conflicts

Author: snicklezzz

.github/copilot-instructions.md

@@ -0,0 +1,57 @@
+# Copilot Instructions for Microsoft Learn
+
+These instructions define a unified style and process standard for authoring and maintaining learn.microsoft.com documentation with GitHub Copilot or other AI assistance.
+
+## Learn-wide Instructions
+
+Below are instructions that apply to all Microsoft Learn documentation authored with AI assistance. Learn product team will update this periodically as needed. Each repository SHOULD NOT update this to avoid being overwritten, but update the repository-specific instructions below as needed.
+
+### AI Usage & Disclosure
+All Markdown content created or substantially modified with AI assistance must include an `ai-usage` front matter entry:
+- `ai-usage: ai-generated` – AI produced the initial draft with minimal human authorship
+- `ai-usage: ai-assisted` – Human-directed, reviewed, and edited with AI support
+- Omit only for purely human-authored legacy content
+
+If missing, **add it**. However, do not add or update the ai-usage tag if the changes proposed are confined solely to:
+- Links (link text and/or URLs)
+- Single words or short phrases, such as entries in table cells
+- Less than 5% of the article's word count
+
+### Writing Style
+
+Follow [Microsoft Writing Style Guide](https://learn.microsoft.com/style-guide/welcome/) with these specifics:
+
+#### Voice and Tone
+
+- Active voice, second person addressing reader directly
+- Conversational tone with contractions
+- Present tense for instructions/descriptions
+- Imperative mood for instructions ("Call the method" not "You should call the method")
+- Use "might" instead of "may" for possibility
+- Avoid "we"/"our" referring to documentation authors
+
+#### Structure and Format
+
+- Sentence case headings (no gerunds in titles)
+- Be concise, break up long sentences
+- Oxford comma in lists
+- Number all ordered list items as "1." (not sequential numbering like "1.", "2.", "3.", etc.)
+- Complete sentences with proper punctuation in all list items
+- Avoid "etc." or "and so on" - provide complete lists or use "for example"
+- No consecutive headings without content between them
+
+#### Formatting Conventions
+
+- **Bold** for UI elements
+- `Code style` for file names, folders, custom types, non-localizable text
+- Raw URLs in angle brackets
+- Use relative links for files in this repo
+- Remove `https://learn.microsoft.com/en-us` from learn.microsoft.com links
+
+## Repository-Specific Instructions
+
+Below are instructions specific to this repository. These may be updated by repository maintainers as needed.
+
+<!--- Add additional repository level instructions below. Do NOT update this line or above. --->
+
+

.openpublishing.redirection.defender-for-cloud.json

@@ -462,7 +462,7 @@
     },
     {
       "source_path_from_root": "/articles/defender-for-cloud/identify-sql-servers-protected-by-mma.md",
-      "redirect_url": "/azure/defender-for-cloud/defender-for-sql-servers-introduction",
+      "redirect_url": "/azure/defender-for-cloud/identify-sql-servers-protected-by-monitor-agent",
       "redirect_document_id": false
     },
     {

.openpublishing.redirection.key-vault.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+  {
+      "source_path_from_root": "/articles/key-vault/general/how-to-azure-key-vault-network-security.md",
+      "redirect_url": "/azure/key-vault/general/network-security",
+      "redirect_document_id": false
+    },
   {
       "source_path_from_root": "/articles/key-vault/general/soft-delete-change.md",
       "redirect_url": "/azure/key-vault/general/soft-delete-overview",
@@ -42,7 +47,12 @@
   },
   {
     "source_path_from_root": "/articles/key-vault/common-parameters-and-headers.md",
-    "redirect_url": "/azure/key-vault/general/common-parameters-and-headers",
+    "redirect_url": "/azure/key-vault/general/authentication-requests-and-responses",
+    "redirect_document_id": false
+  },
+  {
+    "source_path_from_root": "/articles/key-vault/general/common-parameters-and-headers.md",
+    "redirect_url": "/azure/key-vault/general/authentication-requests-and-responses",
     "redirect_document_id": false
   },
   {
@@ -247,12 +257,17 @@
   },
   {
     "source_path_from_root": "/articles/key-vault/key-vault-manage-with-cli.md",
-    "redirect_url": "/azure/key-vault/key-vault-manage-with-cli2",
+    "redirect_url": "/azure/key-vault/general/quick-create-cli",
     "redirect_document_id": false
   },
   {
     "source_path_from_root": "/articles/key-vault/key-vault-manage-with-cli2.md",
-    "redirect_url": "/azure/key-vault/general/manage-with-cli2",
+    "redirect_url": "/azure/key-vault/general/quick-create-cli",
+    "redirect_document_id": false
+  },
+  {
+    "source_path_from_root": "/articles/key-vault/general/manage-with-cli2.md",
+    "redirect_url": "/azure/key-vault/general/quick-create-cli",
     "redirect_document_id": false
   },
   {
@@ -332,7 +347,12 @@
   },
   {
     "source_path_from_root": "/articles/key-vault/key-vault-versions.md",
-    "redirect_url": "/azure/key-vault",
+    "redirect_url": "/azure/key-vault/general/whats-new",
+    "redirect_document_id": false
+  },
+  {
+    "source_path_from_root": "/articles/key-vault/general/versions.md",
+    "redirect_url": "/azure/key-vault/general/whats-new",
     "redirect_document_id": false
   },
   {

