docs: adjust MAA updating (#3152)

* docs: adjust MAA updating

* versioned-docs: backport fix

docs/docs/getting-started/install.md

@@ -188,7 +188,7 @@ Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/
 
 The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription:
 
-* `Microsoft.Attestation` \[2]
+* `Microsoft.Attestation`
 * `Microsoft.Compute`
 * `Microsoft.Insights`
 * `Microsoft.ManagedIdentity`
@@ -208,7 +208,7 @@ The built-in `Owner` role is a superset of these permissions.
 
 To [create a Constellation cluster](../workflows/create.md), you need the following permissions:
 
-* `Microsoft.Attestation/attestationProviders/*` \[2]
+* `Microsoft.Attestation/attestationProviders/*`
 * `Microsoft.Compute/virtualMachineScaleSets/*`
 * `Microsoft.Insights/components/*`
 * `Microsoft.ManagedIdentity/userAssignedIdentities/*`
@@ -226,8 +226,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az
 
 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration.
 
-2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster).
-
 </tabItem>
 <tabItem value="gcp" label="GCP">
 

docs/docs/workflows/create.md

@@ -56,7 +56,7 @@ management tooling of your choice. You need to keep the essential functionality
 
 :::info
 
-  On Azure, if the enforcement policy is set to `MAAFallback` in `constellation-config.yaml`, a manual update to the MAA provider's policy is necessary.
+  On Azure, a manual update to the MAA provider's policy is necessary.
   You can apply the update with the following command after creating the infrastructure, with `<URL>` being the URL of the MAA provider (i.e., `$(terraform output attestation_url | jq -r)`, when using the minimal Terraform configuration).
 
   ```bash

docs/versioned_docs/version-2.10/getting-started/install.md

@@ -109,7 +109,7 @@ If you don't have a cloud subscription, you can also set up a [local Constellati
 <tabItem value="azure" label="Azure">
 
 The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription:
-* `Microsoft.Attestation` \[2]
+* `Microsoft.Attestation`
 * `Microsoft.Compute`
 * `Microsoft.Insights`
 * `Microsoft.ManagedIdentity`
@@ -127,7 +127,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu
 The built-in `Owner` role is a superset of these permissions.
 
 To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions:
-* `Microsoft.Attestation/attestationProviders/*` \[2]
+* `Microsoft.Attestation/attestationProviders/*`
 * `Microsoft.Compute/virtualMachineScaleSets/*`
 * `Microsoft.Insights/components/*`
 * `Microsoft.ManagedIdentity/userAssignedIdentities/*`
@@ -145,8 +145,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az
 
 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration.
 
-2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster).
-
 </tabItem>
 <tabItem value="gcp" label="GCP">
 

docs/versioned_docs/version-2.11/getting-started/install.md

@@ -127,7 +127,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu
 The built-in `Owner` role is a superset of these permissions.
 
 To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions:
-* `Microsoft.Attestation/attestationProviders/*` \[2]
+* `Microsoft.Attestation/attestationProviders/*`
 * `Microsoft.Compute/virtualMachineScaleSets/*`
 * `Microsoft.Insights/components/*`
 * `Microsoft.ManagedIdentity/userAssignedIdentities/*`
@@ -145,8 +145,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az
 
 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration.
 
-2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster).
-
 </tabItem>
 <tabItem value="gcp" label="GCP">
 

docs/versioned_docs/version-2.12/getting-started/install.md

@@ -109,7 +109,7 @@ If you don't have a cloud subscription, you can also set up a [local Constellati
 <tabItem value="azure" label="Azure">
 
 The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription:
-* `Microsoft.Attestation` \[2]
+* `Microsoft.Attestation`
 * `Microsoft.Compute`
 * `Microsoft.Insights`
 * `Microsoft.ManagedIdentity`
@@ -127,7 +127,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu
 The built-in `Owner` role is a superset of these permissions.
 
 To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions:
-* `Microsoft.Attestation/attestationProviders/*` \[2]
+* `Microsoft.Attestation/attestationProviders/*`
 * `Microsoft.Compute/virtualMachineScaleSets/*`
 * `Microsoft.Insights/components/*`
 * `Microsoft.ManagedIdentity/userAssignedIdentities/*`
@@ -145,8 +145,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az
 
 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration.
 
-2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster).
-
 </tabItem>
 <tabItem value="gcp" label="GCP">
 

docs/versioned_docs/version-2.13/getting-started/install.md

@@ -109,7 +109,7 @@ If you don't have a cloud subscription, you can also set up a [local Constellati
 <tabItem value="azure" label="Azure">
 
 The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription:
-* `Microsoft.Attestation` \[2]
+* `Microsoft.Attestation`
 * `Microsoft.Compute`
 * `Microsoft.Insights`
 * `Microsoft.ManagedIdentity`
@@ -127,7 +127,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu
 The built-in `Owner` role is a superset of these permissions.
 
 To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions:
-* `Microsoft.Attestation/attestationProviders/*` \[2]
+* `Microsoft.Attestation/attestationProviders/*`
 * `Microsoft.Compute/virtualMachineScaleSets/*`
 * `Microsoft.Insights/components/*`
 * `Microsoft.ManagedIdentity/userAssignedIdentities/*`
@@ -145,8 +145,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az
 
 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration.
 
-2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster).
-
 </tabItem>
 <tabItem value="gcp" label="GCP">
 

docs/versioned_docs/version-2.13/workflows/create.md

@@ -55,7 +55,7 @@ management tooling of your choice. You need to keep the essential functionality
 
 :::info
 
-  On Azure, if the enforcement policy is set to `MAAFallback` in `constellation-config.yaml`, a manual update to the MAA provider's policy is necessary.
+  On Azure, a manual update to the MAA provider's policy is necessary.
   You can apply the update with the following command after creating the infrastructure, with `<URL>` being the URL of the MAA provider (i.e., `$(terraform output attestationURL | jq -r)`, when using the minimal Terraform configuration).
 
   ```bash

