Updates - Added Note entry - Added 3rd example

Author: Michael Bender

articles/virtual-network-manager/how-to-exclude-elements.md

@@ -59,29 +59,28 @@ List of supported operators:
 
 ## Basic editor
 
-Assume you have the following virtual networks in your subscription. Each virtual network has either a *Production* or *Test* tag associated. You only want to select virtual networks with the Production tag and contain **VNet-A** in the name.
-
+Assume you have the following virtual networks in your subscription. Each virtual network has an associated tag named **environment** with the respective value of *Production* or *Test*. 
 * VNet-A-EastUS - *Production*
 * VNet-A-WestUS - *Production*
 * VNet-B-WestUS - *Test*
 * VNet-C-WestUS - *Test*
 * VNetA - *Production*
 * VNetB - *Test*
 
-To begin using the basic editor to create your conditional statement, you need to create a new network group.
-
-1. Go to your Azure Virtual Network Manager instance and select **Network Groups** under *Settings*. Then select **+ Create** to create a new network group.
+You only want to select virtual networks that contain **VNet-A** in the name. To begin using the basic editor to create your conditional statement, you need to create a new network group.
 
+1. Go to your Azure Virtual Network Manager instance and select **Network Groups** under **Settings**. Then select **+ Create** to create a new network group.
 1. Enter a **Name** and an optional **Description** for the network group, and select **Add**.
 1. Select the network group from the list and select **Create Azure Policy**.
 1. Enter a **Policy name** and leave the **Scope** selections unless changes are needed.
-1. Under **Criteria**, select **Tags** from the drop-down under *Parameter* and then select **Exist** from the drop-down under *Operator*.
-
-1. Enter **Prod** under *Condition*, then select **Save**. 
-1. After a few minutes, select your network group and select **Group Members** under *Settings*. You should only see VNet-A-EastUS, VNet-A-WestUS, and VNetA show up in the list.
+1. Under **Criteria**, select **Name** from the drop-down under **Parameter** and then select **Contains** from the drop-down under *Operator*.
+1. Enter **VNET-A** under **Condition**, then select **Save**. 
+1. After a few minutes, select your network group and select **Group Members** under **Settings**. You should only see VNet-A-EastUS, VNet-A-WestUS, and VNetA show up in the list.
 
-> [!NOTE] 
-> The **basic editor** is only available during the creation of an Azure Policy. 
+> [!IMPORTANT] 
+> The **basic editor** is only available during the creation of an Azure Policy. Once a policy is created, all edits will be done using JSON in the **Policies** section of virtual network manager or via Azure Policy.
+>
+> When using the basic editor, your query options will be limited through the portal experience. For complex queries like creating a network group for VNets based on a customer-defined tag, you can used the advanced editor. Learn more about [Azure Policy definition structure](../governance/policy/concepts/definition-structure.md).
 
 ## Advanced editor
 
@@ -108,7 +107,7 @@ The advanced editor can be used to select virtual network during the creation of
 
     The `"allOf"` parameter contains both the conditional statements that are separated by the **AND** logical operator.
 
-1. To add another conditional statement for a *Name* field *not containing* **WestUS**, enter the following into the advanced editor:
+1. To add another conditional statement for a **Name** field *not containing* **WestUS**, enter the following into the advanced editor:
 
     ```json
     {
@@ -156,7 +155,7 @@ This example uses the **OR** logical operator to separate two conditional statem
           },
           {
              "field": "Name",
-             "contains": "VNetA"
+             "contains": "VNetB"
           }
        ]
     }
@@ -183,7 +182,7 @@ The `"anyOf"` parameter contains both the conditional statements that are separa
             },
             {
                "field": "Name",
-               "contains": "VNetA"
+               "contains": "VNetB"
             }
          ]
       },
@@ -194,9 +193,31 @@ The `"anyOf"` parameter contains both the conditional statements that are separa
    ]
 }
 ```
-
 Both `"allOf"` and `"anyOf"` are used in the code. Since the **AND** operator is last in the list, it is on the outer part of the code containing the two conditional statements with the **OR** operator.
 
+### Example 3: Using custom tag values with advanced editor
+
+In this example, a conditional statement is created that finds virtual networks where a tag exists for **environment** AND the **environment** tag equals **production**.
+
+* Advanced editor:
+
+```json
+
+  {
+    "allOf": [
+          {
+             "field": "tags['Environment']",
+             "exists": true
+          },
+      {
+        "field": "tags['environment']",
+        "equals": "production"
+      }
+    ]
+  }
+
+```
+
 > [!NOTE]
 > Conditionals should filter on resource type Microsoft.Network/virtualNetwork to improve efficiency.
 > This condition is prepended for you on any conditionals specified through the portal.