MicrosoftDocs
diff --git a/‎articles/attestation/private-endpoint-powershell.md‎
Lines changed: 3 additions & 3 deletions b/‎articles/attestation/private-endpoint-powershell.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/attestation/quickstart-azure-cli.md‎
Lines changed: 5 additions & 5 deletions b/‎articles/attestation/quickstart-azure-cli.md‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎articles/attestation/secure-attestation.md‎
Lines changed: 1 addition & 1 deletion b/‎articles/attestation/secure-attestation.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/cloud-hsm/authentication.md‎
Lines changed: 1 addition & 1 deletion b/‎articles/cloud-hsm/authentication.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/cloud-hsm/backup-restore.md‎
Lines changed: 26 additions & 26 deletions b/‎articles/cloud-hsm/backup-restore.md‎
Lines changed: 26 additions & 26 deletions
diff --git a/‎articles/cloud-hsm/key-management.md‎
Lines changed: 1 addition & 1 deletion b/‎articles/cloud-hsm/key-management.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/cloud-hsm/network-security.md‎
Lines changed: 1 addition & 1 deletion b/‎articles/cloud-hsm/network-security.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/cloud-hsm/pkcs-api-certificate-storage.md‎
Lines changed: 3 additions & 3 deletions b/‎articles/cloud-hsm/pkcs-api-certificate-storage.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/cloud-hsm/quickstart-powershell.md‎
Lines changed: 10 additions & 10 deletions b/‎articles/cloud-hsm/quickstart-powershell.md‎
Lines changed: 10 additions & 10 deletions
diff --git a/‎articles/cloud-hsm/secure-cloud-hsm.md‎
Lines changed: 1 addition & 1 deletion b/‎articles/cloud-hsm/secure-cloud-hsm.md‎
Lines changed: 1 addition & 1 deletion
@@ -34,7 +34,7 @@ Create a resource group with [New-AzResourceGroup](/powershell/module/az.resourc
 ```azurepowershell-interactive
 ## Create to your Azure account subscription and create a resource group in a desired location. ##
 Connect-AzAccount
-Set-AzSubscription "mySubscription"
+Set-AzSubscription "<subscription-name>"
 $rg = "CreateAttestationPrivateLinkTutorial-rg"
 $loc= "eastus"
 New-AzResourceGroup -Name $rg -Location $loc
@@ -109,7 +109,7 @@ $attestationProvider = New-AzAttestation -Name $attestationProviderName -Resourc
 $attestationProviderId = $attestationProvider.Id
 ```
 ## Access the attestation provider from local machine ##
-Enter `nslookup <provider-name>.attest.azure.net`. Replace **\<provider-name>** with the name of the attestation provider instance you created in the previous steps. 
+Enter `nslookup <provider-name>.attest.azure.net`. Replace `<provider-name>` with the name of the attestation provider instance you created in the previous steps. 
 ```azurepowershell-interactive
 ## Access the attestation provider from local machine ##
 nslookup myattestationprovider.eus.attest.azure.net
@@ -189,7 +189,7 @@ In this section, you'll use the virtual machine you created in the previous step
 
 8. Open Windows PowerShell on the server after you connect.
 
-9. Enter `nslookup <provider-name>.attest.azure.net`. Replace **\<provider-name>** with the name of the attestation provider instance you created in the previous steps:
+9. Enter `nslookup <provider-name>.attest.azure.net`. Replace `<provider-name>` with the name of the attestation provider instance you created in the previous steps:
 
     ```azurepowershell-interactive
     ## Access the attestation provider from local machine ##
 
@@ -68,13 +68,13 @@ Here are commands you can use to create and manage the attestation provider:
 1. Run the [az attestation create](/cli/azure/attestation#az-attestation-create) command to create an attestation provider without policy signing requirement:
 
    ```azurecli
-   az attestation create --name "myattestationprovider" --resource-group "MyResourceGroup" --location westus
+   az attestation create --name "<attestation-provider-name>" --resource-group "<resource-group>" --location westus
    ```
 
 1. Run the [az attestation show](/cli/azure/attestation#az-attestation-show) command to retrieve attestation provider properties such as status and AttestURI:
 
    ```azurecli
-   az attestation show --name "myattestationprovider" --resource-group "MyResourceGroup"
+   az attestation show --name "<attestation-provider-name>" --resource-group "<resource-group>"
    ```
 
    This command displays values like the following output:
@@ -94,7 +94,7 @@ Here are commands you can use to create and manage the attestation provider:
 You can delete an attestation provider by using the [az attestation delete](/cli/azure/attestation#az-attestation-delete) command:
 
