(AB-85436) Editing Pass: AcroLinx

This change applies AcroLinx suggestions to the maching configuration articles,
improving their score and readability.

Author: michaeltlombardi

articles/governance/machine-configuration/agent-notes.md

@@ -17,7 +17,7 @@ the most recent developments, this article provides you with information about:
 - Known issues
 - Bug fixes
 
-For information on release notes for the connected machine agent, please see
+For information on release notes for the connected machine agent, see
 [What's new with the connected machine agent][01].
 
 ## Release notes
@@ -26,7 +26,7 @@ For information on release notes for the connected machine agent, please see
 
 #### New Features
 
-- In this release we've added support for Linux distributions such as Red Hat Enterprise Linux
+- In this release, we've added support for Linux distributions such as Red Hat Enterprise Linux
   (RHEL) 9, Mariner 1&2, Alma 9, and Rocky 9.
 
 #### Fixed
@@ -40,14 +40,15 @@ In this release, various improvements were made.
 
 - You can now restrict which URLs can be used to download machine configuration packages by setting
   the `allowedGuestConfigPkgUrls` tag on the server resource and providing a comma-separated list of
-  URL patterns to allow. If the tag exists, the agent will only allow custom packages to be
+  URL patterns to allow. If the tag exists, the agent only allows custom packages to be
   downloaded from the specified URLs. Built-in packages are unaffected by this feature.
 
 ## Fixed
 
 - Resolves local elevation of privilege vulnerability [CVE-2022-38007][03].
 - If you're currently running an older version of the AzurePolicyforLinux extension, use the
-  PowerShell or Azure CLI commands below to update your extension to the latest version.
+  PowerShell or Azure CLI commands in the following examples to update your extension to the latest
+  version.
 
 ```azurepowershell-interactive
 $params = @{

articles/governance/machine-configuration/machine-configuration-assignments.md

@@ -38,13 +38,12 @@ more information, see [getting compliance data][02].
 
 ### Deletion of guest assignments from Azure Policy
 
-When an Azure Policy assignment is deleted, if a machine configuration assignment was created by
-the policy, the machine configuration assignment is also deleted.
+When an Azure Policy assignment is deleted, if the policy created a machine configuration
+assignment, the machine configuration assignment is also deleted.
 
-When an Azure Policy assignment is deleted, if a machine configuration assignment was created by
-the policy, you'll need to manually delete the corresponding machine configuration assignment. This
-can be done by navigating to the guest assignments page on Azure portal and deleting the assignment
-there.
+When an Azure Policy assignment is deleted, you need to manually delete any machine configuration
+assignments the policy created. You can do so by navigating to the guest assignments page on Azure
+portal and deleting the assignment there.
 
 ## Manually creating machine configuration assignments
 
@@ -118,7 +117,7 @@ $guestAssignment | Remove-AzResource
 ## Next steps
 
 - Read the [machine configuration overview][03].
-- Setup a custom machine configuration package [development environment][04].
+- Set up a custom machine configuration package [development environment][04].
 - [Create a package artifact][05] for machine configuration.
 - [Test the package artifact][06] from your development environment.
 - Use the **GuestConfiguration** module to [create an Azure Policy definition][07] for at-scale

articles/governance/machine-configuration/machine-configuration-azure-automation-migration.md

@@ -15,9 +15,9 @@ AADSC). When possible, you should plan to move your content and machines to the
 article provides guidance on developing a migration strategy from Azure Automation to machine
 configuration.
 
-New features in machine configuration address top asks from customers:
+New features in machine configuration address customer requests:
 
-- Increased size limit for configurations ( 100MB )
+- Increased size limit for configurations to 100 MB
 - Advanced reporting through Azure Resource Graph including resource ID and state
 - Manage multiple configurations for the same machine
 - When machines drift from the desired state, you control when remediation occurs
@@ -61,8 +61,8 @@ configuration.
 
 You can only export configuration scripts from Azure Automation. It isn't possible to export node
 configurations, or compiled MOF files. If you published MOF files directly into the Automation
-Account and no longer have access to the original file, you must recompile from your private
-configuration scripts. If you can't find the original configuration, you must re-author it.
+Account and no longer have access to the original file, you need to recompile from your private
+configuration scripts. If you can't find the original configuration, you must reauthor it.
 
 To export configuration scripts from Azure Automation, first identify the Azure Automation account
 that has the configurations and the name of the Resource Group the Automation Account is deployed
@@ -147,7 +147,7 @@ After you've discovered your accounts and the number of configurations, you migh
 all configurations to a local folder on your machine. To automate this process, pipe the output of
 each command in the earlier examples to the next command.
 
-The example exports 5 configurations. The output pattern is the only indicator of success.
+The example exports five configurations. The output pattern is the only indicator of success.
 
