Merge pull request #190376 from stevevi/steveviAzureGov10

Trim JPS article, clarify Pipeline article PS script status

Author: AnnaMHuff

articles/azure-government/compare-azure-government-global-azure.md

@@ -7,7 +7,7 @@ author: stevevi
 ms.author: stevevi
 ms.custom: references_regions
 recommendations: false
-ms.date: 02/26/2022
+ms.date: 03/02/2022
 ---
 
 # Compare Azure Government and global Azure
@@ -232,18 +232,16 @@ This section outlines variations and considerations when using Identity services
 
 ### [Azure Active Directory Premium P1 and P2](../active-directory/index.yml)
 
+For feature variations and limitations, see [Cloud feature availability](../active-directory/authentication/feature-availability.md).
+
 The following features have known limitations in Azure Government:
 
 - Limitations with B2B Collaboration in supported Azure US Government tenants:
   - For more information about B2B collaboration limitations in Azure Government and to find out if B2B collaboration is available in your Azure Government tenant, see [Azure AD B2B in government and national clouds](../active-directory/external-identities/b2b-government-national-clouds.md).
   - B2B collaboration via Power BI is not supported. When you invite a guest user from within Power BI, the B2B flow is not used and the guest user won't appear in the tenant's user list. If a guest user is invited through other means, they'll appear in the Power BI user list, but any sharing request to the user will fail and display a 403 Forbidden error.
 
-- Limitations with multifactor authentication:
-  - Hardware OATH tokens are not available in Azure Government.
-  - Trusted IPs are not supported in Azure Government. Instead, use Conditional Access policies with named locations to establish when multifactor authentication should and should not be required based off the user's current IP address.
-
-- Limitations with Azure AD join:
-  - Enterprise state roaming for Windows 10 devices is not available
+- Limitations with multi-factor authentication:
+    - Trusted IPs are not supported in Azure Government. Instead, use Conditional Access policies with named locations to establish when multi-factor authentication should and should not be required based off the user's current IP address.
 
 ## Management and governance
 

articles/azure-government/connect-with-azure-pipelines.md

@@ -1,32 +1,29 @@
 ---
 title: Deploy an app in Azure Government with Azure Pipelines
-description: Information on configuring continuous deployment to your applications hosted with a subscription in Azure Government by connecting from Azure Pipelines.
+description: Configure continuous deployment to your applications hosted in Azure Government by connecting from Azure Pipelines.
 ms.service: azure-government
 ms.topic: article
 ms.custom: devx-track-azurepowershell
-ms.date: 11/02/2021 
+ms.date: 03/02/2022 
 ---
 
 # Deploy an app in Azure Government with Azure Pipelines
 
-This article helps you use Azure Pipelines to set up continuous integration (CI) and continuous deployment (CD) of your web app running in Azure Government. CI/CD automates the build of your code from a repo along with the deployment (release) of the built code artifacts to a service or set of services in Azure Government. In this tutorial, you will build a web app and deploy it to an Azure Governments app service. This build and release process is triggered by a change to a code file in the repo.
-
-> [!NOTE]
-> For special considerations when deploying apps to Azure Government, see **[Deploy apps to Azure Government Cloud](/azure/devops/pipelines/library/government-cloud).**
+This article helps you use Azure Pipelines to set up continuous integration (CI) and continuous deployment (CD) of your web app running in Azure Government. CI/CD automates the build of your code from a repo along with the deployment (release) of the built code artifacts to a service or set of services in Azure Government. In this tutorial, you'll build a web app and deploy it to an Azure Governments app service. This build and release process is triggered by a change to a code file in the repo.
 
 [Azure Pipelines](/azure/devops/pipelines/get-started/what-is-azure-pipelines) is used by teams to configure continuous deployment for applications hosted in Azure subscriptions. We can use this service for applications running in Azure Government by defining [service connections](/azure/devops/pipelines/library/service-endpoints) for Azure Government. 
 
