Merge pull request #3095 from Blackmist/372133-fresh

freshness

Author: prmerger-automator[bot]

articles/ai-studio/how-to/troubleshoot-secure-connection-project.md

@@ -7,29 +7,27 @@ ms.service: azure-ai-foundry
 ms.custom:
   - build-2024
 ms.topic: how-to
-ms.date: 11/21/2024
+ms.date: 02/21/2025
 ms.reviewer: meerakurup
 ms.author: larryfr
 author: Blackmist
 ---
 
 # Troubleshoot connection to a project with a private endpoint
 
-[!INCLUDE [feature-preview](../includes/feature-preview.md)]
-
-When connecting to a project that has been configured with a private endpoint, you may encounter a 403 or a messaging saying that access is forbidden. Use the information in this article to check for common configuration problems that can cause this error.
+When connecting to a project configured with a private endpoint, you might encounter a 403 or a messaging saying that access is forbidden. Use the information in this article to check for common configuration problems that can cause this error.
 
 ## Securely connect to your project
 
-To connect to a project that's secured behind a VNet, use one of the following methods:
+To connect to a project secured behind a virtual network, use one of the following methods:
 
-* [Azure VPN gateway](/azure/vpn-gateway/vpn-gateway-about-vpngateways) - Connects on-premises networks to the VNet over a private connection. Connection is made over the public internet. There are two types of VPN gateways that you might use:
+* [Azure VPN gateway](/azure/vpn-gateway/vpn-gateway-about-vpngateways) - Connects on-premises networks to the virtual network over a private connection. Connection is made over the public internet. There are two types of VPN gateways that you might use:
 
-    * [Point-to-site](/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal): Each client computer uses a VPN client to connect to the VNet.
-    * [Site-to-site](/azure/vpn-gateway/tutorial-site-to-site-portal): A VPN device connects the VNet to your on-premises network.
+    * [Point-to-site](/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal): Each client computer uses a VPN client to connect to the virtual network.
+    * [Site-to-site](/azure/vpn-gateway/tutorial-site-to-site-portal): A VPN device connects the virtual network to your on-premises network.
 
 * [ExpressRoute](https://azure.microsoft.com/services/expressroute/) - Connects on-premises networks into the cloud over a private connection. Connection is made using a connectivity provider.
-* [Azure Bastion](/azure/bastion/bastion-overview) - In this scenario, you create an Azure Virtual Machine (sometimes called a jump box) inside the VNet. You then connect to the VM using Azure Bastion. Bastion allows you to connect to the VM using either an RDP or SSH session from your local web browser. You then use the jump box as your development environment. Since it is inside the VNet, it can directly access the workspace.
+* [Azure Bastion](/azure/bastion/bastion-overview) - In this scenario, you create an Azure Virtual Machine (sometimes called a jump box) inside the virtual network. You then connect to the VM using Azure Bastion. Bastion allows you to connect to the VM using either an RDP or SSH session from your local web browser. You then use the jump box as your development environment. Since it is inside the virtual network, it can directly access the workspace.
 
 ## DNS configuration
 
@@ -51,8 +49,8 @@ The troubleshooting steps for DNS configuration differ based on whether you're u
 
     :::image type="content" source="../media/how-to/troubleshoot-secure-connection-project/dns-servers.png" alt-text="Screenshot of the DNS servers configuration." lightbox="../media/how-to/troubleshoot-secure-connection-project/dns-servers.png":::
 
-    * If this value is __Default (Azure-provided)__, then the VNet is using Azure DNS. Skip to the [Azure DNS troubleshooting](#azure-dns-troubleshooting) section.
-    * If there's a different IP address listed, then the VNet is using a custom DNS solution. Skip to the [Custom DNS troubleshooting](#custom-dns-troubleshooting) section.
+    * If this value is __Default (Azure-provided)__, then the virtual network is using Azure DNS. Skip to the [Azure DNS troubleshooting](#azure-dns-troubleshooting) section.
+    * If there's a different IP address listed, then the virtual network is using a custom DNS solution. Skip to the [Custom DNS troubleshooting](#custom-dns-troubleshooting) section.
 
