Merge pull request #111665 from lp-code/lp-code-patch-1

Court72 · web-flow · commit 3aeac3568137 · 2023-07-11T08:33:00.000-06:00
Clarify the meaning of the attestation report
diff --git a/articles/container-instances/container-instances-tutorial-deploy-confidential-container-default-portal.md b/articles/container-instances/container-instances-tutorial-deploy-confidential-container-default-portal.md
@@ -65,7 +65,10 @@ Open the overview for the container group by navigating to **Resource Groups** >
 
 2. Once its status is *Running*, navigate to the IP address in your browser. 
 
-:::image type="content" source="media/container-instances-confidential-containers-tutorials/confidential-containers-aci-hello-world.png" alt-text="Screenshot of the hello world application running, PNG.":::
+    :::image type="content" source="media/container-instances-confidential-containers-tutorials/confidential-containers-aci-hello-world.png" alt-text="Screenshot of the hello world application running, PNG.":::
+
+    The presence of the attestation report below the Azure Container Instances logo confirms that the container is running on hardware that supports a hardware-based and attested trusted execution environment (TEE).
+    If you deploy to hardware that does not support a TEE, for example by choosing a region where the [ACI Confidential SKU is not available](./container-instances-region-availability.md#linux-container-groups), no attestation report will be shown.
 
 Congratulations! You have deployed a confidential container on Azure Container Instances which is displaying a hardware attestation report in your browser. 
 
diff --git a/articles/container-instances/container-instances-tutorial-deploy-confidential-containers-cce-arm.md b/articles/container-instances/container-instances-tutorial-deploy-confidential-containers-cce-arm.md
@@ -194,7 +194,7 @@ With the ARM template that you've crafted and the Azure CLI confcom extension, y
 
    * **Subscription**: select an Azure subscription.
    * **Resource group**: select **Create new**, enter a unique name for the resource group, and then select **OK**.
-   * **Location**: select a location for the resource group. Example: **North Europe**.
+   * **Location**: select a location for the resource group. Choose a region where the [Confidential SKU is supported](./container-instances-region-availability.md#linux-container-groups). Example: **North Europe**.
    * **Name**: accept the generated name for the instance, or enter a name.
    * **Image**: accept the default image name. This sample Linux image displays a hardware attestation.
 
@@ -224,6 +224,9 @@ Use the Azure portal or a tool such as the [Azure CLI](container-instances-quick
 
     ![Screenshot of browser view of app deployed using Azure Container Instances, PNG.](media/container-instances-confidential-containers-tutorials/confidential-containers-aci-hello-world.png)
 
+    The presence of the attestation report below the Azure Container Instances logo confirms that the container is running on hardware that supports a TEE.
+    If you deploy to hardware that does not support a TEE, for example by choosing a region where the ACI Confidential SKU is not available, no attestation report will be shown.
+
 ## Next Steps  
 
 Now that you have deployed a confidential container group on ACI, you can learn more about how policies are enforced. 
