diff --git a/source/administration-guide/manage/admin/abac-channel-access-rules.rst b/source/administration-guide/manage/admin/abac-channel-access-rules.rst
index 3497314fce8..ea080f9bef3 100644
--- a/source/administration-guide/manage/admin/abac-channel-access-rules.rst
+++ b/source/administration-guide/manage/admin/abac-channel-access-rules.rst
@@ -20,7 +20,7 @@ Prerequisites
- :doc:`Attribute-Based Access Control (ABAC) ` must be enabled by a System Admin in **System Console > System Attributes > Attribute-Based Access**.
- You need Channel Admin permissions and the ``manage_channel_access_rules`` permission.
-- Channel access rules are available only for private channels.
+- Self-service channel access rules in the **Access Control** tab in Channel Settings are configured for private channels. Membership policies apply to both public and private channels, with different behavior by channel type. See :ref:`Public and private channel behavior `.
Access Channel Settings
~~~~~~~~~~~~~~~~~~~~~~~~
@@ -86,6 +86,36 @@ When you save changes that affect membership, a confirmation dialog shows you:
- Option to view the specific users affected
- Confirmation required before applying changes
+Public and private channel behavior
+-----------------------------------
+
+Membership policies behave differently depending on the type of channel they're applied to:
+
+- **Private channels**: Membership policies are enforced. Users who match the policy's rules are added, and users who don't match the rules are removed during synchronization.
+- **Public channels**: Membership policies are advisory. Matching users may be automatically added when auto-add is enabled, but non-matching members are not removed.
+- When auto-add is disabled for a public channel, matching channels are surfaced as **recommended** rather than enforcing membership.
+- Direct messages and group messages aren't eligible for membership policies.
+- Default channels such as **Town Square** and **Off-Topic** are excluded.
+
+.. note::
+
+ Public channels with membership policies may appear in **Browse Channels** under **Recommended**, and matching users may be marked **Recommended** in the channel invite flow. See :doc:`Browse channels ` and :doc:`Manage channel members ` for the end-user experience.
+
+Channel-level permission policies
+---------------------------------
+
+From Mattermost v11.8.0, admins can define channel-level permission rules for file upload and file download based on user attributes and channel role. Applicable roles include **channel admin**, **channel member**, and **channel guest**.
+
+For system-wide permission policies that restrict file upload and download actions, see :ref:`Permission policies `.
+
+Simulate access
+----------------
+
+From Mattermost v11.8.0, admins can use **Simulate access** in Channel Settings to preview whether selected users can perform actions such as joining a channel, uploading files, or downloading files before saving policy changes.
+
+- Simulation can evaluate draft rules before they're saved, so you can confirm the intended scope without affecting live channel access.
+- Some denied results may indicate that the decision came from another policy. In that case, Mattermost shows that access was denied by another policy without exposing policy details you aren't authorized to see.
+
Manage team-scoped membership policies in Team Settings
-------------------------------------------------------
diff --git a/source/administration-guide/manage/admin/abac-system-wide-policies.rst b/source/administration-guide/manage/admin/abac-system-wide-policies.rst
index 02f3bf520c3..86669914ae1 100644
--- a/source/administration-guide/manage/admin/abac-system-wide-policies.rst
+++ b/source/administration-guide/manage/admin/abac-system-wide-policies.rst
@@ -62,11 +62,21 @@ You can add multiple rules to a single policy, and each rule can include multipl
Select the **Validate syntax** bar to check the syntax of your rule. If the syntax is valid, the bar will turn green and display a message indicating that the syntax is valid. If there are any issues, the bar will turn red and display an error message.
-Test rules
-~~~~~~~~~~
+Simulate access
+~~~~~~~~~~~~~~~~
Select **Test access rule** to test the rule against your user base to return how many users would be granted access to the channel based on the current rule. Test your rules to ensure the intended scope and avoid unexpected access changes.
+From Mattermost v11.8.0, you can use **Simulate access** to preview allowed and denied outcomes for specific users before saving policy changes:
+
+1. Open the policy editor in the System Console.
+2. Select **Simulate access**.
+3. Choose the users you want to test.
+4. Review the allowed and denied outcomes by action, such as joining a channel or uploading and downloading files.
+5. Adjust the rules before saving.
+
+Simulation can test draft policy changes before they affect live channel access or file permissions. Detailed rule and attribute information is shown only when the denial comes from the policy or scope you're editing; otherwise, Mattermost may show that access was denied by another policy.
