Updates

Author: msmbaldwin

articles/attestation/quickstart-portal.md

@@ -16,7 +16,7 @@ Follow this quickstart to get started with Azure Attestation. Learn how to manag
 
 ## Prerequisites
 
-If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin. The user creating an attestation provider should have sufficient access levels on the subscription to create a resource (e.g: owner/contributor). Please refer [Azure built-in roles](../role-based-access-control/built-in-roles.md) for more information.
+If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin. The user creating an attestation provider should have sufficient access levels on the subscription to create a resource (e.g: owner/contributor). For more information, see [Azure built-in roles](../role-based-access-control/built-in-roles.md).
 
 ## Attestation provider
 
@@ -37,7 +37,7 @@ In this section, you'll create an attestation provider and configure it with eit
    - **Policy signer certificates file**: Don't upload the policy signer certificates file to configure the provider with unsigned policies.
 
 1. After you provide the required inputs, select **Review+Create**.
-1. If there are validation issues, fix them and then select **Create**.
+1. Fix any validation issues and select **Create**.
 
 ### Create and configure the provider with signed policies
 
@@ -54,7 +54,7 @@ In this section, you'll create an attestation provider and configure it with eit
    - **Policy signer certificates file**: Upload the policy signer certificates file to configure the attestation provider with signed policies. [See examples of policy signer certificates](./policy-signer-examples.md).
 
 1. After you provide the required inputs, select **Review+Create**.
-1. If there are validation issues, fix them and then select **Create**.
+1. Fix any validation issues and select **Create**.
 
 ### View the attestation provider
 
@@ -86,7 +86,7 @@ Follow the steps in this section to view, add, and delete policy signer certific
 1. Go to the Azure portal menu or the home page and select **All resources**.
 1. In the filter box, enter the attestation provider name.
 1. Select the attestation provider and go to the overview page.
-1. Select **Policy signer certificates** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication,  please click cancel to proceed.
+1. Select **Policy signer certificates** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, select cancel to proceed.
 1. Select **Download policy signer certificates**. The button will be disabled for attestation providers created without the policy signing requirement.
 1. The downloaded text file will have all certificates in a JWS format.
 1. Verify the certificate count and the downloaded certificates.
@@ -96,7 +96,7 @@ Follow the steps in this section to view, add, and delete policy signer certific
 1.	Go to the Azure portal menu or the home page and select **All resources**.
 1.	In the filter box, enter the attestation provider name.
 1.	Select the attestation provider and go to the overview page.
-1.	Select **Policy signer certificates** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication,  please click cancel to proceed.
+1.	Select **Policy signer certificates** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, select cancel to proceed.
 1.	Select **Add** on the upper menu. The button will be disabled for attestation providers created without the policy signing requirement.
 1.	Upload the policy signer certificate file and select **Add**. [See examples of policy signer certificates](./policy-signer-examples.md).
 
@@ -105,7 +105,7 @@ Follow the steps in this section to view, add, and delete policy signer certific
 1.	Go to the Azure portal menu or the home page and select **All resources**.
 1.	In the filter box, enter the attestation provider name.
 1.	Select the attestation provider and go to the overview page.
-1.	Select **Policy signer certificates** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication,  please click cancel to proceed.
+1.	Select **Policy signer certificates** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication,  Select **Cancel** to proceed.
 1.	Select **Delete** on the upper menu. The button will be disabled for attestation providers created without the policy signing requirement.
 1.	Upload the policy signer certificate file and select **Delete**. [See examples of policy signer certificates](./policy-signer-examples.md). 
 
@@ -118,7 +118,7 @@ This section describes how to view an attestation policy and how to configure po
 1.	Go to the Azure portal menu or the home page and select **All resources**.
 1.	In the filter box, enter the attestation provider name.
 1.	Select the attestation provider and go to the overview page.
-1.	Select **Policy** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, please click cancel to proceed.
+1.	Select **Policy** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, select **Cancel**  to proceed.
 1.	Select the preferred **Attestation Type** and view the **Current policy**.
 
