Merge pull request #115697 from JBCook/master

acc doc changes

Author: GitHubber17

articles/confidential-computing/faq.md

@@ -18,41 +18,45 @@ If your Azure issue is not addressed in this article, visit the Azure forums on
 
 ## Confidential Computing Virtual Machines <a id="vm-faq"></a>
 
-1. **How can you start deploying DCsv2 series VMs?**
+**How can I deploy DCsv2 series VMs on Azure?**
 
-   Here are some ways you can deploy a DCsv2 VM:
+Here are some ways you can deploy a DCsv2 VM:
    - Using an [Azure Resource Manager Template](../virtual-machines/windows/template-description.md)
    - From the [Azure portal](https://portal.azure.com/#create/hub)
-   - In the [Azure confidential compute (Virtual Machine)](https://azuremarketplace.microsoft.com/marketplace/apps/microsoft-azure-compute.acc-virtual-machine-v2?tab=overview) marketplace solution template. The marketplace solution template will help constrain a customer to the supported scenarios (regions, images, availability, disk encryption). 
+   - In the [Azure Confidential Computing (Virtual Machine)](https://azuremarketplace.microsoft.com/marketplace/apps/microsoft-azure-compute.acc-virtual-machine-v2?tab=overview) marketplace solution template. The marketplace solution template will help constrain a customer to the supported scenarios (regions, images, availability, disk encryption). 
 
-1. **Will all OS images work with Azure confidential computing?**
+**Will all OS images work with Azure confidential computing?**
 
-   No. The virtual machines can only be deployed on Generation 2 virtual machines. We offer Generation 2 support for Ubuntu Server 18.04, Ubuntu Server 16.04, and Windows Server 2016 Datacenter. Read more about Gen 2 VMs on [Linux](../virtual-machines/linux/generation-2.md) and [Windows](../virtual-machines/windows/generation-2.md)
+No. The virtual machines can only be deployed on Generation 2 operating machines with Ubuntu Server 18.04, Ubuntu Server 16.04, Windows Server 2019 Datacenter, and Windows Server 2016 Datacenter. Read more about Gen 2 VMs on [Linux](../virtual-machines/linux/generation-2.md) and [Windows](../virtual-machines/windows/generation-2.md)
 
-1. **DCsv2 virtual machines are grayed out in the portal and I can't select one**
+**DCsv2 virtual machines are grayed out in the portal and I can't select one**
 
-   Based on the information bubble next to the VM, there are different actions to take:
-    -	**UnsupportedGeneration**: Change the generation of the virtual machine image to “Gen2”.
-    -	**NotAvailableForSubscription** : The region isn't yet available for your subscription. Select an available region.
-    -	**InsufficientQuota**: [Create a support request to increase your quota](../azure-portal/supportability/per-vm-quota-requests.md). Free trial subscriptions don't have quota for confidential computing VMs. 
+Based on the information bubble next to the VM, there are different actions to take:
+   -	**UnsupportedGeneration**: Change the generation of the virtual machine image to “Gen2”.
+   -	**NotAvailableForSubscription**: The region isn't yet available for your subscription. Select an available region.
+   -	**InsufficientQuota**: [Create a support request to increase your quota](../azure-portal/supportability/per-vm-quota-requests.md). Free trial subscriptions don't have quota for confidential computing VMs. 
 
-1. **DCsv2 virtual machines don't show up when I try to search for them in the portal size selector**
+**DCsv2 virtual machines don't show up when I try to search for them in the portal size selector**
 
-   Make sure you've selected an available region. Also make sure you select “clear all filters” in the size selector. 
+Make sure you've selected an [available region](https://azure.microsoft.com/global-infrastructure/services/?products=virtual-machines). Also make sure you select “clear all filters” in the size selector. 
 
-1. **What’s the difference between DCsv2-Series and DC-Series VMs?**
+**I get an Azure Resource Manager template deployment failure error: "Operation could not be completed as it results in exceeding approved standard DcsV2 Family Cores Quota"**
 
-   DC-Series VMs run on older 6-core Intel Processors with Intel SGX. These have less total memory, less EPC (Enclave Page Cage) memory, and are available in less regions. These VMs are only available in US East and Europe West are available in two sizes: Standard_DC2s and Standard_DC4s. They will not go GA and can only be deployed in the [Confidential Compute DC-Series VM [Preview]](https://azuremarketplace.microsoft.com/marketplace/apps/microsoft-azure-compute.confidentialcompute?tab=Overview) Marketplace instance
+[Create a support request to increase your quota](../azure-portal/supportability/per-vm-quota-requests.md). Free trial subscriptions don't have quota for confidential computing VMs. 
 
