Improve deployment and remediation README sections with variable setup

Restructure both Deploy Policy and Start Remediation usage
instructions to guide users through setting variables before
running scripts. Clearly separates required vs optional parameters
with inline comments, shows progressively detailed invocations
(minimal, with subscription, with all options), and streamlines
scenario examples with descriptive comments.

Author: claestom

samples/manage/azure-arc-enabled-sql-server/compliance/arc-sql-license-type-compliance/README.md

@@ -55,38 +55,57 @@ curl -sLo scripts/start-remediation.ps1 "$baseUrl/scripts/start-remediation.ps1"
 Connect-AzAccount
 ```
 
+3. Set your variables. Only `TargetLicenseType` is required — all others are optional.
+
 ```powershell
-# Example: target both platforms (default), using tenant root management group
-.\scripts\deployment.ps1 -SubscriptionId "<subscription-id>" -TargetLicenseType "PAYG" -LicenseTypesToOverwrite @("Paid")
+# ── Required ──
+$TargetLicenseType    = "PAYG"                                      # "Paid" or "PAYG"
+
+# ── Optional (uncomment to override defaults) ──
+# $ManagementGroupId      = "<management-group-id>"                 # Default: tenant root management group
+# $SubscriptionId         = "<subscription-id>"                     # Default: policy assigned at management group scope
+# $ExtensionType          = "Both"                                  # "Windows", "Linux", or "Both" (default)
+# $LicenseTypesToOverwrite = @("Unspecified","Paid","PAYG","LicenseOnly")  # Default: all
+```
 
-# Example: target both platforms with explicit management group
-.\scripts\deployment.ps1 -ManagementGroupId "<management-group-id>" -SubscriptionId "<subscription-id>" -TargetLicenseType "PAYG" -LicenseTypesToOverwrite @("Paid")
+4. Run the deployment.
 
-# Example: target only Linux
-.\scripts\deployment.ps1 -ExtensionType "Linux" -SubscriptionId "<subscription-id>" -TargetLicenseType "PAYG" -LicenseTypesToOverwrite @("Paid")
+```powershell
+# Minimal — uses defaults for management group, platform, and overwrite targets
+.\scripts\deployment.ps1 -TargetLicenseType $TargetLicenseType
+
+# With subscription scope
+.\scripts\deployment.ps1 -TargetLicenseType $TargetLicenseType -SubscriptionId $SubscriptionId
+
+# With all options
+.\scripts\deployment.ps1 `
+  -ManagementGroupId $ManagementGroupId `
+  -SubscriptionId $SubscriptionId `
+  -ExtensionType $ExtensionType `
+  -TargetLicenseType $TargetLicenseType `
+  -LicenseTypesToOverwrite $LicenseTypesToOverwrite
 ```
-The first example (without `-ExtensionType`) will:
-* Create/update a single policy definition and assignment covering **both** Windows and Linux.
-* Assign that policy at the specified subscription scope.
-* Enforce LicenseType = PAYG.
-* Update only resources where current `LicenseType` is `Paid`.
 
-The second example creates a Linux-specific definition and assignment, with platform-tailored naming.
+This will:
+* Create/update the policy definition at the management group scope.
+* Create/assign the policy (at subscription scope when `-SubscriptionId` is provided, otherwise at management group scope).
+* Target the selected `ExtensionType` platform(s) — `Both` by default covers Windows and Linux.
+* Enforce the selected `TargetLicenseType` on resources matching the `LicenseTypesToOverwrite` filter.
 
-Scenario examples:
+**Scenario examples:**
 
 ```powershell
-# Target Paid, both Linux and Windows, but only for resources with missing LicenseType or LicenseOnly (do not target PAYG)
-.\scripts\deployment.ps1 -TargetLicenseType "Paid" -LicenseTypesToOverwrite @("Unspecified","LicenseOnly")
+# Move all Paid licenses to PAYG, both platforms
+.\scripts\deployment.ps1 -TargetLicenseType "PAYG" -LicenseTypesToOverwrite @("Paid")
 
