Clean up terminology

Author: ecfan

articles/logic-apps/connect-virtual-network-vnet-isolated-environment.md

@@ -10,7 +10,7 @@ ms.date: 02/13/2020
 
 # Connect to Azure virtual networks from Azure Logic Apps by using an integration service environment (ISE)
 
-For scenarios where your logic apps and integration accounts need access to an [Azure virtual network](../virtual-network/virtual-networks-overview.md), create an [*integration service environment* (ISE)](../logic-apps/connect-virtual-network-vnet-isolated-environment-overview.md). An ISE is a private and isolated environment that uses dedicated storage and other resources that are kept separate from the public, "global", multi-tenant Logic Apps service. This separation also reduces any impact that other Azure tenants might have on your apps' performance. An ISE also provides you with your own static IP addresses. These IP addresses are separate from the static IP addresses that are shared by the logic apps in the public, multi-tenant service.
+For scenarios where your logic apps and integration accounts need access to an [Azure virtual network](../virtual-network/virtual-networks-overview.md), create an [*integration service environment* (ISE)](../logic-apps/connect-virtual-network-vnet-isolated-environment-overview.md). An ISE is an isolated environment that uses dedicated storage and other resources that are kept separate from the public, "global", multi-tenant Logic Apps service. This separation also reduces any impact that other Azure tenants might have on your apps' performance. An ISE also provides you with your own static IP addresses. These IP addresses are separate from the static IP addresses that are shared by the logic apps in the public, multi-tenant service.
 
 When you create an ISE, Azure *injects* that ISE into your Azure virtual network, which then deploys the Logic Apps service into your virtual network. When you create a logic app or integration account, select your ISE as their location. Your logic app or integration account can then directly access resources, such as virtual machines (VMs), servers, systems, and services, in your virtual network.
 
@@ -49,7 +49,7 @@ This article shows you how to complete these tasks:
 
   * Make sure that your virtual network [enables access for your ISE](#enable-access) so that your ISE can work correctly and stay accessible.
 
-  * If you use [ExpressRoute](../expressroute/expressroute-introduction.md), which provides a private connection to Microsoft cloud services, you must [create a route table](../virtual-network/manage-route-table.md) that has the following route and link that table to each subnet that's used by your ISE:
+  * If you use [ExpressRoute](../expressroute/expressroute-introduction.md), which provides a private connection to Microsoft cloud services that's facilitated by the connectivity provider, you must [create a route table](../virtual-network/manage-route-table.md) that has the following route and link that table to each subnet that's used by your ISE:
 
     **Name**: <*route-name*><br>
     **Address prefix**: 0.0.0.0/0<br>
@@ -79,11 +79,14 @@ To make sure that your ISE is accessible and that the logic apps in that ISE can
 
 * If you created a new Azure virtual network and subnets without any constraints, you don't need to set up [network security groups (NSGs)](../virtual-network/security-overview.md#network-security-groups) in your virtual network to control traffic across subnets.
 
-* On an existing virtual network, you can *optionally* set up NSGs by [filtering network traffic across subnets](../virtual-network/tutorial-filter-network-traffic.md). If you choose this route, on the virtual network where you want to set up the NSGs, make sure that you [open the ports in this table](#network-ports-for-ise).
+* On an existing virtual network, you can *optionally* set up NSGs by [filtering network traffic across subnets](../virtual-network/tutorial-filter-network-traffic.md). If you want to go this route, or if you're already using NSGs, make sure that you [open the ports in this table](#network-ports-for-ise) on the virtual network where you have NSGs or want to set up NSGs.
 
