Merge pull request #291834 from kgremban/dec11-sfidps

prmerger-automator[bot] · web-flow · commit 90ffdc826d6a · 2024-12-11T21:49:52.000Z
SFI - ROPC - DPS
diff --git a/articles/iot-dps/quick-enroll-device-tpm.md b/articles/iot-dps/quick-enroll-device-tpm.md
@@ -36,8 +36,7 @@ Although these steps work on both Windows and Linux computers, this article uses
 
 * (Optional) If you want to enroll a simulated device at the end of this article, follow the procedure in [Create and provision a simulated TPM device](quick-create-simulated-device-tpm.md?pivots=programming-language-csharp) up to the step where you get an endorsement key for the device. Save the **Endorsement key**, as you use it later in this article.
 
-    > [!NOTE]
-    > Don't follow the steps to create an individual enrollment by using the Azure portal.
+  Don't follow the steps to create an individual enrollment by using the Azure portal.
 
 :::zone-end
 
@@ -47,8 +46,7 @@ Although these steps work on both Windows and Linux computers, this article uses
 
 * (Optional) If you want to enroll a simulated device at the end of this article, follow the procedure in [Create and provision a simulated TPM device](quick-create-simulated-device-tpm.md?pivots=programming-language-nodejs) up to the step where you get an endorsement key and registration ID for the device. Save the **Endorsement key** and **Registration ID**, as you use them later in this article.
 
-    > [!NOTE]
-    > Don't follow the steps to create an individual enrollment by using the Azure portal.
+  Don't follow the steps to create an individual enrollment by using the Azure portal.
 
 :::zone-end
 
@@ -62,45 +60,13 @@ Although these steps work on both Windows and Linux computers, this article uses
 
 * (Optional) If you want to enroll a simulated device at the end of this article, follow the procedure in [Create and provision a simulated TPM device](quick-create-simulated-device-tpm.md?pivots=programming-language-java) up to the step where you get an endorsement key for the device. Note the **Endorsement key** and the **Registration ID**, as you use them later in this article.
 
-    > [!NOTE]
-    > Don't follow the steps to create an individual enrollment by using the Azure portal.
-
-:::zone-end
-
-## Get TPM endorsement key (Optional)
-
-You can follow the steps in this article to create a sample individual enrollment. In this, case, you'll be able to view the enrollment entry in DPS, but you won't be able to use it to provision a device.
-
-:::zone pivot="programming-language-csharp"
-
-You can also choose to follow the steps in this article to create an individual enrollment and enroll a simulated TPM device. If you want to enroll a simulated device at the end of this article, follow the procedure in [Create and provision a simulated TPM device](quick-create-simulated-device-tpm.md?pivots=programming-language-csharp) up to the step where you get an endorsement key for the device. Save the **Endorsement key**, as you use it later in this article.
-
-> [!NOTE]
-> Don't follow the steps to create an individual enrollment by using the Azure portal.
-
-:::zone-end
-
-:::zone pivot="programming-language-nodejs"
-
-You can also choose to follow the steps in this article to create an individual enrollment and enroll a simulated TPM device. If you want to enroll a simulated device at the end of this article, follow the procedure in [Create and provision a simulated TPM device](quick-create-simulated-device-tpm.md?pivots=programming-language-nodejs) up to the step where you get an endorsement key and registration ID for the device. Save the **Endorsement key** and **Registration ID**, as you use them later in this article.
-
-> [!NOTE]
-> Don't follow the steps to create an individual enrollment by using the Azure portal.
-
-:::zone-end
-
-:::zone pivot="programming-language-java"
-
-You can also choose to follow the steps in this article to create an individual enrollment and enroll a simulated TPM device. If you want to enroll a simulated device at the end of this article, follow the procedure in [Create and provision a simulated TPM device](quick-create-simulated-device-tpm.md?pivots=programming-language-java) up to the step where you get an endorsement key for the device. Note the **Endorsement key** and the **Registration ID**, as you use them later in this article.
-
-> [!NOTE]
-> Don't follow the steps to create an individual enrollment by using the Azure portal.
+  Don't follow the steps to create an individual enrollment by using the Azure portal.
 