 ```azurepowershell-interactive
 Get-AzAutomationAccount |
@@ -173,7 +173,7 @@ configuration per machine. To take advantage of the expanded capabilities offere
 configuration, you can divide large configuration files into many smaller configurations where each
 handles a specific scenario.
 
-There is no orchestration in machine configuration to control the order of how configurations are
+There's no orchestration in machine configuration to control the order of how configurations are
 sorted. Keep steps in a configuration together in one package if they're required to happen
 sequentially.
 
@@ -184,12 +184,11 @@ configurations require which modules and versions. You must have the modules in
 environment to create a new machine configuration package. To create a list of modules you need for
 migration, use PowerShell to query Azure Automation for the name and version of modules.
 
-If you are using modules that are custom authored and only exist in your private development
+If you're using modules that are custom authored and only exist in your private development
 environment, it isn't possible to export them from Azure Automation.
 
 If you can't find a custom module in your environment that's required for a configuration and in
-the account, you won't be able to compile the configuration. This means you won't be able to
-migrate the configuration.
+the account, you can't compile the configuration. Therefore, you can't migrate the configuration.
 
 #### List modules imported in Azure Automation
 
@@ -235,8 +234,8 @@ xRemoteDesktopAdmin        1.1.0.0
 
 If the modules were imported from the PowerShell Gallery, you can pipe the output from
 `Find-Module` directly to `Install-Module`. Piping the output across commands provides a solution
-to load a developer environment with all modules currently in an Automation Account that are
-available publicly in the PowerShell Gallery.
+to load a developer environment with all modules currently in an Automation Account if they're
+available in the PowerShell Gallery.
 
 You can use the same approach to pull modules from a custom NuGet feed if you have registered the
 feed in your local environment as a [PowerShellGet repository][04].
@@ -314,10 +313,10 @@ function New-TaskResolvedInPWSH7 {
 }
 ```
 
-#### Will I have to add the Reasons property to Get-TargetResource in all modules I migrate?
+#### Do I need to add the Reasons property to Get-TargetResource in all modules I migrate?
 
 Implementing the [Reasons property][09] provides a better experience when viewing the results of a
-configuration assignment from the Azure Portal. If the `Get` method in a module doesn't include
+configuration assignment from the Azure portal. If the `Get` method in a module doesn't include
 **Reasons**, generic output is returned with details from the properties returned by the `Get`
 method. Therefore, it's optional for migration.
 
@@ -348,22 +347,22 @@ Azure Automation State Configuration.
 ### Hybrid machines
 
 Machines outside of Azure [can be registered to Azure Automation State Configuration][13], but they
-don't have a machine resource in Azure. The connection to Azure Automation is handled by the Local
-Configuration Manager (LCM) service inside the machine. The record of the node is managed as a
-resource in the Azure Automation provider type.
+don't have a machine resource in Azure. The Local Configuration Manager (LCM) service inside the
+machine handles the connection to Azure Automation. The record of the node is managed as a resource
+in the Azure Automation provider type.
 
 Before removing a machine from Azure Automation State Configuration, onboard each node as an
-[Azure Arc-enabled server][14]. Onboarding to Azure Arc creates a machine resource in Azure so the
-machine can be managed by Azure Policy. The machine can be onboarded to Azure Arc at any time, but
-you can use Azure Automation State Configuration to automate the process.
+[Azure Arc-enabled server][14]. Onboarding to Azure Arc creates a machine resource in Azure so
+Azure Policy can manage the machine. The machine can be onboarded to Azure Arc at any time, but you
+can use Azure Automation State Configuration to automate the process.
 
 You can register a machine to Azure Arc-enabled servers by using PowerShell DSC. For details, view
 the page [How to install the Connected Machine agent using Windows PowerShell DSC][15]. Remember
 however, that Azure Automation State Configuration can manage only one configuration per machine,
-per Automation Account. This means you have the option to export, test, and prepare your content
-for machine configuration, and then switch the node configuration in Azure Automation to onboard to
-Azure Arc. As the last step, remove the node registration from Azure Automation State Configuration
-and move forward only managing the machine state through machine configuration.
+per Automation Account. You can export, test, and prepare your content for machine configuration,
+and then switch the node configuration in Azure Automation to onboard to Azure Arc. As the last
+step, remove the node registration from Azure Automation State Configuration and move forward only
+managing the machine state through machine configuration.
 
 ## Troubleshooting issues when exporting content
 

articles/governance/machine-configuration/machine-configuration-create-assignment.md

@@ -30,13 +30,14 @@ To modify the example for other resource types such as [Arc-enabled servers][06]
 type to the name of the resource provider. For Arc-enabled servers, the resource provider is
 `Microsoft.HybridCompute/machines`.
 
-Replace the following "<>" fields with values specific to you environment:
+Replace the following "<>" fields with values specific to your environment:
 
-- `<vm_name>`: Name of the machine resource where the configuration will be applied
-- `<configuration_name>`: Name of the configuration to apply
-- `<vm_location>`: Azure region where the machine configuration assignment will be created
-- `<Url_to_Package.zip>`: For custom content package, an HTTPS link to the `.zip` file
-- `<SHA256_hash_of_package.zip>`: For custom content package, a SHA256 hash of the `.zip` file
+- `<vm_name>`: Specify the name of the machine resource to apply the configuration on.
+- `<configuration_name>`: Specify the name of the configuration to apply.
+- `<vm_location>`: Specify the Azure region to create the  machine configuration assignment in.
+- `<Url_to_Package.zip>`: Specify an HTTPS link to the `.zip` file for your custom content package.
+- `<SHA256_hash_of_package.zip>`: Specify the SHA256 hash of the `.zip` file for your custom
+  content package.
 
 ## Assign a configuration using an Azure Resource Manager template
 
@@ -229,7 +230,7 @@ resource "azurerm_virtual_machine_configuration_policy_assignment" "AzureWindows
 ## Next steps
 
 - Read the [machine configuration overview][12].
-- Setup a custom machine configuration package [development environment][13].
+- Set up a custom machine configuration package [development environment][13].
 - [Create a package artifact][14] for machine configuration.
 - [Test the package artifact][15] from your development environment.
 - [Publish the package artifact][03] so it's accessible to your machines.

articles/governance/machine-configuration/machine-configuration-create-definition.md

@@ -142,7 +142,7 @@ include a filter for tags. The **Tag** parameter of `New-GuestConfigurationPolic
 array of hash tables containing individual tag entries. The tags are added to the **if** section of
 the policy definition and can't be modified by a policy assignment.
 
-An example snippet of a policy definition that filters for tags is given below.
+An example snippet of a policy definition that filters for tags follows.
 