 [!INCLUDE [updated-for-az](../../includes/updated-for-az.md)]
 
 ## Prerequisites
 
-Before starting this tutorial, you must have the following:
+Before starting this tutorial, you must complete the following prerequisites:
 
 + [Create an organization in Azure DevOps](/azure/devops/organizations/accounts/create-organization)
 + [Create and add a project to the Azure DevOps organization](/azure/devops/organizations/projects/create-project?;bc=%2fazure%2fdevops%2fuser-guide%2fbreadcrumb%2ftoc.json&tabs=new-nav&toc=%2fazure%2fdevops%2fuser-guide%2ftoc.json)
 + Install and set up [Azure PowerShell](/powershell/azure/install-az-ps)
 
-If you don't have an active Azure Government subscription, create a [free account](https://azure.microsoft.com/overview/clouds/government/) before you begin.
+If you don't have an active Azure Government subscription, create a [free account](https://azure.microsoft.com/global-infrastructure/government/request/) before you begin.
 
 ## Create Azure Government app service 
 
@@ -45,14 +42,17 @@ Follow through one of the quickstarts below to set up a Build for your specific
 
 1. Download or copy and paste the [service principal creation](https://github.com/yujhongmicrosoft/spncreationn/blob/master/spncreation.ps1) PowerShell script into an IDE or editor.
 
+    > [!NOTE]
+    > This script will be updated to use the Azure Az PowerShell module instead of the deprecated AzureRM PowerShell module.
+
 2. Open up the file and navigate to the `param` parameter. Replace the `$environmentName` variable with 
-AzureUSGovernment." This sets the service principal to be created in Azure Government.
+AzureUSGovernment." This action sets the service principal to be created in Azure Government.
 
 3. Open your PowerShell window and run the following command. This command sets a policy that enables running local files.
 
    `Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass`
 
-   When you are asked whether you want to change the execution policy, enter "A" (for "Yes to All").
+   When you're asked whether you want to change the execution policy, enter "A" (for "Yes to All").
 
 4. Navigate to the directory that has the edited script above.
 
@@ -64,12 +64,12 @@ AzureUSGovernment." This sets the service principal to be created in Azure Gover
 
 7. When prompted for the "password" parameter, enter your desired password. 
 
-8. After providing your Azure Government subscription credentials, you should see the following: 
+8. After providing your Azure Government subscription credentials, you should see the following message: 
 
     > [!NOTE]
     > The Environment variable should be `AzureUSGovernment`.
 
-9. After the script has run, you should see your service connection values. Copy these values as we will need them when setting up our endpoint.
+9. After the script has run, you should see your service connection values. Copy these values as we'll need them when setting up our endpoint.
 
    ![ps4](./media/documentation-government-vsts-img11.png)
 
@@ -88,10 +88,10 @@ Follow [Deploy a web app to Azure App Services](/azure/devops/pipelines/apps/cd/
 **Do I need a build agent?** <br/>
 You need at least one [agent](/azure/devops/pipelines/agents/agents) to run your deployments. By default, the build and deployment processes are configured to use the [hosted agents](/azure/devops/pipelines/agents/agents#microsoft-hosted-agents). Configuring a private agent would limit data sharing outside of Azure Government.
 
-**I use Team Foundation Server on-premises. Can I configure CD on my server to target Azure Government?** <br/>
-Currently, Team Foundation Server cannot be used to deploy to an Azure Government Cloud.
+**I use Team Foundation Server on premises. Can I configure CD on my server to target Azure Government?** <br/>
+Currently, Team Foundation Server can't be used to deploy to an Azure Government Cloud.
 
 ## Next steps
 
-- Subscribe to the [Azure Government blog](https://blogs.msdn.microsoft.com/azuregov/)
+- Subscribe to the [Azure Government blog](https://devblogs.microsoft.com/azuregov/)
 - Get help on Stack Overflow by using the "[azure-gov](https://stackoverflow.com/questions/tagged/azure-gov)" tag

articles/azure-government/documentation-government-overview-jps.md

@@ -6,7 +6,7 @@ ms.topic: article
 author: stevevi
 ms.author: stevevi
 recommendations: false
-ms.date: 03/01/2022
+ms.date: 03/02/2022
 ---
 
 # Public safety and justice in Azure Government
@@ -29,27 +29,11 @@ Microsoft treats Criminal Justice Information Services (CJIS) compliance as a co
 
 The [Criminal Justice Information Services](https://www.fbi.gov/services/cjis) (CJIS) Division of the US Federal Bureau of Investigation (FBI) gives state, local, and federal law enforcement and criminal justice agencies access to criminal justice information (CJI), for example, fingerprint records and criminal histories. Law enforcement and other government agencies in the United States must ensure that their use of cloud services for the transmission, storage, or processing of CJI complies with the [CJIS Security Policy](https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center/view), which establishes minimum security requirements and controls to safeguard CJI.
 
