Merge pull request #296771 from b-ahibbard/cmk-nsg

prmerger-automator[bot] · web-flow · commit 340b4feff458 · 2025-03-21T18:47:40.000Z
remove private endpoint consideration in cmk
diff --git a/articles/azure-netapp-files/configure-customer-managed-keys.md b/articles/azure-netapp-files/configure-customer-managed-keys.md
@@ -6,7 +6,7 @@ author: b-ahibbard
 ms.service: azure-netapp-files
 ms.topic: how-to
 ms.custom: references_regions, devx-track-azurecli, devx-track-azurepowershell
-ms.date: 01/28/2025
+ms.date: 03/21/2025
 ms.author: anfdocs
 ---
 
@@ -31,7 +31,6 @@ The following diagram demonstrates how customer-managed keys work with Azure Net
 * To create a volume using customer-managed keys, you must select the *Standard* network features. You can't use customer-managed key volumes with volume configured using Basic network features. Follow instructions in to [Set the Network Features option](configure-network-features.md#set-the-network-features-option) in the volume creation page.
 * For increased security, you can select the **Disable public access** option within the network settings of your key vault. When selecting this option, you must also select **Allow trusted Microsoft services to bypass this firewall** to permit the Azure NetApp Files service to access your encryption key.
 * Customer-managed keys support automatic Managed System Identity (MSI) certificate renewal. If your certificate is valid, you don't need to manually update it. 
-* Applying Azure network security groups on the private link subnet to Azure Key Vault isn't supported for Azure NetApp Files customer-managed keys. Network security groups don't affect connectivity to Private Link unless `Private endpoint network policy` is enabled on the subnet. It's _required_ to keep this option disabled.
 * If Azure NetApp Files fails to create a customer-managed key volume, error messages are displayed. For more information, see [Error messages and troubleshooting](#error-messages-and-troubleshooting).
 * Do not make any changes to the underlying Azure Key Vault or Azure Private Endpoint after creating a customer-managed keys volume. Making changes can make the volumes inaccessible.
 * Azure NetApp Files supports the ability to [transition existing volumes from platform-managed keys (PMK) to customer-managed keys (CMK) without data migration](#transition-volumes). This provides flexibility with the encryption key lifecycle (renewals, rotations) and extra security for regulated industry requirements.
diff --git a/articles/azure-netapp-files/configure-network-features.md b/articles/azure-netapp-files/configure-network-features.md
@@ -20,7 +20,7 @@ Two settings are available for network features:
 * ***Standard***  
     This setting enables VNet features for the volume.  
 
-    If you need higher IP limits or VNet features such as [network security groups (NSGs)](../virtual-network/network-security-groups-overview.md), [user-defined routes](../virtual-network/virtual-networks-udr-overview.md#user-defined), or additional connectivity patterns, you should set **Network Features** to *Standard*.
+    If you need higher IP limits or VNet features such as [network security groups (NSGs)](../virtual-network/network-security-groups-overview.md), [user-defined routes](../virtual-network/virtual-networks-udr-overview.md#user-defined), or additional connectivity patterns, set **Network Features** to *Standard*.
 
 * ***Basic***  
     This setting provides reduced IP limits (<1000) and no additional VNet features for the volumes.
diff --git a/articles/azure-netapp-files/data-plane-security.md b/articles/azure-netapp-files/data-plane-security.md
@@ -146,7 +146,7 @@ Private endpoints are specialized network interfaces that facilitate a secure an
 
 ### Network security groups (NSGs)
 
-NSGs are collections of security rules that govern inbound and outbound traffic to network interfaces, virtual machines (VMs), and subnets within Azure. These rules are instrumental in defining the access controls and traffic patterns within your network. NSGs are only supported when using the Standard network feature in Azure NetApp Files.
+NSGs are collections of security rules that govern inbound and outbound traffic to network interfaces, virtual machines (VMs), and subnets within Azure. These rules are instrumental in defining the access controls and traffic patterns within your network. NSGs are only supported when using Standard network features in Azure NetApp Files.
 
 #### Security benefits
 
diff --git a/articles/azure-netapp-files/default-individual-user-group-quotas-introduction.md b/articles/azure-netapp-files/default-individual-user-group-quotas-introduction.md
@@ -5,7 +5,7 @@ services: azure-netapp-files
 author: b-hchen
 ms.service: azure-netapp-files
 ms.topic: conceptual
-ms.date: 02/23/2023
+ms.date: 03/21/2025
 ms.author: anfdocs
 ---
 # Understand default and individual user and group quotas  
@@ -110,7 +110,7 @@ In the following scenario, users `user4` and `user5` are members of `group2`. Th
 :::image type="content" source="./media/default-individual-user-group-quotas-introduction/exceed-disk-quota.png" alt-text="Example showing a scenario of exceeding disk quota.":::
 
 > [!IMPORTANT] 
-> For quota reporting to work, the client needs access to port 4049/UDP on the Azure NetApp Files volumes’ storage endpoint. When using NSGs with standard network features on the Azure NetApp Files delegated subnet, make sure that access is enabled.
+> For quota reporting to work, the client needs access to port 4049/UDP on the Azure NetApp Files volumes’ storage endpoint. When using NSGs with Standard network features on the Azure NetApp Files delegated subnet, ensure access is enabled.
 
 ## Next steps
 
