MicrosoftDocs
diff --git a/‎articles/purview/catalog-private-link-end-to-end.md
Lines changed: 4 additions & 1 deletion b/‎articles/purview/catalog-private-link-end-to-end.md
Lines changed: 4 additions & 1 deletion
diff --git a/‎articles/purview/catalog-private-link-troubleshoot.md
Lines changed: 21 additions & 17 deletions b/‎articles/purview/catalog-private-link-troubleshoot.md
Lines changed: 21 additions & 17 deletions
diff --git a/‎articles/purview/concept-best-practices-automation.md
Lines changed: 16 additions & 2 deletions b/‎articles/purview/concept-best-practices-automation.md
Lines changed: 16 additions & 2 deletions
@@ -6,7 +6,7 @@ ms.author: zeinam
 ms.service: purview
 ms.subservice: purview-data-catalog
 ms.topic: how-to
-ms.date: 01/12/2022
+ms.date: 06/21/2022
 # Customer intent: As a Microsoft Purview admin, I want to set up private endpoints for my Microsoft Purview account to access purview account and scan data sources from restricted network.
 ---
 
@@ -43,6 +43,9 @@ Using one of the deployment options explained further in this guide, you can dep
 6. After completing this guide, adjust DNS configurations if needed.
 7. Validate your network and name resolution between management machine, self-hosted IR VM and data sources to Microsoft Purview. 
 
+   > [!NOTE]
+   > If you enable a managed event hub after deploying your ingestion private endpoint, you'll need to redeploy the ingestion private endpoint.
+
 ## Option 1 - Deploy a new Microsoft Purview account with _account_, _portal_ and _ingestion_ private endpoints
 
 1. Go to the [Azure portal](https://portal.azure.com), and then go to the **Microsoft Purview accounts** page. Select **+ Create** to create a new Microsoft Purview account.
 
@@ -6,7 +6,7 @@ ms.author: zeinam
 ms.service: purview
 ms.subservice: purview-data-catalog
 ms.topic: how-to
-ms.date: 01/12/2022
+ms.date: 06/21/2022
 # Customer intent: As a Microsoft Purview admin, I want to set up private endpoints for my Microsoft Purview account, for secure access.
 ---
 
@@ -16,13 +16,14 @@ This guide summarizes known limitations related to using private endpoints for M
 
 ## Known limitations
 
-- We currently do not support ingestion private endpoints that work with your AWS sources.
-- Scanning Azure Multiple Sources using self-hosted integration runtime is not supported.
-- Using Azure integration runtime to scan data sources behind private endpoint is not supported.
-- Using Azure portal, the ingestion private endpoints can be created via the Microsoft Purview portal experience described in the preceding steps. They can't be created from the Private Link Center.
-- Creating DNS A records for ingestion private endpoints inside existing Azure DNS Zones, while the Azure Private DNS Zones are located in a different subscription than the private endpoints is not supported via the Microsoft Purview portal experience. A records can be added manually in the destination DNS Zones in the other subscription. 
+- We currently don't support ingestion private endpoints that work with your AWS sources.
+- Scanning Azure Multiple Sources using self-hosted integration runtime isn't supported.
+- Using Azure integration runtime to scan data sources behind private endpoint isn't supported.
+- The ingestion private endpoints can be created via the Microsoft Purview governance portal experience described in the preceding steps. They can't be created from the Private Link Center.
+- Creating a DNS record for ingestion private endpoints inside existing Azure DNS Zones, while the Azure Private DNS Zones are located in a different subscription than the private endpoints isn't supported via the Microsoft Purview governance portal experience. A record can be added manually in the destination DNS Zones in the other subscription.
+- If you enable a managed event hub after deploying an ingestion private endpoint, you'll need to redeploy the ingestion private endpoint.
 - Self-hosted integration runtime machine must be deployed in the same VNet or a peered VNet where Microsoft Purview account and ingestion private endpoints are deployed.
-- We currently do not support scanning a cross-tenant Power BI tenant, which has a private endpoint configured with public access blocked.
+- We currently don't support scanning a cross-tenant Power BI tenant, which has a private endpoint configured with public access blocked.
 - For limitation related to Private Link service, see [Azure Private Link limits](../azure-resource-manager/management/azure-subscription-service-limits.md#private-link-limits).
 
 ## Recommended troubleshooting steps  
@@ -35,7 +36,10 @@ This guide summarizes known limitations related to using private endpoints for M
     |Portal     |Microsoft Purview Account         |mypurview-private-portal  |
     |Ingestion     |Managed Storage Account (Blob)         |mypurview-ingestion-blob  |
     |Ingestion     |Managed Storage Account (Queue)         |mypurview-ingestion-queue  |
-    |Ingestion     |Managed Event Hubs Namespace         |mypurview-ingestion-namespace  |
+    |Ingestion     |Managed Event Hubs Namespace*         |mypurview-ingestion-namespace  |
+
+  >[!NOTE]
+  > *Managed Event Hubs Namespace is only needed if it has been enabled on your Microsoft Purview account. You can check in **Managed Resources** under settings on your Microsoft Purview account page in the Azure Portal.
 
