pr feedback

josiahvinson · josiahvinson · commit f1731c6b8b63 · 2024-11-01T16:05:24.000-07:00
diff --git a/articles/healthcare-apis/deidentification/configure-storage.md b/articles/healthcare-apis/deidentification/configure-storage.md
@@ -1,6 +1,6 @@
 ---
-title: Learn how to configure Azure Storage to de-identity documents with the de-identification service
-description: "Learn how to configure Azure Storage to de-identity documents with the de-identification service."
+title: Learn how to configure Azure Storage to de-identify documents with the de-identification service
+description: "Learn how to configure Azure Storage to de-identify documents with the de-identification service."
 author: jovinson-ms
 ms.author: jovinson
 ms.service: azure-health-data-services
@@ -15,10 +15,10 @@ ms.date: 11/01/2024
 # Tutorial: Configure Azure Storage to de-identify documents
 
 The Azure Health Data Services de-identification service (preview) can de-identify documents in Azure Storage via an asynchronous job. If you have many documents that you would like
-to de-identify, using a job is a good option. You may also want to use jobs if you have multiple documents that should be consistently surrogated, meaning that surrogate values in the de-identified output will match across
+to de-identify, using a job is a good option. Jobs also provide consistent surrogation, meaning that surrogate values in the de-identified output will match across
 all documents. For more information about de-identification, including consistent surrogation, see [What is the de-identification service (preview)?](overview.md)
 
-When you choose to store documents in Azure Blob Storage, you are charged based on Azure Storage pricing. This cost is not included in the 
+When you choose to store documents in Azure Blob Storage, you're charged based on Azure Storage pricing. This cost isn't included in the 
  de-identification service pricing. [Explore Azure Blob Storage pricing](https://azure.microsoft.com/en-us/pricing/details/storage/blobs).
 
 In this tutorial, you:
@@ -36,7 +36,7 @@ In this tutorial, you:
 
 ## Open Azure CLI
 
-Install [Azure CLI](/cli/azure/install-azure-cli) and open your terminal of choice. In this tutorial, we are using PowerShell.
+Install [Azure CLI](/cli/azure/install-azure-cli) and open your terminal of choice. In this tutorial, we're using PowerShell.
 
 ## Create a storage account and container
 1. Set your context, substituting the subscription name containing your de-identification service for the `<subscription_name>` placeholder:
@@ -62,15 +62,15 @@ Install [Azure CLI](/cli/azure/install-azure-cli) and open your terminal of choi
    az storage container create --account-name $StorageAccountName --name deidtest --auth-mode login
    ```
 ## Upload a sample document
-Next, you'll upload a document that contains synthetic PHI:
+Next, you upload a document that contains synthetic PHI:
 ```powershell
 $DocumentContent = "The patient came in for a visit on 10/12/2023 and was seen again November 4th at Contoso Hospital."
 az storage blob upload --data $DocumentContent --account-name $StorageAccountName --container-name deidtest --name deidsample.txt --auth-mode login
 ```
 
 ## Grant the de-identification service access to the storage account
 
-In this step, you'll grant the de-identification service's system-assigned managed identity role-based access to the container. You'll grant the **Storage Blob
+In this step, you grant the de-identification service's system-assigned managed identity role-based access to the container. You grant the **Storage Blob
 Data Contributor** role because the de-identification service will both read the original document and write de-identified output documents. Substitute the name of
 your de-identification service for the `<deid_service_name>` placeholder:
 ```powershell
@@ -79,7 +79,7 @@ az role assignment create --assignee $DeidServicePrincipalId --role "Storage Blo
 ```
 
 ## Configure network isolation on the storage account
-Next, you'll update the storage account to disable public network access and only allow access from trusted Azure services such as the de-identification service.
+Next, you update the storage account to disable public network access and only allow access from trusted Azure services such as the de-identification service.
 After running this command, you won't be able to view the storage container contents without setting a network exception. 
 Learn more at [Configure Azure Storage firewalls and virtual networks](/azure/storage/common/storage-network-security).
 
