MicrosoftDocs
diff --git a/‎articles/attestation/private-endpoint-powershell.md‎
Lines changed: 3 additions & 3 deletions b/‎articles/attestation/private-endpoint-powershell.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/attestation/quickstart-azure-cli.md‎
Lines changed: 5 additions & 5 deletions b/‎articles/attestation/quickstart-azure-cli.md‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎articles/cloud-hsm/backup-restore.md‎
Lines changed: 25 additions & 25 deletions b/‎articles/cloud-hsm/backup-restore.md‎
Lines changed: 25 additions & 25 deletions
diff --git a/‎articles/cloud-hsm/pkcs-api-certificate-storage.md‎
Lines changed: 3 additions & 3 deletions b/‎articles/cloud-hsm/pkcs-api-certificate-storage.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/cloud-hsm/quickstart-powershell.md‎
Lines changed: 10 additions & 10 deletions b/‎articles/cloud-hsm/quickstart-powershell.md‎
Lines changed: 10 additions & 10 deletions
diff --git a/‎articles/cloud-hsm/synchronize-users-keys.md‎
Lines changed: 9 additions & 9 deletions b/‎articles/cloud-hsm/synchronize-users-keys.md‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎articles/cloud-hsm/troubleshoot.md‎
Lines changed: 3 additions & 3 deletions b/‎articles/cloud-hsm/troubleshoot.md‎
Lines changed: 3 additions & 3 deletions
@@ -34,7 +34,7 @@ Create a resource group with [New-AzResourceGroup](/powershell/module/az.resourc
 ```azurepowershell-interactive
 ## Create to your Azure account subscription and create a resource group in a desired location. ##
 Connect-AzAccount
-Set-AzSubscription "mySubscription"
+Set-AzSubscription "<subscription-name>"
 $rg = "CreateAttestationPrivateLinkTutorial-rg"
 $loc= "eastus"
 New-AzResourceGroup -Name $rg -Location $loc
@@ -109,7 +109,7 @@ $attestationProvider = New-AzAttestation -Name $attestationProviderName -Resourc
 $attestationProviderId = $attestationProvider.Id
 ```
 ## Access the attestation provider from local machine ##
-Enter `nslookup <provider-name>.attest.azure.net`. Replace **\<provider-name>** with the name of the attestation provider instance you created in the previous steps. 
+Enter `nslookup <provider-name>.attest.azure.net`. Replace `<provider-name>` with the name of the attestation provider instance you created in the previous steps. 
 ```azurepowershell-interactive
 ## Access the attestation provider from local machine ##
 nslookup myattestationprovider.eus.attest.azure.net
@@ -189,7 +189,7 @@ In this section, you'll use the virtual machine you created in the previous step
 
 8. Open Windows PowerShell on the server after you connect.
 
-9. Enter `nslookup <provider-name>.attest.azure.net`. Replace **\<provider-name>** with the name of the attestation provider instance you created in the previous steps:
+9. Enter `nslookup <provider-name>.attest.azure.net`. Replace `<provider-name>` with the name of the attestation provider instance you created in the previous steps:
 
     ```azurepowershell-interactive
     ## Access the attestation provider from local machine ##
 
@@ -68,13 +68,13 @@ Here are commands you can use to create and manage the attestation provider:
 1. Run the [az attestation create](/cli/azure/attestation#az-attestation-create) command to create an attestation provider without policy signing requirement:
 
    ```azurecli
-   az attestation create --name "myattestationprovider" --resource-group "MyResourceGroup" --location westus
+   az attestation create --name "<attestation-provider-name>" --resource-group "<resource-group>" --location westus
    ```
 
 1. Run the [az attestation show](/cli/azure/attestation#az-attestation-show) command to retrieve attestation provider properties such as status and AttestURI:
 
    ```azurecli
-   az attestation show --name "myattestationprovider" --resource-group "MyResourceGroup"
+   az attestation show --name "<attestation-provider-name>" --resource-group "<resource-group>"
    ```
 
    This command displays values like the following output:
@@ -94,7 +94,7 @@ Here are commands you can use to create and manage the attestation provider:
 You can delete an attestation provider by using the [az attestation delete](/cli/azure/attestation#az-attestation-delete) command:
 
