edits

Author: ktoliver

articles/batch/TOC.yml

@@ -103,17 +103,17 @@
     href: high-availability-disaster-recovery.md
   - name: Task runtime environment variables
     href: batch-compute-node-environment-variables.md
-  - name: Retirements
+  - name: Batch feature retirements
     items:
-    - name: Batch Certificates Migration Guide
+    - name: Certificates for access management
       href: batch-certificate-migration-guide.md
-    - name: Batch pools without public IP addresses classic Retirement Migration Guide
+    - name: Pools without public IP addresses (classic)
       href: batch-pools-without-public-IP-addresses-classic-retirement-migration-guide.md
-    - name: Batch TLS 1.0_1 Migration Guide
+    - name: TLS 1.0 and TLS 1.1 
       href: batch-tls-101-migration-guide.md
-    - name: Job Pool Lifetime Statistics Migration Guide
+    - name: Job pool lifetime statistics
       href: job-pool-lifetime-statistics-migration-guide.md
-    - name: Low Priority VMs Retirement Migration Guide
+    - name: Low-priority VMs
       href: low-priority-VMs-retirement-migration-guide.md
 - name: How-to guides
   items:

articles/batch/batch-certificate-migration-guide.md

@@ -1,50 +1,48 @@
 ---
-title: Migrate certificates from Azure Batch to Azure Key Vault
-description: Learn how to migrate access management from Azure Batch certificates to Azure Key Vault to prepare for end of support for certificates in Batch.
+title: Migrate Azure Batch access management to Azure Key Vault
+description: Learn how to migrate access management from Azure Batch to Azure Key Vault to prepare for end of support for certificates in Batch.
 author: harperche
 ms.author: harpercheng
 ms.service: batch
 ms.topic: how-to
 ms.date: 08/15/2022
 ---
-# Migrate access management from Azure Batch certificates to Azure Key Vault
 
-Learn how to migrate access management in Azure Batch from using certificates to using a key in Azure Key Vault.
+# Migrate Azure Batch access management to Azure Key Vault (feature retirement)
 
-> [!NOTE]
-> On February 29, 2024, the certificate feature in Azure Batch access management will be retired.
-
-Often, you need to store secure data in an application. Your data must be securely managed so that only administrators or authorized users can access it.
+On *February 29, 2024*, the certificates feature for Azure Batch access management will be retired. Learn how to migrate access management from using certificates in Azure Batch to using Azure Key Vault.
 
 ## Batch secure access options
 
-Azure Batch offers two ways to secure access management. You can use a certificate that you create and manage in Azure Batch, or you can use Azure Key Vault to store access keys. Using a key vault is an Azure standard way to deliver more controlled secure access management.
+Often, you need to store secure data in an application. Your data must be securely managed so that only administrators or authorized users can access it.
+
+Azure Batch offers two ways to secure access management. You can use a certificate that you create and manage in Azure Batch or you can use Azure Key Vault to store an access key. Using a key vault is an Azure standard way to deliver more controlled secure access management.
 
 Currently, you can use a certificate at the account level in Azure Batch. You must generate the certificate and upload it manually to Batch by using the Azure portal. To access the certificate, the certificate must be associated with and installed for only the current user. A certificate typically is valid for one year, and it must be updated each year.
 
-## Certificate retirement in Batch
+## Certificates in Batch retirement
 
-To move toward a simpler, standardized way to secure access to your Batch resources, on *February 29, 2024*, we'll retire the certificate feature in Azure Batch. We recommend that you instead use Azure Key Vault as a standard and more modern method to secure your resources in Batch.
+To move toward a simpler, standardized way to secure access to your Batch resources, on *February 29, 2024*, we'll retire the certificates feature in Azure Batch. We recommend that you instead use Azure Key Vault as a standard and more modern method to secure your resources in Batch.
 
