edits

Author: ktoliver

articles/azure-web-pubsub/howto-authorize-from-application.md

@@ -92,7 +92,7 @@ This section demonstrates how to assign a Web PubSub Service Owner role to a ser
 
 1. Search for and select the application that you want to assign the role to.
 
-1. Select **Select** to confirm the selection.
+1. Choose **Select** to confirm the selection.
 
 1. Select **Next**.
 

articles/azure-web-pubsub/howto-authorize-from-managed-identity.md

@@ -76,7 +76,7 @@ This section demonstrates how to assign the Web PubSub Service Owner role to a s
 
 1. Search for and then select the virtual machine that you want to assign the role to.
 
-1. Select **Select** to confirm the selection.
+1. Choose **Select** to confirm the selection.
 
 1. Select **Next**.
 

articles/azure-web-pubsub/howto-custom-domain.md

@@ -24,7 +24,7 @@ In addition to the default domain that the Azure Web PubSub service provides, yo
 
 Before you can add a custom domain, add a matching custom certificate. A custom certificate is a resource of your instance of Web PubSub. It references a certificate in your key vault. For security and compliance, Web PubSub doesn't permanently store your certificate. Instead, it fetches the certificate from your key vault and keeps it in memory.
 
-### Step 1: Grant your Web PubSub resource access to the key vault
+### Grant your Web PubSub resource access to the key vault
 
 Azure Web PubSub Service uses Managed Identity to access your Key Vault. In order to authorize, it needs to be granted permissions.
 
@@ -53,7 +53,7 @@ Azure Web PubSub Service uses Managed Identity to access your Key Vault. In orde
 
 Depending on how you configure your Azure Key Vault permissions model, you might need to grant permissions at different locations in the Azure portal.
 
-#### [Vault access policy](#tab/vault-access-policy)
+#### [Key vault access policy](#tab/vault-access-policy)
 
 If you use a key vault built-in access policy as a key vault permissions model:
 
@@ -105,7 +105,7 @@ If you're using Azure role-based access control as Key Vault permission model:
 
 -----
 
-### Step 2: Create a custom certificate
+### Create a custom certificate
 
 1. In the Azure portal, go to your Web PubSub resource.
 1. On the left menu, select **Custom domain**.
@@ -114,7 +114,7 @@ If you're using Azure role-based access control as Key Vault permission model:
    :::image type="content" alt-text="Screenshot of custom certificate management." source="media\howto-custom-domain\portal-custom-certificate-management.png" :::
 
 1. Enter a name for the custom certificate.
-1. Select **Select from your Key Vault** to choose a key vault certificate. After you select a key vault, values for **Key Vault Base URI** and **Key Vault Secret Name** are automatically added. You also have to option to edit these fields manually.
+1. Choose **Select from your Key Vault** to choose a key vault certificate. After you select a key vault, values for **Key Vault Base URI** and **Key Vault Secret Name** are automatically added. You also have to option to edit these fields manually.
 1. (Optional) To pin the certificate to a specific version, enter a value for **Key Vault Secret Version**.
 1. Select **Add**.
 

articles/azure-web-pubsub/howto-secure-network-access-control.md

@@ -10,7 +10,7 @@ ms.date: 08/16/2024
 
 # Configure network access control for Azure Web PubSub
 
-Azure Web PubSub enables you to secure and control the level of access to your service endpoint, based on the request type and subset of networks used. When network rules are configured, only applications that request data over the specified set of networks can access your Web PubSub resource.
+You can configure Azure Web PubSub to secure and control the level of access to your service endpoint based on the request type and subset of networks used. When network rules are configured, only applications that request data over the specified set of networks can access your Web PubSub resource.
 
 Azure Web PubSub has a public endpoint that is accessible through the internet. You can also create a [private endpoint for your Web PubSub resource](howto-secure-private-endpoints.md). A private endpoint assigns a private IP address from your virtual network to the Web PubSub resource. It also secures all traffic between your virtual network and the Web PubSub resource over a private link. The Web PubSub network access control provides access control for both a public endpoint and for private endpoints.
 

articles/azure-web-pubsub/howto-secure-private-endpoints.md

@@ -35,7 +35,7 @@ You can manage consent requests and private endpoints for your Web PubSub resour
 
 ### Connect to a private endpoint
 
-Clients on a VNet that uses a private endpoint should use the same connection string for the Web PubSub resource that clients that connect via a public endpoint use. We rely on Domain Naming Service (DNS) resolution to automatically route the connections from the VNet to Web PubSub over a private link.
+Clients on a VNet that uses a private endpoint should use the same connection string for the Web PubSub resource that clients that connect via a public endpoint use. We rely on Domain Naming System (DNS) resolution to automatically route the connections from the VNet to Web PubSub over a private link.
 
