Merge pull request #230666 from halkazwini/nw-nsg-flow4

tweaks

Author: JamesJBarnett

articles/network-watcher/network-watcher-nsg-flow-logging-azure-resource-manager.md

@@ -1,9 +1,9 @@
 ---
-title: Network Watcher - Create NSG flow logs using an Azure Resource Manager template
-description: Use an Azure Resource Manager template and PowerShell to easily set up NSG Flow Logs.
+title: Manage NSG flow logs - ARM
+titleSuffix: Azure Network Watcher
+description: Learn how to manage network security group flow logs in Azure Network Watcher an Azure Resource Manager template.
 services: network-watcher
 author: halkazwini
-tags: azure-resource-manager
 ms.service: network-watcher
 ms.topic: how-to
 ms.workload: infrastructure-services
@@ -12,7 +12,7 @@ ms.author: halkazwini
 ms.custom: fasttrack-edit, engagement-fy23
 ---
 
-# Configure NSG Flow Logs from an Azure Resource Manager template
+# Manage network security group flow logs using an Azure Resource Manager template
 
 > [!div class="op_single_selector"]
 > - [Azure portal](network-watcher-nsg-flow-logging-portal.md)
@@ -63,7 +63,7 @@ For a complete overview of the properties, you may read the [NSG Flow Logs templ
 To create a Microsoft.Network/networkWatchers/flowLogs resource, add the above JSON to the resources section of your template.
 
 
-## Creating your template
+## Create your template
 
 If you are using Azure Resource Manager templates for the first time, you can learn more about them using the links below.
 
