Address PR review feedback

dominicbetts · dominicbetts · commit 017898cfa9d8 · 2025-05-30T10:36:30.000+01:00
diff --git a/articles/iot-operations/discover-manage-assets/howto-configure-opcua-certificates-infrastructure.md b/articles/iot-operations/discover-manage-assets/howto-configure-opcua-certificates-infrastructure.md
@@ -41,10 +41,10 @@ To connect to an OPC UA server, first you need to establish the application auth
 
 To use the operations experience web UI to manage the trusted certificates list, complete the following steps:
 
-1. Get the OPC UA server application's instance certificate as a file. These files typically have a .der or .crt extension. This file contains the public key only.
+1. Get the OPC UA server application's instance certificate as a file. These files typically have a `.der` or `.crt` extension. This file contains the public key only.
 
     > [!TIP]
-    > Typically, an OPC UA server has an interface that lets you export its application instance certificate. This interface isn't standardized. For servers such as KEPServerEx, there's a Windows-based configuration UI for certificates management. Other servers might have a web interface or use operating system folders to store the certificates. To find out how to export the application instance certificate, refer to the user manual of your server. After you have the certificate, make sure it's either DER or PEM encoded. Typically stored in files with either the .der or .crt extension. If the certificate isn't in one of those file formats, use a tool such as `openssl` to transform the certificate into the required format.
+    > Typically, an OPC UA server has an interface that lets you export its application instance certificate. This interface isn't standardized. For servers such as KEPServerEx, there's a Windows-based configuration UI for certificates management. Other servers might have a web interface or use operating system folders to store the certificates. To find out how to export the application instance certificate, refer to the user manual of your server. After you have the certificate, make sure it's either DER or PEM encoded. These certificates are typically stored in files with either the `.der` or `.crt` extension. If the certificate isn't in one of those file formats, use a tool such as `openssl` to transform the certificate into the required format.
 
 1. You can add the certificate directly to your Azure Key Vault as a secret and import from there, or you can upload the certificate to the trusted certificates list using the operations experience.
 
@@ -75,10 +75,10 @@ If your OPC UA server uses a certificate issued by a certificate authority (CA),
 
 To use the Azure CLI to manage the trusted certificates list, complete the following steps:
 
-1. Get the OPC UA server application's instance certificate as a file. These files typically have a .der or .crt extension. This file contains the public key only.
+1. Get the OPC UA server application's instance certificate as a file. These files typically have a `.der` or `.crt` extension. This file contains the public key only.
 
     > [!TIP]
-    > Typically, an OPC UA server has an interface that lets you export its application instance certificate. This interface isn't standardized. For servers such as KEPServerEx, there's a Windows-based configuration UI for certificates management. Other servers might have a web interface or use operating system folders to store the certificates. To find out how to export the application instance certificate, refer to the user manual of your server. After you have the certificate, make sure it's either DER or PEM encoded. Typically stored in files with either the .der or .crt extension. If the certificate isn't in one of those file formats, use a tool such as `openssl` to transform the certificate into the required format.
+    > Typically, an OPC UA server has an interface that lets you export its application instance certificate. This interface isn't standardized. For servers such as KEPServerEx, there's a Windows-based configuration UI for certificates management. Other servers might have a web interface or use operating system folders to store the certificates. To find out how to export the application instance certificate, refer to the user manual of your server. After you have the certificate, make sure it's either DER or PEM encoded. These certificates are typically stored in files with either the `.der` or `.crt` extension. If the certificate isn't in one of those file formats, use a tool such as `openssl` to transform the certificate into the required format.
 
 1. Add the OPC UA server's application instance certificate to the trusted certificates list. This list is implemented as a Kubernetes native secret named *aio-opc-ua-broker-trust-list* that's created when you deploy Azure IoT Operations.
 
@@ -100,7 +100,7 @@ If your OPC UA server uses a certificate issued by a certificate authority (CA),
 
 To trust a CA, complete the following steps:
 
-1. Get the CA certificate public key encode in DER or PEM format. These certificates are typically stored in files with either the .der or .crt extension. Get the CA's CRL. This list is typically in a file with the .crl. Check the documentation for your OPC UA server for details.
+1. Get the CA certificate public key encode in DER or PEM format. These certificates are typically stored in files with either the `.der` or `.crt` extension. Get the CA's CRL. This list is typically in a file with the .crl. Check the documentation for your OPC UA server for details.
 