docs/versioned_docs/version-2.14/getting-started/install.md

@@ -114,7 +114,7 @@ If you don't have a cloud subscription, you can also set up a [local Constellati
 
 The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription:
 
-* `Microsoft.Attestation` \[2]
+* `Microsoft.Attestation`
 * `Microsoft.Compute`
 * `Microsoft.Insights`
 * `Microsoft.ManagedIdentity`
@@ -134,7 +134,7 @@ The built-in `Owner` role is a superset of these permissions.
 
 To [create a Constellation cluster](../workflows/create.md), you need the following permissions:
 
-* `Microsoft.Attestation/attestationProviders/*` \[2]
+* `Microsoft.Attestation/attestationProviders/*`
 * `Microsoft.Compute/virtualMachineScaleSets/*`
 * `Microsoft.Insights/components/*`
 * `Microsoft.ManagedIdentity/userAssignedIdentities/*`
@@ -152,8 +152,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az
 
 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration.
 
-2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster).
-
 </tabItem>
 <tabItem value="gcp" label="GCP">
 

docs/versioned_docs/version-2.14/workflows/create.md

@@ -56,7 +56,7 @@ management tooling of your choice. You need to keep the essential functionality
 
 :::info
 
-  On Azure, if the enforcement policy is set to `MAAFallback` in `constellation-config.yaml`, a manual update to the MAA provider's policy is necessary.
+  On Azure, a manual update to the MAA provider's policy is necessary.
   You can apply the update with the following command after creating the infrastructure, with `<URL>` being the URL of the MAA provider (i.e., `$(terraform output attestation_url | jq -r)`, when using the minimal Terraform configuration).
 
   ```bash

docs/versioned_docs/version-2.15/getting-started/install.md

@@ -114,7 +114,7 @@ If you don't have a cloud subscription, you can also set up a [local Constellati
 
 The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription:
 
-* `Microsoft.Attestation` \[2]
+* `Microsoft.Attestation`
 * `Microsoft.Compute`
 * `Microsoft.Insights`
 * `Microsoft.ManagedIdentity`
@@ -134,7 +134,7 @@ The built-in `Owner` role is a superset of these permissions.
 
 To [create a Constellation cluster](../workflows/create.md), you need the following permissions:
 
-* `Microsoft.Attestation/attestationProviders/*` \[2]
+* `Microsoft.Attestation/attestationProviders/*`
 * `Microsoft.Compute/virtualMachineScaleSets/*`
 * `Microsoft.Insights/components/*`
 * `Microsoft.ManagedIdentity/userAssignedIdentities/*`
@@ -152,8 +152,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az
 
 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration.
 
-2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster).
-
 </tabItem>
 <tabItem value="gcp" label="GCP">
 

docs/versioned_docs/version-2.15/workflows/create.md

@@ -56,7 +56,7 @@ management tooling of your choice. You need to keep the essential functionality
 
 :::info
 
-  On Azure, if the enforcement policy is set to `MAAFallback` in `constellation-config.yaml`, a manual update to the MAA provider's policy is necessary.
+  On Azure, a manual update to the MAA provider's policy is necessary.
   You can apply the update with the following command after creating the infrastructure, with `<URL>` being the URL of the MAA provider (i.e., `$(terraform output attestation_url | jq -r)`, when using the minimal Terraform configuration).
 
   ```bash

docs/versioned_docs/version-2.16/getting-started/install.md

@@ -188,7 +188,7 @@ Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/
 
 The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription:
 
-* `Microsoft.Attestation` \[2]
+* `Microsoft.Attestation`
 * `Microsoft.Compute`
 * `Microsoft.Insights`
 * `Microsoft.ManagedIdentity`
@@ -208,7 +208,7 @@ The built-in `Owner` role is a superset of these permissions.
 
