Merge pull request #178565 from mssindhurid/master

PRMerger18 · web-flow · commit 12971e5729c6 · 2021-11-03T13:55:52.000-07:00
Azure DCAP installation instructions
diff --git a/articles/confidential-computing/quick-create-portal.md b/articles/confidential-computing/quick-create-portal.md
@@ -136,9 +136,9 @@ For more information about connecting to Linux VMs, see [Create a Linux VM on Az
 ## Install Azure DCAP Client
 
 > [!NOTE]
-> Trusted Hardware Identity Management (THIM) is a free Azure service that helps you manage the hardware identities of different Trusted Execution Environments (TEEs). It fetches collateral from Intel Provisioning Certification Service (PCS) and caches it. The service enforces a minimum Trusted Compute Base (TCB) level as Azure security baseline, for attestation purposes.
+> Trusted Hardware Identity Management (THIM) is a free Azure service that helps you manage the hardware identities of different Trusted Execution Environments (TEEs). It fetches collateral from Intel Provisioning Certification Service (PCS) and caches it. The service enforces a minimum Trusted Compute Base (TCB) level as Azure security baseline, for attestation purposes. For DCsv3 and DCdsv3-series Azure VMs, the Intel certificates can only be fetched from THIM, as it is not possible to make direct calls to Intel service from the VMs. 
 
-DCsv2, DCsv3 and DCdsv3-series Azure VM users are recommended to install Azure DCAP client to interact with THIM and fetch TEE collateral for quote generation, during attestation process. To learn more about attestation, please refer to [Microsoft Azure Attestation](/azure/attestation/overview) or [ECDSA Attestation](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/attestation-services.html).
+With the release of the Intel® Xeon Scalable Processors, remote attestation support is changing. DCsv3 and DCdsv3 only support [ECDSA-based Attestation](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/attestation-services.html) and the users are required to install [Azure DCAP](https://github.com/Microsoft/Azure-DCAP-Client) client to interact with THIM and fetch TEE collateral for quote generation during attestation process. DCsv2 continues to support [EPID-based Attestation](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/attestation-services.html). 
 
 ## Clean up resources
 
@@ -154,3 +154,6 @@ Discover how you can build confidential computing applications, by continuing to
 
 > [!div class="nextstepaction"]
 > [Building Open Enclave SDK Samples](https://github.com/openenclave/openenclave/blob/master/samples/README.md)
+
+Microsoft Azure Attestation is free and ECDSA-based attestation framework, for remotely verifying the trustworthiness of multiple TEEs and integrity of the binaries running inside it. Learn [more](/azure/attestation/overview)
+
