Acrolinx

Author: madsd

articles/app-service/environment/integrate-with-application-gateway.md

@@ -12,9 +12,9 @@ ms.author: madsd
 
 The [App Service Environment](./overview.md) is a deployment of Azure App Service in the subnet of a customer's Azure virtual network. It can be deployed with an external or internal endpoint for app access. The deployment of the App Service Environment with an internal endpoint is called an internal load balancer (ILB) App Service Environment.
 
-Web application firewalls help secure your web applications by inspecting inbound web traffic to block SQL injections, Cross-Site Scripting, malware uploads & application DDoS and other attacks. You can get a WAF device from the Azure Marketplace or you can use the [Azure Application Gateway](../../application-gateway/overview.md).
+Web application firewalls help secure your web applications by inspecting inbound web traffic to block SQL injections, Cross-Site Scripting, malware uploads & application DDoS and other attacks. You can get a WAF device from Azure Marketplace or you can use the [Azure Application Gateway](../../application-gateway/overview.md).
 
-The Azure Application Gateway is a virtual appliance that provides layer 7 load balancing, TLS/SSL offloading, and web application firewall (WAF) protection. It can listen on a public IP address and route traffic to your application endpoint. The following information describes how to integrate a WAF-configured application gateway with an app in an ILB App Service Environment.
+The Azure Application Gateway is a virtual appliance that provides layer 7 load balancing, TLS offloading, and web application firewall (WAF) protection. It can listen on a public IP address and route traffic to your application endpoint. The following information describes how to integrate a WAF-configured application gateway with an app in an ILB App Service Environment.
 
 The integration of the application gateway with the ILB App Service Environment is at an app level. When you configure the application gateway with your ILB App Service Environment, you're doing it for specific apps in your ILB App Service Environment.
 
@@ -33,8 +33,8 @@ To integrate your application gateway with your ILB App Service Environment, you
 * An ILB App Service Environment.
 * A private DNS zone for ILB App Service Environment.
 * An app running in the ILB App Service Environment.
-* A public DNS name that's used later to point to your application gateway.
-* If you need to use TLS/SSL encryption to the application gateway, a valid public certificate that's used to bind to your application gateway is required.
+* A public DNS name for your application gateway.
+* If you need to use TLS encryption to the application gateway, a valid public certificate that's used to bind to your application gateway is required.
 
 ### ILB App Service environment
 
@@ -70,20 +70,20 @@ With a public domain mapped to the application gateway, you don't need to config
 
 ### A valid public certificate
 
-For security enhancement, it's recommended to bind TLS/SSL certificate for session encryption. To bind TLS/SSL certificate to the application gateway, a valid public certificate with following information is required. With [App Service certificates](../configure-ssl-app-service-certificate.md), you can buy a TLS/SSL certificate and export it in .pfx format.
+For security enhancement, bind a TLS certificate for session encryption. To bind TLS certificate to the application gateway, a valid public certificate with following information is required. With [App Service certificates](../configure-ssl-app-service-certificate.md), you can buy a TLS certificate and export it in `.pfx` format.
 
 | Name  | Value               | Description|
 | ----- | ------------------- |------------|
 | **Common Name** |`<yourappname>.<yourdomainname>`, for example: `app.asabuludemo.com`  <br/> or `*.<yourdomainname>`, for example: `*.asabuludemo.com` | A standard certificate or a [wildcard certificate](https://wikipedia.org/wiki/Wildcard_certificate) for the application gateway|
 | **Subject Alternative Name** | `<yourappname>.scm.<yourdomainname>`, for example: `app.scm.asabuludemo.com`  <br/>or `*.scm.<yourdomainname>`, for example: `*.scm.asabuludemo.com` |The SAN that allowing to connect to App Service kudu service. It's an optional setting, if you don't want to publish the App Service kudu service to the internet.|
 
-The certificate file should have a private key and save in .pfx format, it will be imported to the application gateway later.
+The certificate file should have a private key and save in `.pfx` format. The certificate is imported to the application gateway later.
 
 ## Create an application gateway
 
 For the basic application gateway creation, refer to [Tutorial: Create an application gateway with a Web Application Firewall using the Azure portal](../../web-application-firewall/ag/application-gateway-web-application-firewall-portal.md).
 
-In this tutorial, we'll use Azure portal to create an application gateway with ILB App Service environment.
+In this tutorial, we use Azure portal to create an application gateway with ILB App Service environment.
 
 In the Azure portal, select **New** > **Network** > **Application Gateway** to create an application gateway.
 
