enrollments ui - review 1

kgremban · kgremban · commit 6d11b87e4bff · 2023-03-20T16:09:00.000-07:00
diff --git a/articles/iot-dps/how-to-manage-enrollments.md b/articles/iot-dps/how-to-manage-enrollments.md
@@ -75,7 +75,7 @@ For a walkthrough of how to create and use individual enrollments with X.509 cer
 To create a X.509 certificate individual enrollment:
 
 <!-- INCLUDE -->
-[!INCLUDE [iot-dps-individual-enrollment-tpm.md](../../includes/iot-dps-individual-enrollment-tpm.md)]
+[!INCLUDE [iot-dps-individual-enrollment-x509.md](../../includes/iot-dps-individual-enrollment-x509.md)]
 
 # [TPM](#tab/tpm)
 
@@ -84,7 +84,7 @@ For a walkthrough of how to create and use individual enrollments using TPM atte
 To create a TPM individual enrollment:
 
 <!-- INCLUDE -->
-[!INCLUDE [iot-dps-individual-enrollment-x509.md](../../includes/iot-dps-individual-enrollment-x509.md)]
+[!INCLUDE [iot-dps-individual-enrollment-tpm.md](../../includes/iot-dps-individual-enrollment-tpm.md)]
 
 ---
 
diff --git a/articles/iot-dps/how-to-provision-multitenant.md b/articles/iot-dps/how-to-provision-multitenant.md
@@ -87,29 +87,25 @@ For simplicity, this tutorial uses [Symmetric key attestation](concepts-symmetri
 
 1. Select **Next: IoT hubs**.
 
-1. On the **IoT hubs** tab of the **Add enrollment group** page, select **Add link to IoT hub** in the **Target IoT hubs** section.
+1. Use the following steps to add your two IoT hubs to the enrollment group:
 
-1. On the **Add link to IoT hub** page, select the IoT hub that you created in the *eastus* region and assign it the *iothubowner* access.
+   1. On the **IoT hubs** tab of the **Add enrollment group** page, select **Add link to IoT hub** in the **Target IoT hubs** section.
 
-1. Select **Save**.
+   1. On the **Add link to IoT hub** page, select the IoT hub that you created in the *eastus* region and assign it the *iothubowner* access.
 
-1. Select **Add link to IoT hub** again, and follow the same steps to add the IoT hub that you created in the *westus2* region.
+   1. Select **Save**.
 
-1. In the **Target IoT hubs** dropdown menu, select both IoT hubs.
+   1. Select **Add link to IoT hub** again, and follow the same steps to add the IoT hub that you created in the *westus2* region.
+
+   1. In the **Target IoT hubs** dropdown menu, select both IoT hubs.
 
 1. For the **Allocation policy**, select **Lowest latency**.
 
 1. Select **Review + create**.
 
 1. On the **Review + create** tab, verify all of your values then select **Create**.
 
-1. Repeat Steps 5 through 7 for the second IoT hub that you created for the *westgus* location.
-
-1. Select the two IoT Hubs you created in the **Select the IoT hubs this group can be assigned to** drop down.
-
-1. Select **Save**
-
-1. Select *contoso-us-devices* from the enrollment groups list.
+1. Once your enrollment group is creted, select its name *contoso-us-devices* from the enrollment groups list.
 
 1. Copy the *Primary key*. This key will be used later to generate unique device keys for both simulated devices.
 
diff --git a/articles/iot-dps/how-to-reprovision.md b/articles/iot-dps/how-to-reprovision.md
@@ -18,19 +18,23 @@ For more a more detailed overview of reprovisioning scenarios, see [IoT Hub Devi
 
 ## Set the reprovision policy
 
+The following steps configure the reprovision policy for an individual enrollment or enrollment group:
+
 1. Sign in to the [Azure portal](https://portal.azure.com) and navigate to your Device Provisioning Service instance.
 
-2. Select **Manage enrollments**, and then select the enrollment group or individual enrollment that you want to configure for reprovisioning.
+2. Select **Manage enrollments**, and then select either the **Enrollment groups** or **Individual enrollments** tabs.
+
+3. Select the name of the enrollment group or individual enrollment that you want to configure for reprovisioning.
 
