addressing PR comments

Author: Gitprakhar13

articles/attestation/azure-TPM-VBS-attestation-usage.md

@@ -1,5 +1,5 @@
 ---
-title: Azure TPM VBS Attestation usage 
+title: Azure TPM VBS attestation usage 
 description: Learn about how to apply TPM and VBS attestation
 services: attestation
 author: prsriva
@@ -28,60 +28,44 @@ Detailed information about the workflow is described in [Azure attestation workf
 This is the first step for any attestation to be performed. Setting up an endpoint, this can be performed either via code or using the Azure portal.
 
 Here's how you can set up an attestation endpoint using Portal
-<ul>
-<li> Prerequisite: Access to the Microsoft Azure Active Directory(Azure AD) tenant and subscription under which you want to create the attestation endpoint.
 
-Learn more about setting up an [Azure AD tenant](../active-directory/develop/quickstart-create-new-tenant.md).</li>
-
-<li> Create an endpoint under the desired resource group, with the desired name.
+1 Prerequisite: Access to the Microsoft Azure Active Directory(Azure AD) tenant and subscription under which you want to create the attestation endpoint.
+Learn more about setting up an [Azure AD tenant](../active-directory/develop/quickstart-create-new-tenant.md).
 
+2 Create an endpoint under the desired resource group, with the desired name.
 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE5azcU]
 
-</li>
-<li> Add Attestation Contributor Role to the Identity who will be responsible to update the attestation policy.
-
+3 Add Attestation Contributor Role to the Identity who will be responsible to update the attestation policy.
 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE5aoRj]
 
-</li>
-<li> Configure the endpoint with the required policy.
-
+4 Configure the endpoint with the required policy.
 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE5aoRk]
 
-</li>
-
-Sample policies can be found in the [policy section](tpm-attestation-sample-policies.md) .</br>
+Sample policies can be found in the [policy section](tpm-attestation-sample-policies.md).
 
 > [!NOTE]
 > TPM endpoints are designed to be provisioned without a default attestation policy.
-</ul>
 
 
 ### Client Setup:
 A client to communicate with the attestation service endpoint needs to ensure it's following the protocol as described in the [protocol documentation](virtualization-based-security-protocol.md). Use the [Attestation Client NuGet](https://www.nuget.org/packages/Microsoft.Attestation.Client) to ease the integration.
-
-<ul>
-<li> 
-Prerequisite: An Azure AD identity is needed to access the TPM endpoint.
-
+ 
+1 Prerequisite: An Azure AD identity is needed to access the TPM endpoint.
 Learn more [Azure AD identity tokens](../active-directory/develop/v2-overview.md).
-</li>
-<li> Add Attestation Reader Role to the identity that will be need for authentication against the endpoint. Azure i
 
+2 Add Attestation Reader Role to the identity that will be need for authentication against the endpoint. Azure i
 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE5aoRi]
 
-</li>
-</ul>
 
 ## Execute the Attestation Workflow:
 Using the [Client](https://github.com/microsoft/Attestation-Client-Samples) to trigger an attestation flow. A successful attestation will result in an attestation report (encoded JWT token). Parsing the JWT token, the contents of the report can be easily validated against expected outcome. 
 
 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE5azcT]
 
 
-</br>
 Here's a sample of the contents of the attestation report.
-
-:::image type="content" source="./media/sampledecodedtoken.jpg" alt-text="Sample decoded token for tpm attestation" lightbox="./media/sampledecodedtoken.jpg":::
+git mv OLD-FILENAME NEW-FILENAME
+:::image type="content" source="./media/sample-decoded-token.jpg" alt-text="Sample decoded token for tpm attestation" lightbox="./media/sampledecodedtoken.jpg":::
 
 Using the Open ID [metadata endpoint](/rest/api/attestation/metadata-configuration/get?tabs=HTTP) contains properties, which describe the attestation service.The signing keys describe the keys, which will be used to sign tokens generated by the attestation service. All tokens emitted by the attestation service will be signed by one of the certificates listed in the attestation signing keys.
 

articles/attestation/media/addreaderrole.mp4

@@ -109,7 +109,7 @@ c:[type=="boolProperties", issuer=="AttestationPolicy"] => issue(type="Malicious
 
 ## Extending the protection from malicious boot attacks via Integrity Measurement Architecture(IMA) on Linux
 
-Linux systems follows a similar boot process to Windows, and with TPM attestation the protection profile can be extended to beyond boot into the kernel as well using Integrity Measurement Architecture(IMA). IMA subsystem was designed to detect if files have been accidentally or maliciously altered, both remotely and locally, it maintains a runtime measurement list and, if anchored in a hardware Trusted Platform Module(TPM), an aggregate integrity value over this list provides the benefit of resiliency from software attacks.Recent enhancements in the IMA subsystem also allows for non file based attributes to be measured and attested remotely. Azure attestation supports non file based measurements to be attested remtoely to provide a holistic view of system integrity.
+Linux systems follow a similar boot process to Windows, and with TPM attestation the protection profile can be extended to beyond boot into the kernel as well using Integrity Measurement Architecture(IMA). IMA subsystem was designed to detect if files have been accidentally or maliciously altered, both remotely and locally, it maintains a runtime measurement list and, if anchored in a hardware Trusted Platform Module(TPM), an aggregate integrity value over this list provides the benefit of resiliency from software attacks. Recent enhancements in the IMA subsystem also allows for non file based attributes to be measured and attested remotely. Azure attestation supports non file based measurements to be attested remotely to provide a holistic view of system integrity.
 
 Enabling IMA with the following ima-policy will enable measurement of non file attributes while still enabling local file integrity attestation.
 
