Merge branch 'WI538961-ai-model-security' of https://github.com/ElazarK/azure-security-docs-pr; branch 'main' of https://github.com/MicrosoftDocs/azure-security-docs-pr into WI538961-ai-model-security

Author: ElazarK

articles/attestation/tpm-attestation-sample-policies.md

@@ -71,7 +71,7 @@ c:[type=="srtmDrtmEventPcr", issuer=="AttestationPolicy"] => add(type="Bitlocker
 [type=="BitlockerStatus", issuer=="AttestationPolicy"] => issue(type="BitlockerStatus", value=true);
 ![type=="BitlockerStatus", issuer=="AttestationPolicy"] => issue(type="BitlockerStatus", value=false);
 
-// Elam Driver (windows defender) Loaded
+// Elam Driver (Microsoft Defender) Loaded
 c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="elamDriverLoaded", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_LOADEDMODULE_AGGREGATION[] | [? EVENT_IMAGEVALIDATED == `true` && (equals_ignore_case(EVENT_FILEPATH, '\\windows\\system32\\drivers\\wdboot.sys') || equals_ignore_case(EVENT_FILEPATH, '\\windows\\system32\\drivers\\wd\\wdboot.sys'))] | @ != `null`")));
 [type=="elamDriverLoaded", issuer=="AttestationPolicy"] => issue(type="ELAMDriverLoaded", value=true);
 ![type=="elamDriverLoaded", issuer=="AttestationPolicy"] => issue(type="ELAMDriverLoaded", value=false);

articles/confidential-ledger/manage-azure-ad-token-based-users.md

@@ -55,7 +55,7 @@ ledger_client = ConfidentialLedgerClient(
 
 # Add a user with the contributor role
 # Other supported roles are Contributor and Administrator
-user_id = "Azure AD object id of the user"
+user_id = "Microsoft Entra ID object id of the user"
 user = ledger_client.create_or_update_user(
     user_id, {"assignedRole": "Contributor"}
 )
@@ -98,7 +98,7 @@ internal class ACLUserManagement
       // The DefaultAzureCredential will use the current Azure context to authenticate to Azure
       var ledgerClient = new ConfidentialLedgerClient(new Uri("https://contoso.confidential-ledger.azure.com"), new DefaultAzureCredential());
 
-      string userId = "Azure AD object id of the user";
+      string userId = "Microsoft Entra ID object id of the user";
 
       // Add the user with the Reader role
       // Other supported roles are Contributor and Administrator
@@ -206,7 +206,7 @@ public class CreateOrUpdateUserSample {
 			// Other supported roles are Contributor and Administrator
 			BinaryData userDetails = BinaryData.fromString("{\"assignedRole\":\"Reader\"}");
 			RequestOptions requestOptions = new RequestOptions();
-			String userId = "Azure AD object id of the user";
+			String userId = "Microsoft Entra ID object id of the user";
 			Response<BinaryData> response = confidentialLedgerClient.createOrUpdateUserWithResponse(userId,
 					userDetails, requestOptions);
 
@@ -277,8 +277,8 @@ export async function main() {
     new DefaultAzureCredential()
   );
 
-  // Azure AD object id of the user
-  const userId = "Azure AD Object id"
+  // Microsoft Entra ID object id of the user
+  const userId = "Microsoft Entra ID Object id"
 
   // Other supported roles are Reader and Contributor
   const createUserParams: CreateOrUpdateUserParameters = {

articles/confidential-ledger/quickstart-template.md

@@ -1,6 +1,6 @@
 ---
-title: Create an Microsoft Azure confidential ledger by using Azure Resource Manager template
-description: Learn how to create an Microsoft Azure confidential ledger by using Azure Resource Manager template.
+title: Create a Microsoft Azure confidential ledger by using Azure Resource Manager template
+description: Learn how to create a Microsoft Azure confidential ledger by using Azure Resource Manager template.
 services: azure-resource-manager
 author: msmbaldwin
 ms.service: azure-confidential-ledger
@@ -10,7 +10,7 @@ ms.author: mbaldwin
 ms.date: 04/14/2025
 ---
 
