Merge pull request #266194 from ShawnJackson/six-quick-create-articles

[AQ] edit pass: Six quickstarts about creating a virtual network

Author: ktoliver

articles/azure-app-configuration/howto-set-up-private-access.md

@@ -70,7 +70,7 @@ This command will prompt your web browser to launch and load an Azure sign-in pa
 
 1. Select **Next : Virtual Network >**.
 
-   1. Select an existing **Virtual network** to deploy the private endpoint to. If you don't have a virtual network, [create a virtual network](../private-link/create-private-endpoint-portal.md#create-a-virtual-network-and-bastion-host).
+   1. Select an existing **Virtual network** to deploy the private endpoint to. If you don't have a virtual network, [create a virtual network](../private-link/create-private-endpoint-portal.md).
 
    1. Select a **Subnet** from the list.
 

articles/managed-grafana/how-to-set-up-private-access.md

@@ -29,7 +29,7 @@ In this guide, you'll learn how to disable public access to your Azure Managed G
 Public access is enabled by default when you create an Azure Grafana workspace. Disabling public access prevents all traffic from accessing the resource unless you go through a private endpoint.
 
 > [!NOTE]
-> When private access (preview) is enabled, pinging charts using the [*Pin to Grafana*](../azure-monitor/visualize/grafana-plugin.md#pin-charts-from-the-azure-portal-to-azure-managed-grafana) feature will no longer work as the Azure portal can’t access an Azure Managed Grafana workspace on a private IP address.
+> When private access (preview) is enabled, pinging charts using the [*Pin to Grafana*](../azure-monitor/visualize/grafana-plugin.md#pin-charts-from-the-azure-portal-to-azure-managed-grafana) feature will no longer work as the Azure portal can't access an Azure Managed Grafana workspace on a private IP address.
 
 ### [Portal](#tab/azure-portal)
 
@@ -82,7 +82,7 @@ Once you have disabled public access, set up a [private endpoint](../private-lin
 
 1. Select **Next : Virtual Network >**.
 
-   1. Select an existing **Virtual network** to deploy the private endpoint to. If you don't have a virtual network, [create a virtual network](../private-link/create-private-endpoint-portal.md#create-a-virtual-network-and-bastion-host).
+   1. Select an existing **Virtual network** to deploy the private endpoint to. If you don't have a virtual network, [create a virtual network](../private-link/create-private-endpoint-portal.md).
 
    1. Select a **Subnet** from the list.
 

articles/virtual-network/quick-create-bicep.md

@@ -1,5 +1,5 @@
 ---
-title: 'Quickstart: Use Bicep to create a virtual network'
+title: 'Quickstart: Use Bicep templates to create a virtual network'
 titleSuffix: Azure Virtual Network
 description: Use Bicep templates to create a virtual network and virtual machines, and deploy Azure Bastion to securely connect from the internet.
 services: virtual-network
@@ -13,7 +13,7 @@ ms.custom: mode-arm, devx-track-bicep
 
 # Quickstart: Use Bicep templates to create a virtual network
 
-This quickstart shows you how to create a virtual network with two virtual machines (VMs), and then deploy Azure Bastion on the virtual network, by using Bicep templates. You then securely connect to the VMs from the internet by using Azure Bastion, and communicate privately between the VMs.
+This quickstart shows you how to create a virtual network with two virtual machines (VMs), and then deploy Azure Bastion on the virtual network, by using Bicep templates. You then securely connect to the VMs from the internet by using Bastion and start private communication between the VMs.
 
 A virtual network is the fundamental building block for private networks in Azure. Azure Virtual Network enables Azure resources like VMs to securely communicate with each other and the internet.
 
@@ -23,11 +23,11 @@ A virtual network is the fundamental building block for private networks in Azur
 
 - An Azure account with an active subscription. You can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 
-- To deploy the Bicep files, either Azure CLI or PowerShell installed.
+- To deploy the Bicep files, either the Azure CLI or Azure PowerShell installed:
 
   # [CLI](#tab/azure-cli)
 
-  1. [Install Azure CLI locally](/cli/azure/install-azure-cli) to run the commands. You need Azure CLI version 2.0.28 or later. Run [az version](/cli/azure/reference-index?#az-version) to find your installed version and dependent libraries, and run [az upgrade](/cli/azure/reference-index?#az-upgrade) to upgrade.
+  1. [Install the Azure CLI locally](/cli/azure/install-azure-cli) to run the commands. You need Azure CLI version 2.0.28 or later. Run [az version](/cli/azure/reference-index?#az-version) to find your installed version and dependent libraries, and run [az upgrade](/cli/azure/reference-index?#az-upgrade) to upgrade.
 
