MicrosoftDocs
diff --git a/‎articles/iot-edge/TOC.yml
Lines changed: 8 additions & 6 deletions b/‎articles/iot-edge/TOC.yml
Lines changed: 8 additions & 6 deletions
diff --git a/‎articles/iot-edge/how-to-create-transparent-gateway.md
Lines changed: 3 additions & 1 deletion b/‎articles/iot-edge/how-to-create-transparent-gateway.md
Lines changed: 3 additions & 1 deletion
diff --git a/‎articles/iot-edge/how-to-deploy-modules-cli.md
Lines changed: 1 addition & 1 deletion b/‎articles/iot-edge/how-to-deploy-modules-cli.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/iot-edge/how-to-deploy-modules-vscode.md
Lines changed: 1 addition & 1 deletion b/‎articles/iot-edge/how-to-deploy-modules-vscode.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/iot-edge/how-to-manage-device-certificates.md
Lines changed: 19 additions & 16 deletions b/‎articles/iot-edge/how-to-manage-device-certificates.md
Lines changed: 19 additions & 16 deletions
@@ -339,22 +339,24 @@
   - name: Azure IoT samples
     items:
     - name: C# (.NET)
-      href: https://github.com/Azure-Samples/azure-iot-samples-csharp
+      href: https://github.com/Azure/azure-iot-sdk-csharp/tree/main/iothub/device/samples
+    - name: C
+      href: https://github.com/Azure/azure-iot-sdk-c/tree/main/iothub_client/samples
     - name: Node.js
-      href: https://azure.microsoft.com/resources/samples/azure-iot-samples-node/
+      href: https://github.com/Azure/azure-iot-sdk-node/tree/main/device/samples
     - name: Java
-      href: https://github.com/Azure-Samples/azure-iot-samples-java
+      href: https://github.com/Azure/azure-iot-sdk-java/tree/main/iothub/device/iot-device-samples
     - name: Python
-      href: https://azure.microsoft.com/resources/samples/azure-iot-samples-python/
+      href: https://github.com/Azure/azure-iot-sdk-python/tree/main/samples
     - name: iOS Platform
-      href: https://azure.microsoft.com/resources/samples/azure-iot-samples-ios/
+      href: https://github.com/azure-samples/azure-iot-samples-ios/tree/master/
   - name: Azure Certified for IoT device catalog
     href: https://devicecatalog.azure.com/
   - name: Azure IoT Developer Center
     href: https://azure.microsoft.com/develop/iot/
   - name: Azure Roadmap
     href: https://azure.microsoft.com/roadmap/?category=iot
-  - name: Azure IoT Tools for VS Code
+  - name: Azure IoT Tools for Visual Studio Code
     href: https://marketplace.visualstudio.com/items?itemName=vsciot-vscode.azure-iot-toolkit
   - name: Azure IoT Explorer tool
     href: https://github.com/Azure/azure-iot-explorer
 
@@ -60,7 +60,7 @@ If you don't have a device ready, you should create one before continuing with t
 
 All IoT Edge gateways need a device CA certificate installed on them. The IoT Edge security daemon uses the IoT Edge device CA certificate to sign a workload CA certificate, which in turn signs a server certificate for IoT Edge hub. The gateway presents its server certificate to the downstream device during the initiation of the connection. The downstream device checks to make sure that the server certificate is part of a certificate chain that rolls up to the root CA certificate. This process allows the downstream device to confirm that the gateway comes from a trusted source. For more information, see [Understand how Azure IoT Edge uses certificates](iot-edge-certs.md).
 
-![Gateway certificate setup](./media/how-to-create-transparent-gateway/gateway-setup.png)
+:::image type="content" source="./media/how-to-create-transparent-gateway/gateway-setup.png" alt-text="Screenshot that shows the gateway certificate setup." lightbox="./media/how-to-create-transparent-gateway/gateway-setup.png":::
 
 The root CA certificate and the device CA certificate (with its private key) need to be present on the IoT Edge gateway device and configured in the IoT Edge config file. Remember that in this case *root CA certificate* means the topmost certificate authority for this IoT Edge scenario. The gateway device CA certificate and the downstream device certificates need to roll up to the same root CA certificate.
 
@@ -120,6 +120,8 @@ If you don't have your own certificate authority and want to use demo certificat
 
 Now, you need to copy the certificates to the Azure IoT Edge for Linux on Windows virtual machine.
 
+[PowerShell functions reference](reference-iot-edge-for-linux-on-windows-functions.md)
+
 1. Check the certificate meets [format requirements](how-to-manage-device-certificates.md#format-requirements).
 
 1. Copy the certificates to the EFLOW virtual machine to a directory where you have write access. For example, the `/home/iotedge-user` home directory.
 
