Sync

msmbaldwin · msmbaldwin · commit c46d35b1b58b · 2022-09-19T10:35:32.000-07:00
diff --git a/articles/key-vault/certificates/about-certificates.md b/articles/key-vault/certificates/about-certificates.md
@@ -110,10 +110,10 @@ The following table represents the mapping of x509 key usage policy to effective
 |----------|--------|--------|
 |DataEncipherment|encrypt, decrypt| N/A |
 |DecipherOnly|decrypt| N/A  |
-|DigitalSignature|sign, verify| Key Vault default without a usage specification at certificate creation time | 
+|DigitalSignature|sign, verify| Key Vault default without a usage specification at certificate creation time |
 |EncipherOnly|encrypt| N/A |
 |KeyCertSign|sign, verify|N/A|
-|KeyEncipherment|wrapKey, unwrapKey| Key Vault default without a usage specification at certificate creation time | 
+|KeyEncipherment|wrapKey, unwrapKey| Key Vault default without a usage specification at certificate creation time |
 |NonRepudiation|sign, verify| N/A |
 |crlsign|sign, verify| N/A |
 
@@ -134,7 +134,7 @@ Before a certificate issuer can be created in a Key Vault, following prerequisit
 
     -   An organization administrator must on-board their company (ex. Contoso) with at least one CA provider.  
 
-2. Admin creates requester credentials for Key Vault to enroll (and renew) TLS/SSL certificates  
+1. Admin creates requester credentials for Key Vault to enroll (and renew) TLS/SSL certificates  
 
     -   Provides the configuration to be used to create an issuer object of the provider in the key vault  
 
@@ -155,7 +155,6 @@ Certificate contacts contain contact information to send notifications triggered
 
  Access control for certificates is managed by Key Vault, and is provided by the Key Vault that contains those certificates. The access control policy for certificates is distinct from the access control policies for keys and secrets in the same Key Vault. Users may create one or more vaults to hold certificates, to maintain scenario appropriate segmentation and management of certificates.  For more information on certificate access control, see [here](certificate-access-control.md)
 
-
 ## Certificate Use Cases
 
 ### Secure communication and authentication
@@ -166,6 +165,7 @@ TLS certificates can help encrypt communications over the internet and establish
 * Cloud/Multi-Cloud: secure cloud-based applications on-prem, cross-cloud, or in your cloud provider's tenant.
 
 ### Code signing
+
 A certificate can help secure the code/script of software, thereby ensuring that the author can share the software over the internet without being changed by malicious entities. Furthermore, once the author signs the code using a certificate leveraging the code signing technology, the software is marked with a stamp of authentication displaying the author and their website. Therefore, the certificate used in code signing helps validate the software's authenticity, promoting end-to-end security.
 
 ## Next steps
diff --git a/articles/key-vault/certificates/tutorial-import-certificate.md b/articles/key-vault/certificates/tutorial-import-certificate.md
@@ -56,7 +56,7 @@ In this case, we will create a certificate called **ExampleCertificate**, or imp
 
 # [Azure portal](#tab/azure-portal)
 
-1. On the Key Vault properties pages, select **Certificates**.
+1. On the page for your key vault, select **Certificates**.
 2. Click on **Generate/Import**.
 3. On the **Create a certificate** screen choose the following values:
     - **Method of Certificate Creation**: Import.
diff --git a/articles/key-vault/general/howto-logging.md b/articles/key-vault/general/howto-logging.md
@@ -30,13 +30,29 @@ What is logged:
 
 ## Prerequisites
 
-To complete this tutorial, you must have the following:
+To complete this tutorial, you will need an Azure key vault. You can create a new key vault using one of these methods:
+  - [Create a key vault using the Azure CLI](quick-create-cli.md)
+  - [Create a key vault using Azure PowerShell](quick-create-powershell.md)
+  - [Create a key vault using the Azure portal](quick-create-portal.md)
+
+You will also need a destination for your logs.  This can be an existing or new Azure storage account and/or Log Analytics workspace.
+
+> [!IMPORTANT]
+> If you use an existing Azure storage account or Log Analytics workspace, it must be in the same subscription as your key vault. It must also use the Azure Resource Manager deployment model, rather than the classic deployment model.
+>
+> If you create a new Azure storage account or Log Analytics workspace, we recommend you create it in the same resource group as your key vault, for ease of management.
+
+You can create a new Azure storage account using one of these methods:
+  - [Create a storage account using the Azure CLI](../../storage/common/storage-account-create.md?tabs=azure-cli)
+  - [Create a storage account using Azure PowerShell](../../storage/common/storage-account-create.md?tabs=azure-powershell)
+  - [Create a storage account using the Azure portal](../../storage/common/storage-account-create.md?tabs=azure-portal)
+
+You can create a new Log Analytics workspace using one of these methods:
+  - [Create a Log Analytics workspace using the Azure CLI](../../azure-monitor/logs/quick-create-workspace.md?tabs=azure-cli)
+  - [Create a Log Analytics workspace using Azure PowerShell](../../azure-monitor/logs/quick-create-workspace.md?tabs=azure-powershell)
+  - [Create a Log Analytics workspace the Azure portal](../../azure-monitor/logs/quick-create-workspace.md?tabs=azure-portal)
 
-* An existing key vault that you have been using.  
-* [Azure Cloud Shell](https://shell.azure.com) - Bash environment.
-* Sufficient storage on Azure for your Key Vault logs.
 
-In this article, commands are formatted for [Cloud Shell](https://shell.azure.com) with Bash as an environment.
 
 ## Connect to your Key Vault subscription
 
diff --git a/articles/key-vault/general/private-link-service.md b/articles/key-vault/general/private-link-service.md
@@ -50,15 +50,15 @@ After configuring the key vault basics, select the Networking tab and follow the
 1. Click the "+ Add" Button to add a private endpoint.
 
     ![Screenshot that shows the 'Networking' tab on the 'Create key vault' page.](../media/private-link-service-1.png)
- 
+
 1. In the "Location" field of the Create Private Endpoint Blade, select the region in which your virtual network is located. 
 1. In the "Name" field, create a descriptive name that will allow you to identify this private endpoint. 
 1. Select the virtual network and subnet you want this private endpoint to be created in from the dropdown menu. 
 1. Leave the "integrate with the private zone DNS" option unchanged.  
 1. Select "Ok".
 
     ![Screenshot that shows the 'Create private endpoint' page with settings selected.](../media/private-link-service-8.png)
- 
+
 You will now be able to see the configured private endpoint. You now have the option to delete and edit this private endpoint. 
 Select the "Review + Create" button and create the key vault. It will take 5-10 minutes for the deployment to complete. 
 
diff --git a/articles/key-vault/media/diagnostics-portal-1.png b/articles/key-vault/media/diagnostics-portal-1.png