   1. Sign in to Azure by using the [az login](/cli/azure/reference-index#az-login) command.
 
@@ -45,7 +45,7 @@ A virtual network is the fundamental building block for private networks in Azur
 
 ## Create the virtual network and VMs
 
-This quickstart uses the [Two VMs in VNET](https://github.com/Azure/azure-quickstart-templates/blob/master/quickstarts/microsoft.compute/2-vms-internal-load-balancer/main.bicep) Bicep template from [Azure Quickstart Templates](https://github.com/Azure/azure-quickstart-templates) to create the virtual network, resource subnet, and VMs. The Bicep template defines the following Azure resources:
+This quickstart uses the [Two VMs in VNET](https://github.com/Azure/azure-quickstart-templates/blob/master/quickstarts/microsoft.compute/2-vms-internal-load-balancer/main.bicep) Bicep template from [Azure Resource Manager Quickstart Templates](https://github.com/Azure/azure-quickstart-templates) to create the virtual network, resource subnet, and VMs. The Bicep template defines the following Azure resources:
 
 - [Microsoft.Network virtualNetworks](/azure/templates/microsoft.network/virtualnetworks): Creates an Azure virtual network.
 - [Microsoft.Network virtualNetworks/subnets](/azure/templates/microsoft.network/virtualnetworks/subnets): Creates a subnet for the VMs.
@@ -62,7 +62,7 @@ Review the Bicep file:
 ### Deploy the Bicep template
 
 1. Save the Bicep file to your local computer as *main.bicep*.
-1. Deploy the Bicep file by using either Azure CLI or Azure PowerShell.
+1. Deploy the Bicep file by using either the Azure CLI or Azure PowerShell:
 
    # [CLI](#tab/azure-cli)
 
@@ -88,17 +88,17 @@ When the deployment finishes, a message indicates that the deployment succeeded.
 
 ## Deploy Azure Bastion
 
-Azure Bastion uses your browser to connect to VMs in your virtual network over secure shell (SSH) or remote desktop protocol (RDP) by using their private IP addresses. The VMs don't need public IP addresses, client software, or special configuration. For more information about Azure Bastion, see [Azure Bastion](~/articles/bastion/bastion-overview.md).
+Bastion uses your browser to connect to VMs in your virtual network over Secure Shell (SSH) or Remote Desktop Protocol (RDP) by using their private IP addresses. The VMs don't need public IP addresses, client software, or special configuration. For more information about Bastion, see [What is Azure Bastion?](~/articles/bastion/bastion-overview.md).
 
->[!NOTE]
->[!INCLUDE [Pricing](../../includes/bastion-pricing.md)]
+> [!NOTE]
+> [!INCLUDE [Pricing](../../includes/bastion-pricing.md)]
 
-Use the [Azure Bastion as a service](https://github.com/Azure/azure-quickstart-templates/blob/master/quickstarts/microsoft.network/azure-bastion/main.bicep) Bicep template from [Azure Quickstart Templates](https://github.com/Azure/azure-quickstart-templates) to deploy and configure Azure Bastion in your virtual network. This Bicep template defines the following Azure resources:
+Use the [Azure Bastion as a Service](https://github.com/Azure/azure-quickstart-templates/blob/master/quickstarts/microsoft.network/azure-bastion/main.bicep) Bicep template from [Azure Resource Manager Quickstart Templates](https://github.com/Azure/azure-quickstart-templates) to deploy and configure Bastion in your virtual network. This Bicep template defines the following Azure resources:
 
-- [Microsoft.Network virtualNetworks/subnets](/azure/templates/microsoft.network/virtualnetworks/subnets): Creates an AzureBastionSubnet subnet.
+- [Microsoft.Network virtualNetworks/subnets](/azure/templates/microsoft.network/virtualnetworks/subnets): Creates an **AzureBastionSubnet** subnet.
 - [Microsoft.Network bastionHosts](/azure/templates/microsoft.network/bastionhosts): Creates the Bastion host.
-- [Microsoft.Network publicIPAddresses](/azure/templates/microsoft.network/publicipaddresses): Creates a public IP address for the Azure Bastion host.
-- [Microsoft Network networkSecurityGroups](/azure/templates/microsoft.network/networksecuritygroups): Controls the network security group (NSG) settings.
+- [Microsoft.Network publicIPAddresses](/azure/templates/microsoft.network/publicipaddresses): Creates a public IP address for the Bastion host.
+- [Microsoft Network networkSecurityGroups](/azure/templates/microsoft.network/networksecuritygroups): Controls the settings for network security groups.
 
