edits

ktoliver · ktoliver · commit 877d0858a813 · 2024-08-29T13:48:13.000-07:00
diff --git a/articles/trusted-signing/TOC.yml b/articles/trusted-signing/TOC.yml
@@ -22,7 +22,7 @@
       href: how-to-cert-revocation.md
     - name: Renew Trusted Signing identity validation
       href: how-to-renew-identity-validation.md
-    - name: Change Pricing Tier
+    - name: Change the account SKU (pricing tier)
       href: how-to-change-sku.md
     - name: Device Guard Signing Service Migration 
       href: how-to-device-guard-signing-service-migration.md
diff --git a/articles/trusted-signing/faq.yml b/articles/trusted-signing/faq.yml
@@ -77,10 +77,12 @@ sections:
           FIPS 140-2 Level 3 (mHSMs).
       - question: How do I include the appropriate EKU for our certificates in the ELAM driver resources? 
         answer: |
-          For information about the Early Launch Antimalware (ELAM) driver configuration for protecting anti-malware user-mode services, see the following guidance: "Beginning in 2022, all user mode anti-malware service binaries must be signed by Microsoft's Trusted Signing signing service. The Trusted Signing issued Authenticode certificate for signing anti-malware binaries is updated every 30 days for security. To prevent the need to update the ELAM driver every time the certificate is updated, we recommend that anti-malware vendors include the Trusted Signing PCA certificate TBS hash in the CertHash portion of the ELAM driver resource file info. Additionally, the anti-malware vendor must include their unique Trusted Signing EKU identity in the EKU field of the resource file info. The EKU identity will begin with the prefix `1.3.6.1.4.1.311.97.*`."
+          For information about the Early Launch Antimalware (ELAM) driver configuration for protecting antimalware user-mode services, see the following guidance:  
+          
+          "Beginning in 2022, all user mode anti-malware service binaries must be signed by Microsoft's Trusted Signing signing service. The Trusted Signing issued Authenticode certificate for signing anti-malware binaries is updated every 30 days for security. To prevent the need to update the ELAM driver every time the certificate is updated, we recommend that anti-malware vendors include the Trusted Signing PCA certificate TBS hash in the CertHash portion of the ELAM driver resource file info. Additionally, the anti-malware vendor must include their unique Trusted Signing EKU identity in the EKU field of the resource file info. The EKU identity will begin with the prefix `1.3.6.1.4.1.311.97.*`."
           
           For the Microsoft ID Verified Code Signing PCA 2021 certificate, see the [Microsoft PKI Services repository](https://www.microsoft.com/pkiops/docs/repository.htm).
-      - question: What happens if we run binaries that are signed by using Trusted Signing on a computer that doesn't have the Trusted Signing update (especially binaries that are flagged for /INTEGRITYCHECK?
+      - question: What happens if we run binaries that are signed by using Trusted Signing on a computer that doesn't have the Trusted Signing update (especially binaries that are flagged for /INTEGRITYCHECK)?
         answer: |
           - If an /INTEGRITYCHECK flag is set, the user's signature isn't validated at runtime and it isn't run with /INTEGRITYCHECK.  
           - To check whether the Trusted Signing update is installed, we recommend that you check against one of your packaged /INTEGRITYCHECK-linked DLLs. You can use a test version. This way, you can complete your check and determine the availability of our /INTEGRITYCHECK-linked binaries outside the platform.
diff --git a/articles/trusted-signing/how-to-change-sku.md b/articles/trusted-signing/how-to-change-sku.md
@@ -29,13 +29,13 @@ The following table describes key account details for the Basic SKU and the Prem
 | Private Trust signing             | Yes               | Yes  |
 
 > [!NOTE]
-> The pricing tier is also called the account *SKU*.
+> The pricing tier is also called the *account SKU*.
 
 ## Change the SKU
 
 You can change the SKU for a Trusted Signing account at any time by upgrading to Premium or by downgrading to Basic. You can change the SKU by using either the Azure portal or the Azure CLI.
 
-Things to keep in mind:
+Considerations:
 
 - SKU updates are effective beginning in the next billing cycle.
 - SKU limitations for an updated SKU are enforced after the update is successful.
