Review edits

Author: kgremban

articles/iot-operations/configure-observability-monitoring/howto-configure-observability.md

@@ -19,8 +19,10 @@ Observability provides visibility into every layer of your Azure IoT Operations
 
 ## Prerequisites
 
-- Azure IoT Operations Preview installed. For more information, see [Quickstart: Run Azure IoT Operations Preview in GitHub Codespaces with K3s](../get-started-end-to-end-sample/quickstart-deploy.md).
-- [Git](https://git-scm.com/downloads) for cloning the repository.
+* An Arc-enabled Kubernetes cluster.
+* Helm installed on your development machine. For instructions, see [Install Helm](https://helm.sh/docs/intro/install/).
+* Kubectl installed on your development machine. For instructions, see [Install Kubernetes tools](https://kubernetes.io/docs/tasks/tools/).
+* Azure CLI installed on your development machine. For more information, see [How to install the Azure CLI](/cli/azure/install-azure-cli).
 
 ## Configure your subscription
 
@@ -39,17 +41,11 @@ az provider register -n "Microsoft.AlertsManagement"
 
 The steps in this section install shared monitoring resources and configure your Arc enabled cluster to emit observability signals to these resources. The shared monitoring resources include Azure Managed Grafana, Azure Monitor Workspace, Azure Managed Prometheus, Azure Log Analytics, and Container Insights. In this section, you also deploy an [OpenTelemetry (Otel) Collector](https://opentelemetry.io/docs/collector/)
 
-1. In your console, go to the local folder where you want to clone the Azure IoT Operations repo:
+1. Clone or download the Azure IoT Operations repo to your local machine: [azure-iot-operations.git](https://github.com/Azure/azure-iot-operations.git).
 
    > [!NOTE]
    > The repo contains the deployment definition of Azure IoT Operations, and samples that include the sample dashboards used in this article.
 
-1. Clone the repo to your local machine, using the following command:
-
-   ```shell
-   git clone https://github.com/Azure/azure-iot-operations.git
-   ```
-
 1. Browse to the following path in your local copy of the repo:
 
