Freshness pass over private endpoint doc

Author: HeidiSteen

articles/search/service-create-private-endpoint.md

@@ -2,38 +2,43 @@
 title: Create a Private Endpoint for a secure connection
 titleSuffix: Azure Cognitive Search
 description: Set up a private endpoint in a virtual network for a secure connection to an Azure Cognitive Search service.
-author: nitinme
-ms.author: nitinme
+author: HeidiSteen
+ms.author: heidist
 manager: nitinme
 ms.service: cognitive-search
 ms.topic: conceptual
-ms.date: 02/16/2021
+ms.date: 09/12/2022
 ---
 
 # Create a Private Endpoint for a secure connection to Azure Cognitive Search
 
-In this article, you'll use the Azure portal to create a new Azure Cognitive Search service instance that can't be accessed via the internet. Next, you'll configure an Azure virtual machine in the same virtual network and use it to access the search service via a private endpoint.
+In this article, you'll learn how to secure an Azure Cognitive Search service so that it can't be accessed over the internet:
 
-Private endpoints are provided by [Azure Private Link](../private-link/private-link-overview.md), as a separate service. For more information about costs, see the [pricing page](https://azure.microsoft.com/pricing/details/private-link/).
++ [Create an Azure virtual network](#create-the-virtual-network) or use an existing one
++ [Create or update a search service to use a private endpoint](#create-a-search-service-with-a-private-endpoint)
++ [Configure an Azure virtual machine in the same virtual network](#create-a-virtual-machine)
++ [Connect to the search service using a browser session on the virtual machine](#connect-to-the-vm)
+
+Private endpoints are provided by [Azure Private Link](../private-link/private-link-overview.md), as a separate billable service. For more information about costs, see the [pricing page](https://azure.microsoft.com/pricing/details/private-link/).
 
 You can create a private endpoint in the Azure portal, as described in this article. Alternatively, you can use the [Management REST API version 2020-03-13](/rest/api/searchmanagement/), [Azure PowerShell](/powershell/module/az.search), or [Azure CLI](/cli/azure/search).
 
 > [!NOTE]
-> To access a search service using a private endpoint through the portal, [use the portal inside the virtual network](#portal-access-private-search-service)
+> Once a search service is configured for private link, portal access a search service must be initiated from a browser session on a virtual machine inside the virtual network. See [this step](#portal-access-private-search-service) for details.
 
 ## Why use a Private Endpoint for secure access?
 
 [Private Endpoints](../private-link/private-endpoint-overview.md) for Azure Cognitive Search allow a client on a virtual network to securely access data in a search index over a [Private Link](../private-link/private-link-overview.md). The private endpoint uses an IP address from the [virtual network address space](../virtual-network/ip-services/private-ip-addresses.md) for your search service. Network traffic between the client and the search service traverses over the virtual network and a private link on the Microsoft backbone network, eliminating exposure from the public internet. For a list of other PaaS services that support Private Link, check the [availability section](../private-link/private-link-overview.md#availability) in the product documentation.
 
-Private endpoints for your search service enables you to:
+Private endpoints for your search service enable you to:
 
-- Block all connections on the public endpoint for your search service.
-- Increase security for the virtual network, by enabling you to block exfiltration of data from the virtual network.
-- Securely connect to your search service from on-premises networks that connect to the virtual network using [VPN](../vpn-gateway/vpn-gateway-about-vpngateways.md) or [ExpressRoutes](../expressroute/expressroute-locations.md) with private-peering.
++ Block all connections on the public endpoint for your search service.
++ Increase security for the virtual network, by enabling you to block exfiltration of data from the virtual network.
++ Securely connect to your search service from on-premises networks that connect to the virtual network using [VPN](../vpn-gateway/vpn-gateway-about-vpngateways.md) or [ExpressRoutes](../expressroute/expressroute-locations.md) with private-peering.
 
 ## Create the virtual network
 
-In this section, you will create a virtual network and subnet to host the VM that will be used to access your search service's private endpoint.
+In this section, you'll create a virtual network and subnet to host the VM that will be used to access your search service's private endpoint.
 
 1. From the Azure portal home tab, select **Create a resource** > **Networking** > **Virtual network**.
 
@@ -47,11 +52,11 @@ In this section, you will create a virtual network and subnet to host the VM tha
     | Region | Select your desired region |
     |||
 
-1. Leave the defaults for the rest of the settings. Click **Review + create** and then **Create**
+1. Leave the defaults for the rest of the settings. Select **Review + create** and then **Create**
 
 ## Create a search service with a private endpoint
 
-In this section, you will create a new Azure Cognitive Search service with a Private Endpoint.
+In this section, you'll create a new Azure Cognitive Search service with a Private Endpoint.
 
 1. On the upper-left side of the screen in the Azure portal, select **Create a resource** > **Web** > **Azure Cognitive Search**.
 