-  If you use [NSG security rules](../virtual-network/security-overview.md#security-rules), you need both TCP and UDP protocols. NSG security rules describe the ports that you must have open and the IP addresses that need access to those ports. Make sure that any firewalls, routers, or other items that exist between these endpoints keep those ports accessible to the IP addresses.
-
-* If you have previously existing NSGs, make sure that you [open the ports in this table](#network-ports-for-ise). If you use [NSG security rules](../virtual-network/security-overview.md#security-rules), you need both TCP and UDP protocols.
+  > [!NOTE]
+  > If you use [NSG security rules](../virtual-network/security-overview.md#security-rules), 
+  > you need to use *both* the TCP and UDP protocols. NSG security rules describe the ports 
+  > that you must open for the IP addresses that need access to those ports. Make sure that 
+  > any firewalls, routers, or other items that exist between these endpoints also keep those 
+  > ports accessible to those IP addresses.
 
 <a name="network-ports-for-ise"></a>
 

articles/logic-apps/logic-apps-azure-resource-manager-templates-overview.md

@@ -140,11 +140,11 @@ This example shows just the template parameters for the values used to create an
 
 Except for parameters that handle values that are sensitive or must be secured, such as usernames, passwords, and secrets, all these parameters include `defaultValue` attributes, although in some cases, the default values are empty values. The deployment values to use for these template parameters are provided by the sample [parameters file](#template-parameter-files) described later in this topic.
 
-To secure template parameters, see these topics:
+For more information about securing template parameters, see these topics:
 
 * [Security recommendations for template parameters](../azure-resource-manager/templates/template-best-practices.md#parameters)
-* [Secure template parameters](../logic-apps/logic-apps-securing-a-logic-app.md#secure-parameters-deployment-template)
-* [Pass secure parameter values with Azure Key Vault](../azure-resource-manager/templates/key-vault-parameter.md)
+* [Improve security for template parameters](../logic-apps/logic-apps-securing-a-logic-app.md#secure-parameters-deployment-template)
+* [Pass secured parameter values with Azure Key Vault](../azure-resource-manager/templates/key-vault-parameter.md)
 
 Other template objects often reference template parameters so that they can use the values that pass through template parameters, for example:
 
@@ -166,9 +166,9 @@ Here are some best practices for defining parameters:
 
   * [Security recommendations for template parameters](../azure-resource-manager/templates/template-best-practices.md#parameters)
 
-  * [Secure template parameters](../logic-apps/logic-apps-securing-a-logic-app.md#secure-parameters-deployment-template)
+  * [Improve security for template parameters](../logic-apps/logic-apps-securing-a-logic-app.md#secure-parameters-deployment-template)
 
-  * [Pass secure parameter values with Azure Key Vault](../azure-resource-manager/templates/key-vault-parameter.md)
+  * [Pass secured parameter values with Azure Key Vault](../azure-resource-manager/templates/key-vault-parameter.md)
 
 * To differentiate template parameter names from workflow definition parameter names, you can use descriptive template parameter names, for example: `TemplateFabrikamPassword`
 
@@ -183,7 +183,7 @@ To provide the values for template parameters, store those values in a [paramete
 * Logic app template file name: **<*logic-app-name*>.json**
 * Parameters file name: **<*logic-app-name*>.parameters.json**
 
