Merge pull request #230931 from khdownie/kendownie031523-2

prmerger-automator[bot] · web-flow · commit e31f8f8f0e33 · 2023-03-15T22:23:02.000Z
cleanup table
diff --git a/articles/storage/file-sync/file-sync-resource-move.md b/articles/storage/file-sync/file-sync-resource-move.md
@@ -23,7 +23,7 @@ When planning to make changes to the Azure File Sync cloud resources, it's impor
     * :::image type="icon" source="media/storage-sync-resource-move/storage-sync-resource-move-cloud-endpoint.png" border="false"::: Cloud endpoint
     * :::image type="icon" source="media/storage-sync-resource-move/storage-sync-resource-move-server-endpoint.png" border="false"::: Server endpoint
 
-In Azure File Sync, the only resource capable of moving is the Storage Sync Service resource. Any subresources are bound to its parent and can't move to another Storage Sync Service.
+In Azure File Sync, the only resource capable of moving is the Storage Sync Service resource. Any subresources are bound to their parent and can't move to another Storage Sync Service.
 
 **Azure storage resources (in hierarchical order)**
 
@@ -36,7 +36,7 @@ In Azure Storage, the only resource capable of moving is the storage account. An
 
 When planning a resource move, storage account and the top-level Azure File Sync resource, called the *Storage Sync Service*, need to be considered together.
 
-As a best practice, the Storage Sync Service and the storage accounts that have syncing file shares, should always reside in the same subscription. These combinations are supported:
+As a best practice, the Storage Sync Service and the storage accounts that have syncing file shares should always reside in the same subscription. These combinations are supported:
 
 * Storage Sync Service and storage accounts are located in **different resource groups** (same Azure tenant)
 * Storage Sync Service and storage accounts are located in **different subscriptions** (same Azure tenant)
@@ -53,7 +53,7 @@ When planning your resource move, there are different considerations for [moving
         :::image type="content" source="media/storage-sync-resource-move/storage-sync-resource-move-small.png" alt-text="An image showing the Azure portal for a Storage Sync Service resource, with the Move command expanded. It shows the resource group move and subscription move options." lightbox="media/storage-sync-resource-move/storage-sync-resource-move.png":::
     :::column-end:::
     :::column:::
-        A convenient way to move a Storage Sync Service resource is to use the Azure portal. Navigate to the Storage Sync Service you want to move and select **Move** from the command bar. The same steps apply to moving a storage account. You can also move all resources in a resource group this way. Moving an entire resource group is recommended when you have the Storage Sync Service and all it's used storage accounts in this resource group.
+        A convenient way to move a Storage Sync Service resource is to use the Azure portal. Navigate to the Storage Sync Service you want to move and select **Move** from the command bar. The same steps apply to moving a storage account. You can also move all resources in a resource group this way. Moving an entire resource group is recommended when you have the Storage Sync Service and all its used storage accounts in this resource group.
     :::column-end:::
 :::row-end:::
 
@@ -62,7 +62,7 @@ When planning your resource move, there are different considerations for [moving
 
 ### Move to a new Azure Active Directory tenant
 
-Individual resources like a Storage Sync Service or storage accounts, can't move by themselves to a different Azure AD tenant. Only Azure subscriptions can move Azure AD tenants. Think about your subscription structure in the new Azure AD tenant. You can use a dedicated subscription for Azure File Sync. 
+Individual resources like a Storage Sync Service or storage account can't move by themselves to a different Azure AD tenant. Only Azure subscriptions can move across Azure AD tenants. Think about your subscription structure in the new Azure AD tenant. You can use a dedicated subscription for Azure File Sync. 
 
