update

Author: msmbaldwin

articles/payment-hsm/certification-compliance.md

@@ -8,13 +8,13 @@ tags: azure-resource-manager
 ms.service: payment-hsm
 ms.workload: security
 ms.topic: article
-ms.date: 01/25/2022
+ms.date: 03/25/2023
 ms.author: mbaldwin
 ---
 
 # Certification and compliance
 
-Azure maintains the largest compliance portfolio in the industry. For details, see [Microsoft Azure Compliance Offerings](https://azure.microsoft.com/en-us/resources/microsoft-azure-compliance-offerings/), Each offering description provides an up to-date-scope statement and links to useful downloadable resources.
+Azure maintains the largest compliance portfolio in the industry. For details, see [Microsoft Azure Compliance Offerings](https://azure.microsoft.com/resources/microsoft-azure-compliance-offerings/), Each offering description provides an up to-date-scope statement and links to useful downloadable resources.
 
 Azure payment HSM meets following compliance standards:
 

articles/payment-hsm/create-payment-hsm.md

@@ -34,6 +34,9 @@ In this tutorial, you learn how to:
 
 - You must register the "Microsoft.HardwareSecurityModules" and "Microsoft.Network" resource providers, as well as the Azure Payment HSM features. Steps for doing so are at [Register the Azure Payment HSM resource provider and resource provider features](register-payment-hsm-resource-providers.md).
 
+  > [!WARNING]
+  > You must apply the "FastPathEnabled" feature flag to **every** subscription ID, and add the "fastpathenabled" tag to **every** virtual network. For more details, see [Fastpathenabled](fastpathenabled.md).
+
   To quickly ascertain if the resource providers and features are already registered, use the Azure CLI [az provider show](/cli/azure/provider#az-provider-show) command. (You will find the output of this command more readable if you display it in table-format.)
 
