Merge pull request #107967 from jelledruyts/jelledruyts-28667

Minor tweaks to language and consistency

Author: v-albemi

articles/app-service/networking/private-endpoint.md

@@ -8,6 +8,7 @@ ms.date: 03/12/2020
 ms.author: ericg
 ms.service: app-service
 ms.workload: web
+ms.custom: fasttrack-edit
 
 ---
 
@@ -16,48 +17,48 @@ ms.workload: web
 > [!Note]
 > The preview is available in East US region for all PremiumV2 Windows and Linux Web Apps and Elastic Premium Functions. 
 
-You can use Private Endpoint for your Azure Web App to allow clients located in your private network to securely access to the app over Private Link. The Private Endpoint uses an IP address from your Azure VNet address space. Network traffic between client on your private network and the Web App traverses over the Vnet and a Private Link on the Microsoft backbone network, eliminating exposure from the public Internet.
+You can use Private Endpoint for your Azure Web App to allow clients located in your private network to securely access the app over Private Link. The Private Endpoint uses an IP address from your Azure VNet address space. Network traffic between a client on your private network and the Web App traverses over the VNet and a Private Link on the Microsoft backbone network, eliminating exposure from the public Internet.
 
 Using Private Endpoint for your Web App enables you to:
 
-- Secure your Web App by configuring the Service Endpoint, eliminating public exposure
-- Securely connect to Web App from on-premises networks that connect to the Vnet using a VPN or ExpressRoute private peering.
+- Secure your Web App by configuring the Service Endpoint, eliminating public exposure.
+- Securely connect to Web App from on-premises networks that connect to the VNet using a VPN or ExpressRoute private peering.
 
-If you just need a secure connection between your Vnet and your Web App, Service Endpoint is the simplest solution. If you also need to reach the web app from on-premises through an Azure gateway, a regionally peered Vnet or a globally peered Vnet, Private Endpoint is the solution.  
+If you just need a secure connection between your VNet and your Web App, a Service Endpoint is the simplest solution. If you also need to reach the web app from on-premises through an Azure gateway, a regionally peered VNet or a globally peered VNet, Private Endpoint is the solution.  
 
-For more information about [Service Endpoint][serviceendpoint]
+For more information, see [Service Endpoints][serviceendpoint].
 
 ## Conceptual overview
 
-A Private Endpoint is a special network interface (nic) for your Azure Web App in your Subnet in your Virtual Network (Vnet).
-When you create a Private Endpoint for your Web App, it provides a secure connectivity between clients on your private network and your Web App. The private Endpoint is assigned an IP Address from the IP address range of your Vnet.
-The connection between the Private Endpoint and the Web App uses a secure [Private Link][privatelink]. Private endpoint is only used for incoming flows to your Web App. Outgoing flows will not use this Private Endpoint, but you can inject outgoing flows to your network in a different subnet through the [Vnet integration feature][vnetintegrationfeature].
+A Private Endpoint is a special network interface (NIC) for your Azure Web App in a Subnet in your Virtual Network (VNet).
+When you create a Private Endpoint for your Web App, it provides secure connectivity between clients on your private network and your Web App. The Private Endpoint is assigned an IP Address from the IP address range of your VNet.
+The connection between the Private Endpoint and the Web App uses a secure [Private Link][privatelink]. Private Endpoint is only used for incoming flows to your Web App. Outgoing flows will not use this Private Endpoint, but you can inject outgoing flows to your network in a different subnet through the [VNet integration feature][vnetintegrationfeature].
 
 The Subnet where you plug the Private Endpoint can have other resources in it, you don't need a dedicated empty Subnet.
-You can deploy Private Endpoint in a different region than the Web App. 
+You can also deploy the Private Endpoint in a different region than the Web App. 
 
 > [!Note]
->The Vnet integration feature cannot use the same subnet than Private Endpoint, this is a limitation of the Vnet integration feature
+>The VNet integration feature cannot use the same subnet than Private Endpoint, this is a limitation of the VNet integration feature.
 