 ### Custom DNS troubleshooting
 
@@ -97,7 +95,7 @@ When using Azure DNS for name resolution, use the following steps to verify that
     * If there's a Private DNS zone entry, but __no DNS zone group entry__, delete and recreate the Private Endpoint. When recreating the private endpoint, __enable Private DNS zone integration__.
     * If __DNS zone group__ isn't empty, select the link for the __Private DNS zone__ entry.
     
-        From the Private DNS zone, select __Virtual network links__. There should be a link to the VNet. If there isn't one, then delete and recreate the private endpoint. When recreating it, select a Private DNS Zone linked to the VNet or create a new one that is linked to it.
+        From the Private DNS zone, select __Virtual network links__. There should be a link to the virtual network. If there isn't one, then delete and recreate the private endpoint. When recreating it, select a Private DNS Zone linked to the virtual network or create a new one that is linked to it.
 
         :::image type="content" source="../media/how-to/troubleshoot-secure-connection-project/virtual-network-links.png" alt-text="Screenshot of the virtual network links for the Private DNS zone." lightbox="../media/how-to/troubleshoot-secure-connection-project/virtual-network-links.png":::
 
@@ -109,14 +107,14 @@ Check if DNS over HTTP is enabled in your web browser. DNS over HTTP can prevent
 
 * Mozilla Firefox: For more information, see [Disable DNS over HTTPS in Firefox](https://support.mozilla.org/en-US/kb/firefox-dns-over-https).
 * Microsoft Edge:
-    1. In Edge, select __...__ and then select __Settings__.
+    1. In Microsoft Edge, select __...__ and then select __Settings__.
     1. From settings, search for `DNS` and then disable __Use secure DNS to specify how to look up the network address for websites__.
     
         :::image type="content" source="../media/how-to/troubleshoot-secure-connection-project/disable-dns-over-http.png" alt-text="Screenshot of the use secure DNS setting in Microsoft Edge." lightbox="../media/how-to/troubleshoot-secure-connection-project/disable-dns-over-http.png":::
 
 ## Proxy configuration
 
-If you use a proxy, it may prevent communication with a secured project. To test, use one of the following options:
+If you use a proxy, it might prevent communication with a secured project. To test, use one of the following options:
 
 * Temporarily disable the proxy setting and see if you can connect.
 * Create a [Proxy auto-config (PAC)](https://wikipedia.org/wiki/Proxy_auto-config) file that allows direct access to the FQDNs listed on the private endpoint. It should also allow direct access to the FQDN for any compute instances.
@@ -125,12 +123,12 @@ If you use a proxy, it may prevent communication with a secured project. To test
 
 ## Troubleshoot configurations on connecting to storage
 
-When you create a project, a number of connections to Azure storage are auto-created for data upload scenarios and artifact storage including prompt flow. When your hub's associated Azure Storage account is having public network access set to 'Disabled', there may be a delay in these storage connections to be created. 
+When you create a project, several connections to Azure storage are automatically created for data upload and artifact storage, including prompt flow. When your hub's associated Azure Storage account is having public network access set to 'Disabled', there might be a delay in these storage connections to be created. 
 
 Try the following steps to troubleshoot:
-1. In Azure Portal, check the network settings of the storage account that is associated to your hub.
+1. In Azure portal, check the network settings of the storage account that is associated to your hub.
   * If public network access is set to __Enabled from selected virtual networks and IP addresses__, ensure the correct IP address ranges are added to access your storage account.
   * If public network access is set to __Disabled__, ensure you have a private endpoint configured from your Azure virtual network to your storage account with Target sub-resource as blob. In addition, you must grant the [Reader](/azure/role-based-access-control/built-in-roles#reader) role for the storage account private endpoint to the managed identity.
-2. In Azure Portal, navigate to your Azure AI Foundry hub. Ensure the managed virtual network is provisioned and the outbound private endpoint to blob storage is Active. For more on provisioning the managed virtual network, see [How to configure a managed network for Azure AI Foundry hubs](configure-managed-network.md).
+2. In Azure portal, navigate to your Azure AI Foundry hub. Ensure the managed virtual network is provisioned and the outbound private endpoint to blob storage is Active. For more on provisioning the managed virtual network, see [How to configure a managed network for Azure AI Foundry hubs](configure-managed-network.md).
 3. Navigate to Azure AI Foundry > your project > project settings. 
-4. Refresh the page. A number of connections should be created including 'workspaceblobstore'.
+4. Refresh the page. Several connections should be created including 'workspaceblobstore'.