 2. If portal private endpoint is deployed, make sure you also deploy account private endpoint.
 
@@ -44,7 +48,7 @@ This guide summarizes known limitations related to using private endpoints for M
     - To verify the correct name resolution, you can use a **NSlookup.exe** command line tool to query `web.purview.azure.com`. The result must return a private IP address that belongs to portal private endpoint. 
     - To verify network connectivity, you can use any network test tools to test outbound connectivity to `web.purview.azure.com` endpoint to port **443**. The connection must be successful.    
 
-3. If Azure Private DNS Zones are used, make sure the required Azure DNS Zones are deployed and there is DNS (A) record for each private endpoint.
+3. If Azure Private DNS Zones are used, make sure the required Azure DNS Zones are deployed and there's DNS (A) record for each private endpoint.
 
 4. Test network connectivity and name resolution from management machine to Microsoft Purview endpoint and purview web url. If account and portal private endpoints are deployed, the endpoints must be resolved through private IP addresses.
 
@@ -79,11 +83,11 @@ This guide summarizes known limitations related to using private endpoints for M
     TcpTestSucceeded : True
     ```
     
-5. If you have created your Microsoft Purview account after 18 August 2021, make sure you download and install the latest version of self-hosted integration runtime from [Microsoft download center](https://www.microsoft.com/download/details.aspx?id=39717).
+5. If you've created your Microsoft Purview account after 18 August 2021, make sure you download and install the latest version of self-hosted integration runtime from [Microsoft download center](https://www.microsoft.com/download/details.aspx?id=39717).
    
 6. From self-hosted integration runtime VM, test network connectivity and name resolution to Microsoft Purview endpoint.
 
-7. From self-hosted integration runtime, test network connectivity and name resolution to Microsoft Purview managed resources such as blob queue and Event Hub through port 443 and private IP addresses. (Replace the managed storage account and Event Hubs namespace with corresponding managed resource name assigned to your Microsoft Purview account).
+7. From self-hosted integration runtime, test network connectivity and name resolution to Microsoft Purview managed resources such as blob queue and Event Hubs through port 443 and private IP addresses. (Replace the managed storage account and Event Hubs namespace with corresponding managed resource name assigned to your Microsoft Purview account).
 
     ```powershell
     Test-NetConnection -ComputerName `scansoutdeastasiaocvseab`.blob.core.windows.net -Port 443
@@ -116,7 +120,7 @@ This guide summarizes known limitations related to using private endpoints for M
     ```powershell
     Test-NetConnection -ComputerName `Atlas-1225cae9-d651-4039-86a0-b43231a17a4b`.servicebus.windows.net -Port 443
     ```
-    Example of successful outbound connection to Event Hub namespace through private IP address:
+    Example of successful outbound connection to Event Hubs namespace through private IP address:
 
     ```
     ComputerName     : Atlas-1225cae9-d651-4039-86a0-b43231a17a4b.servicebus.windows.net
@@ -129,7 +133,7 @@ This guide summarizes known limitations related to using private endpoints for M
 
 8. From the network where data source is located, test network connectivity and name resolution to Microsoft Purview endpoint and managed resources endpoints.
 
-9.  If data sources are located in on-premises network, review your DNS forwarder configuration. Test name resolution from within the same network where data sources are located to self-hosted integration runtime, Microsoft Purview endpoints and managed resources. It is expected to obtain a valid private IP address from DNS query for each endpoint.
+9.  If data sources are located in on-premises network, review your DNS forwarder configuration. Test name resolution from within the same network where data sources are located to self-hosted integration runtime, Microsoft Purview endpoints and managed resources. It's expected to obtain a valid private IP address from DNS query for each endpoint.
     
     For more information, see [Virtual network workloads without custom DNS server](../private-link/private-endpoint-dns.md#virtual-network-workloads-without-custom-dns-server) and [On-premises workloads using a DNS forwarder](../private-link/private-endpoint-dns.md#on-premises-workloads-using-a-dns-forwarder) scenarios in [Azure Private Endpoint DNS configuration](../private-link/private-endpoint-dns.md).
 
@@ -145,7 +149,7 @@ You may receive the following error message when running a scan:
 `Internal system error. Please contact support with correlationId:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx System Error, contact support.`
 
 ### Cause 
-This can be an indication of issues related to connectivity or name resolution between the VM running self-hosted integration runtime and Microsoft Purview's managed resources storage account or Event Hub.
+This can be an indication of issues related to connectivity or name resolution between the VM running self-hosted integration runtime and Microsoft Purview's managed resources storage account or Event Hubs.
 
