Edits

Author: kgremban

articles/iot-operations/deploy-iot-ops/howto-deploy-iot-operations.md

@@ -161,15 +161,19 @@ The Azure portal deployment experience is a helper tool that generates a deploym
 
       This command might take several minutes to complete. You can watch the progress in the deployment progress display in the terminal.
 
-      :::image type="content" source="./media/howto-deploy-iot-operations/az-iot-ops-init-progress.png" alt-text="A screenshot that shows the progress display for the `az iot ops init` command - portal deployment.":::
-
    1. Deploy Azure IoT Operations to your cluster. Copy and run the `az iot ops create` command.
 
-      This command might take several minutes to complete.
+      This command might take several minutes to complete. You can watch the progress in the deployment progress display in the terminal.
+
+   1. Enable secret sync on your Azure IoT Operations instance. Copy and run the `az iot ops secretsync enable` command. This command:
 
-   1. Enable secret sync on your Azure IoT Operations instance. Copy and run the `az iot ops secretsync enable` command.
+      * Creates a federated identity credential using the user-assigned managed identity.
+      * Adds a role assignment to the user-assigned managed identity for access to the Azure Key Vault.
+      * Adds a minimum secret provider class associated with the Azure IoT Operations instance.
 
    1. Assign a user-assigned managed identity to your Azure IoT Operations instance. Copy and run the `az iot ops identity assign` command.
+   
+      This command also creates a federated identity credential using the OIDC issuer of the indicated connected cluster and the Azure IoT Operations service account.
 
 1. Once all of the Azure CLI commands complete successfully, you can close the **Install Azure IoT Operations** wizard.
 
@@ -229,7 +233,7 @@ Azure IoT Operations requires a schema registry on your cluster. Schema registry
    | Optional parameter | Value | Description |
    | --------- | ----- | ----------- |
    | `--no-progress` |  | Disable the deployment progress display in the terminal. |
-   | `--enable-fault-tolerance` | `false`, `true` | Enables fault tolerance for Azure Arc Container Storage. At least three cluster nodes are required. |
+   | `--enable-fault-tolerance` | `false`, `true` | Enable fault tolerance for Azure Arc Container Storage. At least three cluster nodes are required. |
    | `--ops-config` | `observability.metrics.openTelemetryCollectorAddress=<FULLNAMEOVERRIDE>.azure-iot-operations.svc.cluster.local:<GRPC_ENDPOINT>` | If you followed the optional prerequisites to prepare your cluster for observability, provide the OpenTelemetry (OTel) collector address you configured in the otel-collector-values.yaml file.<br><br>The sample values used in [Configure observability](../configure-observability-monitoring/howto-configure-observability.md) are **fullnameOverride=aio-otel-collector** and **grpc.enpoint=4317**. |
    | `--ops-config` | `observability.metrics.exportInternalSeconds=<CHECK_INTERVAL>` | If you followed the optional prerequisites to prepare your cluster for observability, provide the **check_interval** value you configured in the otel-collector-values.yaml file.<br><br>The sample value used in [Configure observability](../configure-observability-monitoring/howto-configure-observability.md) is **check_interval=60**. |
 
@@ -288,17 +292,15 @@ Azure secret requires a user-assigned managed identity with access to the Azure
 
    You will need to grant the identity permission to whichever cloud resource this will be used for. 
 
-1. Run the following command to assign the identity to the Azure IoT Operations instance. This command also created a federated identity credential using the OIDC issuer of the indicated connected cluster and the Azure IoT Operations service account.
+1. Run the following command to assign the identity to the Azure IoT Operations instance. This command also creates a federated identity credential using the OIDC issuer of the indicated connected cluster and the Azure IoT Operations service account.
 
    ```azurecli
    az iot ops identity assign --name <INSTANCE_NAME> --resource-group <RESOURCE_GROUP> --mi-user-assigned <USER_ASSIGNED_MI_RESOURCE_ID>
    ```
 
 ---
 
-While the deployment is in progress, you can watch the resources being applied to your cluster.
-
-If your terminal supports it, the `init` and `create` commands display the deployment progress.
+While the deployment is in progress, you can watch the resources being applied to your cluster. If your terminal supports it, the `init` and `create` commands display the deployment progress.
 <!-- 
   :::image type="content" source="./media/howto-deploy-iot-operations/view-deployment-terminal.png" alt-text="A screenshot that shows the progress of an Azure IoT Operations deployment in a terminal.":::
 

articles/iot-operations/deploy-iot-ops/howto-prepare-cluster.md

@@ -5,7 +5,7 @@ author: kgremban
 ms.author: kgremban
 ms.topic: how-to
 ms.custom: ignite-2023, devx-track-azurecli
-ms.date: 09/26/2024
+ms.date: 10/02/2024
 
 #CustomerIntent: As an IT professional, I want prepare an Azure-Arc enabled Kubernetes cluster so that I can deploy Azure IoT Operations to it.
 ---
@@ -50,7 +50,7 @@ To prepare your Azure Arc-enabled Kubernetes cluster, you need:
   * [AKS Edge Essentials requirements and support matrix](/azure/aks/hybrid/aks-edge-system-requirements).
   * [AKS Edge Essentials networking guidance](/azure/aks/hybrid/aks-edge-concept-networking).
 
