edit pass: container-instances-tutorial-deploy-confidential-containers-cce-arm

Author: ShawnJackson

articles/container-instances/container-instances-tutorial-deploy-confidential-containers-cce-arm.md

@@ -1,5 +1,5 @@
 ---
-title: Tutorial - Prepare a deployment for a confidential container on Azure Container Instances
+title: "Tutorial: Prepare a deployment for a confidential container on Azure Container Instances"
 description: Learn how to create an Azure Resource Manager template for a confidential container deployment with a custom confidential computing enforcement policy.
 ms.topic: tutorial
 ms.author: tomcassidy
@@ -28,7 +28,7 @@ In this tutorial, you learn how to:
 
 ## Create an ARM template for a Container Instances container group
 
-In this tutorial, you deploy a Hello World application that generates a hardware attestation report. You start by creating an ARM template with a container group resource to define the properties of this application. You'll use this ARM template with the Azure CLI confcom tooling to generate a CCE policy for attestation.
+In this tutorial, you deploy a Hello World application that generates a hardware attestation report. You start by creating an ARM template with a container group resource to define the properties of this application. You then use this ARM template with the Azure CLI confcom tooling to generate a CCE policy for attestation.
 
 This tutorial uses [this ARM template](https://raw.githubusercontent.com/Azure-Samples/aci-confidential-hello-world/main/template.json?token=GHSAT0AAAAAAB5B6SJ7VUYU3G6MMQUL7KKKY7QBZBA). To view the source code for this application, see [Azure Container Instances Confidential Hello World](https://aka.ms/ccacihelloworld).
 
@@ -166,7 +166,7 @@ With the ARM template that you crafted and the Azure CLI confcom extension, you
    az confcom acipolicygen -a .\template.json --print-policy
    ```
 
-   When this command finishes, you should see a Base64 string generated as output in the following format. This string is the CCE policy that you copy and paste into your ARM template as the value of the `ccePolicy` property.
+   When this command finishes, a Base64 string generated as output should appear in the following format. This string is the CCE policy that you copy and paste into your ARM template as the value of the `ccePolicy` property.
 
    ```output
    cGFja2FnZSBwb2xpY3kKCmFwaV9zdm4gOj0gIjAuOS4wIgoKaW1wb3J0IGZ1dHVyZS5rZXl3b3Jkcy5ldmVyeQppbXBvcnQgZnV0dXJlLmtleXdvcmRzLmluCgpmcmFnbWVudHMgOj0gWwpdCgpjb250YWluZXJzIDo9IFsKICAgIHsKICAgICAgICAiY29tbWFuZCI6IFsiL3BhdXNlIl0sCiAgICAgICAgImVudl9ydWxlcyI6IFt7InBhdHRlcm4iOiAiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iLCAic3RyYXRlZ3kiOiAic3RyaW5nIiwgInJlcXVpcmVkIjogdHJ1ZX0seyJwYXR0ZXJuIjogIlRFUk09eHRlcm0iLCAic3RyYXRlZ3kiOiAic3RyaW5nIiwgInJlcXVpcmVkIjogZmFsc2V9XSwKICAgICAgICAibGF5ZXJzIjogWyIxNmI1MTQwNTdhMDZhZDY2NWY5MmMwMjg2M2FjYTA3NGZkNTk3NmM3NTVkMjZiZmYxNjM2NTI5OTE2OWU4NDE1Il0sCiAgICAgICAgIm1vdW50cyI6IFtdLAogICAgICAgICJleGVjX3Byb2Nlc3NlcyI6IFtdLAogICAgICAgICJzaWduYWxzIjogW10sCiAgICAgICAgImFsbG93X2VsZXZhdGVkIjogZmFsc2UsCiAgICAgICAgIndvcmtpbmdfZGlyIjogIi8iCiAgICB9LApdCmFsbG93X3Byb3BlcnRpZXNfYWNjZXNzIDo9IHRydWUKYWxsb3dfZHVtcF9zdGFja3MgOj0gdHJ1ZQphbGxvd19ydW50aW1lX2xvZ2dpbmcgOj0gdHJ1ZQphbGxvd19lbnZpcm9ubWVudF92YXJpYWJsZV9kcm9wcGluZyA6PSB0cnVlCmFsbG93X3VuZW5jcnlwdGVkX3NjcmF0Y2ggOj0gdHJ1ZQoKCm1vdW50X2RldmljZSA6PSB7ICJhbGxvd2VkIiA6IHRydWUgfQp1bm1vdW50X2RldmljZSA6PSB7ICJhbGxvd2VkIiA6IHRydWUgfQptb3VudF9vdmVybGF5IDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CnVubW91bnRfb3ZlcmxheSA6PSB7ICJhbGxvd2VkIiA6IHRydWUgfQpjcmVhdGVfY29udGFpbmVyIDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CmV4ZWNfaW5fY29udGFpbmVyIDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CmV4ZWNfZXh0ZXJuYWwgOj0geyAiYWxsb3dlZCIgOiB0cnVlIH0Kc2h1dGRvd25fY29udGFpbmVyIDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CnNpZ25hbF9jb250YWluZXJfcHJvY2VzcyA6PSB7ICJhbGxvd2VkIiA6IHRydWUgfQpwbGFuOV9tb3VudCA6PSB7ICJhbGxvd2VkIiA6IHRydWUgfQpwbGFuOV91bm1vdW50IDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CmdldF9wcm9wZXJ0aWVzIDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CmR1bXBfc3RhY2tzIDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CnJ1bnRpbWVfbG9nZ2luZyA6PSB7ICJhbGxvd2VkIiA6IHRydWUgfQpsb2FkX2ZyYWdtZW50IDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CnNjcmF0Y2hfbW91bnQgOj0geyAiYWxsb3dlZCIgOiB0cnVlIH0Kc2NyYXRjaF91bm1vdW50IDo9IHsgImFsbG93ZWQiIDogdHJ1ZSB9CnJlYXNvbiA6PSB7ImVycm9ycyI6IGRhdGEuZnJhbWV3b3JrLmVycm9yc30K
@@ -176,7 +176,7 @@ With the ARM template that you crafted and the Azure CLI confcom extension, you
 