    *azure-iot-operations\tools\setup-3p-obs-infra*

articles/iot-operations/deploy-iot-ops/howto-deploy-iot-operations.md

@@ -65,6 +65,8 @@ A cluster host:
   az iot ops verify-host
   ```
 
+* (Optional) Prepare your cluster for observability before deploying Azure IoT Operations: [Configure observability](../configure-observability-monitoring/howto-configure-observability.md).
+
 ## Deploy
 
 Use the Azure portal or Azure CLI to deploy Azure IoT Operations to your Arc-enabled Kubernetes cluster.
@@ -136,7 +138,7 @@ Azure IoT Operations requires a schema registry on your cluster. Schema registry
    | Optional parameter | Value | Description |
    | --------- | ----- | ----------- |
    | `--no-progress` |  | Disables the deployment progress display in the terminal. |
-   | `--disable-rsync-rules` |  | Disable the resource sync rules on the deployment feature flag if you don't have **Microsoft.Authorization/roleAssignment/write** permissions in the resource group. |
+   | `--enable-rsync-rules` |  | Enable the resource sync rules on the instance to project resources from the cloud to the edge. |
    | `--add-insecure-listener` |  | Add an insecure 1883 port config to the default listener. *Not for production use*. |
    | `--broker-config-file` | Path to JSON file | Provide a configuration file for the MQTT broker. For more information, see [Advanced MQTT broker config](https://github.com/Azure/azure-iot-ops-cli-extension/wiki/Advanced-Mqtt-Broker-Config) and [Configure core MQTT broker settings](../manage-mqtt-broker/howto-configure-availability-scale.md). |
 

articles/iot-operations/deploy-iot-ops/howto-prepare-cluster.md

@@ -103,8 +103,6 @@ This section provides steps to create clusters in validated environments on Linu
 
 The [AksEdgeQuickStartForAio.ps1](https://github.com/Azure/AKS-Edge/blob/main/tools/scripts/AksEdgeQuickStart/AksEdgeQuickStartForAio.ps1) script automates the process of creating and connecting a cluster, and is the recommended path for deploying Azure IoT Operations on AKS Edge Essentials.
 
- 
-
 1. Open an elevated PowerShell window and change the directory to a working folder.
 
 1. Get the `objectId` of the Microsoft Entra ID application that the Azure Arc service uses in your tenant.
@@ -124,18 +122,19 @@ The [AksEdgeQuickStartForAio.ps1](https://github.com/Azure/AKS-Edge/blob/main/to
    | CLUSTER_NAME | A name for the new cluster to be created. |
    | ARC_APP_OBJECT_ID | The object ID value that you retrieved in the previous step. |
 
-> [!NOTE]
->  > **Special instructions for AIO Internal Bugbash**: 
+   > [!NOTE]
+   > **Special instructions for AIO Internal Bugbash**:
+   >
    > The instructions below for AksEdgeQuickStartForAio.ps1 from AKS-Edge GitHub repo are  for external customer consumption and will only work after AIO 0.7 is released. 
    > For internal bug bashes, use this powershell script below instead
->   ```powershell
->   $url = "https://raw.githubusercontent.com/jagadishmurugan/AKS-Edge/blob/users/jagamu/changes-for-M2-integration/tools/scripts/AksEdgeQuickStart/AksEdgeQuickStartForAio.ps1"
->   Invoke-WebRequest -Uri $url -OutFile .\AksEdgeQuickStartForAio.ps1
->   Unblock-File .\AksEdgeQuickStartForAio.ps1
->   Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force
->   .\AksEdgeQuickStartForAio.ps1 -SubscriptionId "<SUBSCRIPTION_ID>" -TenantId "<TENANT_ID>" -ResourceGroupName "<RESOURCE_GROUP_NAME>"  -Location "<LOCATION>"  -ClusterName "<CLUSTER_NAME>" -Tag "test-v0.3" -CustomLocationOid $customlocationOid
->   ```
-
+   >
+   >```powershell
+   >$url = "https://raw.githubusercontent.com/jagadishmurugan/AKS-Edge/blob/users/jagamu/changes-for-M2-integration/tools/scripts/AksEdgeQuickStart/AksEdgeQuickStartForAio.ps1"
+   >Invoke-WebRequest -Uri $url -OutFile .\AksEdgeQuickStartForAio.ps1
+   >Unblock-File .\AksEdgeQuickStartForAio.ps1
+   >Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force
+   >.\AksEdgeQuickStartForAio.ps1 -SubscriptionId "<SUBSCRIPTION_ID>" -TenantId "<TENANT_ID>" -ResourceGroupName "<RESOURCE_GROUP_NAME>"  -Location "<LOCATION>"  -ClusterName "<CLUSTER_NAME>" -Tag "test-v0.3" -CustomLocationOid $customlocationOid
+   >```
 
    ```powershell
    $url = "https://raw.githubusercontent.com/Azure/AKS-Edge/main/tools/scripts/AksEdgeQuickStart/AksEdgeQuickStartForAio.ps1"

articles/iot-operations/deploy-iot-ops/overview-deploy.md

@@ -49,9 +49,9 @@ The following table described Azure IoT Operations deployment and management tas
 | Task | Required permission | Comments |
 | ---- | ------------------- | -------- |
