Merge pull request #206315 from ecfan/patch-5

Peer review feedback for adding and managing TLS/SSL certificates

Author: GitHubber17

articles/app-service/configure-ssl-bindings.md

@@ -65,7 +65,7 @@ If your app already has a certificate for the selected custom domain, go to [Cre
 If your app has no certificate for the selected custom domain, then you have two options:
 
 - **Upload PFX Certificate** - Follow the workflow at [Upload a private certificate](configure-ssl-certificate.md#upload-a-private-certificate), then select this option here.
-- **Import App Service Certificate** - Follow the workflow at [Import an App Service certificate](configure-ssl-certificate.md#import-an-app-service-certificate), then select this option here.
+- **Import App Service Certificate** - Follow the workflow at [Import an App Service certificate](configure-ssl-certificate.md#buy-and-import-app-service-certificate), then select this option here.
 
 > [!NOTE]
 > You can also [Create a free certificate](configure-ssl-certificate.md#create-a-free-managed-certificate) or [Import a Key Vault certificate](configure-ssl-certificate.md#import-a-certificate-from-key-vault), but you must do it separately and then return to the **TLS/SSL Binding** dialog.

articles/app-service/configure-ssl-certificate.md

@@ -71,7 +71,7 @@ With a public domain mapped to the application gateway, you don't need to config
 
 ### A valid public certificate
 
-For security enhancement, it's recommended to bind TLS/SSL certificate for session encryption. To bind TLS/SSL certificate to the application gateway, a valid public certificate with following information is required. With [App Service Certificates](../configure-ssl-certificate.md#start-certificate-order), you can buy a TLS/SSL certificate and export it in .pfx format.
+For security enhancement, it's recommended to bind TLS/SSL certificate for session encryption. To bind TLS/SSL certificate to the application gateway, a valid public certificate with following information is required. With [App Service Certificates](../configure-ssl-certificate.md#start-certificate-purchase), you can buy a TLS/SSL certificate and export it in .pfx format.
 
 | Name  | Value               | Description|
 | ----- | ------------------- |------------|

articles/app-service/environment/integrate-with-application-gateway.md

@@ -37,7 +37,7 @@ When you create or use App Service resources, you're charged for the following m
 Other cost resources for App Service are (see [App Service pricing](https://azure.microsoft.com/pricing/details/app-service/) for details):
 
 - [App Service domains](manage-custom-dns-buy-domain.md)  Your subscription is charged for the domain registration on a yearly basis, if you enable automatic renewal.
-- [App Service certificates](configure-ssl-certificate.md#import-an-app-service-certificate)  One-time charge at the time of purchase. If you have multiple subdomains to secure, you can reduce cost by purchasing one wildcard certificate instead of multiple standard certificates.
+- [App Service certificates](configure-ssl-certificate.md#buy-and-import-app-service-certificate)  One-time charge at the time of purchase. If you have multiple subdomains to secure, you can reduce cost by purchasing one wildcard certificate instead of multiple standard certificates.
 - [IP-based certificate bindings](configure-ssl-bindings.md#create-binding)  The binding is configured on a certificate at the app level. Costs are accrued for each binding. For **Standard** tier and above, the first IP-based binding is not charged.
 
 At the end of your billing cycle, the charges for each VM instance. Your bill or invoice shows a section for all App Service costs. There's a separate line item for each meter.
@@ -177,4 +177,4 @@ You can also [export your cost data](../cost-management-billing/costs/tutorial-e
 
 <!-- Insert links to other articles that might help users save and manage costs for you service here.
 
-Create a table of contents entry for the article in the How-to guides section where appropriate. -->
+Create a table of contents entry for the article in the How-to guides section where appropriate. -->

articles/app-service/overview-manage-costs.md

@@ -46,7 +46,7 @@ The resources providers that are marked with **- registered** are registered by
 | Microsoft.Cache | [Azure Cache for Redis](../../azure-cache-for-redis/index.yml) |
 | Microsoft.Capacity | core |
 | Microsoft.Cdn | [Content Delivery Network](../../cdn/index.yml) |
-| Microsoft.CertificateRegistration | [App Service Certificates](../../app-service/configure-ssl-certificate.md#import-an-app-service-certificate) |
+| Microsoft.CertificateRegistration | [App Service Certificates](../../app-service/configure-ssl-certificate.md#import-certificate-into-app-service) |
 | Microsoft.ChangeAnalysis | [Azure Monitor](../../azure-monitor/index.yml) |
 | Microsoft.ClassicCompute | Classic deployment model virtual machine |
 | Microsoft.ClassicInfrastructureMigrate | Classic deployment model migration |

articles/app-service/troubleshoot-domain-ssl-certificates.md

@@ -169,7 +169,7 @@ conceptualContent:
         - url: ../app-service/app-service-key-vault-references.md
           itemType: overview
           text: App Services - Reference Key Vault secrets in App Services
-        - url: ../app-service/configure-ssl-certificate.md#store-in-azure-key-vault
+        - url: ../app-service/configure-ssl-certificate.md#store-certificate-in-azure-key-vault
           itemType: overview
           text: App Services - Maintain App Service certificates in Key Vault
         - url: ../aks/developer-best-practices-pod-security.md#use-azure-key-vault-with-secrets-store-csi-driver

articles/azure-resource-manager/management/azure-services-resource-providers.md

@@ -12,45 +12,42 @@ ms.custom: "include file"
 