   ```azurecli-interactive

articles/payment-hsm/deployment-scenarios.md

@@ -8,7 +8,7 @@ tags: azure-resource-manager
 ms.service: payment-hsm
 ms.workload: security
 ms.topic: article
-ms.date: 12/01/2022
+ms.date: 03/25/2023
 ms.author: mbaldwin
 
 ---
@@ -38,19 +38,6 @@ For High Availability, customer must allocate HSMs between stamp 1 and stamp 2 (
 
 This scenario caters to regional-level failure. The usual strategy is to completely switch the application stack (and its HSMs), rather than trying to reach an HSM in Region 2 from application in Region 1 due to latency.
 
-## fastpathenabled
-
-The fastpathenabled tag is an Azure Feature Exposure Control (AFEC) flag, which will enable subscriptions to connect to Payment HSM.
-
-The fastpathenabled tag must be added/registered to all subscriptions that connect to Payment HSM. Enabling the fastpathenabled tag on the subscriptions with existing resources will have **no** impact on the existing resources. Follow the steps outlined in Register the [Azure Payment HSM resource providers](register-payment-hsm-resource-providers.md?tabs=azure-cli).
-
-> [!NOTE]
-> If you have multiple subscriptions that require access to a Payment HSM, contact [Mirosoft support](support-guide.md#microsoft-support) to have all subscription IDs enabled.
-
-The fastpathenabled tag must be enabled on any virtual networks that the Payment HSM uses, peered or otherwise. For instance, to peer a virtual network of a payment HSM with a virtual network of a VM, you must first add the fastpathenabled tag to the latter. Unfortunately, adding the fastpathenabled tag through the Azure portal is insufficient -- it must be done from the commandline. To o so, follow the steps outlined in [How to peer Azure Payment HSM virtual networks](peer-vnets.md?tabs=azure-cli)
-
-For an MNAT scenario, ensure that you add the fastpathenabled tag with a value of `True` when creating the NAT gateway (not after the NAT gateway is created).
-
 ## Next steps
 
 - Learn more about [Azure Payment HSM](overview.md)

articles/payment-hsm/fastpathenabled.md

@@ -0,0 +1,46 @@
+---
+title: Azure Payment HSM fastpathenabled tag
+description: The fastpathenabled tag, as it relates to Azure Payment HSM and affiliated subscriptions and virtual networks
+services: payment-hsm
+author: msmbaldwin
+
+tags: azure-resource-manager
+ms.service: payment-hsm
+ms.workload: security
+ms.topic: article
+ms.date: 03/25/2023
+ms.author: mbaldwin
+
+---
+
+# Fastpathenabled
+
+Within the context of Azure Payment HSM, "Fastpathenabled" is used in two related but distinct ways:
+
+- "FastPathEnabled" (capitalized) is a an Azure Feature Exposure Control (AFEC) flag. It must be applied to **every** subscription ID that wants to connect to a payment HSM.
+- "fastpathenabled" (lowercased) is a virtual network tag. It must be added to **every** virtual network and NAT gateway (when applicable) that interacts with a payment HSM.
+
+### Subscriptions
+
+The "FastPathEnabled" feature flag must be added/registered to all subscriptions IDs that connect to a payment HSM. If you have multiple subscriptions IDs that require access to a payment HSM, include them all when contacting [Mirosoft support](support-guide.md#microsoft-support) (after you [Register the resource providers and features](register-payment-hsm-resource-providers.md)).
+
+> [!WARNING]
+Applying the "FastPathEnabled" feature flag to a subscription that already has resources has **no** effect on existing resources. You must register those resources by following the stpes in [Register the resource providers and features](register-payment-hsm-resource-providers.md).
+
+### Virtual networks
+
+The "fastpathenabled" tag must be enabled on every virtual networks that the payment HSM uses, peered or otherwise. For instance, to peer a virtual network of a payment HSM with a virtual network of a VM, you must first add the "fastpathenabled" tag to the latter.
+
+Unfortunately, adding the "fastpathenabled" tag through the Azure portal is insufficient—it must be done from the commandline. To do so, follow the steps outlined in [How to peer Azure Payment HSM virtual networks](peer-vnets.md?tabs=azure-cli).
+
+### Virtual Network NAT scenario
+
+For an Virtual Network NAT scenario, you must add the "fastpathenabled" tag with a value of `True` when creating the NAT gateway (not after the NAT gateway is created).
+
+## Next steps
+
+- Learn more about [Azure Payment HSM](overview.md)
+- See common [Deployment scenarios](deployment-scenarios.md)
+- Find out how to [get started with Azure Payment HSM](getting-started.md)
+- Learn how to [Create a payment HSM](create-payment-hsm.md)
+- Read the [frequently asked questions](faq.yml)

articles/payment-hsm/quickstart-cli.md

@@ -8,7 +8,7 @@ ms.author: mbaldwin
 ms.topic: quickstart
 ms.devlang: azurecli
 ms.custom: devx-track-azurecli
-ms.date: 09/12/2022
+ms.date: 03/25/2023
 ---
 
 # Quickstart: Create an Azure Payment HSM with the Azure CLI
@@ -21,6 +21,9 @@ This article describes how to create, update, and delete an Azure Payment HSM by
 
 - You must register the "Microsoft.HardwareSecurityModules" and "Microsoft.Network" resource providers, as well as the Azure Payment HSM features. Steps for doing so are at [Register the Azure Payment HSM resource provider and resource provider features](register-payment-hsm-resource-providers.md).
 
+  > [!WARNING]
+  > You must apply the "FastPathEnabled" feature flag to **every** subscription ID, and add the "fastpathenabled" tag to **every** virtual network. For more details, see [Fastpathenabled](fastpathenabled.md).
+
   To quickly ascertain if the resource providers and features are already registered, use the Azure CLI [az provider show](/cli/azure/provider#az-provider-show) command. (You will find the output of this command more readable if you display it in table-format.)
 
   ```azurecli-interactive

articles/payment-hsm/quickstart-powershell.md

@@ -21,6 +21,9 @@ This article describes how you can create an Azure Payment HSM using the [Az.Ded
 
 - You must register the "Microsoft.HardwareSecurityModules" and "Microsoft.Network" resource providers, as well as the Azure Payment HSM features. Steps for doing so are at [Register the Azure Payment HSM resource provider and resource provider features](register-payment-hsm-resource-providers.md).
 
+  > [!WARNING]
+  > You must apply the "FastPathEnabled" feature flag to **every** subscription ID, and add the "fastpathenabled" tag to **every** virtual network. For more details, see [Fastpathenabled](fastpathenabled.md).
+
   To quickly ascertain if the resource providers and features are already registered, use the Azure PowerShell [Get-AzProviderFeature](/powershell/module/az.resources/get-azproviderfeature) cmdlet:
 
 ```azurepowershell-interactive

articles/payment-hsm/quickstart-template.md

@@ -28,6 +28,9 @@ This article describes how to create a payment HSM with the host and management
 
 - You must register the "Microsoft.HardwareSecurityModules" and "Microsoft.Network" resource providers, as well as the Azure Payment HSM features. Steps for doing so are at [Register the Azure Payment HSM resource provider and resource provider features](register-payment-hsm-resource-providers.md).
 
+  > [!WARNING]
+  > You must apply the "FastPathEnabled" feature flag to **every** subscription ID, and add the "fastpathenabled" tag to **every** virtual network. For more details, see [Fastpathenabled](fastpathenabled.md).
+
   To quickly ascertain if the resource providers and features are already registered, use the Azure CLI [az provider show](/cli/azure/provider#az-provider-show) command. (You will find the output of this command more readable if you display it in table-format.)
 
   ```azurecli-interactive