 Review the Bicep file:
 
@@ -114,9 +114,9 @@ Review the Bicep file:
    - Line 12: Change `param vnetNewOrExisting string` from `'new'` to `'existing'`.
    - Line 15: Change `param bastionSubnetIpPrefix string` from `'10.1.1.0/26'` to `'10.0.1.0/26'`.
    - Line 18: Change `param bastionHostName string` to `param bastionHostName = 'VNet-bastion'`.
-   
-   The first 18 lines of your Bicep file should now look like this:
-   
+
+   The first 18 lines of your Bicep file should now look like this example:
+
    ```bicep
    @description('Name of new or existing vnet to which Azure Bastion should be deployed')
    param vnetName string = 'VNet'
@@ -141,7 +141,7 @@ Review the Bicep file:
 
 1. Save the *bastion.bicep* file.
 
-1. Deploy the Bicep file by using either Azure CLI or Azure PowerShell.
+1. Deploy the Bicep file by using either the Azure CLI or Azure PowerShell:
 
    # [CLI](#tab/azure-cli)
 
@@ -163,12 +163,12 @@ Review the Bicep file:
 
 When the deployment finishes, a message indicates that the deployment succeeded.
 
->[!NOTE]
->VMs in a virtual network with a Bastion host don't need public IP addresses. Bastion provides the public IP, and the VMs use private IPs to communicate within the network. You can remove the public IPs from any VMs in Bastion-hosted virtual networks. For more information, see [Dissociate a public IP address from an Azure VM](ip-services/remove-public-ip-address-vm.md).
+> [!NOTE]
+> VMs in a virtual network with a Bastion host don't need public IP addresses. Bastion provides the public IP, and the VMs use private IPs to communicate within the network. You can remove the public IPs from any VMs in Bastion-hosted virtual networks. For more information, see [Dissociate a public IP address from an Azure VM](ip-services/remove-public-ip-address-vm.md).
 
 ## Review deployed resources
 
-Use Azure CLI, Azure PowerShell, or the Azure portal to review the deployed resources.
+Use the Azure CLI, Azure PowerShell, or the Azure portal to review the deployed resources:
 
 # [CLI](#tab/azure-cli)
 
@@ -184,10 +184,10 @@ Get-AzResource -ResourceGroupName TestRG
 
 # [Portal](#tab/azure-portal)
 
-1. In the [Azure portal](https://portal.azure.com), search for and select *resource groups*, and on the **Resource groups** page, select **TestRG** from the list of resource groups.
-1. On the **Overview** page for **TestRG**, review all the resources that you created, including the virtual network, the two VMs, and the Azure Bastion host.
-1. Select the **VNet** virtual network, and on the **Overview** page for **VNet**, note the defined address space of **10.0.0.0/16**.
-1. Select **Subnets** from the left menu, and on the **Subnets** page, note the deployed subnets of **backendSubnet** and **AzureBastionSubnet** with the assigned values from the Bicep files.
+1. In the [Azure portal](https://portal.azure.com), search for and select **resource groups**. On the **Resource groups** page, select **TestRG** from the list of resource groups.
+1. On the **Overview** page for **TestRG**, review all the resources that you created, including the virtual network, the two VMs, and the Bastion host.
+1. Select the **VNet** virtual network. On the **Overview** page for **VNet**, note the defined address space of **10.0.0.0/16**.
+1. On the left menu, select **Subnets**. On the **Subnets** page, note the deployed subnets of **backendSubnet** and **AzureBastionSubnet** with the assigned values from the Bicep files.
 
 ---
 
@@ -199,13 +199,13 @@ Get-AzResource -ResourceGroupName TestRG
 
 1. At the top of the **BackendVM1** page, select the dropdown arrow next to **Connect**, and then select **Bastion**.
 
-   :::image type="content" source="./media/quick-create-bicep/connect-to-virtual-machine.png" alt-text="Screenshot of connecting to VM1 with Azure Bastion." border="true":::
+   :::image type="content" source="./media/quick-create-bicep/connect-to-virtual-machine.png" alt-text="Screenshot of connecting to the first virtual machine with Azure Bastion." border="true":::
 
-1. On the **Bastion** page, enter the username and password you created for the VM, and then select **Connect**.
