USERNAME</em></code> | **[involves:becca involves:octocat](https://github.com/search?q=involves%3Abecca+involves%3Aoctocat&type=Discussions)** matches discussions either @becca or @octocat are involved in.
-| `in:body` <code>involves:<em>USERNAME</em></code> | [**NOT {% data variables.release-phases.public_preview %} in:body involves:becca**](https://github.com/search?q=NOT+beta+in%3Abody+involves%3Abecca&type=Discussions) matches discussions @becca is involved in that do not contain the word "beta" in the body.
+| `in:body` <code>involves:<em>USERNAME</em></code> | [**NOT free in:body involves:becca**](https://github.com/search?q=NOT+free+in%3Abody+involves%3Abecca&type=Discussions) matches discussions @becca is involved in that do not contain the word "free" in the body.
 
 ## Search by number of comments
 
diff --git a/data/reusables/actions/jobs/section-choosing-the-runner-for-a-job.md b/data/reusables/actions/jobs/section-choosing-the-runner-for-a-job.md
index 278e9330b859..4144e65915e5 100644
--- a/data/reusables/actions/jobs/section-choosing-the-runner-for-a-job.md
+++ b/data/reusables/actions/jobs/section-choosing-the-runner-for-a-job.md
@@ -82,7 +82,7 @@ The <code>windows-latest</code> label currently uses the Windows 2022 runner ima
 </tr>
 <tr>
 <td>
-<code>macos-latest</code>, <code>macos-15</code> [Beta], <code>macos-14</code>, <code>macos-13</code>, <code>macos-12</code>
+<code>macos-latest</code>, <code>macos-15</code> [{% data variables.release-phases.public_preview_caps %}], <code>macos-14</code>, <code>macos-13</code>, <code>macos-12</code>
 </td>
 <td>
 The <code>macos-latest</code> workflow label currently uses the macOS 14 runner image.
diff --git a/data/reusables/actions/larger-runners-table.md b/data/reusables/actions/larger-runners-table.md
index 1b826ae89d70..8e941e6b4310 100644
--- a/data/reusables/actions/larger-runners-table.md
+++ b/data/reusables/actions/larger-runners-table.md
@@ -1,4 +1,4 @@
 | Runner Size | Architecture| Processor (CPU)| Memory (RAM)  | Storage (SSD) | Workflow label                                                                                                                                   |
 | ------------| ------------| -------------- | ------------- | ------------- |--------------------------------------------------------------------------------------------------------------------------------------------------|
-| Large       | Intel       | 12             | 30 GB         | 14 GB         | <code>macos-latest-large</code>, <code>macos-12-large</code>, <code>macos-13-large</code>, <code>macos-14-large</code> [latest], <code>macos-15-large</code> [Beta] |
-| XLarge      | arm64 (M1)  | 6 (+ 8 GPU hardware acceleration) | 14 GB         | 14 GB         | <code>macos-latest-xlarge</code>, <code>macos-13-xlarge</code> , <code>macos-14-xlarge</code> [latest], <code>macos-15-xlarge</code> [Beta]      |
+| Large       | Intel       | 12             | 30 GB         | 14 GB         | <code>macos-latest-large</code>, <code>macos-12-large</code>, <code>macos-13-large</code>, <code>macos-14-large</code> [latest], <code>macos-15-large</code> [{% data variables.release-phases.public_preview_caps %}] |
+| XLarge      | arm64 (M1)  | 6 (+ 8 GPU hardware acceleration) | 14 GB         | 14 GB         | <code>macos-latest-xlarge</code>, <code>macos-13-xlarge</code> , <code>macos-14-xlarge</code> [latest], <code>macos-15-xlarge</code> [{% data variables.release-phases.public_preview_caps %}]      |
diff --git a/data/reusables/actions/supported-github-runners.md b/data/reusables/actions/supported-github-runners.md
index 377229befc2c..7c4f245153e4 100644
--- a/data/reusables/actions/supported-github-runners.md
+++ b/data/reusables/actions/supported-github-runners.md
@@ -62,7 +62,7 @@ For public repositories, jobs using the workflow labels shown in the table below
       <td>
         <code><a href="https://github.com/actions/runner-images/blob/main/images/macos/macos-14-Readme.md">macos-latest</a></code>,
         <code><a href="https://github.com/actions/runner-images/blob/main/images/macos/macos-14-Readme.md">macos-14</a></code>,
-        <code><a href="https://github.com/actions/runner-images/blob/main/images/macos/macos-15-Readme.md">macos-15</a></code> [Beta]
+        <code><a href="https://github.com/actions/runner-images/blob/main/images/macos/macos-15-Readme.md">macos-15</a></code> [{% data variables.release-phases.public_preview_caps %}]
       </td>
     </tr>
   </tbody>
@@ -133,7 +133,7 @@ For {% ifversion ghec %}internal and{% endif %} private repositories, jobs using
       <td>
         <code><a href="https://github.com/actions/runner-images/blob/main/images/macos/macos-14-Readme.md">macos-latest</a></code>,
         <code><a href="https://github.com/actions/runner-images/blob/main/images/macos/macos-14-Readme.md">macos-14</a></code>,
-        <code><a href="https://github.com/actions/runner-images/blob/main/images/macos/macos-15-Readme.md">macos-15</a></code> [Beta]
+        <code><a href="https://github.com/actions/runner-images/blob/main/images/macos/macos-15-Readme.md">macos-15</a></code> [{% data variables.release-phases.public_preview_caps %}]
       </td>
     </tr>
   </tbody>
diff --git a/data/reusables/rai/copilot/about-copilot-chat-in-mobile.md b/data/reusables/rai/copilot/about-copilot-chat-in-mobile.md
index d1d7a8eaf2bf..8e8f099b9870 100644
--- a/data/reusables/rai/copilot/about-copilot-chat-in-mobile.md
+++ b/data/reusables/rai/copilot/about-copilot-chat-in-mobile.md
@@ -21,7 +21,7 @@ The response generated by {% data variables.product.prodname_copilot_chat_short
 The options available to you in {% data variables.product.prodname_copilot_mobile_short %} vary depending on the {% data variables.product.prodname_copilot %} plan you are using.
 
 * Only people with a {% data variables.product.prodname_copilot_enterprise %} subscription can access and have conversations using the data from private indexed repositories.
-* If you have a {% data variables.product.prodname_copilot_enterprise %} subscription and you have enabled Bing search integration (beta), {% data variables.product.prodname_copilot_mobile_short %} may respond using information based on the results of a Bing search. For information on how to enable or disable Bing search integration, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
+* If you have a {% data variables.product.prodname_copilot_enterprise %} subscription and you have enabled Bing search integration ({% data variables.release-phases.public_preview %}), {% data variables.product.prodname_copilot_mobile_short %} may respond using information based on the results of a Bing search. For information on how to enable or disable Bing search integration, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
 * In addition to general coding conversations or conversations about a single file, people with a  {% data variables.product.prodname_copilot_individuals_short %} subscription have the ability to discuss top popular public repositories using embeddings.
 
 If you do not have a {% data variables.product.prodname_copilot %} subscription, you can purchase a {% data variables.product.prodname_copilot_individuals_short %} subscription directly in the iOS version of {% data variables.product.prodname_mobile %}, or in the Google Play Store for the Android version of {% data variables.product.prodname_mobile %}.
diff --git a/data/reusables/rai/copilot/copilot-chat-dotcom-beta.md b/data/reusables/rai/copilot/copilot-chat-dotcom-beta.md
index e7aae83db02e..3d11b9ce0804 100644
--- a/data/reusables/rai/copilot/copilot-chat-dotcom-beta.md
+++ b/data/reusables/rai/copilot/copilot-chat-dotcom-beta.md
@@ -1 +1 @@
-{% data variables.product.prodname_copilot_chat %} is currently in beta for users with a {% data variables.product.prodname_copilot_individuals_short %} or {% data variables.product.prodname_copilot_business_short %} subscription.
+{% data variables.product.prodname_copilot_chat %} is currently in {% data variables.release-phases.public_preview %} for users with a {% data variables.product.prodname_copilot_individuals_short %} or {% data variables.product.prodname_copilot_business_short %} subscription.
diff --git a/data/reusables/rai/copilot/copilot-chat-ide-leveraging-web-search.md b/data/reusables/rai/copilot/copilot-chat-ide-leveraging-web-search.md
index b493506aa134..4289c1c7e9d1 100644
--- a/data/reusables/rai/copilot/copilot-chat-ide-leveraging-web-search.md
+++ b/data/reusables/rai/copilot/copilot-chat-ide-leveraging-web-search.md
@@ -1,8 +1,8 @@
 ### Leveraging a web search to answer a question
 
 > [!NOTE]
-> * Bing search integration in {% data variables.product.prodname_copilot_chat_short %} is currently in beta and is subject to change.
-> * The `@github` chat participant in {% data variables.product.prodname_vscode_shortname %} and {% data variables.product.prodname_vs %} is currently in preview and is subject to change. For more information, see "[Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms)."
+> * Bing search integration in {% data variables.product.prodname_copilot_chat_short %} is currently in {% data variables.release-phases.public_preview %} and is subject to change.
+> * The `@github` chat participant in {% data variables.product.prodname_vscode_shortname %} and {% data variables.product.prodname_vs %} is currently in {% data variables.release-phases.public_preview %} and is subject to change. For more information, see "[Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms)."
 