articles/payment-hsm/register-payment-hsm-resource-providers.md

@@ -6,7 +6,7 @@ author: msmbaldwin
 ms.service: payment-hsm
 ms.custom: devx-track-azurecli, devx-track-azurepowershell
 ms.topic: overview
-ms.date: 09/12/2022
+ms.date: 02/25/2023
 ms.author: mbaldwin
 ---
 # Register the Azure Payment HSM resource providers and resource provider features
@@ -25,7 +25,7 @@ az provider register --namespace "Microsoft.HardwareSecurityModules"
 az feature registration create --namespace "Microsoft.HardwareSecurityModules" --name "AzureDedicatedHsm" 
 ```
 
-You must also register the "Microsoft.Network" resource provider and the "FastPathEnabled" feature.
+You must also register the "Microsoft.Network" resource provider and the "FastPathEnabled" Azure Feature Exposure Control (AFEC) flag. For more information on the "FastPathEnabled" feature flag, see [Fathpathenabled](fastpathenabled.md).
 
 ```azurecli-interactive
 az provider register --namespace "Microsoft.Network"
@@ -34,7 +34,7 @@ az feature registration create --namespace "Microsoft.Network" --name "FastPathE
 ```
 
 > [!IMPORTANT]
-> After registering the "FastPathEnabled" feature, you **must** contact the [Azure Payment HSM support team](support-guide.md#microsoft-support) team to have your registration approved.  In your message to Microsoft support, include your subscription ID.
+> After registering the "FastPathEnabled" feature flag, you **must** contact the [Azure Payment HSM support team](support-guide.md#microsoft-support) team to have your registration approved.  In your message to Microsoft support, include your subscription ID.  If multiple subsciptions must connect with the payment HSM, you must include **all** the subscriopts IDs.
 
 You can verify that your registrations are complete with the Azure CLI [az provider show](/cli/azure/provider#az-provider-show) command. (You will find the output of this command more readable if you display it in table-format.)
 
@@ -58,7 +58,7 @@ Register-AzResourceProvider -ProviderNamespace Microsoft.HardwareSecurityModules
 Register-AzProviderFeature -FeatureName "AzureDedicatedHsm" -ProviderNamespace Microsoft.HardwareSecurityModules
 ```
 
-You must also register the "Microsoft.Network" resource provider and the "FastPathEnabled" feature.
+You must also register the "Microsoft.Network" resource provider and the "FastPathEnabled" Azure Feature Exposure Control (AFEC) flag. For more information on the "FastPathEnabled" feature flag, see [Fathpathenabled](fastpathenabled.md).
 
 ```azurepowershell-interactive
 Register-AzResourceProvider -ProviderNamespace Microsoft.Network
@@ -67,7 +67,7 @@ Register-AzProviderFeature -FeatureName "FastPathEnabled" -ProviderNamespace Mic
 ```
 
 > [!IMPORTANT]
-> After registering the "FastPathEnabled" feature, you **must** contact the [Azure Payment HSM support team](support-guide.md#microsoft-support) team to have your registration approved.  In your message to Microsoft support, include your subscription ID.
+> After registering the "FastPathEnabled" feature flag, you **must** contact the [Azure Payment HSM support team](support-guide.md#microsoft-support) team to have your registration approved.  In your message to Microsoft support, include your subscription ID.  If multiple subsciptions must connect with the payment HSM, you must include **all** the subscriopts IDs.
 
 You can verify that your registrations are complete with the Azure PowerShell [Get-AzProviderFeature](/powershell/module/az.resources/get-azproviderfeature) cmdlet:
 

articles/payment-hsm/toc.yml

@@ -57,6 +57,8 @@
     href: deployment-scenarios.md
   - name: Solution design
     href: solution-design.md
+  - name: Fastpathenabled
+    href: fastpathenabled.md
 
 - name: Support
   items: