Skip to content

Commit 58b12e2

Browse files
committed
edit pass: trusted-launch-batch2
1 parent 8e59d39 commit 58b12e2

File tree

2 files changed

+43
-43
lines changed

2 files changed

+43
-43
lines changed

articles/virtual-machines/boot-integrity-monitoring-overview.md

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -13,16 +13,16 @@ ms.custom: template-concept
1313

1414
# Boot integrity monitoring overview
1515

16-
To help Trusted launch better prevent malicious rootkit attacks on virtual machines (VMs), guest attestation through an Azure Attestation endpoint is used to monitor the boot sequence integrity. This attestation is critical to provide the validity of a platform's states.
16+
To help Trusted Launch better prevent malicious rootkit attacks on virtual machines (VMs), guest attestation through an Azure Attestation endpoint is used to monitor the boot sequence integrity. This attestation is critical to provide the validity of a platform's states.
1717

18-
Your [Azure trusted VM](trusted-launch.md) needs Secure Boot and virtual Trusted Platform Module (vTPM) enabled and attestation extensions installed. Then Microsoft Defender for Cloud verifies that the status and boot integrity of your VM is set up correctly. To learn more about Microsoft Defender for Cloud integration, see [Trusted launch integration with Microsoft Defender for Cloud](trusted-launch.md#microsoft-defender-for-cloud-integration).
18+
Your [Azure trusted VM](trusted-launch.md) needs Secure Boot and virtual Trusted Platform Module (vTPM) to be enabled so that the attestation extensions can be installed. Microsoft Defender for Cloud offers reports based on Guest Attestation verifying status and that the boot integrity of your VM is set up correctly. To learn more about Microsoft Defender for Cloud integration, see [Trusted Launch integration with Microsoft Defender for Cloud](trusted-launch.md#microsoft-defender-for-cloud-integration).
1919

2020
> [!IMPORTANT]
2121
> Automatic Extension Upgrade is now available for the Boot Integrity Monitoring - Guest Attestation extension. For more information, see [Automatic Extension Upgrade](automatic-extension-upgrade.md).
2222
2323
## Prerequisites
2424

25-
You need an active Azure subscription and a Trusted launch VM.
25+
You need an active Azure subscription and a Trusted Launch VM.
2626

2727
## Enable integrity monitoring
2828

@@ -44,7 +44,7 @@ This action installs the Guest Attestation extension, which you can refer to via
4444

4545
### [Template](#tab/template)
4646

47-
You can deploy the Guest Attestation extension for Trusted launch VMs by using a quickstart template.
47+
You can deploy the Guest Attestation extension for Trusted Launch VMs by using a quickstart template.
4848

4949
#### Windows
5050

@@ -119,7 +119,7 @@ You can deploy the Guest Attestation extension for Trusted launch VMs by using a
119119

120120
### [CLI](#tab/cli)
121121

122-
1. Create a VM with Trusted launch that has Secure Boot and vTPM capabilities through initial deployment of a Trusted launch VM. To deploy the Guest Attestation extension, use `--enable-integrity-monitoring`. As the VM owner, you can customize VM configuration by using `az vm create`.
122+
1. Create a VM with Trusted Launch that has Secure Boot and vTPM capabilities through initial deployment of a Trusted Launch VM. To deploy the Guest Attestation extension, use `--enable-integrity-monitoring`. As the VM owner, you can customize VM configuration by using `az vm create`.
123123
1. For existing VMs, you can enable boot integrity monitoring settings by updating to make sure that integrity monitoring is turned on. You can use `--enable-integrity-monitoring`.
124124

125125
> [!NOTE]
@@ -129,10 +129,10 @@ You can deploy the Guest Attestation extension for Trusted launch VMs by using a
129129

