Merge pull request #235624 from kgremban/apr24-baltimoreedit

Improvements to the timeline section

Author: prmerger-automator[bot]

articles/iot-hub/migrate-tls-certificate.md

@@ -25,7 +25,11 @@ You should start planning now for the effects of migrating your IoT hubs to the
 
 The IoT Hub team will begin migrating IoT hubs by region on **February 15, 2023** and completing by October 15, 2023. After all IoT hubs have migrated, then DPS will perform its migration between January 15 and February 15, 2024.
 
-The subscription owners of each IoT hub will receive an email notification two weeks before their migration date.
+For each IoT hub, you can expect the following:
+
+* **One to two weeks before migration**: The subscription owners of each IoT hub receive an email notification informing them of their migration date. This notification doesn't apply to hubs that are manually migrated.
+* **Day of the migration**: The IoT hub switches its TLS certificate to the DigiCert Global Root G2, which results in no downtime for the IoT hub. IoT Hub doesn't force device reconnections.
+* **Following the migration**: The subscription owners receive a notification confirming that the IoT hub was migrated. Devices attempt to reconnect based on their individual retry logic, at which point they request and receive the new server certificate from IoT Hub and reconnect only if they trust the Digicert Global Root G2.
 
 ### Request an extension
 
@@ -159,14 +163,15 @@ No, only the [global Azure cloud](https://azure.microsoft.com/global-infrastruct
 
 Yes, IoT Central uses both IoT Hub and DPS in the backend. The TLS migration will affect your solution, and you need to update your devices to maintain connection.
 
-You can migrate your application from the Baltimore CyberTrust Root to the DigiCert Global G2 Root on your own schedule. We recommend the following process:  
+You can migrate your application from the Baltimore CyberTrust Root to the DigiCert Global G2 Root on your own schedule. We recommend the following process:
+
 1. **Keep the Baltimore CyberTrust Root on your device until the transition period is completed on 15 February 2024** (necessary to prevent connection interruption). 
-2. **In addition** to the Baltimore Root, ensure the DigiCert Global G2 Root is added to your trusted root store. 
-3. Make sure you aren’t pinning any intermediate or leaf certificates and are using the public roots to perform TLS server validation. 
+2. **In addition** to the Baltimore Root, ensure the DigiCert Global G2 Root is added to your trusted root store.
+3. Make sure you aren’t pinning any intermediate or leaf certificates and are using the public roots to perform TLS server validation.
 4. In your IoT Central application you can find the Root Certification settings under **Settings** > **Application** > **Baltimore Cybertrust Migration**.  
-   1. Select **DigiCert Global G2 Root** to migrate to the new certificate root. 
-   2. Click **Save** to initiate the migration. 
-   3. If needed, you can migrate back to the Baltimore root by selecting **Baltimore CyberTrust Root** and saving the changes. This option is available until 15 May 2023 and will then be disabled as Microsoft will start initiating the migration. 
+   1. Select **DigiCert Global G2 Root** to migrate to the new certificate root.
+   2. Click **Save** to initiate the migration.
+   3. If needed, you can migrate back to the Baltimore root by selecting **Baltimore CyberTrust Root** and saving the changes. This option is available until 15 May 2023 and will then be disabled as Microsoft will start initiating the migration.
 
 ### How long will it take my devices to reconnect?