 ```json
 "if": {
@@ -227,7 +227,7 @@ New-GuestConfigurationPolicy @PolicyParam
 ### Publish the Azure Policy definition
 
 Finally, you can publish the policy definitions using the `New-AzPolicyDefinition` cmdlet. The
-below commands will publish your machine configuration policy to the policy center.
+below commands publish your machine configuration policy to the policy center.
 
 To run the `New-AzPolicyDefinition` command, you need access to create policy definitions in Azure.
 The specific authorization requirements are documented in the [Azure Policy Overview][06] page. The
@@ -237,7 +237,7 @@ recommended built-in role is `Resource Policy Contributor`.
 New-AzPolicyDefinition -Name 'mypolicydefinition' -Policy '.\policies\auditIfNotExists.json'
 ```
 
-Or, if this is a deploy if not exist policy (DINE) please use
+Or, if the policy is a deploy if not exist policy (DINE) use this command:
 
 ```azurepowershell-interactive
 New-AzPolicyDefinition -Name 'mypolicydefinition' -Policy '.\policies\deployIfNotExists.json'
@@ -267,12 +267,12 @@ the following explanations.
 - **Version**: When you run the `New-GuestConfigurationPolicy` cmdlet, you must specify a version
   number greater than what's currently published.
 - **contentUri**: When you run the `New-GuestConfigurationPolicy` cmdlet, you must specify a URI to
-  the location of the package. Including a package version in the file name will ensure the value
-  of this property changes in each release.
-- **contentHash**: This property is updated automatically by the `New-GuestConfigurationPolicy`
-  cmdlet. It's a hash value of the package created by `New-GuestConfigurationPackage`. The property
-  must be correct for the `.zip` file you publish. If only the **contentUri** property is updated,
-  the Extension won't accept the content package.
+  the location of the package. Including a package version in the file name ensures the value of
+  this property changes in each release.
+- **contentHash**: The `New-GuestConfigurationPolicy` cmdlet updates this property automatically.
+  It's a hash value of the package created by `New-GuestConfigurationPackage`. The property must be
+  correct for the `.zip` file you publish. If only the **contentUri** property is updated, the
+  Extension rejects the content package.
 