 ### Configure an attestation policy
@@ -128,7 +128,7 @@ Follow these steps to upload a policy in JWT or text format if the attestation p
 1. Go to the Azure portal menu or the home page and select **All resources**.
 1. In the filter box, enter the attestation provider name.
 1. Select the attestation provider and go to the overview page.
-1. Select **Policy** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, please click cancel to proceed.
+1. Select **Policy** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, select **Cancel**  proceed.
 1. Select **Configure** on the upper menu.
 1. Select **Policy Format** as **JWT** or as **Text**.
 

articles/attestation/quickstart-powershell.md

@@ -5,7 +5,7 @@ services: attestation
 author: msmbaldwin
 ms.service: attestation
 ms.topic: overview
-ms.date: 08/31/2020
+ms.date: 01/23/2023
 ms.author: mbaldwin 
 ms.custom: devx-track-azurepowershell
 
@@ -17,7 +17,7 @@ Follow the below steps to create and configure an attestation provider using Azu
 
 > [!NOTE]
 > Az.Attestation module is now integrated into Az PowerShell module. Minimum version of Az module required to support attestation operations:
-  - Az 6.5.0
+  - Az PowerShell 6.5.0
 
 The PowerShell Gallery has deprecated Transport Layer Security (TLS) versions 1.0 and 1.1. TLS 1.2 or a later version is recommended. Hence you may receive the following errors:
 
@@ -46,7 +46,7 @@ Set-AzContext -Subscription <subscription id>
 
 ## Register Microsoft.Attestation resource provider
 
-Register the Microsoft.Attestation resource provider in subscription. For more information about Azure resource providers and how to configure and manage resources providers, see [Azure resource providers and types](../azure-resource-manager/management/resource-providers-and-types.md). Note that registering a resource provider is required only once for a subscription.
+Register the Microsoft.Attestation resource provider in subscription. For more information about Azure resource providers and how to configure and manage resources providers, see [Azure resource providers and types](../azure-resource-manager/management/resource-providers-and-types.md). Registering a resource provider is required only once for a subscription.
 
 ```powershell
 Register-AzResourceProvider -ProviderNamespace Microsoft.Attestation
@@ -59,7 +59,7 @@ Register-AzResourceProvider -ProviderNamespace Microsoft.Attestation
 
 ## Create an Azure resource group
 
-Create a resource group for the attestation provider. Note that other Azure resources (including a virtual machine with client application instance) can be put in the same resource group.
+Create a resource group for the attestation provider. Other Azure resources (including a virtual machine with client application instance) can be put in the same resource group.
 
 ```powershell
 $location = "uksouth" 
@@ -94,7 +94,7 @@ Get-AzAttestation retrieves the attestation provider properties like status and
 Get-AzAttestation -Name $attestationProvider -ResourceGroupName $attestationResourceGroup  
 ```
 
-The above command should produce an output like the one below: 
+The above command should produce output in this format: 
 
 ```
 Id:/subscriptions/MySubscriptionID/resourceGroups/MyResourceGroup/providers/Microsoft.Attestation/attestationProviders/MyAttestationProvider
@@ -126,7 +126,7 @@ In order to manage policies, an Azure AD user requires the following permissions
 In order to read policies, an Azure AD user requires the following permission for "Actions":
 - Microsoft.Attestation/attestationProviders/attestation/read
 
- To perform this action, an Azure AD user must have **Attestation Reader** role on the attestation provider. The read permission can be also be inherited with roles such as **Reader** (wildcard permissions) on  the subscription/ resource group.  
+ To perform this action, an Azure AD user must have **Attestation Reader** role on the attestation provider. The read permissions can be also be inherited with roles such as **Reader** (wildcard permissions) on  the subscription/ resource group.  
 
 Below PowerShell cmdlets provide policy management for an attestation provider (one TEE at a time).
 
@@ -161,7 +161,7 @@ Reset-AzAttestationPolicy -Name $attestationProvider -ResourceGroupName $attesta
 
 ## Policy signer certificates management
 
-Below PowerShell cmdlets provide policy signer certificates management for an attestation provider:
+These PowerShell cmdlets provide policy signer certificates management for an attestation provider:
 
 ```powershell
 Get-AzAttestationPolicySigners -Name $attestationProvider -ResourceGroupName $attestationResourceGroup
@@ -171,7 +171,7 @@ Add-AzAttestationPolicySigner -Name $attestationProvider -ResourceGroupName $att
 Remove-AzAttestationPolicySigner -Name $attestationProvider -ResourceGroupName $attestationResourceGroup -Signer <signer>
 ```
 
-Policy signer certificate is a signed JWT with claim named "maa-policyCertificate". Value of the claim is a JWK which contains the trusted signing key to add. The JWT must be signed with private key corresponding to any of the existing policy signer certificates.
+Policy signer certificate is a signed JWT with claim named "maa-policyCertificate". Value of the claim is a JWK, which contains the trusted signing key to add. The JWT must be signed with private key corresponding to any of the existing policy signer certificates.
 
