edits

davidsmatlak · davidsmatlak · commit 78e5e2b74018 · 2024-03-25T10:52:30.000-07:00
diff --git a/articles/governance/policy/assign-policy-terraform.md b/articles/governance/policy/assign-policy-terraform.md
@@ -1,19 +1,19 @@
 ---
 title: "Quickstart: New policy assignment with Terraform"
-description: In this quickstart, you use Terraform and HCL syntax to create a policy assignment to identify non-compliant resources.
-ms.date: 03/01/2023
+description: In this quickstart, you use Terraform and Hashicorp Configuration Language (HCL) syntax to create a policy assignment to identify non-compliant resources.
+ms.date: 03/25/2024
 ms.topic: quickstart
 ms.custom: devx-track-terraform
 ms.tool: terraform
 ---
+
 # Quickstart: Create a policy assignment to identify non-compliant resources using Terraform
 
 The first step in understanding compliance in Azure is to identify the status of your resources.
 This quickstart steps you through the process of creating a policy assignment to identify virtual
 machines that aren't using managed disks.
 
-At the end of this process, you'll successfully identify virtual machines that aren't using managed
-disks across subscription. They're _non-compliant_ with the policy assignment.
+At the end of this process, you identify virtual machines that aren't using managed disks across subscription. They're _non-compliant_ with the policy assignment.
 
 ## Prerequisites
 
@@ -28,17 +28,14 @@ disks across subscription. They're _non-compliant_ with the policy assignment.
 
 ## Create the Terraform configuration, variable, and output file
 
-In this quickstart, you create a policy assignment and assign the **Audit VMs that do not use
-managed disks** (`06a78e20-9358-41c9-923c-fb736d382a4d`) definition. This policy definition
-identifies resources that aren't compliant to the conditions set in the policy definition.
+In this quickstart, you create a policy assignment and assign the [Audit VMs that do not use managed disks](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMRequireManagedDisk_Audit.json) definition. This policy definition identifies resources that aren't compliant to the conditions set in the policy definition.
 
-First, configure the Terraform configuration, variable, and output files. The Terraform resources
-for Azure Policy use the
-[Azure Provider](https://www.terraform.io/docs/providers/azurerm/index.html).
+Configure the Terraform configuration, variable, and output files. The Terraform resources
+for Azure Policy use the [Azure Provider](https://www.terraform.io/docs/providers/azurerm/index.html).
 
 1. Create a new folder named `policy-assignment` and change directories into it.
 
-2. Create `main.tf` with the following code:
+1. Create `main.tf` with the following code:
 
     > [!NOTE]
     > To create a Policy Assignment at a Management Group use the [azurerm_management_group_policy_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_policy_assignment) resource, for a Resource Group use the [azurerm_resource_group_policy_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_policy_assignment) and for a Subscription use the [azurerm_subscription_policy_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription_policy_assignment) resource.
@@ -55,7 +52,7 @@ for Azure Policy use the
               source = "hashicorp/azurerm"
               version = ">= 2.96.0"
           }
-      }
+        }
       }
 
       resource "azurerm_subscription_policy_assignment" "auditvms" {
@@ -66,7 +63,8 @@ for Azure Policy use the
       display_name = "Audit VMs without managed disks assignment"
       }
     ```
-3. Create `variables.tf` with the following code:
+
+1. Create `variables.tf` with the following code:
 
     ```terraform
     variable "cust_scope" {
@@ -80,7 +78,7 @@ for Azure Policy use the
    - Resource group: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`
    - Resource: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]`
 
-4. Create `output.tf` with the following code:
+1. Create `output.tf` with the following code:
 
     ```terraform
     output "assignment_id" {
@@ -90,7 +88,7 @@ for Azure Policy use the
 
 ## Initialize Terraform and create plan
 
-Next, initialize Terraform to download the necessary providers and then create a plan.
+Initialize Terraform to download the necessary providers and then create a plan.
 
 1. Run the [terraform init](https://www.terraform.io/docs/commands/init.html) command. This command
    downloads the Azure modules required to create the Azure resources in the Terraform
@@ -124,7 +122,7 @@ Next, initialize Terraform to download the necessary providers and then create a
 
 ## Apply the Terraform execution plan
 
-Last, apply the execution plan.
+Apply the execution plan.
 
 Run the [terraform apply](https://www.terraform.io/docs/commands/apply.html) command and specify the
 `assignment.tfplan` already created.
@@ -135,7 +133,7 @@ terraform apply assignment.tfplan
 
 :::image type="content" source="./media/assign-policy-terraform/terraform-apply.png" alt-text="Screenshot of running the terraform apply command and the resulting resource creation.":::
 
-With the "Apply complete! Resources: 1 added, 0 changed, 0 destroyed." message, the policy
+With the `Apply complete! Resources: 1 added, 0 changed, 0 destroyed.` message, the policy
 assignment is now created. Since we defined the `outputs.tf` file, the _assignment\_id_ is also
 returned.
 
@@ -153,25 +151,25 @@ Your results resemble the following example:
 
 ```json
 {
-    "@odata.context": "https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest",
-    "@odata.count": 3,
-    "value": [{
-            "@odata.id": null,
-            "@odata.context": "https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity",
-            "ResourceId": "/subscriptions/<subscriptionId>/resourcegroups/<rgname>/providers/microsoft.compute/virtualmachines/<virtualmachineId>"
-        },
-        {
-            "@odata.id": null,
-            "@odata.context": "https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity",
-            "ResourceId": "/subscriptions/<subscriptionId>/resourcegroups/<rgname>/providers/microsoft.compute/virtualmachines/<virtualmachine2Id>"
-        },
-        {
-            "@odata.id": null,
-            "@odata.context": "https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity",
-            "ResourceId": "/subscriptions/<subscriptionName>/resourcegroups/<rgname>/providers/microsoft.compute/virtualmachines/<virtualmachine3ID>"
-        }
-
-    ]
+  "@odata.context": "https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest",
+  "@odata.count": 3,
+  "value": [
+    {
+      "@odata.id": null,
+      "@odata.context": "https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity",
+      "ResourceId": "/subscriptions/<subscriptionId>/resourcegroups/<rgname>/providers/microsoft.compute/virtualmachines/<virtualmachineId>"
+    },
+    {
+      "@odata.id": null,
+      "@odata.context": "https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity",
+      "ResourceId": "/subscriptions/<subscriptionId>/resourcegroups/<rgname>/providers/microsoft.compute/virtualmachines/<virtualmachine2Id>"
+    },
+    {
+      "@odata.id": null,
+      "@odata.context": "https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity",
+      "ResourceId": "/subscriptions/<subscriptionName>/resourcegroups/<rgname>/providers/microsoft.compute/virtualmachines/<virtualmachine3ID>"
+    }
+  ]
 }
 ```
 
@@ -204,4 +202,4 @@ To learn more about assigning policies to validate that new resources are compli
 tutorial for:
 
 > [!div class="nextstepaction"]
-> [Creating and managing policies](./tutorials/create-and-manage.md)
+> [Tutorial: Create and manage policies to enforce compliance](./tutorials/create-and-manage.md)
