Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-aadroles-roles-oct

Author: rolyon

articles/azure-government/documentation-government-impact-level-5.md

@@ -7,7 +7,7 @@ ms.custom: references_regions, ignite-2022
 author: stevevi
 ms.author: stevevi
 recommendations: false
-ms.date: 07/14/2022
+ms.date: 10/21/2022
 ---
 
 # Isolation guidelines for Impact Level 5 workloads
@@ -171,21 +171,17 @@ Virtual machine scale sets aren't currently supported on Azure Dedicated Host. B
 > [!IMPORTANT]
 > As new hardware generations become available, some VM types might require reconfiguration (scale up or migration to a new VM SKU) to ensure they remain on properly dedicated hardware. For more information, see **[Virtual machine isolation in Azure](../virtual-machines/isolation.md).**
 
-#### Disk encryption for virtual machines
+#### Disk encryption options
 
-You can encrypt the storage that supports these virtual machines in one of two ways to support necessary encryption standards.
+There are several types of encryption available for your managed disks supporting virtual machines and virtual machine scale sets:
 
-- Use Azure Disk Encryption to encrypt the drives by using dm-crypt (Linux) or BitLocker (Windows):
-  - [Enable Azure Disk Encryption for Linux](../virtual-machines/linux/disk-encryption-overview.md)
-  - [Enable Azure Disk Encryption for Windows](../virtual-machines/windows/disk-encryption-overview.md)
-- Use Azure Storage service encryption for storage accounts with your own key to encrypt the storage account that holds the disks:
-  - [Storage service encryption with customer-managed keys](../storage/common/customer-managed-keys-configure-key-vault.md)
+- Azure Disk Encryption
+- Server-side encryption of Azure Disk Storage
+- Encryption at host
+- Confidential disk encryption
 
-#### Disk encryption for virtual machine scale sets
+All these options enable you to have sole control over encryption keys. For more information, see [Overview of managed disk encryption options](../virtual-machines/disk-encryption-overview.md).
 
-You can encrypt disks that support virtual machine scale sets by using Azure Disk Encryption:
-
-- [Encrypt disks in virtual machine scale sets](../virtual-machine-scale-sets/disk-encryption-key-vault.md)
 
 ## Containers
 

articles/azure-government/documentation-government-overview-jps.md

@@ -6,10 +6,10 @@ ms.topic: article
 author: stevevi
 ms.author: stevevi
 recommendations: false
-ms.date: 08/30/2022
+ms.date: 10/30/2022
 ---
 
-# Public safety and justice in Azure Government
+# Azure for public safety and justice
 
 ## Overview
 
@@ -29,7 +29,7 @@ Microsoft treats Criminal Justice Information Services (CJIS) compliance as a co
 
 The [Criminal Justice Information Services](https://www.fbi.gov/services/cjis) (CJIS) Division of the US Federal Bureau of Investigation (FBI) gives state, local, and federal law enforcement and criminal justice agencies access to criminal justice information (CJI), for example, fingerprint records and criminal histories. Law enforcement and other government agencies in the United States must ensure that their use of cloud services for the transmission, storage, or processing of CJI complies with the [CJIS Security Policy](https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center/view), which establishes minimum security requirements and controls to safeguard CJI.
 
-### Azure Government and CJIS Security Policy
+### Azure and CJIS Security Policy
 
 Microsoft's commitment to meeting the applicable CJIS regulatory controls help criminal justice organizations be compliant with the CJIS Security Policy when implementing cloud-based solutions. For more information about Azure support for CJIS, see [Azure CJIS compliance offering](/azure/compliance/offerings/offering-cjis).
 
@@ -77,7 +77,7 @@ While the current CMVP FIPS 140 implementation guidance precludes a FIPS 140 val
 
 Proper protection and management of encryption keys is essential for data security. [Azure Key Vault](../key-vault/index.yml) is a cloud service for securely storing and managing secrets. Key Vault enables you to store your encryption keys in hardware security modules (HSMs) that are FIPS 140 validated. For more information, see [Data encryption key management](./azure-secure-isolation-guidance.md#data-encryption-key-management).
 
-With Key Vault, you can import or generate encryption keys in HSMs, ensuring that keys never leave the HSM protection boundary to support *bring your own key* (BYOK) scenarios. Keys generated inside the Key Vault HSMs aren't exportable – there can be no clear-text version of the key outside the HSMs. This binding is enforced by the underlying HSM. **Azure Key Vault is designed, deployed, and operated such that Microsoft and its agents don't see or extract your cryptographic keys.** For extra assurances, see [How does Azure Key Vault protect your keys?](../key-vault/managed-hsm/mhsm-control-data.md#how-does-azure-key-vault-managed-hsm-protect-your-keys) Therefore, if you use CMK stored in Azure Key Vault HSMs, you effectively maintain sole ownership of encryption keys.
+With Key Vault, you can import or generate encryption keys in HSMs, ensuring that keys never leave the HSM protection boundary to support *bring your own key* (BYOK) scenarios. Keys generated inside the Key Vault HSMs aren't exportable – there can be no clear-text version of the key outside the HSMs. This binding is enforced by the underlying HSM. **Azure Key Vault is designed, deployed, and operated such that Microsoft and its agents don't see or extract your cryptographic keys.** For more information, see [How does Azure Key Vault protect your keys?](../key-vault/managed-hsm/mhsm-control-data.md#how-does-azure-key-vault-managed-hsm-protect-your-keys) Therefore, if you use CMK stored in Azure Key Vault HSMs, you effectively maintain sole ownership of encryption keys.
 
 ### Data encryption in transit
 
@@ -99,8 +99,6 @@ Technologies like [Intel Software Guard Extensions](https://software.intel.com/s
 
 Insider threat is characterized as potential for providing back-door connections and cloud service provider (CSP) privileged administrator access to your systems and data. For more information on how Microsoft restricts insider access to your data, see [Restrictions on insider access](./documentation-government-plan-security.md#restrictions-on-insider-access).
 
-All Azure and Azure Government employees in the United States are subject to Microsoft background checks. For more information, see [Screening](./documentation-government-plan-security.md#screening). Azure Government provides you with an extra layer of protection through contractual commitments regarding storage of your data in the United States and limiting potential access to systems processing your data to screened US persons that have completed fingerprint background checks and criminal records checks to address CJIS requirements.
-
 ## Monitoring your Azure resources
 
 Azure provides essential services that you can use to gain in-depth insight into your provisioned Azure resources and get alerted about suspicious activity, including outside attacks aimed at your applications and data. For more information about these services, see [Customer monitoring of Azure resources](./documentation-government-plan-security.md#customer-monitoring-of-azure-resources).

articles/devtest-labs/create-lab-windows-vm-bicep.md

@@ -1,9 +1,9 @@
 ---
 title: Create a lab in Azure DevTest Labs using Bicep
 description: Use Bicep to create a lab that has a virtual machine in Azure DevTest Labs.
-author: femila
+ms.author: rosemalcolm
+author: RoseHJM
 ms.topic: quickstart
-ms.author: femila
 ms.custom: subject-armqs, mode-arm
 ms.date: 03/22/2022
 ---