 1. Create an Azure subscription (or determine an existing one in the old tenant that should move).
 1. [Perform a subscription move within the same Azure AD tenant](#move-within-the-same-azure-active-directory-tenant) of your Storage Sync Service and all associated storage accounts.
@@ -78,9 +78,9 @@ Once all related Azure File Sync resources have been sequestered into their own
         :::image type="content" source="media/storage-sync-resource-move/storage-sync-resource-move-aad-tenant.png" alt-text="A picture showing the Azure portal, Subscription Overview blade, highlighting the Change directory toolbar command in the center, top of the page." lightbox="media/storage-sync-resource-move/storage-sync-resource-move-aad-tenant-expanded.png":::
     :::column-end:::
     :::column:::
-        You are ready to start the migration once you have a plan and the required permissions:
-        1. In the Azure portal, navigate to your subscription, **Overview** blade.
-        1. Select **Change directory**
+        You're ready to start the migration once you have a plan and the required permissions:
+        1. In the Azure portal, navigate to your subscription **Overview** blade.
+        1. Select **Change directory**.
         1. Follow the wizard steps to assign the new Azure AD tenant.
     :::column-end:::
 :::row-end:::
@@ -96,7 +96,7 @@ When storage accounts are moved to either a new subscription or are moved within
         :::image type="content" source="media/storage-sync-resource-move/storage-sync-resource-move-afs-rp-registered-small.png" alt-text="An image showing the Azure portal, subscription management, registered resource providers." lightbox="media/storage-sync-resource-move/storage-sync-resource-move-afs-rp-registered.png":::
     :::column-end:::
     :::column:::
-        The Azure File Sync service principal must exist in your Azure AD tenant before you can authorize sync access to a storage account. </br></br> When you create a new Azure subscription today, the Azure File Sync resource provider *Microsoft.StorageSync* is automatically registered with your subscription. Resource provider registration will make a *service principal* for sync available in the Azure Active Directory tenant that governs the subscription. A service principal is similar to a user account in your Azure AD. You can use the Azure File Sync service principal to authorize access to resources via role-based access control (RBAC). The only resource sync needs access to is your storage accounts containing the file shares that are supposed to sync. *Microsoft.StorageSync* must be assigned to the built-in role **Reader and Data access** on the storage account. </br></br> This assignment is done automatically through the user context of the logged on user when you add a file share to a sync group, or in other words, you create a cloud endpoint. When a storage account moves to a new subscription, or Azure AD tenant, this role assignment is lost and [must be manually reestablished](#establish-sync-access-to-a-storage-account).
+        The Azure File Sync service principal must exist in your Azure AD tenant before you can authorize sync access to a storage account. </br></br> When you create a new Azure subscription today, the Azure File Sync resource provider *Microsoft.StorageSync* is automatically registered with your subscription. Resource provider registration will make a *service principal* for sync available in the Azure Active Directory tenant that governs the subscription. A service principal is similar to a user account in your Azure AD. You can use the Azure File Sync service principal to authorize access to resources via role-based access control (RBAC). The only resource sync needs access to is your storage accounts containing the file shares that are supposed to sync. *Microsoft.StorageSync* must be assigned to the built-in role **Reader and Data access** on the storage account. </br></br> This assignment is done automatically through the user context of the logged on user when you add a file share to a sync group, or in other words, you create a cloud endpoint. When a storage account moves to a new subscription or Azure AD tenant, this role assignment is lost and [must be manually reestablished](#establish-sync-access-to-a-storage-account).
     :::column-end:::
 :::row-end:::
 
@@ -111,10 +111,15 @@ This assignment is typically done automatically through the user context of the
 