 Note that all semantic manipulation of the policy signer certificate must be done outside of PowerShell. As far as PowerShell is concerned, it is a simple string.
 

articles/attestation/quickstart-template.md

@@ -7,7 +7,7 @@ ms.service: attestation
 ms.topic: quickstart
 ms.custom: subject-armqs, devx-track-azurepowershell, mode-arm
 ms.author: mbaldwin
-ms.date: 05/20/2021
+ms.date: 01/23/2023
 ---
 
 # Quickstart: Create an Azure Attestation provider with an ARM template

articles/attestation/tpm-attestation-sample-policies.md

@@ -12,7 +12,7 @@ ms.author: prsriva
 ---
 # Examples of an attestation policy for TPM endpoint
 
-Attestation policy is used to process the attestation evidence and determine whether Azure Attestation will issue an attestation token. Attestation token generation can be controlled with custom policies. Below are some examples of an attestation policy. 
+Attestation policy is used to process the attestation evidence and determine whether Azure Attestation will issue an attestation token. Attestation token generation can be controlled with custom policies. 
 
 ## Sample policy for TPM using Policy version 1.0
 

articles/attestation/troubleshoot-guide.md

@@ -5,22 +5,19 @@ services: attestation
 author: msmbaldwin
 ms.service: attestation
 ms.topic: reference
-ms.date: 07/20/2020
+ms.date: 01/23/2023
 ms.author: mbaldwin 
 ms.custom: devx-track-azurepowershell
 
-
 ---
 
 # Microsoft Azure Attestation troubleshooting guide
 
 Error handling in Azure Attestation is implemented following [Microsoft REST API guidelines](https://github.com/microsoft/api-guidelines/blob/vNext/Guidelines.md#7102-error-condition-responses). The error response returned by Azure Attestation APIs contains HTTP status code and name/value pairs with the names “code” and “message”. The value of “code” is human-readable and is an indicator of the type of error. The value of “message” intends to aid the user and provides error details.
 
-If your issue is not addressed in this article, you can also submit an Azure support request on the [Azure support page](https://azure.microsoft.com/support/options/).
-
-Below are some examples of the errors returned by Azure Attestation:
+If your issue isn't addressed in this article, you can also submit an Azure support request on the [Azure support page](https://azure.microsoft.com/support/options/).
 
-## 1. HTTP–401 : Unauthorized exception
+## 1. HTTP–401: Unauthorized exception
 
 ### HTTP status code
 401
@@ -29,8 +26,8 @@ Below are some examples of the errors returned by Azure Attestation:
 Unauthorized
 
 **Scenario examples**
-  - Unable to manage attestation policies as the user is not assigned with appropriate roles
-  - Unable to manage attestation policy signers as the user is not assigned with appropriate roles
+  - Unable to manage attestation policies as the user isn't assigned with appropriate roles
+  - Unable to manage attestation policy signers as the user isn't assigned with appropriate roles
 
 User with Reader role trying to edit an attestation policy in PowerShell 
 
@@ -50,7 +47,7 @@ In order to manage policies, an Azure AD user requires the following permissions
 - Microsoft.Attestation/attestationProviders/attestation/write
 - Microsoft.Attestation/attestationProviders/attestation/delete
 
-  To perform these actions, an Azure AD user must have "Attestation Contributor" role on the attestation provider. These permissions can be also be inherited with roles such as "Owner" (wildcard permissions), "Contributor" (wildcard permissions) on  the subscription/ resource group.  
+  To perform these actions, an Azure AD user must have "Attestation Contributor" role on the attestation provider. These permissions can also be inherited with roles such as "Owner" (wildcard permissions), "Contributor" (wildcard permissions) on  the subscription/ resource group.  
 
