Updates

msmbaldwin · msmbaldwin · commit 2b248da7cb2e · 2023-01-05T07:59:04.000-08:00
diff --git a/articles/virtual-machines/linux/disk-encryption-faq.yml b/articles/virtual-machines/linux/disk-encryption-faq.yml
@@ -84,7 +84,7 @@ sections:
           To rotate secrets, just call the same command you used originally to enable disk encryption, specifying a different Key Vault. To rotate the key encryption key, call the same command you used originally to enable disk encryption, specifying the new key encryption. 
           
           >[!WARNING]
-          > - If you have previously used [Azure Disk Encryption with Azure AD app](disk-encryption-linux-aad.md) by specifying Azure AD credentials to encrypt this VM, you will have to continue use this option to encrypt your VM. You can't use Azure Disk Encryption on this encrypted VM as this isn't a supported scenario, meaning switching away from AAD application for this encrypted VM isn't supported yet.
+          > - If you have previously used [Azure Disk Encryption with Azure AD app](disk-encryption-linux-aad.md) by specifying Azure AD credentials to encrypt this VM, you will have to continue use this option to encrypt your VM. You can't use Azure Disk Encryption on this encrypted VM as this isn't a supported scenario, meaning switching away from Azure AD application for this encrypted VM isn't supported yet.
           
       - question: |
           How do I add or remove a key encryption key if I didn't originally use one?
diff --git a/articles/virtual-machines/linux/disk-encryption-isolated-network.md b/articles/virtual-machines/linux/disk-encryption-isolated-network.md
@@ -14,7 +14,7 @@ ms.custom: seodec18
 ---
 # Azure Disk Encryption on an isolated network
 
-**Applies to:** :heavy_check_mark: Linux VMs :heavy_check_mark: Flexible scale sets 
+**Applies to:** :heavy_check_mark: Linux VMs :heavy_check_mark: Flexible scale sets.
 
 When connectivity is restricted by a firewall, proxy requirement, or network security group (NSG) settings, the ability of the extension to perform needed tasks might be disrupted. This disruption can result in status messages such as "Extension status not available on the VM."
 
@@ -40,7 +40,7 @@ Any network security group settings that are applied must still allow the endpoi
 
 ## Azure Disk Encryption with Azure AD (previous version)
 
-If using [Azure Disk Encryption with Azure AD (previous version)](disk-encryption-overview-aad.md), the [Microsoft Authentication Library](../../active-directory/develop/msal-overview.md) will need to be installed manually for all distros (in addition to the packages appropriate for the distro, as [listed above](#package-management)).
+If using [Azure Disk Encryption with Azure AD (previous version)](disk-encryption-overview-aad.md), the [Microsoft Authentication Library](../../active-directory/develop/msal-overview.md) will need to be installed manually for all distros (in addition to the [packages appropriate for the distro](#package-management)).
 
 When encryption is being enabled with [Azure AD credentials](disk-encryption-linux-aad.md), the target VM must allow connectivity to both Azure Active Directory endpoints and Key Vault endpoints. Current Azure Active Directory authentication endpoints are maintained in sections 56 and 59 of the [Microsoft 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) documentation. Key Vault instructions are provided in the documentation on how to [Access Azure Key Vault behind a firewall](../../key-vault/general/access-behind-firewall.md).
 
diff --git a/articles/virtual-machines/linux/disk-encryption-key-vault-aad.md b/articles/virtual-machines/linux/disk-encryption-key-vault-aad.md
@@ -85,7 +85,7 @@ You can manage your key vault with Azure CLI using the [az keyvault](/cli/azure/
 You can create a key vault by using the [Resource Manager template](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create).
 
 1. On the Azure quickstart template, click **Deploy to Azure**.
-2. Select the subscription, resource group, resource group location, Key Vault name, Object ID,  legal terms, and agreement, and then click **Purchase**.
+2. Select the subscription, resource group, resource group location, Key Vault name, Object ID,  legal terms, and agreement, and then select **Purchase**.
 
