Merge pull request #272763 from msmbaldwin/akv-misc

Anonymizing examples

Author: prmerger-automator[bot]

articles/key-vault/general/integrate-databricks-blob-storage.md

@@ -41,7 +41,7 @@ az storage account create --name contosoblobstorage5 --resource-group contosoRes
 Before you can create a container to upload the blob to, you'll need to assign the [Storage Blob Data Contributor](../../role-based-access-control/built-in-roles.md#storage-blob-data-contributor) role to yourself. For this example, the role will be assigned to the storage account you've made earlier.
 
 ```azurecli
-az role assignment create --role "Storage Blob Data Contributor" --assignee [email protected] --scope "/subscriptions/aaaaaaaa-bbbb-bbbb-cccc-dddddddddddd/resourceGroups/contosoResourceGroup5/providers/Microsoft.Storage/storageAccounts/contosoblobstorage5
+az role assignment create --role "Storage Blob Data Contributor" --assignee [email protected] --scope "/subscriptions/{subscription-id}/resourceGroups/contosoResourceGroup5/providers/Microsoft.Storage/storageAccounts/contosoblobstorage5
 ```
 
 Now that you've assign the role to storage account, you can create a container for your blob.

articles/key-vault/general/manage-with-cli2.md

@@ -205,16 +205,16 @@ az ad sp create-for-rbac -n "MyApp" --password "hVFkk965BuUv" --role Contributor
 
 To authorize the application to access the key or secret in the vault, use the `az keyvault set-policy` command.
 
-For example, if your vault name is ContosoKeyVault, the application has an appID of 8f8c4bbd-485b-45fd-98f7-ec6300b7b4ed, and you want to authorize the application to decrypt and sign with keys in your vault, use the following command:
+For example, if your vault name is ContosoKeyVault and you want to authorize the application to decrypt and sign with keys in your vault, use the following command with your application ID:
 
 ```azurecli
-az keyvault set-policy --name "ContosoKeyVault" --spn 8f8c4bbd-485b-45fd-98f7-ec6300b7b4ed --key-permissions decrypt sign
+az keyvault set-policy --name "ContosoKeyVault" --spn {application-id} --key-permissions decrypt sign
 ```
 
 To authorize the same application to read secrets in your vault, type the following command:
 
 ```azurecli
-az keyvault set-policy --name "ContosoKeyVault" --spn 8f8c4bbd-485b-45fd-98f7-ec6300b7b4ed --secret-permissions get
+az keyvault set-policy --name "ContosoKeyVault" --spn {application-id} --secret-permissions get
 ```
 
 ## Setting key vault advanced access policies

articles/key-vault/general/rbac-guide.md

@@ -103,7 +103,7 @@ To add role assignments, you must have `Microsoft.Authorization/roleAssignments/
 To create a role assignment using the Azure CLI, use the [az role assignment](/cli/azure/role/assignment) command:
 
 ```azurecli
-az role assignment create --role <role_name_or_id> --assignee <assignee> --scope <scope>
+az role assignment create --role {role-name-or-id} --assignee {assignee-upn}> --scope {scope}
 ```
 
 For full details, see [Assign Azure roles using Azure CLI](../../role-based-access-control/role-assignments-cli.md).
@@ -114,10 +114,10 @@ To create a role assignment using Azure PowerShell, use the [New-AzRoleAssignmen
 
 ```azurepowershell
 #Assign by User Principal Name
-New-AzRoleAssignment -RoleDefinitionName <role_name> -SignInName <assignee_upn> -Scope <scope>
+New-AzRoleAssignment -RoleDefinitionName {role-name} -SignInName {assignee-upn} -Scope {scope}
 
 #Assign by Service Principal ApplicationId
-New-AzRoleAssignment -RoleDefinitionName Reader -ApplicationId <applicationId> -Scope <scope>
+New-AzRoleAssignment -RoleDefinitionName Reader -ApplicationId {application-id} -Scope {scope}
 ```
 