130130
If Secure Boot and vTPM are set to **ON**, then boot integrity is also set to **ON**.
131131

132-
1. Create a VM with Trusted launch that has Secure Boot and vTPM capabilities through initial deployment of a Trusted launch VM. As the VM owner, you can customize VM configuration.
132+
1. Create a VM with Trusted Launch that has Secure Boot and vTPM capabilities through initial deployment of a Trusted Launch VM. As the VM owner, you can customize VM configuration.
133133
1. For existing VMs, you can enable boot integrity monitoring settings by updating. Make sure that both Secure Boot and vTPM are set to **ON**.
134134

135-
For more information on creating or updating a VM to include boot integrity monitoring through the Guest Attestation extension, see [Deploy a VM with Trusted launch enabled (PowerShell)](trusted-launch-portal.md#deploy-a-trusted-launch-vm).
135+
For more information on creating or updating a VM to include boot integrity monitoring through the Guest Attestation extension, see [Deploy a VM with Trusted Launch enabled (PowerShell)](trusted-launch-portal.md#deploy-a-trusted-launch-vm).
136136

137137
---
138138

@@ -148,7 +148,7 @@ The Azure Attestation extension won't work properly when you set up a network se
148148

149149
### Solutions
150150

151-
In Azure, NSGs are used to help filter network traffic between Azure resources. NSGs contain security rules that either allow or deny inbound network traffic, or outbound network traffic from several types of Azure resources. The Azure Attestation endpoint should be able to communicate with the Guest Attestation extension. Without this endpoint, Trusted launch can't access guest attestation, which allows Microsoft Defender for Cloud to monitor the integrity of the boot sequence of your VMs.
151+
In Azure, NSGs are used to help filter network traffic between Azure resources. NSGs contain security rules that either allow or deny inbound network traffic, or outbound network traffic from several types of Azure resources. The Azure Attestation endpoint should be able to communicate with the Guest Attestation extension. Without this endpoint, Trusted Launch can't access guest attestation, which allows Microsoft Defender for Cloud to monitor the integrity of the boot sequence of your VMs.
152152

153153
To unblock Azure Attestation traffic in NSGs by using service tags:
154154

@@ -162,9 +162,9 @@ To unblock Azure Attestation traffic in NSGs by using service tags:
162162

163163
:::image type="content" source="media/trusted-launch/unblocking-NSG.png" alt-text="Screenshot that shows how to make the destination a service tag.":::
164164

165-
Firewalls protect a virtual network, which contains multiple Trusted launch VMs. To unblock Azure Attestation traffic in a firewall by using an application rule collection:
165+
Firewalls protect a virtual network, which contains multiple Trusted Launch VMs. To unblock Azure Attestation traffic in a firewall by using an application rule collection:
166166

167-
1. Go to the Azure Firewall instance that has traffic blocked from the Trusted launch VM resource.
167+
1. Go to the Azure Firewall instance that has traffic blocked from the Trusted Launch VM resource.
168168
1. Under **Settings**, select **Rules (classic)** to begin unblocking guest attestation behind the firewall.
169169
1. Under **Network rule collection**, select **Add network rule collection**.
170170

@@ -174,7 +174,7 @@ Firewalls protect a virtual network, which contains multiple Trusted launch VMs.
174174

175175
To unblock Azure Attestation traffic in a firewall by using an application rule collection:
176176

177-
1. Go to the Azure Firewall instance that has traffic blocked from the Trusted launch VM resource.
177+
1. Go to the Azure Firewall instance that has traffic blocked from the Trusted Launch VM resource.
178178

179179
:::image type="content" source="./media/trusted-launch/firewall-rule.png" lightbox="./media/trusted-launch/firewall-rule.png" alt-text="Screenshot that shows adding traffic for the application rule route.":::
180180

@@ -196,4 +196,4 @@ Azure Attestation provides a [regional shared provider](https://maainfo.azureweb
196196
197197
## Related content
198198

199-
Learn more about [Trusted launch](trusted-launch.md) and [deploying a trusted VM](trusted-launch-portal.md).
199+
Learn more about [Trusted Launch](trusted-launch.md) and [deploying a trusted VM](trusted-launch-portal.md).

0 commit comments

Comments
 (0)