AVD RDP Shortpath minor tweaks

Author: dknappettmsft

articles/virtual-desktop/configure-rdp-shortpath.md

@@ -30,7 +30,7 @@ Before you can enable RDP Shortpath, you'll need to meet the prerequisites. Sele
 > RDP Shortpath for public networks with STUN or TURN will work automatically without any additional configuration, providing networks and firewalls allow the traffic through and RDP transport settings in the Windows operating system for session hosts and clients are using their default values. The steps to configure RDP Shortpath for public networks are provided for session hosts and clients in case these defaults have been changed. 
 
 - A client device running the [Remote Desktop client for Windows](users/connect-windows.md), version 1.2.3488 or later. Currently, non-Windows clients aren't supported.
-- Internet access for both clients and session hosts. Session hosts require outbound UDP connectivity from your session hosts to the internet or connections to STUN and TURN servers. To reduce the number of ports required, you can [limit the port range used by clients for public networks](configure-rdp-shortpath-limit-ports-public-networks.md). For more information you can use to configure firewalls and Network Security Groups, see [Network configurations for RDP Shortpath](rdp-shortpath.md#network-configuration).
+- Internet access for both clients and session hosts. Session hosts require outbound UDP connectivity from your session hosts to the internet or connections to STUN and TURN servers. To reduce the number of ports required, you can [limit the port range used by clients for public networks](configure-rdp-shortpath-limit-ports-public-networks.md). RDP Shortpath doesn't support Symmetric NAT. For more information you can use to configure firewalls and Network Security Groups, see [Network configurations for RDP Shortpath](rdp-shortpath.md?tabs=public-networks#network-configuration).
 - Check your client can connect to the STUN and TURN endpoints and verify that basic UDP functionality works by running the executable `avdnettest.exe`. For steps of how to do this, see [Verifying STUN/TURN server connectivity and NAT type](troubleshoot-rdp-shortpath.md#verifying-stunturn-server-connectivity-and-nat-type).
 - To use TURN, the connection from the client must be within a supported location. For a list of Azure regions that TURN is available, see [supported Azure regions with TURN availability](rdp-shortpath.md#turn-availability-preview).
 

articles/virtual-desktop/rdp-shortpath.md

@@ -89,7 +89,7 @@ To provide the best chance of a UDP connection being successful when using a pub
 
 When a connection is being established, Interactive Connectivity Establishment (ICE) coordinates the management of STUN and TURN to optimize the likelihood of a connection being established, and ensure that precedence is given to preferred network communication protocols.
 
-Each RDP session uses a dynamically assigned UDP port from an ephemeral port range (49152–65535 by default) that accepts the RDP Shortpath traffic. You can also use a smaller, predictable port range. For more information, see [Limit the port range used by clients for public networks](configure-rdp-shortpath-limit-ports-public-networks.md).
+Each RDP session uses a dynamically assigned UDP port from an ephemeral port range (**49152** to **65535** by default) that accepts the RDP Shortpath traffic. You can also use a smaller, predictable port range. For more information, see [Limit the port range used by clients for public networks](configure-rdp-shortpath-limit-ports-public-networks.md).
 
 > [!TIP]
 > RDP Shortpath for public networks will work automatically without any additional configuration, providing networks and firewalls allow the traffic through and RDP transport settings in the Windows operating system for session hosts and clients are using their default values.
@@ -214,12 +214,6 @@ Here are some general recommendations when using RDP Shortpath for public networ
 
 RDP Shortpath extends RDP multi-transport capabilities. It doesn't replace the reverse connect transport but complements it. Initial session brokering is managed through the Azure Virtual Desktop service and the reverse connect transport. All connection attempts are ignored unless they match the reverse connect session first. RDP Shortpath is established after authentication, and if successfully established, the reverse connect transport is dropped and all traffic flows over the RDP Shortpath.
 
-The port used for each RDP session depends on whether RDP Shortpath is being used for managed networks or public networks:
-
-- **Managed networks**: only the specified UDP port (**3390** by default) will be used for incoming RDP Shortpath traffic.
-
-- **Public networks**: each RDP session uses a dynamically assigned UDP port from an ephemeral port range (49152–65535 by default) that accepts the RDP Shortpath traffic. You can also use a smaller, predictable port range. For more information, see [Limit the port range used by clients for public networks](configure-rdp-shortpath-limit-ports-public-networks.md).
-
 RDP Shortpath uses a secure connection using TLS over reliable UDP between the client and the session host using the session host's certificates. By default, the certificate used for RDP encryption is self-generated by the operating system during the deployment. You can also deploy centrally managed certificates issued by an enterprise certification authority. For more information about certificate configurations, see [Remote Desktop listener certificate configurations](/troubleshoot/windows-server/remote/remote-desktop-listener-certificate-configurations).
 
 > [!NOTE]