 ## Deploy the template
 
-In the following steps, you use the Azure portal to deploy the template. In addition to the Azure portal, you can use the Azure PowerShell, Azure CLI, and REST API. To learn about other deployment methods, see [Deploy templates](../azure-resource-manager/templates/deploy-cli.md).
+In the following steps, you use the Azure portal to deploy the template. You can also use Azure PowerShell, the Azure CLI, and the REST API. To learn about other deployment methods, see [Deploy templates](../azure-resource-manager/templates/deploy-cli.md).
 
 1. Select the **Deploy to Azure** button to sign in to Azure and begin a Container Instances deployment.
 
@@ -188,7 +188,7 @@ In the following steps, you use the Azure portal to deploy the template. In addi
 
    The template JSON that appears is mostly blank.
 
-1. Select **Load file** and upload **template.json**, which you modified by adding the CCE policy in the previous steps.
+1. Select **Load file** and upload *template.json*, which you modified by adding the CCE policy in the previous steps.
 
    ![Screenshot of the button for loading a file.](./media/container-instances-confidential-containers-tutorials/confidential-containers-cce-load-file.png)
 
@@ -198,8 +198,8 @@ In the following steps, you use the Azure portal to deploy the template. In addi
 
    * **Subscription**: Select an Azure subscription.
    * **Resource group**: Select **Create new**, enter a unique name for the resource group, and then select **OK**.
-   * **Location**: Select a location for the resource group. Choose a region where [confidential containers are supported](./container-instances-region-availability.md#linux-container-groups). Example: **North Europe**.
    * **Name**: Accept the generated name for the instance, or enter a name.
+   * **Location**: Select a location for the resource group. Choose a region where [confidential containers are supported](./container-instances-region-availability.md#linux-container-groups). Example: **North Europe**.
    * **Image**: Accept the default image name. This sample Linux image displays a hardware attestation.
 
    Accept default values for the remaining properties, and then select **Review + create**.
@@ -228,11 +228,11 @@ In the following steps, you use the Azure portal to review the properties of the
 
     The presence of the attestation report below the Azure Container Instances logo confirms that the container is running on hardware that supports a TEE.
 
-    If you deploy to hardware that doesn't support a TEE (for example, by choosing a region where Container Instances Confidential is not available), no attestation report will appear.
+    If you deploy to hardware that doesn't support a TEE (for example, by choosing a region where Container Instances Confidential is not available), no attestation report appears.
 
 ## Related content
 
-Now that you deployed a confidential container group on Container Instances, you can learn more about how policies are enforced:
+Now that you've deployed a confidential container group on Container Instances, you can learn more about how policies are enforced:
 
 * [Confidential containers on Azure Container Instances](./container-instances-confidential-overview.md)
 * [Azure CLI confcom extension examples](https://github.com/Azure/azure-cli-extensions/blob/main/src/confcom/azext_confcom/README.md)

includes/container-instances-tutorial-prerequisites-confidential-containers.md

@@ -15,7 +15,7 @@ To complete this tutorial, you must satisfy the following requirements:
 
 * **Azure CLI**: You must have Azure CLI version 2.44.1 or later installed on your local computer. To find your version, run `az --version`. If you need to install or upgrade, see [Install the Azure CLI][azure-cli-install].
 
-* **Azure CLI confcom extension**: You must have the Azure CLI confcom extension version 0.30+ installed to generate confidential computing enforcement policies.
+* **Azure CLI confcom extension**: You must have Azure CLI confcom extension version 0.30+ installed to generate confidential computing enforcement policies.
 
   ```bash
    az extension add -n confcom