-3. Use the dropdown menu under **Reprovision policy** to choose one of the following reprovisioning policies:
+4. Use the dropdown menu under **Reprovision policy** to choose one of the following reprovisioning policies:
 
    * **Never reprovision device**.
 
    * **Reprovision device and reset to initial state**: This policy takes action when devices associated with the enrollment entry submit a new provisioning request. Depending on the enrollment entry configuration, the device may be reassigned to another IoT hub. If the device is changing IoT hubs, the device registration with the initial IoT hub will be removed. The initial configuration data that the provisioning service instance received when the device was provisioned is provided to the new IoT hub. During migration, the device's status will be reported as **Assigning**.
 
    * **Reprovision device and migrate current state**: This policy takes action when devices associated with the enrollment entry submit a new provisioning request. Depending on the enrollment entry configuration, the device may be reassigned to another IoT hub. If the device is changing IoT hubs, the device registration with the initial IoT hub will be removed. All device state information from that initial IoT hub will be migrated over to the new IoT hub. During migration, the device's status will be reported as **Assigning**
 
-4. Select **Save** to enable the reprovisioning of the device based on your changes.
+5. Select **Save** to enable the reprovisioning of the device based on your changes.
 
 ## Configure the enrollment allocation policy
 
@@ -40,11 +44,13 @@ The following steps configure the allocation policy for a device's enrollment:
 
 1. Sign in to the [Azure portal](https://portal.azure.com) and navigate to your Device Provisioning Service instance.
 
-2. Select **Manage enrollments**, and then select the enrollment group or individual enrollment that you want to configure for reprovisioning.
+2. Select **Manage enrollments**, and then select either the **Enrollment groups** or **Individual enrollments** tabs.
+
+3. Select the name of the enrollment group or individual enrollment that you want to configure for reprovisioning.
 
-3. On the **Enrollment details** page, select the **IoT hubs** tab.
+4. On the **Enrollment details** page, select the **IoT hubs** tab.
 
-4. Select one of the following allocation policies:
+5. Select one of the following allocation policies:
 
     * **Static**: This policy requires a desired IoT hub be listed in the enrollment entry for a device to be provisioned. This policy allows you to designate a single IoT hub that you want to assign devices to.
 
@@ -54,7 +60,7 @@ The following steps configure the allocation policy for a device's enrollment:
 
     * **Custom (use Azure Function)**: This policy uses a custom webhook hosted in Azure Functions to assign devices to one or more IoT hubs. Custom allocation policies give you more control over how devices are assigned to your IoT hubs. To learn more, see [Understand custom allocation policies](concepts-custom-allocation.md).
 
-5. Under **Target IoT hubs**, select the linked IoT hubs that you want included in your allocation policy. Optionally, add a new linked Iot hub using the **Add link to IoT hub** button.
+6. Under **Target IoT hubs**, select the linked IoT hubs that you want included in your allocation policy. Optionally, add a new linked Iot hub using the **Add link to IoT hub** button.
 
     * With the **Static configuration** allocation policy, select the IoT hub you want devices assigned to.
 
@@ -64,7 +70,7 @@ The following steps configure the allocation policy for a device's enrollment:
 
     * With the **Custom** allocation policy, select the IoT hubs you want evaluated for assignment by your custom allocation webhook.
 
-6. Select **Save**.
+7. Select **Save**.
 
 ## Send a provisioning request from the device
 
diff --git a/articles/iot-dps/how-to-revoke-device-access-portal.md b/articles/iot-dps/how-to-revoke-device-access-portal.md
@@ -91,18 +91,18 @@ To disallow an individual device in an enrollment group, follow these steps:
 
    - If you have the device certificate, provide the following values on the **Add enrollment** page:
 
