Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into freshness_c66

dagiro · dagiro · commit 58119629f4f8 · 2020-05-04T14:56:05.000-07:00
diff --git a/articles/bastion/bastion-faq.md b/articles/bastion/bastion-faq.md
@@ -6,7 +6,7 @@ author: charwen
 
 ms.service: bastion
 ms.topic: conceptual
-ms.date: 12/09/2019
+ms.date: 05/04/2020
 ms.author: charwen
 ---
 # Azure Bastion FAQ
diff --git a/articles/firewall/remote-work-support.md b/articles/firewall/remote-work-support.md
@@ -5,17 +5,23 @@ services: firewall
 author: vhorne
 ms.service: firewall
 ms.topic: conceptual
-ms.date: 04/29/2020
+ms.date: 05/04/2020
 ms.author: victorh
 ---
 
 # Azure Firewall remote work support
 
-Azure Firewall is a managed, cloud-based network security service that protects your Azure virtual network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. 
+Azure Firewall is a managed, cloud-based network security service that protects your Azure virtual network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
 
-## Firewall rules
 
-You can use Azure Firewall to secure your virtual desktop infrastructure (VDI) inbound RDP access to your Azure virtual network using Azure Firewall [DNAT rules](rule-processing.md). Windows Virtual Desktop (WVD) doesn't require you to open any inbound access to your virtual network. However, you must allow a set of outbound network connections for the WVD virtual machines that run in your virtual network. For more information, see [Use Azure Firewall to protect Window Virtual Desktop deployments](protect-windows-virtual-desktop.md).
+
+## Virtual Desktop Infrastructure (VDI) deployment support
+
+Work from home policies requires many IT organizations to address fundamental changes in capacity, network, security, and governance. Employees aren't protected by the layered security policies associated with on-premises services while working from home. Virtual Desktop Infrastructure (VDI) deployments on Azure can help organizations rapidly respond to this changing environment. However, you need a way to protect inbound/outbound Internet access to and from these VDI deployments. You can use Azure Firewall [DNAT rules](rule-processing.md) along with its [threat intelligence](threat-intel.md) based filtering capabilities to protect your VDI deployments.
+
+## Azure Windows Virtual Desktop (WVD) support
+
+Windows Virtual Desktop is a comprehensive desktop and app virtualization service running in Azure. It’s the only virtual desktop infrastructure (VDI) that delivers simplified management, multi-session Windows 10, optimizations for Office 365 ProPlus, and support for Remote Desktop Services (RDS) environments. You can deploy and scale your Windows desktops and apps on Azure in minutes, and get built-in security and compliance features. WVD doesn't require you to open any inbound access to your virtual network. However, you must allow a set of outbound network connections for the WVD virtual machines that run in your virtual network. For more information, see [Use Azure Firewall to protect Window Virtual Desktop deployments](protect-windows-virtual-desktop.md).
 
 ## Next steps
 
diff --git a/includes/bastion-faq-include.md b/includes/bastion-faq-include.md
@@ -5,12 +5,11 @@
  author: cherylmc
  ms.service: bastion
  ms.topic: include
- ms.date: 03/25/2020
+ ms.date: 05/04/2020
  ms.author: cherylmc
  ms.custom: include file
 ---
 
-
 ### <a name="regions"></a>Which regions are available?
 
 [!INCLUDE [region](bastion-regions-include.md)]
@@ -27,17 +26,19 @@ At this time, IPv6 is not supported. Azure Bastion supports IPv4 only.
 
 You do not need an RDP or SSH client to access the RDP/SSH to your Azure virtual machine in your Azure portal. Use the [Azure portal](https://portal.azure.com) to let you get RDP/SSH access to your virtual machine directly in the browser.
 
-### <a name="rdscal"></a>Does Azure Bastion require an RDS CAL for administrative purposes on Azure-hosted VMs?
-No, access to Windows Server VMs by Azure Bastion does not require an [RDS CAL](https://www.microsoft.com/en-us/p/windows-server-remote-desktop-services-cal/dg7gmgf0dvsv?activetab=pivot:overviewtab) when used solely for administrative purposes.
+### <a name="agent"></a>Do I need an agent running in the Azure virtual machine?
+
+You don't need to install an agent or any software on your browser or your Azure virtual machine. The Bastion service is agentless and does not require any additional software for RDP/SSH.
 