 | Deploy Azure IoT Operations | **Contributor** permissions at the subscription level. |  |
-| Creating secrets in Key Vault | **Key Vault Secrets Officer** permissions at the resource level. | Only required for secure settings deployment. |
-| Enabling resource sync rules on an Azure IoT Operations instance | **Microsoft/Authorization/roleAssignments/write** permissions at the resource group level. | Resource sync rules can be disabled during instance creation if the user doesn't have permissions. |
-| Creating a schema registry. | **Microsoft/Authorization/roleAssignments/write** permissions at the resource group level. |  |
+| Create secrets in Key Vault | **Key Vault Secrets Officer** permissions at the resource level. | Only required for secure settings deployment. |
+| Enable resource sync rules on an Azure IoT Operations instance | **Microsoft/Authorization/roleAssignments/write** permissions at the resource group level. | Resource sync rules are disabled by default, but can be enabled during instance creation. |
+| Create a schema registry. | **Microsoft/Authorization/roleAssignments/write** permissions at the resource group level. |  |
 
 > [!TIP]
 >

articles/iot-operations/get-started-end-to-end-sample/quickstart-deploy.md

@@ -81,6 +81,17 @@ To connect your cluster to Azure Arc:
 
 1. After signing in, Azure CLI displays all of your subscriptions and indicates your default subscription with an asterisk `*`. To continue with your default subscription, select `Enter`. Otherwise, type the number of the Azure subscription that you want to use.
 
+   > [!NOTE]
+   > **Special instructions for AIO Internal Bugbash**:
+   >
+   > Official IoT Ops CLI releases are installed via extension index like so az extension add --upgrade --name azure-iot-ops mentioned below.
+   > However for bug bashes, we will distribute one-off release candidates intended to expose functionality to exercise internally. Use this for Bug Bash 2 on 9/27:
+   >
+   > ``` bash
+   >    az storage blob download --auth-mode login --blob-url https://azedgecli.blob.core.windows.net/drop/azure_iot_ops-0.7.0a10-py3-none-any.whl -f ./azure_iot_ops-0.7.0a10-py3-none-any.whl
+   >    az extension add --upgrade --source ./azure_iot_ops-0.7.0a10-py3-none-any.whl
+   > ```
+
 1. Register the required resource providers in your subscription:
 
    >[!NOTE]

articles/iot-operations/includes/connect-cluster-k3s.md

@@ -37,29 +37,17 @@ ms.custom: include file, ignite-2023, devx-track-azurecli
    az extension add --upgrade --source connectedk8s-1.10.0-py2.py3-none-any.whl
    ```
 
-1. Use the [az connectedk8s connect](/cli/azure/connectedk8s#az-connectedk8s-connect) command to Arc-enable your Kubernetes cluster and manage it as part of your Azure resource group:
-
-   ```azurecli
-   az connectedk8s connect --name $CLUSTER_NAME -l $LOCATION --resource-group $RESOURCE_GROUP --subscription $SUBSCRIPTION_ID --disable-auto-upgrade
-   ```
-
 1. Export environment variables that the `az connectedk8s upgrade` command requires.
 
    ```bash
    export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
    export HELMREGISTRY=azurearcfork8sdev.azurecr.io/merge/private/azure-arc-k8sagents:0.1.15392-private
    ```
 
-1. Upgrade the Azure Arc agent to use a preview build that supports the workload identity feature that Azure IoT Operations uses for user-assigned managed identities.
-
-   ```azurecli
-   az connectedk8s upgrade --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --agent-version 0.1.15392-private
-   ```
-
-1. Enable the workload identity feature on the cluster.
+1. Use the [az connectedk8s connect](/cli/azure/connectedk8s#az-connectedk8s-connect) command to Arc-enable your Kubernetes cluster and manage it as part of your Azure resource group:
 
    ```azurecli
-   az connectedk8s update --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --enable-oidc-issuer --enable-workload-identity
+   az connectedk8s connect --name $CLUSTER_NAME -l $LOCATION --resource-group $RESOURCE_GROUP --subscription $SUBSCRIPTION_ID --disable-auto-upgrade --enable-oidc-issuer --enable-workload-identity
    ```
 
 1. Get the cluster's issuer URL.
@@ -79,7 +67,7 @@ ms.custom: include file, ignite-2023, devx-track-azurecli
 1. Add the following content to the `config.yaml` file, replacing the `<SERVICE_ACCOUNT_ISSUER>` placeholder with your cluster's issuer URL.
 
    ```yml
-   kube-apiserver-arg: 'service-account-issuer=<SERVICE_ACCOUNT_ISSUER>' kube-apiserver-arg: 'service-account-max-token-expiration=24h'
+   kube-apiserver-arg: 'service-account-issuer=<SERVICE_ACCOUNT_ISSUER>'
    ```
 
 1. Save the file and exit the nano editor.