Updates

msmbaldwin · msmbaldwin · commit 989003c07d17 · 2020-04-30T13:33:04.000-07:00
diff --git a/articles/virtual-machines/linux/disk-encryption-faq.md b/articles/virtual-machines/linux/disk-encryption-faq.md
@@ -16,7 +16,7 @@ This article provides answers to frequently asked questions (FAQ) about Azure Di
 
 ## What is Azure Disk Encryption for Linux VMs?
 
-Azure Disk Encryption for Linux VMs uses the dm-crypt feature of Linux to provide full disk encryption of the OS disk* and data disks. Additionally, it provides encryption of the ephemeral resource disk when using the [EncryptFormatAll feature](disk-encryption-linux.md#use-encryptformatall-feature-for-data-disks-on-linux-vms). The content flows encrypted from the VM to the Storage backend. Thereby, providing end-to-end encryption with a customer-managed key.
+Azure Disk Encryption for Linux VMs uses the dm-crypt feature of Linux to provide full disk encryption of the OS disk* and data disks. Additionally, it provides encryption of the temporary resource disk when using the [EncryptFormatAll feature](disk-encryption-linux.md#use-encryptformatall-feature-for-data-disks-on-linux-vms). The content flows encrypted from the VM to the Storage backend. Thereby, providing end-to-end encryption with a customer-managed key.
  
 See [Supported VMs and operating systems](disk-encryption-overview.md#supported-vms-and-operating-systems).
 
@@ -56,7 +56,7 @@ Storage server-side encryption encrypts Azure managed disks in Azure Storage. Ma
  
 ## How is Azure Disk Encryption different from Storage server-side encryption with customer-managed key and when should I use each solution?
 
-Azure Disk Encryption provides end-to-end encryption for the OS disk, data disks, and the ephemeral resource disk with a customer-managed key.
+Azure Disk Encryption provides end-to-end encryption for the OS disk, data disks, and the temporary resource disk, using a customer-managed key.
 - If your requirements include encrypting all of the above and end-to-end encryption, use Azure Disk Encryption. 
 - If your requirements include encrypting only data at rest with customer-managed key, then use [Server-side encryption with customer-managed keys](disk-encryption.md). You cannot encrypt a disk with both Azure Disk Encryption and Storage server-side encryption with customer-managed keys. 
 - If your Linux distro is not listed under [supported operating systems for Azure Disk Encryption](disk-encryption-overview.md#supported-operating-systems) or you are using a scenario called out in the [unsupported scenarios for Windows](disk-encryption-linux.md#unsupported-scenarios), consider [Server-side encryption with customer-managed keys](disk-encryption.md).
diff --git a/articles/virtual-machines/linux/disk-encryption-linux-aad.md b/articles/virtual-machines/linux/disk-encryption-linux-aad.md
@@ -158,7 +158,7 @@ The following table lists Resource Manager template parameters for existing or r
 ## <a name="bkmk_EFA"> </a>Use the EncryptFormatAll feature for data disks on Linux IaaS VMs
 The EncryptFormatAll parameter reduces the time for Linux data disks to be encrypted. Partitions that meet certain criteria are formatted (with their current file system). Then they're remounted back to where they were before command execution. If you want to exclude a data disk that meets the criteria, you can unmount it before you run the command.
 
- After you run this command, any drives that were mounted previously are formatted. Then the encryption layer starts on top of the now empty drive. When this option is selected, the ephemeral resource disk attached to the VM is also encrypted. If the ephemeral drive is reset, it's reformatted and re-encrypted for the VM by the Azure Disk Encryption solution at the next opportunity.
+ After you run this command, any drives that were mounted previously are formatted. Then the encryption layer starts on top of the now empty drive. When this option is selected, the temporary resource disk attached to the VM is also encrypted. If the ephemeral drive is reset, it's reformatted and re-encrypted for the VM by the Azure Disk Encryption solution at the next opportunity.
 