@@ -115,7 +115,7 @@ Here's a basic deployment manifest with one module as an example:
 
 You deploy modules to your device by applying the deployment manifest that you configured with the module information.
 
-Change directories into the folder where your deployment manifest is saved. If you used one of the VS Code IoT Edge templates, use the `deployment.json` file in the **config** folder of your solution directory and not the `deployment.template.json` file.
+Change directories into the folder where your deployment manifest is saved. If you used one of the Visual Studio Code IoT Edge templates, use the `deployment.json` file in the **config** folder of your solution directory and not the `deployment.template.json` file.
 
 Use the following command to apply the configuration to an IoT Edge device:
 
 
@@ -141,7 +141,7 @@ You deploy modules to your device by applying the deployment manifest that you c
 
    ![Select Edge Deployment Manifest](./media/how-to-deploy-modules-vscode/select-deployment-manifest.png)
 
-The results of your deployment are printed in the VS Code output. Successful deployments are applied within a few minutes if the target device is running and connected to the internet.
+The results of your deployment are printed in the Visual Studio Code output. Successful deployments are applied within a few minutes if the target device is running and connected to the internet.
 
 ## View modules on your device
 
 
@@ -13,21 +13,24 @@ services: iot-edge
 
 [!INCLUDE [iot-edge-version-1.4](includes/iot-edge-version-1.4.md)]
 
-All IoT Edge devices use certificates to create secure connections between the runtime and any modules running on the device. IoT Edge devices functioning as gateways use these same certificates to connect to their downstream devices, too. For more information about the function of the different certificates on an IoT Edge device, see [Understand how Azure IoT Edge uses certificates](iot-edge-certs.md).
+All IoT Edge devices use certificates to create secure connections between the runtime and any modules running on the device. IoT Edge devices functioning as gateways use these same certificates to connect to their downstream devices, too. 
 
 > [!NOTE]
-> The term *root CA* used throughout this article refers to the topmost authority's certificate in the certificate chain for your IoT solution. You do not need to use the certificate root of a syndicated certificate authority, or the root of your organization's certificate authority. In many cases, it is actually an intermediate CA certificate.
+> The term *root CA* used throughout this article refers to the topmost authority's certificate in the certificate chain for your IoT solution. You do not need to use the certificate root of a syndicated certificate authority, or the root of your organization's certificate authority. In many cases, it's actually an intermediate CA certificate.
 
 ## Prerequisites
 
-* [Understand how Azure IoT Edge uses certificates](iot-edge-certs.md).
+* You should be familiar with the concepts in [Understand how Azure IoT Edge uses certificates](iot-edge-certs.md), in particular how IoT Edge uses certificates.
 
 * An IoT Edge device.
-    If you don't have an IoT Edge device set up, you can create one in an Azure virtual machine. Follow the steps in one of the quickstart articles to [Create a virtual Linux device](quickstart-linux.md) or [Create a virtual Windows device](quickstart.md).
+  
+  If you don't have an IoT Edge device set up, you can create one in an Azure virtual machine. Follow the steps in one of these quickstart articles to [Create a virtual Linux device](quickstart-linux.md) or [Create a virtual Windows device](quickstart.md).
 
 * Ability to edit the IoT Edge configuration file `config.toml` following the [configuration template](https://github.com/Azure/iotedge/blob/main/edgelet/contrib/config/linux/template.toml).
-  * If your `config.toml` isn't based on the template, open the [template](https://github.com/Azure/iotedge/blob/main/edgelet/contrib/config/linux/template.toml) and use the commented guidance to add configuration sections following the structure of the template.
-  * If you have a new IoT Edge installation that hasn't been configured, copy the template to initialize the configuration. Don't use this command if you have an existing configuration. It overwrites the file.
+
+* If your `config.toml` isn't based on the template, open the [template](https://github.com/Azure/iotedge/blob/main/edgelet/contrib/config/linux/template.toml) and use the commented guidance to add configuration sections following the structure of the template.
+
+* If you have a new IoT Edge installation that hasn't been configured, copy the template to initialize the configuration. Don't use this command if you have an existing configuration. It overwrites the file.
 