 When you use the `@github` chat participant, {% data variables.product.prodname_copilot_chat %} can use a Bing search to help answer your question if this has been enabled by your administrator.
 
diff --git a/data/reusables/rai/secret-scanning/generic-secret-detection-ai.md b/data/reusables/rai/secret-scanning/generic-secret-detection-ai.md
index a97d8ae97020..d6f62c34cb28 100644
--- a/data/reusables/rai/secret-scanning/generic-secret-detection-ai.md
+++ b/data/reusables/rai/secret-scanning/generic-secret-detection-ai.md
@@ -2,9 +2,9 @@
 {% note %}
 
 **Note:** {% ifversion secret-scanning-ai-generic-secret-detection %}
-Generic secret detection for {% data variables.product.prodname_secret_scanning %} is in beta. Functionality and documentation are subject to change. During this phase, generic secret detection is limited to looking for passwords in source code.
+Generic secret detection for {% data variables.product.prodname_secret_scanning %} is in {% data variables.release-phases.public_preview %}. Functionality and documentation are subject to change. During this phase, generic secret detection is limited to looking for passwords in source code.
 {% elsif fpt %}
-Generic secret detection for {% data variables.product.prodname_secret_scanning %} is in beta. Functionality and documentation are subject to change. The feature is available for enterprise accounts that use {% data variables.product.prodname_GH_advanced_security %} on {% data variables.product.prodname_ghe_cloud %}.
+Generic secret detection for {% data variables.product.prodname_secret_scanning %} is in {% data variables.release-phases.public_preview %}. Functionality and documentation are subject to change. The feature is available for enterprise accounts that use {% data variables.product.prodname_GH_advanced_security %} on {% data variables.product.prodname_ghe_cloud %}.
 {% endif %}
 
 {% endnote %}
diff --git a/data/ui.yml b/data/ui.yml
index d52e803c6667..e2607bd191cb 100644
--- a/data/ui.yml
+++ b/data/ui.yml
@@ -7,7 +7,7 @@ header:
     release_candidate:
       # The version name is rendered before the below text via includes/header-notification.html
       ' is currently available as a <a href="/admin/overview/about-upgrades-to-new-releases">release candidate</a>.'
-    early_access: 📣 Please <b>do not share</b> this URL publicly. This page contains content about an early access feature.
+    early_access: 📣 Please <b>do not share</b> this URL publicly. This page contains content about a private preview feature.
     release_notes_use_latest: Please use the latest release for the latest security, performance, and bug fixes.
     # GHES release notes
     ghes_release_notes_upgrade_patch_only: 📣 This is not the <a href="#{{ latestPatch }}">latest patch release</a> of Enterprise Server.
diff --git a/data/variables/release-phases.yml b/data/variables/release-phases.yml
index 5b50818d0595..b1d0f5052fd7 100644
--- a/data/variables/release-phases.yml
+++ b/data/variables/release-phases.yml
@@ -2,25 +2,25 @@
 # For reference: https://github.com/github/docs-team/issues/4302
 
 public_preview: >-
-  {% ifversion ghes < 3.16 %}beta{% else %}beta{% endif %}
+  {% ifversion ghes < 3.16 %}beta{% else %}public preview{% endif %}
 
 public_preview_caps: >-
-  {% ifversion ghes < 3.16 %}Beta{% else %}Beta{% endif %}
+  {% ifversion ghes < 3.16 %}Beta{% else %}Public preview{% endif %}
 
 private_preview: >-
-  {% ifversion ghes < 3.16 %}private beta{% else %}private beta{% endif %}
+  {% ifversion ghes < 3.16 %}private beta{% else %}private preview{% endif %}
 
 private_preview_caps: >-
-  {% ifversion ghes < 3.16 %}Private beta{% else %}Private beta{% endif %}
+  {% ifversion ghes < 3.16 %}Private beta{% else %}Private preview{% endif %}
 
 closing_down: >-
-  {% ifversion ghes < 3.16 %}deprecated{% else %}deprecated{% endif %}
+  {% ifversion ghes < 3.16 %}deprecated{% else %}closing down{% endif %}
 
 closing_down_caps: >-
-  {% ifversion ghes < 3.16 %}Deprecated{% else %}Deprecated{% endif %}
+  {% ifversion ghes < 3.16 %}Deprecated{% else %}Closing down{% endif %}
 
 retired: >-
-  {% ifversion ghes < 3.16 %}sunset{% else %}sunset{% endif %}
+  {% ifversion ghes < 3.16 %}sunset{% else %}retired{% endif %}
 
 retired_caps: >-
-  {% ifversion ghes < 3.16 %}Sunset{% else %}Sunset{% endif %}
+  {% ifversion ghes < 3.16 %}Sunset{% else %}Retired{% endif %}
diff --git a/src/fixtures/fixtures/data/ui.yml b/src/fixtures/fixtures/data/ui.yml
index d52e803c6667..e2607bd191cb 100644
--- a/src/fixtures/fixtures/data/ui.yml
+++ b/src/fixtures/fixtures/data/ui.yml
@@ -7,7 +7,7 @@ header:
     release_candidate:
       # The version name is rendered before the below text via includes/header-notification.html
       ' is currently available as a <a href="/admin/overview/about-upgrades-to-new-releases">release candidate</a>.'
-    early_access: 📣 Please <b>do not share</b> this URL publicly. This page contains content about an early access feature.
+    early_access: 📣 Please <b>do not share</b> this URL publicly. This page contains content about a private preview feature.
     release_notes_use_latest: Please use the latest release for the latest security, performance, and bug fixes.
     # GHES release notes
     ghes_release_notes_upgrade_patch_only: 📣 This is not the <a href="#{{ latestPatch }}">latest patch release</a> of Enterprise Server.

From 313e02ea840443079c34bac0ed033440514f81c7 Mon Sep 17 00:00:00 2001
From: Sam Morrow <sammorrowdrums@github.com>
Date: Fri, 18 Oct 2024 20:40:48 +0200
Subject: [PATCH 2/6] Add new limits to Code Scanning results-exceed-limit.md
 (#52640)

Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
---
 .../results-exceed-limit.md                   | 22 +++++++++++++++++++
 data/reusables/code-scanning/sarif-limits.md  |  1 +
 2 files changed, 23 insertions(+)

diff --git a/content/code-security/code-scanning/troubleshooting-sarif-uploads/results-exceed-limit.md b/content/code-security/code-scanning/troubleshooting-sarif-uploads/results-exceed-limit.md
index 84b170f5f861..2c9fbd75490e 100644
--- a/content/code-security/code-scanning/troubleshooting-sarif-uploads/results-exceed-limit.md
+++ b/content/code-security/code-scanning/troubleshooting-sarif-uploads/results-exceed-limit.md
@@ -25,6 +25,7 @@ redirect_from:
   Analysis SARIF file exceeded alert limits
   Rule tags in SARIF file exceed limits
   Alert in SARIF upload exceeded thread flow location limits
+  Repository is at risk of exceeding the alert limit.
 