@@ -184,18 +184,18 @@ Note: Support for non-file based measurements are only available from linux kern
 
 ## TPM Key attestation support
 
-Numerous applications rely on foundational credential management of keys and certs for protections against credential theft, and one of main ways of ensuring the credential security is the reliance of key storage providers that provide additional security from malware and attacks. Windows implements various cryptographic providers which can be either software or hardware based. 
+Numerous applications rely on foundational credential management of keys and certs for protections against credential theft, and one of main ways of ensuring the credential security is the reliance of key storage providers that provide additional security from malware and attacks. Windows implements various cryptographic providers that can be either software or hardware based. 
 
 The two most important ones are: 
 
-* Microsoft Software Key Storage Provider : Standard provider which stores keys software based and supports CNG (Crypto-Next Generation) 
+* Microsoft Software Key Storage Provider: Standard provider, which stores keys software based and supports CNG (Crypto-Next Generation) 
 
-* Microsoft Platform Crypto Provider : Hardware based which stores keys on a TPM (trusted platform module) and supports CNG as well 
+* Microsoft Platform Crypto Provider: Hardware based which stores keys on a TPM (trusted platform module) and supports CNG as well 
 
-Whenever a Storage provider is used, it’s usually to create a pub/priv key pair which are chained to a root of trust. At creation additional properties can also be used to enable certain aspects of the key storage, exportability, etc. Key attestation in this context, is the technical ability to prove to a replying party that a private key was generated inside, and is managed inside, and in a not exportable form. Such attestation clubbed with other information can help protect from credential theft and replay type of attack. 
+Whenever a Storage provider is used, it’s usually to create a pub/priv key pair that are chained to a root of trust. At creation more properties can also be used to enable certain aspects of the key storage, exportability, etc. Key attestation in this context, is the technical ability to prove to a replying party that a private key was generated inside, and is managed inside, and in a not exportable form. Such attestation clubbed with other information can help protect from credential theft and replay type of attack. 
 
-TPMs also provide the capability ability to attest that keys are resident in a TPM, enabling higher security assurance, backed up by non-exportability, anti-hammering, and isolation of keys. A very common use case is for applications that issue digital signature certificate for subscriber keys, verifying that the subscribers private signature key is generated and managed in an approved TPM.
-One can easily attest to the fact the keys are resident in a valid TPM with appropriate non-exportablity flags using a policy as below.
+TPMs also provide the capability ability to attest that keys are resident in a TPM, enabling higher security assurance, backed up by non-exportability, anti-hammering, and isolation of keys. A common use case is for applications that issue digital signature certificate for subscriber keys, verifying that the subscribers private signature key is generated and managed in an approved TPM.
+One can easily attest to the fact the keys are resident in a valid TPM with appropriate Nonexportability flags using a policy as below.
 
 ```
 version=1.2;

articles/attestation/media/addroletoendpoint.mp4

@@ -313,7 +313,7 @@ c:[type=="events", issuer=="AttestationService"] => issue(type="DriverLoadPolicy
 
 ```
 
-### Attestation policy for Key attestation, validating keys and propterties of the key.
+### Attestation policy for Key attestation, validating keys and properties of the key.
 
 ```
 version=1.2;

articles/attestation/media/configurepolicy.mp4

@@ -1,5 +1,5 @@
 ---
-title: Virtualization-based Security (VBS) protocol for Azure Attestation
+title: Virtualization-based security (VBS) protocol for Azure Attestation
 description: VBS attestation protocol 
 services: attestation
 author: msmbaldwin
@@ -23,9 +23,7 @@ The protocol has 2 messages exchanges:
 * Init Message
 * Request Message
 
-<B><U> Insert image of protocol messages </B></U>
-
-### Init Message
+### Init message
 Message to establish context for the request message.
 
 #### Direction
@@ -67,7 +65,7 @@ Payload containing the data that is to be attested by the attestation service.
 
 Note: Support for IMA measurement logs and Keys has been added to Request message, and can be found in the Request Message V2 section
 
-## Request Message V1
+## Request message v1
 
 #### Direction
 
@@ -89,7 +87,7 @@ BASE64URL(JWS Payload) || '.' ||
 
 BASE64URL(JWS Signature)
 
-##### JWS Protected Header
+##### JWS protected header
 
 ```
 {
@@ -99,7 +97,7 @@ BASE64URL(JWS Signature)
 }
 ```
 
-##### JWS Payload
+##### JWS payload
 
 JWS payload can be of type basic or VBS. Basic is used when attestation evidence does not include VBS data. 
 
@@ -263,7 +261,7 @@ Azure Attestation -> Client
 
 **report** (JWT): The attestation report in JSON Web Token (JWT) format (RFC 7519).
 
-## Request Message V2
+## Request message v2
 
 
 ```
@@ -277,7 +275,7 @@ BASE64URL(UTF8(JWS Protected Header)) || '.' ||
 BASE64URL(JWS Payload) || '.' ||
 BASE64URL(JWS Signature)
 
-##### JWS Protected Header
+##### JWS protected header
 ```
 {
   "alg": "PS256",
@@ -286,7 +284,7 @@ BASE64URL(JWS Signature)
 }
 ```
 
-#### JWS Payload
+#### JWS payload
 
 JWS payload can be of type basic or vsm. Basic is used when attestation evidence does not include VSM data.
 
@@ -626,7 +624,7 @@ TPM + VBS enclave example:
 }
 ```
 
-**rp_id** (StringOrURI): Relying party identifier. Used by the service in the computation of the machine id claim.
+**rp_id** (StringOrURI): Relying party identifier. Used by the service in the computation of the machine ID claim.
 
 **rp_data** (BASE64URL(OCTETS)): Opaque data passed by the relying party. This is normally used by the relying party as a nonce to guarantee freshness of the report.