-1. **Are DCsv2 virtual machines available globally?**
+**What’s the difference between DCsv2-Series and DC-Series VMs?**
 
-   No, these virtual machines are only available in select regions. Check the [products by regions page](https://azure.microsoft.com/global-infrastructure/services/?products=virtual-machines) for the latest available regions. 
+DC-Series VMs run on older 6-core Intel Processors with Intel SGX and have less total memory, less Enclave Page Cache (EPC) memory, and are available in only two regions (US East and Europe West in Standard_DC2s and Standard_DC4s sizes). There are no plans to make these VMs Generally Available and they are not recommended for production use. To deploy these VMs, use the  [Confidential Compute DC-Series VM [Preview]](https://azuremarketplace.microsoft.com/marketplace/apps/microsoft-azure-compute.confidentialcompute?tab=Overview) Marketplace instance.
 
-1. **How do I install the Open Enclave SDK?**
+**Are DCsv2 virtual machines available globally?**
+
+No. At this time, these virtual machines are only available in select regions. Check the [products by regions page](https://azure.microsoft.com/global-infrastructure/services/?products=virtual-machines) for the latest available regions. 
+
+**How do I install the Open Enclave SDK on the DCsv2 virtual machines?**
 
-   For instruction on how to install the OE SDK on a machine whether in Azure or on-premise, follow the instructions on the [Open Enclave SDK GitHub](https://github.com/openenclave/openenclave).
+For instructions on how to install the OE SDK on an Azure or on-premise Machine, follow the instructions on the [Open Enclave SDK GitHub](https://github.com/openenclave/openenclave).
 
-   You can also head to the Open Enclave SDK GitHub for OS-specific installation instructions:
-     - [Install the OE SDK on Windows](https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Windows.md)
-     - [Install the OE SDK on Ubuntu 18.04](https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Ubuntu_18.04.md)
-     - [Install the OE SDK on Ubuntu 16.04](https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Ubuntu_16.04.md)
+You can also look into the Open Enclave SDK GitHub for OS-specific installation instructions:
+   - [Install the OE SDK on Windows](https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Windows.md)
+   - [Install the OE SDK on Ubuntu 18.04](https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Ubuntu_18.04.md)
+   - [Install the OE SDK on Ubuntu 16.04](https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Ubuntu_16.04.md)

articles/confidential-computing/overview.md

@@ -37,13 +37,13 @@ Microsoft Azure helps you minimize your attack surface to gain stronger data pro
 
 ## Introduction to confidential computing <a id="intro to acc"></a>
 
-Confidential computing is an industry term defined by the [Confidential Computing Consortium](https://confidentialcomputing.io/) (CCC), a foundation dedicated to defining and accelerating the adoption of confidential computing. Confidential computing is the protection of data in use when performing computations. The computations occur in a hardware-based Trusted Execution Environment (TEE).
+Confidential computing is an industry term defined by the [Confidential Computing Consortium](https://confidentialcomputing.io/) (CCC) - a foundation dedicated to defining and accelerating the adoption of confidential computing. The CCC defines Confidential computing as the protection of data in use by performing computations in a hardware-based Trusted Execution Environment (TEE).
 
 A TEE is an environment that enforces execution of only authorized code. Any data in the TEE can't be read or tampered with by any code outside that environment.
 
-### Enclaves and Trusted Execution Environments
+### Enclaves
 
-In the context of confidential computing, TEEs are commonly referred to as *enclaves* or *secure enclaves*. Enclaves are secured portions of a hardware’s processor and memory. There's no way to view data or code inside the enclave, even with a debugger. If untrusted code attempts modify the content in enclave memory, the environment gets disabled and the operations are denied.
+Enclaves are secured portions of a hardware’s processor and memory. There's no way to view data or code inside the enclave, even with a debugger. If untrusted code attempts modify the content in enclave memory, the environment gets disabled and the operations are denied.
 
 When developing applications, you can use [software tools](#oe-sdk) to shield portions of your code and data inside the enclave. These tools will ensure your code and data can't be viewed or modified by anyone outside the trusted environment. 
 
@@ -91,11 +91,11 @@ An application built with enclaves is partitioned in two ways:
 1. An "untrusted" component (the host)
 1. A "trusted" component (the enclave)
 
-**The host** is your enclave application running on an untrusted environment. The code in the host can't access the code loaded into the enclave. 
+**The host** is where your enclave application is running on top of and is an untrusted environment. The enclave code deployed on the host can't be accessed by the host. 
 
-**The enclave** is where code and data run inside the TEE implementation. Secure computations should occur in the enclave to assure secrets and sensitive data stay protected. 
+**The enclave** is where the application code and its cached data/memory runs. Secure computations should occur in the enclaves to ensure secrets and sensitive data, stay protected. 
 
-When you start developing an enclave application, you need to determine what code and data need protection. The code that you choose to put into the trusted component is isolated from the rest of your application. Once the enclave is initialized and the code is loaded to memory, that code can't be read or changed from outside protected environment.
+During application design, it's important to identify and determine what part of the application needs to run in the enclaves. The code that you choose to put into the trusted component is isolated from the rest of your application. Once the enclave is initialized and the code is loaded to memory, that code can't be read or changed from the untrusted components. 
 
