syncing changes

Author: itechedit

articles/private-link/create-private-endpoint-cli.md

@@ -40,7 +40,7 @@ You can create private endpoints for a variety of Azure services, such as Azure
 
 An Azure resource group is a logical container where Azure resources are deployed and managed.
 
-Create a resource group with [az group create](/cli/azure/group#az_group_create):
+First, create a resource group by using [az group create](/cli/azure/group#az_group_create):
 
 ```azurecli-interactive
 az group create \
@@ -50,11 +50,9 @@ az group create \
 
 ## Create a virtual network and bastion host
 
-In this section, you create a virtual network, subnet, and bastion host. 
+Next, create a virtual network, subnet, and bastion host. You'll use the bastion host to connect securely to the VM for testing the private endpoint.
 
-You'll use the bastion host to connect securely to the VM for testing the private endpoint.
-
-1. Create a virtual network by using [az network vnet create](/cli/azure/network/vnet#az_network_vnet_create).
+1. Create a virtual network by using [az network vnet create](/cli/azure/network/vnet#az_network_vnet_create):
 
     * Name: **myVNet**
     * Address prefix: **10.0.0.0/16**
@@ -73,7 +71,7 @@ You'll use the bastion host to connect securely to the VM for testing the privat
         --subnet-prefixes 10.0.0.0/24
     ```
 
-1. Update the subnet to disable private-endpoint network policies for the private endpoint with [az network vnet subnet update](/cli/azure/network/vnet/subnet#az_network_vnet_subnet_update):
+1. Update the subnet to disable private-endpoint network policies for the private endpoint by using [az network vnet subnet update](/cli/azure/network/vnet/subnet#az_network_vnet_subnet_update):
 
     ```azurecli-interactive
     az network vnet subnet update \
@@ -83,7 +81,7 @@ You'll use the bastion host to connect securely to the VM for testing the privat
         --disable-private-endpoint-network-policies true
     ```
 
-1. Use [az network public-ip create](/cli/azure/network/public-ip#az_network_public_ip_create) to create a public IP address for the bastion host:
+1. Create a public IP address for the bastion host by using [az network public-ip create](/cli/azure/network/public-ip#az_network_public_ip_create):
 
     * Standard zone-redundant public IP address name: **myBastionIP**
     * Resource group: **CreatePrivateEndpointQS-rg**
@@ -95,7 +93,7 @@ You'll use the bastion host to connect securely to the VM for testing the privat
         --sku Standard
     ```
 
-1. Use [az network vnet subnet create](/cli/azure/network/vnet/subnet#az_network_vnet_subnet_create) to create a bastion subnet:
+1. Create a bastion subnet by using [az network vnet subnet create](/cli/azure/network/vnet/subnet#az_network_vnet_subnet_create):
 
     * Name: **AzureBastionSubnet**
     * Address prefix: **10.0.1.0/24**
@@ -110,7 +108,7 @@ You'll use the bastion host to connect securely to the VM for testing the privat
         --address-prefixes 10.0.1.0/24
     ```
 
-1. Use [az network bastion create](/cli/azure/network/bastion#az_network_bastion_create) to create a bastion host:
+1. Create a bastion host by using [az network bastion create](/cli/azure/network/bastion#az_network_bastion_create):
 
     * Name: **myBastionHost**
     * Resource group: **CreatePrivateEndpointQS-rg**
@@ -133,7 +131,9 @@ It can take a few minutes for the Azure Bastion host to deploy.
 
 Next, create a VM that you can use to test the private endpoint.
 
-1. Create a VM with [az vm create](/cli/azure/vm#az_vm_create). At the prompt, provide a password to be used as the credentials for the VM:
+1. Create the VM by using [az vm create](/cli/azure/vm#az_vm_create). 
+
+1. At the prompt, provide a password to be used as the credentials for the VM:
 
     * Name: **myVM**
     * Resource group: **CreatePrivateEndpointQS-rg**
@@ -156,11 +156,11 @@ Next, create a VM that you can use to test the private endpoint.
 
 ## Create a private endpoint
 
-Next, you create the private endpoint.
+Next, create the private endpoint.
 
-1. Use [az webapp list](/cli/azure/webapp#az_webapp_list) to place the resource ID of the web app that you created earlier into a shell variable.
+1. Place the resource ID of the web app that you created earlier into a shell variable by using [az webapp list](/cli/azure/webapp#az_webapp_list).
