MicrosoftDocs
diff --git a/‎articles/azure-vmware/configure-virtual-trusted-platform-module.md‎
Lines changed: 14 additions & 15 deletions b/‎articles/azure-vmware/configure-virtual-trusted-platform-module.md‎
Lines changed: 14 additions & 15 deletions
diff --git a/‎articles/azure-vmware/enable-managed-snat-for-workloads.md‎
Lines changed: 5 additions & 5 deletions b/‎articles/azure-vmware/enable-managed-snat-for-workloads.md‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎articles/azure-vmware/tutorial-access-private-cloud.md‎
Lines changed: 4 additions & 4 deletions b/‎articles/azure-vmware/tutorial-access-private-cloud.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎articles/azure-vmware/tutorial-configure-networking.md‎
Lines changed: 7 additions & 7 deletions b/‎articles/azure-vmware/tutorial-configure-networking.md‎
Lines changed: 7 additions & 7 deletions
@@ -3,14 +3,14 @@ title: Trusted Launch for Azure VMware Solution
 description: Trusted Launch overview and Learn how to configure Virtual Trusted Platform Module (vTPM) on Virtual Machines.
 ms.topic: how-to
 ms.service: azure-vmware
-ms.date: 12/11/2024
+ms.date: 4/02/2026
 ms.custom: engagement-fy25
 # Customer intent: As an IT admin managing virtual machines in a cloud-based environment, I want to configure Virtual Trusted Platform Module (vTPM) on my VMs, so that I can enhance their security and ensure a trusted boot process.
 ---
 
 # Trusted Launch for Azure VMware Solution
 
-In this article, you will learn about Trusted Launch and how to configure Virtual Trusted Platform Module (vTPM) on Virtual Machines in Azure VMware Solution. Trusted Launch is a comprehensive security solution that encompasses three key components: Secure Boot, Virtual Trusted Platform Module (vTPM), and Virtualization-based security (VBS). Each of these components plays a vital role in fortifying the security posture of VMs.
+In this article, learn about Trusted Launch and how to configure Virtual Trusted Platform Module (vTPM) on Virtual Machines in Azure VMware Solution. Trusted Launch is a comprehensive security solution that encompasses three key components: Secure Boot, Virtual Trusted Platform Module (vTPM), and Virtualization-based security (VBS). Each of these components plays a vital role in fortifying the security posture of VMs.
 
 :::image type="content" source="./media/trusted-launch.png" alt-text="Diagram showing the three pillars of trusted launch, Secure Boot, Virtual Trusted Platform Module, and Virtualization-based Security." border="false" lightbox="./media/trusted-launch.png":::
 
@@ -22,26 +22,25 @@ In this article, you will learn about Trusted Launch and how to configure Virtua
 
 •	Gain insights and confidence of the entire boot chain's integrity.
 
-•	Ensure that workloads are trusted and verifiable. 
+•	Ensure that workloads are trusted and verifiable.
 
 ## Secure Boot
 
-Secure Boot is the first line of defense in Trusted Launch. It establishes a "root of trust" for VMs by ensuring that only signed operating systems and drivers are allowed to boot. This prevents the installation of malware-based rootkits and bootkits, which can compromise the security of the entire system. With Secure Boot enabled, every aspect of the boot process, from the boot loader to the kernel and kernel drivers, must be digitally signed by trusted publishers. This creates a robust shield against unauthorized modifications and ensures that the VM starts in a secure and trusted state.
+Secure Boot is the frontline of defense in Trusted Launch. It establishes a "root of trust" for VMs by ensuring that only signed operating systems and drivers are allowed to boot. Secure Boot prevents the installation of malware-based rootkits and bootkits, which can compromise the security of the entire system. With Secure Boot enabled, ensure every aspect of the boot process (from the boot loader to the kernel and kernel drivers) gets digitally signed by trusted publishers. The digital signatures create a robust shield against unauthorized modifications and ensure the VMs starts in a secure and trusted state.
 
 ## Virtual Trusted Platform Module (vTPM) 
 
-The vTPM is a virtualized version of a hardware Trusted Platform Module (TPM) 2.0 device. It serves as a dedicated secure vault for storing keys, certificates, and secrets. What sets vTPM apart is its ability to operate in a secure environment outside the reach of any VM, making it tamper-resistant and highly secure. One of the key functions of vTPM is attestation. It measures the entire boot chain of a VM, including UEFI, OS, system components, and drivers, to certify that the VM booted securely. This attestation mechanism is invaluable for verifying the integrity of VMs and ensuring that they haven't been compromised.
+The vTPM is a virtualized version of a hardware Trusted Platform Module (TPM) 2.0 device. It serves as a dedicated secure vault for storing keys, certificates, and secrets. What sets vTPM apart is its ability to operate in a secure environment outside the reach of any VM, making it tamper-resistant and highly secure. One of the key functions of vTPM is attestation. It measures the entire boot chain of a VM, including Unified Extensible Firmware Interface (UEFI), OS, system components, and drivers to certify that the VM booted securely. The attestation mechanism is invaluable for verifying the integrity of VMs and ensuring that they aren't compromised.
 