 ### Open Enclave Software Development Kit (OE SDK) <a id="oe-sdk"></a>
 

articles/confidential-computing/virtual-machine-solutions.md

@@ -16,7 +16,7 @@ This article covers information about deploying Azure confidential computing vir
 
 ## Azure confidential computing VM Sizes
 
-Azure confidential computing virtual machines are designed to protect the confidentially and integrity of your data and code while it's processed in the cloud 
+Azure confidential computing virtual machines are designed to protect the confidentiality and the integrity of your data and code while it's processed in the cloud 
 
 [DCsv2-Series](../virtual-machines/dcv2-series.md) VMs are the latest and most recent confidential computing size family. These VMs support a larger range of deployment capabilities, have 2x the Enclave Page Cache (EPC) and a larger selection of sizes compared to our DC-Series VMs. The [DC-Series](../virtual-machines/sizes-previous-gen.md#preview-dc-series) VMs are currently in preview and will be deprecated and not included in general availability.
 
@@ -34,7 +34,7 @@ az vm list-skus
     --output table
 ```
 
-As of April 2020, these SKUs are available in the following regions and availability zones:
+As of May 2020, these SKUs are available in the following regions and availability zones:
 
 ```output
 Name              Locations      AZ_a
@@ -81,7 +81,7 @@ Follow a quickstart tutorial to deploy a DCsv2-Series virtual machine in less th
   
 - **Resizing** – Because of their specialized hardware, you can only resize confidential computing instances within the same size family. For example, you can only resize a DCsv2-series VM from one DCsv2-series size to another. Resizing from a non-confidential computing size to a confidential computing size isn't supported.  
 
-- **Image** – To provide Intel Software Guard Extension (Intel SGX) support on confidential compute instances, all deployments need to be run on Generation 2 images. Azure confidential computing supports workloads running on Ubuntu 18.04 Gen 2, Ubuntu 16.04 Gen 2, and Windows Server 2016 Gen 2. Read about [support for generation 2 VMs on Azure](../virtual-machines/linux/generation-2.md) to learn more about supported and unsupported scenarios. 
+- **Image** – To provide Intel Software Guard Extension (Intel SGX) support on confidential compute instances, all deployments need to be run on Generation 2 images. Azure confidential computing supports workloads running on Ubuntu 18.04 Gen 2, Ubuntu 16.04 Gen 2, Windows Server 2019 gen2, and Windows Server 2016 Gen 2. Read about [support for generation 2 VMs on Azure](../virtual-machines/linux/generation-2.md) to learn more about supported and unsupported scenarios. 
 
 - **Storage** – Azure confidential computing virtual machine data disks and our ephemeral OS disks are on NVMe disks. Instances support only Premium SSD and Standard SSD disks, not Ultra SSD, or Standard HDD. Virtual machine size **DC8_v2** doesn't support Premium storage. 
 
@@ -95,15 +95,15 @@ Azure confidential computing doesn't support zone-redundancy via Availability Zo
 
 ## Deploying via an Azure Resource Manager Template 
 
-Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure subscription. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.
+Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure subscription. You can use management features, like access control, locks, and tags, to secure and organize your resources after deployment.
 
 To learn about Azure Resource Manager templates, see [Template deployment overview](../azure-resource-manager/templates/overview.md).
 
-To deploy a DCsv2-Series VM in an ARM template you will utilize the [Virtual Machine resource](../virtual-machines/windows/template-description.md). You need to ensure you specify the correct properties for **vmSize** and for your **imageReference**.
+To deploy a DCsv2-Series VM in an Azure Resource Manager template, you will utilize the [Virtual Machine resource](../virtual-machines/windows/template-description.md). Ensure you specify the correct properties for **vmSize** and for your **imageReference**.
 
 ### VM Size
 
-Specify one of the following sizes in your ARM template in the Virtual Machine resource. This string is put as **vmSize** in **properties**.
+Specify one of the following sizes in your Azure Resource Manager template in the Virtual Machine resource. This string is put as **vmSize** in **properties**.
 
 ```json
   [
@@ -119,6 +119,12 @@ Specify one of the following sizes in your ARM template in the Virtual Machine r
 Under **properties**, you will also have to reference an image under **storageProfile**. Use *only one* of the following images for your **imageReference**.
 
 ```json
+      "2019-datacenter-gensecond": {
+        "offer": "WindowsServer",
+        "publisher": "MicrosoftWindowsServer",
+        "sku": "2019-datacenter-gensecond",
+        "version": "latest"
+      },
       "2016-datacenter-gensecond": {
         "offer": "WindowsServer",
         "publisher": "MicrosoftWindowsServer",
@@ -141,7 +147,7 @@ Under **properties**, you will also have to reference an image under **storagePr
 
 ## Next Steps 
 
-In this article you learned about the qualifications and configurations needed when creating confidential computing virtual machine. You can now head to the Azure Marketplace to deploy a DCsv2-Series VM.
+In this article, you learned about the qualifications and configurations needed when creating confidential computing virtual machine. You can now head to the Microsoft Azure Marketplace to deploy a DCsv2-Series VM.
 
 > [!div class="nextstepaction"]
 > [Deploy a DCsv2-Series Virtual Machine in the Azure Marketplace](quick-create-marketplace.md)