 
-1. Use [az network private-endpoint create](/cli/azure/network/private-endpoint#az_network_private_endpoint_create) to create the endpoint and connection:
+1. Create the endpoint and connection by using [az network private-endpoint create](/cli/azure/network/private-endpoint#az_network_private_endpoint_create):
 
     * Name: **myPrivateEndpoint**
     * Resource group: **CreatePrivateEndpointQS-rg**
@@ -186,11 +186,11 @@ Next, you create the private endpoint.
 
 ## Configure the private DNS zone
 
-Next, you create and configure the private DNS zone by using [az network private-dns zone create](/cli/azure/network/private-dns/zone#az_network_private_dns_zone_create).  
+Next, create and configure the private DNS zone by using [az network private-dns zone create](/cli/azure/network/private-dns/zone#az_network_private_dns_zone_create).  
 
-1. Use [az network private-dns link vnet create](/cli/azure/network/private-dns/link/vnet#az_network_private_dns_link_vnet_create) to create the virtual network link to the DNS zone.
+1. Create the virtual network link to the DNS zone by using [az network private-dns link vnet create](/cli/azure/network/private-dns/link/vnet#az_network_private_dns_link_vnet_create).
 
-1. Create a DNS zone group with [az network private-endpoint dns-zone-group create](/cli/azure/network/private-endpoint/dns-zone-group#az_network_private_endpoint_dns_zone_group_create).
+1. Create a DNS zone group by using [az network private-endpoint dns-zone-group create](/cli/azure/network/private-endpoint/dns-zone-group#az_network_private_endpoint_dns_zone_group_create).
 
     * Zone name: **privatelink.azurewebsites.net**
     * Virtual network: **myVNet**
@@ -221,7 +221,7 @@ Next, you create and configure the private DNS zone by using [az network private
 
 ## Test connectivity to the private endpoint
 
-Finally, use the VM that you created earlier to connect to the SQL server across the private endpoint.
+Finally, use the VM that you created earlier to connect to the SQL Server instance across the private endpoint.
 
 1. Sign in to the [Azure portal](https://portal.azure.com). 
  
@@ -239,7 +239,7 @@ Finally, use the VM that you created earlier to connect to the SQL server across
 
 1. After you've connected, open PowerShell on the server.
 
-1. Enter `nslookup <your-webapp-name>.azurewebsites.net`. Replace **\<your-webapp-name>** with the name of the web app that you created earlier.  You'll receive a message that's similar to the following:
+1. Enter `nslookup <your-webapp-name>.azurewebsites.net`, replacing *\<your-webapp-name>* with the name of the web app that you created earlier. You'll receive a message that's similar to the following:
 
     ```powershell
     Server:  UnKnown
@@ -253,15 +253,15 @@ Finally, use the VM that you created earlier to connect to the SQL server across
 
     A private IP address of *10.0.0.5* is returned for the web app name. This address is in the subnet of the virtual network that you created earlier.
 
-1. In the bastion connection to **myVM**, open your web browser.
+1. In the bastion connection to *myVM**, open your web browser.
 
-1. Enter the URL of your web app, **https://\<your-webapp-name>.azurewebsites.net**.
+1. Enter the URL of your web app, *https://\<your-webapp-name>.azurewebsites.net*.
 
    If your web app hasn't been deployed, you'll get the following default web app page:
 
     :::image type="content" source="./media/create-private-endpoint-portal/web-app-default-page.png" alt-text="Screenshot of the default web app page on a browser." border="true":::
 
-1. Close the connection to **myVM**.
+1. Close the connection to *myVM*.
 
 ## Clean up resources 
 

articles/private-link/create-private-endpoint-portal.md

@@ -8,7 +8,7 @@ ms.topic: quickstart
 ms.date: 10/20/2020
 ms.author: allensu
 ms.custom: mode-ui
-#Customer intent: As someone with a basic network background who is new to Azure, I want to create a private endpoint on a SQL server so that I can securely connect to it.
+#Customer intent: As someone who has a basic network background but is new to Azure, I want to create a private endpoint on a SQL server so that I can securely connect to it.
 ---
 
 # Quickstart: Create a private endpoint by using the Azure portal
@@ -206,7 +206,7 @@ Use the VM that you created earlier to connect to the web app across the private
 
 1. After you've connected, open PowerShell on the server.
 
-1. Enter `nslookup <your-webapp-name>.azurewebsites.net`. Replace **\<your-webapp-name>** with the name of the web app that you created earlier. You'll receive a message that's similar to the following:
+1. Enter `nslookup <your-webapp-name>.azurewebsites.net`, replacing *\<your-webapp-name>* with the name of the web app that you created earlier. You'll receive a message that's similar to the following:
 
     ```powershell
     Server:  UnKnown

articles/private-link/create-private-endpoint-powershell.md

@@ -179,7 +179,7 @@ Next, create a VM that you can use to test the private endpoint.
