indent edits

tejaswikolli-web · tejaswikolli-web · commit 059781727cb4 · 2022-10-13T15:44:46.000-07:00
diff --git a/articles/container-registry/container-registry-enable-conditional-access-policy.md b/articles/container-registry/container-registry-enable-conditional-access-policy.md
@@ -19,9 +19,9 @@ The Conditional Access policy applies after the first-factor authentication to t
 
 The following steps will help create a Conditional Access policy for Azure Container Registry (ACR).
 
-1. Disable authentication-as-arm in ACR - Azure CLI.
-2. Disable authentication-as-arm in the ACR - Azure portal.
-3. Create and configure Conditional Access policy for Azure Container Registry.
+   1. Disable authentication-as-arm in ACR - Azure CLI.
+   2. Disable authentication-as-arm in the ACR - Azure portal.
+   3. Create and configure Conditional Access policy for Azure Container Registry.
 
 ## Prerequisites
 
@@ -30,18 +30,18 @@ The following steps will help create a Conditional Access policy for Azure Conta
 
 ## Disable authentication-as-arm in ACR - Azure CLI
 
-Disabling `azureADAuthenticationAsArmPolicy` will force the registry to use ACR audience token. You can use Azure CLI version 2.40.0 or later, run `az --version` to find the version. 
+   Disabling `azureADAuthenticationAsArmPolicy` will force the registry to use ACR audience token. You can use Azure CLI version 2.40.0 or later, run `az --version` to find the version. 
 
-1. Run the command to show the current configuration of the registry's policy for authentication using ARM tokens with the registry. If the status is `enabled`, then both ACRs and ARM audience tokens can be used for authentication. If the status is `disabled` it means only ACR's audience tokens can be used for authentication.
+   1. Run the command to show the current configuration of the registry's policy for authentication using ARM tokens with the registry. If the status is `enabled`, then both ACRs and ARM audience tokens can be used for authentication. If the status is `disabled` it means only ACR's audience tokens can be used for authentication.
 
-    ```azurecli-interactive
-    az acr config authentication-as-arm show -r <registry>
-    ```
+      ```azurecli-interactive
+      az acr config authentication-as-arm show -r <registry>
+      ```
 
-1. Run the command to update the status of the registry's policy.
+   1. Run the command to update the status of the registry's policy.
 
-    ```azurecli-interactive
-    az acr config authentication-as-arm update -r <registry> --status [enabled/disabled]
+      ```azurecli-interactive
+      az acr config authentication-as-arm update -r <registry> --status [enabled/disabled]
      ```
 
 ## Disable authentication-as-arm in the ACR - Azure portal
@@ -50,50 +50,51 @@ Disabling `authentication-as-arm` property by assigning a built-in policy will a
 
 You can disable authentication-as-arm in the ACR, by following below steps:
 
-1. Sign in to the [Azure portal](https://portal.azure.com). 
-2. Refer to the ACR's built-in policy definitions in the [azure-container-registry-built-in-policy definition's](policy-reference.md).
-3. Assign a built-in policy to disable authentication-as-arm definition - Azure portal.
+   1. Sign in to the [Azure portal](https://portal.azure.com). 
+   2. Refer to the ACR's built-in policy definitions in the [azure-container-registry-built-in-policy definition's](policy-reference.md).
+   3. Assign a built-in policy to disable authentication-as-arm definition - Azure portal.
 
 ### Assign a built-in policy definition to disable ARM audience token authentication - Azure portal.
   
 You can enable registry's Conditional Access policy in the [Azure portal](https://portal.azure.com). 
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
+Azure Container Registry has two built-in policy definitions to disable authentication-as-arm, as below:
+
+>* `Container registries should have ARM audience token authentication disabled.` - This policy will report, block any non-compliant resources, and also sends a request to update non-compliant to compliant.
+>* `Configure container registries to disable ARM audience token authentication.` - This policy offers remediation and updates non-compliant to compliant resources.
+
 
-1. Navigate to your **Azure Container Registry** > **Resource Group** > **Settings** > **Policies** .
- 
-    :::image type="content" source="media/container-registry-enable-conditional-policy/01-azure-policies.png" alt-text="Screenshot showing how to navigate Azure policies.":::
+   1. Sign in to the [Azure portal](https://portal.azure.com).
 
-1. Navigate to  **Azure Policy**, On the **Assignments**, select **Assign policy**.
+   1. Navigate to your **Azure Container Registry** > **Resource Group** > **Settings** > **Policies** .
    