 ## Virtualization-based Security (VBS) 
 
-Virtualization-based Security (VBS) is the final piece of the Trusted Launch puzzle. It leverages the hypervisor to create isolated, secure memory regions within the VM. VBS uses virtualization to enhance system security by creating an isolated, hypervisor-restricted, specialized subsystem. It provides protection against unauthorized access of credential, prevents malware from running on windows system and ensures only trusted code runs from bootloader onwards.
-
+Virtualization-based Security (VBS) is the final piece of the Trusted Launch puzzle. It uses the hypervisor to create isolated, secure memory regions within the VM. VBS uses virtualization to enhance system security by creating an isolated, hypervisor-restricted, specialized subsystem. It provides protection against unauthorized access of credential, prevents malware from running on windows system, and ensures only trusted code runs from bootloader onwards.
 
 ## Configure Virtual Trusted Platform Module (vTPM) on Virtual Machines with Azure VMware Solution
 
-This section demonstrates how to enable the virtual Trusted Platform Module (vTPM) in a VMware vSphere virtual machine (VM) running in the Azure VMware Solution.  
+This section demonstrates how to enable the virtual Trusted Platform Module (vTPM) in a VMware vSphere virtual machine (VM) running in Azure VMware Solution.
 
-A virtual Trusted Platform Module (vTPM) in VMware vSphere is a virtual counterpart of a physical TPM 2.0 chip, utilizing VM Encryption. It provides the same functionalities as a physical TPM but operates within VMs. Each VM can have its own unique and isolated vTPM, which helps secure sensitive information and maintain system integrity. This setting enables VMs to apply security features like BitLocker disk encryption and authenticate virtual hardware devices, creating a more secure virtual environment. 
+A virtual Trusted Platform Module (vTPM) in VMware vSphere is a virtual counterpart of a physical TPM 2.0 chip, utilizing VM Encryption. It provides the same functionalities as a physical TPM but operates within VMs. Each VM can have its own unique and isolated vTPM, which helps secure sensitive information and maintain system integrity. This setting enables VMs to apply security features like BitLocker disk encryption and authenticate virtual hardware devices, to create a more secure virtual environment.
 
 ### Prerequisites
 
@@ -52,28 +51,28 @@ Before configuring vTPM on a VM in Azure VMware Solution, ensure the following p
 - Guest OS support: Linux, Windows Server 2008 and later, Windows 7 and later.
 
 >[!IMPORTANT]
->Customers do not need to configure a key provider to use vTPM with Azure VMware Solution. Azure VMware Solution already provides and manages key providers for each environment.
+>Customers don't need to configure a key provider to use vTPM with Azure VMware Solution. Azure VMware Solution already provides and manages key providers for each environment.
 
 ### How to Configure vTPM
 
 To configure vTPM on a VM in Azure VMware Solution, follow these steps:
 
 1. Connect to vCenter Server using the vSphere Client.
 
-2. In the inventory, right-click the virtual machine you want to modify and select "Edit Settings".  
+2. In the inventory, right-click the virtual machine you want to modify and select **Edit Settings**.
 
 :::image type="content" source="./media/enable-virtual-trusted-platform-module-on-virtual-machine-highres.png" alt-text="Diagram showing how to enable vTPM on a virtual machine in Azure VMware Solution." border="false" lightbox="./media/enable-virtual-trusted-platform-module-on-virtual-machine-highres.png":::
 
-3. In the Edit Settings dialog box, click "Add New Device" and choose "Trusted Platform Module".  
+3. In the Edit Settings dialog box, select **Add New Device** and choose **Trusted Platform Module**.
 
-4. Click "OK". The virtual machine Summary tab displays the Virtual Trusted Platform Module in the VM Hardware pane. 
+4. Select **OK**. The virtual machine Summary tab displays the Virtual Trusted Platform Module in the VM Hardware pane.
 
 >[!IMPORTANT]
->On VMware vSphere 7, cloning a virtual machine creates an exact replica of both the VM and the vTPM. VMware vSphere 8 introduces options to either copy or replace the TPM, allowing for better handling of different use cases. 
+>On VMware vSphere 7, cloning a virtual machine creates an exact replica of both the VM and the vTPM. VMware vSphere 8 introduces options to either copy or replace the TPM, which allows for better handling of different use cases.
 