-   | Field | Description |
-   | :---- | :---------- |
-   | **Attestation mechanism** | Select **X.509 client certificates** |
-   | **Primary certificate file** | Upload the device certificate. For the certificate, use the signed end-entity certificate installed on the device. The device uses the signed end-entity certificate for authentication. |
+     | Field | Description |
+     | :---- | :---------- |
+     | **Attestation mechanism** | Select **X.509 client certificates** |
+     | **Primary certificate file** | Upload the device certificate. For the certificate, use the signed end-entity certificate installed on the device. The device uses the signed end-entity certificate for authentication. |
 
    - If you don't have the device certificate, provide the following values on the **Add enrollment** page:
 
-   | Field | Description |
-   | :---- | :---------- |
-   | **Attestation mechanism** | Select **Symmetric key** |
-   | **Generate symmetric keys automatically** |: Make sure this checkbox is selected. The keys don't matter for this scenario. |
-   | **Registration ID** | If the device has already been provisioned, use its IoT Hub device ID. You can find this in the registration records of the enrollment group, or in the IoT hub that the device was provisioned to. If the device has not yet been provisioned, enter the device certificate CN. (In this latter case, you don't need the device certificate, but you will need to know the CN.) |
+     | Field | Description |
+     | :---- | :---------- |
+     | **Attestation mechanism** | Select **Symmetric key** |
+     | **Generate symmetric keys automatically** |: Make sure this checkbox is selected. The keys don't matter for this scenario. |
+     | **Registration ID** | If the device has already been provisioned, use its IoT Hub device ID. You can find this in the registration records of the enrollment group, or in the IoT hub that the device was provisioned to. If the device has not yet been provisioned, enter the device certificate CN. (In this latter case, you don't need the device certificate, but you will need to know the CN.) |
 
 1. Scroll to the bottom of the **Add enrollment** page and uncheck the **Enable this enrollment** checkbox.
 
diff --git a/articles/iot-dps/how-to-roll-certificates.md b/articles/iot-dps/how-to-roll-certificates.md
@@ -68,7 +68,7 @@ Updating enrollment entries for rolled certificates is accomplished on the **Man
 
    :::image type="content" source="./media/how-to-roll-certificates/manage-enrollments-portal.png" alt-text="Screenshot that shows the Manage enrollments page in the Azure portal.":::
 
-1. Select the **Individual enrollments** tab, and select the registration ID entry in the list.
+1. Select the **Individual enrollments** tab, and select the registration ID entry from the list.
 
 1. Check the **Remove or replace primary/secondary certificate** checkboxes if you want to delete an existing certificate. Select the file folder icon to browse for and upload the new certificates.
 
@@ -122,9 +122,9 @@ If you are rolling certificates to handle certificate expirations, you should us
 
 1. Select **Manage enrollments** from the **Settings** section of the navigation menu for your Device Provisioning Service instance, and select the **Enrollment groups** tab.
 
-1. Select the group name in the list.
+1. Select the group name grom the list.
 
-2. Check the **Remove or replace primary/secondary certificate** checkboxes if you want to delete an existing certificate. Select the file folder icon to browse for and upload the new certificates.
+1. Check the **Remove or replace primary/secondary certificate** checkboxes if you want to delete an existing certificate. Select the file folder icon to browse for and upload the new certificates.
 
    If any of your certificates were compromised, you should remove them as soon as possible.
 
@@ -133,8 +133,8 @@ If you are rolling certificates to handle certificate expirations, you should us
    Each intermediate certificate should be signed by a verified root CA certificate that has already been added to the provisioning service. For more information, see [X.509 certificates](concepts-x509-attestation.md#x509-certificates).
 
    :::image type="content" source="./media/how-to-roll-certificates/enrollment-group-delete-intermediate-cert.png" alt-text="Screenshot that shows replacing an intermediate certificate for an enrollment group.":::
-   
-3. If you removed a compromised certificate from the provisioning service, the certificate can still be used to make device connections to the IoT hub as long as device registrations for it exists there. You can address this two ways:
+
+1. If you removed a compromised certificate from the provisioning service, the certificate can still be used to make device connections to the IoT hub as long as device registrations for it exists there. You can address this two ways:
 
     The first way would be to manually navigate to your IoT hub and immediately remove the device registration associated with the compromised certificate. Then when your devices provision again with updated certificates, a new device registration will be created for each one.
 
