Resolve PR warnings.

jingjlii · jingjlii · commit 3f1787a051a7 · 2025-03-10T15:45:20.000-07:00
diff --git a/articles/batch/network-security-perimeter.md b/articles/batch/network-security-perimeter.md
@@ -8,55 +8,55 @@ ms.custom: references_regions
 
 # Network Security Perimeter
 
-The [network security perimeter (NSP)](../private-link/network-security-perimeter-concepts.md) provided by Azure networking serves as a comprehensive tool for customers to ensure optimal security when utilizing PaaS resources. It allows customers to establish logical boundaries for network isolation and collectively manage public access controls for numerous PaaS resources.
+The [network security perimeter (NSP)](/azure/private-link/network-security-perimeter-concepts.md) provided by Azure networking serves as a comprehensive tool for customers to ensure optimal security when utilizing PaaS resources. It allows customers to establish logical boundaries for network isolation and collectively manage public access controls for numerous PaaS resources.
 
 With a network security perimeter:
   - PaaS resources associated with a specific perimeter are, by default, only able to communicate with other PaaS resources within the same perimeter.
   - By utilizing explicit access rules, exceptions can be made for external inbound and outbound communication.
-  - [Diagnostic Logs](../private-link/network-security-perimeter-diagnostic-logs.md) are enabled for PaaS resources within perimeter for Audit and Compliance.
+  - [Diagnostic Logs](/azure/private-link/network-security-perimeter-diagnostic-logs.md) are enabled for PaaS resources within perimeter for Audit and Compliance.
 
 > [!IMPORTANT]
-> Private link with the [private endpoint](../private-link/private-endpoint-overview.md) will not be governed by network security perimeter rules.
+> Private link with the [private endpoint](/azure/private-link/private-endpoint-overview.md) will not be governed by network security perimeter rules.
 
-# Network Security Perimeter Scenarios in Batch service
+## Network Security Perimeter Scenarios in Batch service
 
 Azure Batch service is designed to support various scenarios that necessitate access to other PaaS resources:
 
   - **Application packages**: This requires communication with Azure Storage. For additional details, please refer to [batch-application-packages](./batch-application-packages.md).
   - **Customer-managed Keys**: This requires communication with Azure KeyVault. For additional details, please refer to [batch-customer-managed-key](./batch-customer-managed-key.md).
 
-By onboarding network security perimeter, network administrators can establish a network isolation boundary for their PaaS services. This allows for the configuration of public access controls for multiple PaaS resources through a uniform API and a consistent user experience.
+By onboarding network security perimeter, network administrators can establish a network isolation boundary for their PaaS services. This allows for the configuration of public access controls for multiple PaaS resources through a uniform API and a consistent user experience.For the PaaS communications supported by Batch as mentioned above, Azure storage and Azure KeyVault have onboared network secruity perimeter, see [Network security perimeter in Azure Storage](/azure/storage/common/storage-network-security?tabs=azure-portal#network-security-perimeter-preview) and (Network security perimeter in Azure Key Vault)(/azure/key-vault/general/network-security#network-security-perimeter-preview)
 
-For the PaaS communications supported by Batch as mentioned above, network security perimeter provides several methods to enable Batch to interact with other PaaS services:
-  - Associate the target PaaS resource with the same perimeter as the Batch account and assign the necessary RBAC permissions to the Managed Identity used across these resources.
-  - Create the profile with appropriate inbound access rules (e.g., whitelist the Batch account's fully qualified domain name) and apply it to the target PaaS resource. This profile will be used to evaluate inbound traffic (sent from Batch) from outside the perimeter traffic.
+Network security perimeter provides several methods to enable Batch to interact with other PaaS services if the target PaaS service is in network security perimeter:
+  - Associate the Batch account with the same perimeter as the target resource and assign the necessary RBAC permissions to the Managed Identity used across these resources.
+  - Create the profile with appropriate inbound access rules (e.g. creating an inbound access rule for the Batch account's fully qualified domain name) and apply it to the target PaaS resource. This profile will be used to evaluate inbound traffic (sent from Batch) from outside the perimeter traffic.
 
 Please note that Batch users can also use the network security perimeter to secure inbound traffic, not just the outbound traffic scenarios outlined above.
 