@@ -120,25 +120,25 @@ In the Azure portal, select **New** > **Network** > **Application Gateway** to c
         | Rule name      | For example: `http-routingrule`    | Routing name                                                 |
         | Listener name  | For example: `http-listener`       | Listener name                                                |
         | Frontend IP    | Public                            | For internet access, set to Public                           |
-        | Protocol       | HTTP                             | Don't use TLS/SSL encryption                                       |
+        | Protocol       | HTTP                             | Don't use TLS encryption                                       |
         | Port           | 80                               | Default HTTP Port                                           |
-        | Listener type  | Multi site                        | Allow to listen multi-sites on the application gateway           |
+        | Listener type  | Multisite                        | Allow to listen multi-sites on the application gateway           |
         | Host type      | Multiple/Wildcard                 | Set to multiple or wildcard website name if listener type is set to multi-sites. |
         | Host name      | For example:  `app.asabuludemo.com` | Set to a routable domain name for App Service              |
         
         :::image type="content" source="./media/integrate-with-application-gateway/http-routing-rule.png" alt-text="Screenshot of HTTP Listener of the application gateway Routing Rule.":::
 
-    * To connect to the application gateway with TLS/SSL encryption, you can create a listener with following settings,
+    * To connect to the application gateway with TLS encryption, you can create a listener with following settings,
 
         | Parameter      | Value                             | Description                                                  |
         | -------------- | --------------------------------- | ------------------------------------------------------------ |
         | Rule name      | For example: `https-routingrule`    | Routing name                                                 |
         | Listener name  | For example: `https-listener`       | Listener name                                                |
         | Frontend IP    | Public                            | For internet access, set to Public                           |
-        | Protocol       | HTTPS                             | Use TLS/SSL encryption                                       |
+        | Protocol       | HTTPS                             | Use TLS encryption                                       |
         | Port           | 443                               | Default HTTPS Port                                           |
         | Https Settings | Upload a certificate              | Upload a certificate contains the CN and the private key with .pfx format. |
-        | Listener type  | Multi site                        | Allow to listen multi-sites on the application gateway           |
+        | Listener type  | Multisite                        | Allow to listen multi-sites on the application gateway           |
         | Host type      | Multiple/Wildcard                 | Set to multiple or wildcard website name if listener type is set to multi-sites. |
         | Host name      | For example:  `app.asabuludemo.com` | Set to a routable domain name for App Service              |
         
@@ -148,15 +148,15 @@ In the Azure portal, select **New** > **Network** > **Application Gateway** to c
 
         :::image type="content" source="./media/integrate-with-application-gateway/add-new-http-setting.png" alt-text="Screenshot of adding new link to add an H T T P setting.":::
 
-    * HTTP settings listed as below:
+    * HTTP settings listed in the following table:
 
         | Parameter                     | Value                                                        | Description                                                  |
         | ----------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
         | HTTP setting name             | For example: `https-setting`                                   | HTTP setting name                                            |
-        | Backend protocol              | HTTPS                                                        | Use TLS/SSL encryption                                       |
+        | Backend protocol              | HTTPS                                                        | Use TLS encryption                                       |
         | Backend port                  | 443                                                          | Default HTTPS Port                                           |
-        | Use well known CA certificate | Yes                                                          | The default domain name of ILB App Service Environment is `.appserviceenvironment.net`, the certificate of this domain is issued by a public trusted root authority. In the Trusted root certificate setting, you can set to use **well known CA trusted root certificate**. |
-        | Override with new host name   | Yes                                                          | The host name header will be overwrote on connecting to the app on ILB App Service Environment |
+        | Use well known CA certificate | Yes                                                          | The default domain name of ILB App Service Environment is `.appserviceenvironment.net`. The certificate of this domain is issued by a public trusted root authority. In the Trusted root certificate setting, you can set to use **well known CA trusted root certificate**. |
+        | Override with new host name   | Yes                                                          | The host name header is overwritten on connecting to the app on ILB App Service Environment |
         | Host name override            | Pick host name from backend target | When setting backend pool to App Service, you can pick host from backend target |
         | Create custom probes | No | Use default health probe|
         
@@ -165,7 +165,7 @@ In the Azure portal, select **New** > **Network** > **Application Gateway** to c
 
 ## Configure an application gateway integration with ILB App Service Environment
 
-To access ILB App Service Environment from the application gateway, you need to check if a virtual network link to private DNS zone. If there's no virtual network linked to your application gateway's VNet, add a virtual network link with following steps.
+To access ILB App Service Environment from the application gateway, you need to check if a virtual network link to private DNS zone. If there's no virtual network linked to your application gateway's virtual network, add a virtual network link with following steps.
 