 ```azurecli
-az attestation delete --name "myattestationprovider" --resource-group "sample-resource-group"
+az attestation delete --name "<attestation-provider-name>" --resource-group "<resource-group>"
 ```
 
 ## Policy management
@@ -104,7 +104,7 @@ Use the commands described here to provide policy management for an attestation
 The [az attestation policy show](/cli/azure/attestation/policy#az-attestation-policy-show) command returns the current policy for the specified TEE:
 
 ```azurecli
-az attestation policy show --name "myattestationprovider" --resource-group "MyResourceGroup" --attestation-type SGX-IntelSDK
+az attestation policy show --name "<attestation-provider-name>" --resource-group "<resource-group>" --attestation-type SGX-IntelSDK
 ```
 
 > [!NOTE]
@@ -127,7 +127,7 @@ az attestation policy set --name testatt1 --resource-group testrg --attestation-
 To set policy in JWT format for a given kind of attestation type using file path:
 
 ```azurecli
-az attestation policy set --name "myattestationprovider" --resource-group "MyResourceGroup" \
+az attestation policy set --name "<attestation-provider-name>" --resource-group "<resource-group>" \
 --attestation-type SGX-IntelSDK -f "{file_path}" --policy-format JWT
 ```
 
 
@@ -4,7 +4,7 @@ description: Learn how to back up and restore your Azure Cloud HSM resources, in
 author: msmbaldwin
 ms.service: azure-cloud-hsm
 ms.topic: tutorial
-ms.date: 03/20/2025
+ms.date: 03/26/2026
 ms.author: mbaldwin
 
 # Customer intent: As a security administrator, I need to back up and restore Azure Cloud HSM resources to ensure business continuity and facilitate disaster recovery.
@@ -49,10 +49,10 @@ Create a new user-assigned managed identity in your existing Azure Cloud HSM res
 ```azurepowershell-interactive
 # Define parameters for the new managed identity
 $identity = @{
-    Location          = "<RegionName>"                                         
-    ResourceName      = "<ManagedIdentityName>"                                         
-    ResourceGroupName = "<ResourceGroupName>"
-    SubscriptionID    = "<SubscriptionID>"     
+    Location          = "<location>"                                         
+    ResourceName      = "<managed-identity-name>"                                         
+    ResourceGroupName = "<resource-group>"
+    SubscriptionID    = "<subscription-id>"     
 }
 
 # Create a new user-assigned managed identity in the specified resource group and location
@@ -71,21 +71,21 @@ Each Cloud HSM cluster can have only one managed identity. You can use the same
 ```azurepowershell-interactive
 # Define the parameters for the source Cloud HSM resource
 $sourceCloudHSM = @{
-    Location          = "<RegionName>"                              
+    Location          = "<location>"                              
     Sku               = @{ "family" = "B"; "Name" = "Standard_B1" } 
-    ResourceName      = "<SourceCloudHSMName>"                
+    ResourceName      = "<source-hsm-name>"                
     ResourceType      = "microsoft.hardwaresecuritymodules/cloudHsmClusters" 
-    ResourceGroupName = "<SourceResourceGroupName>"             
+    ResourceGroupName = "<source-resource-group>"             
     Force             = $true                                    
 }
 
 # Define the parameters for the destination Cloud HSM resource
 $destinationCloudHSM = @{
-    Location          = "<RegionName>"                              
+    Location          = "<location>"                              
     Sku               = @{ "family" = "B"; "Name" = "Standard_B1" } 
-    ResourceName      = "<DestinationCloudHSMName>"            
+    ResourceName      = "<destination-hsm-name>"            
     ResourceType      = "microsoft.hardwaresecuritymodules/cloudHsmClusters" 
-    ResourceGroupName = "<DestinationResourceGroupName>"             
+    ResourceGroupName = "<destination-resource-group>"             
     Force             = $true                                    
 }
 
@@ -95,11 +95,11 @@ $chsmMSIPatch = '{
         "Family": "B",
         "Name": "Standard_B1"
     },
-    "Location": "<RegionName>",    
+    "Location": "<location>",    
     "Identity": {
         "type": "UserAssigned",
         "userAssignedIdentities": {
-            "/subscriptions/<SubscriptionID>/resourcegroups/<ResourceGroupName>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<ManagedIdentityName>": {}
+            "/subscriptions/<subscription-id>/resourcegroups/<resource-group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<managed-identity-name>": {}
         }
     }
 }'
@@ -138,37 +138,37 @@ Read/write access is granted for both the source and the destination.
 