 1. Save the CA certificate and the CRL in the *aio-opc-ua-broker-trust-list* Kubernetes native secret:
 
@@ -156,7 +156,7 @@ Before you can configure the issuer certificates list with your intermediate cer
 
 To use the operations experience web UI to manage the issuer certificates list, complete the following steps:
 
-1. Get the issuer certificate that was used to sign your server instance certificates as a file. These files typically have a .der or .crt extension. This file contains the public key only. You might also have a .crl file (certificate revocation list) for the issuer certificate.
+1. Get the issuer certificate that was used to sign your server instance certificates as a file. These files typically have a `.der` or `.crt` extension. This file contains the public key only. You might also have a .crl file (certificate revocation list) for the issuer certificate.
 
 1. You can add the issuer certificate directly to your Azure Key Vault as a secret and import from there, or you can upload the certificate and certificate revocation list (.crl file) to the issuer certificates list using the operations experience.
 
@@ -189,7 +189,7 @@ Before you can configure the issuer certificates list with your intermediate cer
 
 To use the Azure CLI to manage the issuer certificates list, complete the following steps:
 
-1. Save the CA certificate and the CRL in the `aio-opc-ua-broker-issuer-list` secret:
+- Save the CA certificate and the CRL in the `aio-opc-ua-broker-issuer-list` secret:
 
     ```azurecli
     # Append CA certificate to the issuer list secret as a new entry
diff --git a/articles/iot-operations/end-to-end-tutorials/tutorial-add-assets.md b/articles/iot-operations/end-to-end-tutorials/tutorial-add-assets.md
@@ -80,7 +80,7 @@ Before the OPC PLC simulator can send data to the connector for OPC UA, you need
 
 ### Add the connector's certificate to the simulator's trust list
 
-Each OPC UA server has it's own mechanism for managing the trust list. To add the connector's certificate to the simulator's trust list, run the following commands:
+Each OPC UA server has its own mechanism for managing the trust list. To add the connector's certificate to the simulator's trust list, run the following commands:
 
 ```bash
 cert=$(kubectl -n azure-iot-operations get secret aio-opc-opcuabroker-default-application-cert -o jsonpath='{.data.tls\.crt}' | base64 -d)
@@ -96,46 +96,46 @@ kubectl patch secret opc-plc-trust-list -n azure-iot-operations -p "{""data"": $
 
 ### Add the simulator's certificate to the connector's trust list
 
-Every OPC UA server type has it's own mechanism for managing its application instance certificate. To download the simulator's certificate to a file called `opcplc-000000.crt`, run the following command:
+Every OPC UA server type has its own mechanism for managing its application instance certificate. To download the simulator's certificate to a file called `opcplc-000000.crt`, run the following command:
 