@@ -61,7 +66,7 @@ In this section, you will create a new Azure Cognitive Search service with a Pri
     | ------- | ----- |
     | **PROJECT DETAILS** | |
     | Subscription | Select your subscription. |
-    | Resource group | Select **myResourceGroup**. You created this in the previous section.|
+    | Resource group | Select **myResourceGroup**, which you created in the previous section.|
     | **INSTANCE DETAILS** |  |
     | URL | Enter a unique name. |
     | Location | Select your desired region. |
@@ -76,15 +81,15 @@ In this section, you will create a new Azure Cognitive Search service with a Pri
 
 1. In **New Search Service - Networking**, select **+ Add** under **Private endpoint**. 
 
-1. In **Create Private Endpoint**, enter or select this information:
+1. In **Create Private Endpoint**, enter or select the following values:
 
     | Setting | Value |
     | ------- | ----- |
     | Subscription | Select your subscription. |
-    | Resource group | Select **myResourceGroup**. You created this in the previous section.|
+    | Resource group | Select **myResourceGroup**, which you created in the previous section.|
     | Location | Select **West US**.|
     | Name | Enter *myPrivateEndpoint*.  |
-    | Target sub-resource | Leave the default **searchService**. |
+    | Target subresource | Leave the default **searchService**. |
     | **NETWORKING** |  |
     | Virtual network  | Select *MyVirtualNetwork* from resource group *myResourceGroup*. |
     | Subnet | Select *mySubnet*. |
@@ -99,7 +104,7 @@ In this section, you will create a new Azure Cognitive Search service with a Pri
 
 1. When you see the **Validation passed** message, select **Create**. 
 
-1. Once provisioning of your new service is complete, browse to the resource that you just created.
+1. Once provisioning of your new service is complete, browse to the resource that you created.
 
 1. Select **Keys** from the left content menu.
 
@@ -111,16 +116,16 @@ In this section, you will create a new Azure Cognitive Search service with a Pri
 
 1. On the upper-left side of the screen in the Azure portal, select **Create a resource** > **Compute** > **Virtual machine**.
 
-1. In **Create a virtual machine - Basics**, enter or select this information:
+1. In **Create a virtual machine - Basics**, enter or select the following values:
 
     | Setting | Value |
     | ------- | ----- |
     | **PROJECT DETAILS** | |
     | Subscription | Select your subscription. |
-    | Resource group | Select **myResourceGroup**. You created this in the previous section.  |
+    | Resource group | Select **myResourceGroup**, which you created in the previous section.  |
     | **INSTANCE DETAILS** |  |
     | Virtual machine name | Enter *myVm*. |
-    | Region | Select **West US** or whatever region you are using. |
+    | Region | Select **West US** or whatever region you're using. |
     | Availability options | Leave the default **No infrastructure redundancy required**. |
     | Image | Select **Windows Server 2019 Datacenter**. |
     | Size | Leave the default **Standard DS1 v2**. |
@@ -189,16 +194,17 @@ Download and then connect to the VM *myVm* as follows:
 
 ## Test connections
 
-In this section, you will verify private network access to the search service and connect privately to the using the Private Endpoint.
+In this section, you'll verify private network access to the search service and connect privately to the using the Private Endpoint.
 
 When the search service endpoint is private, some portal features are disabled. You'll be able to view and manage service level settings, but portal access to index data and various other components in the service, such as the index, indexer, and skillset definitions, is restricted for security reasons.
 
 1. In the Remote Desktop of *myVM*, open PowerShell.
 
-1. Enter 'nslookup [search service name].search.windows.net'
+1. Enter `nslookup [search service name].search.windows.net`.
 
     You'll receive a message similar to this:
-    ```azurepowershell
+
+    ```
     Server:  UnKnown
     Address:  168.63.129.16
     Non-authoritative answer:
@@ -213,22 +219,30 @@ When the search service endpoint is private, some portal features are disabled.
 
 1. Close the remote desktop connection to *myVM*. 
 
-1. To verify that your service is not accessible on a public endpoint, open Postman on your local workstation and attempt the first several tasks in the quickstart. If you receive an error that the remote server does not exist, you have successfully configured a private endpoint for your search service.
+1. To verify that your service isn't accessible on a public endpoint, open Postman on your local workstation and attempt the first several tasks in the quickstart. If you receive an error that the remote server doesn't exist, you've successfully configured a private endpoint for your search service.
 
 <a id="portal-access-private-search-service"></a>
 
 ## Use the Azure portal to access a private search service
 
-When the search service endpoint is private, some portal features are disabled. You can view and manage service level information, but index, indexer, and skillset information is hidden for security reasons. To work around this restriction, connect to Azure portal from a browser on a virtual machine inside the virtual network. The portal uses the private endpoint on the connection and gives you visibility into content and operations.
+When the search service endpoint is private, some portal features are disabled. You can view and manage service level information, but index, indexer, and skillset information is hidden for security reasons. 
+
+To work around this restriction, connect to Azure portal from a browser on a virtual machine inside the virtual network. The portal uses the private endpoint on the connection and gives you visibility into content and operations.
 
 1. Follow the [steps to provision a VM that can access the search service through a private endpoint](#create-virtual-machine-private-endpoint).
+
 1. On a virtual machine in your virtual network, open a browser and sign into the Azure portal. The portal will use the private endpoint attached to the virtual machine to connect to your search service.
 
-## Clean up resources 
+## Clean up resources
+
 When you're done using the Private Endpoint, search service, and the VM, delete the resource group and all of the resources it contains:
-1. Enter *myResourceGroup* in the **Search** box at the top of the portal and select *myResourceGroup* from the search results. 
+
+1. Enter *myResourceGroup* in the **Search** box at the top of the portal and select *myResourceGroup* from the search results.
+
 1. Select **Delete resource group**. 
+
 1. Enter *myResourceGroup* for **TYPE THE RESOURCE GROUP NAME** and select **Delete**.
 
 ## Next steps
+
 In this article, you created a VM on a virtual network and a search service with a Private Endpoint. You connected to the VM from the internet and securely communicated to the search service using Private Link. To learn more about Private Endpoint, see [What is Azure Private Endpoint?](../private-link/private-endpoint-overview.md).