 For full details, see [Assign Azure roles using Azure PowerShell](../../role-based-access-control/role-assignments-powershell.md).
@@ -161,10 +161,10 @@ For full details, see [Assign Azure roles using Azure CLI](../../role-based-acce
 
 ```azurepowershell
 #Assign by User Principal Name
-New-AzRoleAssignment -RoleDefinitionName 'Key Vault Reader' -SignInName {i.e [email protected]} -Scope /subscriptions/{subscriptionid}/resourcegroups/{resource-group-name}
+New-AzRoleAssignment -RoleDefinitionName 'Key Vault Reader' -SignInName {assignee-upn} -Scope /subscriptions/{subscriptionid}/resourcegroups/{resource-group-name}
 
 #Assign by Service Principal ApplicationId
-New-AzRoleAssignment -RoleDefinitionName 'Key Vault Reader' -ApplicationId {i.e 8ee5237a-816b-4a72-b605-446970e5f156} -Scope /subscriptions/{subscriptionid}/resourcegroups/{resource-group-name}
+New-AzRoleAssignment -RoleDefinitionName 'Key Vault Reader' -ApplicationId {application-id} -Scope /subscriptions/{subscriptionid}/resourcegroups/{resource-group-name}
 ```
 For full details, see [Assign Azure roles using Azure PowerShell](../../role-based-access-control/role-assignments-powershell.md).
 
@@ -191,7 +191,7 @@ Above role assignment provides ability to list key vault objects in key vault.
 
 # [Azure CLI](#tab/azure-cli)
 ```azurecli
-az role assignment create --role "Key Vault Secrets Officer" --assignee {i.e [email protected]} --scope /subscriptions/{subscriptionid}/resourcegroups/{resource-group-name}/providers/Microsoft.KeyVault/vaults/{key-vault-name}
+az role assignment create --role "Key Vault Secrets Officer" --assignee {assignee-upn} --scope /subscriptions/{subscriptionid}/resourcegroups/{resource-group-name}/providers/Microsoft.KeyVault/vaults/{key-vault-name}
 ```
 
 For full details, see [Assign Azure roles using Azure CLI](../../role-based-access-control/role-assignments-cli.md).
@@ -200,10 +200,10 @@ For full details, see [Assign Azure roles using Azure CLI](../../role-based-acce
 
 ```azurepowershell
 #Assign by User Principal Name
-New-AzRoleAssignment -RoleDefinitionName 'Key Vault Secrets Officer' -SignInName {i.e [email protected]} -Scope /subscriptions/{subscriptionid}/resourcegroups/{resource-group-name}/providers/Microsoft.KeyVault/vaults/{key-vault-name}
+New-AzRoleAssignment -RoleDefinitionName 'Key Vault Secrets Officer' -SignInName {assignee-upn} -Scope /subscriptions/{subscriptionid}/resourcegroups/{resource-group-name}/providers/Microsoft.KeyVault/vaults/{key-vault-name}
 
 #Assign by Service Principal ApplicationId
-New-AzRoleAssignment -RoleDefinitionName 'Key Vault Secrets Officer' -ApplicationId {i.e 8ee5237a-816b-4a72-b605-446970e5f156} -Scope /subscriptions/{subscriptionid}/resourcegroups/{resource-group-name}/providers/Microsoft.KeyVault/vaults/{key-vault-name}
+New-AzRoleAssignment -RoleDefinitionName 'Key Vault Secrets Officer' -ApplicationId {application-id} -Scope /subscriptions/{subscriptionid}/resourcegroups/{resource-group-name}/providers/Microsoft.KeyVault/vaults/{key-vault-name}
 ```
 
 For full details, see [Assign Azure roles using Azure PowerShell](../../role-based-access-control/role-assignments-powershell.md).
@@ -260,7 +260,7 @@ For full details, see [Assign Azure roles using Azure PowerShell](../../role-bas
 ### Test and verify
 
 > [!NOTE]
-> Browsers use caching and page refresh is required after removing role assignments.<br>
+> Browsers use caching and page refresh is required after removing role assignments.
 > Allow several minutes for role assignments to refresh
 
 1. Validate adding new secret without "Key Vault Secrets Officer" role on key vault level.

articles/key-vault/managed-hsm/backup-restore.md

@@ -1,6 +1,6 @@
 ---
 title: Full backup/restore and selective restore for Azure Managed HSM
-description: This document explains full backup/restore and selective restore
+description: This document explains full backup/restore and selective restore.
 services: key-vault
 author: mbaldwin
 tags: azure-key-vault
@@ -26,8 +26,8 @@ Only following built-in roles have permission to perform full backup:
 - Managed HSM Administrator
 - Managed HSM Backup
 
