Merge pull request #313934 from suzuber/article-refresh-lines-71-85

Azure refresh sheet lines 71-85

Author: prmerger-automator[bot]

articles/azure-vmware/configure-virtual-trusted-platform-module.md

@@ -3,14 +3,14 @@ title: Trusted Launch for Azure VMware Solution
 description: Trusted Launch overview and Learn how to configure Virtual Trusted Platform Module (vTPM) on Virtual Machines.
 ms.topic: how-to
 ms.service: azure-vmware
-ms.date: 12/11/2024
+ms.date: 03/30/2026
 ms.custom: engagement-fy25
 # Customer intent: As an IT admin managing virtual machines in a cloud-based environment, I want to configure Virtual Trusted Platform Module (vTPM) on my VMs, so that I can enhance their security and ensure a trusted boot process.
 ---
 
 # Trusted Launch for Azure VMware Solution
 
-In this article, you will learn about Trusted Launch and how to configure Virtual Trusted Platform Module (vTPM) on Virtual Machines in Azure VMware Solution. Trusted Launch is a comprehensive security solution that encompasses three key components: Secure Boot, Virtual Trusted Platform Module (vTPM), and Virtualization-based security (VBS). Each of these components plays a vital role in fortifying the security posture of VMs.
+In this article, learn about Trusted Launch and how to configure Virtual Trusted Platform Module (vTPM) on Virtual Machines in Azure VMware Solution. Trusted Launch is a comprehensive security solution that encompasses three key components: Secure Boot, Virtual Trusted Platform Module (vTPM), and Virtualization-based security (VBS). Each of these components plays a vital role in fortifying the security posture of VMs.
 
 :::image type="content" source="./media/trusted-launch.png" alt-text="Diagram showing the three pillars of trusted launch, Secure Boot, Virtual Trusted Platform Module, and Virtualization-based Security." border="false" lightbox="./media/trusted-launch.png":::
 
@@ -26,15 +26,15 @@ In this article, you will learn about Trusted Launch and how to configure Virtua
 
 ## Secure Boot
 
-Secure Boot is the first line of defense in Trusted Launch. It establishes a "root of trust" for VMs by ensuring that only signed operating systems and drivers are allowed to boot. This prevents the installation of malware-based rootkits and bootkits, which can compromise the security of the entire system. With Secure Boot enabled, every aspect of the boot process, from the boot loader to the kernel and kernel drivers, must be digitally signed by trusted publishers. This creates a robust shield against unauthorized modifications and ensures that the VM starts in a secure and trusted state.
+Secure Boot is the frontline of defense in Trusted Launch. It establishes a "root of trust" for VMs by ensuring that only signed operating systems and drivers are allowed to boot. Secure Boot prevents the installation of malware-based rootkits and bootkits, which can compromise the security of the entire system. With Secure Boot enabled, every aspect of the boot process (from the boot loader to the kernel and kernel drivers) should be digitally signed by trusted publishers. This creates a robust shield against unauthorized modifications and ensures that the VM starts in a secure and trusted state.
 
 ## Virtual Trusted Platform Module (vTPM) 
 
-The vTPM is a virtualized version of a hardware Trusted Platform Module (TPM) 2.0 device. It serves as a dedicated secure vault for storing keys, certificates, and secrets. What sets vTPM apart is its ability to operate in a secure environment outside the reach of any VM, making it tamper-resistant and highly secure. One of the key functions of vTPM is attestation. It measures the entire boot chain of a VM, including UEFI, OS, system components, and drivers, to certify that the VM booted securely. This attestation mechanism is invaluable for verifying the integrity of VMs and ensuring that they haven't been compromised.
+The vTPM is a virtualized version of a hardware Trusted Platform Module (TPM) 2.0 device. It serves as a dedicated secure vault for storing keys, certificates, and secrets. What sets vTPM apart is its ability to operate in a secure environment outside the reach of any VM, making it tamper-resistant and highly secure. One of the key functions of vTPM is attestation. It measures the entire boot chain of a VM, including Unified Extensible Firmware Interface (UEFI), OS, system components, and drivers to certify that the VM booted securely. The attestation mechanism is invaluable for verifying the integrity of VMs and ensuring that they aren't compromised.
 
 ## Virtualization-based Security (VBS) 
 
-Virtualization-based Security (VBS) is the final piece of the Trusted Launch puzzle. It leverages the hypervisor to create isolated, secure memory regions within the VM. VBS uses virtualization to enhance system security by creating an isolated, hypervisor-restricted, specialized subsystem. It provides protection against unauthorized access of credential, prevents malware from running on windows system and ensures only trusted code runs from bootloader onwards.
+Virtualization-based Security (VBS) is the final piece of the Trusted Launch puzzle. It uses the hypervisor to create isolated, secure memory regions within the VM. VBS uses virtualization to enhance system security by creating an isolated, hypervisor-restricted, specialized subsystem. It provides protection against unauthorized access of credential, prevents malware from running on windows system and ensures only trusted code runs from bootloader onwards.
 
 
 ## Configure Virtual Trusted Platform Module (vTPM) on Virtual Machines with Azure VMware Solution
@@ -52,21 +52,21 @@ Before configuring vTPM on a VM in Azure VMware Solution, ensure the following p
 - Guest OS support: Linux, Windows Server 2008 and later, Windows 7 and later.
 
 >[!IMPORTANT]
->Customers do not need to configure a key provider to use vTPM with Azure VMware Solution. Azure VMware Solution already provides and manages key providers for each environment.
+>Customers don't need to configure a key provider to use vTPM with Azure VMware Solution. Azure VMware Solution already provides and manages key providers for each environment.
 
 ### How to Configure vTPM
 
-To configure vTPM on a VM in Azure VMware Solution, follow these steps:
+To configure vTPM on a VM in Azure VMware Solution, use the following steps:
 
 1. Connect to vCenter Server using the vSphere Client.
 
-2. In the inventory, right-click the virtual machine you want to modify and select "Edit Settings".  
+2. In the inventory, right-click the virtual machine you want to modify and select **Edit Settings**.  
 
 :::image type="content" source="./media/enable-virtual-trusted-platform-module-on-virtual-machine-highres.png" alt-text="Diagram showing how to enable vTPM on a virtual machine in Azure VMware Solution." border="false" lightbox="./media/enable-virtual-trusted-platform-module-on-virtual-machine-highres.png":::
 
-3. In the Edit Settings dialog box, click "Add New Device" and choose "Trusted Platform Module".  
+3. In the Edit Settings dialog box, select **Add New Device** and choose **Trusted Platform Module**.  
 
-4. Click "OK". The virtual machine Summary tab displays the Virtual Trusted Platform Module in the VM Hardware pane. 
+4. Select **OK**. The virtual machine Summary tab displays the Virtual Trusted Platform Module in the VM Hardware pane. 
 
 >[!IMPORTANT]
 >On VMware vSphere 7, cloning a virtual machine creates an exact replica of both the VM and the vTPM. VMware vSphere 8 introduces options to either copy or replace the TPM, allowing for better handling of different use cases.