 The easiest way to release an updated package is to repeat the process described in this article
 and specify an updated version number. That process guarantees all properties have been correctly

articles/governance/machine-configuration/machine-configuration-create-publish.md

@@ -1,6 +1,6 @@
 ---
 title: How to publish custom machine configuration package artifacts
-description: Learn how to publish a machine configuration package file top Azure blob storage and get a SAS token for secure access.
+description: Learn how to publish a machine configuration package file to Azure blob storage and get a SAS token for secure access.
 ms.date: 07/25/2022
 ms.topic: how-to
 ms.custom: devx-track-azurepowershell
@@ -43,10 +43,10 @@ New-AzStorageAccount @newAccountParams |
     New-AzStorageContainer -Name guestconfiguration -Permission Blob
 ```
 
-To publish your configuration package to Azure blob storage, you can follow the below steps which
-leverages the Az.Storage module.
+To publish your configuration package to Azure blob storage, you can follow these steps, which use
+the **Az.Storage** module.
 
-First, obtain the context of the storage account in which the package will be stored. This example
+First, obtain the context of the storage account you want to store the package in. This example
 creates a context by specifying a connection string and saves the context in the variable
 `$Context`.
 
@@ -73,7 +73,7 @@ Set-AzStorageBlobContent @setParams
 
 Optionally, you can add a SAS token in the URL to ensure the content package is accessed securely.
 The below example generates a blob SAS token with read access and returns the full blob URI with
-the shared access signature token. In this example, this includes a time limit of 3 years.
+the shared access signature token. In this example, the token has a time limit of three years.
 
 ```azurepowershell-interactive
 $StartTime = Get-Date

articles/governance/machine-configuration/machine-configuration-create-setup.md

@@ -30,7 +30,7 @@ Operating systems where the module can be installed:
 - Windows
 
 The module can be installed on a machine running PowerShell 7.x. Install the versions of PowerShell
-listed below.
+listed in the following table for your operating system.
 
 |    OS     |   PowerShell Version   |
 | --------- | ---------------------- |
@@ -39,8 +39,8 @@ listed below.
 
 The **GuestConfiguration** module requires the following software:
 
-- Azure PowerShell 5.9.0 or higher. The required Az modules are installed automatically with the
-  **GuestConfiguration** module, or you can follow [these instructions][03].
+- Azure PowerShell 5.9.0 or higher. The required Az PowerShell modules are installed automatically
+  with the **GuestConfiguration** module, or you can follow [these instructions][03].
 
 
 ### Install the module from the PowerShell Gallery

articles/governance/machine-configuration/machine-configuration-create-signing.md

@@ -20,8 +20,8 @@ content package, and append a tag to the machines that should require code to be
 
 To use the Signature Validation feature, run the `Protect-GuestConfigurationPackage` cmdlet to sign
 the package before it's published. This cmdlet requires a 'Code Signing' certificate. If you don't
-have a 'Code Signing' certificate, please use the script below to create a self-signed certificate
-for testing purposes to follow along with the example.
+have a 'Code Signing' certificate, use the following script to create a self-signed certificate for
+testing purposes to follow along with the example.
 
 ## Windows signature validation
 

articles/governance/machine-configuration/machine-configuration-create-test.md

@@ -31,12 +31,13 @@ Before you can begin testing, you need to [set up your authoring environment][01
 You can test the package from your workstation or continuous integration and continuous deployment
 (CI/CD) environment. The **GuestConfiguration** module includes the same agent for your development
 environment as is used inside Azure or Arc enabled machines. The agent includes a stand-alone
-instance of PowerShell 7.1.3 for Windows and 7.2.0-preview.7 for Linux. This ensures the script
-environment where the package is tested will be consistent with machines you manage using machine
-configuration.
+instance of PowerShell 7.1.3 for Windows and 7.2.0-preview.7 for Linux. The stand-alone instance
+ensures the script environment where the package is tested is consistent with machines you manage
+using machine configuration.
 
 The agent service in Azure and Arc-enabled machines is running as the `LocalSystem` account in
-Windows and Root in Linux. Run the commands below in privileged security context for best results.
+Windows and Root in Linux. Run the commands in this article in a privileged security context for
+best results.
 
 To run PowerShell as `LocalSystem` in Windows, use the SysInternals tool [PSExec][03].
 
@@ -112,7 +113,7 @@ In Linux, by running PowerShell using sudo.
 sudo pwsh -command 'Start-GuestConfigurationPackageRemediation -Path ./MyConfig.zip'
 ```
 
-The command won't return output unless errors occur. To troubleshoot details about events occurring
+The command only returns output when errors occur. To troubleshoot details about events occurring
 during `Set`, use the `-verbose` parameter.
 
 After running the command `Start-GuestConfigurationPackageRemediation`, you can run the command