-   :::image type="content" source="media/container-registry-enable-conditional-policy/02-Assign-policy.png" alt-text="Screenshot showing how to assign a policy.":::
+      :::image type="content" source="media/container-registry-enable-conditional-policy/01-azure-policies.png" alt-text="Screenshot showing how to navigate Azure policies.":::
 
-1. Under the **Assign policy** , use filters to search and find the **Scope**, **Policy definition**, **Assignment name**.
+   1. Navigate to  **Azure Policy**, On the **Assignments**, select **Assign policy**.
+      
+      :::image type="content" source="media/container-registry-enable-conditional-policy/02-Assign-policy.png" alt-text="Screenshot showing how to assign a policy.":::
 
-    :::image type="content" source="media/container-registry-enable-conditional-policy/03-Assign-policy-tab.png" alt-text="Screenshot of the assign policy tab.":::
+   1. Under the **Assign policy** , use filters to search and find the **Scope**, **Policy definition**, **Assignment name**.
 
-1. Select **Scope** to filter and search for the **Subscription** and **ResourceGroup** and choose **Select**.
- 
-     :::image type="content" source="media/container-registry-enable-conditional-policy/04-select-scope.png" alt-text="Screenshot of the Scope tab.":::
+      :::image type="content" source="media/container-registry-enable-conditional-policy/03-Assign-policy-tab.png" alt-text="Screenshot of the assign policy tab.":::
 
-1. Select **Policy definition** to filter and search the built-in policy definitions for the Conditional Access policy.
+   1. Select **Scope** to filter and search for the **Subscription** and **ResourceGroup** and choose **Select**.
    
-     :::image type="content" source="media/container-registry-enable-conditional-policy/05-built-in-policy-definitions.png" alt-text="Screenshot of built-in-policy-definitions.":::
-
-Azure Container Registry has two built-in policy definitions to disable authentication-as-arm, as below:
+      :::image type="content" source="media/container-registry-enable-conditional-policy/04-select-scope.png" alt-text="Screenshot of the Scope tab.":::
 
->* `Container registries should have ARM audience token authentication disabled.` - This policy will report, block any non-compliant resources, and also sends a request to update non-compliant to compliant.
->* `Configure container registries to disable ARM audience token authentication.` - This policy offers remediation and updates non-compliant to compliant resources.
+   1. Select **Policy definition** to filter and search the built-in policy definitions for the Conditional Access policy.
+      
+      :::image type="content" source="media/container-registry-enable-conditional-policy/05-built-in-policy-definitions.png" alt-text="Screenshot of built-in-policy-definitions.":::
 
-1. Use filters to select and confirm  **Scope**, **Policy definition**, and **Assignment name**.
+   1. Use filters to select and confirm  **Scope**, **Policy definition**, and **Assignment name**.
 
-1. Use the filters to limit compliance states or to search for policies.
+   1. Use the filters to limit compliance states or to search for policies.
 
-1. Confirm your settings and set policy enforcement as **enabled**.
+   1. Confirm your settings and set policy enforcement as **enabled**.
 
-1. Select **Review+Create**.
+   1. Select **Review+Create**.
 
-      :::image type="content" source="media/container-registry-enable-conditional-policy/06-enable-policy.png" alt-text="Screenshot to activate a Conditional Access policy":::
+         :::image type="content" source="media/container-registry-enable-conditional-policy/06-enable-policy.png" alt-text="Screenshot to activate a Conditional Access policy":::
 
 
 ## Create and configure a Conditional Access policy - Azure portal
@@ -102,54 +103,54 @@ ACR supports Conditional Access policy for Active Directory users only. It curre
 
 Create a Conditional Access policy and assign your test group of users as follows:
 
-1. Sign in to the [Azure portal](https://portal.azure.com) by using an account with *global administrator* permissions.
+   1. Sign in to the [Azure portal](https://portal.azure.com) by using an account with *global administrator* permissions.
 
-1. Search for and select **Azure Active Directory**. Then select **Security** from the menu on the left-hand side.
+   1. Search for and select **Azure Active Directory**. Then select **Security** from the menu on the left-hand side.
 
-1. Select **Conditional Access**, select **+ New policy**, and then select **Create new policy**.
- 
-   :::image type="content" alt-text="A screenshot of the Conditional Access page, where you select 'New policy' and then select 'Create new policy'." source="media/container-registry-enable-conditional-policy/01-create-conditional-access.png":::
+   1. Select **Conditional Access**, select **+ New policy**, and then select **Create new policy**.
+   
+      :::image type="content" alt-text="A screenshot of the Conditional Access page, where you select 'New policy' and then select 'Create new policy'." source="media/container-registry-enable-conditional-policy/01-create-conditional-access.png":::
 
-1. Enter a name for the policy, such as *demo*.
+   1. Enter a name for the policy, such as *demo*.
 
