update

Author: msmbaldwin

articles/payment-hsm/known-issues.md

@@ -34,7 +34,7 @@ After a reboot, either manual or as a result of a firmware upgrade, some Hosted
 
 These errors occur under several circumstances: when accessing the payShield manager landing page, during sign-in or sign-out of payShield manager, and when using the JK host command. In the case of the JK host command, the error repeats after each attempt until a workaround is applied.
 
-This issue is limited in scope. The problem only affects HSMs in a HOSTED HSM environment, and specifically those HSMs use SNMP or the JK host command. Hosted HSMs with SNMP disabled or those not utilizing the JK command don't experience these errors or related problems.
+This issue is limited in scope. The problem only affects HSMs in a HOSTED HSM environment, and specifically those HSMs that use SNMP or the JK host command. Hosted HSMs with SNMP disabled or those not utilizing the JK command don't experience these errors or related problems.
 
 The impact of this problem is minimal. While it does cause entries to appear in the payShield error log, it doesn't affect the operation of the payShield 10k in any way. Essentially, the issue is confined to log entries and doesn't compromise the functionality or performance of the system.
 

articles/payment-hsm/support-guide.md

@@ -16,22 +16,22 @@ ms.custom: references_regions metadata
 This article outlines the Azure Payment HSM prerequisites, support channels, and division of support responsibility between Microsoft, Thales, and the customer.
 
 > [!NOTE]
-> If a customer's production environment does not has a High Availability setup as shown in [Deployment scenarios: high availability deployment](deployment-scenarios.md#high-availability-deployment), customer will not receive S2 level support.
+> If a customer's production environment doesn't have a high availability setup as shown in [Deployment scenarios: high availability deployment](deployment-scenarios.md#high-availability-deployment), the customer doesn't receive S2 level support.
 
 ## Prerequisites
 
 Microsoft works with Thales to ensure that customers meet the prerequisites before starting the onboarding process.
 
 - Customers must have access to the [Thales CPL Customer Support Portal](https://supportportal.thalesgroup.com/csm) (Customer ID).
-- Customers must have Thales smart cards and card readers for payShield Manager. If a customer need to purchase smart cards or card readers they should contact their Thales representatives, or find their contacts through the [Thales contact page](https://cpl.thalesgroup.com/contact-us):
+- Customers must have Thales smart cards and card readers for payShield Manager. If a customer needs to purchase smart cards or card readers, they should contact their Thales representatives or find their contacts through the [Thales contact page](https://cpl.thalesgroup.com/contact-us):
     - **Item**:  971-000135-001-000
     - **Description**: PS10-RMGT-KIT2 - payShield Manager Starter Kit - for software V1.4A (1.8.3) and higher
     - **Items Included**: 2 Thales Card Readers, 30 PayShield Manager Smartcards
 
     The only smart cards compatible with the ciphers used to enable over-network use smart cards have a blue band and are labeled "payShield Manager Card".
-- If a customer need to purchase a payShield Trusted Management Device (TMD), they should contact their Thales representatives or find their contacts through the [Thales contact page](https://cpl.thalesgroup.com/contact-us).
+- If a customer needs to purchase a payShield Trusted Management Device (TMD), they should contact their Thales representatives or find their contacts through the [Thales contact page](https://cpl.thalesgroup.com/contact-us).
 - Customers must download and review the "Hosted HSM End User Guide," which is available through the Thales CPL Customer Support Portal. The Hosted HSM End User Guide provides more details on the changes to payShield to this service.
-- Customers must review the "Azure Payment HSM - Get Ready for payShield 10K" guide that they received from Microsoft. (Customers who do not have the guide may request it from [Microsoft Support](#microsoft-support).)
+- Customers must review the "Azure Payment HSM - Get Ready for payShield 10K" guide that they received from Microsoft. (Customers who don't have the guide may request it from [Microsoft Support](#microsoft-support).)
 - If a customer is new to payShield or the remote management option, they should take the formal training courses available from Thales and its approved partners.
 - If a customer is using payShield on premises today with custom firmware, they must conduct a porting exercise to update the firmware to a version compatible with the Azure deployment. To request a quote, contact a Thales account manager.
 

articles/payment-hsm/whats-new.md

@@ -14,17 +14,17 @@ Here's what's new with Azure Payment HSM.
 
 ## December 2025
 
-Azure Payment HSM upgraded the base firmware to 2.2b. Please refer Thales release notes for new features and bug fixes.
+Azure Payment HSM upgraded the base firmware to 2.2b. Please refer to the Thales release notes for new features and bug fixes.
 
 ## September 2024
 
-Azure Payment HSM upgraded the base firmware to 1.9a. Refer the [Thales payShield 10K](https://cpl.thalesgroup.com/encryption/hardware-security-modules/payment-hsms/payshield-10k) release notes for new features and bug fixes in the firmware1.8a release.
+Azure Payment HSM upgraded the base firmware to 1.9a. For new features and bug fixes in the firmware 1.8a release, see the [Thales payShield 10K](https://cpl.thalesgroup.com/encryption/hardware-security-modules/payment-hsms/payshield-10k) release notes.
 
 ## May 2023
 
 Azure Payment HSM now supports two host IP network interfaces from payShield 10K. Customers using two host network interfaces can now have a maximum of 128 concurrent connections.
 
-It's important to note that there are no changes to the payment HSM resource creation process, as the two host network interfaces are created by default when the PHSM is set up. Additionally, customers can only create these host network interfaces within the same virtual network, but they can use either static or dynamic IP addresses for the host interfaces.
+There are no changes to the payment HSM resource creation process, as the two host network interfaces are created by default when you set up the PHSM. Additionally, you can only create these host network interfaces within the same virtual network, but you can use either static or dynamic IP addresses for the host interfaces.
 
 For more information, see:
 - [Create a payment HSM with the host and management port in the same virtual network using Azure CLI or PowerShell](create-payment-hsm.md)
@@ -35,9 +35,9 @@ For more information, see:
 
 ## April 2023
 
-Azure Payment HSM traffic inspection with UDR and NSG not supported.
+Azure Payment HSM doesn't support traffic inspection by using UDR and NSG.
 
-Currently, payment HSM isn't compatible with vWAN topologies or cross region virtual network peering, as listed in the [topology supported](solution-design.md#supported-topologies). Payment HSM comes with some [policy restrictions](solution-design.md#constraints) on these subnets: **Network Security Groups (NSGs) and User-Defined Routes (UDRs) are currently not supported**. It's possible to bypass the current UDR restriction and inspect traffic destined to a Payment HSM. [This article](inspect-traffic.md) presents two ways: a [firewall with source network address translation (SNAT)](inspect-traffic.md#firewall-with-source-network-address-translation-snat) and a [firewall with reverse proxy](inspect-traffic.md#firewall-with-reverse-proxy).
+Currently, Payment HSM isn't compatible with vWAN topologies or cross region virtual network peering, as listed in the [topology supported](solution-design.md#supported-topologies). Payment HSM comes with some [policy restrictions](solution-design.md#constraints) on these subnets: **Network Security Groups (NSGs) and User-Defined Routes (UDRs) are currently not supported**. You can bypass the current UDR restriction and inspect traffic destined to a Payment HSM. [This article](inspect-traffic.md) presents two ways: a [firewall with source network address translation (SNAT)](inspect-traffic.md#firewall-with-source-network-address-translation-snat) and a [firewall with reverse proxy](inspect-traffic.md#firewall-with-reverse-proxy).
 
 
 ## November 2022