+
Manage rules
~~~~~~~~~~~~
diff --git a/source/administration-guide/manage/admin/attribute-based-access-control.rst b/source/administration-guide/manage/admin/attribute-based-access-control.rst
index 19fb19ca489..1738c3c105d 100644
--- a/source/administration-guide/manage/admin/attribute-based-access-control.rst
+++ b/source/administration-guide/manage/admin/attribute-based-access-control.rst
@@ -40,11 +40,14 @@ Configure access policies
Once enabled, you have multiple ways to configure access policies in Mattermost:
+From Mattermost v11.8.0, admins can configure membership policies for both public and private channels, permission policies for file upload and file download, and simulate policy outcomes before saving.
+
**System Admins can:**
-- Create :doc:`system-wide access policies ` that can be assigned across multiple channels in the System Console.
+- Create :doc:`system-wide access policies ` that can be assigned across multiple channels in the System Console. Membership policies can be applied to both public and private channels, with :ref:`advisory behavior on public channels `.
- Assign :ref:`individual channel policies ` to specific channels in the System Console.
- Define :ref:`permission policies ` that restrict actions such as file upload and file download based on user attributes.
+- :ref:`Simulate policy outcomes ` to preview whether selected users can perform actions such as joining a channel or uploading and downloading files before saving policy changes.
**Team Admins can:**
diff --git a/source/end-user-guide/collaborate/browse-channels.rst b/source/end-user-guide/collaborate/browse-channels.rst
index 4be5dee086c..9cb8ba87cb5 100644
--- a/source/end-user-guide/collaborate/browse-channels.rst
+++ b/source/end-user-guide/collaborate/browse-channels.rst
@@ -15,6 +15,10 @@ Browse channels
From Mattermost v9.1, you can filter the list of channels by public, private, or archived channels, and you can hide all channels you're already a member of.
+ .. note::
+
+ From Mattermost v11.8.0, if your organization uses membership policies, **Browse Channels** may include a **Recommended** filter. Recommended channels are public channels your attributes match. You can still browse and join public channels according to your organization's normal channel permissions.
+
.. tab:: Mobile
1. Tap the **Plus** |plus| icon located in the top right corner of the app.
diff --git a/source/end-user-guide/collaborate/join-leave-channels.rst b/source/end-user-guide/collaborate/join-leave-channels.rst
index 8c4a15ad21a..f80397d559f 100644
--- a/source/end-user-guide/collaborate/join-leave-channels.rst
+++ b/source/end-user-guide/collaborate/join-leave-channels.rst
@@ -107,4 +107,14 @@ When you leave a private channel, you must be re-added by another channel member
.. image:: ../../images/mobile-confirm-leave-a-channel.jpg
:alt: Tap on Leave to confirm your choice.
- :scale: 30
\ No newline at end of file
+ :scale: 30
+
+Leave a public channel added by a membership policy
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+From Mattermost v11.8.0, when you leave a public channel you were added to by a membership policy, Mattermost asks you to confirm:
+
+- Choosing **Leave channel** removes you from the channel.
+- Choosing **Mute instead** keeps you in the channel and mutes its notifications.
+
+If the channel is already muted, Mattermost shows **Cancel** and **Leave channel** instead of **Mute instead**.
\ No newline at end of file
diff --git a/source/end-user-guide/collaborate/manage-channel-members.rst b/source/end-user-guide/collaborate/manage-channel-members.rst
index 58724e2dafd..49731bf84d2 100644
--- a/source/end-user-guide/collaborate/manage-channel-members.rst
+++ b/source/end-user-guide/collaborate/manage-channel-members.rst
@@ -9,7 +9,10 @@ Add members to a channel
Any member of a channel can add other members to public or private channels, unless your system admin has restricted access to do so.
-When a channel has :doc:`attribute-based access controls ` enabled, you'll see details about which user attributes are permitted access to the channel. Only users who meet the requirements appear in search results when adding members to that channel.
+When a channel has :doc:`attribute-based access controls ` enabled, you'll see details about which user attributes are permitted access to the channel. Behavior when adding members depends on the channel type:
+
+- **Private channels with membership policies**: Only users who meet the policy requirements are available to add.
+- **Public channels with membership policies**: Users who match the policy may be shown with a **Recommended** tag, but the invite list isn't restricted by the policy.
.. tab:: Web/Desktop