Merge pull request #2717 from msmbaldwin/audit-kv-general-docset

Audit key-vault/general docset: fix content debt and style issues

Author: v-dirichards

articles/key-vault/general/access-behind-firewall.md

@@ -1,13 +1,13 @@
 ---
-title: Access Key Vault behind a firewall - Azure Key Vault | Microsoft Docs
+title: Access Key Vault behind a firewall - Azure Key Vault
 description: Learn about the ports, hosts, or IP addresses to open to enable a key vault client application behind a firewall to access a key vault.
 services: key-vault
 author: msmbaldwin
 
 ms.service: azure-key-vault
 ms.subservice: general
 ms.topic: how-to
-ms.date: 01/30/2026
+ms.date: 04/10/2026
 ms.author: mbaldwin
 
 ---

articles/key-vault/general/alert.md

@@ -7,7 +7,7 @@ author: msmbaldwin
 ms.service: azure-key-vault
 ms.subservice: general
 ms.topic: how-to
-ms.date: 04/16/2025
+ms.date: 04/10/2026
 ms.author: mbaldwin
 ms.custom: sfi-image-nochange
 # Customer intent: As a key vault administrator, I want to learn the options available to monitor the health of my vaults.
@@ -37,23 +37,23 @@ This article focuses on alerts for Key Vault. For information about Key Vault in
 An action group is a configurable list of notifications and properties. The first step in configuring alerts is to create an action group and choose an alert type:
 
 1. Sign in to the Azure portal.
-2. Search for **Alerts** in the search box.
-3. Select **Manage actions**.
+1. Search for **Alerts** in the search box.
+1. Select **Manage actions**.
 
    > [!div class="mx-imgBorder"]
    > ![Screenshot that highlights the Manage Actions button.](../media/alert-6.png)
 
-4. Select **+ Add action group**.
+1. Select **+ Add action group**.
 
    > [!div class="mx-imgBorder"]
    > ![Screenshot that highlights the button for adding an action group.](../media/alert-7.png)
 
-5. Choose the **Action Type** value for your action group. In this example, we'll create an email and SMS alert. Select **Email/SMS/Push/Voice**.
+1. Choose the **Action Type** value for your action group. In this example, we'll create an email and SMS alert. Select **Email/SMS/Push/Voice**.
 
    > [!div class="mx-imgBorder"]
    > ![Screenshot that highlights the selections for adding an action group.](../media/alert-8.png)
 
-6. In the dialog, enter email and SMS details, and then select **OK**.
+1. In the dialog, enter email and SMS details, and then select **OK**.
 
    > [!div class="mx-imgBorder"]
    > ![Screenshot that shows selections for adding an email and S M S message alert.](../media/alert-9.png)
@@ -67,20 +67,20 @@ Next, create a rule and configure the thresholds that will trigger an alert:
    > [!div class="mx-imgBorder"]
    > ![Screenshot that shows the Alerts menu option in the Monitoring section.](../media/alert-10.png)
 
-2. Select **New alert rule**.
+1. Select **New alert rule**.
 
    > [!div class="mx-imgBorder"]
    > ![Screenshot that shows the button for adding a new alert rule.](../media/alert-11.png)
 
-3. Select the scope of your alert rule. You can select a single vault or multiple vaults. 
+1. Select the scope of your alert rule. You can select a single vault or multiple vaults. 
 
    > [!IMPORTANT]
    > When you're selecting multiple vaults for the scope of your alerts,  all selected vaults must be in the same region. You have to configure separate alert rules for vaults in different regions. 
 
    > [!div class="mx-imgBorder"]
    > ![Screenshot that shows how you can select a vault.](../media/alert-12.png)
 
-4. Select the thresholds that define the logic for your alerts, and then select **Add**. The Key Vault team recommends configuring the following thresholds for most applications, but you can adjust them based on your application needs: 
+1. Select the thresholds that define the logic for your alerts, and then select **Add**. The Key Vault team recommends configuring the following thresholds for most applications, but you can adjust them based on your application needs: 
 
     + Key Vault availability drops below 100 percent (static threshold)
     > [!IMPORTANT]

articles/key-vault/general/apps-api-keys-secrets.md

@@ -6,7 +6,7 @@ author: orin-thomas
 ms.service: azure-key-vault
 ms.subservice: general
 ms.topic: overview
-ms.date: 03/26/2026
+ms.date: 04/10/2026
 ms.author: orthomas
 ---
 
@@ -46,7 +46,7 @@ az keyvault secret set \
 
 The following uses the Azure PowerShell [Set-AzKeyVaultSecret](/powershell/module/az.keyvault/set-azkeyvaultsecret) cmdlet to add a secret named MyApiKey to the keyvault and sets the secret to expire after 180 days:
 
