MicrosoftDocs
diff --git a/‎articles/network-watcher/media/network-watcher-security-group-view-overview/effective-security-rules-expanded.png
161 KB b/‎articles/network-watcher/media/network-watcher-security-group-view-overview/effective-security-rules-expanded.png
161 KB
diff --git a/‎articles/network-watcher/media/network-watcher-security-group-view-overview/effective-security-rules-inline.png
78.1 KB b/‎articles/network-watcher/media/network-watcher-security-group-view-overview/effective-security-rules-inline.png
78.1 KB
diff --git a/‎articles/network-watcher/media/network-watcher-security-group-view-overview/figure1.png
-22.5 KB b/‎articles/network-watcher/media/network-watcher-security-group-view-overview/figure1.png
-22.5 KB
diff --git a/‎articles/network-watcher/media/network-watcher-security-group-view-overview/security-rule-prefixes.png
11.8 KB b/‎articles/network-watcher/media/network-watcher-security-group-view-overview/security-rule-prefixes.png
11.8 KB
diff --git a/‎articles/network-watcher/media/network-watcher-security-group-view-overview/securitygroupview.png
-103 KB b/‎articles/network-watcher/media/network-watcher-security-group-view-overview/securitygroupview.png
-103 KB
diff --git a/‎articles/network-watcher/media/network-watcher-security-group-view-overview/updated-security-group-view.png
-269 KB b/‎articles/network-watcher/media/network-watcher-security-group-view-overview/updated-security-group-view.png
-269 KB
diff --git a/‎articles/network-watcher/network-watcher-security-group-view-overview.md
Lines changed: 15 additions & 21 deletions b/‎articles/network-watcher/network-watcher-security-group-view-overview.md
Lines changed: 15 additions & 21 deletions
@@ -1,41 +1,35 @@
 ---
-title: Introduction to effective security rules view in Azure Network Watcher
+title: Effective security rules
+titleSuffix: Azure Network Watcher
 description: Learn about Azure Network Watcher effective security rules view capability.
 services: network-watcher
 author: halkazwini
 ms.service: network-watcher
 ms.topic: conceptual
 ms.workload: infrastructure-services
-ms.date: 03/18/2022
+ms.date: 03/27/2023
 ms.author: halkazwini
-ms.custom: engagement-fy23
+ms.custom: template-concept, engagement-fy23
 ---
 
-# Introduction to Effective security rules view in Azure Network Watcher
+# Effective security rules view in Azure Network Watcher
 
-Network Security groups are associated at a subnet level or at a NIC level. When associated at a subnet level, it applies to all the VM instances in the subnet. Effective security rules view returns all the configured NSGs and rules that are associated at a NIC and subnet level for a virtual machine providing insight into the configuration. In addition, the effective security rules are returned for each of the NICs in a VM. Using Effective security rules view, you can assess a VM for network vulnerabilities such as open ports. You can also validate if your Network Security Group is working as expected based on a [comparison between the configured and the approved security rules](network-watcher-nsg-auditing-powershell.md).
+[Network security groups](../virtual-network/network-security-groups-overview.md) can be associated at a subnet level or at a network interface level. When associated at a subnet level, it applies to all virtual machines (VMs) in the virtual network subnet. With effective security rules view in Network Watcher, you can see all inbound and outbound security rules that apply to a virtual machine’s network interface(s). These rules are set by the network security groups that are associated at the virtual machine's subnet level and network interface level. Using effective security rules view, you can assess a virtual machine for network vulnerabilities such as open ports.
 
-In addition to network security rules placed via NSGs, Network Watcher’s Effective security rules blade also shows the security admin rules associated with 
-[Azure Virtual Network Manager (AVNM).](../virtual-network-manager/overview.md) Azure Virtual Network Manager is a management service that enables users to group, configure, deploy and manage Virtual Networks globally across subscriptions. AVNM security configuration allows users to define a collection of rules that can be applied to one or more network security groups at the global level. These security rules have a higher priority than network security group (NSG) rules.
+In addition to security rules set by network security groups, effective security rules view also shows the security admin rules associated with 
+[Azure Virtual Network Manager](../virtual-network-manager/overview.md). Azure Virtual Network Manager is a management service that enables users to group, configure, deploy and manage virtual networks globally across subscriptions. Azure Virtual Network Manager security configuration allows users to define a collection of rules that can be applied to one or more network security groups at the global level. These security rules have a higher priority than network security group rules.
 
-A more extended use case is in security compliance and auditing. You can define a prescriptive set of security rules as a model for security governance in your organization. A periodic compliance audit can be implemented in a programmatic way by comparing the prescriptive rules with the effective rules for each of the VMs in your network.
+A more extended use case is in security compliance and auditing. You can define a prescriptive set of security rules as a model for security governance in your organization. You can implement a periodic compliance audit in a programmatic way by comparing the prescriptive rules with the effective rules for each of the virtual machines in your network.
 
-In the portal rules are displayed for each Network Interface and grouped by inbound vs outbound. This provides a simple view into the rules applied to a virtual machine. A download button is provided to easily download all the security rules no matter the tab into a CSV file.
+In Azure portal, rules are displayed for each network interface and grouped by inbound vs outbound. This provides a simple view into the rules applied to a virtual machine. A download button is provided to easily download all the security rules into a CSV file.
 
-![security group view][1]
+:::image type="content" source="./media/network-watcher-security-group-view-overview/effective-security-rules-inline.png" alt-text="Screenshot of Azure Network Watcher effective security rules in Azure portal." lightbox="./media/network-watcher-security-group-view-overview/effective-security-rules-expanded.png":::
 
-Rules can be selected and a new blade opens up to show the Network Security Group and source and destination prefixes. From this blade you can navigate directly to the Network Security Group resource.
+You can select a rule to see associated source and destination prefixes.
 
-![drilldown][2]
+:::image type="content" source="./media/network-watcher-security-group-view-overview/security-rule-prefixes.png" alt-text="Screenshot of security rule associated address prefixes.":::
 
 ### Next steps
 
-You can also use the *Effective Security Groups* feature through other methods listed below:
-* [REST API](/rest/api/virtualnetwork/NetworkInterfaces/ListEffectiveNetworkSecurityGroups)
-* [PowerShell](/powershell/module/az.network/get-azeffectivenetworksecuritygroup)
-* [Azure CLI](/cli/azure/network/nic#az-network-nic-list-effective-nsg)
-
-Learn how to audit your Network Security Group settings by visiting [Audit Network Security Group settings with PowerShell](network-watcher-nsg-auditing-powershell.md)
-
-[1]: ./media/network-watcher-security-group-view-overview/updated-security-group-view.png
-[2]: ./media/network-watcher-security-group-view-overview/figure1.png
+- To learn about Network Watcher, see [What is Azure Network Watcher?](network-watcher-monitoring-overview.md)
+- To learn how traffic is evaluated with network security groups, see [How network security groups work](../virtual-network/network-security-group-how-it-works.md).