 > [!IMPORTANT]
 > Use the same connection string to connect to Web PubSub by using private endpoints as you would use for a public endpoint. Don't connect to Web PubSub by using its `privatelink` subdomain URL.
@@ -48,25 +48,25 @@ When you create a private endpoint, the DNS CNAME resource record for your Web P
 
 When you resolve your Web PubSub resource domain name from outside the VNet with the private endpoint, it resolves to the public endpoint of the Web PubSub resource. When resolved from the VNet hosting the private endpoint, the domain name resolves to the private endpoint's IP address.
 
-For the preceding illustrated example, the DNS resource records for the Web PubSub resource `foobar` when it's resolved from outside the VNet hosting the private endpoint:
+For the preceding illustrated example, the DNS resource records for the Web PubSub resource `sample` when it's resolved from outside the VNet hosting the private endpoint:
 
 | Name                                                  | Type  | Value                                                 |
 | :---------------------------------------------------- | :---: | :---------------------------------------------------- |
-| `foobar.webpubsub.azure.com`                        | CNAME | `foobar.privatelink.webpubsub.azure.com`            |
-| `foobar.privatelink.webpubsub.azure.com`            | A     | \<Azure Web PubSub public IP address\>           |
+| `sample.webpubsub.azure.com`                        | CNAME | `sample.privatelink.webpubsub.azure.com`            |
+| `sample.privatelink.webpubsub.azure.com`            | A     | \<Azure Web PubSub public IP address\>           |
 
-As previously mentioned, you can deny or control access for clients outside the VNet through the public endpoint using the network access control.
+As previously mentioned, you can deny or control access for clients outside the VNet through the public endpoint by using network access control.
 
-The DNS resource records for the Web PubSub resource `foobar` when it's resolved by a client in the VNet hosting the private endpoint:
+The DNS resource records for the Web PubSub resource `sample` when it's resolved by a client in the VNet that hosts the private endpoint:
 
 | Name                                                  | Type  | Value                                                 |
 | :---------------------------------------------------- | :---: | :---------------------------------------------------- |
-| `foobar.webpubsub.azure.com`                        | CNAME | `foobar.privatelink.webpubsub.azure.com`            |
-| `foobar.privatelink.webpubsub.azure.com`            | A     | 10.1.1.5                                              |
+| `sample.webpubsub.azure.com`                        | CNAME | `sample.privatelink.webpubsub.azure.com`            |
+| `sample.privatelink.webpubsub.azure.com`            | A     | 10.1.1.5                                              |
 
 This approach gives access to Web PubSub *by using the same connection string* for clients on the VNet that hosts the private endpoints and to clients outside the VNet.
 
-If you use a custom DNS server on your network, clients must be able to resolve the fully qualified domain name (FQDN) for the Web PubSub resource endpoint to the private endpoint IP address. You should configure your DNS server to delegate your private link subdomain to the private DNS zone for the VNet or configure the A records for `foobar.privatelink.webpubsub.azure.com` with the private endpoint IP address.
+If you use a custom DNS server on your network, clients must be able to resolve the fully qualified domain name (FQDN) for the Web PubSub resource endpoint to the private endpoint IP address. You should configure your DNS server to delegate your private link subdomain to the private DNS zone for the VNet or configure the A records for `sample.privatelink.webpubsub.azure.com` to use the private endpoint IP address.
 
 > [!TIP]
 > If you use a custom or on-premises DNS server, you should configure your DNS server to resolve the Web PubSub resource name in the `privatelink` subdomain to the private endpoint IP address. You can do this by delegating the `privatelink` subdomain to the private DNS zone of the VNet or by configuring the DNS zone on your DNS server and then adding the DNS A records.

articles/azure-web-pubsub/howto-secure-shared-private-endpoints-key-vault.md

@@ -163,7 +163,7 @@ It takes a few minutes for the approval to be propagated to Azure Web PubSub Ser
 az rest --method get --uri https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contoso/providers/Microsoft.SignalRService/webpubsub/contoso-webpubsub/sharedPrivateLinkResources/func-pe?api-version=2022-08-01-preview
 ```
 
-This command returns JSON. The connection state is indicated as `status` under `properties`.
+This command returns JSON. The connection state is indicated in `status` under `properties`.
 
 ```json
 {
@@ -185,7 +185,7 @@ When `properties.provisioningState` is `Succeeded` and `properties.status` (conn
 
 Now you can configure features like a custom domain as you typically would. You don't have to use a special domain for your key vault. Web PubSub automatically handles Domain Name System (DNS) resolution.
 