 # SARIF results exceed hard limit
   Alert(s) in SARIF file exceeded thread flow location limits
@@ -34,6 +35,7 @@ redirect_from:
   Analysis SARIF file rejected due to result limits
   Analysis SARIF file rejected due to rule limits
   Analysis SARIF file rejected due to run limits
+  All analysis uploads blocked due to alert limit
 ```
 
 {% data variables.product.prodname_code_scanning_caps %} sets two types of limits on fields in SARIF results files.
@@ -85,3 +87,23 @@ The best way to resolve this problem is usually to identify the query that repor
 ## Fixing "Analysis SARIF file rejected due to rule tag limits"
 
 You need to update the SARIF file or the generator so that the array of tags reported for each `reportingDescriptor` object is fewer than 10. For more information, see `properties.tags[]` in "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#reportingdescriptor-object)."
+
+## Fixing "Repository is at risk of exceeding the alert limit" & "All analysis uploads blocked due to alert limit"
+
+This limit is triggered by a repository producing more unique alerts than should ever exist as part of a well functioning {% data variables.product.prodname_code_scanning %} configuration.
+It is possible that this is due to the output of a third-party tool being used, and may not be a user configuration error.
+Both user configuration error and tool vendor error are possible causes.
+
+There are a few steps to fix this problem.
+
+1. Look at the SARIF files you are producing to identify the cause of {% data variables.product.prodname_code_scanning %} alerts being classed as distinct across runs of a tool. Usually this is due to one of the following:
+    * The SARIF `artifactLocation.uri` property (filepath in the {% data variables.product.prodname_code_scanning %} alert user interface) is not deterministic due to the inclusion of temporary directories or generated file names.
+    * The tool used produces unstable SARIF rule names or `artifactLocation object uri property` values, which is usually the result of using hashes (from git commits or docker image SHAs, for example) or other sources of data that change across runs or environments.
+1. Once you have identified the source of the issue, you should update your configuration accordingly, and contact the tool vendor if their tool is the source of the unstable SARIF results.
+1. Stop uploading code scanning results for any third-party tools that produce non-deterministic output until they have been fixed by the tool vendor.
+
+### Additional steps for "All analysis uploads blocked due to alert limit"
+
+On top of fixing the code scanning configuration and removing or fixing the output of third-party tools, you will need to contact {% data variables.contact.contact_support %} to assist you in deleting the alerts for any offending configurations.
+
+**There is no self-service method for deleting alerts at this time, so contacting customer support is neccessary before code-scanning can be re-enabled.**
diff --git a/data/reusables/code-scanning/sarif-limits.md b/data/reusables/code-scanning/sarif-limits.md
index a51a41e22ba5..db9d9804bcdf 100644
--- a/data/reusables/code-scanning/sarif-limits.md
+++ b/data/reusables/code-scanning/sarif-limits.md
@@ -9,5 +9,6 @@
 | Thread Flow Locations per result | 10,000 | Only the top 1,000 Thread Flow Locations will be included, using prioritization. |
 | Location per result |  1,000 | Only 100 locations will be included. |
 | Tags per rule |  20 | Only 10 tags will be included. |
+| Alert Limit | 1,000,000 | None |
 
 {% endrowheaders %}

From 91c155992df02c72e2a6c1aee828cf0d39a51eb7 Mon Sep 17 00:00:00 2001
From: hubwriter <hubwriter@github.com>
Date: Fri, 18 Oct 2024 19:40:59 +0100
Subject: [PATCH 3/6] Fix out of date Copilot features comparison table
 (#52773)

Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
---
 data/reusables/copilot/differences-cfi-cfb-table.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/reusables/copilot/differences-cfi-cfb-table.md b/data/reusables/copilot/differences-cfi-cfb-table.md
index 00ae14468893..5589e144ad33 100644
--- a/data/reusables/copilot/differences-cfi-cfb-table.md
+++ b/data/reusables/copilot/differences-cfi-cfb-table.md
@@ -10,11 +10,11 @@
 | {% data variables.product.prodname_copilot_cli_short %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | Block suggestions matching public code     | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | {% data variables.product.prodname_copilot_for_prs %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| {% data variables.product.prodname_copilot_chat_short %} skills in IDEs[^3] | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | Exclude specified files from {% data variables.product.prodname_copilot_short %} | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | Organization-wide policy management         | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | Audit logs                                  | {% octicon "x" aria-label="Not included" %} |{% octicon "check" aria-label="Included" %}  | {% octicon "check" aria-label="Included" %} |
-| Increased {% data variables.product.prodname_github_models %} rate limits[^3] | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| {% data variables.product.prodname_copilot_chat_short %} skills in IDEs[^4] | {% octicon "x" aria-label="Not included" %} | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
+| Increased {% data variables.product.prodname_github_models %} rate limits[^4] | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | {% data variables.product.prodname_copilot_short %} knowledge bases | {% octicon "x" aria-label="Not included" %} | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
 | Fine tuning a custom large language model[^5] | {% octicon "x" aria-label="Not included" %} | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
 
@@ -22,6 +22,6 @@
 
 [^1]: Code completion in IDEs is available in {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, JetBrains IDEs, Azure Data Studio, and Vim/Neovim.
 [^2]: {% data variables.product.prodname_copilot_chat_short %} in IDEs is available in {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, and JetBrains IDEs.
-[^3]: For details about the increased rate limits, see "[AUTOTITLE](/github-models/prototyping-with-ai-models)."
-[^4]: {% data variables.product.prodname_copilot_chat_short %} skills in IDEs is available in {% data variables.product.prodname_vscode %} and {% data variables.product.prodname_vs %}.
+[^3]: {% data variables.product.prodname_copilot_chat_short %} skills in IDEs is available in {% data variables.product.prodname_vscode %} and {% data variables.product.prodname_vs %}.
+[^4]: For details about the increased rate limits, see "[AUTOTITLE](/github-models/prototyping-with-ai-models)."
 [^5]: For details about fine tuning the model, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/creating-a-custom-model-for-github-copilot)."

From c70e7169addb3b787bcafd48dc16ae39b5170935 Mon Sep 17 00:00:00 2001
From: Sunbrye Ly <56200261+sunbrye@users.noreply.github.com>
Date: Fri, 18 Oct 2024 12:57:06 -0700
Subject: [PATCH 4/6] PATs (Classic) and fine-grained PATs lifetime
 requirements policy (#52063)

---
 ...rsonal-access-tokens-in-your-enterprise.md | 81 +++++++++++--------
 .../accessing-the-monitor-dashboard.md        |  2 +-
 .../managing-your-personal-access-tokens.md   |  7 +-
 ...for-a-migration-between-github-products.md |  2 +-
 ...cess-token-policy-for-your-organization.md | 62 +++++++-------
 .../best-practices-for-pull-requests.md       |  6 +-
 ...-against-modern-slavery-and-child-labor.md | 18 ++---
 data/features/pats-maximum-lifetime.yml       |  6 ++
 .../github-pat-required-scopes.md             |  2 +-
 data/variables/product.yml                    |  4 +
 10 files changed, 108 insertions(+), 82 deletions(-)
 create mode 100644 data/features/pats-maximum-lifetime.yml

diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise.md
index dda4e4fc4e67..e1787bb217b2 100644
--- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise.md
@@ -1,6 +1,6 @@
 ---
 title: Enforcing policies for personal access tokens in your enterprise
-intro: 'Enterprise owners can control whether to allow {% data variables.product.pat_v2 %}s and {% data variables.product.pat_v1_plural %}, and can require approval for {% data variables.product.pat_v2 %}s.'
+intro: 'Enterprise owners can control access to resources by applying policies to {% data variables.product.pat_generic_plural %}'
 versions:
   feature: pat-v2-enterprise
 shortTitle: '{% data variables.product.pat_generic_caps %} policies'
@@ -8,58 +8,69 @@ redirect_from:
   - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise
 ---
 
-{% note %}
+> [!NOTE]
+> {% data reusables.user-settings.pat-v2-beta %}  
+>
+> During the {% data variables.release-phases.public_preview %}, enterprises must opt in to {% data variables.product.pat_v2_plural %}. If your enterprise has not already opted-in, then you will be prompted to opt-in and set policies when you follow the steps below.  
+>
+> Organizations within an enterprise can opt in to {% data variables.product.pat_v2_plural %}, even if the enterprise has not. All users, including {% data variables.product.prodname_emus %}, can create {% data variables.product.pat_v2_plural %} that can access resources owned by the user (such as repositories created under their account) regardless of the enterprise's opt in status.
 
-**Note**: {% data reusables.user-settings.pat-v2-beta %}
+## Restricting access by {% data variables.product.pat_generic_plural %}
 
-During the {% data variables.release-phases.public_preview %}, enterprises must opt in to {% data variables.product.pat_v2 %}s. If your enterprise has not already opted-in, then you will be prompted to opt-in and set policies when you follow the steps below.
+Enterprise owners can prevent their members from using {% data variables.product.pat_generic_plural %} to access resources owned by the enterprise. You can configure these restrictions for {% data variables.product.pat_v1_plural %} and {% data variables.product.pat_v2_plural %} independently with the following options:
+* **Allow organizations to configure access requirements**: Each organization owned by the enterprise can decide whether to restrict or permit access by {% data variables.product.pat_generic_plural %}.