-There are 2 ways to execute a full backup/restore:
-1. Assigning an User-Assigned Managed Identity (UAMI) to the Managed HSM service. You can backup and restore your MHSM using a user assigned managed identity regardless of whether your storage account has public network access or private network access enabled. If storage account is behind a private endpoint, the UAMI method works with trusted service bypass to allow for backup and restore.
+There are two ways to execute a full backup/restore:
+1. Assigning a User-Assigned Managed Identity (UAMI) to the Managed HSM service. You can back up and restore your MHSM using a user assigned managed identity regardless of whether your storage account has public network access or private network access enabled. If storage account is behind a private endpoint, the UAMI method works with trusted service bypass to allow for backup and restore.
 2. Using storage container SAS token with permissions 'crdw'. Backing up and restoring using storage container SAS token requires your storage account to have public network access enabled.
 
 You must provide the following information to execute a full backup:
@@ -43,8 +43,8 @@ You must provide the following information to execute a full backup:
 1. Ensure you have the Azure CLI version 2.56.0 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install the Azure CLI](/cli/azure/install-azure-cli).
 2. Create a user assigned managed identity.
 3. Create a storage account (or use an existing storage account).
-4. If public network access is diabled on your storage account, enable trusted service bypass on the storage account in the “Networking” tab, under “Exceptions.”
-5. Provide ‘storage blob data contributor’ role access to the user assigned managed identity created in step#2. Do this by going to the “Access Control” tab on the portal -> Add Role Assignment. Then select “managed identity” and select the managed identity created in step#2 -> Review + Assign
+4. If public network access is disabled on your storage account, enable trusted service bypass on the storage account in the “Networking” tab, under “Exceptions.”
+5. Provide ‘storage blob data contributor’ role access to the user assigned managed identity created in step #2 by going to the “Access Control” tab on the portal -> Add Role Assignment. Then select “managed identity” and select the managed identity created in step#2 -> Review + Assign
 6. Create the Managed HSM and associate the managed identity with below command.
    ```azurecli-interactive
    az keyvault create --hsm-name mhsmdemo2 –l mhsmlocation -- retention-days 7 --administrators "initialadmin" --mi-user-assigned "/subscriptions/subid/resourcegroups/mhsmrgname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/userassignedidentitynamefromstep2" 
@@ -56,7 +56,7 @@ You must provide the following information to execute a full backup:
 
 ## Full backup
 
-Backup is a long running operation but will immediately return a Job ID. You can check the status of backup process using this Job ID. The backup process creates a folder inside the designated container with a following naming pattern **`mhsm-{HSM_NAME}-{YYYY}{MM}{DD}{HH}{mm}{SS}`**, where HSM_NAME is the name of managed HSM being backed up and YYYY, MM, DD, HH, MM, mm, SS are the year, month, date, hour, minutes, and seconds of date/time in UTC when the backup command was received.
+Backup is a long running operation but immediately returns a Job ID. You can check the status of backup process using this Job ID. The backup process creates a folder inside the designated container with a following naming pattern **`mhsm-{HSM_NAME}-{YYYY}{MM}{DD}{HH}{mm}{SS}`**, where HSM_NAME is the name of managed HSM being backed up and YYYY, MM, DD, HH, MM, mm, SS are the year, month, date, hour, minutes, and seconds of date/time in UTC when the backup command was received.
 
 While the backup is in progress, the HSM might not operate at full throughput as some HSM partitions will be busy performing the backup operation.
 
@@ -73,19 +73,19 @@ end=$(date -u -d "500 minutes" '+%Y-%m-%dT%H:%MZ')
 
 # Get storage account key
 
-skey=$(az storage account keys list --query '[0].value' -o tsv --account-name mhsmdemobackup --subscription a1ba9aaa-b7f6-4a33-b038-6e64553a6c7b)
+skey=$(az storage account keys list --query '[0].value' -o tsv --account-name mhsmdemobackup --subscription {subscription-id})
 
 # Create a container
 
 az storage container create --account-name  mhsmdemobackup --name mhsmdemobackupcontainer  --account-key $skey
 