 ```azurecli
-az attestation delete --name "myattestationprovider" --resource-group "sample-resource-group"
+az attestation delete --name "<attestation-provider-name>" --resource-group "<resource-group>"
 ```
 
 ## Policy management
@@ -104,7 +104,7 @@ Use the commands described here to provide policy management for an attestation
 The [az attestation policy show](/cli/azure/attestation/policy#az-attestation-policy-show) command returns the current policy for the specified TEE:
 
 ```azurecli
-az attestation policy show --name "myattestationprovider" --resource-group "MyResourceGroup" --attestation-type SGX-IntelSDK
+az attestation policy show --name "<attestation-provider-name>" --resource-group "<resource-group>" --attestation-type SGX-IntelSDK
 ```
 
 > [!NOTE]
@@ -127,7 +127,7 @@ az attestation policy set --name testatt1 --resource-group testrg --attestation-
 To set policy in JWT format for a given kind of attestation type using file path:
 
 ```azurecli
-az attestation policy set --name "myattestationprovider" --resource-group "MyResourceGroup" \
+az attestation policy set --name "<attestation-provider-name>" --resource-group "<resource-group>" \
 --attestation-type SGX-IntelSDK -f "{file_path}" --policy-format JWT
 ```
 
 
@@ -4,7 +4,7 @@ description: Learn how to secure Azure Attestation, with best practices for netw
 author: msmbaldwin
 ms.author: mbaldwin
 ms.service: security
-ms.topic: conceptual
+ms.topic: best-practice
 ms.custom: horz-security
 
 ms.date: 03/28/2025
 
@@ -3,7 +3,7 @@ title: Authentication in Azure Cloud HSM
 description: Learn about various authentication methods and best practices for securing and optimizing your Azure Cloud HSM deployment.
 author: msmbaldwin
 ms.service: azure-cloud-hsm
-ms.topic: conceptual
+ms.topic: feature-guide
 ms.date: 03/20/2025
 ms.author: mbaldwin
 #customer intent: As a Cloud HSM administrator, I want to learn how to secure and optimize my Cloud HSM deployment so that I can ensure the highest level of security and performance.
 
@@ -3,8 +3,8 @@ title: Back Up and Restore Azure Cloud HSM Resources
 description: Learn how to back up and restore your Azure Cloud HSM resources, including prerequisites, configuration steps, and validation procedures.
 author: msmbaldwin
 ms.service: azure-cloud-hsm
-ms.topic: conceptual
-ms.date: 03/20/2025
+ms.topic: tutorial
+ms.date: 03/26/2026
 ms.author: mbaldwin
 
 # Customer intent: As a security administrator, I need to back up and restore Azure Cloud HSM resources to ensure business continuity and facilitate disaster recovery.
@@ -49,10 +49,10 @@ Create a new user-assigned managed identity in your existing Azure Cloud HSM res
 ```azurepowershell-interactive
 # Define parameters for the new managed identity
 $identity = @{
-    Location          = "<RegionName>"                                         
-    ResourceName      = "<ManagedIdentityName>"                                         
-    ResourceGroupName = "<ResourceGroupName>"
-    SubscriptionID    = "<SubscriptionID>"     
+    Location          = "<location>"                                         
+    ResourceName      = "<managed-identity-name>"                                         
+    ResourceGroupName = "<resource-group>"
+    SubscriptionID    = "<subscription-id>"     
 }
 