-1. Under **Assignments**, select the current value under **Users or workload identities**.
- 
-   :::image type="content" alt-text="A screenshot of the Conditional Access page, where you select the current value under 'Users or workload identities'." source="media/container-registry-enable-conditional-policy/02-conditional-access-users-and-groups.png":::
+   1. Under **Assignments**, select the current value under **Users or workload identities**.
+   
+      :::image type="content" alt-text="A screenshot of the Conditional Access page, where you select the current value under 'Users or workload identities'." source="media/container-registry-enable-conditional-policy/02-conditional-access-users-and-groups.png":::
 
-1. Under **What does this policy apply to?**, verify and select **Users and groups**.
+   1. Under **What does this policy apply to?**, verify and select **Users and groups**.
 
-1. Under **Include**, choose **Select users and groups**, and then select **All users**.
- 
-   :::image type="content" alt-text="A screenshot of the page for creating a new policy, where you select options to specify users." source="media/container-registry-enable-conditional-policy/03-conditional-access-users-groups-select-users.png":::
+   1. Under **Include**, choose **Select users and groups**, and then select **All users**.
+   
+      :::image type="content" alt-text="A screenshot of the page for creating a new policy, where you select options to specify users." source="media/container-registry-enable-conditional-policy/03-conditional-access-users-groups-select-users.png":::
 
-1. Under **Exclude**, choose **Select users and groups**, to exclude any choice of selection.
+   1. Under **Exclude**, choose **Select users and groups**, to exclude any choice of selection.
 
-1. Under **Cloud apps or actions**, choose **Cloud apps**.
+   1. Under **Cloud apps or actions**, choose **Cloud apps**.
 
-1. Under **Include**, choose **Select apps**.
+   1. Under **Include**, choose **Select apps**.
 
-    :::image type="content" alt-text="A screenshot of the page for creating a new policy, where you select options to specify cloud apps." source="media/container-registry-enable-conditional-policy/04-select-cloud-apps-select-apps.png":::
+      :::image type="content" alt-text="A screenshot of the page for creating a new policy, where you select options to specify cloud apps." source="media/container-registry-enable-conditional-policy/04-select-cloud-apps-select-apps.png":::
 
-1.  Browse for and select apps to apply Conditional Access, in this case *Azure Container Registry*, then choose **Select**.
+   1.  Browse for and select apps to apply Conditional Access, in this case *Azure Container Registry*, then choose **Select**.
 
-      :::image type="content" alt-text="A screenshot of the list of apps, with results filtered, and 'Azure Container Registry' selected." source="media/container-registry-enable-conditional-policy/05-select-azure-container-registry-app.png":::
+         :::image type="content" alt-text="A screenshot of the list of apps, with results filtered, and 'Azure Container Registry' selected." source="media/container-registry-enable-conditional-policy/05-select-azure-container-registry-app.png":::
 
-1.  Under **Conditions** , configure control access level with options such as *User risk level*, *Sign-in risk level*, *Sign-in risk detections (Preview)*, *Device platforms*, *Locations*, *Client apps*, *Time (Preview)*, *Filter for devices*.
+   1.  Under **Conditions** , configure control access level with options such as *User risk level*, *Sign-in risk level*, *Sign-in risk detections (Preview)*, *Device platforms*, *Locations*, *Client apps*, *Time (Preview)*, *Filter for devices*.
 
-1. Under **Grant**, filter and choose from options to enforce grant access or block access, during a sign-in event to the Azure portal. In this case grant access with *Require multifactor authentication*, then choose **Select**.
+   1. Under **Grant**, filter and choose from options to enforce grant access or block access, during a sign-in event to the Azure portal. In this case grant access with *Require multifactor authentication*, then choose **Select**.
 
-   >[!TIP]
-   > To configure and grant multi-factor authentication, see [configure and conditions for multi-factor authentication.](/azure/active-directory/authentication/tutorial-enable-azure-mfa#configure-the-conditions-for-multi-factor-authentication)
+      >[!TIP]
+      > To configure and grant multi-factor authentication, see [configure and conditions for multi-factor authentication.](/azure/active-directory/authentication/tutorial-enable-azure-mfa#configure-the-conditions-for-multi-factor-authentication)
 
-1. Under **Session**, filter and choose from options to enable any control on session level experience of the cloud apps.
+   1. Under **Session**, filter and choose from options to enable any control on session level experience of the cloud apps.
 
-1. After selecting and confirming, Under **Enable policy**, select **On**.
+   1. After selecting and confirming, Under **Enable policy**, select **On**.
 
-1. To apply and activate the policy, Select **Create**.
+   1. To apply and activate the policy, Select **Create**.
 
-    :::image type="content" alt-text="A screenshot showing how to activate the Conditional Access policy." source="media/container-registry-enable-conditional-policy/06-enable-conditional-access-policy.png":::
+      :::image type="content" alt-text="A screenshot showing how to activate the Conditional Access policy." source="media/container-registry-enable-conditional-policy/06-enable-conditional-access-policy.png":::
 
-We have now completed creating the Conditional Access policy for the Azure Container Registry.
+   We have now completed creating the Conditional Access policy for the Azure Container Registry.
 
 ## Next steps
 
