feshness and acro review

vhorne · vhorne · commit 6114d3ea9e3f · 2024-03-12T07:53:13.000-07:00
diff --git a/articles/firewall-manager/rule-hierarchy.md b/articles/firewall-manager/rule-hierarchy.md
@@ -5,7 +5,7 @@ services: firewall-manager
 author: vhorne
 ms.service: firewall-manager
 ms.topic: how-to
-ms.date: 11/17/2022
+ms.date: 03/12/2024
 ms.author: victorh
 ms.custom: FY23 content-maintenance
 ---
@@ -52,18 +52,18 @@ Custom roles are defined for each application team. The role defines operations
 
 Use the following high-level procedure to define custom roles:
 
-1. Get the subscription:
+1. Get the subscription.
 
    `Select-AzSubscription -SubscriptionId xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx`
-2. Run the following command:
+2. Run the following command.
 
    `Get-AzProviderOperation "Microsoft.Support/*" | FT Operation, Description -AutoSize`
 3. Use the Get-AzRoleDefinition command to output the Reader role in JSON format.
 
    `Get-AzRoleDefinition -Name "Reader" | ConvertTo-Json | Out-File C:\CustomRoles\ReaderSupportRole.json`
 4. Open the ReaderSupportRole.json file in an editor.
 
-   The following shows the JSON output. For information about the different properties, see [Azure custom roles](../role-based-access-control/custom-roles.md).
+   Here's the JSON output. For information about the different properties, see [Azure custom roles](../role-based-access-control/custom-roles.md).
 
 ```json
    {
@@ -87,11 +87,11 @@ Use the following high-level procedure to define custom roles:
    `*/read", "Microsoft.Network/*/read", "Microsoft.Network/firewallPolicies/ruleCollectionGroups/write`
 
    operation to the **Actions** property. Be sure to include a comma after the read operation. This action allows the user to create and update rule collection groups.
-6. In **AssignableScopes**, add your subscription ID with the following format: 
+6. In **AssignableScopes**, add your subscription ID with the following format. 
 
    `/subscriptions/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx`
 
-   You must add explicit subscription IDs, otherwise you won't be allowed to import the role into your subscription.
+   You must add explicit subscription IDs. Otherwise, you aren't allowed to import the role into your subscription.
 7. Delete the **Id** property line and change the **IsCustom** property to true.
 8. Change the **Name** and **Description** properties to *AZFM Rule Collection Group Author* and *Users in this role can edit Firewall Policy rule collection groups*
 
@@ -154,7 +154,7 @@ Firewall Policy with custom roles now provides selective access to firewall poli
 Users don’t have permissions to:
 - Delete the Azure Firewall or firewall policy.
 - Update firewall policy hierarchy or DNS settings or threat intelligence.
-- Update firewall policy where they are not members of AZFM Rule Collection Group Author group.
+- Update firewall policy where they aren't members of AZFM Rule Collection Group Author group.
 
 Security administrators can use base policy to enforce guardrails and block certain types of traffic (for example  ICMP) as required by their enterprise.
 