 :::row:::
     :::column:::
-        :::image type="content" source="media/storage-sync-resource-move/storage-sync-resource-move-assign-rbac.png" alt-text="An image displaying the Microsoft.StorageSync service principal assigned to the Reader and Data access role on a storage account":::
+        :::image type="content" source="media/storage-sync-resource-move/storage-sync-resource-move-assign-rbac.png" alt-text="An image displaying the Microsoft.StorageSync service principal assigned to the Reader and Data access role on a storage account.":::
     :::column-end:::
     :::column:::
-        <ol><li>In the Azure portal, navigate to the storage account you need to reauthorize sync access to.</li><li>Select **Access control (IAM)** on the left-hand table of contents.</li><li>Select the **Role assignments** tab to list the users and applications (service principals) that have access to your storage account.</li><li>Select **Add**</li><li>In the **Role** tab, search and select the **Reader and Data Access** role.</li><li>In the **Members** tab, have *Assigned access to* selected as *User, group, or service principal*, click on *Select members*, and in the **Select field**, type *Microsoft.StorageSync*, select the role, and select **Save**. If the **Microsoft.StorageSync** service principal isn't found, type **Hybrid File Sync Service** (old service principal name), select the role, and select **Save**.</li></ol>
+        1. Sign into the Azure portal and navigate to the storage account you need to reauthorize sync access to.
+        1. Select **Access control (IAM)** on the left-hand table of contents.
+        1. Select the **Role assignments** tab to list the users and applications (service principals) that have access to your storage account.
+        1. Select **Add**.
+        1. In the **Role** tab, search and select the **Reader and Data Access** role.
+        1. In the **Members** tab, have *Assigned access to* selected as *User, group, or service principal*, click on *Select members*, and in the **Select field**, type *Microsoft.StorageSync*. Select the role and select **Save**. If the **Microsoft.StorageSync** service principal isn't found, type **Hybrid File Sync Service** (old service principal name), select the role, and select **Save**.
     :::column-end:::
 :::row-end:::
 
@@ -126,12 +131,12 @@ Assigning a different region to a resource is different from a [region fail-over
 
 ## Region fail-over
 
-[Azure storage offers geo-redundancy options](../common/storage-redundancy.md#geo-redundant-storage) for a storage account. These redundancy options can pose problems for storage accounts used with Azure File Sync. The main reason is that replication between geographically distant regions is not performed by Azure File Sync, but by a storage replication technology built-in to the storage subsystem in Azure. It can't have an understanding of application state and Azure File Sync is an application with files syncing to and from Azure file shares at any given moment. If you opt for any of these geographically disbursed storage redundancy options, you won't lose all of your data in a large-scale disaster. However, you need to [anticipate data loss](../common/storage-disaster-recovery-guidance.md#anticipate-data-loss).
+[Azure storage offers geo-redundancy options](../common/storage-redundancy.md#geo-redundant-storage) for a storage account. These redundancy options can pose problems for storage accounts used with Azure File Sync. The main reason is that replication between geographically distant regions isn't performed by Azure File Sync, but by a storage replication technology built-in to the storage subsystem in Azure. It can't have an understanding of application state and Azure File Sync is an application with files syncing to and from Azure file shares at any given moment. If you opt for any of these geographically disbursed storage redundancy options, you won't lose all of your data in a large-scale disaster. However, you need to [anticipate data loss](../common/storage-disaster-recovery-guidance.md#anticipate-data-loss).
 
 > [!CAUTION]
 > Failover is never an appropriate substitute to provisioning your resources in the correct Azure region. If your resources are in the "wrong" region, you need to consider stopping sync and setting sync up again to new Azure file shares that are deployed in your desired region.
 
-A regional failover can be started by Microsoft in a catastrophic event that will render data centers in an Azure region incapacitated for an extended period of time. The definition of downtime your business can sustain might be less than the time Microsoft is prepared to let pass before starting a regional fail-over. For a situation like that, [failovers can also be initiated by customers](../common/storage-initiate-account-failover.md).
+A regional failover can be started by Microsoft in a catastrophic event that will render data centers in an Azure region incapacitated for an extended period of time. The definition of downtime your business can sustain might be less than the time Microsoft is prepared to let pass before starting a regional failover. For a situation like that, [failovers can also be initiated by customers](../common/storage-initiate-account-failover.md).
 
 > [!IMPORTANT]
 > In the event of a failover, you need to file a support ticket for your impacted Storage Sync Services for sync to work again.
