Merge pull request #272023 from ianjmcm/ianjmcm-pp-release

prmerger-automator[bot] · web-flow · commit 9a8b7842ad3e · 2024-04-12T16:30:52.000Z
more edits to fix alert NOTE and clarity on test certs
diff --git a/articles/trusted-signing/concept-trusted-signing-cert-management.md b/articles/trusted-signing/concept-trusted-signing-cert-management.md
@@ -42,8 +42,8 @@ A `1.3.6.1.4.1.311.97.990309390.766961637.194916062.941502583` value indicates a
 - **Private-Trust Identity Validation example**:
 A  `1.3.6.1.4.1.311.97.1.3.1.29433.35007.34545.16815.37291.11644.53265.56135` value indicates a Trusted Signing subscriber using Private-Trust Identity Validation. The `1.3.6.1.4.1.311.97.1.3.1.` prefix is Trusted Signing's Private-Trust code signing type and the `29433.35007.34545.16815.37291.11644.53265.56135` is unique to the subscriber's Identity Validation for Private Trust. Because Private-Trust Identity Validations can be used for WDAC CI Policy signing, there's also a slightly different EKU prefix: `1.3.6.1.4.1.311.97.1.4.1.`. However, the suffix values match the durable identity value for the subscriber's Identity Validation for Private Trust.  
 
->[!NOTE]
->The durable identity EKUs can be used in WDAC CI Policy settings to pin trust to an identity in Trusted Signing accordingly. Refer to [Use signed policies to protect Windows Defender Application Control against tampering](https://learn.microsoft.com/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering) and [Windows Defender Application Control Wizard](https://learn.microsoft.com/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard) for WDAC Policy creation.
+> [!NOTE]
+> The durable identity EKUs can be used in WDAC CI Policy settings to pin trust to an identity in Trusted Signing accordingly. Refer to [Use signed policies to protect Windows Defender Application Control against tampering](https://learn.microsoft.com/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering) and [Windows Defender Application Control Wizard](https://learn.microsoft.com/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard) for WDAC Policy creation.
 
 All Trusted Signing Public Trust certificates also contain the `1.3.6.1.4.1.311.97.1.0` EKU to be easily identified as a publicly trusted certificate from Trusted Signing. All EKUs are in addition to the Code Signing EKU (`1.3.6.1.5.5.7.3.3`) to identify the specific usage type for certificate consumers. The only exception is certificates from CI Policy Certificate Profile types, where no Code Signing EKU is present.
 
@@ -56,8 +56,8 @@ Trusted Signing aims to simplify signing as much as possible for subscribers usi
 
 Every certificate created and issued is logged for subscribers in the Azure portal and logging data feeds, including the serial number, thumbprint, created date, expiry date, and status (for example, "Active", "Expired", or "Revoked").
 
->[!NOTE]
->Trusted Signing does NOT support subscribers importing or exporting private keys and certificates. All certificates and keys used in Trusted Signing are managed inside FIPS 140-2 Level 3 operated hardware crypto modules.
+> [!NOTE]
+> Trusted Signing does NOT support subscribers importing or exporting private keys and certificates. All certificates and keys used in Trusted Signing are managed inside FIPS 140-2 Level 3 operated hardware crypto modules.
 
 ### Time stamp countersignatures
 
diff --git a/articles/trusted-signing/concept-trusted-signing-trust-models.md b/articles/trusted-signing/concept-trusted-signing-trust-models.md
@@ -24,8 +24,8 @@ Trusted Signing provides two primary trust models to support a wide variety of s
 - [Public-Trust](#public-trust)
 - [Private-Trust](#private-trust)
 
-[!NOTE]
-Subscribers to Trusted Signing aren't limited to the signing scenarios application of the trust models shared in this article. Trusted Signing was designed to support Windows Authenticode code signing and App Control for Business features in Windows with an ability to broadly support other signing and trust models beyond Windows. 
+> [!NOTE]
+> Subscribers to Trusted Signing aren't limited to the signing scenarios application of the trust models shared in this article. Trusted Signing was designed to support Windows > Authenticode code signing and App Control for Business features in Windows with an ability to broadly support other signing and trust models beyond Windows. 
 
 ## Public-Trust
 
@@ -40,8 +40,8 @@ The Public-Trust resources in Trusted Signing are designed to support the follow
 
 Public-Trust is recommended for signing any artifact that is to be shared publicly and for the signer to be a validated legal organization or individual. 
 
-[!NOTE]
-Trusted Signing includes options for "Test" Certificate Profiles under the Public-Trust collection, but not publicly trusted. These "Test" Certificate Profiles are intended to be used for inner loop dev/test signing and should NOT be trusted.
+> [!NOTE]
+> Trusted Signing includes options for "Test" Certificate Profiles under the Public-Trust collection, but the certificates are not publicly trusted. These "Test" Certificate Profiles are intended to be used for inner loop dev/test signing and should NOT be trusted.
 
 ## Private-Trust
 
