final updates from all docs + acrolinx

Michael Bender · Michael Bender · commit 498a096de642 · 2024-11-04T09:42:47.000-06:00
diff --git a/articles/private-link/create-network-security-perimeter-cli.md b/articles/private-link/create-network-security-perimeter-cli.md
@@ -180,7 +180,7 @@ In this step, you create and update network security perimeter access rules with
 
     ```
 
-    [!INCLUDE [network-security-perimeter-note-managed-id](../../includes/network-security-perimeter-note-managed-id.md)]
+[!INCLUDE [network-security-perimeter-note-managed-id](../../includes/network-security-perimeter-note-managed-id.md)]
 
 ## Delete all resources
 
diff --git a/articles/private-link/create-network-security-perimeter-powershell.md b/articles/private-link/create-network-security-perimeter-powershell.md
@@ -11,7 +11,7 @@ ms.date: 11/04/2024
 
 # Quickstart: Create a network security perimeter - Azure PowerShell
 
-Get started with network security perimeter by creating a network security perimeter for an Azure key vault using Azure PowerShell. A [network security perimeter](network-security-perimeter-concepts.md) allows [Azure Platform as a Service (PaaS)](./network-security-perimeter-concepts.md#onboarded-private-link-resources) resources to communicate within an explicit trusted boundary. Next, You create and update a PaaS resources association in a network security perimeter profile. Then you create and update network security perimeter access rules. When you're finished, you delete all resources created in this quickstart.
+Get started with network security perimeter by creating a network security perimeter for an Azure key vault using Azure PowerShell. A [network security perimeter](network-security-perimeter-concepts.md) allows [Azure Platform as a Service (PaaS)](./network-security-perimeter-concepts.md#onboarded-private-link-resources) resources to communicate within an explicit trusted boundary. Next, You create and update a PaaS resource's association in a network security perimeter profile. Then you create and update network security perimeter access rules. When you're finished, you delete all resources created in this quickstart.
 
 [!INCLUDE [network-security-perimeter-preview-message](../../includes/network-security-perimeter-preview-message.md)]
 