     * [New-AzPrivateLinkServiceConnection](/powershell/module/az.network/New-AzPrivateLinkServiceConnection)
     * [New-AzPrivateEndpoint](/powershell/module/az.network/new-azprivateendpoint)
 
-1. Place the web app into a variable. Replace <webapp-resource-group-name> with the resource group name of your web app, and replace <your-webapp-name> with your web app name.
+1. Place the web app into a variable. Replace \<webapp-resource-group-name> with the resource group name of your web app, and replace \<your-webapp-name> with your web app name.
 
     ```azurepowershell-interactive
     $webapp = Get-AzWebApp -ResourceGroupName <webapp-resource-group-name> -Name <your-webapp-name>
@@ -345,4 +345,4 @@ You used the VM to securely test connectivity to the web app across the private
 
 For more information about the services that support private endpoints, see:
 > [!div class="nextstepaction"]
-> [What is Azure Private Link?](private-link-overview.md#availability)
+> [What is Azure Private Link?](private-link-overview.md#availability)

articles/private-link/create-private-endpoint-template.md

@@ -31,7 +31,7 @@ You need an Azure account with an active subscription. If you don't already have
 
 This template creates a private endpoint for an instance of Azure SQL Database.
 
-The template that's used in this quickstart is from [Azure Quickstart Templates](https://azure.microsoft.com/resources/templates/private-endpoint-sql/).
+The template that this quickstart uses is from [Azure Quickstart Templates](https://azure.microsoft.com/resources/templates/private-endpoint-sql/).
 
 :::code language="json" source="~/quickstart-templates/quickstarts/microsoft.sql/private-endpoint-sql/azuredeploy.json":::
 
@@ -78,15 +78,15 @@ Connect to the VM _myVm{uniqueid}_ from the internet by doing the following:
 
 1. Open the downloaded RDP file.
 
-   a. If prompted, select **Connect**.  
+   a. If you're prompted, select **Connect**.  
    b. Enter the username and password that you specified when you created the VM.
 
       > [!NOTE]
       > You might need to select **More choices** > **Use a different account** to specify the credentials you entered when you created the VM.
 
 1. Select **OK**.
 
-   You might receive a certificate warning during the sign-in process. If you receive a certificate warning, select **Yes** or **Continue**.
+   You might receive a certificate warning during the sign-in process. If you do, select **Yes** or **Continue**.
 
 1. After the VM desktop appears, minimize it to go back to your local desktop.
 
@@ -137,4 +137,4 @@ Remove-AzResourceGroup -Name <your resource group name>
 
 For more information about the services that support private endpoints, see:
 > [!div class="nextstepaction"]
-> [Private Link availability](private-link-overview.md#availability)
+> [What is Azure Private Link?](private-link-overview.md#availability)

articles/private-link/private-endpoint-overview.md

@@ -18,16 +18,17 @@ The service could be an Azure service such as:
 * Azure Storage
 * Azure Cosmos DB
 * Azure SQL Database
-* Your own service, using a [Private Link service](private-link-service-overview.md).
+* Your own service, using [Private Link service](private-link-service-overview.md).
 
 ## Private endpoint properties 
- A private endpoint specifies the following properties: 
+
+A private endpoint specifies the following properties: 
 
 |Property  |Description |
 |---------|---------|
 |Name    |    A unique name within the resource group.      |
 |Subnet    |  The subnet to deploy, where the private IP address is assigned. For subnet requirements, see the [Limitations](#limitations) section later in this article.         |
-|Private link resource    |   The private-link resource to connect by using a resource ID or alias, from the list of available types. A unique network identifier is generated for all traffic that's sent to this resource.       |
+|Private-link resource    |   The private-link resource to connect by using a resource ID or alias, from the list of available types. A unique network identifier is generated for all traffic that's sent to this resource.       |
 |Target subresource   |      The subresource to connect. Each private-link resource type has various options to select based on preference.    |
 |Connection approval method    |  Automatic or manual. Depending on the Azure role-based access control (RBAC) permissions, your private endpoint can be approved automatically. If you're connecting to a private-link resource without Azure RBAC permissions, use the manual method to allow the owner of the resource to approve the connection.        |
 |Request message     |  You can specify a message for requested connections to be approved manually. This message can be used to identify a specific request.        |
@@ -57,10 +58,8 @@ As you're creating private endpoints, consider the following:
 
 - The subscription from the private-link resource must also be registered with the Microsoft network resource provider. For more information, see [Azure Resource Providers](../azure-resource-manager/management/resource-providers-and-types.md).
