[AzureADDS] Clarify deleting or modifying network resources

Author: iainfoulds

articles/active-directory-domain-services/network-considerations.md

@@ -5,12 +5,11 @@ services: active-directory-ds
 author: iainfoulds
 manager: daveba
 
-ms.assetid: 23a857a5-2720-400a-ab9b-1ba61e7b145a
 ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 01/21/2020
+ms.date: 03/30/2020
 ms.author: iainfou
 
 ---
@@ -72,7 +71,7 @@ You can connect a virtual network to another virtual network (VNet-to-VNet) in t
 
 ![Virtual network connectivity using a VPN Gateway](./media/active-directory-domain-services-design-guide/vnet-connection-vpn-gateway.jpg)
 
-For more information on using virtual private networking, read [Configure a VNet-to-VNet VPN gateway connection by using the Azure portal](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal).
+For more information on using virtual private networking, read [Configure a VNet-to-VNet VPN gateway connection by using the Azure portal](../vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal.md).
 
 ## Name resolution when connecting virtual networks
 
@@ -93,11 +92,11 @@ An Azure AD DS managed domain creates some networking resources during deploymen
 | Load balancer rules                     | When an Azure AD DS managed domain is configured for secure LDAP on TCP port 636, three rules are created and used on a load balancer to distribute the traffic. |
 
 > [!WARNING]
-> Don't delete any of the network resource created by Azure AD DS. If you delete any of the network resources, an Azure AD DS service outage occurs.
+> Don't delete or modify any of the network resource created by Azure AD DS, such as manually configuring the load balancer or rules. If you delete or modify any of the network resources, an Azure AD DS service outage may occur.
 
 ## Network security groups and required ports
 
-A [network security group (NSG)](https://docs.microsoft.com/azure/virtual-network/virtual-networks-nsg) contains a list of rules that allow or deny network traffic to traffic in an Azure virtual network. A network security group is created when you deploy Azure AD DS that contains a set of rules that let the service provide authentication and management functions. This default network security group is associated with the virtual network subnet your Azure AD DS managed domain is deployed into.
+A [network security group (NSG)](../virtual-network/virtual-networks-nsg.md) contains a list of rules that allow or deny network traffic to traffic in an Azure virtual network. A network security group is created when you deploy Azure AD DS that contains a set of rules that let the service provide authentication and management functions. This default network security group is associated with the virtual network subnet your Azure AD DS managed domain is deployed into.
 
 The following network security group rules are required for Azure AD DS to provide authentication and management services. Don't edit or delete these network security group rules for the virtual network subnet your Azure AD DS managed domain is deployed into.