MicrosoftDocs
diff --git a/‎articles/trusted-signing/TOC.yml
Lines changed: 16 additions & 16 deletions b/‎articles/trusted-signing/TOC.yml
Lines changed: 16 additions & 16 deletions
diff --git a/‎articles/trusted-signing/concept-trusted-signing-cert-management.md
Lines changed: 38 additions & 31 deletions b/‎articles/trusted-signing/concept-trusted-signing-cert-management.md
Lines changed: 38 additions & 31 deletions
diff --git a/‎articles/trusted-signing/concept-trusted-signing-resources-roles.md
Lines changed: 35 additions & 38 deletions b/‎articles/trusted-signing/concept-trusted-signing-resources-roles.md
Lines changed: 35 additions & 38 deletions
diff --git a/‎articles/trusted-signing/concept-trusted-signing-trust-models.md
Lines changed: 27 additions & 26 deletions b/‎articles/trusted-signing/concept-trusted-signing-trust-models.md
Lines changed: 27 additions & 26 deletions
@@ -6,35 +6,35 @@
     items:
     - name: What is the Trusted Signing service?
       href: overview.md
-  - name: How-To
+  - name: Quickstarts
     items:
-    - name: Signing Integrations with Trusted Signing
+    - name: Set up Trusted Signing
+      href: quickstart.md
+  - name: How-to guides
+    items:
+    - name: Set up signing integrations to use Trusted Signing
       href: how-to-signing-integrations.md
-    - name: Sign CI Policies with Trusted Signing
+    - name: Sign a CI policy by using Trusted Signing
       href: how-to-sign-ci-policy.md
     - name: Access signed transactions in Trusted Signing 
       href: how-to-sign-history.md
     - name: Revoke a certificate profile in Trusted Signing
       href: how-to-cert-revocation.md
-    - name: Renew Trusted Signing Identity Validation
+    - name: Renew Trusted Signing identity validation
       href: how-to-renew-identity-validation.md
-  - name: Quickstart
+  - name: Tutorials
     items:
-    - name: Quickstart onboarding
-      href: quickstart.md
-  - name: Tutorial
-    items:
-    - name: Assigning Roles in Trusted Signing
+    - name: Assign roles in Trusted Signing
       href: tutorial-assign-roles.md
-  - name: FAQ
-    items:
-    - name: FAQ about Trusted Signing
-      href: faq.yml
-  - name: Concept
+  - name: Concepts
     items:
     - name: Trusted Signing trust models
       href: concept-trusted-signing-trust-models.md
     - name: Trusted Signing resources and roles
       href: concept-trusted-signing-resources-roles.md
     - name: Trusted Signing certificate management
-      href: concept-trusted-signing-cert-management.md
+      href: concept-trusted-signing-cert-management.md
+  - name: FAQ
+    items:
+    - name: Frequently asked questions about Trusted Signing
+      href: faq.yml
@@ -1,6 +1,6 @@
 ---
 title: Trusted Signing trust models
-description: Trusted Signing is a fully managed end-to-end service for signing. Managed as an Azure resource, the service functions through the familiar tenant and subscription management experiences. In this article, learn what a trust model is, the two primary trust models provided in Trusted Signing (Public-Trust and Private-Trust), and the signing scenarios and security features that each of the Trusted Signing trust models support.
+description: Learn what a trust model is, understand the two primary trust models in Trusted Signing, and learn about the signing scenarios and security features that each supports.
 author: ianjmcm
 ms.author: ianmcm
 ms.service: trusted-signing
@@ -11,48 +11,49 @@ ms.custom: template-concept
 
 # Trusted Signing trust models
 
-This article explains the concept of trust models, the primary trust models that Trusted Signing provides, and how to leverage them across a wide variety of signing scenarios supported by Trusted Signing. 
+This article explains the concept of trust models, the primary trust models that Trusted Signing provides, and how to use them in a wide variety of signing scenarios that Trusted Signing supports.
 
-## Overview
+## Trust models
 
-A trust model defines the rules and mechanisms for validating digital signatures and ensuring the security of communications in a digital environment. In other words, trust models define how trust is established and maintained within entities in a digital ecosystem.
+A trust model defines the rules and mechanisms for validating digital signatures and ensuring the security of communications in a digital environment. Trust models define how trust is established and maintained within entities in a digital ecosystem.
 
-For signature consumers like publicly trusted code signing for Microsoft Windows applications, trust models depend on signatures that have certificates from a Certification Authority (CA) that is part of the [Microsoft Root Certificate Program](/security/trusted-root/program-requirements). This is primarily why Trusted Signing trust models are designed to support Windows Authenticode signing and security features that use code signing on Windows (e.g. [Smart App Control](/windows/apps/develop/smart-app-control/overview) and [Windows Defender Application Control](/windows/security/application-security/application-control/windows-defender-application-control/wdac)).
+For signature consumers like publicly trusted code signing for Microsoft Windows applications, trust models depend on signatures that have certificates from a Certification Authority (CA) that is part of the [Microsoft Root Certificate Program](/security/trusted-root/program-requirements). For this reason, Trusted Signing trust models are designed primarily to support Windows Authenticode signing and security features that use code signing on Windows (for example, [Smart App Control](/windows/apps/develop/smart-app-control/overview) and [Windows Defender Application Control](/windows/security/application-security/application-control/windows-defender-application-control/wdac)).
 