 ## Unsupported scenarios 
 
-Migration of VMs with vTPM might not be supported by some tools. Check the documentation of the migration tool. If it isn't supported, you can follow VMware documentation to safely disable vTPM and re-enable it post-migration. 
+Some tools don't support migrations of VMs with vTPM. Check the documentation of the migration tool. If it isn't supported, you can follow VMware documentation to safely disable vTPM and re-enable it post-migration.
 
 ## More information
 
 
@@ -3,16 +3,16 @@ title: Turn on Managed SNAT for Azure VMware Solution workloads
 description: Learn how to turn on Managed SNAT for Azure VMware Solution workloads.
 ms.topic: how-to
 ms.service: azure-vmware
-ms.date: 3/22/2024
+ms.date: 4/02/2026
 ms.custom: engagement-fy23
 # Customer intent: "As a cloud architect, I want to enable Managed SNAT for Azure VMware Solution workloads, so that I can facilitate outbound internet connectivity for my private cloud environment."
 ---
 
 # Turn on Managed SNAT for Azure VMware Solution workloads
 
-In this article, learn how to turn on Source Network Address Translation (SNAT) via the Azure VMware Solution Managed SNAT service to connect to outbound internet.
+In this article, learn how to turn on Source Network Address Translation (SNAT) using the Azure VMware Solution Managed SNAT service to connect to outbound internet.
 
-A SNAT service translates from an RFC 1918 space to the public internet for simple outbound internet access. Internet Control Message Protocol (ICMP) is turned off by design so that users can't ping an internet host. The SNAT service doesn't work when you have a default route from Azure.  
+A SNAT service translates from an RFC 1918 space to the public internet for simple outbound internet access. Internet Control Message Protocol (ICMP) gets turned off by design so users can't ping an internet host. The SNAT service doesn't work when you have a default route from Azure.
 
 The Managed SNAT service in Azure VMware Solution gives you:
 
@@ -22,15 +22,15 @@ The Managed SNAT service in Azure VMware Solution gives you:
 By using the Managed SNAT service, you *don't* have:
 
 - Control of outbound SNAT rules.
-- Control of the public IP address that's used.
+- Control of the public IP address used.
 - The ability to terminate inbound-initiated internet traffic.
 - The ability to view connection logs.
 
 ## Reference architecture
 
 The following figure shows internet access that's outbound from your Azure VMware Solution private cloud via the Managed SNAT service in Azure VMware Solution.
 
-:::image type="content" source="media/public-ip-nsx-edge/architecture-internet-access-avs-public-ip-snat.png" alt-text="Diagram that shows the architecture of internet access to and from your Azure VMware Solution private cloud via public IP address directly to the SNAT edge." border="false" lightbox="media/public-ip-nsx-edge/architecture-internet-access-avs-public-ip-snat-expanded.png":::
+:::image type="content" source="media/public-ip-nsx-edge/architecture-internet-access-avs-public-ip-snat.png" alt-text="Diagram shows architecture of internet access to and from your Azure VMware Solution private cloud using public IP address directly to the SNAT edge." border="false" lightbox="media/public-ip-nsx-edge/architecture-internet-access-avs-public-ip-snat-expanded.png":::
 
 ## Set up outbound internet access by using the Managed SNAT service
 
 
@@ -3,7 +3,7 @@ title: Tutorial - Access an Azure VMware Solution private cloud
 description: Learn how to access an Azure VMware Solution private cloud
 ms.topic: tutorial
 ms.service: azure-vmware
-ms.date: 4/1/2024
+ms.date: 4/02/2026
 ms.custom: engagement-fy23
 # Customer intent: As a cloud administrator, I want to access the Azure VMware Solution private cloud through a jump box, so that I can manage the vCenter Server and NSX Manager in a secure and efficient manner.
 ---
@@ -12,7 +12,7 @@ ms.custom: engagement-fy23
 
 Azure VMware Solution doesn't allow you to manage your private cloud with your on-premises vCenter Server. Instead, you need to connect to the Azure VMware Solution vCenter Server instance through a jump box.
 
-In this tutorial, learn how to create a jump box in the resource group that you created in the [previous tutorial](tutorial-configure-networking.md) and sign in to the Azure VMware Solution vCenter Server. This jump box is a Windows virtual machine (VM) on the same virtual network you created.  It provides access to both vCenter Server and the NSX Manager.
+In this tutorial, learn how to create a jump box in the resource group that you created in the [previous tutorial](tutorial-configure-networking.md) and sign in to the Azure VMware Solution vCenter Server. This jump box is a Windows virtual machine (VM) on the same virtual network you created. It provides access to both vCenter Server and the NSX Manager.
 
