Added new Private Link article

msmbaldwin · msmbaldwin · commit 40d08b78587f · 2020-01-27T11:35:33.000-08:00
diff --git a/articles/key-vault/private-link-service.md b/articles/key-vault/private-link-service.md
@@ -15,7 +15,7 @@ Azure Private Link Service enables you to access Azure Services (for example, Az
 
 An Azure Private Endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. The private endpoint uses a private IP address from your VNet, effectively bringing the service into your VNet. All traffic to the service can be routed through the private endpoint, so no gateways, NAT devices, ExpressRoute or VPN connections, or public IP addresses are needed. Traffic between your virtual network and the service traverses over the Microsoft backbone network, eliminating exposure from the public Internet. You can connect to an instance of an Azure resource, giving you the highest level of granularity in access control.
 
-For more information, see [What is Azure Private Link (Preview)?](../private-link/private-link-overview.md).
+For more information, see [What is Azure Private Link (Preview)?](../private-link/private-link-overview.md)
 
 ## Prerequisites
 
@@ -30,18 +30,17 @@ Your private endpoint and virtual network must be in the same region. When you s
 
 Your private endpoint uses a private IP address in your virtual network.
 
-## Create a private link connection to key vault
+## Establish a private link connection to key vault
 
-First, create a Virtual Network by following the steps in [Create a virtual network using the Azure portal](../virtual-network/quick-create-portal
-.md)
+First, create a virtual network by following the steps in [Create a virtual network using the Azure portal](../virtual-network/quick-create-portal.md)
 
-You can either create a new key vault and create a private link connection, or create a private link connection to an existing key vault.
+You can then either create a new key vault, or establish a private link connection to an existing key vault.
 
-### Create a new key vault and create a private link connection
+### Create a new key vault and establish a private link connection
 
 You can create a new key Vault by following the steps in [Set and retrieve a secret from Azure Key Vault using the Azure portal](quick-create-portal.md)
 
-After configuring vault basics, select the Networking tab and follow these steps:
+After configuring the key vault basics, select the Networking tab and follow these steps:
 
 1. Select the Private Endpoint (preview) radio button in the Networking tab.
 1. Click the "+ Add" Button to add a private endpoint.
@@ -52,17 +51,16 @@ After configuring vault basics, select the Networking tab and follow these steps
 1. In the "Name" field, create a descriptive name that will allow you to identify this private endpoint. 
 1. Select the virtual network and subnet you want this private endpoint to be created in from the dropdown menu. 
 1. Leave the "integrate with the private zone DNS" option unchanged.  
-1. Select "Ok"
+1. Select "Ok".
 
-      ![Image](./media/private-link-service-2.png)
+    ![Image](./media/private-link-service-2.png)
  
-
 You will now be able to see the configured private endpoint. You now have the option to delete and edit this private endpoint. 
 Select the "Review + Create" button and create the key vault. It will take approximately 5-10 minutes for the deployment to complete. 
 
-### Create a private link connection to an existing key vault
+### Establish a private link connection to an existing key vault
 
-If you already have a key vault, you can create a private link connection to it by following these steps:
+If you already have a key vault, you can create a private link connection by following these steps:
 
 1. Sign in to the Azure portal. 
 1. In the search bar, type in "key vaults"
@@ -76,14 +74,14 @@ If you already have a key vault, you can create a private link connection to it
 
 Please note, you can choose to create a private endpoint for any Azure resource in using this blade. You can either use the dropdown menus to select a resource type and select a resource in your directory, or you can connect to any Azure resource using a resource ID. Leave the "integrate with the private zone DNS" option unchanged.  
 
-    ![Image](./media/private-link-service-5.png)
-    ![Image](./media/private-link-service-6.png)
+![Image](./media/private-link-service-3.png)
+![Image](./media/private-link-service-4.png)
 
 ## Manage Private Link Connection
 
-When you create a private endpoint, the connection must be approved. If the resource you are creating a private endpoint for is in your directory, you will be able to approve the connection request provided you have sufficient permissions. If you are connecting to an Azure resource in another directory, you must wait for the owner of that resource to approve your connection request.
+When you create a private endpoint, the connection must be approved. If the resource for which you are creating a private endpoint is in your directory, you will be able to approve the connection request provided you have sufficient permissions; if you are connecting to an Azure resource in another directory, you must wait for the owner of that resource to approve your connection request.
 
-What do the various provisioning states mean?
+There are four provisioning states:
 
 | Service Provide Action | Service Consumer Private Endpoint State | Description |
 |--|--|--|
@@ -107,12 +105,13 @@ What do the various provisioning states mean?
 
 ## Validate that the private link connection works 
 
-The purpose of this test is to make sure that resources within the same subnet of the private endpoint resource are connecting to your key vault over a private IP address and have the correct private DNS zone integration. 
+You should now validate that the resources within the same subnet of the private endpoint resource are connecting to your key vault over a private IP address, and that they have the correct private DNS zone integration.
 
 First, create a virtual machine by following the steps in [Create a Windows virtual machine in the Azure portal](../virtual-machines/windows/quick-create-portal.md)
 
 In the "Networking" tab:
-1. Specify Virtual network and Subnet. You can create a new Vnet or selecting an existing one. For selecting an existing one, make sure the region matches else it won’t show up.
+
+1. Specify Virtual network and Subnet. You can create a new virtual network or select an existing one. If selecting an existing one, make sure the region matches.
 1. Specify a Public IP resource.
 1. In the "NIC network security group", select "None".
 1. In the "Load balancing", select "No".