 
-## Private-link resources 
-A private-link resource is the destination target of a specified private endpoint. 
-
-The following table lists the available resources that support a private endpoint: 
+## Private-link resource 
+A private-link resource is the destination target of a specified private endpoint. The following table lists the available resources that support a private endpoint: 
 
 | Private-link resource name | Resource type | Subresources |
 | ---------------------------| ------------- | ------------- |
@@ -90,7 +89,7 @@ The following table lists the available resources that support a private endpoin
 | Azure Machine Learning | Microsoft.MachineLearningServices/workspaces | amlworkspace |
 | Azure Migrate | Microsoft.Migrate/assessmentProjects | project |
 | Application Gateway | Microsoft.Network/applicationgateways | application gateway |
-| Private Link Service (your own service) |  Microsoft.Network/privateLinkServices | empty |
+| Private Link service (your own service) |  Microsoft.Network/privateLinkServices | empty |
 | Power BI | Microsoft.PowerBI/privateLinkServicesForPowerBI | Power BI |
 | Azure Purview | Microsoft.Purview/accounts | account |
 | Azure Purview | Microsoft.Purview/accounts | portal |
@@ -115,7 +114,7 @@ When you use private endpoints, traffic is secured to a private-link resource. T
 
 You can completely lock down your workloads to prevent them from accessing public endpoints to connect to a supported Azure service. This control provides an extra network security layer to your resources, and this security provides protection that helps prevent access to other resources that are hosted on the same Azure service. 
 
-## Access private-link resources by using an approval workflow 
+## Access to a private-link resource using approval workflow 
 
 You can connect to a private-link resource by using the following connection approval methods:
 
@@ -139,13 +138,20 @@ Over a private-endpoint connection, a private-link resource owner can:
 
 ### Connect by using an alias
 
-An alias is a unique moniker that's generated when a service owner creates a private-link service behind a standard load balancer. Service owners can share this alias with their customers offline. 
+An alias is a unique moniker that's generated when a service owner creates a private-link service behind a standard load balancer. Service owners can share this alias offline with consumers of your service. 
 
+<<<<<<< HEAD
 <<<<<<< HEAD
 The customers can request a connection to a private-link service by using either the resource URI or the alias. To connect by using the alias, you must create a private endpoint by using the manual connection approval method. To use the manual connection approval method, set the manual request parameter to `true` during the private endpoint creation workflow. For more information, see [New-AzPrivateEndpoint](/powershell/module/az.network/new-azprivateendpoint) and [az network private-endpoint create](/cli/azure/network/private-endpoint#az_network_private_endpoint_create).
 =======
 Consumers can request a connection to private link service using either the resource URI or the alias. If you want to connect using the alias, you must create a private endpoint using the manual connection approval method. For using manual connection approval method, set manual request parameter to true during private endpoint create flow. For more information, see [New-AzPrivateEndpoint](/powershell/module/az.network/new-azprivateendpoint) and [az network private-endpoint create](/cli/azure/network/private-endpoint#az_network_private_endpoint_create). Note that this manual request can be auto approved if the consumer subscription is allowlisted on the provider side. To learn more, navigate to [controlling service access](/azure/private-link/private-link-service-overview#control-service-access).
 >>>>>>> ba80e2288804a4725e813a5c4bc28c0fdb99ebbd
+=======
+The consumers can request a connection to a private-link service by using either the resource URI or the alias. To connect by using the alias, they would create a private endpoint by using the manual connection approval method. To use the manual connection approval method, they would set the manual request parameter to *True* during the private-endpoint creation workflow. For more information, see [New-AzPrivateEndpoint](/powershell/module/az.network/new-azprivateendpoint) and [az network private-endpoint create](/cli/azure/network/private-endpoint#az_network_private_endpoint_create).
+                                     
+> [!NOTE]
+> This manual request can be auto approved if your subscription is allow-listed on the provider side. To learn more, go to [controlling service access](/azure/private-link/private-link-service-overview#control-service-access).                                     
+>>>>>>> 747d9c2881a8981eb546358c4569f79252823f75
 
 ## DNS configuration