+* **Restrict access via {% data variables.product.pat_generic_plural %}**: {% data variables.product.pat_generic_caps_plural %} cannot access organizations owned by the enterprise. SSH keys created by these {% data variables.product.pat_generic_plural %} will continue to work. Organizations cannot override this setting.
+* **Allow access via {% data variables.product.pat_generic_plural %}**: {% data variables.product.pat_generic_caps_plural %} can access organizations owned by the enterprise. Organizations cannot override this setting.
 
-Even if an enterprise has not opted in to {% data variables.product.pat_v2 %}s, organizations owned by the enterprise can still opt in. All users, including {% data variables.product.prodname_emus %}, can create {% data variables.product.pat_v2 %}s that can access resources owned by the user (such as repositories created under their account) even if the enterprise has not opted in to {% data variables.product.pat_v2 %}s.
-
-{% endnote %}
-
-## Restricting access by {% data variables.product.pat_v2 %}s
-
-Enterprise owners can prevent {% data variables.product.pat_v2 %}s from accessing private and internal resources owned by the enterprise. {% data variables.product.pat_v2_caps %}s will still be able to access public resources within the organizations. This setting only controls access by {% data variables.product.pat_v2 %}s, not {% data variables.product.pat_v1_plural %}. For more information about restricting access by {% data variables.product.pat_v1_plural %}, see "[Restricting access by {% data variables.product.pat_v1_plural %}](#restricting-access-by-personal-access-tokens-classic)" on this page.
+Regardless of the chosen policy, {% data variables.product.pat_generic_caps_plural %} will have access to public resources within the organizations managed by your enterprise.
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
-1. Under {% octicon "law" aria-hidden="true" %} **Policies**, click **{% data variables.product.pat_generic_caps_plural %}**.
-1. Under **Restrict access via {% data variables.product.pat_v2 %}s**, select the option that meets your needs:
-   * **Allow organizations to configure access requirements**: Each organization owned by the enterprise can decide whether to restrict access by {% data variables.product.pat_v2 %}s.
-   * **Restrict access via {% data variables.product.pat_v2 %}s**: {% data variables.product.pat_v2_caps %}s cannot access organizations owned by the enterprise. SSH keys created by {% data variables.product.pat_v2 %}s will continue to work. Organizations cannot override this setting.
-   * **Allow access via {% data variables.product.pat_v2 %}s**: {% data variables.product.pat_v2_caps %}s can access organizations owned by the enterprise. Organizations cannot override this setting.
+1. Under {% octicon "law" aria-hidden="true" %} **Policies**, click **{% data variables.product.pat_generic_caps_plural %}**. {% ifversion tabbed-pat-settings-ui %}
+1. Select either the **Fine-grained tokens** or **Tokens (classic)** tab to enforce this policy based on the token type. {% endif %}
+1. Under **{% data variables.product.pat_v2_caps_plural %}** or **Restrict {% data variables.product.pat_v1_plural %} from accessing your organizations**, select your access policy.
 1. Click **Save**.
 
-## Enforcing an approval policy for {% data variables.product.pat_v2 %}s
+{% ifversion pats-maximum-lifetime %}
+
+## Enforcing a maximum lifetime policy for {% data variables.product.pat_generic_plural %}
+
+Enterprise owners can set and remove maximum lifetime allowances for both {% data variables.product.pat_v2_plural %} and {% data variables.product.pat_v1_plural %} to help protect enterprise resources. Organization owners within the enterprise can further restrict the lifetime policies for their organizations. See "[Enforcing a maximum lifetime policy for {% data variables.product.pat_generic_plural %}](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization#enforcing-a-maximum-lifetime-policy-for-personal-access-tokens)".
 
-Enterprise owners can require that all organizations owned by the enterprise must approve each {% data variables.product.pat_v2 %} that can access the organization. {% data variables.product.pat_v2_caps %}s will still be able to read public resources within the organization without approval. Conversely, enterprise owners can allow {% data variables.product.pat_v2 %}s to access organizations in the enterprise without prior approval. Enterprise owners can also let each organization in the enterprise choose their own approval settings.
+For {% data variables.product.pat_v2_plural %}, the default the maximum lifetime policy for organizations and enterprises is set to expire within 366 days. {% data variables.product.pat_v1_caps_plural %} do not have an expiration requirement.
 
-{% note %}
+### Policy enforcement details
 
-**Note**: Only {% data variables.product.pat_v2 %}s, not {% data variables.product.pat_v1_plural %}, are subject to approval. Unless the organization or enterprise has restricted access by {% data variables.product.pat_v1_plural %}, any {% data variables.product.pat_v1 %} can access organization resources without prior approval. For more information about restricting {% data variables.product.pat_v1_plural %}, see "[Restricting access by {% data variables.product.pat_v1_plural %}](#restricting-access-by-personal-access-tokens-classic)" on this page and "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization)."
+For {% ifversion ghes %}GHES {% else %}{% data variables.product.prodname_emus %}{% endif %}, the enterprise-level policies apply to user namespaces as well because the enterprise owns the user accounts.
 
-{% endnote %}
+The policies around maximum lifetimes are enforced slightly differently for {% data variables.product.pat_v2_plural %} and {% data variables.product.pat_v1_plural %}. For {% data variables.product.pat_classic_plural %}, enforcement occurs when the token is used and when SSO credential authorization is attempted, and errors will prompt users to adjust the lifetime. For {% data variables.product.pat_v2_plural %}, the target organization is known at the time of token creation. In both cases, users will be prompted to regenerate tokens with compliant lifetimes if the current one exceeds the policy limit.
+
+When you set a policy, tokens with non-compliant lifetimes will be blocked from accessing your organization if the token belongs to a member of your organization. Setting this policy does not revoke or disable these tokens. Users will learn that their existing token is non-compliant when API calls for your organization are rejected.
+
+### Setting a maximum lifetime policy
 
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}
-1. Under {% octicon "law" aria-hidden="true" %} **Policies**, click **{% data variables.product.pat_generic_caps_plural %}**.
-1. Under **Require approval of {% data variables.product.pat_v2 %}s**, select the option that meets your needs:
-   * **Allow organizations to configure approval requirements**: Each organization owned by the enterprise can decide whether to require approval of {% data variables.product.pat_v2 %} that can access the organization.
-   * **Require organizations to use the approval flow**: All organizations owned by the enterprise must approve each {% data variables.product.pat_v2 %} that can access the organization. {% data variables.product.pat_v2_caps %}s created by organization owners will not need approval. Organizations cannot override this setting.
-   * **Disable the approval flow in all organizations**: {% data variables.product.pat_v2_caps %}s created by organization members can access organizations owned by the enterprise without prior approval. Organizations cannot override this setting.
+{% data reusables.enterprise-accounts.policies-tab %}, then click **{% octicon "key" aria-hidden="true" %} {% data variables.product.pat_generic_caps %}s**.
+1. Select either the **Fine-grained tokens** or **Tokens (classic)** tab to enforce this policy based on the token type.
+1. Under **Set maximum lifetimes for {% data variables.product.pat_generic_plural %}**, set the maximum lifetime. Tokens must be created with a lifetime less than or equal to this many days.
+1. Optionally, to exempt your enterprise administrators from this policy, check the **Exempt administrators** checkbox. You should exempt them from this policy if you use SCIM for user provisioning or have automation that has not migrated to {% data variables.product.prodname_github_app %} yet.
+   >[!WARNING] If you use {% data variables.product.prodname_emus %}, you will be asked to accept the risk of service interruption unless you exempt your enterprise administrators. This ensures you are aware of the potential risk.
 1. Click **Save**.
+{% endif %}
+
+## Enforcing an approval policy for {% data variables.product.pat_v2_plural %}
 
-## Restricting access by {% data variables.product.pat_v1_plural %}
+Enterprise owners can manage approval requirements for each {% data variables.product.pat_v2 %} with the following options:
+* **Allow organizations to configure approval requirements**: Enterprise owners can allow each organization in the enterprise to set its own approval requirements for the tokens.
+* **Require approval**: Enterprise owners can require that all organizations within the enterprise must approve each {% data variables.product.pat_v2 %} that can access the organization. These tokens can still read public resources within the organization without needing approval.
+* **Disable approval**: {% data variables.product.pat_v2_caps %}s created by organization members can access organizations owned by the enterprise without prior approval. Organizations cannot override this setting.
 
-Enterprise owners can prevent {% data variables.product.pat_v1_plural %} from accessing the enterprise and organizations owned by the enterprise. {% data variables.product.pat_v1_caps_plural %} will still be able to access public resources within the organization. This setting only controls access by {% data variables.product.pat_v1_plural %}, not {% data variables.product.pat_v2 %}s. For more information about restricting access by {% data variables.product.pat_v2 %}s, see "[Restricting access by {% data variables.product.pat_v2 %}s](#restricting-access-by-fine-grained-personal-access-tokens)" on this page.
+> [!NOTE]