-## Related conte
+## Related content
 
 * [What is a private endpoint?](../private-link/private-endpoint-overview.md)
 * [Configure a custom domain](howto-custom-domain.md)

articles/azure-web-pubsub/howto-secure-shared-private-endpoints.md

@@ -115,7 +115,7 @@ When the shared private endpoint connection has a **Pending** status, you must a
 1. On the left menu, select **Networking**.
 1. Under **Inbound Traffic**, select **Private endpoints**.
 1. Select the pending connection that you created in your Web PubSub resource.
-1. Select **Approve** and then select **Yes** to confirm.
+1. Select **Approve**, and then select **Yes** to confirm.
 
 :::image type="content" alt-text="Screenshot of approving a private endpoint connection." source="media\howto-secure-shared-private-endpoints\portal-function-approve-private-endpoint.png" lightbox="media\howto-secure-shared-private-endpoints\portal-function-approve-private-endpoint.png" :::
 
@@ -172,7 +172,7 @@ It takes a few minutes for the approval to be reflected in Web PubSub. You can c
 az rest --method get --uri https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contoso/providers/Microsoft.SignalRService/webPubSub/contoso-webpubsub/sharedPrivateLinkResources/func-pe?api-version=2021-06-01-preview
 ```
 
-This command returns JSON. The connection state is indicated as `status` under `properties`.
+This command returns JSON. The connection state is indicated in `status` under `properties`.
 
 ```json
 {
@@ -196,7 +196,7 @@ At this point, the private endpoint between Azure Web PubSub and Azure Functions
 
 ## Verify that upstream calls are from a private IP
 
-When the private endpoint is set up, you can verify that incoming calls are from a private IP address by checking the `X-Forwarded-For` header for network traffic.
+When the private endpoint is set up, you can verify that incoming calls are from a private IP address by checking the `X-Forwarded-For` header for upstream calls.
 
 :::image type="content" alt-text="Screenshot of the Azure portal, showing that incoming requests are from a private IP." source="media\howto-secure-shared-private-endpoints\portal-function-log.png" :::
 

articles/azure-web-pubsub/howto-service-tags.md

@@ -28,7 +28,7 @@ You can allow outbound traffic from your network to Web PubSub by adding a new o
 
 1. In the portal, go to the network security group.
 1. On the left menu, select **Outbound security rules**.
-1. Select the **Add** button.
+1. Select **Add**.
 1. Select **Destination**, and then select **Service Tag**.
 1. Select **Destination service tag**, and then select **AzureWebPubSub**.
 1. For **Destination port ranges**, enter **443**.
@@ -62,10 +62,10 @@ You can configure a *network security group* to allow inbound traffic to a virtu
 #### [Azure portal](#tab/azure-portal)
 
 1. In the Azure portal, go to the network security group.
-1. In the left menu, select **Inbound security rules**.
+1. On the left menu, select **Inbound security rules**.
 1. Select **Add**.
-1. Select **Source**, and then select **Service Tag** in the list.
-1. Select **Source service tag**, and then select **AzureWebPubSub** in the list.
+1. Select **Source**, and then select **Service Tag**.
+1. Select **Source service tag**, and then select **AzureWebPubSub**.
 1. For **Source port ranges**, enter **\***.
 
    :::image type="content" alt-text="Screenshot showing dialogue to create an inbound security rule." source="media/howto-service-tags/portal-add-inbound-security-rule.png" :::
@@ -84,13 +84,13 @@ az network nsg rule create -n <rule-name> --nsg-name <nsg-name> -g <resource-gro
 > [!NOTE]
 > Azure Web PubSub is a shared service. By allowing the `AzureWebPubSub` service tag or its associated IP address prefixes, you also allow traffic from other resources, even if they belong to other customers. Make sure that you implement appropriate authentication on your endpoints.
 
-### Event handler endpoints of Azure Functions
+### Event handler endpoints for Azure Functions
 
 You can configure a [service tag-based rule](../app-service/app-service-ip-restrictions.md#set-a-service-tag-based-rule).
 
-Alternatively, you can use [shared private endpoints](howto-secure-shared-private-endpoints.md) for better security. Shared private endpoints are dedicated to your resources. No traffic from other resources can access your endpoints.
+Alternatively, you can use [shared private endpoints](howto-secure-shared-private-endpoints.md) for increased security. Shared private endpoints are dedicated to your resources. No traffic from other resources can access your endpoints.
 
-### Event Hubs and Key Vault access
+### Azure Event Hubs and Azure Key Vault access
 
 We recommend that you use [shared private endpoints](howto-secure-shared-private-endpoints-key-vault.md) to help you maintain the best security.