-Here is the structure inside the parameters file, which includes a key vault reference for [passing a secure parameter value with Azure Key Vault](../azure-resource-manager/templates/key-vault-parameter.md):
+Here is the structure inside the parameters file, which includes a key vault reference for [passing a secured parameter value with Azure Key Vault](../azure-resource-manager/templates/key-vault-parameter.md):
 
 ```json
 {
@@ -411,7 +411,7 @@ To set the value for the workflow definition parameter, use the `parameters` obj
 
 This example template shows how you can complete these tasks by defining secured parameters when necessary so that you can store their values in Azure Key Vault:
 
-* Declare secure parameters for the values used to authenticate access.
+* Declare secured parameters for the values used to authenticate access.
 * Use these values at both the template and workflow definition levels.
 * Provide these values by using a parameters file.
 

articles/logic-apps/logic-apps-create-api-app.md

@@ -371,12 +371,9 @@ Your API can then unregister the callback URL and stop any processes as necessar
 > For an example webhook pattern, review this 
 > [webhook trigger controller sample in GitHub](https://github.com/logicappsio/LogicAppTriggersExample/blob/master/LogicAppTriggers/Controllers/WebhookTriggerController.cs).
 
-## Secure calls to your APIs from logic apps
+## Improve security for calls to your APIs from logic apps
 
-After creating your custom APIs, 
-set up authentication for your APIs 
-so that you can call them securely from logic apps. Learn 
-[how to secure calls to custom APIs from logic apps](../logic-apps/logic-apps-custom-api-authentication.md).
+After creating your custom APIs, set up authentication for your APIs so that you can call them securely from logic apps. Learn [how to improve security for calls to custom APIs from logic apps](../logic-apps/logic-apps-custom-api-authentication.md).
 
 ## Deploy and call your APIs
 

articles/logic-apps/logic-apps-custom-api-authentication.md

@@ -1,22 +1,22 @@
 ---
 title: Add authentication for securing calls to custom APIs
-description: How to set up authentication for securing calls to custom APIs from Azure Logic Apps
+description: How to set up authentication to improve security for calls to custom APIs from Azure Logic Apps
 services: logic-apps
 ms.suite: integration
 ms.reviewer: klam, logicappspm
 ms.topic: article
 ms.date: 09/22/2017
 ---
 
-# Secure calls to custom APIs from Azure Logic Apps
+# Increase security for calls to custom APIs from Azure Logic Apps
 
-To secure calls to your APIs, you can set up Azure Active Directory (Azure AD) 
+To improve security for calls to your APIs, you can set up Azure Active Directory (Azure AD) 
 authentication through the Azure portal so you don't have to update your code. 
 Or, you can require and enforce authentication through your API's code.
 
 ## Authentication options for your API
 
-You can secure calls to your custom API in these ways:
+You can improve security for calls to your custom API in these ways:
 
 * [No code changes](#no-code): Protect your API with 
 [Azure Active Directory (Azure AD)](../active-directory/fundamentals/active-directory-whatis.md) 

articles/logic-apps/logic-apps-enterprise-integration-certificates.md

@@ -1,6 +1,6 @@
 ---
 title: Secure B2B messages with certificates
-description: Add certificates to secure B2B messages in Azure Logic Apps with the Enterprise Integration Pack 
+description: Add certificates to help secure B2B messages in Azure Logic Apps with the Enterprise Integration Pack 
 services: logic-apps
 ms.suite: integration
 author: divyaswarnkar
@@ -10,17 +10,12 @@ ms.topic: article
 ms.date: 08/17/2018
 ---
 
-# Secure B2B messages with certificates
+# Improve security for B2B messages by using certificates
 
-When you need to keep B2B communication confidential, 
-you can secure B2B communication for your enterprise integration apps, 
-specifically logic apps, by adding certificates to your integration account. 
-Certificates are digital documents that check the identities for 
-the participants in electronic communications and help you 
-secure communication in these ways:
+When you need to keep B2B communication confidential, you can increase security for B2B communication in your enterprise integration apps, specifically logic apps, by adding certificates to your integration account. Certificates are digital documents that check the identities for the participants in electronic communications and help you secure communication in these ways:
 
 * Encrypt message content.
-* Digitally sign messages. 
+* Digitally sign messages.
 
 You can use these certificates in your enterprise integration apps:
 

articles/logic-apps/logic-apps-enterprise-integration-overview.md

@@ -12,7 +12,7 @@ ms.date: 08/01/2019
 
