Merge pull request #302516 from ZarrVenkat/prmportal

Prmportal

Author: AnnaMHuff

articles/firewall-manager/secure-cloud-network-powershell.md

@@ -137,14 +137,14 @@ $AzFWRoute = New-AzVHubRoute -Name "all_traffic" -Destination @("0.0.0.0/0", "10
 $DefaultRT = Update-AzVHubRouteTable -Name "defaultRouteTable" -ResourceGroupName $RG -VirtualHubName  $HubName -Route @($AzFWRoute)
 ```
 > [!NOTE]
-> String "***all_traffic***" as value for parameter "-Name" in the New-AzVHubRoute command above has a special meaning: if you use this exact string, the configuration applied in this article will be properly reflected in the Azure Portal (Firewall Manager --> Virtual hubs --> [Your Hub] --> Security Configuration). If a different name will be used, the desired configuration will be applied, but will not be reflected in the Azure Portal.
+> String "***all_traffic***" as value for parameter "-Name" in the New-AzVHubRoute command above has a special meaning: if you use this exact string, the configuration applied in this article will be properly reflected in the Azure portal (Firewall Manager --> Virtual hubs --> [Your Hub] --> Security Configuration). If a different name will be used, the desired configuration will be applied, but will not be reflected in the Azure portal.
 
 ##  <a name="routingintent"></a> Enabling routing intent
 
 If you want to send inter-hub and inter-region traffic via Azure Firewall deployed in the Virtual WAN hub, you can instead enable the routing intent feature. For more information on routing intent, see [Routing Intent documentation](../virtual-wan/how-to-routing-policies.md).
 
 > [!NOTE]
-> This is the configuration deployed when securing connectivity from the Azure Portal with Azure Firewall Manager when the "Interhub" setting is set to **enabled**.
+> This is the configuration deployed when securing connectivity from the Azure portal with Azure Firewall Manager when the "Interhub" setting is set to **enabled**.
 
 ```azurepowershell
 # Get the Azure Firewall resource ID
@@ -154,7 +154,7 @@ $AzFWId = $(Get-AzVirtualHub -ResourceGroupName <thname> -name  $HubName).AzureF
 $policy1 = New-AzRoutingPolicy -Name "PrivateTraffic" -Destination @("PrivateTraffic") -NextHop $firewall.Id
 $policy2 = New-AzRoutingPolicy -Name "PublicTraffic" -Destination @("Internet") -NextHop $firewall.Id
 New-AzRoutingIntent -ResourceGroupName "<rgname>" -VirtualHubName "<hubname>" -Name "hubRoutingIntent" -RoutingPolicy @($policy1, $policy2)
-If your Virtual WAN uses non-RFC1918 address prefixes (for example, `40.0.0.0/24` in a virtual network or on-premises), you should add an extra route to the `defaultRouteTable` after completing the routing intent configuration. Name this route **private_traffic**. If you use a different name, the route will work as expected, but the configuration will not be reflected in the Azure Portal.
+If your Virtual WAN uses non-RFC1918 address prefixes (for example, `40.0.0.0/24` in a virtual network or on-premises), you should add an extra route to the `defaultRouteTable` after completing the routing intent configuration. Name this route **private_traffic**. If you use a different name, the route will work as expected, but the configuration will not be reflected in the Azure portal.
 
 ```azurepowershell-interactive
 # Get the defaultRouteTable

articles/firewall/premium-portal.md

@@ -13,32 +13,31 @@ ms.author: duau
 # Azure Firewall Premium in the Azure portal
 
 
- Azure Firewall Premium is a next generation firewall with capabilities that are required for highly sensitive and regulated environments. It includes the following features:
+Azure Firewall Premium is an advanced firewall designed for highly sensitive and regulated environments. It offers enhanced security features, including:
 
-- **TLS inspection** - decrypts outbound traffic, processes the data, then encrypts the data and sends it to the destination.
-- **IDPS** - A network intrusion detection and prevention system (IDPS) allows you to monitor network activities for malicious activity, log information about this activity, report it, and optionally attempt to block it.
-- **URL filtering** - extends Azure Firewall’s FQDN filtering capability to consider an entire URL. For example, `www.contoso.com/a/c` instead of `www.contoso.com`.
-- **Web categories** - administrators can allow or deny user access to website categories such as gambling websites, social media websites, and others.
+- **TLS inspection**: Decrypts outbound traffic, inspects it for threats, then re-encrypts the data before sending it to its destination.
+- **IDPS (Intrusion Detection and Prevention System)**: Monitors network activity for malicious behavior, logs and reports incidents, and can block threats in real time.
+- **URL filtering**: Filters traffic based on the full URL path (for example, `www.contoso.com/a/c`), not just the domain name.
+- **Web categories**: Lets administrators control access to websites by category, such as social media, gambling, and more.
 
 For more information, see [Azure Firewall Premium features](premium-features.md).
 
 ## Deploy the firewall
 
-Deploying an Azure Firewall Premium is similar to deploying a standard Azure Firewall:
+Deploying Azure Firewall Premium follows the same steps as deploying a standard Azure Firewall:
 
 :::image type="content" source="media/premium-portal/premium-portal.png" alt-text="portal deployment":::
 
-For **Firewall tier**, you select **Premium** and for **Firewall policy**, you select an existing Premium policy or create a new one.
+For **Firewall tier**, choose **Premium**. For **Firewall policy**, either select an existing Premium policy or create a new one.
 
 ## Configure the Premium policy
 
-Configuring a Premium firewall policy is similar to configuring a Standard firewall policy. With a Premium policy, you can configure the Premium features:
+Configuring a Premium firewall policy is similar to configuring a Standard firewall policy. However, with a Premium policy, you can enable advanced features such as TLS inspection, IDPS, URL filtering, and web categories to enhance your network security.
 
 :::image type="content" source="media/premium-portal/premium-policy.png" alt-text="Premium policy deployment":::
 
 ### Rule configuration
-
-When you configure application rules in a Premium policy, you can configure addition Premium features:
+When configuring application rules in a Premium policy, you can enable additional Premium features, such as TLS inspection, IDPS, URL filtering, and web categories.
 
 :::image type="content" source="media/premium-portal/premium-application-rule.png" alt-text="Premium rule":::
 

articles/firewall/threat-intel.md

@@ -21,9 +21,9 @@ When threat intelligence-based filtering is enabled, Azure Firewall evaluates tr
 
 Administrators can configure the firewall to operate in alert-only mode or in alert and deny mode when a threat intelligence rule is triggered. By default, the firewall operates in alert-only mode. This mode can be disabled or changed to alert and deny.
 
-Allow lists can be defined to exempt specific FQDNs, IP addresses, ranges, or subnets from threat intelligence filtering.
+Allowlists can be defined to exempt specific FQDNs, IP addresses, ranges, or subnets from threat intelligence filtering.
 
-For batch operations, administrators can upload a CSV file containing IP addresses, ranges, and subnets to populate the allow list.
+For batch operations, administrators can upload a CSV file containing IP addresses, ranges, and subnets to populate the allowlist.
 
 ## Logs