 ```console
 kubectl -n azure-iot-operations get secret opc-plc-default-application-cert -o jsonpath='{.data.tls\.crt}' | base64 -d > opcplc-000000.crt
 ```
 
 To add the simulator's certificate to the connector's trust list:
 
-- Go to the [operations experience](https://iotoperations.azure.com) web UI and sign in with your Microsoft Entra ID credentials.
+1. Go to the [operations experience](https://iotoperations.azure.com) web UI and sign in with your Microsoft Entra ID credentials.
 
-- Select your site. If you're working with a new deployment, there are no sites yet. You can find the cluster you created in the previously by selecting **View unassigned instances**. In the operations experience, an instance represents a cluster where you deployed Azure IoT Operations.
+1. Select your site. If you're working with a new deployment, there are no sites yet. You can find the cluster you created in the previously by selecting **View unassigned instances**. In the operations experience, an instance represents a cluster where you deployed Azure IoT Operations.
 
     :::image type="content" source="media/tutorial-add-assets/site-list.png" lightbox="media/tutorial-add-assets/site-list.png" alt-text="Screenshot that shows the unassigned instances node in the operations experience.":::
 
-- Select the instance where you deployed Azure IoT Operations:
+1. Select the instance where you deployed Azure IoT Operations:
 
     :::image type="content" source="media/tutorial-add-assets/cluster-list.png" lightbox="media/tutorial-add-assets/cluster-list.png" alt-text="Screenshot of Azure IoT Operations instance list.":::
 
     > [!TIP]
     > If you don't see any instances, you might not be in the right Microsoft Entra ID tenant. You can change the tenant from the top right menu in the operations experience.
 
-- Select **Asset endpoints**~ and then **Manage certificates and secrets**:
+1. Select **Asset endpoints** and then **Manage certificates and secrets**:
 
     :::image type="content" source="media/tutorial-add-assets/manage-certificates.png" lightbox="media/tutorial-add-assets/manage-certificates.png" alt-text="Screenshot that shows how to find the manage certificates page in the operations experience.":::
 
-- On the **Certificates page**, select **Trust list** and then **Add new certificate**:
+1. On the **Certificates page**, select **Trust list** and then **Add new certificate**:
 
     :::image type="content" source="media/tutorial-add-assets/add-certificate.png" lightbox="media/tutorial-add-assets/add-certificate.png" alt-text="Screenshot that shows how to add a certificate to the trust list in the operations experience.":::
 
-- Select **Upload certificate** and choose the `opcplc-000000.crt` file you downloaded previously. Then select **Upload**:
+1. Select **Upload certificate** and choose the `opcplc-000000.crt` file you downloaded previously. Then select **Upload**:
 
     :::image type="content" source="media/tutorial-add-assets/uploaded-certificate.png" lightbox="media/tutorial-add-assets/uploaded-certificate.png" alt-text="Screenshot that shows a successful certificate upload.":::
 
-- Select **Apply**.
+1. Select **Apply**.
 
 The simulator's application instance certificate is now in the connector for OPC UA's trust list.
 
 ## Add an asset endpoint
 
-In this step, you use the operations experience to add an asset endpoint that enables you to connect to the OPC PLC simulator.To add an asset endpoint:
+In this step, you use the operations experience to add an asset endpoint that enables you to connect to the OPC PLC simulator. To add an asset endpoint:
 
 1. Select **Asset endpoints** and then **Create asset endpoint**:
 
diff --git a/articles/iot-operations/secure-iot-ops/howto-manage-secrets.md b/articles/iot-operations/secure-iot-ops/howto-manage-secrets.md
@@ -31,7 +31,7 @@ Secrets management for Azure IoT Operations uses Secret Store extension to sync
 
 Once the [set up secrets management](../deploy-iot-ops/howto-enable-secure-settings.md#set-up-secrets-management) steps are completed, you can start adding secrets to Azure Key Vault, and sync them to the Kubernetes cluster to be used in **Asset Endpoints** or **Data flow Endpoints** using the [operations experience](https://iotoperations.azure.com) web UI.
 
-Secrets are used in asset endpoints and data flow endpoints for authentication. In this section, we use asset endpoints as an example, the same can be applied to data flow endpoints. You have the option to directly create the secret in Azure Key Vault and have it automatically synchronized down to the cluster, or use an existing secret reference from the key vault:
+Secrets are used in asset endpoints and data flow endpoints for authentication. This section uses asset endpoints as an example. The same process can be applied to data flow endpoints. You have the option to directly create the secret in Azure Key Vault and have it automatically synchronized down to the cluster, or use an existing secret reference from the key vault:
 
 1. Go to the **Asset endpoints** page in the [operations experience](https://iotoperations.azure.com) web UI.
 
@@ -49,7 +49,7 @@ Secrets are used in asset endpoints and data flow endpoints for authentication.
     
 ## Manage synced secrets
 
-In this section, we use asset endpoints as an example, the same can be applied to data flow endpoints:
+This section uses asset endpoints as an example. The same process can be applied to data flow endpoints:
 
 1. Go to the **Asset endpoints** page in the [operations experience](https://iotoperations.azure.com) web UI.
 