 >[!WARNING]
 > EncryptFormatAll shouldn't be used when there's needed data on a VM's data volumes. You can exclude disks from encryption by unmounting them. Try out the EncryptFormatAll parameter on a test VM first to understand the feature parameter and its implication before you try it on the production VM. The EncryptFormatAll option formats the data disk, so all the data on it will be lost. Before you proceed, verify that any disks you want to exclude are properly unmounted. </br></br>
diff --git a/articles/virtual-machines/linux/disk-encryption-linux.md b/articles/virtual-machines/linux/disk-encryption-linux.md
@@ -14,7 +14,7 @@ ms.custom: seodec18
 # Azure Disk Encryption scenarios on Linux VMs
 
 
-Azure Disk Encryption for Linux virtual machines (VMs) uses the DM-Crypt feature of Linux to provide full disk encryption of the OS disk and data disks. Additionally, it provides encryption of the ephemeral resource disk when using the EncryptFormatAll feature.
+Azure Disk Encryption for Linux virtual machines (VMs) uses the DM-Crypt feature of Linux to provide full disk encryption of the OS disk and data disks. Additionally, it provides encryption of the temporary resource disk when using the EncryptFormatAll feature.
 
 Azure Disk Encryption is [integrated with Azure Key Vault](disk-encryption-key-vault.md) to help you control and manage the disk encryption keys and secrets. For an overview of the service, see [Azure Disk Encryption for Linux VMs](disk-encryption-overview.md).
 
@@ -210,9 +210,9 @@ For more information about configuring the Linux VM disk encryption template, se
 
 ## Use EncryptFormatAll feature for data disks on Linux VMs
 
-The **EncryptFormatAll** parameter reduces the time for Linux data disks to be encrypted. Partitions meeting certain criteria will be formatted (with its current file system), then remounted back to where it was before command execution. If you wish to exclude a data disk that meets the criteria, you can unmount it before running the command.
+The **EncryptFormatAll** parameter reduces the time for Linux data disks to be encrypted. Partitions meeting certain criteria will be formatted, along with their current file systems, then remounted back to where they were before command execution. If you wish to exclude a data disk that meets the criteria, you can unmount it before running the command.
 
- After running this command, any drives that were mounted previously will be formatted, and the encryption layer will be started on top of the now empty drive. When this option is selected, the ephemeral resource disk attached to the VM will also be encrypted. If the ephemeral drive is reset, it will be reformatted and re-encrypted for the VM by the Azure Disk Encryption solution at the next opportunity. Once the resource disk gets encrypted, the [Microsoft Azure Linux Agent](https://docs.microsoft.com/azure/virtual-machines/extensions/agent-linux) will not be able to manage the resource disk and enable the swap file, but you may manually configure the swap file.
+ After running this command, any drives that were mounted previously will be formatted, and the encryption layer will be started on top of the now empty drive. When this option is selected, the temporary resource disk attached to the VM will also be encrypted. If the ephemeral drive is reset, it will be reformatted and re-encrypted for the VM by the Azure Disk Encryption solution at the next opportunity. Once the resource disk gets encrypted, the [Microsoft Azure Linux Agent](https://docs.microsoft.com/azure/virtual-machines/extensions/agent-linux) will not be able to manage the resource disk and enable the swap file, but you may manually configure the swap file.
 
 >[!WARNING]
 > EncryptFormatAll shouldn't be used when there is needed data on a VM's data volumes. You may exclude disks from encryption by unmounting them. You should first try out the EncryptFormatAll first on a test VM, understand the feature parameter and its implication before trying it on the production VM. The EncryptFormatAll option formats the data disk and all the data on it will be lost. Before proceeding, verify that disks you wish to exclude are properly unmounted. </br></br>
diff --git a/articles/virtual-machines/linux/disk-encryption-overview.md b/articles/virtual-machines/linux/disk-encryption-overview.md
@@ -52,40 +52,40 @@ Azure Disk Encryption is supported on a subset of the [Azure-endorsed Linux dist
 
 Linux server distributions that are not endorsed by Azure do not support Azure Disk Encryption; of those that are endorsed, only the following distributions and versions support Azure Disk Encryption:
 