 # Create a new user-assigned managed identity in the specified resource group and location
@@ -71,21 +71,21 @@ Each Cloud HSM cluster can have only one managed identity. You can use the same
 ```azurepowershell-interactive
 # Define the parameters for the source Cloud HSM resource
 $sourceCloudHSM = @{
-    Location          = "<RegionName>"                              
+    Location          = "<location>"                              
     Sku               = @{ "family" = "B"; "Name" = "Standard_B1" } 
-    ResourceName      = "<SourceCloudHSMName>"                
+    ResourceName      = "<source-hsm-name>"                
     ResourceType      = "microsoft.hardwaresecuritymodules/cloudHsmClusters" 
-    ResourceGroupName = "<SourceResourceGroupName>"             
+    ResourceGroupName = "<source-resource-group>"             
     Force             = $true                                    
 }
 
 # Define the parameters for the destination Cloud HSM resource
 $destinationCloudHSM = @{
-    Location          = "<RegionName>"                              
+    Location          = "<location>"                              
     Sku               = @{ "family" = "B"; "Name" = "Standard_B1" } 
-    ResourceName      = "<DestinationCloudHSMName>"            
+    ResourceName      = "<destination-hsm-name>"            
     ResourceType      = "microsoft.hardwaresecuritymodules/cloudHsmClusters" 
-    ResourceGroupName = "<DestinationResourceGroupName>"             
+    ResourceGroupName = "<destination-resource-group>"             
     Force             = $true                                    
 }
 
@@ -95,11 +95,11 @@ $chsmMSIPatch = '{
         "Family": "B",
         "Name": "Standard_B1"
     },
-    "Location": "<RegionName>",    
+    "Location": "<location>",    
     "Identity": {
         "type": "UserAssigned",
         "userAssignedIdentities": {
-            "/subscriptions/<SubscriptionID>/resourcegroups/<ResourceGroupName>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<ManagedIdentityName>": {}
+            "/subscriptions/<subscription-id>/resourcegroups/<resource-group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<managed-identity-name>": {}
         }
     }
 }'
@@ -138,37 +138,37 @@ Read/write access is granted for both the source and the destination.
 
 ```azurepowershell-interactive
 # Define the subscription ID
-$subscriptionId = "<SubscriptionID>"
+$subscriptionId = "<subscription-id>"
 
 # Define storage account parameters
 $storageAccount = @{
-    Location          = "<RegionName>"                    
-    ResourceGroupName = "<BackupResourceGroupName>" 
-    AccountName       = "<ResourceName>"      # Name of the storage account
-    SkuName           = "<StorageAccountSKU>"     # Storage account tier (example: Standard_LRS)
-    Kind              = "<StorageAccountType>"       #Type of storage account (example: StorageV2)
+    Location          = "<location>"                    
+    ResourceGroupName = "<backup-resource-group>" 
+    AccountName       = "<storage-account-name>"      # Name of the storage account
+    SkuName           = "<storage-sku>"     # Storage account tier (example: Standard_LRS)
+    Kind              = "<storage-type>"       #Type of storage account (example: StorageV2)
 }
 
 # Define the blob container parameters
 $container = @{
     ResourceGroupName  = $storageAccount.ResourceGroupName # Resource group name where the storage account is located
     StorageAccountName = $storageAccount.AccountName      # Name of the storage account
-    ContainerName      = "<StorageContainerName>"              # Name of the blob container
+    ContainerName      = "<container-name>"              # Name of the blob container
 }
 