-```powershell
+```azurepowershell
 $secret = ConvertTo-SecureString -String "<secret-value>" -AsPlainText -Force
 Set-AzKeyVaultSecret -VaultName "<vault-name>" -Name "MyApiKey" -SecretValue $secret -Expires (Get-Date).AddDays(180)
 ```
@@ -73,7 +73,7 @@ az role assignment create --role "Key Vault Secrets User" \
 
 To do this configure an Azure role-based access control (Azure RBAC) role using the Azure PowerShell [New-AzRoleAssignment](/powershell/module/az.resources/new-azroleassignment) cmdlet:
 
-```powershell
+```azurepowershell
 New-AzRoleAssignment -RoleDefinitionName "Key Vault Secrets User" `
     -ObjectId <object-id-of-app-or-user> `
     -Scope "/subscriptions/<subscription-id>/resourcegroups/<resource-group>/providers/Microsoft.KeyVault/vaults/<vault-name>"
@@ -101,7 +101,7 @@ az monitor diagnostic-settings create \
 
 To enable Azure Key Vault Logging and Alerts, use the Azure PowerShell [Set-AzDiagnosticSetting](/powershell/module/az.monitor/set-azdiagnosticsetting) cmdlet:
 
-```powershell
+```azurepowershell
 Set-AzDiagnosticSetting -Name "myDiagnosticSettings" `
     -ResourceId <key-vault-resource-id> `
     -WorkspaceId <log-analytics-workspace-id> `
@@ -129,7 +129,7 @@ az monitor scheduled-query create \
 
 You can run the Azure PowerShell [New-AzScheduledQueryRule](/powershell/module/az.monitor/new-azscheduledqueryrule) cmdlet to monitor logs in the specified Log Analytics workspace for unauthorized access attempts to Azure Key Vault secrets and trigger an alert if any matching unauthorized access attempt is detected:
 
-```powershell
+```azurepowershell
 New-AzScheduledQueryRule -ResourceGroupName "<resource-group>" `
     -Location "eastus" `
     -Action `
@@ -178,7 +178,7 @@ az keyvault network-rule add \
 # [Azure PowerShell](#tab/azure-powershell)
 You can create a private endpoint using the Azure PowerShell [New-AzPrivateEndpoint](/powershell/module/az.network/new-azprivateendpoint) cmdlet:
 
-```powershell
+```azurepowershell
 $privateEndpoint = New-AzPrivateEndpoint -Name "myPrivateEndpoint" `
     -ResourceGroupName "<resource-group>" `
     -Location "eastus" `
@@ -190,7 +190,7 @@ $privateEndpoint = New-AzPrivateEndpoint -Name "myPrivateEndpoint" `
 ```
 You can create firewall rules on the Azure Key Vault instance using the Azure PowerShell [Add-AzKeyVaultNetworkRule](/powershell/module/az.keyvault/add-azkeyvaultnetworkrule) cmdlet, substituting the appropriate key vault names, resource groups, subnet, and subnet mask information:
 
-```powershell
+```azurepowershell
 Add-AzKeyVaultNetworkRule -VaultName "<vault-name>" `
     -ResourceGroupName "<resource-group>" `
     -IPAddress "<trusted-ip-address>/32"

articles/key-vault/general/authentication-requests-and-responses.md

@@ -7,7 +7,7 @@ author: msmbaldwin
 ms.service: azure-key-vault
 ms.subservice: general
 ms.topic: concept-article
-ms.date: 03/26/2026
+ms.date: 04/10/2026
 ms.author: mbaldwin
 
 ---
@@ -18,7 +18,7 @@ Azure Key Vault provides two types of containers to store and manage secrets for
 
 |Container type|Supported object types|Data-plane endpoint|
 |--|--|--|
-| **Vaults**|<ul><li>Software-protected keys</li><li>HSM-protected keys (with Premium SKU)</li><li>Certificates</li><li>Storage account keys</li></ul> | `https://<vault-name>.vault.azure.net`
+| **Vaults**|<ul><li>Software-protected keys</li><li>HSM-protected keys (with Premium SKU)</li><li>Certificates</li></ul> | `https://<vault-name>.vault.azure.net`
 |**Managed HSM** |<ul><li>HSM-protected keys</li></ul> | `https://<hsm-name>.managedhsm.azure.net`
 
 Here are the suffixes of the URLs used to access each type of object
@@ -29,7 +29,6 @@ Here are the suffixes of the URLs used to access each type of object
 |HSM-protected keys| /keys |
 |Secrets|/secrets|
 |Certificates| /certificates|
-|Storage account keys|/storageaccounts
 
 Azure Key Vault supports JSON formatted requests and responses. Requests to the Azure Key Vault are directed to a valid Azure Key Vault URL using HTTPS with some URL parameters and JSON encoded request and response bodies.
 

articles/key-vault/general/autorotation.md

@@ -7,7 +7,7 @@ ms.author: mbaldwin
 ms.service: azure-key-vault
 ms.subservice: general
 ms.topic: concept-article
-ms.date: 05/08/2025
+ms.date: 04/10/2026
 ---
 
 # Understanding autorotation in Azure Key Vault
@@ -77,12 +77,12 @@ Certificate autorotation supports:
 When implementing autorotation in Azure Key Vault, consider these best practices:
 
 1. **Use versioning**: Ensure systems reference the latest version of a key, certificate, or secret automatically
-2. **Implement proper access controls**: Use Azure RBAC to control who can configure rotation policies
-3. **Monitor rotation events**: Set up notifications and alerts for successful and failed rotations
-4. **Test rotation procedures**: Validate that dependent systems can handle rotated assets correctly
-5. **Configure appropriate rotation frequencies**: Balance security requirements with operational considerations
-6. **Document fallback procedures**: Have manual rotation processes documented for emergency scenarios
-7. **Follow security best practices**: Implement comprehensive security measures as outlined in [Secure your Azure Key Vault](secure-key-vault.md)
+1. **Implement proper access controls**: Use Azure RBAC to control who can configure rotation policies
+1. **Monitor rotation events**: Set up notifications and alerts for successful and failed rotations
+1. **Test rotation procedures**: Validate that dependent systems can handle rotated assets correctly
+1. **Configure appropriate rotation frequencies**: Balance security requirements with operational considerations
+1. **Document fallback procedures**: Have manual rotation processes documented for emergency scenarios
+1. **Follow security best practices**: Implement comprehensive security measures as outlined in [Secure your Azure Key Vault](secure-key-vault.md)
 
 ## Common autorotation scenarios