Merge pull request #207071 from cynthn/patch-618

Update virtual-machines-common-mitigate-se.md

Author: PRMerger5

includes/virtual-machines-common-mitigate-se.md

@@ -46,12 +46,12 @@ While an OS update is not required to isolate your applications running on Azure
 
 | Offering | Recommended Action  |
 |----------|---------------------|
-| Azure Cloud Services  | Enable [auto update](../articles/cloud-services/cloud-services-how-to-configure-portal.md) or ensure you are running the newest Guest OS. |
+| Azure Cloud Services  | Enable [auto update](../articles/cloud-services/cloud-services-how-to-configure-portal.md) or ensure you're running the newest Guest OS. |
 | Azure Linux Virtual Machines | Install updates from your operating system provider. For more information, see [Linux](#linux) later in this document. |
 | Azure Windows Virtual Machines  | Install the latest security rollup.
 | Other Azure PaaS Services | There is no action needed for customers using these services. Azure automatically keeps your OS versions up-to-date. |
 
-## Additional guidance if you are running untrusted code 
+## Additional guidance if you're running untrusted code 
 
 Customers who allow untrusted users to execute arbitrary code may wish to implement some extra security features inside their Azure Virtual Machines or Cloud Services. These features protect against the intra-process disclosure vectors that several speculative execution vulnerabilities describe.
 
@@ -68,7 +68,7 @@ Customers who do not implement a scenario involving untrusted code do not need t
 
 ## Enabling additional security 
 
-You can enable more security features inside your VM or Cloud Service if you are running untrusted code. In parallel, ensure your operating system is up-to-date to enable security features inside your VM or Cloud Service
+You can enable more security features inside your VM or Cloud Service if you're running untrusted code. In parallel, ensure your operating system is up-to-date to enable security features inside your VM or Cloud Service
 
 ### Windows 
 
@@ -87,11 +87,12 @@ Your target operating system must be up-to-date to enable these extra security f
 
 To validate enabled protections against these vulnerabilities, see [Understanding Get-SpeculationControlSettings PowerShell script output](https://support.microsoft.com/topic/understanding-get-speculationcontrolsettings-powershell-script-output-fd70a80a-a63f-e539-cda5-5be4c9e67c04).
 
+If protections are not enabled, please [contact Azure Support](https://aka.ms/microcodeenablementrequest-supporttechnical) to enable additional controls on your Azure VM.
 
 **Step 2**: To enable Kernel Virtual Address Shadowing (KVAS) and Branch Target Injection (BTI) OS support, follow the instructions in [KB4072698](https://support.microsoft.com/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution) to enable protections using the `Session Manager` registry keys. A reboot is required.
 
 
-**Step 3**: For deployments that are using [nested virtualization](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization) (D3 and E3 only): These instructions apply inside the VM you are using as a Hyper-V host.
+**Step 3**: For deployments that are using [nested virtualization](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization) (D3 and E3 only): These instructions apply inside the VM you're using as a Hyper-V host.
 
 1.	Follow the instructions in [KB4072698](https://support.microsoft.com/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution) to enable protections using the `MinVmVersionForCpuBasedMitigations` registry keys.
 2.	Set the hypervisor scheduler type to `Core` by following the instructions [here](/windows-server/virtualization/hyper-v/manage/manage-hyper-v-scheduler-types).
@@ -106,7 +107,7 @@ Type `wmic` to enter the interactive interface. Then type the following command
 CPU Get NumberOfCores,NumberOfLogicalProcessors /Format:List
 ```
 
-If the number of logical processors is greater than physical processors (cores), then hyper-threading is enabled. If you are running a hyper-threaded VM, [contact Azure Support](https://aka.ms/MicrocodeEnablementRequest-SupportTechnical) to get hyper-threading disabled. Once hyper-threading is disabled, support will require a full VM reboot. Refer to [Core count](#core-count) to understand why your VM core count decreased.
+If the number of logical processors is greater than physical processors (cores), then hyper-threading is enabled. If you're running a hyper-threaded VM, [contact Azure Support](https://aka.ms/MicrocodeEnablementRequest-SupportTechnical) to get hyper-threading disabled. Once hyper-threading is disabled, support will require a full VM reboot. Refer to [Core count](#core-count) to understand why your VM core count decreased.
 
 ### Option 3
 
@@ -119,7 +120,7 @@ For [CVE-2022-23816](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2
 Enabling the set of extra security features inside requires that the target operating system be fully up-to-date. Some mitigations will be enabled by default. The following section describes the features which are off by default and/or reliant on hardware support (microcode). Enabling these features may cause a performance impact. Reference your operating system provider’s documentation for further instructions
 
 
-**Step 1: Disable hyper-threading on the VM** - Customers running untrusted code on a hyper-threaded VM will need to disable hyper-threading or move to a non-hyper-threaded VM.  Reference [this doc](../articles/virtual-machines/acu.md) for a list of hyper-threaded VM sizes (where ratio of vCPU to Core is 2:1). To check if you are running a hyper-threaded VM, run the `lscpu` command in the Linux VM. 
+**Step 1: Disable hyper-threading on the VM** - Customers running untrusted code on a hyper-threaded VM will need to disable hyper-threading or move to a non-hyper-threaded VM.  Reference [this doc](../articles/virtual-machines/acu.md) for a list of hyper-threaded VM sizes (where ratio of vCPU to Core is 2:1). To check if you're running a hyper-threaded VM, run the `lscpu` command in the Linux VM. 
 
 If `Thread(s) per core = 2`, then hyper-threading has been enabled. 
 
@@ -141,7 +142,7 @@ NUMA node(s):          1
 
 ```
 
-If you are running a hyper-threaded VM, [contact Azure Support](https://aka.ms/MicrocodeEnablementRequest-SupportTechnical) to get hyper-threading disabled.  Once hyper-threading is disabled, **support will require a full VM reboot**. Refer to [Core count](#core-count) to understand why your VM core count decreased.
+If you're running a hyper-threaded VM, [contact Azure Support](https://aka.ms/MicrocodeEnablementRequest-SupportTechnical) to get hyper-threading disabled.  Once hyper-threading is disabled, **support will require a full VM reboot**. Refer to [Core count](#core-count) to understand why your VM core count decreased.