 In Key Vault, you get these benefits:
 
 - Reduced manual maintenance and streamlined maintenance overall
 - Reduced access to and readability of the key that's generated
 - Advanced security
 
-After the certificate feature in Azure Batch is retired on February 29, 2024, a certificate in Batch might not work as expected. After that date, you won't be able to create a pool by using a certificate. Pools that continue to use certificates after the feature is retired might increase in size and cost.
+After the certificates feature in Azure Batch is retired on February 29, 2024, a certificate in Batch might not work as expected. After that date, you won't be able to create a pool by using a certificate. Pools that continue to use certificates after the feature is retired might increase in size and cost.
 
 ## Use Key Vault to secure your Batch resources
 
 Azure Key Vault is an Azure service you can use to store and manage secrets, certificates, tokens, keys, and other configuration values that give authenticated users access to secure applications and services. Key Vault is based on the idea that security is improved and standardized when you remove hard-coded secrets and keys from application code that's deployed.
 
-Key Vault provides security at the transport layer by ensuring that any data flow from the key vault to the client application is encrypted. Azure key vault stores the secrets and keys with such strong encryption that even Microsoft can't read Key Vault-protected keys and secrets.
+Key Vault provides security at the transport layer by ensuring that any data flow from the key vault to the client application is encrypted. Azure Key Vault stores secrets and keys with such strong encryption that even Microsoft can't read key vault-protected keys and secrets.
 
 Azure Key Vault gives you a secure way to store essential access information and to set fine-grained access control. You can manage all secrets from one dashboard. Choose to store a key in either software-protected or hardware-protected hardware security modules (HSMs). You also can set Key Vault to auto-renew certificates
 
 ## Create a key vault
 
-To create a key vault to manage access for Batch resource, you can use one of the following options:
+To create a key vault to manage access for Batch resources, use one of the following options:
 
 - Azure portal
 - PowerShell
@@ -66,13 +64,13 @@ To create a key vault:
 
 1. Select **Review**, and then select **Create** to create the key vault account.
 
-1. Go to the key vault you created. The key vault name and the URI you use to access the vault are shown.
+1. Go to the key vault you created. The key vault name and the URI you use to access the vault are shown under deployment details.
 
-For more information, see [Quickstart: Create a key vault using the Azure portal](/azure/key-vault/general/quick-create-portal).
+For more information, see [Quickstart: Create a key vault by using the Azure portal](../key-vault/general/quick-create-portal.md).
 
-### Create a key vault by using Azure PowerShell
+### Create a key vault by using PowerShell
 
-1. In Azure PowerShell, sign in to your account by using the following command:
+1. Use the PowerShell option in Azure Cloud Shell to sign in to your account;
 
    ```powershell
    Login-AzAccount
@@ -90,7 +88,7 @@ For more information, see [Quickstart: Create a key vault using the Azure portal
    New-AzKeyVault -Name <KeyVaultName> -ResourceGroupName <ResourceGroupName> -Location <Location>
    ```
 
-For more information, see [Quickstart: Create a key vault using PowerShell](/azure/key-vault/general/quick-create-powershell).
+For more information, see [Quickstart: Create a key vault by using PowerShell](../key-vault/general/quick-create-powershell.md).
 
 ### Create a key vault by using the Azure CLI
 
@@ -106,9 +104,9 @@ For more information, see [Quickstart: Create a key vault using PowerShell](/azu
    az keyvault create -name <KeyVaultName> -resource-group <ResourceGroupName> -location <Location>
    ```
 
-For more information, see [Quickstart: Create a key vault using the Azure CLI](/azure/key-vault/general/quick-create-cli).
+For more information, see [Quickstart: Create a key vault by using the Azure CLI](../key-vault/general/quick-create-cli.md).
 