 ### Configure virtual network links with a private DNS zone
 

articles/app-service/overview-app-gateway-integration.md

@@ -64,7 +64,7 @@ To isolate traffic to an individual web app, you need to use IP-based access res
 
 ## Considerations for an external App Service Environment
 
-An external App Service Environment has a public-facing load balancer like multi-tenant App Service apps. Service endpoints don't work for an App Service Environment. With App Service Environment you can use IP-based access restrictions by using the public IP address of the application gateway. To create an external App Service Environment by using the Azure portal, you can follow [this quickstart](./environment/creation.md).
+An external App Service Environment has a public-facing load balancer like multitenant App Service apps. Service endpoints don't work for an App Service Environment. With App Service Environment you can use IP-based access restrictions by using the public IP address of the application gateway. To create an external App Service Environment by using the Azure portal, you can follow [this quickstart](./environment/creation.md).
 
 ## Considerations for a Kudu/SCM site
 

articles/app-service/overview-private-endpoint.md

@@ -14,7 +14,7 @@ ms.custom: msangapu
 [!INCLUDE [regionalization-note](./includes/regionalization-note.md)]
 
 > [!IMPORTANT]
-> Private endpoint is available for Windows and Linux apps, containerized or not, hosted on these App Service plans : **Basic**, **Standard**, **PremiumV2**, **PremiumV3**, **IsolatedV2**, **Functions Premium** (sometimes referred to as the Elastic Premium plan).
+> Private endpoint is available for Windows and Linux apps, containerized or not, hosted on these App Service plans: **Basic**, **Standard**, **PremiumV2**, **PremiumV3**, **IsolatedV2**, **Functions Premium** (sometimes referred to as the Elastic Premium plan).
 
 You can use private endpoint for your App Service apps to allow clients located in your private network to securely access the app over Azure Private Link. The private endpoint uses an IP address from your Azure virtual network address space. Network traffic between a client on your private network and the app traverses over the virtual network and a Private Link on the Microsoft backbone network, eliminating exposure from the public Internet.
 
@@ -36,7 +36,7 @@ The subnet where you plug the private endpoint can have other resources in it, y
 You can also deploy the private endpoint in a different region than your app. 
 
 > [!NOTE]
-> The virtual network integration feature cannot use the same subnet as private endpoint, this is a limitation of the virtual network integration feature.
+> The virtual network integration feature can't use the same subnet as private endpoint.
 
 From a security perspective:
 
@@ -90,7 +90,7 @@ After this DNS configuration, you can reach your app privately with the default
 If you need to use a custom DNS name, you must add the custom name in your app and you must validate the custom name like any custom name, using public DNS resolution. 
 For more information, see [custom DNS validation](./app-service-web-tutorial-custom-domain.md).
 
-For the Kudu console, or Kudu REST API (deployment with Azure DevOps Services self-hosted agents for example) you must create two records pointing to the private endpoint IP in your Azure DNS private zone or your custom DNS server. The first is for your app, the second is for the SCM of your app.
+For the Kudu console, or Kudu REST API (deployment with Azure DevOps Services self-hosted agents for example) you must create two records pointing to the private endpoint IP in your Azure DNS private zone or your custom DNS server. The first is for your app and the second is for the SCM of your app.
 
 | Name | Type | Value |
 |-----|-----|-----|
@@ -122,7 +122,7 @@ For pricing details, see [Azure Private Link pricing](https://azure.microsoft.co
 * You can connect up to 100 private endpoints to a particular app.
 * Remote Debugging functionality isn't available through the private endpoint. The recommendation is to deploy the code to a slot and remote debug it there.
 * FTP access is provided through the inbound public IP address. Private endpoint doesn't support FTP access to the app.
-* IP-Based SSL isn't supported with private endpoints.
+* IP-Based TLS isn't supported with private endpoints.
 * Apps that you configure with private endpoints can't receive public traffic coming from subnets with `Microsoft.Web` service endpoint enabled and can't use [service endpoint-based access restriction rules](./overview-access-restrictions.md#access-restriction-rules-based-on-service-endpoints).
 * Private endpoint naming must follow the rules defined for resources of type `Microsoft.Network/privateEndpoints`. Naming rules can be found [here](../azure-resource-manager/management/resource-name-rules.md#microsoftnetwork).