+> Only {% data variables.product.pat_v2 %}s, not {% data variables.product.pat_v1_plural %}, are subject to approval. Any {% data variables.product.pat_v1 %} can access organization resources without prior approval, unless the organization or enterprise has restricted access by {% data variables.product.pat_v1_plural %} For more information about restricting {% data variables.product.pat_v1_plural %}, see "[Restricting access by {% data variables.product.pat_generic_plural %}](#restricting-access-by-personal-access-tokens)" on this page and "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization)."
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
-1. Under {% octicon "law" aria-hidden="true" %} **Policies**, click **{% data variables.product.pat_generic_caps_plural %}**.
-{% ifversion tabbed-pat-settings-ui %} 1. Select the **Tokens (classic)** tab to access the {% data variables.product.pat_v1_plural %} settings.
-{% endif %}1. Under **Restrict {% data variables.product.pat_v1_plural %} from accessing your organizations**, select the option that meets your needs:
-   * **Allow organizations to configure {% data variables.product.pat_v1_plural %} access requirements**: Each organization owned by the enterprise can decide whether to restrict access by {% data variables.product.pat_v1_plural %}.
-   * **Restrict access via {% data variables.product.pat_v1_plural %}**: {% data variables.product.pat_v1_caps_plural %} cannot access the enterprise or organizations owned by the enterprise. SSH keys created by {% data variables.product.pat_v1_plural %} will continue to work. Organizations cannot override this setting.
-   * **Allow access via {% data variables.product.pat_v1_plural %}**: {% data variables.product.pat_v1_caps_plural %} can access the enterprise and organizations owned by the enterprise. Organizations cannot override this setting.
+1. Under {% octicon "law" aria-hidden="true" %} **Policies**, click **{% data variables.product.pat_generic_caps_plural %}**. {% ifversion tabbed-pat-settings-ui %}
+1. Select the **Fine-grained tokens** tab. {% endif %}
+1. Under **Require approval of {% data variables.product.pat_v2_plural %}**, select your approval policy:
 1. Click **Save**.
diff --git a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/accessing-the-monitor-dashboard.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/accessing-the-monitor-dashboard.md
index 155e98698e7c..ea5f44c3d6bb 100644
--- a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/accessing-the-monitor-dashboard.md
+++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/accessing-the-monitor-dashboard.md
@@ -98,4 +98,4 @@ System services graphs contain data related to the major databases on {% data va
 * Cluster: Graphs related to {% data variables.product.prodname_ghe_server %} high availability or clustering.
 * Babeld: Git proxy.
 * Alive: Service powering live updates.
-* ghes-manage: Service powering GHES Manage API.
+* Ghes-manage: Service powering GHES Manage API.
diff --git a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md
index a17a2d269fb7..ae005010cb40 100644
--- a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md
+++ b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md
@@ -40,7 +40,7 @@ topics:
 
 Both {% data variables.product.pat_v2 %}s and {% data variables.product.pat_v1_plural %} are tied to the user who generated them and will become inactive if the user loses access to the resource.
 
-Organization owners can set a policy to restrict the access of {% data variables.product.pat_v1_plural %} to their organization{% ifversion ghec or ghes %}, and enterprise owners can restrict the access of {% data variables.product.pat_v1_plural %} to the enterprise or organizations owned by the enterprise{% endif %}. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization#restricting-access-by-personal-access-tokens-classic)."
+Organization owners can set a policy to restrict the access of {% data variables.product.pat_v1_plural %} to their organization{% ifversion ghec or ghes %}, and enterprise owners can restrict the access of {% data variables.product.pat_v1_plural %} to the enterprise or organizations owned by the enterprise{% endif %}. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization#restricting-access-by-personal-access-tokens)."
 
 #### {% data variables.product.pat_v2_caps %}s
 
@@ -49,7 +49,6 @@ Organization owners can set a policy to restrict the access of {% data variables
 * Each token can only access resources owned by a single user or organization.
 * Each token can only access specific repositories.
 * Each token is granted specific permissions, which offer more control than the scopes granted to {% data variables.product.pat_v1_plural %}.
-* Each token must have an expiration date.
 * Organization owners can require approval for any {% data variables.product.pat_v2 %}s that can access resources in the organization.{% ifversion ghec or ghes %}
 * Enterprise owners can require approval for any {% data variables.product.pat_v2 %}s that can access resources in organizations owned by the enterprise.{% endif %}
 
@@ -89,9 +88,9 @@ For more information about best practices, see "[AUTOTITLE](/rest/overview/keepi
 1. In the left sidebar, under **{% octicon "key" aria-hidden="true" %} {% data variables.product.pat_generic_caps %}s**, click **Fine-grained tokens**.
 1. Click **Generate new token**.
 1. Under **Token name**, enter a name for the token.
-1. Under **Expiration**, select an expiration for the token.
+1. Under **Expiration**, select an expiration for the token. Infinite lifetimes are allowed but may be blocked by a maximum lifetime policy set by your organization or enterprise owner. For more information, See "[Enforcing a maximum lifetime policy for {% data variables.product.pat_generic_plural %}](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization#enforcing-a-maximum-lifetime-policy-for-personal-access-tokens)".
 1. Optionally, under **Description**, add a note to describe the purpose of the token.
-1. Under **Resource owner**, select a resource owner. The token will only be able to access resources owned by the selected resource owner. Organizations that you are a member of will not appear unless the organization opted in to {% data variables.product.pat_v2 %}s. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization)."{% ifversion ghec %} You may be required to perform SAML single sign-on (SSO) if the selected organization requires it and you do not already have an active SAML session.{% endif %}
+1. Under **Resource owner**, select a resource owner. The token will only be able to access resources owned by the selected resource owner. Organizations that you are a member of will not appear unless the organization opted in to {% data variables.product.pat_v2 %}s. For more information, see "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization)."{% ifversion ghec %} You may be required to perform single sign-on (SSO) if the selected organization requires it and you do not already have an active session.{% endif %}
 1. Optionally, if the resource owner is an organization that requires approval for {% data variables.product.pat_v2 %}s, below the resource owner, in the box, enter a justification for the request.
 1. Under **Repository access**, select which repositories you want the token to access. You should choose the minimal repository access that meets your needs. Tokens always include read-only access to all public repositories on {% data variables.product.prodname_dotcom %}.
 1. If you selected **Only select repositories** in the previous step, under the **Selected repositories** dropdown, select the repositories that you want the token to access.
diff --git a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md
index c88789189d12..3b691bc3e1a7 100644
--- a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md
+++ b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products.md
@@ -79,7 +79,7 @@ The scopes that are required for your {% data variables.product.prodname_dotcom
 
 {% note %}
 
-**Note**: {% data reusables.user-settings.generic-classic-pat-only %} This means that you cannot use {% data variables.product.prodname_importer_proper_name %} if your organization uses the "Restrict {% data variables.product.pat_v1_plural %} from accessing your organizations" policy. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise#restricting-access-by-personal-access-tokens-classic)."
+**Note**: {% data reusables.user-settings.generic-classic-pat-only %} This means that you cannot use {% data variables.product.prodname_importer_proper_name %} if your organization uses the "Restrict {% data variables.product.pat_v1_plural %} from accessing your organizations" policy. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise#restricting-access-by-personal-access-tokens)."
 
 {% endnote %}
 
diff --git a/content/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization.md b/content/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization.md
index c9ee3da128ca..c790b3c3fc3e 100644
--- a/content/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization.md
+++ b/content/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization.md
@@ -1,6 +1,6 @@
 ---
 title: Setting a personal access token policy for your organization
-intro: 'Organization owners can control whether to allow {% data variables.product.pat_v2 %}s and {% data variables.product.pat_v1_plural %}, and can require approval for {% data variables.product.pat_v2 %}s.'
+intro: 'Organization owners can control access to resources by applying policies to {% data variables.product.pat_generic_plural %}'
 versions:
   fpt: '*'
   ghes: '*'
@@ -10,51 +10,57 @@ shortTitle: Set a token policy
 
 {% data reusables.user-settings.pat-v2-org-opt-in %}
 
-## Restricting access by {% data variables.product.pat_v2 %}s
+## Restricting access by {% data variables.product.pat_generic_plural %}
 
-Organization owners can prevent {% data variables.product.pat_v2 %}s from accessing resources owned by the organization. {% data variables.product.pat_v2_caps %}s will still be able to read public resources within the organization. This setting only controls access by {% data variables.product.pat_v2 %}s, not {% data variables.product.pat_v1_plural %}. For more information about restricting access by {% data variables.product.pat_v1_plural %}, see "[Restricting access by {% data variables.product.pat_v1_plural %}](#restricting-access-by-personal-access-tokens-classic)" on this page.
+Organization owners can prevent {% data variables.product.pat_generic_plural %} from accessing resources owned by the organization with the following options:
+* **Restrict access via {% data variables.product.pat_generic_plural %}**: {% data variables.product.pat_v1_caps_plural %} or {% data variables.product.pat_v2_plural %} cannot access resources owned by the organization. SSH keys created by {% data variables.product.pat_generic_plural %} will continue to work.
+* **Allow access via {% data variables.product.pat_generic_plural %}**: {% data variables.product.pat_v1_caps_plural %} or {% data variables.product.pat_v2_plural %} can access resources owned by the organization.
 
-{% ifversion ghec or ghes %} If your organization is owned by an enterprise, and your enterprise owner has restricted access by {% data variables.product.pat_v2 %}s, then you cannot override the policy in your organization. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise)."{% endif %}
+Regardless of the chosen policy, {% data variables.product.pat_generic_caps_plural %} will have access to public resources within the organization.
+
+{% ifversion ghec or ghes %} If your organization is owned by an enterprise, and your enterprise owner has restricted access by {% data variables.product.pat_generic_caps_plural %}, you cannot override the policy in your organization. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise)."{% endif %}
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
-1. In the left sidebar, under **{% octicon "key" aria-hidden="true" %} {% data variables.product.pat_generic_caps %}s**, click **Settings**.
-1. Under **{% data variables.product.pat_v2_caps %}s**, select the option that meets your needs:
-   * **Allow access via {% data variables.product.pat_v2 %}s**:  {% data variables.product.pat_v2_caps %}s can access resources owned by the organization.
-   * **Restrict access via {% data variables.product.pat_v2 %}s**: {% data variables.product.pat_v2_caps %}s cannot access resources owned by the organization. SSH keys created by {% data variables.product.pat_v2 %}s will continue to work.
+1. In the left sidebar, under **{% octicon "key" aria-hidden="true" %} {% data variables.product.pat_generic_caps %}s**, click **Settings**. {% ifversion tabbed-pat-settings-ui %}
+1. Select either the **Fine-grained tokens** or **Tokens (classic)** tab to enforce this policy based on the token type. {% endif %}
+1. Under **{% data variables.product.pat_v2_caps_plural %}** or **Restrict {% data variables.product.pat_v1_plural %} from accessing your organizations**, select your access policy.
 1. Click **Save**.
 
-## Enforcing an approval policy for {% data variables.product.pat_v2 %}s
-
-Organization owners can require approval for each {% data variables.product.pat_v2 %} that can access the organization. {% data variables.product.pat_v2_caps %}s will still be able to read public resources within the organization without approval. {% data variables.product.pat_v2_caps %}s created by organization owners will not need approval.
+{% ifversion pats-maximum-lifetime %}
 
-{% ifversion ghec or ghes %} If your organization is owned by an enterprise, and your enterprise owner has set an approval policy for {% data variables.product.pat_v2 %}s, then you cannot override the policy in your organization. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise)."{% endif %}
+## Enforcing a maximum lifetime policy for {% data variables.product.pat_generic_plural %}
 
-{% note %}
+Organization owners can set maximum lifetime allowances for both {% data variables.product.pat_v2_plural %} and {% data variables.product.pat_v1_plural %} to control access to organization resources. {% ifversion ghec or ghes %} However, these policies cannot exceed the maximum lifetime set at the enterprise level or disable the expiration policy set at the enterprise level. See "[Enforcing a maximum lifetime policy for {% data variables.product.pat_generic_plural %}](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise#enforcing-a-maximum-lifetime-policy-for-personal-access-tokens)" {% endif %}
 
-**Note**: Only {% data variables.product.pat_v2 %}s, not {% data variables.product.pat_v1_plural %}, are subject to approval. Unless the organization has restricted access by {% data variables.product.pat_v1_plural %}, any {% data variables.product.pat_v1 %} can access organization resources without prior approval. For more information, see "[Restricting access by {% data variables.product.pat_v1_plural %}](#restricting-access-by-personal-access-tokens-classic)" on this page.
+For {% data variables.product.pat_v2_plural %}, the default the maximum lifetime policy for organizations is set to expire within 366 days. {% data variables.product.pat_v1_caps_plural %} do not have an expiration requirement.
 
-{% endnote %}
+When you set a policy, tokens with non-compliant lifetimes will be blocked from accessing your organization if the token belongs to a member of your organization. Setting this policy does not revoke or disable these tokens. Users will learn that their existing token is non-compliant when API calls for your organization are rejected.
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
-1. In the left sidebar, under **{% octicon "key" aria-hidden="true" %} {% data variables.product.pat_generic_caps %}s**, click **Settings**.
-1. Under **Require approval of {% data variables.product.pat_v2 %}s**, select the option that meets your needs:
-   * **Require administrator approval**: An organization owner must approve each {% data variables.product.pat_v2 %} that can access the organization. {% data variables.product.pat_v2_caps %}s created by organization owners will not need approval.
-   * **Do not require administrator approval**: {% data variables.product.pat_v2_caps %}s created by organization members can access resources in the organization without prior approval.
-1. Click **Save**.
+1. In the left sidebar, click **{% octicon "key" aria-hidden="true" %} {% data variables.product.pat_generic_caps %}s**.
+1. Select either the **Fine-grained tokens** or **Tokens (classic)** tab to enforce this policy based on the token type.
+1. Under **Set maximum lifetimes for {% data variables.product.pat_generic_plural %}**, set the maximum lifetime.
+1. Click **Save**.  
+{% endif %}
 
-## Restricting access by {% data variables.product.pat_v1_plural %}
+## Enforcing an approval policy for {% data variables.product.pat_v2_plural %}
 
-Organization owners can prevent {% data variables.product.pat_v1_plural %} from accessing resources owned by the organization. {% data variables.product.pat_v1_caps_plural %} will still be able to read public resources within the organization. This setting only controls access by {% data variables.product.pat_v1_plural %}, not {% data variables.product.pat_v2 %}s. For more information about restricting access by {% data variables.product.pat_v2 %}s, see "[Restricting access by {% data variables.product.pat_v2 %}s](#restricting-access-by-fine-grained-personal-access-tokens)" on this page.
+Organization owners can manage approval requirements for each {% data variables.product.pat_v2 %} that can access the organization with the following options:
+  * **Require administrator approval**: An organization owner must approve each {% data variables.product.pat_v2 %} that can access the organization. {% data variables.product.pat_v2_caps_plural %} created by organization owners will not need approval.
+  * **Do not require administrator approval**: {% data variables.product.pat_v2_caps %}s created by organization members can access resources in the organization without prior approval.
+
+{% data variables.product.pat_v2_caps %}s will still be able to read public resources within the organization without approval.
+
+{% ifversion ghec or ghes %} If your organization is owned by an enterprise, and your enterprise owner has set an approval policy for {% data variables.product.pat_v2 %}s, then you cannot override the policy in your organization. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise)."{% endif %}
 
-{% ifversion ghec or ghes %} If your organization is owned by an enterprise, and your enterprise owner has restricted access by {% data variables.product.pat_v1_plural %}, then you cannot override the policy in your organization. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise)."{% endif %}
+> [!NOTE]
+> Only {% data variables.product.pat_v2_plural %}, not {% data variables.product.pat_v1_plural %}, are subject to approval. Unless the organization has restricted access by {% data variables.product.pat_v1_plural %}, any {% data variables.product.pat_v1 %} can access organization resources without prior approval. For more information, see "[Restricting access by {% data variables.product.pat_generic_plural %}](#restricting-access-by-personal-access-tokens)" on this page.
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
-1. In the left sidebar, under **{% octicon "key" aria-hidden="true" %} {% data variables.product.pat_generic_caps %}s**, click **Settings**.
-{% ifversion tabbed-pat-settings-ui %} 1. Select the **Tokens (classic)** tab to access the {% data variables.product.pat_v1_plural %} settings.
-{% endif %}1. Under **{% data variables.product.pat_v1_caps %}**, select the option that meets your needs:
-   * **Allow access via {% data variables.product.pat_v1_plural %}**: {% data variables.product.pat_v1_caps_plural %} can access resources owned by the organization.
-   * **Restrict access via {% data variables.product.pat_v1_plural %}**: {% data variables.product.pat_v1_caps_plural %} cannot access resources owned by the organization. SSH keys created by {% data variables.product.pat_v1_plural %} will continue to work.
+1. In the left sidebar, under **{% octicon "key" aria-hidden="true" %} {% data variables.product.pat_generic_caps %}s**, click **Settings**. {% ifversion tabbed-pat-settings-ui %}
+1. Select the **Fine-grained tokens** tab. {% endif %}
+1. Under **Require approval of {% data variables.product.pat_v2_plural %}**, select the option that meets your needs:
 1. Click **Save**.
diff --git a/content/pull-requests/collaborating-with-pull-requests/getting-started/best-practices-for-pull-requests.md b/content/pull-requests/collaborating-with-pull-requests/getting-started/best-practices-for-pull-requests.md
index 5d501fb0b8d9..215f49494f33 100644
--- a/content/pull-requests/collaborating-with-pull-requests/getting-started/best-practices-for-pull-requests.md
+++ b/content/pull-requests/collaborating-with-pull-requests/getting-started/best-practices-for-pull-requests.md
@@ -26,9 +26,9 @@ Review, build, and test your own pull request before submitting it. This will al
 