 In this tutorial, you learn how to:
 
@@ -50,7 +50,7 @@ In this tutorial, you learn how to:
 
 ## Connect to the vCenter Server of your private cloud
 
-1. From the jump box, sign in to vSphere Client with VMware vCenter Server SSO using a cloudadmin username and verify that the user interface displays successfully.
+1. From the jump box, sign in to vSphere Client with VMware vCenter Server SSO using a CloudAdmin username and verify that the user interface displays successfully.
 
 1. In the Azure portal, select your private cloud, and then **Manage** > **VMware credentials**.
 
@@ -70,7 +70,7 @@ In this tutorial, you learn how to:
 
    :::image type="content" source="media/tutorial-access-private-cloud/ss6-vsphere-client-home.png" alt-text="Screenshot showing a summary of Cluster-1 in the vSphere Client."lightbox="media/tutorial-access-private-cloud/ss6-vsphere-client-home.png" border="true":::
 
-1. In the second tab of the browser, sign in to NSX Manager with the 'cloudadmin' user credentials from earlier.
+1. In the second tab of the browser, sign in to NSX Manager with the CloudAdmin user credentials from earlier.
 
    :::image type="content" source="media/tutorial-access-private-cloud/ss9-nsx-manager-login.png" alt-text="Screenshot of the NSX Manager sign in page."lightbox="media/tutorial-access-private-cloud/ss9-nsx-manager-login.png" border="true":::
 
 
@@ -3,7 +3,7 @@ title: "Tutorial: Configure networking for your VMware private cloud in Azure"
 description: Learn to create and configure the necessary network resources for deploying your private cloud in Azure.
 ms.topic: tutorial
 ms.service: azure-vmware
-ms.date: 6/12/2024
+ms.date: 4/06/2026
 ms.custom:
   - engagement-fy23
   - sfi-image-nochange
@@ -29,13 +29,13 @@ This tutorial assumes that you completed the [previous tutorial about creating a
 > [!NOTE]
 > Before you create a virtual network, evaluate whether you want to connect to Azure VMware Solution by using an existing virtual network or by creating a new one:
 >
-> * To use an existing virtual network in the same Azure subscription as Azure VMware Solution, use the [Azure VNet connect](#select-an-existing-virtual-network) tab on the **Connectivity** pane.
+> * To use an existing virtual network in the same Azure subscription as Azure VMware Solution, use the [Azure virtual network connect](#select-an-existing-virtual-network) tab on the **Connectivity** pane.
 > * To use an existing virtual network in a different Azure subscription from Azure VMware Solution, use the guidance for [connecting to the private cloud manually](#connect-to-the-private-cloud-manually).
-> * To create a new virtual network in the same Azure subscription as Azure VMware Solution, use the [Azure VNet connect](#create-a-new-virtual-network) tab or create one [manually](#create-a-virtual-network-manually).
+> * To create a new virtual network in the same Azure subscription as Azure VMware Solution, use the [Azure virtual network connect](#create-a-new-virtual-network) tab or create one [manually](#create-a-virtual-network-manually).
 
 ## Prerequisites
 
-* Make sure that the virtual network that you use for this tutorial:
+* Verify the virtual network you use for this tutorial meets the following requirements:
 
   * Contains a gateway subnet.
   * Is in the same region as the Azure VMware Solution private cloud.
@@ -54,7 +54,7 @@ You can take advantage of the **Azure VNet connect** feature if you want to conn
 
 When you select an existing virtual network, the Azure Resource Manager (ARM) template that creates the virtual network and other resources is redeployed. The resources, in this case, are the public IP address, gateway, gateway connection, and ExpressRoute authorization key.
 
-If everything is set up, the deployment doesn't change anything. However, if anything is missing, it's created automatically. For example, if the gateway subnet is missing, it's added during the deployment.
+If everything is set up, the deployment doesn't change anything. However, if anything is missing, it gets created automatically. For example, if the gateway subnet is missing, it gets added during the deployment.
 
 1. In the Azure portal, go to the Azure VMware Solution private cloud.
 
@@ -121,7 +121,7 @@ After the deployment is complete, your virtual network appears in the resource g
 
 ### Create a virtual network gateway
 
-Now that you've created a virtual network, create a virtual network gateway:
+Now that you created a virtual network, create a virtual network gateway:
 
 1. In your resource group, select **+ Add** to add a new resource.
 
@@ -151,7 +151,7 @@ After the deployment finishes, move to the next section to connect ExpressRoute
 
 ### Connect ExpressRoute to the virtual network gateway
 
-Now that you've deployed a virtual network gateway, add a connection between it and your Azure VMware Solution private cloud:
+Now that you deployed a virtual network gateway, add a connection between it and your Azure VMware Solution private cloud:
 
 [!INCLUDE [connect-expressroute-to-vnet](includes/connect-expressroute-vnet.md)]