MicrosoftDocs
diff --git a/‎articles/confidential-computing/faq.md
Lines changed: 8 additions & 6 deletions b/‎articles/confidential-computing/faq.md
Lines changed: 8 additions & 6 deletions
diff --git a/‎articles/confidential-computing/overview.md
Lines changed: 23 additions & 25 deletions b/‎articles/confidential-computing/overview.md
Lines changed: 23 additions & 25 deletions
@@ -1,6 +1,6 @@
 ---
 title: Azure Confidential Computing FAQ
-description: This article provides answers to frequently asked questions about confidential computing.
+description: Answers to frequently asked questions about Azure confidential computing.
 author: JBCook
 ms.topic: troubleshooting
 ms.workload: infrastructure
@@ -9,13 +9,14 @@ ms.subservice: workloads
 ms.date: 4/17/2020
 ms.author: jencook
 ---
+
 # Frequently asked questions for Azure Confidential Computing
 
 This article provides answers to some of the most common questions about running [confidential computing workloads on Azure](overview.md).
 
-If your Azure issue is not addressed in this article, visit the Azure forums on [MSDN and Stack Overflow](https://azure.microsoft.com/support/forums/). You can post your issue in these forums, or post to [@AzureSupport on Twitter](https://twitter.com/AzureSupport). You also can submit an Azure support request. To submit a support request, on the [Azure support page](https://azure.microsoft.com/support/options/), select Get support.
+If your Azure issue is not addressed in this article, visit the Azure forums on [MSDN and Stack Overflow](https://azure.microsoft.com/support/forums/). You can post your issue in these forums, or post to [@AzureSupport on Twitter](https://twitter.com/AzureSupport). You can also submit an Azure support request. To submit a support request, on the [Azure support page](https://azure.microsoft.com/support/options/), select Get support.
 
-## <a id="vm-faq"></a> Confidential Computing Virtual Machines
+## Confidential Computing Virtual Machines <a id="vm-faq"></a>
 
 1. **How can you start deploying DCsv2 series VMs?**
 
@@ -30,7 +31,7 @@ If your Azure issue is not addressed in this article, visit the Azure forums on
 
 1. **DCsv2 virtual machines are grayed out in the portal and I can't select one**
 
-    Based on the information bubble next to the VM, there are different actions to take:
+   Based on the information bubble next to the VM, there are different actions to take:
     -	**UnsupportedGeneration**: Change the generation of the virtual machine image to “Gen2”.
     -	**NotAvailableForSubscription** : The region isn't yet available for your subscription. Select an available region.
     -	**InsufficientQuota**: [Create a support request to increase your quota](../azure-portal/supportability/per-vm-quota-requests). Free trial subscriptions don't have quota for confidential computing VMs. 
@@ -48,9 +49,10 @@ If your Azure issue is not addressed in this article, visit the Azure forums on
    No, these virtual machines are only available in select regions. Check the [products by regions page](https://azure.microsoft.com/global-infrastructure/services/?products=virtual-machines) for the latest available regions. 
 
 1. **How do I install the Open Enclave SDK?**
-     For instruction on how to install the OE SDK on a machine whether in Azure or on-premise, follow the instructions on the [Open Enclave SDK GitHub](https://github.com/openenclave/openenclave).
+   
+   For instruction on how to install the OE SDK on a machine whether in Azure or on-premise, follow the instructions on the [Open Enclave SDK GitHub](https://github.com/openenclave/openenclave).
 
-     You can also head to the Open Enclave SDK GitHub for OS-specific installation instructions:
+   You can also head to the Open Enclave SDK GitHub for OS-specific installation instructions:
      - [Install the OE SDK on Windows](https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Windows.md)
      - [Install the OE SDK on Ubuntu 18.04](https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Ubuntu_18.04.md)
      - [Install the OE SDK on Ubuntu 16.04](https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Ubuntu_16.04.md)
@@ -12,72 +12,72 @@
 
 # Confidential computing on Azure
 
-Azure confidential computing allows you to isolate your sensitive data while it's being processed in the cloud. 
+Azure confidential computing allows you to isolate your sensitive data while it's being processed in the cloud. Many industries use confidential computing to protect their data. These workloads include:
 
-Many industries use confidential computing to protect their data. These workloads include:
 - Securing financial data
 - Protecting patient information
 - Running machine learning processes on sensitive information
 - Performing algorithms on encrypted data sets from multiple sources
 
 
-
-## <a id="overview"></a> Overview
+## Overview
 <p><p>
 
 > [!VIDEO https://www.youtube.com/embed/Qu6sP0XDMU8]
 
 We know that securing your cloud data is important. We hear your concerns. Here's just a few questions that our customers may have when moving sensitive workloads to the cloud: 
-- How do I make sure Microsoft can't access data that isn't encrypted?
 
+- How do I make sure Microsoft can't access data that isn't encrypted?
 - How do I prevent security threats from privileged admins inside my company?
-
 - What are more ways that I can prevent third-parties from accessing sensitive customer data?
 
-Microsoft Azure helps you minimize your attack surface to gain stronger data protection. Azure already offers many tools to safeguard [**data at rest**](../security/fundamentals/encryption-atrest) through models such as client-side encryption and server-side encryption. Additionally, Azure offers mechanisms to encrypt [**data in transit**](../security/fundamentals/data-encryption-best-practices#protect-data-in-transit) through secure protocols like TLS and HTTPS. This page introduces  a third leg of data encryption - the encryption of **data in use**.
+Microsoft Azure helps you minimize your attack surface to gain stronger data protection. Azure already offers many tools to safeguard [**data at rest**](../security/fundamentals/encryption-atrest.md) through models such as client-side encryption and server-side encryption. Additionally, Azure offers mechanisms to encrypt [**data in transit**](../security/fundamentals/data-encryption-best-practices.md#protect-data-in-transit) through secure protocols like TLS and HTTPS. This page introduces  a third leg of data encryption - the encryption of **data in use**.
 
 
-## <a id="intro to acc"></a> Introduction to confidential computing
-Confidential computing is an industry term defined by the [Confidential Computing Consortium](https://confidentialcomputing.io/) (CCC), a foundation dedicated to defining and accelerating the adoption of confidential computing. 
-Confidential computing is the protection of data in use when performing computations. The computations occur in a hardware-based Trusted Execution Environment (TEE).
+## Introduction to confidential computing <a id="intro to acc"></a>
+
+Confidential computing is an industry term defined by the [Confidential Computing Consortium](https://confidentialcomputing.io/) (CCC), a foundation dedicated to defining and accelerating the adoption of confidential computing. Confidential computing is the protection of data in use when performing computations. The computations occur in a hardware-based Trusted Execution Environment (TEE).
 
 A TEE is an environment that enforces execution of only authorized code. Any data in the TEE can't be read or tampered with by any code outside that environment.
 
 ### Enclaves and Trusted Execution Environments
-In the context of confidential computing, TEEs are commonly referred to as _enclaves_ or _secure enclaves_. Enclaves are secured portions of a hardware’s processor and memory. There's no way to view data or code inside the enclave, even with a debugger. If untrusted code attempts modify the content in enclave memory, the environment gets disabled and the operations are denied.
+
+In the context of confidential computing, TEEs are commonly referred to as *enclaves* or *secure enclaves*. Enclaves are secured portions of a hardware’s processor and memory. There's no way to view data or code inside the enclave, even with a debugger. If untrusted code attempts modify the content in enclave memory, the environment gets disabled and the operations are denied.
 
 When developing applications, you can use [software tools](#oe-sdk) to shield portions of your code and data inside the enclave. These tools will ensure your code and data can't be viewed or modified by anyone outside the trusted environment. 
 
-Fundamentally, think an enclave as a black box. You put encrypted code and data in the box. From the outside of the box, you can't see anything. You give the enclave a key to decrypt the data, the data is then processed, encrypted again before being sent out of the enclave.
+Fundamentally, think of an enclave as a black box. You put encrypted code and data in the box. From the outside of the box, you can't see anything. You give the enclave a key to decrypt the data, the data is then processed and encrypted again, before being sent out of the enclave.
 
 ### Attestation
 
 You'll want to get verification and validation that your trusted environment is secure. This verification is the process of attestation. 
 
-Attestation allows a relying party to have increased confidence that their software is running (1) in an enclave and (2) that the enclave is up to date and secure. For example, an enclave asks the underlying hardware to generate a credential that includes proof that the enclave exists on the platform. The report can then be given to a second enclave that verifies the report was generated on the same platform.
+Attestation allows a relying party to have increased confidence that their software is (1) running in an enclave and (2) that the enclave is up to date and secure. For example, an enclave asks the underlying hardware to generate a credential that includes proof that the enclave exists on the platform. The report can then be given to a second enclave that verifies the report was generated on the same platform.
 
 Attestation must be implemented using a secure attestation service that is compatible with the system software and silicon. [Intel's attestation and provisioning services](https://software.intel.com/sgx/attestation-services) are compatible with Azure confidential computing virtual machines.
 
-## <a id="cc-on-azure"></a> Using Azure for cloud-based confidential computing
+
+## Using Azure for cloud-based confidential computing <a id="cc-on-azure"></a>
+
 Azure confidential computing allows you to leverage confidential computing capabilities in a virtualized environment. You can now use tools, software, and cloud infrastructure to build on top of secure hardware. 
 
 ### Virtual Machines
+
 Azure is the first cloud provider to offer confidential computing in a virtualized environment. We've developed virtual machines that act as an abstraction layer between the hardware and your application. You can run workloads at scale and with redundancy and availability options.  
 
 #### Intel SGX-enabled Virtual Machines
+
 In Azure confidential computing virtual machines, a part of the CPU's hardware is reserved for a portion of code and data in your application. This restricted portion is the enclave. 
 
 ![VM model](media/overview/hardware-backed-enclave.png)
 
 Azure confidential computing infrastructure is currently comprised of a specialty SKU of virtual machines (VMs). These VMs run on Intel processors with Software Extension Guard (Intel SGX). [Intel SGX](https://intel.com/sgx) is the component that allows the increased protection that we light up with confidential computing. 
 
-
-Today, Azure offers the [DCsv2-Series](https://docs.microsoft.com/azure/virtual-machines/dcv2-series) built on Intel SGX technology for hardware-based enclave creation. 
-You can build secure enclave-based applications to run in the DCsv2-series of VMs to protect your application data and code in use. 
+Today, Azure offers the [DCsv2-Series](https://docs.microsoft.com/azure/virtual-machines/dcv2-series) built on Intel SGX technology for hardware-based enclave creation. You can build secure enclave-based applications to run in the DCsv2-series of VMs to protect your application data and code in use. 
 
 You can [read more](virtual-machine-solutions.md) about deploying Azure confidential computing virtual machines with hardware-based trusted enclaves.
 
-## <a id="application-development"></a> Application development 
+## Application development <a id="application-development"></a>
 
 To leverage the power of enclaves and isolated environments, you'll need to use tools that support confidential computing. There are various tools that support enclave application development. For example, you can use these open-source frameworks: 
 
@@ -94,18 +94,16 @@ An application built with enclaves is partitioned in two ways:
 
 **The enclave** is where code and data run inside the TEE implementation. Secure computations should occur in the enclave to assure secrets and sensitive data stay protected. 
 
-When you start developing an enclave application, you need to determine what code and data need protection.
-The code that you choose to put into the trusted component is isolated from the rest of your application. Once the enclave is initialized and the code is loaded to memory, that code can't be read or changed from outside protected environment.
-
-### <a id="oe-sdk"></a> Open Enclave Software Development Kit (OE SDK)
+When you start developing an enclave application, you need to determine what code and data need protection. The code that you choose to put into the trusted component is isolated from the rest of your application. Once the enclave is initialized and the code is loaded to memory, that code can't be read or changed from outside protected environment.
 
+### Open Enclave Software Development Kit (OE SDK) <a id="oe-sdk"></a>
 
-Use a library or framework supported by your provider if you want to write code that runs in an enclave. [The Open Enclave SDK ](https://github.com/openenclave/openenclave) (OE SDK) is an open-source SDK that allows abstraction over different confidential computing-enabled hardware. 
-The OE SDK is built to be a single abstraction layer over any hardware on any CSP).
+Use a library or framework supported by your provider if you want to write code that runs in an enclave. The [Open Enclave SDK](https://github.com/openenclave/openenclave) (OE SDK) is an open-source SDK that allows abstraction over different confidential computing-enabled hardware. 
 
-The OE SDK can be used on top of Azure confidential computing virtual machines to create and run applications on top of enclaves.
+The OE SDK is built to be a single abstraction layer over any hardware on any CSP. The OE SDK can be used on top of Azure confidential computing virtual machines to create and run applications on top of enclaves.
 
 ## Next steps
+
 Deploy a DCsv2-Series virtual machine and install the OE SDK on it.
 
 > [!div class="nextstepaction"]