 Write clear titles and descriptions for your pull requests so that reviewers can quickly understand what the pull request does. In the pull request body, include:
 
-* the purpose of the pull request
-* an overview of what changed
-* links to any additional context such as tracking issues or previous conversations
+* The purpose of the pull request
+* An overview of what changed
+* Links to any additional context such as tracking issues or previous conversations
 
 To help reviewers, share the type of feedback you need. For example, do you need a quick look or a deeper critique?
 
diff --git a/content/site-policy/github-company-policies/github-statement-against-modern-slavery-and-child-labor.md b/content/site-policy/github-company-policies/github-statement-against-modern-slavery-and-child-labor.md
index 3f40315b01e8..0e2431922cb8 100644
--- a/content/site-policy/github-company-policies/github-statement-against-modern-slavery-and-child-labor.md
+++ b/content/site-policy/github-company-policies/github-statement-against-modern-slavery-and-child-labor.md
@@ -88,17 +88,17 @@ Although GitHub knows of no actual or alleged modern slavery or child labor in i
 GitHub complies and will continue to comply with laws related to modern slavery and child labor.
 
 Going forward, GitHub now requires its suppliers to comply with this Statement, as well as laws related to modern slavery and child labor. GitHub now also requires its suppliers to:
-   * not use, participate in, support, or tolerate modern slavery or child labor
-   * not use misleading or fraudulent recruitment or engagement practices for employees or contract workers
-   * not charge employees or contract workers recruitment or engagement fees
-   * not destroy, conceal, confiscate, or otherwise deny access by an employee or any contract worker to passport, driver's license, or other identity documents;
-   * allow us to terminate our agreements with them for any violation of its obligations related to modern slavery or child labor; and
-   * remediate any harms caused to any worker found to be subjected to any form of modern slavery or child labor, if required by law.
+   * Not use, participate in, support, or tolerate modern slavery or child labor
+   * Not use misleading or fraudulent recruitment or engagement practices for employees or contract workers
+   * Not charge employees or contract workers recruitment or engagement fees
+   * Not destroy, conceal, confiscate, or otherwise deny access by an employee or any contract worker to passport, driver's license, or other identity documents;
+   * Allow us to terminate our agreements with them for any violation of its obligations related to modern slavery or child labor; and
+   * Remediate any harms caused to any worker found to be subjected to any form of modern slavery or child labor, if required by law.
 
 In addition, GitHub strongly encourages its suppliers to:
-   * conduct anti-modern slavery and child labor due diligence processes, including risk assessments, for their suppliers;
-   * take steps to address risks identified; and
-   * use similar anti-modern slavery and child labor language with their suppliers.
+   * Conduct anti-modern slavery and child labor due diligence processes, including risk assessments, for their suppliers;
+   * Take steps to address risks identified; and
+   * Use similar anti-modern slavery and child labor language with their suppliers.
 
 GitHub's procurement instructions to employees making company purchases now includes a reference to the requirement for suppliers to comply with Microsoft's Supplier Code of Conduct or this Statement.
 
diff --git a/data/features/pats-maximum-lifetime.yml b/data/features/pats-maximum-lifetime.yml
new file mode 100644
index 000000000000..d03450ba7404
--- /dev/null
+++ b/data/features/pats-maximum-lifetime.yml
@@ -0,0 +1,6 @@
+# Issue 8157
+# PATs (classic) and fine-grained PATs lifetime requirements policy
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>=3.16'
diff --git a/data/reusables/enterprise-migration-tool/github-pat-required-scopes.md b/data/reusables/enterprise-migration-tool/github-pat-required-scopes.md
index e599957a8ba5..a0080cf4cf52 100644
--- a/data/reusables/enterprise-migration-tool/github-pat-required-scopes.md
+++ b/data/reusables/enterprise-migration-tool/github-pat-required-scopes.md
@@ -2,7 +2,7 @@ The scopes that are required for your {% data variables.product.prodname_dotcom
 
 {% note %}
 
-**Note**: {% data reusables.user-settings.generic-classic-pat-only %} This means that you cannot use {% data variables.product.prodname_importer_proper_name %} if your organization uses the "Restrict {% data variables.product.pat_v1_plural %} from accessing your organizations" policy. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise#restricting-access-by-personal-access-tokens-classic)."
+**Note**: {% data reusables.user-settings.generic-classic-pat-only %} This means that you cannot use {% data variables.product.prodname_importer_proper_name %} if your organization uses the "Restrict {% data variables.product.pat_v1_plural %} from accessing your organizations" policy. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise#restricting-access-by-personal-access-tokens)."
 
 {% endnote %}
 
diff --git a/data/variables/product.yml b/data/variables/product.yml
index 63c96825daac..bc2a3c00e1bf 100644
--- a/data/variables/product.yml
+++ b/data/variables/product.yml
@@ -120,6 +120,7 @@ pat_generic_title_case_plural: 'Personal Access Tokens'
 pat_v2: 'fine-grained personal access token'
 pat_v2_plural: 'fine-grained personal access tokens'
 pat_v2_caps: 'Fine-grained personal access token'
+pat_v2_caps_plural: 'Fine-grained personal access tokens'
 pat_v1: >-
   {% ifversion pat-v2 %}personal access token (classic){% else %}personal access token{% endif %}
 pat_v1_plural: >-
@@ -128,6 +129,9 @@ pat_v1_caps: >-
   {% ifversion pat-v2 %}Personal access token (classic){% else %}Personal access token{% endif %}
 pat_v1_caps_plural: >-
   {% ifversion pat-v2 %}Personal access tokens (classic){% else %}Personal access tokens{% endif %}
+pat_classic: 'token (classic)'
+pat_classic_plural: 'tokens (classic)'
+pat_classic_caps: 'Token (classic)'
 
 # Apps, GitHub Marketplace, and integrations
 prodname_marketplace: 'GitHub Marketplace'

From 917f9fecc0c1387fcdc9d9bb7bb89da5d9f5785d Mon Sep 17 00:00:00 2001
From: Anne-Marie <102995847+am-stead@users.noreply.github.com>
Date: Fri, 18 Oct 2024 21:17:35 +0100
Subject: [PATCH 5/6] Secret scanning: push protection delegated bypass
 settings are included in security configurations [Public Beta] #15892
 (#52566)

Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
---
 ...ng-delegated-bypass-for-push-protection.md | 68 +++++++++++++------
 .../index.md                                  |  4 +-
 ...reating-a-custom-security-configuration.md | 12 ++--
 ...ection-delegated-bypass-configurations.yml |  4 ++
 ...sh-protection-delegate-bypass-beta-note.md |  4 ++
 .../push-protection-delegated-bypass-intro.md |  7 +-
 6 files changed, 70 insertions(+), 29 deletions(-)
 create mode 100644 data/features/push-protection-delegated-bypass-configurations.yml

diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md
index 08c92b4ebeea..e803924bb42d 100644
--- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md
@@ -17,16 +17,59 @@ shortTitle: Enable delegated bypass
 
 {% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %}
 
-{% data reusables.secret-scanning.push-protection-delegated-bypass-intro %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection)."
+{% data reusables.secret-scanning.push-protection-delegated-bypass-intro %}
 
-When you enable this feature, you will create a bypass list of roles and teams who can manage requests to bypass push protection. If you don't already have appropriate teams or roles to use, you should create additional teams before you start.
+For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection)."
 
->[!NOTE] You can't add secret teams to the bypass list.
+When you enable this feature, you will create a bypass list of roles and teams who can manage requests to bypass push protection. If you don't already have appropriate teams or roles to use, you should create additional teams before you start.
 
 {% ifversion push-protection-bypass-fine-grained-permissions %}Alternatively, you can grant specific organization members the ability to review and manage bypass requests using fine-grained permissions, which give you more refined control over which individuals and teams can approve and deny bypass requests. For more information, see "[Using fine-grained permissions to control who can review and manage bypass requests](#using-fine-grained-permissions-to-control-who-can-review-and-manage-bypass-requests)."{% endif %}
 
+## Configuring delegated bypass for a repository
+
+>[!NOTE] If an organization owner configures delegated bypass at the organization-level, the repository-level settings are disabled.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-ghas-settings %}
+1. Under "Push protection", to the right of "Who can bypass push protection for {% data variables.product.prodname_secret_scanning %}", select the dropdown menu, then click **Specific roles or teams**.
+1. Under "Bypass list", click **Add role or team**.
+
+   > [!NOTE]
+   > When you add roles or teams to the "bypass list", these users will be granted the ability to bypass push protection, and they can also review and manage the requests from all other contributors to bypass push protection.
+   >
+   > You can't add secret teams to the bypass list.
+
+1. In the dialog box, select the roles and teams that you want to add to the bypass list, then click **Add selected**.
+
 ## Configuring delegated bypass for an organization
 
+{% ifversion push-protection-delegated-bypass-configurations %}
+
+You must configure delegated bypass for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
+
+1. Create a new custom security configuration, or edit an existing one. See "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration#creating-a-custom-security-configuration)."
+1. When creating the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that the dropdown menus for "Alerts" and "Push protection" are set to **Enabled**.
+1. Under "Push protection", to the right of "Bypass privileges", select the dropdown menu, then click **Specific actors**.
+  
+   > [!NOTE]
+   > When you assign bypass privileges to selected actors, these organization members are granted the ability to bypass push protection, and they also review and manage the requests from all other contributors to bypass push protection.