 > [!NOTE]
 > Nodes within Batch pools are not regulated by network security perimeters. To ensure network isolation for the pool, you may still need to create a **nodeManagement** private endpoint for [the Batch pool without public ip addresses](./simplified-node-communication-pool-no-public-ip.md).
 > To enable a node to access Azure Storage and other PaaS resources associated with a network security perimeter, ensure that relevant access rules are added to the target PaaS resource's profile. This will grant the node the necessary permissions to visit.
 
-# Configure Network Security Perimeter for Azure Batch account
+## Configure Network Security Perimeter for Azure Batch account
 
-## Prerequiste
+### Prerequiste
 
 1. Set up your Batch account by using a user-assigned managed identity.
 2. It's optional but recommended to change the public network access of your Batch account to `SecuredByPerimeter`.
 
     This guarantees that both inbound and outbound connectivity of the resource is restricted to those within the same perimeter, and public access is governed by the access rules determined by the related perimeter profile. 
     
-    This Batch account modification can be made using the [Batch management Account API](https://learn.microsoft.com/en-us/rest/api/batchmanagement/batch-account/update?view=rest-batchmanagement-2024-07-01&tabs=HTTP#publicnetworkaccesstype).
+    This Batch account modification can be made using the [Batch management Account API](/rest/api/batchmanagement/batch-account/update?#publicnetworkaccesstype) or [SDK BatchPublicNetworkAccess Enum value](/dotnet/api/azure.resourcemanager.batch.models.batchpublicnetworkaccess).
 
 3. Make sure your Batch account operates only with the simplified node communication pool.
 
-## Create a Network Security Perimeter
+### Create a Network Security Perimeter
 
-Create your own network security perimeter resource using [Azure portal](../private-link/create-network-security-perimeter-portal.md) or [PowerShell](../private-link/create-network-security-perimeter-powershell.md) or [Azure CLI](../private-link/create-network-security-perimeter-cli.md).
+Create your own network security perimeter resource using [Azure portal](/azure/private-link/create-network-security-perimeter-portal.md) or [PowerShell](/azure/private-link/create-network-security-perimeter-powershell.md) or [Azure CLI](/azure/private-link/create-network-security-perimeter-cli.md).
 
-## Associate Batch account with the Network Security Perimeter
+### Associate Batch account with the Network Security Perimeter
 
-### Using Azure Portal
+#### Using Azure Portal
 1. Navigate to your network security perimeter in the Azure portal, where you should have established a profile for your Batch account to associate with. If you haven't done so yet, please proceed to **Settings** -> **Profiles** to create a network security perimeter profile initially.
 
 ![Profiles](./media/network-security-perimeter/create-profile.png)
@@ -69,7 +69,7 @@ Create your own network security perimeter resource using [Azure portal](../priv
 
 ![Associate Profile](./media/network-security-perimeter/associate-profile.png)
 
-### Using PowerShell
+#### Using PowerShell
 1. Create a new profile for your network security perimeter
 
     ```azurepowershell-interactive
@@ -101,7 +101,7 @@ Create your own network security perimeter resource using [Azure portal](../priv
         New-AzNetworkSecurityPerimeterAssociation @nspAssociation | format-list
     ```
 
-### Using Azure CLI
+#### Using Azure CLI
 
 1. Create a new profile for your network security perimeter with the following command:
 
@@ -145,7 +145,7 @@ Create your own network security perimeter resource using [Azure portal](../priv
 ## Next steps
 
 - Learn more about [security best practices in Azure Batch](security-best-practices.md).
-- Learn more about [Network Security Perimeter Concepts](../private-link/network-security-perimeter-concepts.md).
-- Learn more about [Network Security Perimeter Diagnostic Logs](../private-link/network-security-perimeter-diagnostic-logs.md).
-- Learn more about [Network Security Perimeter Role Based Access Control](../private-link/network-security-perimeter-role-based-access-control-requirements.md).
-- Learn more about [Network Security Perimeter Transition](../private-link/network-security-perimeter-transition.md).
+- Learn more about [Network Security Perimeter Concepts](/azure/private-link/network-security-perimeter-concepts.md).
+- Learn more about [Network Security Perimeter Diagnostic Logs](/azure/private-link/network-security-perimeter-diagnostic-logs.md).
+- Learn more about [Network Security Perimeter Role Based Access Control](/azure/private-link/network-security-perimeter-role-based-access-control-requirements.md).
+- Learn more about [Network Security Perimeter Transition](/azure/private-link/network-security-perimeter-transition.md).