articles/attestation/azure-tpm-vbs-attestation-usage.md

@@ -30,7 +30,7 @@ Service endpoint setup is the first step for any attestation to be performed. Se
 
 Here's how you can set up an attestation endpoint using Portal
 
-1. Prerequisite: Access to the Microsoft Entra tenant and subscription under which you want to create the attestation endpoint. For more information, see [Microsoft Entra tenant](/azure/active-directory/develop/quickstart-create-new-tenant).
+1. Prerequisite: Access to the Microsoft Entra tenant and subscription under which you want to create the attestation endpoint. For more information, see [Microsoft Entra tenant](/entra/identity-platform/quickstart-create-new-tenant).
 1. Create an endpoint under the desired resource group, with the desired name.
     > [!VIDEO https://learn-video.azurefd.net/vod/player?id=8d3c6aa5-7712-4b47-b3ea-23c49539cd31]
 1. Add Attestation Contributor Role to the Identity who will be responsible to update the attestation policy.
@@ -48,7 +48,7 @@ Sample policies can be found in the [policy section](tpm-attestation-sample-poli
 
 A client to communicate with the attestation service endpoint needs to ensure it's following the protocol as described in the [protocol documentation](virtualization-based-security-protocol.md). Use the [Attestation Client NuGet](https://www.nuget.org/packages/Microsoft.Attestation.Client) to ease the integration.
 
-1. Prerequisite: a Microsoft Entra identity is needed to access the TPM endpoint. For more information, see [Microsoft Entra identity tokens](/azure/active-directory/develop/v2-overview).
+1. Prerequisite: a Microsoft Entra identity is needed to access the TPM endpoint. For more information, see [Microsoft Entra identity tokens](/entra/identity-platform/v2-overview).
 2. Add Attestation Reader Role to the identity that will be need for authentication against the endpoint.
   > [!VIDEO https://learn-video.azurefd.net/vod/player?id=1c70f4b2-e3e7-4b64-9fb1-ceb2810c669c]
 

articles/attestation/basic-concepts.md

@@ -16,7 +16,7 @@ This article defines some basic concepts related to Microsoft Azure Attestation.
 
 ## JSON Web Token (JWTs)
 
-[JSON Web Token (JWT)](/azure/active-directory/develop/security-tokens#json-web-tokens-and-claims) is an open standard [RFC7519](https://tools.ietf.org/html/rfc7519) method for securely transmitting information between parties as a JavaScript Object Notation (JSON) object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret or a public/private key pair.
+[JSON Web Token (JWT)](/entra/identity-platform/security-tokens#json-web-tokens-and-claims) is an open standard [RFC7519](https://tools.ietf.org/html/rfc7519) method for securely transmitting information between parties as a JavaScript Object Notation (JSON) object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret or a public/private key pair.
 
 ## JSON Web Key (JWK)
 

articles/attestation/trust-domain-extensions-eat-profile.md

@@ -14,7 +14,7 @@ ms.custom:
 
 This profile outlines claims for an [Intel® Trust Domain Extensions (TDX)](https://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/overview.html) attestation result generated as an Entity Attestation Token (EAT) by Azure Attestation.
 
-The profile includes claims from the IETF [JWT](https://datatracker.ietf.org/doc/html/rfc7519) specification, the [EAT](https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-21)) specification,  Intel's TDX specification and Microsoft specific claims.
+The profile includes claims from the IETF [JWT](https://datatracker.ietf.org/doc/html/rfc7519) specification, the [EAT](https://datatracker.ietf.org/doc/rfc9711/) specification,  Intel's TDX specification and Microsoft specific claims.
 
