fixing references to code signing in faq and role assignments docs

Author: microsoftshawarma

articles/trusted-signing/faq.yml

@@ -71,7 +71,7 @@ sections:
           FIPS 140-2 level 3 (mHSMs)
       - question: How to include the appropriate EKU for our certificates into the ELAM driver resources? 
         answer: |
-          - For information regarding ELAM driver config for Protected Anti-Malware Services, refer to the following guidance: "Beginning in 2022, all user mode anti-malware service binaries must be signed by Microsoft's Azure Code Sign signing service. The Trusted Signing issued Authenticode certificate for signing anti-malware binaries is updated every 30 days for security. To prevent the need to update the ELAM driver every time the certificate is updated, we recommend that anti-malware vendors include the Azure Code Sign PCA certificate TBS hash in the CertHash portion of the ELAM driver resource file info. Additionally, the anti-malware vendor must include their unique Trusted Signing EKU identity in the EKU field of the resource file info. The EKU identity will begin with the prefix *1.3.6.1.4.1.311.97.*."
+          - For information regarding ELAM driver config for Protected Anti-Malware Services, refer to the following guidance: "Beginning in 2022, all user mode anti-malware service binaries must be signed by Microsoft's [Trusted Signing] signing service. The Trusted Signing issued Authenticode certificate for signing anti-malware binaries is updated every 30 days for security. To prevent the need to update the ELAM driver every time the certificate is updated, we recommend that anti-malware vendors include the [Trusted Signing] PCA certificate TBS hash in the CertHash portion of the ELAM driver resource file info. Additionally, the anti-malware vendor must include their unique Trusted Signing EKU identity in the EKU field of the resource file info. The EKU identity will begin with the prefix *1.3.6.1.4.1.311.97.*."
           - See the [PKI Repository](https://www.microsoft.com/pkiops/docs/repository.htm) page for the Microsoft ID Verified Code Signing PCA 2021 cert.
       - question: What happens if we run Trusted Signing binaries on a signed on machine that doesn't have the Trusted Signing update (especially binaries that are INTEGRITYCHECK-ed)?
         answer: |

articles/trusted-signing/tutorial-assign-roles.md

@@ -36,8 +36,8 @@ Complete the following steps to assign roles in Trusted Signing.
 4. For more granular access control on the certificate profile level, you can use the Azure CLI to assign roles. The following commands can be used to assign the _Code Signing Certificate Profile Signer_ role to users/service principles to sign files. 
 ```
 az role assignment create --assignee <objectId of user/service principle> 
---role "Code Signing Certificate Profile Signer" 
---scope "/subscriptions/<subscriptionId>/resourceGroups/<resource-group-name>/providers/Microsoft.CodeSigning/codeSigningAccounts/<codesigning-account-name>/certificateProfiles/<profileName>" 
+--role "Trusted Signing Certificate Profile Signer" 
+--scope "/subscriptions/<subscriptionId>/resourceGroups/<resource-group-name>/providers/Microsoft.CodeSigning/trustedSigningAccounts/<trustedsigning-account-name>/certificateProfiles/<profileName>" 
 ```
 
 ## Related content