-| Linux distribution | Version | SKU | Volume type supported for encryption |
-| --- | --- |--- |
-| Ubuntu | 18.04 | 18.04-LTS | OS and data disk |
-| Ubuntu | 18.04 | 18.04-DAILY-LTS | OS and data disk |
-| Ubuntu | 16.04 | 16.04-DAILY-LTS | OS and data disk |
-| Ubuntu | 14.04.5</br>[with Azure tuned kernel updated to 4.15 or later](disk-encryption-troubleshooting.md) | 14.04.5-LTS | OS and data disk |
-| Ubuntu | 14.04.5</br>[with Azure tuned kernel updated to 4.15 or later](disk-encryption-troubleshooting.md) | 14.04.5-DAILY-LTS | OS and data disk |
-| RHEL | 7.7 | 7.7 | OS and data disk (see note below) |
-| RHEL | 7.7 | 7-RAW | OS and data disk (see note below) |
-| RHEL | 7.7 | 7-LVM | OS and data disk (see note below) |
-| RHEL | 7.6 | 7.6 | OS and data disk (see note below) |
-| RHEL | 7.5 | 7.5 | OS and data disk (see note below) |
-| RHEL | 7.4 | 7.4 | OS and data disk (see note below) |
-| RHEL | 7.3 | 7.3 | OS and data disk (see note below) |
-| RHEL | 7.2 | 7.2 | OS and data disk (see note below) |
-| RHEL | 6.8 | 6.8 | Data disk (see note below) |
-| RHEL | 6.7 | 6.7 | Data disk (see note below) |
-| CentOS | 7.7 | 7.7 | OS and data disk |
-| CentOS | 7.7 | 7-LVM | OS and data disk |
-| CentOS | 7.6 | 7.6 | OS and data disk |
-| CentOS | 7.5 |  7.5 | OS and data disk |
-| CentOS | 7.4 | 7.4 | OS and data disk |
-| CentOS | 7.3 | 7.3 | OS and data disk |
-| CentOS | 7.2n | 7.2n | OS and data disk |
-| CentOS | 7.1 | 7.1 | Data disk only |
-| CentOS | 7.0 | 7.0 | Data disk only |
-| CentOS | 6.8 | 6.8 | Data disk only |
-| CentOS | 6.7 | 6.7 | Data disk only |
-| CentOS | 6.6 | 6.6 | Data disk only |
-| CentOS | 6.5 | 6.5 | Data disk only |
-| openSUSE | 42.3 | 42.3 | Data disk only |
-| SLES Priority | 12-SP4 | 12-SP4 | Data disk only |
-| SLES Priority | 12-SP3 | 12-SP3 | Data disk only |
-| SLES HPC | 12-SP3 | 12-SP3 | Data disk only |
+| Publisher | Offer | SKU | URN | Volume type supported for encryption |
+| --- | --- |--- | --- |
+| Canonical | Ubuntu | 18.04-LTS | Canonical:UbuntuServer:18.04-LTS:latest | OS and data disk |
+| Canonical | Ubuntu 18.04 | 18.04-DAILY-LTS | Canonical:UbuntuServer:18.04-DAILY-LTS:latest | OS and data disk |
+| Canonical | Ubuntu 16.04 | 16.04-DAILY-LTS | Canonical:UbuntuServer:16.04-DAILY-LTS:latest | OS and data disk |
+| Canonical | Ubuntu 14.04.5</br>[with Azure tuned kernel updated to 4.15 or later](disk-encryption-troubleshooting.md) | 14.04.5-LTS | Canonical:UbuntuServer:14.04.5-LTS:latest | OS and data disk |
+| Canonical | Ubuntu 14.04.5</br>[with Azure tuned kernel updated to 4.15 or later](disk-encryption-troubleshooting.md) | 14.04.5-DAILY-LTS | Canonical:UbuntuServer:14.04.5-DAILY-LTS:latest | OS and data disk |
+| RedHat | RHEL 7.7 | 7.7 | RedHat:RHEL:7.7:latest | OS and data disk (see note below) |
+| RedHat | RHEL 7.7 | 7-RAW | RedHat:RHEL:7-RAW:latest | OS and data disk (see note below) |
+| RedHat | RHEL 7.7 | 7-LVM | RedHat:RHEL:7-LVM:latest | OS and data disk (see note below) |
+| RedHat | RHEL 7.6 | 7.6 | RedHat:RHEL:7.6:latest | OS and data disk (see note below) |
+| RedHat | RHEL 7.5 | 7.5 | RedHat:RHEL:7.5:latest | OS and data disk (see note below) |
+| RedHat | RHEL 7.4 | 7.4 | RedHat:RHEL:7.4:latest | OS and data disk (see note below) |
+| RedHat | RHEL 7.3 | 7.3 | RedHat:RHEL:7.3:latest | OS and data disk (see note below) |
+| RedHat | RHEL 7.2 | 7.2 | RedHat:RHEL:7.2:latest | OS and data disk (see note below) |
+| RedHat | RHEL 6.8 | 6.8 | RedHat:RHEL:6.8:latest | Data disk (see note below) |
+| RedHat | RHEL 6.7 | 6.7 | RedHat:RHEL:6.7:latest | Data disk (see note below) |
+| OpenLogic | CentOS 7.7 | 7.7 | OpenLogic:CentOS:7.7:latest | OS and data disk |
+| OpenLogic | CentOS 7.7 | 7-LVM | OpenLogic:CentOS:7-LVM:latest | OS and data disk |
+| OpenLogic | CentOS 7.6 | 7.6 | OpenLogic:CentOS:7.6:latest | OS and data disk |
+| OpenLogic | CentOS 7.5 | 7.5 | OpenLogic:CentOS:7.5:latest | OS and data disk |
+| OpenLogic | CentOS 7.4 | 7.4 | OpenLogic:CentOS:7.4:latest | OS and data disk |
+| OpenLogic | CentOS 7.3 | 7.3 | OpenLogic:CentOS:7.3:latest | OS and data disk |
+| OpenLogic | CentOS 7.2n | 7.2n | OpenLogic:CentOS:7.2n:latest | OS and data disk |
+| OpenLogic | CentOS 7.1 | 7.1 | OpenLogic:CentOS:7.1:latest | Data disk only |
+| OpenLogic | CentOS 7.0 | 7.0 | OpenLogic:CentOS:7.0:latest | Data disk only |
+| OpenLogic | CentOS 6.8 | 6.8 | OpenLogic:CentOS:6.8:latest | Data disk only |
+| OpenLogic | CentOS 6.7 | 6.7 | OpenLogic:CentOS:6.7:latest | Data disk only |
+| OpenLogic | CentOS 6.6 | 6.6 | OpenLogic:CentOS:6.6:latest | Data disk only |
+| OpenLogic | CentOS 6.5 | 6.5 | OpenLogic:CentOS:6.5:latest | Data disk only |
+| SUSE | openSUSE 42.3 | 42.3 | SUSE:openSUSE-Leap:42.3:latest | Data disk only |
+| SUSE | SLES Priority 12-SP4 | 12-SP4 | SUSE:SLES-Priority:12-SP4:latest | Data disk only |
+| SUSE | SLES Priority 12-SP3 | 12-SP3 | SUSE:SLES-Priority:12-SP3:latest | Data disk only |
+| SUSE | SLES HPC 12-SP3 | 12-SP3 | SUSE:SLES-HPC:12-SP3:latest | Data disk only |
 
