Merge pull request #216781 from khdownie/kendownie110122-3

Replacing screenshots for public endpoint restrictions

Author: Stacyrch140

articles/storage/file-sync/file-sync-networking-endpoints.md

@@ -1,10 +1,10 @@
 ---
-title: Configuring Azure File Sync network endpoints | Microsoft Docs
+title: Configuring Azure File Sync network endpoints
 description: Learn how to configure Azure File Sync network endpoints.
 author: khdownie
 ms.service: storage
 ms.topic: how-to
-ms.date: 05/24/2021
+ms.date: 11/01/2022
 ms.author: kendownie
 ms.subservice: files 
 ms.custom: devx-track-azurepowershell, devx-track-azurecli
@@ -15,7 +15,7 @@ Azure Files and Azure File Sync provide two main types of endpoints for accessin
 - Public endpoints, which have a public IP address and can be accessed from anywhere in the world.
 - Private endpoints, which exist within a virtual network and have a private IP address from within the address space of that virtual network.
 
-For both Azure Files and Azure File Sync, the Azure management objects, the storage account and the Storage Sync Service respectively, control both the public and private endpoints. The storage account is a management construct that represents a shared pool of storage in which you can deploy multiple file shares, as well as other storage resources, such as blob containers or queues. The Storage Sync Service is a management construct that represents registered servers, which are Windows file servers with an established trust relationship with Azure File Sync, and sync groups, which define the topology of the sync relationship. 
+For both Azure Files and Azure File Sync, the Azure management objects, the storage account and the Storage Sync Service respectively, control both the public and private endpoints. The storage account is a management construct that represents a shared pool of storage in which you can deploy multiple file shares, as well as other storage resources, such as blob containers or queues. The Storage Sync Service is a management construct that represents registered servers, which are Windows file servers with an established trust relationship with Azure File Sync, and sync groups, which define the topology of the sync relationship.
 
 This article focuses on how to configure the networking endpoints for both Azure Files and Azure File Sync. To learn more about how to configure networking endpoints for accessing Azure file shares directly, rather than caching on-premises with Azure File Sync, see [Configuring Azure Files network endpoints](../files/storage-files-networking-endpoints.md?toc=%2fazure%2fstorage%2ffilesync%2ftoc.json).
 
@@ -32,7 +32,7 @@ Additionally:
 - If you intend to use the Azure CLI, [install the latest version](/cli/azure/install-azure-cli).
 
 ## Create the private endpoints
-When you creating a private endpoint for an Azure resource, the following resources are deployed:
+When you are creating a private endpoint for an Azure resource, the following resources are deployed:
 
 - **A private endpoint**: An Azure resource representing either the private endpoint for the storage account or the Storage Sync Service. You can think of this as a resource that connects your Azure resource and a network interface.
 - **A network interface (NIC)**: The network interface that maintains a private IP address within the specified virtual network/subnet. This is the exact same resource that gets deployed when you deploy a virtual machine, however instead of being assigned to a VM, it's owned by the private endpoint.
@@ -138,7 +138,7 @@ The **Configuration** blade allows you to select the specific virtual network an
 
 Click **Review + create** to create the private endpoint.
 
-You can test that your private endpoint has been setup correctly by running the following commands from PowerShell. 
+You can test that your private endpoint has been set up correctly by running the following commands from PowerShell. 
 
 ```powershell
 $privateEndpointResourceGroupName = "<your-private-endpoint-resource-group>"
@@ -319,7 +319,7 @@ if ($null -eq $dnsZone) {
             -ErrorAction Stop
 }
 ```
-Now that you have a reference to the private DNS zone, you must create an A records for your Storage Sync Service.
+Now that you have a reference to the private DNS zone, you must create an A record for your Storage Sync Service.
 
 ```powershell 
 $privateEndpointIpFqdnMappings = $privateEndpoint | `
@@ -488,7 +488,7 @@ then
 fi
 ```
 