 # Define the private endpoint parameters
 # Storage accounts are publicly accessible, so put it behind a private virtual network
 $privateEndpoint = @{
-    Name              = "<PrivateEndpointName>"
-    VnetName          = "<ExistingVNetName>"  # Name of the existing virtual network
-    SubnetName        = "<ExistingSubnetName>"  # Name of the existing subnet within the virtual network
-    ResourceGroupName = "<ResourceGroupName>" # Resource group for private virtual network and subnet (example: CHSM-CLIENT-RG)
+    Name              = "<private-endpoint-name>"
+    VnetName          = "<vnet-name>"  # Name of the existing virtual network
+    SubnetName        = "<subnet-name>"  # Name of the existing subnet within the virtual network
+    ResourceGroupName = "<resource-group>" # Resource group for private virtual network and subnet (example: CHSM-CLIENT-RG)
 }
 
 # Define the role assignment parameters
 $roleAssignment = @{
     RoleDefinitionName = "Storage Blob Data Contributor"  # Minimum RBAC role required
-    PrincipalId        = "<PrincipalId>"  # The ID of the managed identity or user to assign the role to
+    PrincipalId        = "<principal-id>"  # The ID of the managed identity or user to assign the role to
     Scope              = "/subscriptions/$($subscriptionId)/resourceGroups/$($storageAccount.ResourceGroupName)/providers/Microsoft.Storage/storageAccounts/$($storageAccount.AccountName)"
 }
 
 
@@ -3,7 +3,7 @@ title: Comprehensive Guide to Key Management in Azure Cloud HSM
 description: Learn best practices and recommendations for key management in Azure Cloud HSM, including storage limits, key wrapping security, and caching strategies.
 author: msmbaldwin
 ms.service: azure-cloud-hsm
-ms.topic: conceptual
+ms.topic: best-practice
 ms.date: 03/20/2025
 ms.author: mbaldwin
 
 
@@ -3,7 +3,7 @@ title: Network Security for Azure Cloud HSM
 description: Learn how to secure your network configuration for Azure Cloud HSM to prevent unauthorized access and enhance overall security.
 author: msmbaldwin
 ms.service: azure-cloud-hsm
-ms.topic: conceptual
+ms.topic: best-practice
 ms.date: 03/20/2025
 ms.author: mbaldwin
 #customer intent: As a security administrator, I need to understand how to secure my network configuration for Azure Cloud HSM so that I can prevent unauthorized access and enhance overall security.
 
@@ -5,7 +5,7 @@ author: keithp
 manager: keithp
 ms.service: azure-cloud-hsm
 ms.topic: tutorial
-ms.date: 03/20/2025
+ms.date: 03/26/2026
 ms.author: keithp
 ms.custom: pkcs11, certificate-management, x509-certificates, azure-cloud-hsm
 
@@ -118,7 +118,7 @@ The following attributes are applicable to X.509 public key certificates.
 
 ### C_DestroyObject
 
-The C_DestroyObject API takes a session handle, and the object handle associated with the certificate you want to delete. Invoking this function removes the specified certificate from the Azure Blob Storage Account by deleting the corresponding JWS blob named pkcs11_certificate_<cert_handle>.
+The C_DestroyObject API takes a session handle, and the object handle associated with the certificate you want to delete. Invoking this function removes the specified certificate from the Azure Blob Storage Account by deleting the corresponding JWS blob named `pkcs11_certificate_<cert-handle>`.
 
 Below is a code snippet demonstrating how to call C_DestroyObject for certificates (the same approach applies to keys).
 
@@ -349,7 +349,7 @@ Azure Cloud HSM includes sample application code to help validate certificate st
 
 ### Verify certificates in storage
 
-After a successful call to the C_CreateObject() API, the newly created certificate object will appear in your Azure Blob Storage account, as specified in the azcloudhsm_application.cfg file. The blob will be named using the format pkcs11_certificate_\<ObjectHandle\>, as shown below. Certificate objects are assigned object handles ranging from 0xFFF00000 to 0xFFFFFFFF (decimal range: 4,293,918,720 to 4,294,967,295), allowing support for up to 1,048,575 certificates.
+After a successful call to the C_CreateObject() API, the newly created certificate object will appear in your Azure Blob Storage account, as specified in the azcloudhsm_application.cfg file. The blob will be named using the format `pkcs11_certificate_<object-handle>`, as shown below. Certificate objects are assigned object handles ranging from 0xFFF00000 to 0xFFFFFFFF (decimal range: 4,293,918,720 to 4,294,967,295), allowing support for up to 1,048,575 certificates.
 