 ## JWT claims
 

articles/cloud-hsm/authentication.md

@@ -68,14 +68,17 @@ When you use an OpenSSL engine for Azure Cloud HSM, environmental variables supp
 
 ```sh
 export azcloudhsm_password="cu1:user1234" 
-export azcloudhsm_openssl_conf=/usr/local/bin/AzureCloudHSM-ClientSDK-1.0.4.0/azcloudhsm_openssl_dynamic.conf
-export LD_LIBRARY_PATH=/usr/local/lib64/AzureCloudHSM-ClientSDK-1.0.4.0/:$LD_LIBRARY_PATH
+export azcloudhsm_openssl_conf=/opt/azurecloudhsm/bin/azcloudhsm_openssl_dynamic.conf
+export LD_LIBRARY_PATH=/opt/azurecloudhsm/lib64/:$LD_LIBRARY_PATH
 …
 sudo ./azcloudhsm_client azcloudhsm_client.cfg > /dev/null 2>&1 &
 openssl genpkey -algorithm RSA -out private_key.pem -engine azcloudhsm_openssl
 …
 ```
 
+> [!NOTE]
+> Update the paths to match your installed SDK version. The default installation path is `/opt/azurecloudhsm/`. For the latest SDK, see the [Azure Cloud HSM SDK releases](https://github.com/microsoft/MicrosoftAzureCloudHSM/releases).
+
 For authentication details with OpenSSL, consult the [guide for integrating OpenSSL with Azure Cloud HSM](https://github.com/microsoft/MicrosoftAzureCloudHSM/blob/main/IntegrationGuides/Azure%20Cloud%20HSM%20OpenSSL%20Integration%20Guide.pdf).
 
 ## Multithreading techniques

articles/cloud-hsm/faq.yml

@@ -19,7 +19,7 @@ sections:
           
           Azure Cloud HSM supports various applications, including PKCS#11, offloading of Secure Sockets Layer (SSL) or Transport Layer Security (TLS) processing, certificate authority (CA) private key protection, and transparent data encryption (TDE). It also supports document and code signing.
           
-          Azure Cloud HSM provides high availability and redundancy by grouping multiple HSMs into a cluster and automatically synchronizing across three HSM instances. The HSM cluster supports load balancing of cryptographic operations. Periodic HSM backups help ensure secure and simple data recovery. For more information, see [What is Azure Cloud HSM?](overview.md).
+          Azure Cloud HSM provides high availability and redundancy by grouping multiple HSMs into a cluster and automatically synchronizing across three HSM nodes. The HSM cluster supports load balancing of cryptographic operations. Periodic HSM backups help ensure secure and simple data recovery. For more information, see [What is Azure Cloud HSM?](overview.md).
       - question: |-  
           What is an HSM?  
         answer: |-  

articles/cloud-hsm/key-management.md

@@ -28,6 +28,11 @@ To avoid exceeding Azure Cloud HSM service limits, consider using one or more of
 > [!NOTE]
 > Wait 24 hours after you create a key to ensure that synchronization and backups within your Azure Cloud HSM deployment are complete.
 
+> [!CAUTION]
+> If a key exists on only one node and that node fails without a backup, you can be permanently locked out of your encrypted data with no recovery option. Always verify that keys are synchronized across all nodes and maintain regular backups.
+>
+> When creating users, it is the customer's responsibility to ensure users are present on all nodes of the Azure Cloud HSM cluster. For more information, see [Ensure your HSM users are available on all nodes of your cluster](user-management.md#ensure-your-hsm-users-are-available-on-all-nodes-of-your-cluster). For steps on synchronizing missing keys, see [Synchronize users and keys across Azure Cloud HSM nodes](synchronize-users-keys.md).
+
 ## Manage key wrapping
 
 You use the `EXTRACTABLE` attribute in Azure Cloud HSM to mark keys as either extractable or nonextractable. By default, HSM keys are set as extractable. You can export extractable keys from the HSM through key wrapping, which encrypts the keys. The keys then require unwrapping via the same wrapping key before use.

articles/cloud-hsm/onboarding-guide.md

@@ -13,7 +13,7 @@ ms.author: keithp
 
 # Azure Cloud HSM onboarding guide
 
-Microsoft Azure Cloud HSM provides dedicated, FIPS 140-2 Level 3 validated hardware security modules (HSMs) for customers who require high levels of cryptographic key security. To help new users get started, Microsoft published a comprehensive onboarding guide that outlines the steps for provisioning, configuring, and using Azure Cloud HSM effectively.
+Microsoft Azure Cloud HSM provides dedicated, FIPS 140-3 Level 3 validated hardware security modules (HSMs) for customers who require high levels of cryptographic key security. To help new users get started, Microsoft published a comprehensive onboarding guide that outlines the steps for provisioning, configuring, and using Azure Cloud HSM effectively.
 
 The onboarding guide is available as a PDF. It includes detailed instructions, best practices, and prerequisites for a smooth setup process. You can access the full guide here: [Microsoft Azure Cloud HSM Onboarding Guide](https://github.com/microsoft/MicrosoftAzureCloudHSM/blob/main/OnboardingGuides/Azure%20Cloud%20HSM%20Onboarding.pdf).