Updates

Author: msmbaldwin

articles/attestation/quickstart-powershell.md

@@ -16,7 +16,7 @@ ms.custom: devx-track-azurepowershell
 Follow the below steps to create and configure an attestation provider using Azure PowerShell. See [Overview of Azure PowerShell](/powershell/azure/) for information on how to install and run Azure PowerShell.
 
 > [!NOTE]
-> Az.Attestation module is now integrated into Az PowerShell module. Minimum version of Az module required to support attestation operations:
+> The Az.Attestation PowerShell module is now integrated into Az PowerShell module. Minimum version of Az module required to support attestation operations:
   - Az PowerShell module 6.5.0
 
 The PowerShell Gallery has deprecated Transport Layer Security (TLS) versions 1.0 and 1.1. TLS 1.2 or a later version is recommended. Hence you may receive the following errors:
@@ -121,14 +121,14 @@ In order to manage policies, an Azure AD user requires the following permissions
 - Microsoft.Attestation/attestationProviders/attestation/write
 - Microsoft.Attestation/attestationProviders/attestation/delete
 
- To perform these actions, an Azure AD user must have **Attestation Contributor** role on the attestation provider. These permissions can be also be inherited with roles such as **Owner** (wildcard permissions)/ **Contributor** (wildcard permissions) on  the subscription/ resource group.  
+ To perform these actions, an Azure AD user must have **Attestation Contributor** role on the attestation provider. These permissions can also be inherited with roles such as **Owner** (wildcard permissions)/ **Contributor** (wildcard permissions) on  the subscription/ resource group.  
 
 In order to read policies, an Azure AD user requires the following permission for "Actions":
 - Microsoft.Attestation/attestationProviders/attestation/read
 
- To perform this action, an Azure AD user must have **Attestation Reader** role on the attestation provider. The read permissions can be also be inherited with roles such as **Reader** (wildcard permissions) on  the subscription/ resource group.  
+ To perform this action, an Azure AD user must have **Attestation Reader** role on the attestation provider. The read permissions can also be inherited with roles such as **Reader** (wildcard permissions) on  the subscription/ resource group.  
 
-Below PowerShell cmdlets provide policy management for an attestation provider (one TEE at a time).
+These PowerShell cmdlets provide policy management for an attestation provider (one TEE at a time).
 
 Get-AzAttestationPolicy returns the current policy for the specified TEE. The cmdlet displays policy in both text and JWT format of the policy.
 
@@ -173,7 +173,7 @@ Remove-AzAttestationPolicySigner -Name $attestationProvider -ResourceGroupName $
 
 Policy signer certificate is a signed JWT with claim named "maa-policyCertificate". Value of the claim is a JWK, which contains the trusted signing key to add. The JWT must be signed with private key corresponding to any of the existing policy signer certificates.
 
-Note that all semantic manipulation of the policy signer certificate must be done outside of PowerShell. As far as PowerShell is concerned, it is a simple string.
+All semantic manipulation of the policy signer certificate must be done outside of PowerShell. As far as PowerShell is concerned, it is a simple string.
 
 For policy signer certificate sample, see [examples of policy signer certificate](policy-signer-examples.md).
 

articles/attestation/troubleshoot-guide.md

@@ -17,7 +17,7 @@ Error handling in Azure Attestation is implemented following [Microsoft REST API
 
 If your issue isn't addressed in this article, you can also submit an Azure support request on the [Azure support page](https://azure.microsoft.com/support/options/).
 
-## 1. HTTP–401: Unauthorized exception
+## HTTP–401: Unauthorized exception
 
 ### HTTP status code
 401
@@ -62,22 +62,22 @@ b. Refer to the guidance [here](../role-based-access-control/role-assignments-li
 
 c. If you don't find an appropriate role assignment, follow the instructions in [here](../role-based-access-control/role-assignments-powershell.md)
 
-## 2. HTTP – 400 errors
+## HTTP – 400 errors
 
 ### HTTP status code
 400
 
-There are different reasons why a request may return 400. Below are some examples of errors returned by Azure Attestation APIs:
+There are different reasons why a request may return 400. Here are some examples of errors returned by Azure Attestation APIs.
 
-### 2.1. Attestation failure due to policy evaluation errors
+### Attestation failure due to policy evaluation errors
 
-Attestation policy includes authorization rules and issuance rules. Enclave evidence is evaluated based on the authorization rules. Issuance rules define the claims to be included in attestation token. If claims in enclave evidence do not comply with authorization rules, attest calls will return policy evaluation error. 
+Attestation policy includes authorization rules and issuance rules. Enclave evidence is evaluated based on the authorization rules. Issuance rules define the claims to be included in attestation token. If claims in enclave evidence don't comply with authorization rules, attest calls will return policy evaluation error.
 