 ### <a name="limits"></a>How many concurrent RDP and SSH sessions does each Azure Bastion support?
+
 Both RDP and SSH are a usage-based protocol. High usage of sessions will cause the bastion host to support a lower total number of sessions. The numbers below assume normal day-to-day workflows.
 
 [!INCLUDE [limits](bastion-limits.md)]
 
-### <a name="agent"></a>Do I need an agent running in the Azure virtual machine?
+### <a name="rdpfeaturesupport"></a>What features are supported in an RDP session?
 
-You don't need to install an agent or any software on your browser or your Azure virtual machine. The Bastion service is agentless and does not require any additional software for RDP/SSH.
+At this time, only text copy/paste is supported. Features such as file copy are not supported. Please feel free to share your feedback about new features on the [Azure Bastion Feedback page](https://feedback.azure.com/forums/217313-networking?category_id=367303).
 
 ### <a name="browsers"></a>Which browsers are supported?
 
@@ -55,9 +56,8 @@ In order to make a connection, the following roles are required:
 
 For more information, see the [pricing page](https://aka.ms/BastionHostPricing).
 
-### <a name="session"></a>Why do I get "Your session has expired" error message before the Bastion session starts?
-
-A session should be initiated only from the Azure portal. Sign in to the Azure portal and begin your session again. If you go to the URL directly from another browser session or tab, this error is expected. It helps ensure that your session is more secure and that the session can be accessed only through the Azure portal.
+### <a name="rdscal"></a>Does Azure Bastion require an RDS CAL for administrative purposes on Azure-hosted VMs?
+No, access to Windows Server VMs by Azure Bastion does not require an [RDS CAL](https://www.microsoft.com/en-us/p/windows-server-remote-desktop-services-cal/dg7gmgf0dvsv?activetab=pivot:overviewtab) when used solely for administrative purposes.
 
 ### <a name="keyboard"></a>What keyboard layouts are supported during the Bastion remote session?
 
@@ -68,10 +68,10 @@ Azure Bastion currently supports en-us-qwerty keyboard layout inside the VM.  Su
 No. UDR is not supported on an Azure Bastion subnet.
 For scenarios that include both Azure Bastion and Azure Firewall/Network Virtual Appliance (NVA) in the same virtual network, you don’t need to force traffic from an Azure Bastion subnet to Azure Firewall because the communication between Azure Bastion and your VMs is private. For more information, see [Accessing VMs behind Azure Firewall with Bastion](https://azure.microsoft.com/blog/accessing-virtual-machines-behind-azure-firewall-with-azure-bastion/).
 
-### <a name="rdpfeaturesupport"></a>What features are supported in an RDP session?
+### <a name="session"></a>Why do I get "Your session has expired" error message before the Bastion session starts?
 
-At this time, only text copy/paste is supported. Features such as file copy are not supported. Please feel free to share your feedback about new features on the [Azure Bastion Feedback page](https://feedback.azure.com/forums/217313-networking?category_id=367303).
+A session should be initiated only from the Azure portal. Sign in to the Azure portal and begin your session again. If you go to the URL directly from another browser session or tab, this error is expected. It helps ensure that your session is more secure and that the session can be accessed only through the Azure portal.
 
 ### <a name="udr"></a>How do I handle deployment failures?
 
-Review any error messages and [raise a support request in the Azure Portal](https://docs.microsoft.com/azure/azure-portal/supportability/how-to-create-azure-support-request) as needed. Deployment failures may result from [Azure subscription limits, quotas and constraints](https://docs.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits). Specifically, customers may encounter a limit on the number of public IP addresses allowed per subscription that causes the Azure Bastion deployment to fail.
+Review any error messages and [raise a support request in the Azure portal](https://docs.microsoft.com/azure/azure-portal/supportability/how-to-create-azure-support-request) as needed. Deployment failures may result from [Azure subscription limits, quotas and constraints](https://docs.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits). Specifically, customers may encounter a limit on the number of public IP addresses allowed per subscription that causes the Azure Bastion deployment to fail.