 # B2B enterprise integration solutions with Azure Logic Apps and Enterprise Integration Pack
 
-For business-to-business (B2B) solutions and seamless communication between organizations, you can build automated scalable enterprise integration workflows by using the Enterprise Integration Pack (EIP) with [Azure Logic Apps](../logic-apps/logic-apps-overview.md). Although organizations use different protocols and formats, they can exchange messages electronically. The EIP transforms different formats into a format that your organizations' systems can process and supports industry-standard protocols, including [AS2](../logic-apps/logic-apps-enterprise-integration-as2.md), [X12](logic-apps-enterprise-integration-x12.md), and [EDIFACT](../logic-apps/logic-apps-enterprise-integration-edifact.md). You can also secure messages with both encryption and digital signatures. The EIP supports these [enterprise integration connectors](../connectors/apis-list.md#integration-account-connectors) and these industry standards:
+For business-to-business (B2B) solutions and seamless communication between organizations, you can build automated scalable enterprise integration workflows by using the Enterprise Integration Pack (EIP) with [Azure Logic Apps](../logic-apps/logic-apps-overview.md). Although organizations use different protocols and formats, they can exchange messages electronically. The EIP transforms different formats into a format that your organizations' systems can process and supports industry-standard protocols, including [AS2](../logic-apps/logic-apps-enterprise-integration-as2.md), [X12](logic-apps-enterprise-integration-x12.md), and [EDIFACT](../logic-apps/logic-apps-enterprise-integration-edifact.md). You can also improve security for messages by using both encryption and digital signatures. The EIP supports these [enterprise integration connectors](../connectors/apis-list.md#integration-account-connectors) and these industry standards:
 
 * Electronic Data Interchange (EDI)
 * Enterprise Application Integration (EAI)

articles/logic-apps/logic-apps-gateway-install.md

@@ -216,9 +216,9 @@ Like any other Windows service, you can start and stop the gateway in various wa
 
 Users in your organization can access on-premises data for which they already have authorized access. However, before these users can connect to your on-premises data source, you need to install and set up an on-premises data gateway. Usually, an admin is the person who installs and sets up a gateway. These actions might require Server Administrator permissions or special knowledge about your on-premises servers.
 
-The gateway facilitates quick and secure communication behind-the-scenes-communication. This communication flows between a user in the cloud, the gateway cloud service, and your on-premises data source. The gateway cloud service encrypts and stores your data source credentials and gateway details. The service also routes queries and their results between the user, the gateway, and your on-premises data source.
+The gateway helps facilitate faster and more secure behind-the-scenes communication. This communication flows between a user in the cloud, the gateway cloud service, and your on-premises data source. The gateway cloud service encrypts and stores your data source credentials and gateway details. The service also routes queries and their results between the user, the gateway, and your on-premises data source.
 
-The gateway works with firewalls and uses only outbound connections. All traffic originates as secure outbound traffic from the gateway agent. The gateway relays data from on-premises sources on encrypted channels through [Azure Service Bus](../service-bus-messaging/service-bus-messaging-overview.md). This service bus creates a channel between the gateway and the calling service, but doesn't store any data. All data that travels through the gateway is encrypted.
+The gateway works with firewalls and uses only outbound connections. All traffic originates as secured outbound traffic from the gateway agent. The gateway relays data from on-premises sources on encrypted channels through [Azure Service Bus](../service-bus-messaging/service-bus-messaging-overview.md). This service bus creates a channel between the gateway and the calling service, but doesn't store any data. All data that travels through the gateway is encrypted.
 
 ![Architecture for on-premises data gateway](./media/logic-apps-gateway-install/how-on-premises-data-gateway-works-flow-diagram.png)
 

articles/logic-apps/logic-apps-http-endpoint.md

@@ -305,11 +305,10 @@ To view the JSON definition for the Response action and your logic app's complet
 **A**: Azure securely generates logic app callback URLs by using [Shared Access Signature (SAS)](https://docs.microsoft.com/rest/api/storageservices/delegate-access-with-shared-access-signature). This signature passes through as a query parameter and must be validated before your logic app can run. Azure generates the signature using a unique combination of a secret key per logic app, the trigger name, and the operation that's performed. So unless someone has access to the secret logic app key, they cannot generate a valid signature.
 
 > [!IMPORTANT]
-> For production and secure systems, we strongly advise against 
-> calling your logic app directly from the browser for these reasons:
+> For production and higher security systems, we strongly advise against calling your logic app directly from the browser for these reasons:
 >
 > * The shared access key appears in the URL.
-> * You can't manage secure content policies due to shared domains across Azure Logic Apps customers.
+> * You can't manage security content policies due to shared domains across Azure Logic Apps customers.
 
 #### Q: Can I configure HTTP endpoints further?