 To [create a Constellation cluster](../workflows/create.md), you need the following permissions:
 
-* `Microsoft.Attestation/attestationProviders/*` \[2]
+* `Microsoft.Attestation/attestationProviders/*`
 * `Microsoft.Compute/virtualMachineScaleSets/*`
 * `Microsoft.Insights/components/*`
 * `Microsoft.ManagedIdentity/userAssignedIdentities/*`
@@ -226,8 +226,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az
 
 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration.
 
-2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster).
-
 </tabItem>
 <tabItem value="gcp" label="GCP">
 

docs/versioned_docs/version-2.16/workflows/create.md

@@ -56,7 +56,7 @@ management tooling of your choice. You need to keep the essential functionality
 
 :::info
 
-  On Azure, if the enforcement policy is set to `MAAFallback` in `constellation-config.yaml`, a manual update to the MAA provider's policy is necessary.
+  On Azure, a manual update to the MAA provider's policy is necessary.
   You can apply the update with the following command after creating the infrastructure, with `<URL>` being the URL of the MAA provider (i.e., `$(terraform output attestation_url | jq -r)`, when using the minimal Terraform configuration).
 
   ```bash

docs/versioned_docs/version-2.7/getting-started/install.md

@@ -109,7 +109,7 @@ If you don't have a cloud subscription, you can try [MiniConstellation](first-st
 <tabItem value="azure" label="Azure">
 
 The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription:
-* `Microsoft.Attestation` \[2]
+* `Microsoft.Attestation`
 * `Microsoft.Compute`
 * `Microsoft.Insights`
 * `Microsoft.ManagedIdentity`
@@ -127,7 +127,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu
 The built-in `Owner` role is a superset of these permissions.
 
 To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions:
-* `Microsoft.Attestation/attestationProviders/*` \[2]
+* `Microsoft.Attestation/attestationProviders/*`
 * `Microsoft.Compute/virtualMachineScaleSets/*`
 * `Microsoft.Insights/components/*`
 * `Microsoft.ManagedIdentity/userAssignedIdentities/*`
@@ -144,8 +144,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az
 
 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration.
 
-2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster).
-
 </tabItem>
 <tabItem value="gcp" label="GCP">
 

docs/versioned_docs/version-2.8/getting-started/install.md

@@ -109,7 +109,7 @@ If you don't have a cloud subscription, you can also set up a [local Constellati
 <tabItem value="azure" label="Azure">
 
 The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription:
-* `Microsoft.Attestation` \[2]
+* `Microsoft.Attestation`
 * `Microsoft.Compute`
 * `Microsoft.Insights`
 * `Microsoft.ManagedIdentity`
@@ -127,7 +127,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu
 The built-in `Owner` role is a superset of these permissions.
 
 To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions:
-* `Microsoft.Attestation/attestationProviders/*` \[2]
+* `Microsoft.Attestation/attestationProviders/*`
 * `Microsoft.Compute/virtualMachineScaleSets/*`
 * `Microsoft.Insights/components/*`
 * `Microsoft.ManagedIdentity/userAssignedIdentities/*`
@@ -145,8 +145,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az
 
 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration.
 
-2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster).
-
 </tabItem>
 <tabItem value="gcp" label="GCP">
 

docs/versioned_docs/version-2.9/getting-started/install.md

@@ -109,7 +109,7 @@ If you don't have a cloud subscription, you can also set up a [local Constellati
 <tabItem value="azure" label="Azure">
 
 The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription:
-* `Microsoft.Attestation` \[2]
+* `Microsoft.Attestation`
 * `Microsoft.Compute`
 * `Microsoft.Insights`
 * `Microsoft.ManagedIdentity`
@@ -127,7 +127,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu
 The built-in `Owner` role is a superset of these permissions.
 
 To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions:
-* `Microsoft.Attestation/attestationProviders/*` \[2]
+* `Microsoft.Attestation/attestationProviders/*`
 * `Microsoft.Compute/virtualMachineScaleSets/*`
 * `Microsoft.Insights/components/*`
 * `Microsoft.ManagedIdentity/userAssignedIdentities/*`
@@ -145,8 +145,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az
 
 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration.
 
-2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster).
-
 </tabItem>
 <tabItem value="gcp" label="GCP">