Clarify FG PAT must be user-owned for Copilot CLI auth (#60990)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Author: 3 people

content/copilot/how-tos/copilot-cli/set-up-copilot-cli/authenticate-copilot-cli.md

@@ -53,7 +53,7 @@ Offline mode is **only fully air-gapped** if your BYOK provider is local or othe
 | Token type                 | Prefix        | Supported | Notes                                                  |
 |----------------------------|---------------|-----------|--------------------------------------------------------|
 | OAuth token (device flow)  | `gho_`        | Yes       | Default method via `copilot login`                     |
-| Fine-grained PAT           | `github_pat_` | Yes       | Must include required permissions **Copilot Requests** |
+| Fine-grained PAT           | `github_pat_` | Yes       | Must be owned by your personal account (not an organization) with the **{% data variables.product.prodname_copilot_short %} Requests** account permission |
 | GitHub App user-to-server  | `ghu_`        | Yes       | Via environment variable                               |
 | Classic PAT                | `ghp_`        | No        | Not supported by {% data variables.copilot.copilot_cli_short %} |
 

content/copilot/how-tos/copilot-cli/set-up-copilot-cli/troubleshoot-copilot-cli-auth.md

@@ -102,7 +102,7 @@ The token was revoked, has expired, or was created without the required permissi
 
 ### Fix
 
-Review the token's status and permissions on {% data variables.product.prodname_dotcom %}. The token must have the **Copilot Requests** permission. Generate a new token with the required permissions if necessary.  
+Review the token's status and permissions on {% data variables.product.prodname_dotcom %}. The token must be a {% data variables.product.pat_v2 %} owned by your **personal account** (not an organization) with the **{% data variables.product.prodname_copilot_short %} Requests** permission. Generate a new token with the required permissions if necessary.  
 
 ## {% data variables.product.pat_classic_caps %} rejected
 

data/reusables/copilot/copilot-cli-pat-steps.md

@@ -1,4 +1,10 @@
 1. Visit [{% data variables.product.pat_v2_caps_plural %}](https://github.com/settings/personal-access-tokens/new).
-1. Under "Permissions," click **Add permissions** and select **{% data variables.product.prodname_copilot_short %} Requests**.
+1. Under **Resource owner**, select your **personal account**. Do not select an organization. The **{% data variables.product.prodname_copilot_short %} Requests** permission is only available on user-owned {% data variables.product.pat_v2_plural %}.
+1. Under **Repository access**, select the level of access appropriate for your use case:
+   * **Public repositories** if you only need to work with public repos.
+   * **All repositories** if you need access across all your current and future repos.
+   * **Only select repositories** f you want to restrict access to specific repos.
+1. Under **Permissions**, select the **Account** tab. 
+1. Click **Add permissions** and select **{% data variables.product.prodname_copilot_short %} Requests**.
 1. Click **Generate token**.
-1. Export the token in your terminal or environment configuration. Use the `COPILOT_GITHUB_TOKEN`, `GH_TOKEN`, or `GITHUB_TOKEN` environment variable (in order of precedence).
+1. Export the token in your terminal or environment configuration. Use the `COPILOT_GITHUB_TOKEN`, `GH_TOKEN`, or `GITHUB_TOKEN` environment variable (in order of precedence).