     ```bash
     sudo cp /etc/aziot/config.toml.edge.template /etc/aziot/config.toml
@@ -37,10 +40,10 @@ All IoT Edge devices use certificates to create secure connections between the r
 
 > [!TIP]
 >
-> * A certificate can be encoded in a binary representation called DER, or a textual representation called PEM. The PEM format is a `-----BEGIN CERTIFICATE-----` header followed by the base64-encoded DER followed by a `-----END CERTIFICATE-----` footer.
+> * A certificate can be encoded in a binary representation called DER (Distinguished Encoding Rules), or a textual representation called PEM (Privacy Enhanced Mail). The PEM format has a `-----BEGIN CERTIFICATE-----` header followed by the base64-encoded DER followed by an `-----END CERTIFICATE-----` footer.
 > * Similar to the certificate, the private key can be encoded in binary DER or textual representation PEM.
-> * Because PEM is delineated, it is also possible to construct a PEM that combines both the `CERTIFICATE` and `PRIVATE KEY` sequentially in the same file.
-> * Lastly, the certificate and private key can be encoded together in a binary representation called *PKCS#12*, that is encrypted with an optional password.
+> * Because PEM is delineated, it's also possible to construct a PEM that combines both the `CERTIFICATE` and `PRIVATE KEY` sequentially in the same file.
+> * Lastly, the certificate and private key can be encoded together in a binary representation called *PKCS#12*, that's encrypted with an optional password.
 >
 > File extensions are arbitrary and you need to run the `file` command or view the file verify the type. In general, files use the following extension conventions:
 >
@@ -98,7 +101,7 @@ sudo find /var/aziot/secrets -type f -name "*.*" -exec chmod 600 {} \;
 sudo ls -Rla /var/aziot
 ```
 
-The output of list with correct ownership and permission is similar to the following:
+The output of the list with the correct ownership and permission is similar to the following output:
 
 ```Output
 azureUser@vm:/var/aziot$ sudo ls -Rla /var/aziot
@@ -130,7 +133,7 @@ Using a self-signed certificate authority (CA) certificate as a root of trust wi
 
 1. Get a publicly trusted root CA certificate from a PKI provider.
 
-1. Check the certificate meets [format requirements](#format-requirements).
+1. Check that the certificate meets the [format requirements](#format-requirements).
 
 1. Copy the PEM file and give IoT Edge's certificate service access. For example, with `/var/aziot/certs` directory:
 
@@ -150,12 +153,12 @@ Using a self-signed certificate authority (CA) certificate as a root of trust wi
    sudo chmod 644 /var/aziot/certs/root-ca.pem
    ```
 
-1. In the IoT Edge configuration file `config.toml`, find **Trust bundle cert** section. If the section is missing, you can copy it from the configuration template file.
+1. In the IoT Edge configuration file `config.toml`, find the **Trust bundle cert** section. If the section is missing, you can copy it from the configuration template file.
 
    >[!TIP]
    >If the config file doesn't exist on your device yet, then use `/etc/aziot/config.toml.edge.template` as a template to create one.
 
-1. Set `trust_bundle_cert` key to the certificate file location.
+1. Set the `trust_bundle_cert` key to the certificate file location.
 
    ```toml
    trust_bundle_cert = "file:///var/aziot/certs/root-ca.pem"
@@ -190,11 +193,11 @@ Installing the certificate to the trust bundle file makes it available to contai
 
 ## Import certificate and private key files
 
-IoT Edge can use existing certificate and private key files to authenticate or attest to Azure, issue new module server certificates, and authenticate to EST servers. To install them:
+IoT Edge can use existing certificates and private key files to authenticate or attest to Azure, issue new module server certificates, and authenticate to EST servers. To install them:
 
 1. Check the certificate and private key files meet the [format requirements](#format-requirements).
 
-1. Copy the PEM file to the IoT Edge device where IoT Edge modules can have access. For example, `/var/aziot/` directory.
+1. Copy the PEM file to the IoT Edge device where IoT Edge modules can have access. For example, the  `/var/aziot/` directory.
 
    ```bash
    # If the certificate and keys directories don't exist, create, set ownership, and set permissions
@@ -464,7 +467,7 @@ This approach requires you to manually update the files as certificate expires.
 
 IoT Edge can interface with an [Enrollment over Secure Transport (EST) server](https://wikipedia.org/wiki/Enrollment_over_Secure_Transport) for automatic certificate issuance and renewal. Using EST is recommended for production as it replaces the need for manual certificate management, which can be risky and error-prone. It can be configured globally and overridden for each certificate type.
 
-In this scenario, the bootstrap certificate and private key are expected to be long-lived and potentially installed on the device during manufacturing. IoT Edge uses the bootstrap credentials to authenticate to the EST server for the initial request to issue an identity certificate for subsequent requests, as well as for authentication to DPS or IoT Hub.
+In this scenario, the bootstrap certificate and private key are expected to be long-lived and potentially installed on the device during manufacturing. IoT Edge uses the bootstrap credentials to authenticate to the EST server for the initial request to issue an identity certificate for subsequent requests and for authentication to DPS or IoT Hub.
 
 1. Get access to an EST server. If you don't have an EST server, use one of the following options to start testing: