Merge pull request #112830 from DCtheGeek/dmc-policy-termscleanup

Azure Policy terminology cleanup - Pass 1

Author: v-shils

articles/advisor/advisor-operational-excellence-recommendations.md

@@ -28,12 +28,12 @@ Log alert rules are created in Azure Monitor and are used to run analytics queri
 
 ## Follow best practices using Azure Policy
 
-Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources. Below are the Azure policy recommendations to help you achieve operational excellency: 
+Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources. Below are the Azure Policy recommendations to help you achieve operational excellency: 
 1. Manage Tags using Azure Policy: This policy adds or replaces the specified tag and value when any resource is created or updated. Existing resources can be remediated by triggering a remediation task. Also, this doesn't modify tags on resource groups.
 2. Enforce geo-compliance requirements using Azure Policy: The policy enables you to restrict the locations your organization can specify when deploying resources. 
 3. Specify allowed virtual machine SKUs for deployments: This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.
-4. Enforce 'Audit VMs that do not use managed disks' using Azure policy
-5. Use 'Inherit a tag from resource groups' using Azure policy: The policy adds or replaces the specified tag and value from the parent resource group when any resource is created or updated. Existing resources can be remediated by triggering a remediation task.
+4. Enforce 'Audit VMs that do not use managed disks' using Azure Policy
+5. Use 'Inherit a tag from resource groups' using Azure Policy: The policy adds or replaces the specified tag and value from the parent resource group when any resource is created or updated. Existing resources can be remediated by triggering a remediation task.
 
 ## Next steps
 

articles/aks/limit-egress-traffic.md

@@ -160,8 +160,8 @@ The following FQDN / application rules are required for AKS clusters that have t
 |-----------------------------------------|-----------|----------|
 | gov-prod-policy-data.trafficmanager.net | HTTPS:443 | This address is used for correct operation of Azure Policy. (currently in preview in AKS) |
 | raw.githubusercontent.com | HTTPS:443 | This address is used to pull the built-in policies from GitHub to ensure correct operation of Azure Policy. (currently in preview in AKS) |
-| *.gk.\<location\>.azmk8s.io | HTTPS:443    | Azure policy add-on that talks to Gatekeeper audit endpoint running in master server to get the audit results. |
-| dc.services.visualstudio.com | HTTPS:443 | Azure policy add-on that sends telemetry data to applications insights endpoint. |
+| *.gk.\<location\>.azmk8s.io | HTTPS:443    | Azure Policy add-on that talks to Gatekeeper audit endpoint running in master server to get the audit results. |
+| dc.services.visualstudio.com | HTTPS:443 | Azure Policy add-on that sends telemetry data to applications insights endpoint. |
 
 ## Required by Windows Server based nodes (in public preview) enabled
 

articles/automation/automation-solution-vm-management.md

@@ -142,7 +142,7 @@ The following table lists the variables created in your Automation account. Only
 >[!NOTE]
 >For the variable `External_WaitTimeForVMRetryInSeconds`, the default value has been updated from 600 to 2100. 
 
-Across all scenarios, the variables `External_Start_ResourceGroupNames`,  `External_Stop_ResourceGroupNames`, and `External_ExcludeVMNames` are necessary for targeting VMs, except for the comma-separated VM lists for the **AutoStop_CreateAlert_Parent**, **SequencedStartStop_Parent**, and **ScheduledStartStop_Parent** runbooks. That is, your VMs must belong to target resource groups for start and stop actions to occur. The logic works similar to Azure policy, in that you can target the subscription or resource group and have actions inherited by newly created VMs. This approach avoids having to maintain a separate schedule for every VM and manage starts and stops in scale.
+Across all scenarios, the variables `External_Start_ResourceGroupNames`,  `External_Stop_ResourceGroupNames`, and `External_ExcludeVMNames` are necessary for targeting VMs, except for the comma-separated VM lists for the **AutoStop_CreateAlert_Parent**, **SequencedStartStop_Parent**, and **ScheduledStartStop_Parent** runbooks. That is, your VMs must belong to target resource groups for start and stop actions to occur. The logic works similar to Azure Policy, in that you can target the subscription or resource group and have actions inherited by newly created VMs. This approach avoids having to maintain a separate schedule for every VM and manage starts and stops in scale.
 
 ### Schedules
 

articles/azure-cache-for-redis/security-baseline.md

@@ -724,7 +724,7 @@ https://docs.microsoft.com/azure/azure-resource-manager/resource-group-using-tag
 
 **Guidance**: Use tagging, management groups, and separate subscriptions, where appropriate, to organize and track Azure Cache for Redis instances and related resources. Reconcile inventory on a regular basis and ensure unauthorized resources are deleted from the subscription in a timely manner.
 
-In addition, use Azure policy to put restrictions on the type of resources that can be created in customer subscription(s) using the following built-in policy definitions:
+In addition, use Azure Policy to put restrictions on the type of resources that can be created in customer subscription(s) using the following built-in policy definitions:
 
 - Not allowed resource types
 
@@ -750,7 +750,7 @@ How to create and use Tags: https://docs.microsoft.com/azure/azure-resource-mana
 
 ### 6.5: Monitor for unapproved Azure resources
 
-**Guidance**: Use Azure policy to put restrictions on the type of resources that can be created in customer subscription(s) using the following built-in policy definitions:
+**Guidance**: Use Azure Policy to put restrictions on the type of resources that can be created in customer subscription(s) using the following built-in policy definitions:
 
 Not allowed resource types
 
@@ -880,7 +880,7 @@ https://docs.microsoft.com/azure/governance/policy/tutorials/create-and-manage
 
 ### 7.3: Maintain secure Azure resource configurations
 
-**Guidance**: Use Azure policy [deny] and [deploy if not exist] to enforce secure settings across your Azure resources.
+**Guidance**: Use Azure Policy [deny] and [deploy if not exist] to enforce secure settings across your Azure resources.
 
 How to configure and manage Azure Policy:
 https://docs.microsoft.com/azure/governance/policy/tutorials/create-and-manage
@@ -941,7 +941,7 @@ https://docs.microsoft.com/azure/governance/policy/tutorials/create-and-manage
 
 ### 7.9: Implement automated configuration monitoring for Azure services
 
-**Guidance**: Use Azure Policy aliases in the "Microsoft.Cache" namespace to create custom policies to alert, audit, and enforce system configurations. Use Azure policy [audit], [deny], and [deploy if not exist] to automatically enforce configurations for your Azure Cache for Redis instances and related resources.
+**Guidance**: Use Azure Policy aliases in the "Microsoft.Cache" namespace to create custom policies to alert, audit, and enforce system configurations. Use Azure Policy [audit], [deny], and [deploy if not exist] to automatically enforce configurations for your Azure Cache for Redis instances and related resources.
 
 How to configure and manage Azure Policy:
 https://docs.microsoft.com/azure/governance/policy/tutorials/create-and-manage

articles/azure-resource-manager/custom-providers/concepts-built-in-policy.md

@@ -7,7 +7,7 @@ ms.date: 09/06/2019
 ms.author: hich
 ---
 
-# Deploy associations for a custom provider using Azure policy
+# Deploy associations for a custom provider using Azure Policy
 
 Azure policies can be used to deploy associations to associate resources to a custom provider. In this article, we describe a built-in policy that deploys associations and how you can use that policy.
 

articles/azure-resource-manager/custom-providers/toc.yml

@@ -23,7 +23,7 @@
     href: tutorial-resource-onboarding.md
 - name: Concepts
   items:
-  - name: Azure policy for associations
+  - name: Azure Policy for associations
     href: concepts-built-in-policy.md
   - name: Resource onboarding
     href: concepts-resource-onboarding.md

articles/backup/backup-azure-diagnostic-events.md

@@ -89,7 +89,7 @@ Currently, we continue to support the AzureBackupReport event for backward compa
     | project ResourceId, SubscriptionId, VaultName
     ````
 
-1. Use the [built-in Azure policy](https://docs.microsoft.com/azure/backup/azure-policy-configure-diagnostics) in Azure Backup to add a new diagnostics setting for all vaults in a specified scope. This policy adds a new diagnostics setting to vaults that either don't have a diagnostics setting or have only a legacy diagnostics setting. This policy can be assigned to an entire subscription or resource group at a time. You must have Owner access to each subscription for which the policy is assigned.
+1. Use the [built-in Azure Policy definitions](https://docs.microsoft.com/azure/backup/azure-policy-configure-diagnostics) in Azure Backup to add a new diagnostics setting for all vaults in a specified scope. This policy adds a new diagnostics setting to vaults that either don't have a diagnostics setting or have only a legacy diagnostics setting. This policy can be assigned to an entire subscription or resource group at a time. You must have Owner access to each subscription for which the policy is assigned.
 
