Merge pull request #262613 from MicrosoftDocs/main

Publish to live, Sunday 4 AM PST, 1/7

Author: ttorble

articles/azure-cache-for-redis/cache-private-link.md

@@ -28,13 +28,23 @@ You can restrict public access to the private endpoint of your cache by disablin
 >
 > When using the Basic tier, you might experience data loss when you delete and recreate a private endpoint.
 
+## Scope of availability
+
+|Tier     | Basic, Standard, Premium  |Enterprise, Enterprise Flash  |
+|---------|---------|---------|
+|Available  | Yes    |  Yes  |
+
 ## Prerequisites
 
 - Azure subscription - [create one for free](https://azure.microsoft.com/free/)
 
 > [!IMPORTANT]
-> Currently, portal console support, and persistence to firewall storage accounts are not supported.
-> When using private link, you cannot export or import a cache that to a [storage account](/azure/storage/common/storage-network-security) that has firewall enabled.
+> Currently, the [portal-based redis console](cache-configure.md#redis-console) is not supported with private link.
+>
+
+> [!IMPORTANT]
+> When using private link, you cannot export or import data to a to a storage account that has firewall enabled unless you're using [managed identity to autenticate to the storage account](cache-managed-identity.md).
+> For more information, see [How to export if I have firewall enabled on my storage account?](cache-how-to-import-export-data.md#how-to-export-if-i-have-firewall-enabled-on-my-storage-account) 
 >
 
 ## Create a private endpoint with a new Azure Cache for Redis instance
@@ -339,23 +349,23 @@ az network private-endpoint delete --name MyPrivateEndpoint --resource-group MyR
 
 ### How do I connect to my cache with private endpoint?
 
-Your application should connect to `<cachename>.redis.cache.windows.net` on port `6380`. We recommend avoiding the use of `<cachename>.privatelink.redis.cache.windows.net` in configuration or connection string.
+For **Basic, Standard, and Premium tier** caches, your application should connect to `<cachename>.redis.cache.windows.net` on port `6380`. A private DNS zone, named `*.privatelink.redis.cache.windows.net`, is automatically created in your subscription. The private DNS zone is vital for establishing the TLS connection with the private endpoint.  We recommend avoiding the use of `<cachename>.privatelink.redis.cache.windows.net` in configuration or connection string. 
 
-A private DNS zone, named `*.privatelink.redis.cache.windows.net`, is automatically created in your subscription. The private DNS zone is vital for establishing the TLS connection with the private endpoint.
+For **Enterprise and Enterprise Flash** tier caches, your application should connect to `<cachename>.<region>.redisenterprise.cache.azure.net` on port `10000`. 
 
 For more information, see [Azure services DNS zone configuration](../private-link/private-endpoint-dns.md).
 
 ### Why can't I connect to a private endpoint?
 
-- Private endpoints can't be used with your cache instance if your cache is already a VNet injected cache.
+- Private endpoints can't be used with your cache instance if your cache is already using the VNet injection network connection method.
 - You have a limit of one private link for clustered caches. For all other caches, your limit is 100 private links.
-- You try to [persist data to storage account](cache-how-to-premium-persistence.md) where firewall rules are applied might prevent you from creating the Private Link.
+- You try to [persist data to a storage account](cache-how-to-premium-persistence.md) with firewall rules and you're not using managed identity to connect to the storage account.
 - You might not connect to your private endpoint if your cache instance is using an [unsupported feature](#what-features-arent-supported-with-private-endpoints).
 
 ### What features aren't supported with private endpoints?
 
 - Trying to connect from the Azure portal console is an unsupported scenario where you see a connection failure.
-- Private links can't be added to caches that are already geo-replicated. To add a private link to a geo-replicated cache: 1. Unlink the geo-replication. 2. Add a Private Link. 3. Last, relink the geo-replication.
+- Private links can't be added to Premium tier caches that are already geo-replicated. To add a private link to a cache using [passive geo-replication](cache-how-to-geo-replication.md): 1. Unlink the geo-replication. 2. Add a Private Link. 3. Last, relink the geo-replication.
 
 ### How do I verify if my private endpoint is configured correctly?
 
@@ -378,7 +388,7 @@ To change the value in the Azure portal, follow these steps:
 
   1. Select the **Enable public network access** button.
 
-To change the value through a RESTful API PATCH request, use the following code and edit the value to reflect the flag you want for your cache.
+You can also change the value through a RESTful API PATCH request. For example, use the following code for a Basic, Standard, or Premium tier cache and edit the value to reflect the flag you want for your cache.
 
   ```http
   PATCH  https://management.azure.com/subscriptions/{subscription}/resourceGroups/{resourcegroup}/providers/Microsoft.Cache/Redis/{cache}?api-version=2020-06-01
@@ -388,7 +398,7 @@ To change the value through a RESTful API PATCH request, use the following code
   }
   
   ```
-  For more information, see [Redis - Update] (/rest/api/redis/Redis/Update?tabs=HTTP).
+  For more information, see [Redis - Update](/rest/api/redis/Redis/Update?tabs=HTTP).
 
 ### How can I migrate my VNet injected cache to a Private Link cache?