@@ -201,7 +201,7 @@ To delete a network security perimeter, use the following commands:
 ```azurepowershell-interactive
 
     # Retrieve the network security perimeter and place it in a variable
-    $nsp= Get-AzNetworkSecurityPerimeter -Name demo-nsp -ResourceGroupName $rg.name
+    $nsp= Get-AzNetworkSecurityPerimeter -Name demo-nsp -ResourceGroupName $rg.Params.Name
 
     # Delete the network security perimeter and all associated resources
     $removeNsp = @{ 
diff --git a/articles/private-link/network-security-perimeter-concepts.md b/articles/private-link/network-security-perimeter-concepts.md
@@ -12,7 +12,7 @@ ms.custom: references_regions
 
 # What is Network Security Perimeter?
 
-Network Security Perimeter allows administrators to define a logical network isolation boundary for PaaS resources (for example, Azure Storage and SQL Database) that are deployed outside virtual networks. It restricts communication to resources within the perimeter, and it allows non-perimeter public traffic through inbound and outbound access rules.
+Azure Network Security Perimeter allows organizations to define a logical network isolation boundary for PaaS resources (for example, Azure Storage and SQL Database) that are deployed outside your organization’s virtual networks. It restricts public network access to PaaS resources outside of the perimeter, access can be exempted by using explicit access rules for public inbound and outbound.
 
 For access patterns involving traffic from virtual networks to PaaS resources, see [What is Azure Private Link?](private-link-overview.md).
 
@@ -35,9 +35,9 @@ A network security perimeter includes the following components:
 |---------------------|------------------------------------------------------------------------------------------------------------|
 | **Network security perimeter** | Top level resource defining logical network boundary to secure PaaS resources. |
 | **Profile** | Collection of access rules that apply on resources associated with the profile. |
-| **Access Rule**| Inbound and outbound rules for resources in a perimeter to allow access outside the perimeter. |
-| **ResourceAssociation** | Perimeter membership for a PaaS resource. |
-| **DiagnosticsSettings** | Extension resource hosted by Microsoft. Insights to collect logs & metrics for all resources in the perimeter. |
+| **Access rule**| Inbound and outbound rules for resources in a perimeter to allow access outside the perimeter. |
+| **Resource association** | Perimeter membership for a PaaS resource. |
+| **Diagnostics settings** | Extension resource hosted by Microsoft Insights to collect logs & metrics for all resources in the perimeter. |
 
 > [!NOTE]
 > For organizational and informational safety, it is advised not to include any personally identifiable or sensitive data in the network security perimeter rules or other network security perimeter configuration.
@@ -80,17 +80,17 @@ Network security perimeter provides a secure perimeter for communication of PaaS
 
 When a network security perimeter is created and the PaaS resources are associated with the  perimeter, all public traffic is denied by default. Thus preventing data exfiltration outside the perimeter.
 
-Access rules can be used to approve public inbound and outbound traffic outside the perimeter. Public inbound access can be approved using Network and Identity  attributes of the client such as source IP addresses, subscriptions. Public outbound access can be approved using FQDNs (Fully Qualified Domain Names) of the external destinations.
+Access rules can be used to approve public inbound and outbound traffic outside the perimeter. Public inbound access can be approved using network and identity attributes of the client such as source IP addresses and subscriptions. Public outbound access can be approved using FQDNs (Fully Qualified Domain Names) of the external destinations.
 
 For example, when creating a network security perimeter and associating a set of PaaS resources, like Azure Key Vault and SQL DB, with the perimeter, all incoming and outgoing public traffic is denied to these PaaS resources by default. To allow any access outside the perimeter, necessary access rules can be created. Within the same perimeter, profiles can also be created to group PaaS resources with similar set of inbound and outbound access requirements.
 
 
-## Onboarded private-link resources
-A Network Security Perimeter aware private-link resource is a PaaS resource that can be associated with a network security perimeter. Currently the list of onboarded private-link resources are as follows:
+## Onboarded private link resources
+A network security perimeter-aware private link resource is a PaaS resource that can be associated with a network security perimeter. Currently the list of onboarded private link resources are as follows:
 
-| Private-link resource name | Resource type | Resources |
+| Private link resource name | Resource type | Resources |
 |---------------------------|---------------|-----------|
-| Azure Monitor             | Microsoft.Insights/dataCollectionEndpoints<br>Microsoft.Insights/ScheduledQueryRules</br>Microsoft.Insights/actionGroups</br>Microsoft.OperationalInsights/workspaces | Log Analytics Workspace, Application Insights, Alerts, Notification Service |
+| Azure Monitor             | Microsoft.Insights/dataCollectionEndpoints</br>Microsoft.Insights/ScheduledQueryRules</br>Microsoft.Insights/actionGroups</br>Microsoft.OperationalInsights/workspaces | Log Analytics Workspace, Application Insights, Alerts, Notification Service |