 
 ## <a name="bkmk_ADapp"></a> Set up an Azure AD app and service principal
@@ -118,7 +118,7 @@ You can manage your service principals with Azure CLI using the [az ad sp](/cli/
      ```
 3.  The appId returned is the Azure AD ClientID used in other commands. It's also the SPN you'll use for az keyvault set-policy. The password is the client secret that you should use later to enable Azure Disk Encryption. Safeguard the Azure AD client secret appropriately.
 
-### <a name="bkmk_ADappRM"></a> Set up an Azure AD app and service principal though the Azure portal
+### <a name="bkmk_ADappRM"></a> Set up an Azure AD app and service principal through the Azure portal
 Use the steps from the [Use portal to create an Azure Active Directory application and service principal that can access resources](../../active-directory/develop/howto-create-service-principal-portal.md) article to create an Azure AD application. Each step listed below will take you directly to the article section to complete.
 
 1. [Verify required permissions](../../active-directory/develop/howto-create-service-principal-portal.md#permissions-required-for-registering-an-app)
@@ -159,11 +159,11 @@ az keyvault set-policy --name "MySecureVault" --spn "<spn created with CLI/the A
 ### <a name="bkmk_KVAPRM"></a> Set the key vault access policy for the Azure AD app with the portal
 
 1. Open the resource group with your key vault.
-2. Select your key vault, go to **Access Policies**, then click **Add new**.
+2. Select your key vault, go to **Access Policies**, then select **Add new**.
 3. Under **Select principal**, search for the Azure AD application you created and select it.
 4. For **Key permissions**, check **Wrap Key** under **Cryptographic Operations**.
 5. For **Secret permissions**, check **Set** under **Secret Management Operations**.
-6. Click **OK** to save the access policy.
+6. Select **OK** to save the access policy.
 
 ![Azure Key Vault cryptographic operations - Wrap Key](./media/disk-encryption/keyvault-portal-fig3.png)
 
@@ -218,7 +218,7 @@ Use [az keyvault update](/cli/azure/keyvault#az-keyvault-update) to enable disk
 1. Select your keyvault, go to **Access Policies**, and **Click to show advanced access policies**.
 2. Select the box labeled **Enable access to Azure Disk Encryption for volume encryption**.
 3. Select **Enable access to Azure Virtual Machines for deployment** and/or **Enable Access to Azure Resource Manager for template deployment**, if needed.
-4. Click **Save**.
+4. Select **Save**.
 
 ![Azure key vault advanced access policies](./media/disk-encryption/keyvault-portal-fig4.png)
 
diff --git a/articles/virtual-machines/linux/disk-encryption-troubleshooting.md b/articles/virtual-machines/linux/disk-encryption-troubleshooting.md
@@ -23,7 +23,6 @@ Before taking any of the steps below, first ensure that the VMs you are attempti
 - [Networking requirements](disk-encryption-overview.md#networking-requirements)
 - [Encryption key storage requirements](disk-encryption-overview.md#encryption-key-storage-requirements)
 
- 
 
 ## Troubleshooting Linux OS disk encryption
 
diff --git a/articles/virtual-machines/linux/disk-encryption-upgrade.md b/articles/virtual-machines/linux/disk-encryption-upgrade.md
@@ -14,7 +14,7 @@ ms.custom: seodec18, devx-track-azurecli, devx-track-azurepowershell
 
 # Upgrading the Azure Disk Encryption version
 
-The first version of Azure Disk Encryption (ADE) relied on Azure Active Directory (AAD) for authentication; the current version does not.  We strongly encourage the use of the newest version.
+The first version of Azure Disk Encryption (ADE) relied on Azure Active Directory (Azure AD) for authentication; the current version does not.  We strongly encourage the use of the newest version.
 