 ```azurepowershell-interactive
 # Define the subscription ID
-$subscriptionId = "<SubscriptionID>"
+$subscriptionId = "<subscription-id>"
 
 # Define storage account parameters
 $storageAccount = @{
-    Location          = "<RegionName>"                    
-    ResourceGroupName = "<BackupResourceGroupName>" 
-    AccountName       = "<ResourceName>"      # Name of the storage account
-    SkuName           = "<StorageAccountSKU>"     # Storage account tier (example: Standard_LRS)
-    Kind              = "<StorageAccountType>"       #Type of storage account (example: StorageV2)
+    Location          = "<location>"                    
+    ResourceGroupName = "<backup-resource-group>" 
+    AccountName       = "<storage-account-name>"      # Name of the storage account
+    SkuName           = "<storage-sku>"     # Storage account tier (example: Standard_LRS)
+    Kind              = "<storage-type>"       #Type of storage account (example: StorageV2)
 }
 
 # Define the blob container parameters
 $container = @{
     ResourceGroupName  = $storageAccount.ResourceGroupName # Resource group name where the storage account is located
     StorageAccountName = $storageAccount.AccountName      # Name of the storage account
-    ContainerName      = "<StorageContainerName>"              # Name of the blob container
+    ContainerName      = "<container-name>"              # Name of the blob container
 }
 
 # Define the private endpoint parameters
 # Storage accounts are publicly accessible, so put it behind a private virtual network
 $privateEndpoint = @{
-    Name              = "<PrivateEndpointName>"
-    VnetName          = "<ExistingVNetName>"  # Name of the existing virtual network
-    SubnetName        = "<ExistingSubnetName>"  # Name of the existing subnet within the virtual network
-    ResourceGroupName = "<ResourceGroupName>" # Resource group for private virtual network and subnet (example: CHSM-CLIENT-RG)
+    Name              = "<private-endpoint-name>"
+    VnetName          = "<vnet-name>"  # Name of the existing virtual network
+    SubnetName        = "<subnet-name>"  # Name of the existing subnet within the virtual network
+    ResourceGroupName = "<resource-group>" # Resource group for private virtual network and subnet (example: CHSM-CLIENT-RG)
 }
 
 # Define the role assignment parameters
 $roleAssignment = @{
     RoleDefinitionName = "Storage Blob Data Contributor"  # Minimum RBAC role required
-    PrincipalId        = "<PrincipalId>"  # The ID of the managed identity or user to assign the role to
+    PrincipalId        = "<principal-id>"  # The ID of the managed identity or user to assign the role to
     Scope              = "/subscriptions/$($subscriptionId)/resourceGroups/$($storageAccount.ResourceGroupName)/providers/Microsoft.Storage/storageAccounts/$($storageAccount.AccountName)"
 }
 
 
@@ -5,7 +5,7 @@ author: keithp
 manager: keithp
 ms.service: azure-cloud-hsm
 ms.topic: tutorial
-ms.date: 03/20/2025
+ms.date: 03/26/2026
 ms.author: keithp
 ms.custom: pkcs11, certificate-management, x509-certificates, azure-cloud-hsm
 
@@ -118,7 +118,7 @@ The following attributes are applicable to X.509 public key certificates.
 
 ### C_DestroyObject
 
-The C_DestroyObject API takes a session handle, and the object handle associated with the certificate you want to delete. Invoking this function removes the specified certificate from the Azure Blob Storage Account by deleting the corresponding JWS blob named pkcs11_certificate_<cert_handle>.
+The C_DestroyObject API takes a session handle, and the object handle associated with the certificate you want to delete. Invoking this function removes the specified certificate from the Azure Blob Storage Account by deleting the corresponding JWS blob named `pkcs11_certificate_<cert-handle>`.
 
 Below is a code snippet demonstrating how to call C_DestroyObject for certificates (the same approach applies to keys).
 
