updates for transition wording change

mbender-ms · mbender-ms · commit 33912a0a23bb · 2025-05-16T11:10:09.000-05:00
diff --git a/articles/private-link/network-security-perimeter-concepts.md b/articles/private-link/network-security-perimeter-concepts.md
@@ -6,7 +6,7 @@ author: mbender-ms
 ms.author: mbender
 ms.service: azure-private-link
 ms.topic: overview
-ms.date: 01/06/2025
+ms.date: 05/16/2025
 ms.custom: references_regions, ignite-2024
 #CustomerIntent: As a network security administrator, I want to understand how to use Network Security Perimeter to control network access to Azure PaaS resources.
 ---
@@ -59,11 +59,11 @@ Administrators add PaaS resources to a perimeter by creating resource associatio
 
 | **Mode** | **Description** |
 |----------------|--------|
-| **Learning mode**  | - Default access mode.</br>- Helps network administrators to understand the existing access patterns of their PaaS resources.</br>- Advised mode of use before transitioning to enforced mode.|
+| **Transition mode (formerly Learning mode)**  | - Default access mode.</br>- Helps network administrators to understand the existing access patterns of their PaaS resources.</br>- Advised mode of use before transitioning to enforced mode.|
 | **Enforced mode**  | - Must be set by the administrator.</br>- By default, all traffic except intra perimeter traffic is denied in this mode unless an *Allow* access rule exists. |
 
 
-Learn more on transitioning from learning mode to enforced mode in [Transitioning to a network security perimeter](network-security-perimeter-transition.md) article.
+Learn more on move from transition mode (formerly learning mode) to enforced mode in [Transitioning to a network security perimeter](network-security-perimeter-transition.md) article.
 
 ## Why use a network security perimeter?
 
diff --git a/articles/private-link/network-security-perimeter-transition.md b/articles/private-link/network-security-perimeter-transition.md
@@ -8,7 +8,7 @@ ms.service: azure-private-link
 ms.custom:
   - ignite-2024
 ms.topic: overview
-ms.date: 11/06/2024
+ms.date: 05/16/2025
 #CustomerIntent: As a network administrator, I want to understand the different access modes and how to transition to a network security perimeter in Azure.
 ---
 
@@ -22,25 +22,25 @@ The **access mode** configuration point is part of a resource association on the
 
 The property `accessMode` can be set in a resource association to control the resource's public network access. 
 
-The possible values of `accessMode` are currently **Enforced** and **Learning**. 
+The possible values of `accessMode` are currently **Enforced** and **Transition**. 
 
 | **Access Mode** | **Description** |
 |-------------|-------------|
-| **Learning** | This is the default access mode. Evaluation in this mode will use the network security perimeter configuration as a baseline, but in the case of not finding a matching rule, evaluation will fall back to the resource firewall configuration which can then approve access with existing settings. |
+| **Transition** | This is the default access mode. Evaluation in this mode will use the network security perimeter configuration as a baseline, but in the case of not finding a matching rule, evaluation will fall back to the resource firewall configuration which can then approve access with existing settings. |
 | **Enforced** | When explicitly set, the resource obeys **only** network security perimeter access rules. |
 
 ## Prevent connectivity disruptions while adopting network security perimeter
 
-### Enable Learning mode
+### Enable Transition mode
 
-To prevent undesired connectivity disruptions while adopting network security perimeter to existing PaaS resources and ensure a smooth transition to secure configurations, administrators can add PaaS resources to network security perimeter in Learning mode. While this step does not secure the PaaS resources, it will:
+To prevent undesired connectivity disruptions while adopting network security perimeter to existing PaaS resources and ensure a smooth transition to secure configurations, administrators can add PaaS resources to network security perimeter in Transition mode (formerly Learning mode). While this step does not secure the PaaS resources, it will:
 
 - Allow connections to be established in accordance with the network security perimeter configuration. Additionally, resources in this configuration fallback to honoring resource-defined firewall rules and trusted access behavior when connections aren't permitted by the network security perimeter access rules.
 - When diagnostic logs are enabled, generates logs detailing whether connections were approved based on network security perimeter configuration or the resource's configuration. Administrators can then analyse those logs to identify gaps in access rules, missing perimeter memberships, and undesired connections.
 
 
 > [!IMPORTANT]
-> Operating PaaS resources in **Learning** mode should serve only as a transitional step. Malicious actors may exploit unsecured resources to exfiltrate data. Therefore, it is crucial to transition to a fully secure configuration as soon as possible with the access mode set to **Enforced**.
+> Operating PaaS resources in **Transition (formerly Learning)** mode should serve only as a transitional step. Malicious actors may exploit unsecured resources to exfiltrate data. Therefore, it is crucial to transition to a fully secure configuration as soon as possible with the access mode set to **Enforced**.
 
 ### Transition to enforced mode for existing resources 
 
@@ -57,7 +57,7 @@ Network security perimeter supports secure by default behavior by introducing a
 
 On resource creation, if `publicNetworkAccess` is set to `SecuredByPerimeter`, the resource is created in the lockdown mode even when not associated with a perimeter. Only private link traffic will be allowed if configured. Once associated to a perimeter, network security perimeter governs the resource access behavior. The following table summarizes access behavior in various modes and public network access configuration: 
 
-| **Association access mode** | **Not associated** | **Learning mode** | **Enforced mode** |
+| **Association access mode** | **Not associated** | **Transition mode** | **Enforced mode** |
 |-----------------|-------------------|-----------------|-----------------|
 | **Public network access** |   |  |   |
 | **Enabled** | **Inbound:** Resource rules</br></br>**Outbound** Allowed | **Inbound:** Network security perimeter + Resource rules</br>**Outbound** Network security perimeter rules + Allowed | **Inbound:** Network security perimeter rules</br>**Outbound** Network security perimeter rules |