-From the security perspective:
+From a security perspective:
 
-- When you enable Service Endpoint to your Web App, you disable all public access
-- You can enable multiple Private Endpoints in others Vnets and Subnets, including Vnets in other regions
-- The IP address of the Private endpoint NIC must be dynamic, but will remain the same until you delete the Private Endpoint
-- The NIC of the Private Endpoint cannot have an NSG associated
-- The Subnet that hosts the Private Endpoint can have an NSG associated, but you must disable the network policies enforcement for the Private Endpoint see [this article][disablesecuritype]. As a result, you cannot filter by any NSG the access to your Private Endpoint
+- When you enable Private Endpoints to your Web App, you disable all public access.
+- You can enable multiple Private Endpoints in others VNets and Subnets, including VNets in other regions.
+- The IP address of the Private Endpoint NIC must be dynamic, but will remain the same until you delete the Private Endpoint.
+- The NIC of the Private Endpoint cannot have an NSG associated.
+- The Subnet that hosts the Private Endpoint can have an NSG associated, but you must disable the network policies enforcement for the Private Endpoint: see [Disable network policies for private endpoints][disablesecuritype]. As a result, you cannot filter by any NSG the access to your Private Endpoint.
 - When you enable Private Endpoint to your Web App, the [access restrictions][accessrestrictions] configuration of the Web App is not evaluated.
-- You can reduce data exfiltration risk from the vnet by removing all NSG rules where destination is tag Internet or Azure services. But adding a Web App Service Endpoint in your subnet, will let you reach any Web App hosted in the same stamp and exposed to Internet. (This is only a limitation of the current preview.)
+- You can reduce the data exfiltration risk from the VNet by removing all NSG rules where destination is tag Internet or Azure services. But adding a Web App Service Endpoint in your subnet will let you reach any Web App hosted in the same deployment stamp and exposed to the Internet.
 
-In the Web http logs of your Web App, you will find the client source IP. We implemented the TCP Proxy protocol, forwarding up to the Web App the client IP property. For more information, see [this article][tcpproxy].
+In the Web HTTP logs of your Web App, you will find the client source IP. This is implemented using the TCP Proxy protocol, forwarding the client IP property up to the Web App. For more information, see [Getting connection Information using TCP Proxy v2][tcpproxy].
 
 ![Global overview][1]
 
 
 ## DNS
 
-As this feature is in preview, we don't change the DNS entry during the preview. You need to manage yourself the DNS entry in your private DNS server or Azure DNS private zone. 
-If you need to use a custom DNS name, you must add the custom name in your Web App. During the preview, the custom name must be validated like any custom name, using public DNS resolution. [custom DNS validation technical reference][dnsvalidation]
+As this feature is in preview, we don't change the DNS entry during the preview. You need to manage the DNS entry in your private DNS server or Azure DNS private zone yourself.
+If you need to use a custom DNS name, you must add the custom name in your Web App. During the preview, the custom name must be validated like any custom name, using public DNS resolution. See [custom DNS validation][dnsvalidation] for more information.
 
 ## Pricing
 

articles/private-link/create-private-endpoint-webapp-portal.md

@@ -14,15 +14,15 @@ ms.workload: web
 # Connect privately to a Web App using Azure Private Endpoint (Preview)
 
 Azure Private Endpoint is the fundamental building block for Private Link in Azure. It allows you to connect privately to your Web App.
-In this Quickstart, you will learn how deploy a Web App with Private Endpoint and connect to this Web App from a Virtual Machine.
+In this Quickstart, you will learn how to deploy a Web App with Private Endpoint and connect to this Web App from a Virtual Machine.
 
 ## Sign in to Azure
 
 Sign in to the Azure portal at https://portal.azure.com.
 
 ## Virtual network and Virtual Machine
 
-In this section, you will create virtual network and the subnet to host the VM that is used to access your Web App through the Private Endpoint.
+In this section, you will create the virtual network and the subnet to host the VM that is used to access your Web App through the Private Endpoint.
 
 ### Create the virtual network
 
@@ -71,7 +71,7 @@ Keep default settings.
 In this section, you will create a private Web App using a Private Endpoint to it.
 
 > [!Note]
->The Private Endpoint feature is only available for Premium V2 and Isolated with external ASE SKU
+>The Private Endpoint feature is only available for the Premium V2 tier, and the Isolated tier with an external App Service Environment (ASE).
 
 ### Web App
 
@@ -95,7 +95,7 @@ In this section, you will create a private Web App using a Private Endpoint to i
 
 ![Web App Private Endpoint][8]
 
-1. Fill the subscription, Vnet, and Subnet information and click **"OK"**
+1. Fill the subscription, VNet, and Subnet information and click **"OK"**
 
 ![Web App Networking][9]