 You might choose to have separate diagnostics settings for AzureBackupReport and the six new events until you have migrated all of your custom queries to use data from the new tables. The following image shows an example of a vault that has two diagnostic settings. The first setting, named **Setting1**, sends data of an AzureBackupReport event to a Log Analytics workspace in Azure diagnostics mode. The second setting, named **Setting2**, sends data of the six new Azure Backup events to a Log Analytics workspace in the resource-specific mode.
 

articles/backup/configure-reports.md

@@ -43,7 +43,7 @@ In the monitoring section of your Recovery Services vault, select **Diagnostics
 
 ![Diagnostics settings pane](./media/backup-azure-configure-backup-reports/resource-specific-blade.png)
 
-Azure Backup also provides a built-in Azure policy, which automates the configuration of diagnostics settings for all vaults in a given scope. To learn how to use this policy, see [Configure vault diagnostics settings at scale](https://docs.microsoft.com/azure/backup/azure-policy-configure-diagnostics).
+Azure Backup also provides a built-in Azure Policy definition, which automates the configuration of diagnostics settings for all vaults in a given scope. To learn how to use this policy, see [Configure vault diagnostics settings at scale](https://docs.microsoft.com/azure/backup/azure-policy-configure-diagnostics).
 
 > [!NOTE]
 > After you configure diagnostics, it might take up to 24 hours for the initial data push to complete. After data starts flowing into the Log Analytics workspace, you might not see data in the reports immediately because data for the current partial day isn't shown in the reports. For more information, see [Conventions used in Backup reports](https://docs.microsoft.com/azure/backup/configure-reports#conventions-used-in-backup-reports). We recommend that you start viewing the reports two days after you configure your vaults to send data to Log Analytics.

articles/backup/security-baseline.md

@@ -607,7 +607,7 @@ Although classic Azure resources may be discovered via Resource Graph, it is hig
 
 **Guidance**: Use tagging, management groups, and separate subscriptions, where appropriate, to organize and track Azure resources. Reconcile inventory on a regular basis and ensure unauthorized resources are deleted from the subscription in a timely manner.
 
-In addition, use Azure policy to put restrictions on the type of resources that can be created in customer subscription(s) using the following built-in policy definitions:
+In addition, use Azure Policy to put restrictions on the type of resources that can be created in customer subscription(s) using the following built-in policy definitions:
 Not allowed resource types
 Allowed resource types
 
@@ -741,7 +741,7 @@ Allowed resource types
 
 ### 7.3: Maintain secure Azure resource configurations
 
-**Guidance**: Use Azure policy [deny] and [deploy if not exist] to enforce secure settings across your Azure resources.
+**Guidance**: Use Azure Policy [deny] and [deploy if not exist] to enforce secure settings across your Azure resources.
 
 - [How to configure and manage Azure Policy](https://docs.microsoft.com/azure/governance/policy/tutorials/create-and-manage)
 
@@ -761,7 +761,7 @@ Allowed resource types
 
 ### 7.5: Securely store configuration of Azure resources
 
-**Guidance**: If using custom Azure policy definitions, use Azure DevOps or Azure Repos to securely store and manage your code.
+**Guidance**: If using custom Azure Policy definitions, use Azure DevOps or Azure Repos to securely store and manage your code.
 
 - [How to store code in Azure DevOps](https://docs.microsoft.com/azure/devops/repos/git/gitworkflow?view=azure-devops)
 
@@ -799,7 +799,7 @@ Allowed resource types
 
 ### 7.9: Implement automated configuration monitoring for Azure services
 
-**Guidance**: Use built-in Azure Policy definitions as well as Azure Policy aliases in the "Microsoft.RecoveryServices" namespace to create custom policies to alert, audit, and enforce system configurations. Use Azure policy [audit], [deny], and [deploy if not exist] to automatically enforce configurations for your Azure resources.
+**Guidance**: Use built-in Azure Policy definitions as well as Azure Policy aliases in the "Microsoft.RecoveryServices" namespace to create custom policies to alert, audit, and enforce system configurations. Use Azure Policy [audit], [deny], and [deploy if not exist] to automatically enforce configurations for your Azure resources.
 
 - [How to configure and manage Azure Policy](https://docs.microsoft.com/azure/governance/policy/tutorials/create-and-manage)
 

articles/batch/batch-integration-policies.md

@@ -22,7 +22,7 @@ Policy definitions describe the conditions that need to be met. A condition comp
 
 The resources required by Batch include: account, compute node, pool, job, and task. So, you would use property aliases to access specific properties for these resources. Learn more about [Aliases](https://docs.microsoft.com/azure/governance/policy/concepts/definition-structure#aliases)
 
-To make sure you know the current aliases and review your resources and policies, use the Azure policy extension for Visual Studio Code. It can be installed on all platforms that are supported by Visual Studio Code. This support includes Windows, Linux, and macOS. See [installation guidelines](https://docs.microsoft.com/azure/governance/policy/how-to/extension-for-vscode).
+To make sure you know the current aliases and review your resources and policies, use the Azure Policy extension for Visual Studio Code. It can be installed on all platforms that are supported by Visual Studio Code. This support includes Windows, Linux, and macOS. See [installation guidelines](https://docs.microsoft.com/azure/governance/policy/how-to/extension-for-vscode).