-Now that you have a reference to the private DNS zone, you must create an A records for your Storage Sync Service.
+Now that you have a reference to the private DNS zone, you must create an A record for your Storage Sync Service.
 
 ```bash
 privateEndpointNIC=$(az network private-endpoint show \

includes/media/storage-files-networking-endpoints-public-disable-portal/disable-public-endpoint-0.png

@@ -5,12 +5,12 @@
  author: khdownie
  ms.service: storage
  ms.topic: include
- ms.date: 01/25/2021
+ ms.date: 11/01/2022
  ms.author: kendownie
  ms.custom: include file
 ---
 Navigate to the storage account for which you would like to restrict all access to the public endpoint. In the table of contents for the storage account, select **Networking**.
 
-At the top of the page, select the **Selected networks** radio button. This will un-hide a number of settings for controlling the restriction of the public endpoint. Check **Allow trusted Microsoft services to access this storage account** to allow trusted first party Microsoft services such as Azure File Sync to access the storage account.
+At the top of the page, select the **Enabled from selected virtual networks and IP addresses** radio button. This will un-hide a number of settings for controlling the restriction of the public endpoint. Select **Allow Azure services on the trusted services list to access this storage account** to allow trusted first party Microsoft services such as Azure File Sync to access the storage account.
 
-[![Screenshot of the Networking blade with the appropriate restricts in place](media/storage-files-networking-endpoints-public-disable-portal/disable-public-endpoint-0.png)](media/storage-files-networking-endpoints-public-disable-portal/disable-public-endpoint-0.png#lightbox)
+:::image type="content" source="media/storage-files-networking-endpoints-public-disable-portal/disable-public-endpoint.png" alt-text="Screenshot of the Networking blade with the required settings to disable access to the storage account public endpoint." lightbox="media/storage-files-networking-endpoints-public-disable-portal/disable-public-endpoint.png":::

includes/media/storage-files-networking-endpoints-public-disable-portal/disable-public-endpoint.png

@@ -5,15 +5,15 @@
  author: khdownie
  ms.service: storage
  ms.topic: include
- ms.date: 01/25/2021
+ ms.date: 11/01/2022
  ms.author: kendownie
  ms.custom: include file
 ---
 
 Navigate to the storage account for which you would like to restrict the public endpoint to specific virtual networks. In the table of contents for the storage account, select **Networking**. 
 
-At the top of the page, select the **Selected networks** radio button. This will un-hide a number of settings for controlling the restriction of the public endpoint. Click **+Add existing virtual network** to select the specific virtual network that should be allowed to access the storage account via the public endpoint. This will require selecting a virtual network and a subnet for that virtual network. 
+At the top of the page, select the **Enabled from selected virtual networks and IP addresses** radio button. This will un-hide a number of settings for controlling the restriction of the public endpoint. Select **+Add existing virtual network** to select the specific virtual network that should be allowed to access the storage account via the public endpoint. Select a virtual network and a subnet for that virtual network, and then select **Enable**.
 
-Check **Allow trusted Microsoft services to access this storage account** to allow trusted first party Microsoft services such as Azure File Sync to access the storage account.
+Select **Allow Azure services on the trusted services list to access this storage account** to allow trusted first party Microsoft services such as Azure File Sync to access the storage account.
 
-[![Screenshot of the Networking blade with a specific virtual network allowed to access the storage account via the public endpoint](media/storage-files-networking-endpoints-public-restrict-portal/restrict-public-endpoint-0.png)](media/storage-files-networking-endpoints-public-restrict-portal/restrict-public-endpoint-0.png#lightbox)
+:::image type="content" source="media/storage-files-networking-endpoints-public-restrict-portal/restrict-public-endpoint.png" alt-text="Screenshot of the Networking blade with a specific virtual network allowed to access the storage account via the public endpoint." lightbox="media/storage-files-networking-endpoints-public-restrict-portal/restrict-public-endpoint.png":::