 ## Determine ADE version
 
@@ -58,12 +58,12 @@ Choose the "AzureDiskEncryption" extension for Windows or "AzureDiskEncryptionFo
 
 ## How to migrate
 
-Migration from Azure Disk Encryption (with AAD) to Azure Disk Encryption (without AAD) is only available through Azure PowerShell. Ensure you have the latest version of Azure PowerShell and at least the [Azure PowerShell Az module version 5.9.0](/powershell/azure/new-azureps-module-az) installed .
+Migration from Azure Disk Encryption (with Azure AD) to Azure Disk Encryption (without Azure AD) is only available through Azure PowerShell. Ensure you have the latest version of Azure PowerShell and at least the [Azure PowerShell Az module version 5.9.0](/powershell/azure/new-azureps-module-az) installed .
 
-To upgrade from Azure Disk Encryption (with AAD) to Azure Disk Encryption (without AAD), use the [Set-AzVMDiskEncryptionExtension](/powershell/module/az.compute/set-azvmdiskencryptionextension) PowerShell cmdlet. 
+To upgrade from Azure Disk Encryption (with Azure AD) to Azure Disk Encryption (without Azure AD), use the [Set-AzVMDiskEncryptionExtension](/powershell/module/az.compute/set-azvmdiskencryptionextension) PowerShell cmdlet. 
 
 > [!WARNING]
-> The Set-AzVMDiskEncryptionExtension cmdlet must only be used on VMs encrypted with Azure Disk Encryption (with AAD). Attempting to migrate an unencrypted VM, or a VM encrypted with Azure Disk Encryption (without AAD), will result in a terminal error.
+> The Set-AzVMDiskEncryptionExtension cmdlet must only be used on VMs encrypted with Azure Disk Encryption (with Azure AD). Attempting to migrate an unencrypted VM, or a VM encrypted with Azure Disk Encryption (without Azure AD), will result in a terminal error.
 
 ```azurepowershell-interactive
 Set-AzVMDiskEncryptionExtension -ResourceGroupName <resourceGroupName> -VMName <vmName> -Migrate
@@ -75,26 +75,26 @@ When the cmdlet prompts you for confirmation, enter "Y".  The ADE version will b
 > Set-AzVMDiskEncryptionExtension -ResourceGroupName myResourceGroup -VMName myVM -Migrate
 
 Update AzureDiskEncryption version?
-This cmdlet updates Azure Disk Encryption version to single pass (Azure Disk Encryption without AAD). This may reboot
+This cmdlet updates Azure Disk Encryption version to single pass (Azure Disk Encryption without Azure AD). This may reboot
 the machine and takes 10-15 minutes to finish. Are you sure you want to continue?
 [Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y
 Azure Disk Encryption Extension Public Settings
 "KeyVaultResourceId": /subscriptions/ea500758-3163-4849-bd2c-3e50f06efa7a/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myKeyVault
 "SequenceVersion":
 "MigrateFlag": Migrate
 "KeyVaultURL": https://myKeyVault.vault.azure.net/
-"AADClientID": d29edf8c-3fcb-42e7-8410-9e39fdf0dd70
+"Azure ADClientID": d29edf8c-3fcb-42e7-8410-9e39fdf0dd70
 "KeyEncryptionKeyURL":
 "KekVaultResourceId":
 "EncryptionOperation": EnableEncryption
-"AADClientCertThumbprint":
+"Azure ADClientCertThumbprint":
 "VolumeType":
 "KeyEncryptionAlgorithm":
 
-Running ADE extension (with AAD) for -Migrate..
-ADE extension (with AAD) is now complete. Updating VM model..
-Running ADE extension (without AAD) for -Migrate..
-ADE extension (without AAD) is now complete. Clearing VM model..
+Running ADE extension (with Azure AD) for -Migrate..
+ADE extension (with Azure AD) is now complete. Updating VM model..
+Running ADE extension (without Azure AD) for -Migrate..
+ADE extension (without Azure AD) is now complete. Clearing VM model..
 
 RequestId IsSuccessStatusCode StatusCode ReasonPhrase
 --------- ------------------- ---------- ------------