-* If you're going to deploy Azure IoT Operations to a multi-node cluster, review the hardware and storage requirements in [Prepare Linux for Edge Volumes](/azure/azure-arc/container-storage/prepare-linux-edge-volumes).
+* If you're going to deploy Azure IoT Operations to a multi-node cluster with fault tolerance enabled, review the hardware and storage requirements in [Prepare Linux for Edge Volumes](/azure/azure-arc/container-storage/prepare-linux-edge-volumes).
 
 ### [Ubuntu](#tab/ubuntu)
 

articles/iot-operations/deploy-iot-ops/overview-deploy.md

@@ -5,7 +5,7 @@ author: kgremban
 ms.author: kgremban
 ms.topic: conceptual
 ms.custom:
-ms.date: 09/10/2024
+ms.date: 10/02/2024
 
 #CustomerIntent: As an IT professional, I want to understand the components and deployment details before I start using Azure IoT Operations.
 ---
@@ -16,7 +16,7 @@ ms.date: 09/10/2024
 
 ## Supported environments
 
-Azure IoT Operations should work on any Arc-enabled Kubernetes cluster that meets the [Azure Arc-enabled Kubernetes system requirements](/azure/azure-arc/kubernetes/system-requirements). Currently Azure IoT Operations doesn't support ARM64 architectures.
+Azure IoT Operations should work on any Arc-enabled Kubernetes cluster that meets the [Azure Arc-enabled Kubernetes system requirements](/azure/azure-arc/kubernetes/system-requirements). Currently Azure IoT Operations doesn't support Arm64 architectures.
 
 Microsoft supports Azure Kubernetes Service (AKS) Edge Essentials for deployments on Windows and K3s for deployments on Ubuntu. For a list of specific hardware and software combinations that are tested and validated, see [Validated environments](../overview-iot-operations.md#validated-environments).
 
@@ -28,7 +28,7 @@ Azure IoT Operations offers two deployment modes. You can choose to deploy with
 
 A deployment with only test settings enabled:
 
-* Does not configure secrets or user-assigned managed identity capabilities.
+* Doesn't configure secrets or user-assigned managed identity capabilities.
 * Is meant to enable the end-to-end quickstart sample for evaluation purposes, so does support the OPC PLC simulator and connect to cloud resources using system-assigned managed identity.
 * Can be upgraded to use secure settings.
 
@@ -90,53 +90,39 @@ For more information, see [What is Azure Arc site manager (preview)?](/azure/azu
 
 If you use enterprise firewalls or proxies to manage outbound traffic, add the following endpoints to your domain allowlist before deploying Azure IoT Operations Preview.
 
-Some of these domains are Arc-enabled Kubernetes endpoints. For more information about how those are used, see [Azure Arc network requirements](/azure/azure-arc/network-requirements-consolidated).
+Additionally, allow the Arc-enabled Kubernetes endpoints in [Azure Arc network requirements](/azure/azure-arc/network-requirements-consolidated).
 
 ```text
 nw-umwatson.events.data.microsoft.com 
 dc.services.visualstudio.com 
 github.com 
-sts.windows.net 
-login.windows.net 
 self.events.data.microsoft.com 
 mirror.enzu.com 
 ppa.launchpadcontent.net 
 msit-onelake.pbidedicated.windows.net 
 gcr.io 
 adhs.events.data.microsoft.com 
 gbl.his.arc.azure.cn 
-mcr.microsoft.com 
 onegetcdn.azureedge.net 
 graph.windows.net 
 pas.windows.net 
 agentserviceapi.guestconfiguration.azure.com 
 aka.ms 
 api.segment.io 
 download.microsoft.com 
-gbl.his.arc.azure.com 
 raw.githubusercontent.com 
 go.microsoft.com 
 global.metrics.azure.eaglex.ic.gov 
 gbl.his.arc.azure.us 
-management.azure.com 
 packages.microsoft.com 
 global.metrics.azure.microsoft.scloud 
-k8sconnectcsp.azureedge.net 
-www.powershellgallery.com 
-k8connecthelm.azureedge.net 
-login.microsoftonline.com 
+www.powershellgallery.com
 k8s.io 
 guestconfiguration.azure.com 
 ods.opinsights.azure.com 
-dp.kubernetesconfiguration.azure.com 
-login.microsoft.com 
 vault.azure.net 
-obo.arc.azure.com 
-data.mcr.microsoft.com 
-servicebus.windows.net 
 googleapis.com 
 quay.io 
-his.arc.azure.com 
 handler.control.monitor.azure.com 
 pkg.dev 
 docker.io 
@@ -145,11 +131,9 @@ docker.com
 prod.microsoftmetrics.com 
 oms.opinsights.azure.com 
 azureedge.net 
-monitoring.azure.com 
-guestnotificationservice.azure.com 
+monitoring.azure.com
 blob.core.windows.net 
 azurecr.io
-graph.microsoft.com
 ```
 
 ## Next steps

articles/iot-operations/get-started-end-to-end-sample/quickstart-deploy.md

@@ -5,7 +5,7 @@ author: kgremban
 ms.author: kgremban
 ms.topic: quickstart
 ms.custom: ignite-2023, devx-track-azurecli
-ms.date: 05/02/2024
+ms.date: 10/02/2024
 
 #CustomerIntent: As a < type of user >, I want < what? > so that < why? >.
 ---