 ## Prepare your web app
 
-To create custom TLS/SSL bindings or enable client certificates for your App Service app, your [App Service plan](https://azure.microsoft.com/pricing/details/app-service/) must be in the **Basic**, **Standard**, **Premium**, or **Isolated** tier. In this step, you make sure that your web app is in the supported pricing tier.
+To create custom TLS/SSL bindings or enable client certificates for your App Service app, your [App Service plan](https://azure.microsoft.com/pricing/details/app-service/) must be in the **Basic**, **Standard**, **Premium**, or **Isolated** tier. To make sure that your web app is in the supported pricing tier, follow these steps:
 
-### Sign in to Azure
+### Go to your web app
 
-Open the [Azure portal](https://portal.azure.com).
+1. In the [Azure portal](https://portal.azure.com) search box, find and select **App Services**.
 
-### Navigate to your web app
+   ![Screenshot of Azure portal, search box, and "App Services" selected.](./media/app-service-ssl-prepare-app/app-services.png)
 
-Search for and select **App Services**.
+1. On the **App Services** page, select your web app's name.
 
-![Select App Services](./media/app-service-ssl-prepare-app/app-services.png)
+   ![Screenshot of the App Services page in Azure portal showing a list of all running web apps, with the first app in the list highlighted.](./media/app-service-ssl-prepare-app/select-app.png)
 
-On the **App Services** page, select the name of your web app.
-
-![Screenshot of the App Services page in Azure portal showing a list of all running web apps, with the first app in the list highlighted.](./media/app-service-ssl-prepare-app/select-app.png)
-
-You have landed on the management page of your web app.  
+   You're now on your web app's management page.
 
 ### Check the pricing tier
 
-In the left-hand navigation of your web app page, scroll to the **Settings** section and select **Scale up (App Service plan)**.
+1. In the left menu for your web app, under the **Settings** section, select **Scale up (App Service plan)**.
 
-![Scale-up menu](./media/app-service-ssl-prepare-app/scale-up-menu.png)
+   ![Screenshot of web app menu, "Settings" section, and "Scale up (App Service plan)" selected.](./media/app-service-ssl-prepare-app/scale-up-menu.png)
 
-Check to make sure that your web app is not in the **F1** or **D1** tier. Your web app's current tier is highlighted by a dark blue box.
+1. Make sure that your web app isn't in the **F1** or **D1** tier, which doesn't support custom TLS/SSL.
 
-![Check pricing tier](./media/app-service-ssl-prepare-app/check-pricing-tier.png)
+   Your web app's current tier is highlighted by a dark blue box.
 
-Custom SSL is not supported in the **F1** or **D1** tier. If you need to scale up, follow the steps in the next section. Otherwise, close the **Scale up** page and skip the [Scale up your App Service plan](#scale-up-your-app-service-plan) section.
+   ![Screenshot of web app pricing tier information.](./media/app-service-ssl-prepare-app/check-pricing-tier.png)
 
-### Scale up your App Service plan
+1. If you need to scale up, follow the steps in the next section. Otherwise, close the **Scale up** page, and skip the [Scale up your App Service plan section](#scale-up-your-app-service-plan).
 
-Select any of the non-free tiers (**B1**, **B2**, **B3**, or any tier in the **Production** category). For additional options, click **See additional options**.
+### Scale up your App Service plan
 
-Click **Apply**.
+1. Select any non-free tier, such as **B1**, **B2**, **B3**, or any other tier in the **Production** category. For more options, select **See additional options**.
 
-![Choose pricing tier](./media/app-service-ssl-prepare-app/choose-pricing-tier.png)
+1. When you're done, select **Apply**.
 
-When you see the following notification, the scale operation is complete.
+   ![Screenshot of pricing tier and "Apply" selected.](./media/app-service-ssl-prepare-app/choose-pricing-tier.png)
 
-![Scale up notification](./media/app-service-ssl-prepare-app/scale-notification.png)
+   When the following message appears, the scale operation has completed.
 
+   ![Screenshot with confirmation message for scale up operation.](./media/app-service-ssl-prepare-app/scale-notification.png)