edit

greg-lindsay · greg-lindsay · commit 0fda144e9dda · 2024-11-18T16:26:52.000-08:00
diff --git a/articles/dns/dns-security-policy.md b/articles/dns/dns-security-policy.md
@@ -56,7 +56,6 @@ To display DNS traffic rules in the Azure portal, select a DNS security policy a
     * If a domain name is blocked in a lower priority rule, and the same domain is allowed in a higher priority rule, the domain name is allowed.
     * Rules follow the DNS hierarchy. If contoso.com is allowed in a higher priority rule, then sub.contoso.com is allowed, even if sub.contoso.com is blocked in a lower priority rule.
 - You can dynamically add and delete rules from the list. Be sure to **Save** after editing rules in the portal.
-- During preview, up to 10 traffic rules are allowed per security policy. This limit will be increased to 100 for general availability.
 - Multiple **DNS Domain Lists** are allowed per rule. You must have at least one DNS domain list. 
 - Each rule is associated with one of three **Traffic Actions**: **Allow**, **Block**, or **Alert**.
     * **Allow**: Permit the query to the associated domain lists and log the query.
@@ -107,6 +106,9 @@ Virtual network restrictions:
 - DNS security policies can only be applied to VNets in the same region as the DNS security policy.
 - You can link one security policy per VNet. A single security policy can be associated to multiple VNets.
 
+DNS traffic rule restrictions:
+- During preview, up to 10 traffic rules are allowed per security policy. This limit will be increased to 100 for general availability.
+
 ## Related content
 
 - [How to filter and view DNS traffic (Preview)](dns-traffic-log-how-to.md).