 > [!NOTE]
 > The new Azure Disk Encryption implementation is supported for RHEL OS and data disk for RHEL7 Pay-As-You-Go images.  
diff --git a/articles/virtual-machines/linux/disk-encryption-portal-quickstart.md b/articles/virtual-machines/linux/disk-encryption-portal-quickstart.md
@@ -1,44 +1,45 @@
 ---
-title: Create and encrypt a Linux VM with the Azure portal
-description: In this quickstart, you learn how to use the Azure portal to create and encrypt a Linux virtual machine
+title: Create and encrypt a Windows VM with the Azure portal
+description: In this quickstart, you learn how to use the Azure portal to create and encrypt a Windows virtual machine
 author: msmbaldwin
 ms.author: mbaldwin
-ms.service: virtual-machines-linux
+ms.service: virtual-machines-windows
 ms.subservice: security
 ms.topic: quickstart
 ms.date: 10/02/2019
 ---
 
-# Quickstart: Create and encrypt a virtual machine with the Azure portal
+# Quickstart: Create and encrypt a Windows virtual machine with the Azure portal
 
-Azure virtual machines (VMs) can be created through the Azure portal. The Azure portal is a browser-based user interface to create VMs and their associated resources. In this quickstart you will use the Azure portal to deploy a Linux virtual machine (VM) running Ubuntu 18.04 LTS, create a key vault for the storage of encryption keys, and encrypt the VM.
+Azure virtual machines (VMs) can be created through the Azure portal. The Azure portal is a browser-based user interface to create VMs and their associated resources. In this quickstart you will use the Azure portal to deploy a Windows virtual machine (VM) running Ubuntu 18.04 LTS, create a key vault for the storage of encryption keys, and encrypt the VM.
 