-## FAQ
+## FAQs
 
 - Does Microsoft recommend using Azure Key Vault for access management in Batch?
 

articles/batch/batch-pools-without-public-ip-addresses-classic-retirement-migration-guide.md

@@ -1,62 +1,68 @@
 ---
-title: Batch Pools without public IP addresses classic retirement
-description: Describes the migration steps for the batch pool without public ip addresses and the end of support details.
+title: Opt in to migrate Azure Batch pools without public IP addresses (classic)
+description: Learn how to opt in to migrate Azure Batch pools without public IP addresses (classic) and plan for feature end of support.
 author: harperche
 ms.author: harpercheng
 ms.service: batch
 ms.topic: how-to
 ms.date: 09/01/2022
 ---
 
-# Batch Pools without public IP addresses classic retirement
+# Opt in to migrate Batch pools without public IP addresses (feature retirement)
 
-By default, all the compute nodes in an Azure Batch virtual machine (VM) configuration pool are assigned a public IP address. This address is used by the Batch service to schedule tasks and for communication with compute nodes, including outbound access to the internet. To restrict access to these nodes and reduce the discoverability of these nodes from the internet, we released [Batch pools without public IP addresses (classic)](./batch-pool-no-public-ip-address.md).
+Azure Batch pools without public IP addresses (classic) will retire on *March 31, 2023*. Existing pools will migrate to simplified compute node communication pools without public IP addresses. You must opt in to migrate your Batch pools.
 
-In late 2021, we launched a simplified compute node communication model for Azure Batch. The new communication model improves security and simplifies the user experience. Batch pools no longer require inbound Internet access and outbound access to Azure Storage, only outbound access to the Batch service. As a result, Batch pools without public IP addresses (classic) which is currently in public preview will be retired on *March 31 2023* and will be replaced with simplified compute node communication pools without public IPs.
+## About Batch pools without public IP addresses
 
-## Retirement alternatives
+By default, all the compute nodes in an Azure Batch virtual machine (VM) configuration pool are assigned a public IP address. The Batch service uses the IP address to schedule tasks and for communication with compute nodes, including outbound access to the internet. To restrict access to these nodes and reduce the discoverability of these nodes from the internet, we released [Batch pools without public IP addresses (classic)](./batch-pool-no-public-ip-address.md).
 
-[Simplified Compute Node Communication Pools without Public IPs](./simplified-node-communication-pool-no-public-ip.md) requires using simplified compute node communication. It provides customers with enhanced security for their workload environments on network isolation and data exfiltration to Azure Batch accounts. Its key benefits include:
+## End of support for pools without public IP addresses
 
-- Allow creating simplified node communication pool without public IP addresses.
-- Support Batch private pool using a new private endpoint (sub-resource nodeManagement) for Azure Batch account.
-- Simplified private link DNS zone for Batch account private endpoints: changed from `privatelink.<region>.batch.azure.com` to `privatelink.batch.azure.com`.
+In late 2021, we launched a simplified compute node communication model for Azure Batch. The new communication model improves security and simplifies the user experience. Batch pools no longer require inbound internet access and outbound access to Azure Storage. Batch pools now need only outbound access to the Batch service. As a result, Batch pools without public IP addresses (classic), currently in public preview, will be retired on *March 31, 2023*. The feature will be replaced by simplified compute node communication pools without public IPs.
+
+## Use simplified node communication for a pool with no public IP address
+
+The alternative to using a Batch pool without a public IP address (classic) requires using [simplified node communication](./simplified-node-communication-pool-no-public-ip.md). The option gives you enhanced security for your workload environments on network isolation and data exfiltration to Azure Batch accounts. Its key benefits include:
+
+- You can create simplified node communication pools without public IP addresses.
+- You can create a Batch private pool by using a new private endpoint (sub-resource nodeManagement) for an Azure Batch account.
+- A simplified private link DNS zone for Batch account private endpoints. The private link changed from `privatelink.<region>.batch.azure.com` to `privatelink.batch.azure.com`.
 - Mutable public network access for Batch accounts.
-- Firewall support for Batch account public endpoints: configure IP address network rules to restrict public network access with Batch accounts.
+- Firewall support for Batch account public endpoints. You can configure IP address network rules to restrict public network access with Batch accounts.
 