 | Azure AI Search          | Microsoft.Search/searchServices | - |
 | Cosmos DB                | Microsoft.DocumentDB/databaseAccounts | - |
 | Event Hubs                | Microsoft.EventHub/namespaces | - |
@@ -99,12 +99,11 @@ A Network Security Perimeter aware private-link resource is a PaaS resource that
 | Storage                   | Microsoft.Storage/storageAccounts | - |
 | Event Grid | Microsoft.EventGrid/topics</br>Microsoft.EventGrid/domains |	- |
 
-
 ## Limitations of network security perimeter
 
 ### Regional limitations
 
-Network security perimeter is currently available in all Azure public cloud regions. However, while enabling access logs for network security perimeter, consider the region availability of Azure monitor
+Network security perimeter is currently available in all Azure public cloud regions. However, while enabling access logs for network security perimeter, consider the region availability of Azure monitor.
 
 > [!NOTE]
 > Though the network security perimeter can be created in any region, the Log analytics workspace to be associated with the network security perimeter needs to be located in one of the Azure Monitor supported regions.
diff --git a/articles/private-link/network-security-perimeter-role-based-access-control-requirements.md b/articles/private-link/network-security-perimeter-role-based-access-control-requirements.md
@@ -24,17 +24,16 @@ In this article, you learn about the Azure role-based access control (RBAC) perm
 | Microsoft.Network/networkSecurityPerimeters/read | Gets a network security perimeter  |
 | Microsoft.Network/networkSecurityPerimeters/write | Creates or updates a network security perimeter  |
 | Microsoft.Network/networkSecurityPerimeters/delete | Deletes a network security perimeter  |
-| Microsoft.Network/locations/queryNetworkSecurityPerimeter/action | Queries network security perimeter  by the perimeter guid |
-| Microsoft.Network/locations/perimeterAssociableResourceTypes/read | Gets network security perimeter  associable resources |
+| Microsoft.Network/locations/perimeterAssociableResourceTypes/read | Gets network security perimeter associable resources |
 
 
 ### Network security perimeter profile permissions
 
 | Action | Description |
 | --- | --- |
-| Microsoft.Network/networkSecurityPerimeters/profiles/read | Gets a Network security perimeter  Profile |
-| Microsoft.Network/networkSecurityPerimeters/profiles/write | Creates or updates a Network security perimeter  Profile |
-| Microsoft.Network/networkSecurityPerimeters/profiles/delete | Deletes a Network security perimeter  Profile |
+| Microsoft.Network/networkSecurityPerimeters/profiles/read | Gets a network security perimeter profile |
+| Microsoft.Network/networkSecurityPerimeters/profiles/write | Creates or updates a network security perimeter profile |
+| Microsoft.Network/networkSecurityPerimeters/profiles/delete | Deletes a network security perimeter profile |
 
 ### Network security perimeter access rule permissions
 
@@ -43,7 +42,7 @@ In this article, you learn about the Azure role-based access control (RBAC) perm
 | Microsoft.Network/networkSecurityPerimeters/profiles/accessRules/read | Gets a network security perimeter access rule. |
 | Microsoft.Network/networkSecurityPerimeters/profiles/accessRules/write | Creates or updates a network security perimeter access rule. |
 | Microsoft.Network/networkSecurityPerimeters/profiles/accessRules/delete | Deletes a network security perimeter access rule. |
-| Microsoft.Resources/subscriptions/joinPerimeterRule/action | User must have *subscription contributor* role over the subscription. |
+| Microsoft.Resources/subscriptions/joinPerimeterRule/action | User must have *microsoft.resources/subscriptions/joinperimeterrule/action* role over the subscription |
 
 > [!NOTE]
 > User must have *subscription contributor* role to create/update subscription-based access rule.
@@ -56,14 +55,13 @@ In this article, you learn about the Azure role-based access control (RBAC) perm
 | Microsoft.Network/networkSecurityPerimeters/resourceAssociations/write | Creates or updates a network security perimeter resource association |
 | Microsoft.Network/networkSecurityPerimeters/profiles/join/action | Joins a network security perimeter profile. Linked access check is performed while associating the resource |
 | Microsoft.Network/networkSecurityPerimeters/resourceAssociations/delete | Deletes a network security perimeter resource association |
-| Microsoft.Network/networkSecurityPerimeters/resourceAssociationProxies/read | Gets a network security perimeter resource association proxy |
 
 > [!NOTE]
 > To create or update an association, the following permissions are required to exist:
 >
-> - `Microsoft.Network/networkSecurityPerimeters/resourceAssociations/write` is required at the network security perimeter resource.
-> - `Microsoft.Network/networkSecurityPerimeters/profiles/join/action` on the profile.
-> - `Microsoft.Network/networkSecurityPerimeters/joinPerimeter/action` on the respective PaaS resource.
+> - *Microsoft.Network/networkSecurityPerimeters/resourceAssociations/write* is required at the network security perimeter resource.
+> - *Microsoft.Network/networkSecurityPerimeters/profiles/join/action* is required on the profile.
+> - *Microsoft.Network/networkSecurityPerimeters/joinPerimeter/action* is required on the respective PaaS resource.
 
 ## Next steps
 
diff --git a/articles/private-link/network-security-perimeter-transition.md b/articles/private-link/network-security-perimeter-transition.md
diff --git a/includes/network-security-perimeter-limits.md b/includes/network-security-perimeter-limits.md