-# Target PAYG, but only where current LicenseType is Paid (do not target missing or LicenseOnly)
-.\scripts\deployment.ps1 -ExtensionType "Linux" -TargetLicenseType "PAYG" -LicenseTypesToOverwrite @("Paid")
+# Set missing and LicenseOnly to Paid, skip resources already on PAYG
+.\scripts\deployment.ps1 -TargetLicenseType "Paid" -LicenseTypesToOverwrite @("Unspecified","LicenseOnly")
 
-# Overwrite all known existing LicenseType values (Paid, PAYG, LicenseOnly), but not missing
-.\scripts\deployment.ps1 -ExtensionType "Linux" -TargetLicenseType "Paid" -LicenseTypesToOverwrite @("Paid","PAYG","LicenseOnly")
+# Linux only — move Paid to PAYG at a specific subscription
+.\scripts\deployment.ps1 -ExtensionType "Linux" -SubscriptionId "<subscription-id>" -TargetLicenseType "PAYG" -LicenseTypesToOverwrite @("Paid")
 ```
 
-Note: `scripts/deployment.ps1` automatically grants required roles to the policy assignment managed identity at assignment scope, preventing common `PolicyAuthorizationFailed` errors during DeployIfNotExists deployments.
+> **Note:** `deployment.ps1` automatically grants required roles to the policy assignment managed identity at assignment scope, preventing common `PolicyAuthorizationFailed` errors during DeployIfNotExists deployments.
 
 ## Start Remediation
 
@@ -100,17 +119,38 @@ Parameter reference:
 | `TargetLicenseType` | Yes | N/A | `Paid`, `PAYG` | Must match the assignment target license type. |
 | `GrantMissingPermissions` | No | `false` | Switch (`present`/`not present`) | If set, checks and assigns missing required roles before remediation. |
 
+1. Set your variables. `TargetLicenseType` is required and must match the value used during deployment — all others are optional.
+
 ```powershell
-# Example: remediate both platforms (default), using tenant root management group
-.\scripts\start-remediation.ps1 -SubscriptionId "<subscription-id>" -TargetLicenseType "PAYG" -GrantMissingPermissions
+# ── Required ──
+$TargetLicenseType    = "PAYG"                                      # Must match the deployment target
+
+# ── Optional (uncomment to override defaults) ──
+# $ManagementGroupId      = "<management-group-id>"                 # Default: tenant root management group
+# $SubscriptionId         = "<subscription-id>"                     # Default: remediation runs at management group scope
+# $ExtensionType          = "Both"                                  # Must match the platform used for deployment
+```
 
-# Example: remediate with explicit management group
-.\scripts\start-remediation.ps1 -ManagementGroupId "<management-group-id>" -SubscriptionId "<subscription-id>" -TargetLicenseType "PAYG" -GrantMissingPermissions
+2. Run the remediation.
 
-# Example: remediate only Linux
-.\scripts\start-remediation.ps1 -ExtensionType "Linux" -SubscriptionId "<subscription-id>" -TargetLicenseType "PAYG" -GrantMissingPermissions
+```powershell
+# Minimal — uses defaults for management group and platform
+.\scripts\start-remediation.ps1 -TargetLicenseType $TargetLicenseType -GrantMissingPermissions
+
+# With subscription scope
+.\scripts\start-remediation.ps1 -TargetLicenseType $TargetLicenseType -SubscriptionId $SubscriptionId -GrantMissingPermissions
+
+# With all options
+.\scripts\start-remediation.ps1 `
+  -ManagementGroupId $ManagementGroupId `
+  -ExtensionType $ExtensionType `
+  -SubscriptionId $SubscriptionId `
+  -TargetLicenseType $TargetLicenseType `
+  -GrantMissingPermissions
 ```
 
+> **Note:** Use `-GrantMissingPermissions` to automatically check and assign any missing required roles before remediation starts.
+
 ## Managed Identity And Roles
 
 The policy assignment is created with `-IdentityType SystemAssigned`. Azure creates a managed identity on the assignment and uses it to apply DeployIfNotExists changes during enforcement and remediation.