+   >
+   > You can't add secret teams to the bypass list.
+
+1. Click the "Select actors" dropdown menu, then select the roles and teams you want to assign bypass privileges to.
+
+   > [!TIP]
+   > In addition to assigning bypass privileges to roles and teams, you can also grant _individual_ organization members the ability to review and manage bypass requests using fine-grained permissions. See "[Using fine-grained permissions to control who can review and manage bypass requests](#using-fine-grained-permissions-to-control-who-can-review-and-manage-bypass-requests)."
+
+1. Click **Save configuration**.
+1. Apply the security configuration to all (or selected) repositories in your organization. See "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration)."
+
+To learn more about security configurations, see "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)."
+
+{% else %}
+
 {% data reusables.organizations.navigate-to-org %}
 {% data reusables.organizations.org_settings %}
 {% ifversion security-configurations %}
@@ -39,28 +82,15 @@ When you enable this feature, you will create a bypass list of roles and teams w
 1. Under "Bypass list", click **Add role or team**.
 1. In the dialog box, select the roles and teams that you want to add to the bypass list, then click **Add selected**.
 
-## Configuring delegated bypass for a repository
-
->[!NOTE] If an organization owner configures delegated bypass at the organization-level, the repository-level settings are disabled.
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
-1. Under "Push protection", to the right of "Who can bypass push protection for {% data variables.product.prodname_secret_scanning %}", select the dropdown menu, then click **Specific roles or teams**.
-1. Under "Bypass list", click **Add role or team**.
-
-   >[!NOTE] You can't add secret teams to the bypass list.
-
-1. In the dialog box, select the roles and teams that you want to add to the bypass list, then click **Add selected**.
+{% endif %}
 
 {% ifversion push-protection-bypass-fine-grained-permissions %}
 
 ## Using fine-grained permissions to control who can review and manage bypass requests
 
-You can grant specific individuals or teams the ability to review and manage bypass requests using fine-grained permissions.
+You can grant specific individuals or teams in your organization the ability to review and manage bypass requests using fine-grained permissions.
 
-1. Ensure that delegated bypass is enabled for the organization. For more information, follow steps 1-5 in "[Configuring delegated bypass for your organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization)."
+1. Ensure that delegated bypass is enabled for the organization. For more information, follow steps 1-3 in "[Configuring delegated bypass for your organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization)" and ensure you have saved and applied the security configuration to your selected repositories.
 1. Create (or edit) a custom organization role. For information on creating and editing custom roles, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles#creating-a-custom-role)."
 1. When choosing which permissions to add to the custom role, select the "Review and manage {% data variables.product.prodname_secret_scanning %} bypass requests" permission.
 1. Assign the custom role to individual members or teams in your organization. For more information on assigning custom roles, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles#assigning-an-organization-role)."
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md
index 8736fdd06d6d..64524919b36b 100644
--- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md
@@ -5,9 +5,7 @@ allowTitleToDifferFromFilename: true
 intro: 'You can control the ability to bypass push protection by setting up a reviewers group to assess requests. When a contributor proposes bypassing protections, any member of the bypass list can approve or block the request.'
 product: '{% data reusables.gated-features.secret-scanning %}'
 versions:
-  fpt: '*'
-  ghes: '>=3.14'
-  ghec: '*'
+  feature: push-protection-delegated-bypass
 topics:
   - Secret scanning
   - Advanced Security
diff --git a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md
index 0764d3055e45..2268adb79a5a 100644
--- a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md
+++ b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md
@@ -46,12 +46,12 @@ With {% data variables.product.prodname_custom_security_configurations %}, you c
 1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup. To learn about default setup, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup)."
 1. In the "{% data variables.product.prodname_secret_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
     * {% data variables.product.prodname_secret_scanning_caps %}. To learn about {% data variables.product.prodname_secret_scanning %}, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)."{% ifversion secret-scanning-validity-check-partner-patterns %}
-    * Validity check. To learn more about validity checks for partner patterns, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity)".{% endif %}
-    * Push protection. To learn about push protection, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)."{% ifversion org-npp-enablement-security-configurations %}
-    * Non-provider patterns. To learn more about scanning for non-provider patterns, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns)" and "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts)."
-
-       {% data reusables.secret-scanning.non-provider-patterns-beta %}{% endif %}
-
+    * Validity check. To learn more about validity checks for partner patterns, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity)".{% endif %}{% ifversion org-npp-enablement-security-configurations %}
+    * Non-provider patterns. To learn more about scanning for non-provider patterns, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns)" and "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts)."{% endif %}
+    * Push protection. To learn about push protection, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)."
+{% ifversion push-protection-delegated-bypass-configurations %}
+1. Optionally, under "Push protection", choose whether you want to assign bypass privileges to selected actors in your organization. By assigning bypass privileges, selected organization members can bypass push protection, and there is a review and approval process for all other contributors. For further guidance on how to configure this setting, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization)."
+{% endif %}
 {% ifversion fpt or ghec %}
 1. In the "Private vulnerability reporting" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for private vulnerability reporting. To learn about private vulnerability reporting, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository)."
 {% endif %}
diff --git a/data/features/push-protection-delegated-bypass-configurations.yml b/data/features/push-protection-delegated-bypass-configurations.yml
new file mode 100644
index 000000000000..7e8962a2586e
--- /dev/null
+++ b/data/features/push-protection-delegated-bypass-configurations.yml
@@ -0,0 +1,4 @@
+# Issue 15892 - Secret scanning push protection bypass moves from "Global Settings" to "Security configurations"
+versions:
+  ghec: '*'
+  ghes: '>=3.16'
diff --git a/data/reusables/secret-scanning/push-protection-delegate-bypass-beta-note.md b/data/reusables/secret-scanning/push-protection-delegate-bypass-beta-note.md
index 3957758c1588..792ba9648bcc 100644
--- a/data/reusables/secret-scanning/push-protection-delegate-bypass-beta-note.md
+++ b/data/reusables/secret-scanning/push-protection-delegate-bypass-beta-note.md
@@ -1 +1,5 @@
+{% ifversion ghes > 3.13 and ghes < 3.16 %}
+
 >[!NOTE] Delegated bypass for push protection is currently in {% data variables.release-phases.public_preview %} and subject to change.
+
+{% endif %}
diff --git a/data/reusables/secret-scanning/push-protection-delegated-bypass-intro.md b/data/reusables/secret-scanning/push-protection-delegated-bypass-intro.md
index 9a475326c40c..ccbcd395c6ee 100644
--- a/data/reusables/secret-scanning/push-protection-delegated-bypass-intro.md
+++ b/data/reusables/secret-scanning/push-protection-delegated-bypass-intro.md
@@ -1 +1,6 @@
-Delegated bypass for push protection lets you define contributors who can bypass push protection and adds an approval process for other contributors.{% ifversion push-protection-delegated-bypass-file-upload-support %} Delegated bypass applies to files created, edited, and uploaded on {% data variables.product.prodname_dotcom %}.{% endif %}
+Delegated bypass for push protection lets you:
+
+* Define contributors who can bypass push protection.
+* Adds an approval process for other contributors.
+
+{% ifversion push-protection-delegated-bypass-file-upload-support %} Delegated bypass applies to files created, edited, and uploaded on {% data variables.product.prodname_dotcom %}.{% endif %}

From b5bc55248ea2864e422c4b5e0f8120b2046cffba Mon Sep 17 00:00:00 2001
From: Junko Suzuki <pnsk@github.com>
Date: Sat, 19 Oct 2024 06:20:10 +0900
Subject: [PATCH 6/6] Reword "network configuration" in "CI/CD Admin"
 pre-defined roles (#52771)

---
 data/reusables/organizations/pre-defined-organization-roles.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/reusables/organizations/pre-defined-organization-roles.md b/data/reusables/organizations/pre-defined-organization-roles.md
index 9a7401651351..232a4d31d2ac 100644
--- a/data/reusables/organizations/pre-defined-organization-roles.md
+++ b/data/reusables/organizations/pre-defined-organization-roles.md
@@ -7,4 +7,4 @@ The current set of pre-defined roles are:
 * **All-repository triage**: Grants triage access to all repositories in the organization.
 * **All-repository maintain**: Grants maintenance access to all repositories in the organization.
 * **All-repository admin**: Grants admin access to all repositories in the organization.
-* **CI/CD admin**: Grants admin access to manage Actions policies, runners, runner groups, network configuration, secrets, variables, and usage metrics for an organization.
+* **CI/CD admin**: Grants admin access to manage Actions policies, runners, runner groups, hosted compute network configurations, secrets, variables, and usage metrics for an organization.