-## Migration steps
+## Opt in and migrate your eligible pools
 
-Batch pool without public IP addresses (classic) will retire on **31 March 2023** and will be updated to simplified compute node communication pools without public IPs. For existing pools that use the previous preview version of Batch pool without public IP addresses (classic), it's only possible to migrate pools created in a virtual network. To migrate the pool, follow the opt-in process for simplified compute node communication:
+Batch pools without public IP addresses (classic) will retire on *March 31, 2023*. For existing pools that use the earlier preview version of Batch pools without public IP addresses (classic), you can migrate only pools that you created in a virtual network. To migrate the pool, follow the opt-in process for simplified compute node communication:
 
 1. Opt in to [use simplified compute node communication](./simplified-compute-node-communication.md#opt-your-batch-account-in-or-out-of-simplified-compute-node-communication).
 
-   ![Support Request](../batch/media/certificates/opt-in.png)
+   :::image type="content" source="media/certificates/opt-in.png" alt-text="Screenshot that shows creating a support request to opt in.":::
 
 1. Create a private endpoint for Batch node management in the virtual network.
 
-   ![Create Endpoint](../batch/media/certificates/private-endpoint.png)
+   :::image type="content" source="media/certificates/private-endpoint.png" alt-text="Screenshot that shows how to create an endpoint.":::
 
 1. Scale down the pool to zero nodes.
 
-   ![Scale Down](../batch/media/certificates/scale-down-pool.png)
+   :::image type="content" source="media/certificates/scale-down-pool.png" alt-text="Screenshot that shows how to scale down a pool.":::
 
 1. Scale out the pool again. The pool is then automatically migrated to the new version of the preview.
 
-   ![Scale Out](../batch/media/certificates/scale-out-pool.png)
+   :::image type="content" source="media/certificates/scale-out-pool.png" alt-text="Screenshot that shows how to scale out a pool.":::
 
-## FAQ
+## FAQs
 
 - How can I migrate my Batch pool without public IP addresses (classic) to simplified compute node communication pools without public IPs?
 
-  You can only migrate your pool to simplified compute node communication pools if it was created in a virtual network. Otherwise, you’d need to create a new simplified compute node communication pool without public IPs.
+  You can migrate your pool to simplified compute node communication pools only if you created the pool in a virtual network. Otherwise, create a new simplified compute node communication pool without public IP addresses.
 
 - What differences will I see in billing?
 
-  Compared with Batch pools without public IP addresses (classic), the simplified compute node communication pools without public IPs support will reduce costs because it won’t need to create network resources the following: load balancer, network security groups, and private link service with the Batch pool deployments. However, there will be a [cost associated with  private link](https://azure.microsoft.com/pricing/details/private-link/) or other outbound network connectivity used by pools, as controlled by the user, to allow communication with the Batch service without public IP addresses.
+  Compared with Batch pools without public IP addresses (classic), the simplified compute node communication pools without public IPs support will reduce costs because it won’t need to create the following network resources: load balancer, network security groups, and private link service with the Batch pool deployments. However, there will be a [cost associated with  private link](https://azure.microsoft.com/pricing/details/private-link/) or other outbound network connectivity used by pools, as controlled by the user, to allow communication with the Batch service without public IP addresses.
 
-- Will there be any performance changes?
+- Will I see any changes in performance?
 
-  No known performance differences compared to Batch pools without public IP addresses (classic).
+  No known performance differences exist for simplified compute node communication pools without public IPs compared to Batch pools without public IP addresses (classic).
 
 - How can I connect to my pool nodes for troubleshooting?
 
@@ -68,7 +74,7 @@ Batch pool without public IP addresses (classic) will retire on **31 March 2023*
 
 - What if I don’t migrate to simplified compute node communication pools without public IPs?
 
-  After *March 31 2023*, we will stop supporting Batch pool without public IP addresses. The functionality of the existing pool in that configuration may break, such as scale out operations, or may be actively scaled down to zero at any point in time after that date.
+  After *March 31, 2023*, we will stop supporting Batch pools without public IP addresses. The functionality of the existing pool in that configuration might break, including scale-out operations, or the pool might be actively scaled down to zero at any point in time after that date.
 
 ## Next steps