Update per call (not under, behind)

Author: MikeRayMSFT

articles/sql-database/create-auditing-storage-account-vnet-firewall.md

@@ -1,6 +1,6 @@
 ---
-title: Audit to storage account under VNet and firewall 
-description: Configure auditing to write database events on a storage account under virtual network and firewall
+title: Audit to storage account behind VNet and firewall 
+description: Configure auditing to write database events on a storage account behind virtual network and firewall
 services: sql-database
 ms.service: sql-database
 ms.subservice: security
@@ -11,7 +11,7 @@ ms.reviewer: vanto
 ms.date: 03/08/2020
 ms.custom: azure-synapse
 ---
-# Write audit to a storage account under VNet and firewall
+# Write audit to a storage account behind VNet and firewall
 
 Auditing for [Azure SQL Database](sql-database-technical-overview.md) and [Azure Synapse Analytics](../sql-data-warehouse/sql-data-warehouse-overview-what-is.md) supports writing database events to an [Azure Storage account](../storage/common/storage-account-overview.md) behind a virtual network and firewall. 
 
@@ -27,7 +27,7 @@ To learn more about how to create a virtual network, see [Quickstart: Create a v
 
 ## Prerequisites
 
-For audit to write to a storage account under a VNet or firewall, the following prerequisites are required:
+For audit to write to a storage account behind a VNet or firewall, the following prerequisites are required:
 
 > [!div class="checklist"]
 > * A general-purpose v2 storage account. If you have a general-purpose v1 or blob storage account, [upgrade to a general-purpose v2 storage account](../storage/common/storage-account-upgrade.md). For more information, see [Types of storage accounts](../storage/common/storage-account-overview.md#types-of-storage-accounts).
@@ -46,21 +46,21 @@ Connect to [Azure portal](https://portal.azure.com) with your subscription. Navi
 3. Open **Storage details** 
 
   > [!NOTE]
-  > If the selected Storage account is under VNet, you will see the following message:
+  > If the selected Storage account is behind VNet, you will see the following message:
   >
   >`You have selected a storage account that is behind a firewall or in a virtual network. Using this storage: requires an Active Directory admin on the server; enables 'Allow trusted Microsoft services to access this storage account' on the storage account; and creates a server managed identity with 'storage blob data contributor' RBAC.`
   >
-  >If you do not see this message, then storage account is not under VNet.
+  >If you do not see this message, then storage account is not behind a VNet.
 
 3. Select the number of days for the retention period. Then click **OK**. Logs older than the retention period are deleted.
 
 4. Select **Save** on your auditing settings.
 
-You have succesfully configured audit to write to a storage account under a VNet or firewall. 
+You have successfully configured audit to write to a storage account behind a VNet or firewall. 
 
 ## Configure with REST commands
 
-As an alternative to using the Azure portal, you can use REST commands to configure audit to write database events on a storage account under a VNet and Firewall. 
+As an alternative to using the Azure portal, you can use REST commands to configure audit to write database events on a storage account behind a VNet and Firewall. 
 
 The sample scripts in this section require you to update the script before you run them. Replace the following values in the scripts:
 

articles/sql-database/sql-database-auditing.md

@@ -11,19 +11,20 @@ ms.reviewer: vanto
 ms.date: 02/11/2020
 ms.custom: azure-synapse
 ---
-# Get started with SQL database auditing
+# Azure SQL Auditing
 
-Auditing for Azure [SQL Database](sql-database-technical-overview.md)  and [Azure Synapse Analytics](../sql-data-warehouse/sql-data-warehouse-overview-what-is.md) tracks database events and writes them to an audit log in your Azure storage account, Log Analytics workspace or Event Hubs. Auditing also:
+Auditing for Azure [SQL Database](sql-database-technical-overview.md)  and [Azure Synapse Analytics](../sql-data-warehouse/sql-data-warehouse-overview-what-is.md) tracks database events and writes them to an audit log in your Azure storage account, Log Analytics workspace or Event Hubs. 
+
+Auditing also:
 
 - Helps you maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.
 
 - Enables and facilitates adherence to compliance standards, although it doesn't guarantee compliance. For more information about Azure programs that support standards compliance, see the [Azure Trust Center](https://gallery.technet.microsoft.com/Overview-of-Azure-c1be3942) where you can find the most current list of SQL Database compliance certifications.
 
-
 > [!NOTE] 
 > This topic applies to Azure SQL server, and to both SQL Database and Azure Synapse Analytics databases that are created on the Azure SQL server. For simplicity, SQL Database is used when referring to both SQL Database and Azure Synapse.
 
-## <a id="subheading-1"></a>Azure SQL database auditing overview
+## <a id="subheading-1"></a>Overview
 
 You can use SQL database auditing to:
 
@@ -95,7 +96,7 @@ To configure writing audit logs to a storage account, select **Storage** and ope
 
    ![storage account](./media/sql-database-auditing-get-started/auditing_select_storage.png)
 
-To configure a storage account under a virtual network or firewall you will need an [Active Directory admin](https://docs.microsoft.com/azure/sql-database/sql-database-aad-authentication-configure?tabs=azure-powershell#provision-an-azure-active-directory-administrator-for-your-managed-instance) on the server, enable **Allow trusted Microsoft services to access this storage account** on the storage account. In addition, you need to have the 'Microsoft.Authorization/roleAssignments/write' permission on the selected storage account.
+To configure a storage account behind a virtual network or firewall you will need an [Active Directory admin](https://docs.microsoft.com/azure/sql-database/sql-database-aad-authentication-configure?tabs=azure-powershell#provision-an-azure-active-directory-administrator-for-your-managed-instance) on the server, enable **Allow trusted Microsoft services to access this storage account** on the storage account. In addition, you need to have the 'Microsoft.Authorization/roleAssignments/write' permission on the selected storage account.
 
 We recommend you to be [User Access Administrator](../role-based-access-control/built-in-roles.md#user-access-administrator) in order to grant to the managed identity the role 'storage blob data contributor'. To learn more about permissions and role-based access control, see [What is role-based access control (RBAC) for Azure resources?](../role-based-access-control/overview.md) and [Add or remove role assignments using Azure RBAC and the Azure portal](../role-based-access-control/role-assignments-portal.md)
 
@@ -194,9 +195,9 @@ If you chose to write audit logs to an Azure storage account, there are several
 
     - [Query Extended Events Files](https://sqlscope.wordpress.com/20../../reading-extended-event-files-using-client-side-tools-only/) by using PowerShell.
 
-## Log audits to storage account under VNet or firewall
+## Log audits to storage account behind VNet or firewall
 
-You can write audit logs to a an Azure Storage account under a VNet or firewall. For specific instructions see, [Write audit to a storage account under VNet and firewall](create-auditing-storage-account-vnet-firewall.md).
+You can write audit logs to a an Azure Storage account behind a VNet or firewall. For specific instructions see, [Write audit to a storage account behind VNet and firewall](create-auditing-storage-account-vnet-firewall.md).
 
 ## <a id="subheading-5"></a>Production practices
 

articles/sql-database/toc.yml

@@ -117,7 +117,7 @@
 
     - name: Auditing
       items:
-      - name: Get started with SQL Database auditing
+      - name: Azure SQL auditing
         href: sql-database-auditing.md
       - name: Audit to storage account
         href: create-auditing-storage-account-vnet-firewall.md