 # Generate a container sas token
 
-sas=$(az storage container generate-sas -n mhsmdemobackupcontainer --account-name mhsmdemobackup --permissions crdw --expiry $end --account-key $skey -o tsv --subscription a1ba9aaa-b7f6-4a33-b038-6e64553a6c7b)
+sas=$(az storage container generate-sas -n mhsmdemobackupcontainer --account-name mhsmdemobackup --permissions crdw --expiry $end --account-key $skey -o tsv --subscription {subscription-id})
 
 # Backup HSM
 
-az keyvault backup start --hsm-name mhsmdemo2 --storage-account-name mhsmdemobackup --blob-container-name mhsmdemobackupcontainer --storage-container-SAS-token $sas --subscription 361da5d4-a47a-4c79-afdd-d66f684f4070
+az keyvault backup start --hsm-name mhsmdemo2 --storage-account-name mhsmdemobackup --blob-container-name mhsmdemobackupcontainer --storage-container-SAS-token $sas --subscription {subscription-id}
 
 ```
 
@@ -120,11 +120,11 @@ end=$(date -u -d "500 minutes" '+%Y-%m-%dT%H:%MZ')
 
 # Get storage account key
 
-skey=$(az storage account keys list --query '[0].value' -o tsv --account-name mhsmdemobackup --subscription a1ba9aaa-b7f6-4a33-b038-6e64553a6c7b)
+skey=$(az storage account keys list --query '[0].value' -o tsv --account-name mhsmdemobackup --subscription {subscription-id})
 
 # Generate a container sas token
 
-sas=$(az storage container generate-sas -n mhsmdemobackupcontainer --account-name mhsmdemobackup --permissions rl --expiry $end --account-key $skey -o tsv --subscription a1ba9aaa-b7f6-4a33-b038-6e64553a6c7b)
+sas=$(az storage container generate-sas -n mhsmdemobackupcontainer --account-name mhsmdemobackup --permissions rl --expiry $end --account-key $skey -o tsv --subscription {subscription-id})
 
 # Restore HSM
 

articles/key-vault/managed-hsm/logging.md

@@ -90,9 +90,9 @@ Individual blobs are stored as text, formatted as a JSON. Let's look at an examp
 ```json
 [
   {
-    "TenantId": "766eaf62-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+    "TenantId": "{tenant-id}",
     "time": "2020-08-31T19:52:39.763Z",
-    "resourceId": "/SUBSCRIPTIONS/A1BA9AAA-xxxx-xxxx-xxxx-xxxxxxxxxxxx/RESOURCEGROUPS/CONTOSORESOURCEGROUP/PROVIDERS/MICROSOFT.KEYVAULT/MANAGEDHSMS/CONTOSOMHSM",
+    "resourceId": "/SUBSCRIPTIONS/{subscription-id}/RESOURCEGROUPS/CONTOSORESOURCEGROUP/PROVIDERS/MICROSOFT.KEYVAULT/MANAGEDHSMS/CONTOSOMHSM",
     "operationName": "BackupCreate",
     "operationVersion": "7.0",
     "category": "AuditEvent",
@@ -104,7 +104,7 @@ Individual blobs are stored as text, formatted as a JSON. Let's look at an examp
     },
     "durationMs": 488,
     "callerIpAddress": "X.X.X.X",
-    "identity": "{\"claim\":{\"appid\":\"04b07795-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\"http_schemas_microsoft_com_identity\":{\"claims\":{\"objectidentifier\":\"b1c52bf0-xxxx-xxxx-xxxx-xxxxxxxxxxxx\"}},\"http_schemas_xmlsoap_org_ws_2005_05_identity\":{\"claims\":{\"upn\":\"[email protected]\"}}}}",
+    "identity": "{\"claim\":{\"appid\":\"{application-id}\",\"http_schemas_microsoft_com_identity\":{\"claims\":{\"objectidentifier\":\"{object-id}\"}},\"http_schemas_xmlsoap_org_ws_2005_05_identity\":{\"claims\":{\"upn\":\"[email protected]\"}}}}",
     "clientInfo": "azsdk-python-core/1.7.0 Python/3.8.2 (Linux-4.19.84-microsoft-standard-x86_64-with-glibc2.29) azsdk-python-azure-keyvault/7.2",
     "correlationId": "8806614c-ebc3-11ea-9e9b-00155db778ad",
     "subnetId": "(unknown)",