 From both Azure portal as well as from your Azure VM you can see the certificates stored.
 
 
@@ -5,7 +5,7 @@ author: keithp
 manager: keithp
 ms.service: azure-cloud-hsm
 ms.topic: quickstart
-ms.date: 03/20/2025
+ms.date: 03/26/2026
 ms.author: keithp
 
 #customer intent: As an IT pro decision-maker, I'm looking for key storage capability within the Azure cloud platform that meets FIPS 140-3 Level 3 certification and that gives me exclusive access to a dedicated hardware security module.
@@ -36,11 +36,11 @@ The following example code creates a resource group and a Cloud HSM instance. Yo
 ```azurepowershell-interactive
 # Define variables for your Cloud HSM deployment
 $server = @{
-    Location = "<RegionName>"
+    Location = "<location>"
     Sku = @{"family" = "B"; "Name" = "Standard_B1" }
-    ResourceName = "<HSMName>"
+    ResourceName = "<hsm-name>"
     ResourceType = "microsoft.hardwaresecuritymodules/cloudHsmClusters"
-    ResourceGroupName = "<ResourceGroupName>"
+    ResourceGroupName = "<resource-group>"
     Force = $true
 }
 
@@ -63,9 +63,9 @@ If you plan to use backup and restore functionality, you can create and configur
 ```azurepowershell-interactive
 # Define parameters for the new managed identity
 $identity = @{
-    Location          = "<RegionName>"                                         
-    ResourceName      = "<ManagedIdentityName>"                                         
-    ResourceGroupName = "<ResourceGroupName>"
+    Location          = "<location>"                                         
+    ResourceName      = "<managed-identity-name>"                                         
+    ResourceGroupName = "<resource-group>"
 }
 
 # Create a new user-assigned managed identity
@@ -105,7 +105,7 @@ For production environments, we strongly recommend that you configure a private
 ```azurepowershell-interactive
 # Define private endpoint parameters
 $privateEndpoint = @{
-    Name = "<PrivateEndpointName>"
+    Name = "<private-endpoint-name>"
     ResourceGroupName = $server.ResourceGroupName
     Location = $server.Location
     Subnet = $subnet # You need to have $subnet defined with your subnet configuration
@@ -128,10 +128,10 @@ New-AzPrivateEndpoint @privateEndpoint
 When you run the `New-AzResource` command with the `-AsJob` parameter, it creates a background job to deploy your Cloud HSM resource. You can check the status of the deployment by running:
 
 ```azurepowershell-interactive
-Get-Job -Id <JobId> | Receive-Job
+Get-Job -Id <job-id> | Receive-Job
 ```
 
-In the preceding command, `<JobId>` is the ID that the system returned when you ran the `New-AzResource` command.
+In the preceding command, `<job-id>` is the ID that the system returned when you ran the `New-AzResource` command.
 
 The deployment is complete when you see a successful result from the job or when you can verify that the resource exists in your Azure subscription.
 
 
@@ -3,7 +3,7 @@ title: Best Practices for Securing Microsoft Azure Cloud HSM
 description: Learn the best practices for securing and managing Microsoft Azure Cloud HSM to help protect cryptographic keys and sensitive workloads.
 author: msmbaldwin
 ms.service: azure-cloud-hsm
-ms.topic: conceptual
+ms.topic: best-practice
 ms.date: 09/26/2025
 ai-usage: ai-assisted
 ms.custom: horz-security