-The CJIS Security Policy integrates presidential and FBI directives, federal laws, and the criminal justice community's Advisory Policy Board decisions, along with guidance from the National Institute of Standards and Technology (NIST). The CJIS Security Policy is updated periodically to reflect evolving security requirements.
+### Azure Government and CJIS Security Policy
 
-The CJIS Security Policy defines 13 areas that private contractors such as cloud service providers must evaluate to determine if their use of cloud services can be consistent with CJIS requirements. These areas correspond closely to control families in [NIST SP 800-53](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/800-53), which is also the basis for the US Federal Risk and Authorization Management Program (FedRAMP). The FBI CJIS Information Security Officer (ISO) Program Office has published a [security control mapping of CJIS Security Policy requirements to NIST SP 800-53](https://www.fbi.gov/file-repository/csp-v5_5-to-nist-controls-mapping-1.pdf/view). The corresponding NIST SP 800-53 controls are listed for each CJIS Security Policy section.
+Microsoft's commitment to meeting the applicable CJIS regulatory controls help criminal justice organizations be compliant with the CJIS Security Policy when implementing cloud-based solutions. For more information about Azure support for CJIS, see [Azure CJIS compliance offering](/azure/compliance/offerings/offering-cjis).
 
-All private contractors who process CJI must sign the CJIS Security Addendum, a uniform agreement approved by the US Attorney General that helps ensure the security and confidentiality of CJI required by the Security Policy. It commits the contractor to maintaining a security program consistent with federal and state laws, regulations, and standards. The addendum also limits the use of CJI to the purposes for which a government agency provided it.
-
-### Azure and CJIS Security Policy
-
-Microsoft will sign the CJIS Security Addendum in states with CJIS Information Agreements. These agreements tell state law enforcement authorities responsible for compliance with CJIS Security Policy how Microsoft's cloud security controls help protect the full lifecycle of data and ensure appropriate background screening of operating personnel with potential access to CJI.  
-
-Microsoft has agreements signed with nearly all 50 states and the District of Columbia except for the following states: Delaware, Louisiana, Maryland, New Mexico, Ohio, and South Dakota. Microsoft continues to work with state governments to enter into CJIS Information Agreements.
-
-Microsoft's commitment to meeting the applicable CJIS regulatory controls help criminal justice organizations be compliant with the CJIS Security Policy when implementing cloud-based solutions. Microsoft can accommodate customers subject to the CJIS Security Policy requirements in:
-
-- [Azure Government](./documentation-government-welcome.md)
-- [Dynamics 365 US Government](/power-platform/admin/microsoft-dynamics-365-government#certifications-and-accreditations)
-- [Office 365 GCC](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance)
-
-Microsoft has assessed the operational policies and procedures of Microsoft Azure Government, Dynamics 365 US Government, and Office 365 GCC, and will attest to their ability in the applicable services agreements to meet FBI requirements. For more information about Azure support for CJIS, see [Azure CJIS compliance offering](/azure/compliance/offerings/offering-cjis).
-
-The remainder of this article discusses technologies that you can use to safeguard CJI stored or processed in Azure cloud services. These technologies can help you establish sole control over CJI that you're responsible for.
+The remainder of this article discusses technologies that you can use to safeguard CJI stored or processed in Azure cloud services. **These technologies can help you establish sole control over CJI that you're responsible for.**
 
 > [!NOTE]
 > You are wholly responsible for ensuring your own compliance with all applicable laws and regulations. Information provided in this article does not constitute legal advice, and you should consult your legal advisor for any questions regarding regulatory compliance.