@@ -143,7 +143,7 @@ Below are two examples of complete templates to set up NSG Flow Logs.
 }
 ```
 
-## Deploying your Azure Resource Manager template
+## Deploy your Azure Resource Manager template
 
 This tutorial assumes you have an existing Resource group and an NSG you can enable Flow logging on.
 You can save any of the above example templates locally as `azuredeploy.json`. Update the property values so that they point to valid resources in your subscription.
@@ -160,11 +160,11 @@ New-AzResourceGroupDeployment -Name EnableFlowLog -ResourceGroupName NetworkWatc
 > The above commands are deploying a resource to the NetworkWatcherRG resource group and not the resource group containing the NSG
 
 
-## Verifying your deployment
+## Verify your deployment
 
 There are a couple of ways to check if your deployment has Succeeded. Your PowerShell console should show "ProvisioningState" as "Succeeded". Additionally, you can visit the [NSG Flow Logs portal page](https://portal.azure.com/#blade/Microsoft_Azure_Network/NetworkWatcherMenuBlade/flowLogs) to confirm your changes. If there were issues with the deployment, take a look at [Troubleshoot common Azure deployment errors with Azure Resource Manager](../azure-resource-manager/templates/common-deployment-errors.md).
 
-## Deleting your resource
+## Delete your resource
 Azure enables resource deletion through the "Complete" deployment mode. To delete a Flow Logs resource, specify a deployment in Complete mode without including the resource you wish to delete. Read more about the [Complete deployment mode](../azure-resource-manager/templates/deployment-modes.md#complete-mode)
 
 ## Next steps

articles/network-watcher/network-watcher-nsg-flow-logging-cli.md

@@ -1,7 +1,7 @@
 ---
-title: Manage NSG Flow logs - Azure CLI
+title: Manage NSG flow logs - Azure CLI
 titleSuffix: Azure Network Watcher
-description: This page explains how to manage Network Security Group Flow logs in Azure Network Watcher with Azure CLI
+description: Learn how to manage network security group flow logs in Azure Network Watcher using the Azure CLI.
 services: network-watcher
 author: halkazwini
 ms.service: network-watcher
@@ -12,8 +12,7 @@ ms.author: halkazwini
 ms.custom: engagement-fy23
 ---
 
-
-# Configuring Network Security Group Flow logs with Azure CLI
+# Manage network security group flow logs using the Azure CLI
 
 > [!div class="op_single_selector"]
 > - [Azure portal](network-watcher-nsg-flow-logging-portal.md)

articles/network-watcher/network-watcher-nsg-flow-logging-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: Manage NSG flow logs - Azure PowerShell
 titleSuffix: Azure Network Watcher
-description: This page explains how to manage network security group flow logs in Azure Network Watcher using Azure PowerShell.
+description: Learn how to manage network security group flow logs in Azure Network Watcher using Azure PowerShell.
 author: halkazwini
 ms.service: network-watcher
 ms.topic: how-to
@@ -11,7 +11,7 @@ ms.author: halkazwini
 ms.custom: devx-track-azurepowershell, engagement-fy23
 ---
 
-# Configure network security group flow logs using Azure PowerShell
+# Manage network security group flow logs using Azure PowerShell
 
 > [!div class="op_single_selector"]
 > - [Azure portal](network-watcher-nsg-flow-logging-portal.md)

articles/network-watcher/network-watcher-nsg-flow-logging-rest.md

@@ -1,7 +1,7 @@
 ---
 title: Manage NSG flow logs - Azure REST API
 titleSuffix: Azure Network Watcher
-description: This page explains how to manage Network Security Group flow logs in Azure Network Watcher with REST API
+description: Learn how to manage network security group flow logs in Azure Network Watcher using REST API.
 services: network-watcher
 author: halkazwini
 ms.service: network-watcher
@@ -12,7 +12,7 @@ ms.author: halkazwini
 ms.custom: engagement-fy23
 ---
 
-# Configure network security group flow logs using REST API
+# Manage network security group flow logs using REST API
 
 > [!div class="op_single_selector"]
 > - [Azure portal](network-watcher-nsg-flow-logging-portal.md)

articles/network-watcher/nsg-flow-logs-policy-portal.md

@@ -1,28 +1,25 @@
 ---
-title: QuickStart - Deploy and manage NSG Flow Logs using Azure Policy 
+title: Deploy and manage NSG flow logs using Azure Policy 
 titleSuffix: Azure Network Watcher
-description: This article explains how to use the built-in policies to manage the deployment of NSG flow logs 
+description: Learn how to use built-in policies to manage the deployment of network security group (NSG) flow logs.
 services: network-watcher
 author: halkazwini
 ms.service: network-watcher
-ms.topic: quickstart
+ms.topic: how-to
 ms.workload: infrastructure-services
 ms.date: 02/09/2022
 ms.author: halkazwini
 ms.custom: engagement-fy23
 ---
 
-# QuickStart: Deploy and manage NSG Flow Logs using Azure Policy 
+# Deploy and manage NSG flow logs using Azure Policy 
 
-## Overview
+Azure Policy helps to enforce organizational standards and to assess compliance at scale. Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. In this article, we'll use two built-in policies available for NSG Flow Logs to manage your flow logs setup. The first policy  flags any NSGs without flow logs enabled. The second policy automatically deploys Flow logs for NSGs without Flow logs enabled. 
 
-Azure Policy helps to enforce organizational standards and to assess compliance at scale. Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. In this article, we will use two built-in policies available for NSG Flow Logs to manage your flow logs setup. The first policy  flags any NSGs without flow logs enabled. The second policy automatically deploys Flow logs for NSGs without Flow logs enabled. 
-
-If you are creating an Azure Policy definition for the first time, you can read through: 
+If you're creating an Azure Policy definition for the first time, you can read through: 
 - [Azure Policy overview](../governance/policy/overview.md) 
 - [Tutorial for creating an Azure Policy assignment](../governance/policy/assign-policy-portal.md#create-a-policy-assignment).
 
