Merge pull request #223344 from Blackmist/misc-io

prmerger-automator[bot] · web-flow · commit 851c92dd010b · 2023-01-10T19:29:49.000Z
incorporating customer feedback
diff --git a/articles/machine-learning/how-to-access-azureml-behind-firewall.md b/articles/machine-learning/how-to-access-azureml-behind-firewall.md
@@ -260,7 +260,7 @@ The hosts in the following tables are owned by Microsoft, and provide services r
 **Azure Machine Learning hosts**
 
 > [!IMPORTANT]
-> In the following table, replace `<storage>` with the name of the default storage account for your Azure Machine Learning workspace.
+> In the following table, replace `<storage>` with the name of the default storage account for your Azure Machine Learning workspace. Replace `<region>` with the region of your workspace.
 
 # [Azure public](#tab/public)
 
@@ -270,7 +270,7 @@ The hosts in the following tables are owned by Microsoft, and provide services r
 | API |\*.azureml.ms | TCP | 443 |
 | API | \*.azureml.net | TCP | 443 |
 | Model management | \*.modelmanagement.azureml.net | TCP | 443 |
-| Integrated notebook | \*.notebooks.azure.net | TCP | 443 |
+| Integrated notebook | \*.\<region\>.notebooks.azure.net | TCP | 443 |
 | Integrated notebook | \<storage\>.file.core.windows.net | TCP | 443, 445 |
 | Integrated notebook | \<storage\>.dfs.core.windows.net | TCP | 443 |
 | Integrated notebook | \<storage\>.blob.core.windows.net | TCP | 443 |
diff --git a/articles/machine-learning/how-to-prevent-data-loss-exfiltration.md b/articles/machine-learning/how-to-prevent-data-loss-exfiltration.md
@@ -24,7 +24,7 @@ Azure Machine Learning has several inbound and outbound dependencies. Some of th
 
     * __Storage Outbound__: This requirement comes from compute instance and compute cluster. A malicious agent can use this outbound rule to exfiltrate data by provisioning and saving data in their own storage account. You can remove data exfiltration risk by using an Azure Service Endpoint Policy and Azure Batch's simplified node communication architecture.
 
-    * __AzureFrontDoor.frontend outbound__: Azure Front Door is required by the Azure Machine Learning studio UI and AutoML. To narrow down the list of possible outbound destinations to just the ones required by Azure ML, allowlist the following fully qualified domain names (FQDN) on your firewall.
+    * __AzureFrontDoor.frontend outbound__: Azure Front Door is used by the Azure Machine Learning studio UI and AutoML. Instead of allowing outbound to the service tag (AzureFrontDoor.frontend), switch to the following fully qulified domain names (FQDN). Switching to these FQDNs removes unnecessary outbound traffic included in the service tag and allows only what is needed for Azure Machine Learning studio UI and AutoML.
 
         - `ml.azure.com`
         - `automlresources-prod.azureedge.net`
@@ -144,7 +144,7 @@ When using Azure ML curated environments, make sure to use the latest environmen
 
     # [Firewall](#tab/firewall)
 
-    __Allow__ outbound traffic over __TCP port 443__ to the following FQDNs. Replace instances of `<region>` with the Azure region that contains your compute cluster or instance:
+    __Allow__ outbound traffic over __TCP port 443__ to the following FQDNs:
 
     * `mcr.microsoft.com`
     * `*.data.mcr.microsoft.com`