+1. On the **Bastion** page, enter the username and password that you created for the VM, and then select **Connect**.
 
 ## Communicate between VMs
 
-1. From the desktop of BackendVM1, open PowerShell.
+1. From the desktop of **BackendVM1**, open PowerShell.
 
 1. Enter `ping BackendVM0`. You get a reply similar to the following message:
 
@@ -222,21 +222,21 @@ Get-AzResource -ResourceGroupName TestRG
        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
    ```
 
-   The ping fails because it uses the Internet Control Message Protocol (ICMP). By default, ICMP isn't allowed through Windows firewall.
+   The ping fails because it uses the Internet Control Message Protocol (ICMP). By default, ICMP isn't allowed through Windows Firewall.
 
-1. To allow ICMP to inbound through Windows firewall on this VM, enter the following command:
+1. To allow ICMP inbound through Windows Firewall on this VM, enter the following command:
 
    ```powershell
    New-NetFirewallRule –DisplayName "Allow ICMPv4-In" –Protocol ICMPv4
    ```
 
-1. Close the Bastion connection to BackendVM1.
+1. Close the Bastion connection to **BackendVM1**.
 
-1. Repeat the steps in [Connect to a VM](#connect-to-a-vm) to connect to BackendVM0.
+1. Repeat the steps in [Connect to a VM](#connect-to-a-vm) to connect to **BackendVM0**.
 
-1. From PowerShell on BackendVM0, enter `ping BackendVM1`.
+1. From PowerShell on **BackendVM0**, enter `ping BackendVM1`.
 
-   This time you get a success reply similar to the following message, because you allowed ICMP through the firewall on VM1.
+   This time you get a success reply similar to the following message, because you allowed ICMP through the firewall on **BackendVM1**.
 
    ```cmd
    PS C:\Users\BackendVM0> ping BackendVM1
@@ -253,11 +253,11 @@ Get-AzResource -ResourceGroupName TestRG
        Minimum = 0ms, Maximum = 2ms, Average = 0ms
    ```
 
-1. Close the Bastion connection to BackendVM0.
+1. Close the Bastion connection to **BackendVM0**.
 
 ## Clean up resources
 
-When you're done with the virtual network, use Azure CLI, Azure PowerShell, or the Azure portal to delete the resource group and all its resources.
+When you finish with the virtual network, use the Azure CLI, Azure PowerShell, or the Azure portal to delete the resource group and all its resources:
 
 # [CLI](#tab/azure-cli)
 
@@ -275,15 +275,16 @@ Remove-AzResourceGroup -Name TestRG
 
 1. In the Azure portal, on the **Resource groups** page, select the **TestRG** resource group.
 1. At the top of the **TestRG** page, select **Delete resource group**.
-1. On the **Delete a resource group** page, under **Enter resource group name to confirm deletion**, enter *TestRG*, and then select **Delete**.
+1. On the **Delete a resource group** page, under **Enter resource group name to confirm deletion**, enter **TestRG**, and then select **Delete**.
 1. Select **Delete** again.
 
 ---
 
 ## Next steps
 
-In this quickstart, you created a virtual network with two subnets, one containing two VMs and the other for Azure Bastion. You deployed Azure Bastion and used it to connect to the VMs, and securely communicated between the VMs. To learn more about virtual network settings, see [Create, change, or delete a virtual network](manage-virtual-network.md).
+In this quickstart, you created a virtual network that has two subnets: one that contains two VMs and the other for Bastion. You deployed Bastion, and you used it to connect to the VMs and start communication between the VMs. To learn more about virtual network settings, see [Create, change, or delete a virtual network](manage-virtual-network.md).
+
+Private communication between VMs is unrestricted in a virtual network. To learn more about configuring various types of VM communications in a virtual network, continue to the next article:
 
-Private communication between VMs is unrestricted in a virtual network. Continue to the next article to learn more about configuring different types of VM network communications.
 > [!div class="nextstepaction"]
 > [Filter network traffic](tutorial-filter-network-traffic.md)