 ### Resolution 
 Validate if name resolution between the VM running Self-Hosted Integration Runtime.
@@ -182,13 +186,13 @@ Review your existing Azure Policy Assignments and make sure deployment of the fo
 
 
 ### Issue
-Not authorized to access this Microsoft Purview account. This Microsoft Purview account is behind a private endpoint. Please access the account from a client in the same virtual network (VNet) that has been configured for the Microsoft Purview account's private endpoint.
+Not authorized to access this Microsoft Purview account. This Microsoft Purview account is behind a private endpoint. Access the account from a client in the same virtual network (VNet) that has been configured for the Microsoft Purview account's private endpoint.
 
 ### Cause 
 User is trying to connect to Microsoft Purview from a public endpoint or using Microsoft Purview public endpoints where **Public network access** is set to **Deny**.
 
 ### Resolution
-In this case, to open the Microsoft Purview governance portal, either use a machine that is deployed in the same virtual network as the Microsoft Purview portal private endpoint or use a VM that is connected to your CorpNet in which hybrid connectivity is allowed.
+In this case, to open the Microsoft Purview governance portal, either use a machine that is deployed in the same virtual network as the Microsoft Purview governance portal private endpoint or use a VM that is connected to your CorpNet in which hybrid connectivity is allowed.
 
 ### Issue
 You may receive the following error message when scanning a SQL server, using a self-hosted integration runtime:
@@ -197,7 +201,7 @@ You may receive the following error message when scanning a SQL server, using a
 
 ### Cause 
 Self-hosted integration runtime machine has enabled the FIPS mode.
-Federal Information Processing Standards (FIPS) defines a certain set of cryptographic algorithms that are allowed to be used. When FIPS mode is enabled on the machine, some cryptographic classes that the invoked processes depends on are blocked in some scenarios.
+Federal Information Processing Standards (FIPS) defines a certain set of cryptographic algorithms that are allowed to be used. When FIPS mode is enabled on the machine, some cryptographic classes that the invoked processes depend on are blocked in some scenarios.
 
 ### Resolution
 Disable FIPS mode on self-hosted integration server.
 
@@ -6,7 +6,7 @@ ms.author: tarifat
 ms.service: purview
 ms.subservice: purview-data-map
 ms.topic: conceptual
-ms.date: 05/17/2022
+ms.date: 06/20/2022
 ---
 
 # Microsoft Purview automation best practices
@@ -59,7 +59,21 @@ When to use?
 * Custom application development or process automation.
 
 ## Streaming (Atlas Kafka)
-Each Microsoft Purview account comes with a fully managed event hub, accessible via the Atlas Kafka endpoint found via the Azure portal > Microsoft Purview Account > Properties. Microsoft Purview events can be monitored by consuming messages from the event hub. External systems can also use the event hub to publish events to Microsoft Purview as they occur.
+Each Microsoft Purview account can enable a fully managed event hub that is accessible via the Atlas Kafka endpoint found via the Azure portal > Microsoft Purview Account > Properties. 
+
+To enable this Event Hubs namespace, you can follow these steps:
+1. Search for and open your Microsoft Purview account in the [Azure portal](https://portal.azure.com).
+1. Select **Managed Resources** under settings on your Microsoft Purview account page in the Azure portal.
+    :::image type="content" source="media/concept-best-practices/enable-disable-event-hubs.png" alt-text="Screenshot showing the Event Hubs namespace toggle highlighted on the Managed resources page of the Microsoft Purview account page in the Azure portal.":::
+1. Select the Enable/Disable toggle to enable your Event Hubs namespace. It can be disabled at any time.
+1. Select **Save** to save the choice and begin the enablement or disablement process. This can take several minutes to complete.
+    :::image type="content" source="media/concept-best-practices/select-save.png" alt-text="Screenshot showing the Managed resources page of the Microsoft Purview account page in the Azure portal with the save button highlighted.":::
+
+>[!NOTE]
+>Enabling this Event Hubs namespace does incur a cost for the namespace. For specific details, see [the pricing page](https://azure.microsoft.com/pricing/details/purview/).
+
+
+Once the namespace is enabled, Microsoft Purview events can be monitored by consuming messages from the event hub. External systems can also use the event hub to publish events to Microsoft Purview as they occur.
 * **Consume Events** - Microsoft Purview will send notifications about metadata changes to Kafka topic **ATLAS_ENTITIES**. Applications interested in metadata changes can monitor for these notifications. Supported operations include: `ENTITY_CREATE`, `ENTITY_UPDATE`, `ENTITY_DELETE`, `CLASSIFICATION_ADD`, `CLASSIFICATION_UPDATE`, `CLASSIFICATION_DELETE`.
 * **Publish Events** - Microsoft Purview can be notified of metadata changes via notifications to Kafka topic **ATLAS_HOOK**. Supported operations include: `ENTITY_CREATE_V2`, `ENTITY_PARTIAL_UPDATE_V2`, `ENTITY_FULL_UPDATE_V2`, `ENTITY_DELETE_V2`.