 **Error code**
 PolicyEvaluationError
 
 **Scenario examples**
-When claims in the enclave quote do not match with the authorization rules of attestation policy
+When claims in the enclave quote don't match with the authorization rules of attestation policy
 
 ```
 Native operation failed with 65518: G:\Az\security\Attestation\src\AttestationServices\Instance\NativePolicyWrapper\NativePolicyEngine.cpp(168)\(null)!00007FF801762308: (caller: 00007FF80143DCC8) Exception(0) 83FFFFEE Policy Evaluation Error has occurred Msg:[Policy Engine Exception: A Deny claim was issued, authorization failed.]
@@ -93,7 +93,7 @@ Send a request to attest API by providing policy text in “draftPolicyForAttest
 
 See [attestation policy examples](./policy-examples.md)
 
-### 2.2. Attestation failure due to invalid input
+### Attestation failure due to invalid input
 
 **Error code**
 InvalidParameter
@@ -110,7 +110,7 @@ Microsoft Azure Attestation supports attestation of SGX quotes generated by Inte
 
 Refer to [code samples](/samples/browse/?expanded=azure&terms=attestation) for performing attestation using Open Enclave SDK/ Intel SDK
 
-### 2.3. Invalid certificate chain error while uploading policy/policy signer
+### Invalid certificate chain error while uploading policy/policy signer
 
 **Error code**
 InvalidParameter
@@ -138,7 +138,7 @@ Else the certificate chain is considered to be invalid.
 
 See [policy signer](./policy-signer-examples.md) and [policy](./policy-examples.md) examples 
 
-### 2.4. Add/Delete policy signer failure
+### Add/Delete policy signer failure
 
 **Error code**
 InvalidOperation
@@ -186,7 +186,7 @@ At line:1 char:1
 **Troubleshooting steps**
 To add/delete a new policy signer certificate, use RFC7519 JSON Web Token (JWT) with a claim named "x-ms-policyCertificate". Value of the claim is an RFC7517 JSON Web Key, which contains the certificate to be added. JWT must be signed with private key of any of the valid policy signer certificates associated with the provider. See [policy signer examples](./policy-signer-examples.md).
 
-### 2.5. Attestation policy configuration failure
+### Attestation policy configuration failure
 
 **Error code**
 PolicyParsingError
@@ -238,9 +238,9 @@ In PowerShell, specify PolicyFormat as JWT to configure policy in JWT format. De
 
 See attestation [policy examples](./policy-examples.md) and [how to author an attestation policy](./author-sign-policy.md) 
 
-## 3. Az.Attestation installation issues in PowerShell
+## Az.Attestation installation issues in PowerShell
 
-Unable to install Az Powershell or Az.Attestation PowerShell modules in PowerShell
+Unable to install the Az PowerShell module or Az.Attestation PowerShell module in PowerShell.
 
 ### Error
 
@@ -257,29 +257,30 @@ To continue to interact with the PowerShell Gallery, run the following command b
 
 **[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12**
 
-## 4. Policy access/configuration issues in PowerShell
+## Policy access/configuration issues in PowerShell
 
 User assigned with appropriate roles. But facing authorization issues while managing attestation policies through PowerShell.
 
 ### Error
-The client with object ID <object Id>  does not have authorization to perform action Microsoft.Authorization/roleassignments/write over scope ‘subcriptions/<subscriptionId>resourcegroups/secure_enclave_poc/providers/Microsoft.Authorization/roleassignments/<role assignmentId>’ or the scope is invalid. If access was recently granted, please refresh your credentials
+
+The client with object ID <object Id>  does not have authorization to perform action Microsoft.Authorization/roleassignments/write over scope ‘subcriptions/<subscriptionId>resourcegroups/secure_enclave_poc/providers/Microsoft.Authorization/roleassignments/<role assignmentId>’ or the scope is invalid. If access was recently granted, refresh your credentials
 
 ### Troubleshooting steps
 
-Minimum version of Az modules required to support attestation operations are the below: 
+The minimum version of the Az PowerShell modules required to support attestation operations are: 
 
- **Az 4.5.0** 
- 
- **Az.Accounts 1.9.2**
- 
- **Az.Attestation 0.1.8** 
+- **Az 4.5.0**
+- **Az.Accounts 1.9.2**
+- **Az.Attestation 0.1.8**
 
 Run the below command to verify the installed version of all Az modules 
 
-```powershell
+```azurepowershell-interactive
 Get-InstalledModule 
 ```
 
-If the versions are not matching with the minimum requirement, run Update-Module commands
+If the versions do not meet the minimum requirement, run the Update-Module PowerShell cmdlet.
 
-e.g. - Update-Module -Name Az.Attestation
+```azurepowershell-interactive
+Update-Module -Name Az.Attestation
+```