-
 ## Locate the policies
 
 1. Go to the Azure portal – [portal.azure.com](https://portal.azure.com) 
@@ -35,11 +32,11 @@ Navigate to the Azure Policy page by searching for Policy in the top search bar
 
 ![Assignments Tab](./media/network-watcher-builtin-policy/2_assignments-tab.png)
 
-3. Click on **Assign Policy** button 
+3. Select **Assign Policy** button 
 
 ![Assign Policy Button](./media/network-watcher-builtin-policy/3_assign-policy-button.png)
 
-4. Click the three dots menu under "Policy Definitions" to see available policies
+4. Select the three dots menu under "Policy Definitions" to see available policies
 
 5. Use the Type filter and choose "Built-in". Then search for "Flow log"
 
@@ -57,7 +54,7 @@ There are separate instructions for each policy below.
 
 ### How the policy works
 
-The policy checks all existing ARM objects of type “Microsoft.Network/networkSecurityGroups”, that is it looks at all NSGs in a given scope, and checks for the existence of linked Flow logs via the Flow Logs property of the NSG. If the property does not exist, the NSG is flagged.
+The policy checks all existing ARM objects of type “Microsoft.Network/networkSecurityGroups”, that is, it looks at all NSGs in a given scope, and checks for the existence of linked Flow logs via the Flow Logs property of the NSG. If the property doesn't exist, the NSG is flagged.
 
 If you want to see the full definition of the policy, you can visit the [Definitions tab](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyMenuBlade/Definitions) and search for "Flow logs" to find the policy
 
@@ -69,9 +66,9 @@ If you want to see the full definition of the policy, you can visit the [Definit
 - Policy Definition: Should be chosen as shown in the "Locate the policies" section.
 - AssignmentName: Choose a descriptive name 
 
-2. Click on "Review + Create" to review your assignment
+2. Select "Review + Create" to review your assignment
 
-The policy does not require any parameters. As you are assigning an audit policy, you do not need to fill in the details in the "Remediation" tab.  
+The policy doesn't require any parameters. As you're assigning an audit policy, you don't need to fill in the details in the "Remediation" tab.  
 
 ![Audit Policy Review](./media/network-watcher-builtin-policy/5_1_audit-policy-review.png)
 
@@ -86,7 +83,7 @@ You should see something similar to the following screenshot once your policy ru
 
 ### Policy Structure
 
-The policy checks all existing ARM objects of type “Microsoft.Network/networkSecurityGroups”, that is it looks at all NSGs in a given scope, and checks for the existence of linked Flow logs via the Flow Logs property of the NSG. If the property does not exist, the policy deploys a Flow log. 
+The policy checks all existing ARM objects of type “Microsoft.Network/networkSecurityGroups”, that is, it looks at all NSGs in a given scope, and checks for the existence of linked Flow logs via the Flow Logs property of the NSG. If the property doesn't exist, the policy deploys a Flow log. 
 
 If you want to see the full definition of the policy, you can visit the [Definitions tab](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyMenuBlade/Definitions) and search for "Flow logs" to find the policy. 
 
@@ -103,7 +100,7 @@ If you want to see the full definition of the policy, you can visit the [Definit
 The Network Watcher service is a regional service. These parameters allow the policy action of deploying flow logs to be executed. 
 - NSG Region: Azure regions at which the policy is targeted
 - Storage ID: Full resource ID of the storage account. Note: This storage account should be in the same region as the NSG. 
-- Network Watchers RG: Name of the resource group containing your Network Watcher resource. If you have not renamed it, you can enter `NetworkWatcherRG` which is the default.
+- Network Watchers RG: Name of the resource group containing your Network Watcher resource. If you haven't renamed it, you can enter `NetworkWatcherRG` which is the default.
 - Network Watcher name: Name of the regional network watcher service. Format: NetworkWatcher_RegionName. Example: NetworkWatcher_centralus. See the full list.
 
 ![DINE Policy parameters](./media/network-watcher-builtin-policy/5_2_1_dine-policy-details-alt.png)
@@ -113,11 +110,11 @@ The Network Watcher service is a regional service. These parameters allow the po
 - Check mark on **Create Remediation task** if you want the policy to affect existing resources 
 - **Create a Managed Identity** should be already checked
 - Select the same location as previous for your Managed Identity 
-- You will need Contributor or Owner permission to use this policy. If you have these permissions, you should not see any errors.
+- You'll need Contributor or Owner permission to use this policy. If you have these permissions, you shouldn't see any errors.
 
 ![DINE Policy remediation](./media/network-watcher-builtin-policy/5_2_2_dine-remediation.png) 
 
-4. Click on "Review + Create" to review your assignment
+4. Select "Review + Create" to review your assignment
 You should see something similar to the following screenshot.
 
 ![DINE Policy review](./media/network-watcher-builtin-policy/5_2_3_dine-review.png) 
@@ -135,4 +132,4 @@ You should see something like the following screenshot once your policy. In case
 
 -	Learn about [Traffic Analytics Built-in Policies](./traffic-analytics-policy-portal.md)
 -	Use this [tutorial](./quickstart-configure-network-security-group-flow-logs-from-arm-template.md) Go deeper by using ARM templates to deploy Flow Logs and Traffic Analytics.
--	Learn more about [Network Watcher](./index.yml)
+-	Learn more about [Network Watcher](./index.yml)

articles/network-watcher/toc.yml

@@ -153,7 +153,7 @@
           href: network-watcher-using-open-source-tools.md
   - name: Flow log traffic monitoring
     items:
-    - name: Configure NSG flow logs
+    - name: Manage NSG flow logs
       items:
       - name: PowerShell
         href: network-watcher-nsg-flow-logging-powershell.md