-# Quickstart: Create an Microsoft Azure confidential ledger with an ARM template
+# Quickstart: Create a Microsoft Azure confidential ledger with an ARM template
 
 [Microsoft Azure confidential ledger](overview.md) is a new and highly secure service for managing sensitive data records. This quickstart describes how to use an Azure Resource Manager template (ARM template) to create a new ledger.
 

articles/confidential-ledger/quickstart-terraform.md

@@ -24,7 +24,7 @@ In this quickstart, you create an Azure resource group and a confidential ledger
 > * Retrieve the current Azure client configuration.
 > * Generate a random string for the Azure confidential ledger name.
 > * Create an Azure confidential ledger with the generated name and assign it to the resource group.
-> * Assign an Azure AD based service principal to the confidential ledger.
+> * Assign a Microsoft Entra ID based service principal to the confidential ledger.
 > * Tag the confidential ledger as an example.
 > * Output the resource group name, confidential ledger name, confidential ledger type, and confidential ledger role name.
 > * Specify the required version of Terraform and the required providers.

articles/dedicated-hsm/monitoring.md

@@ -25,6 +25,24 @@ The monitor function itself is set up to poll the device every 10 minutes to get
 
 Depending on the nature of the issue, the appropriate course of action would be taken to reduce impact and ensure low risk remediation. For example, a power supply failure is a hot-swap procedure with no resultant tamper event so can be performed with low impact and minimal risk to operation. Other procedures may require a device to be zeroized and deprovisioned to minimize any security risk to the customer. In this situation a customer would provision an alternate device, rejoin a high availability pairing thus triggering device synchronization. Normal operation would resume in minimal time, with minimal disruption and lowest security risk.  
 
+### Power supply redundancy
+
+The Thales Luna 7 HSM device uses a dual power supply unit (PSU) design for redundancy. Each PSU connects to an independent power feed, allowing the device to operate normally if one PSU experiences a brief outage.
+
+During scheduled datacenter power maintenance, power feeds are serviced one at a time while the other feed remains active, ensuring continuous operation through redundant power. You may see transient single-PSU messages in your HSM logs such as:
+
+```text
+Power supply 1 AC outage
+Power supply 1 AC restored
+```
+
+These messages are expected behavior and don't indicate a hardware fault—the device continues operating normally on the redundant PSU.
+
+> [!IMPORTANT]
+> Don't open support tickets or request physical hardware investigation based on single-PSU log messages. Microsoft monitors PSU health and proactively addresses any actual hardware failures. Unnecessary physical intervention can introduce risk to your device's operation.
+
+If our monitoring detects a genuine PSU or fan issue, Microsoft replaces the component without requiring customer action or notification.
+
 ## Customer monitoring
 
 A value proposition of the Dedicated HSM service is the control the customer gets of the device, especially considering it is a cloud delivered device. A consequence of this control is the responsibility to monitor and manage the health of the device. 

articles/dedicated-hsm/overview.md

@@ -65,7 +65,7 @@ Azure Dedicated HSM is most suitable for “lift-and-shift” scenarios that req
 
 ### Not a fit
 
-Azure Dedicated HSM is not a good fit for the following type of scenario: Microsoft cloud services that support encryption with customer-managed keys (such as Azure Information Protection, Azure Disk Encryption, Azure Data Lake Store, Azure Storage, Azure SQL Database, and Customer Key for Office 365) that are not integrated with Azure Dedicated HSM.
+Azure Dedicated HSM is not a good fit for the following type of scenario: Microsoft cloud services that support encryption with customer-managed keys (such as Azure Information Protection, Azure Disk Encryption, Azure Data Lake Store, Azure Storage, Azure SQL Database, and Customer Key for Microsoft 365) that are not integrated with Azure Dedicated HSM.
 
 > [!NOTE]
 > Customers must have an assigned Microsoft Account Manager and meet the monetary requirement of five million ($5M) USD or greater in overall committed Azure revenue annually to qualify for onboarding and use of Azure Dedicated HSM.