-Trusted Signing provides two primary trust models to support a wide variety of signature consumption (validations): 
+Trusted Signing provides two primary trust models to support a wide variety of signature consumption (*validations*):
 
-- [Public-Trust](#public-trust)
-- [Private-Trust](#private-trust)
+- [Public Trust](#public-trust-model)
+- [Private Trust](#private-trust-model)
 
 > [!NOTE]
-> Subscribers to Trusted Signing aren't limited to the signing scenarios application of the trust models shared in this article. Trusted Signing was designed to support Windows > Authenticode code signing and App Control for Business features in Windows with an ability to broadly support other signing and trust models beyond Windows. 
+> You aren't limited to applying the trust models that are used in the signing scenarios described in this article. Trusted Signing was designed to support Windows and Authenticode code signing and Application Control for Windows features. It broadly supports other signing and trust models beyond Windows.
 
-## Public-Trust
+## Public Trust model
 
-Public-Trust is one of the models provided in Trusted Signing and is the most commonly used model. The certificates in the Public-Trust model are issued from the [Microsoft Identity Verification Root Certificate Authority 2020](https://www.microsoft.com/pkiops/certs/microsoft%20identity%20verification%20root%20certificate%20authority%202020.crt) and complies with the [Microsoft PKI Services Third Party Certification Practice Statement (CPS)](https://www.microsoft.com/pkiops/docs/repository.htm). This root CA is included a relying party's root certificate program such as the [Microsoft Root Certificate Program](/security/trusted-root/program-requirements) for the usage of code signing and timestamping. 
+Public Trust is one of the two trust models that are provided in Trusted Signing and is the most commonly used model. The certificates in the Public Trust model are issued from the [Microsoft Identity Verification Root Certificate Authority 2020](https://www.microsoft.com/pkiops/certs/microsoft%20identity%20verification%20root%20certificate%20authority%202020.crt) and comply with the [Microsoft PKI Services Third-Party Certification Practice Statement (CPS)](https://www.microsoft.com/pkiops/docs/repository.htm). This root CA is included in a relying party's root certificate program, such as the [Microsoft Root Certificate Program](/security/trusted-root/program-requirements), for code signing and time stamping.
 
-The Public-Trust resources in Trusted Signing are designed to support the following signing scenarios and security features:
+Public Trust resources in Trusted Signing are designed to support the following signing scenarios and security features:
 
-- [Win32 App Code Signing](/windows/win32/seccrypto/cryptography-tools#introduction-to-code-signing)
-- [Windows 11 Smart App Control](/windows/apps/develop/smart-app-control/code-signing-for-smart-app-control)
-- [/INTEGRITYCHECK - Forced Integrity Signing for PE binaries](/cpp/build/reference/integritycheck-require-signature-check)
-- [Virtualization Based Security (VBS) Enclaves](/windows/win32/trusted-execution/vbs-enclaves)
+- [Win32 app code signing](/windows/win32/seccrypto/cryptography-tools#introduction-to-code-signing)
+- [Smart App Control in Windows 11](/windows/apps/develop/smart-app-control/code-signing-for-smart-app-control)
+- [/INTEGRITYCHECK forced integrity signing for portable executable (PE) binaries](/cpp/build/reference/integritycheck-require-signature-check)
+- [Virtualization-based security (VBS) enclaves](/windows/win32/trusted-execution/vbs-enclaves)
 
-Public-Trust is recommended for signing any artifact that is to be shared publicly and for the signer to be a validated legal organization or individual. 
+We recommend that you use Public Trust to sign any artifact that you want to share publicly. The signer should be a validated legal organization or individual.
 
 > [!NOTE]
-> Trusted Signing includes options for "Test" Certificate Profiles under the Public-Trust collection, but the certificates are not publicly trusted. These "Test" Certificate Profiles are intended to be used for inner loop dev/test signing and should NOT be trusted.
+> Trusted Signing includes options for "test" certificate profiles under the Public Trust collection, but the certificates are not publicly trusted. The Public Trust Test certificate profiles are intended to be used for inner-loop dev/test signing and should *not* be trusted.
 
-## Private-Trust
+## Private Trust model
 
-Private-Trust is the other trust model provided in Trusted Signing. It's for opt-in trust where the signatures aren't broadly trusted across the ecosystem. The CA hierarchy used for Trusted Signing's Private-Trust resources isn't default trusted in any root program and in Windows. Rather, it's specifically designed for use in [App Control for Windows (formerly known as Windows Defender Application Control)](/windows/security/application-security/application-control/windows-defender-application-control/wdac) features including:
+Private Trust is the second trust model that's provided in Trusted Signing. It's for opt-in trust when signatures aren't broadly trusted across the ecosystem. The CA hierarchy that's used for Trusted Signing Private Trust resources isn't default-trusted in any root program and in Windows. Rather, it's designed to use in [App Control for Business (formerly Windows Defender Application Control, *WDAC*)](/windows/security/application-security/application-control/windows-defender-application-control/wdac) features, including:
 
+- [Use code signing for added control and protection with WDAC](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)
+- [Use signed policies to protect Windows Defender Application Control against tampering](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering)
+- [Optional: Create a code signing cert for Windows Defender Application Control](/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac)
 
-* [Use code signing for added control and protection with WDAC](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)
-* [Use signed policies to protect Windows Defender Application Control against tampering](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering)
-* [Optional: Create a code signing cert for Windows Defender Application Control](/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac)
+For more information about how to configure and sign WDAC policies by using a Trusted Signing reference, see the [Trusted Signing quickstart](./quickstart.md).
 
-For more information on how to configure and sign WDAC Policy with Trusted Signing reference, [Quickstart Guide](./quickstart.md) 
+## Next step
 
-## Next steps
-* Get started with Trusted Signing's [Quickstart Guide](./quickstart.md)
+>[!div class="nextstepaction"]
+>[Set up Trusted Signing](./quickstart.md)