 If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
 
 ## Sign in to Azure
 
 Sign in to the [Azure portal](https://portal.azure.com).
 
+
 ## Create a virtual machine
 
 1. Choose **Create a resource** in the upper left corner of the Azure portal.
-1. In the New page, under Popular, select **Ubuntu Server 18.04 LTS**.
-1. In the **Basics** tab, under **Project details**, make sure the correct subscription is selected.
-1. For **Resource group**, select the resource group you created when making your key vault above (e.g., **myResourceGroup**).
+1. In the New page, under Popular, select **Windows Server 2016 Datacenter**.
+1. In the Basics tab, under Project details, make sure the correct subscription is selected and then choose to **Create new resource group**. Enter *myResourceGroup* as the name.
 1. For **Virtual machine name**, enter *MyVM*.
-1. For **Region**, select the same region you used when making your key vault above (e.g., **East US**).
+1. For **Region**, select the same region you used when making your key vault above (e.g., *East US*).
 1. Make sure the **Size** is *Standard D2s v3*.
 1. Under **Administrator account**, select **Password**. Enter a user name and a password.
 
-    :::image type="content" source="./media/disk-encryption/portal-qs-vm-creation.png" alt-text="ResourceGroup creation screen":::
+    :::image type="content" source="../media/disk-encryption/portal-qs-windows-vm-creation.png" alt-text="ResourceGroup creation screen":::
 
-    > [!Warning] The "Disks" tab features an "Encryption Type" field under **Disk options**. This field is used to specify encryption options for the affiliated *storage*account, not to the VMs themselves. 
-    > 
-    > To avoid confusion, we suggest you skip the **Disks* tab entirely while completing this quickstart. 
+    > [!WARNING]
+    > The "Disks" tab features an "Encryption Type" field under **Disk options**. This field is used to specify encryption options for [Managed Disks](managed-disks.md) + CMK, not for Azure Disk Encryption. 
+    >
+    > To avoid confusion, we suggest you skip the *Disks* tab entirely while completing this tutorial. 
 
-1. Select the "Management" tab and verify that you have a Diagnostics Storage Account. If you have no storage accounts, select "Create New", give your new account a name, and select "Ok"
+1. Select the "Management" tab and verify that you have a Diagnostics Storage Account. If you have no storage accounts, select "Create New", give your new account a name, and select "Ok".
 
-    :::image type="content" source="./media/disk-encryption/portal-qs-vm-creation-storage.png" alt-text="ResourceGroup creation screen":::
+    :::image type="content" source="../media/disk-encryption/portal-qs-vm-creation-storage.png" alt-text="ResourceGroup creation screen":::
 
 1. Click "Review + Create".
 1. On the **Create a virtual machine** page, you can see the details about the VM you are about to create. When you are ready, select **Create**.
@@ -70,13 +71,14 @@ It will take a few minutes for your VM to be deployed. When the deployment is fi
 1. Leave the **Key** field blank and choose **Select**.
 1. At the top of the encryption screen, click **Save**. A popup will warn you that the VM will reboot. Click **Yes**.
 
+
 ## Clean up resources
 
 When no longer needed, you can delete the resource group, virtual machine, and all related resources. To do so, select the resource group for the virtual machine, select Delete, then confirm the name of the resource group to delete.
 
 ## Next steps
 
-In this quickstart, you created a Key Vault that was enabled for encryption keys, created a virtual machine, and enabled the virtual machine for encryption.  
+In this quickstart, you created a Key Vault that was enable for encryption keys, created a virtual machine, and enabled the virtual machine for encryption.  
 
 > [!div class="nextstepaction"]
 > [Azure Disk Encryption overview](disk-encryption-overview.md)
diff --git a/articles/virtual-machines/windows/disk-encryption-faq.md b/articles/virtual-machines/windows/disk-encryption-faq.md
diff --git a/articles/virtual-machines/windows/disk-encryption-windows.md b/articles/virtual-machines/windows/disk-encryption-windows.md