@@ -349,7 +349,7 @@ Azure Cloud HSM includes sample application code to help validate certificate st
 
 ### Verify certificates in storage
 
-After a successful call to the C_CreateObject() API, the newly created certificate object will appear in your Azure Blob Storage account, as specified in the azcloudhsm_application.cfg file. The blob will be named using the format pkcs11_certificate_\<ObjectHandle\>, as shown below. Certificate objects are assigned object handles ranging from 0xFFF00000 to 0xFFFFFFFF (decimal range: 4,293,918,720 to 4,294,967,295), allowing support for up to 1,048,575 certificates.
+After a successful call to the C_CreateObject() API, the newly created certificate object will appear in your Azure Blob Storage account, as specified in the azcloudhsm_application.cfg file. The blob will be named using the format `pkcs11_certificate_<object-handle>`, as shown below. Certificate objects are assigned object handles ranging from 0xFFF00000 to 0xFFFFFFFF (decimal range: 4,293,918,720 to 4,294,967,295), allowing support for up to 1,048,575 certificates.
 
 From both Azure portal as well as from your Azure VM you can see the certificates stored.
 
 
@@ -5,7 +5,7 @@ author: keithp
 manager: keithp
 ms.service: azure-cloud-hsm
 ms.topic: quickstart
-ms.date: 03/20/2025
+ms.date: 03/26/2026
 ms.author: keithp
 
 #customer intent: As an IT pro decision-maker, I'm looking for key storage capability within the Azure cloud platform that meets FIPS 140-3 Level 3 certification and that gives me exclusive access to a dedicated hardware security module.
@@ -36,11 +36,11 @@ The following example code creates a resource group and a Cloud HSM instance. Yo
 ```azurepowershell-interactive
 # Define variables for your Cloud HSM deployment
 $server = @{
-    Location = "<RegionName>"
+    Location = "<location>"
     Sku = @{"family" = "B"; "Name" = "Standard_B1" }
-    ResourceName = "<HSMName>"
+    ResourceName = "<hsm-name>"
     ResourceType = "microsoft.hardwaresecuritymodules/cloudHsmClusters"
-    ResourceGroupName = "<ResourceGroupName>"
+    ResourceGroupName = "<resource-group>"
     Force = $true
 }
 
@@ -63,9 +63,9 @@ If you plan to use backup and restore functionality, you can create and configur
 ```azurepowershell-interactive
 # Define parameters for the new managed identity
 $identity = @{
-    Location          = "<RegionName>"                                         
-    ResourceName      = "<ManagedIdentityName>"                                         
-    ResourceGroupName = "<ResourceGroupName>"
+    Location          = "<location>"                                         
+    ResourceName      = "<managed-identity-name>"                                         
+    ResourceGroupName = "<resource-group>"
 }
 
 # Create a new user-assigned managed identity
@@ -105,7 +105,7 @@ For production environments, we strongly recommend that you configure a private
 ```azurepowershell-interactive
 # Define private endpoint parameters
 $privateEndpoint = @{
-    Name = "<PrivateEndpointName>"
+    Name = "<private-endpoint-name>"
     ResourceGroupName = $server.ResourceGroupName
     Location = $server.Location
     Subnet = $subnet # You need to have $subnet defined with your subnet configuration
@@ -128,10 +128,10 @@ New-AzPrivateEndpoint @privateEndpoint
 When you run the `New-AzResource` command with the `-AsJob` parameter, it creates a background job to deploy your Cloud HSM resource. You can check the status of the deployment by running:
 