 In order to read policies, an Azure AD user requires the following permission for "Actions":
 - Microsoft.Attestation/attestationProviders/attestation/read
@@ -61,7 +58,7 @@ To verify the roles in PowerShell, run the below steps:
 
 a. Launch PowerShell and log into Azure via the "Connect-AzAccount" cmdlet
 
-b. Please refer the guidance [here](../role-based-access-control/role-assignments-list-powershell.md) to verify your Azure role assignment on the attestation provider
+b. Refer to the guidance [here](../role-based-access-control/role-assignments-list-powershell.md) to verify your Azure role assignment on the attestation provider
 
 c. If you don't find an appropriate role assignment, follow the instructions in [here](../role-based-access-control/role-assignments-powershell.md)
 
@@ -102,7 +99,7 @@ See [attestation policy examples](./policy-examples.md)
 InvalidParameter
 
 **Scenario examples**
-SGX attestation failure due to invalid input. Below are some of the examples for error messages:
+SGX attestation failure due to invalid input. Here are some examples of error messages:
 - The specified quote was invalid due to an error in the quote collateral 
 - The specified quote was invalid because the device on which the quote was generated does not meet the Azure baseline requirements
 - The specified quote was invalid because the TCBInfo or QEID provided by the PCK Cache Service was invalid

articles/attestation/view-logs.md

@@ -5,25 +5,24 @@ services: attestation
 author: msmbaldwin
 ms.service: attestation
 ms.topic: reference
-ms.date: 11/23/2020
+ms.date: 01/23/2023
 ms.author: mbaldwin
 
-
 ---
 
 # Azure Attestation logging
 
-If you create one or more Azure Attestation resources, you’ll want to monitor how and when your attestation instance is accessed, and by whom. You can do this by enabling logging for Microsoft Azure Attestation, which saves information in an Azure storage account you provide.  
+If you create one or more Azure Attestation resources, you’ll want to monitor how and when your attestation instance is accessed, and by whom. You can do so by enabling logging for Microsoft Azure Attestation, which saves information in an Azure storage account you provide.  
 
-Logging information will be available up to 10 minutes after the operation occurred (in most cases, it will be quicker than this). Since you provide the storage account, you can secure your logs via standard Azure access controls and delete logs you no longer want to keep in your storage account. 
+Logging information will be available up to 10 minutes after the operation occurred (in most cases, it will be quicker). Since you provide the storage account, you can secure your logs via standard Azure access controls and delete logs you no longer want to keep in your storage account.
 
 ## Interpret your Azure Attestation logs
 
 When logging is enabled, up to three containers may be automatically created for you in your specified storage account:  **insights-logs-auditevent, insights-logs-operational, insights-logs-notprocessed**. It is recommended to only use **insights-logs-operational** and **insights-logs-notprocessed**. **insights-logs-auditevent** was created to provide early access to logs for customers using VBS. Future enhancements to logging will occur in the **insights-logs-operational** and **insights-logs-notprocessed**.  
 
 **Insights-logs-operational** contains generic information across all TEE types. 
 
-**Insights-logs-notprocessed** contains requests which the service was unable to process, typically due to malformed HTTP headers, incomplete message bodies, or similar issues.  
+**Insights-logs-notprocessed** contains requests that the service was unable to process, typically due to malformed HTTP headers, incomplete message bodies, or similar issues.  
 
 Individual blobs are stored as text, formatted as a JSON blob. Let’s look at an example log entry: 
 
@@ -72,11 +71,11 @@ Most of these fields are documented in the [Top-level common schema](../azure-mo
 |     traceContext                        |     JSON blob representing the W3C trace-context |
 |    uri                       |     Request URI  |
 
-The properties contain additional Azure attestation specific context: 
+The properties contain additional Azure attestation specific context:
 
 |     Field Name                           |     Description                                                                         |
 |------------------------------------------|-----------------------------------------------------------------------------------------------|
-|     failureResourceId                        |     Resource ID of component which resulted in request failure  |
+|     failureResourceId                        |     Resource ID of component that resulted in request failure  |
 |    failureCategory                       |     Broad category indicating category of a request failure. Includes categories such as AzureNetworkingPhysical, AzureAuthorization etc.   |
 |    failureDetails                       |     Detailed information about a request failure, if available   |
 |    infoDataReceived                       |     Information about the request received from the client. Includes some HTTP headers, the number of headers received, the content type and content length    |