 :::zone-end
 
 ## Get the connection string for your provisioning service
 
-For the sample in this article, you'll need to copy the connection string for your provisioning service.
+For the sample in this article, you use the connection string for your provisioning service.
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
@@ -226,6 +192,9 @@ This section shows you how to create a .NET Core console app that adds an indivi
 
 :::zone pivot="programming-language-nodejs"
 
+>[!TIP]
+>For simplicity, this sample uses SAS authentication to connect to the DPS service API. A more secure approach is to use Azure token credentials. For an example of that authentication method, see the [create_tpm_enrollment_with_token_credentials.js](https://github.com/Azure/azure-iot-sdk-node/blob/main/provisioning/service/samples/create_tpm_enrollment_with_token_credential.js) sample in the Node.js SDK.
+
 1. From a command window in your working folder, run:
   
     ```cmd\sh
@@ -480,7 +449,7 @@ If you plan to explore the DPS tutorials, don't clean up the resources created i
 
 ## Next steps
 
-In this article, you’ve programmatically created an individual enrollment entry for a TPM device. Optionally, you created a TPM simulated device on your computer and provisioned it to your IoT hub using the Azure IoT Hub Device Provisioning Service. To explore further, check out the following links:
+In this article, you programmatically created an individual enrollment entry for a TPM device. Optionally, you created a TPM simulated device on your computer and provisioned it to your IoT hub using the Azure IoT Hub Device Provisioning Service. To explore further, check out the following links:
 
 * For more information about TPM attestation with DPS, see [TPM attestation](concepts-x509-attestation.md).
 
diff --git a/articles/iot-dps/quick-enroll-device-x509.md b/articles/iot-dps/quick-enroll-device-x509.md
@@ -16,7 +16,7 @@ ms.subservice: azure-iot-hub-dps
  
 # Programmatically create a Device Provisioning Service enrollment group for X.509 certificate attestation
 
-This article shows you how to programmatically create an [enrollment group](concepts-service.md#enrollment-group) that uses intermediate or root CA X.509 certificates. The enrollment group is created by using the [Azure IoT Hub DPS service SDK](libraries-sdks.md#service-sdks) and a sample application. An enrollment group controls access to the provisioning service for devices that share a common signing certificate in their certificate chain. To learn more, see [Use X.509 certificates with DPS](./concepts-x509-attestation.md#authentication-using-x509-certificates). For more information about using X.509 certificate-based Public Key Infrastructure (PKI) with Azure IoT Hub and Device Provisioning Service, see [X.509 CA certificate security overview](../iot-hub/iot-hub-x509ca-overview.md).
+This article shows you how to programmatically create an [enrollment group](concepts-service.md#enrollment-group) in Azure IoT Hub Device Provisioning Service (DPS) that uses intermediate or root CA X.509 certificates. The enrollment group is created by using the [Azure IoT service SDK](libraries-sdks.md#service-sdks) and a sample application. An enrollment group controls access to the provisioning service for devices that share a common signing certificate in their certificate chain. To learn more, see [Use X.509 certificates with DPS](./concepts-x509-attestation.md#authentication-using-x509-certificates). For more information about using X.509 certificate-based Public Key Infrastructure (PKI) with Azure IoT Hub and Device Provisioning Service, see [X.509 CA certificate security overview](../iot-hub/iot-hub-x509ca-overview.md).
 
 ## Prerequisites
 
@@ -224,6 +224,9 @@ This section shows you how to create a .NET Core console application that adds a
 
 This section shows you how to create a Node.js script that adds an enrollment group to your provisioning service.
 
+>[!TIP]
+>For simplicity, this sample uses SAS authentication to connect to the DPS service API. A more secure approach is to use Azure token credentials. For an example of that authentication method, see the [create_tpm_enrollment_with_token_credentials.js](https://github.com/Azure/azure-iot-sdk-node/blob/main/provisioning/service/samples/create_tpm_enrollment_with_token_credential.js) sample in the Node.js SDK.
+
 1. From a command window in your working folder, run:
 
      ```cmd\sh