 ```azurepowershell-interactive
-Get-Job -Id <JobId> | Receive-Job
+Get-Job -Id <job-id> | Receive-Job
 ```
 
-In the preceding command, `<JobId>` is the ID that the system returned when you ran the `New-AzResource` command.
+In the preceding command, `<job-id>` is the ID that the system returned when you ran the `New-AzResource` command.
 
 The deployment is complete when you see a successful result from the job or when you can verify that the resource exists in your Azure subscription.
 
 
@@ -5,7 +5,7 @@ author: keithp
 manager: davinune
 ms.service: azure-cloud-hsm
 ms.topic: how-to
-ms.date: 03/20/2025
+ms.date: 03/26/2026
 ms.author: keithp
 ---
 
@@ -54,7 +54,7 @@ All users in Azure Cloud HSM are fully managed by the customer. The service does
 1. Sign in as a cryptography officer (CO):
 
    ```bash
-   loginHSM CO admin <adminPassword>
+   loginHSM CO admin <admin-password>
    ```
 
    Verify that you successfully signed in to all three nodes:
@@ -74,11 +74,11 @@ All users in Azure Cloud HSM are fully managed by the customer. The service does
    server 0
    ```
 
-1. Run the `syncUser` command for each server where the user is missing. Replace `<UserID>` with the actual User ID:
+1. Run the `syncUser` command for each server where the user is missing. Replace `<user-id>` with the actual User ID:
 
    ```bash
-   syncUser <UserID> 1
-   syncUser <UserID> 2
+   syncUser <user-id> 1
+   syncUser <user-id> 2
    ```
 
    > [!NOTE]
@@ -116,7 +116,7 @@ When you create keys, it's your responsibility to ensure keys are present on all
 1. Sign in as a cryptography officer (CO):
 
    ```bash
-   loginHSM CO admin <adminPassword>
+   loginHSM CO admin <admin-password>
    ```
 
    Verify that you successfully signed in to all three nodes:
@@ -143,11 +143,11 @@ When you create keys, it's your responsibility to ensure keys are present on all
    server 0
    ```
 
-1. Run the `syncKey` command for each server where the key is missing. Replace `<KeyHandle>` with the actual key handle ID:
+1. Run the `syncKey` command for each server where the key is missing. Replace `<key-handle>` with the actual key handle ID:
 
    ```bash
-   syncKey <KeyHandle> 1
-   syncKey <KeyHandle> 2
+   syncKey <key-handle> 1
+   syncKey <key-handle> 2
    ```
 
    For example, to synchronize key handle 262150 to servers 1 and 2:
 
@@ -5,7 +5,7 @@ author: keithp
 manager: davinune
 ms.service: azure-cloud-hsm
 ms.topic: troubleshooting-general
-ms.date: 03/20/2025
+ms.date: 03/26/2026
 ms.author: keithp
 ---
 
@@ -184,7 +184,7 @@ cd C:\Program Files\Microsoft Azure Cloud HSM Client SDK
 
 The PKCS#11 library knows how to find the client configuration because you must have a copy of your partition owner certificate (`PO.crt`) on the application server that's running your application and using the PKCS#11 library. In addition to the partition owner certificate:
 
-- You have to update `/azcloudhsm_client/azcloudhsm_client.cfg` on the application server that has the SDK installed to point to your Azure Cloud HSM deployment (that is, `hsm1.chsm-<resourcename>-<uniquestring>.privatelink.cloudhsm.azure.net`).
+- You have to update `/azcloudhsm_client/azcloudhsm_client.cfg` on the application server that has the SDK installed to point to your Azure Cloud HSM deployment (that is, `hsm1.chsm-<resource-name>-<unique-string>.privatelink.cloudhsm.azure.net`).
 - The `azcloudhsm_client` tool must be running on the application server that connects to your Azure Cloud HSM deployment.
 - You must specify a PIN within your PKCS#11 application by using the syntax `<username>:<password>`. This PIN is used for calling `C_Login` to your Azure Cloud HSM deployment.
 - You must include `pkcs11_headers/include/cryptoki.h` and `pkcs11_headers/include/pkcs11t.h` in your PKCS#11 application to use the PKCS#11 library for Azure Cloud HSM.
@@ -193,7 +193,7 @@ The PKCS#11 library knows how to find the client configuration because you must
 
 The `azcloudhsm_pkcs11.dll` file in the Azure Cloud HSM Windows SDK knows how to find the client configuration because you must have a copy of your partition owner certificate (`PO.crt`) on the application server that's running your application and using the PKCS#11 library. In addition to the partition owner certificate:
 
-- You have to update `/azcloudhsm_client/azcloudhsm_client.cfg` on the application server that has the SDK installed to point to your Azure Cloud HSM deployment (that is, `hsm1.chsm-<resourcename>-<uniquestring>.privatelink.cloudhsm.azure.net`).
+- You have to update `/azcloudhsm_client/azcloudhsm_client.cfg` on the application server that has the SDK installed to point to your Azure Cloud HSM deployment (that is, `hsm1.chsm-<resource-name>-<unique-string>.privatelink.cloudhsm.azure.net`).
 - The `azcloudhsm_client` tool must run on the application server that connects to your Azure Cloud HSM deployment.
 - You must specify a PIN within your PKCS#11 application by using the syntax `<username>:<password>`. This PIN is used for calling `C_Login` to your Azure Cloud HSM deployment.
 - You must include `pkcs11_headers\include\cryptoki.h` and `pkcs11_headers\include\pkcs11t.h` in your PKCS#11 application to use the PKCS#11 library for Azure Cloud HSM.