Adding link references

normesta · normesta · commit 9b29dfccb71b · 2025-06-24T11:34:53.000-07:00
diff --git a/articles/storage/blobs/TOC.yml b/articles/storage/blobs/TOC.yml
@@ -309,20 +309,20 @@ items:
           href: ../common/storage-network-security-set-default-access.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
         - name: Firewall and virtual networks
           items:
-          - name: Overview
+          - name: Firewall and virtual networks
             href: ../common/storage-network-security.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
           - name: Restrictions and considerations
             href: ../common/storage-network-security-limitations.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
-          - name: Allow virtual networks
+          - name: Virtual network rules
             href: ../common/storage-network-security-virtual-networks.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
-          - name: Allow IP address ranges
+          - name: IP network rules
             href: ../common/storage-network-security-ip-address-range.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
-          - name: Allow resource instances
+          - name: Resource instance rules
             href: ../common/storage-network-security-resource-instances.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
-          - name: Manage Exceptions
+          - name: Network rule exceptions
             href: ../common/storage-network-security-manage-exceptions.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
           - name: Trusted Azure services
-            href: ../common/storage-network-security-trusted-microsoft-services.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
+            href: ../common/storage-network-security-trusted-azure-services.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
         - name: Network security perimeter
           href: ../common/storage-network-security-perimeter.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
       - name: Private endpoints
diff --git a/articles/storage/common/storage-network-security-ip-address-range.md b/articles/storage/common/storage-network-security-ip-address-range.md
@@ -119,7 +119,6 @@ You can deny all public access to your storage account, and then configure Azure
 
 ---
 
-## Next steps
+## See also
 
-- Learn more about [Azure network service endpoints](../../virtual-network/virtual-network-service-endpoints-overview.md).
-- Dig deeper into [security recommendations for Azure Blob storage](../blobs/security-recommendations.md).
+- [Azure Storage firewall and virtual network rules](storage-network-security.md)
diff --git a/articles/storage/common/storage-network-security-manage-exceptions.md b/articles/storage/common/storage-network-security-manage-exceptions.md
@@ -1,6 +1,6 @@
 ---
-title: Manage network security exceptions
-description: Put something here.
+title: Manage network security exceptions for Azure Storage
+description: Learn how to enable traffic from an Azure service outside of the network boundary by adding a *network security exception*.
 services: storage
 author: normesta
 ms.service: azure-storage
@@ -11,9 +11,13 @@ ms.author: normesta
 
 ---
 
-# Manage Network security exceptions
+# Manage network security exceptions
 
-Something goes here.
+You can enable traffic from an Azure service outside of the network boundary by adding a *network security exception*.
+
+For a complete list of trusted Azure services, see [Trusted Azure services](storage-network-security-trusted-azure-services.md).
+
+## Add a network security exception
 
 ### [Portal](#tab/azure-portal)
 
@@ -73,9 +77,7 @@ Something goes here.
 
 ---
 
+## See also
 
-
-## Next steps
-
-- Learn more about [Azure network service endpoints](../../virtual-network/virtual-network-service-endpoints-overview.md).
-- Dig deeper into [security recommendations for Azure Blob storage](../blobs/security-recommendations.md).
+- [Azure Storage firewall and virtual network rules](storage-network-security.md)
+- [Trusted Azure services](storage-network-security-trusted-azure-services.md)
diff --git a/articles/storage/common/storage-network-security-resource-instances.md b/articles/storage/common/storage-network-security-resource-instances.md
@@ -1,5 +1,5 @@
 ---
-title: Grant Access to Azure Storage from Resource Instances
+title: Create an resource instance network rule for Azure Storage
 description: Configure the Azure Storage firewall to accept requests from from resource instances.
 services: storage
 author: normesta
@@ -11,17 +11,13 @@ ms.author: normesta
 
 ---
 
-# Configure Azure Storage to accept requests from resource instances
+# Create an resource instance network rule for Azure Storage
 
-Put something here.
+You can enable traffic from specific Azure resource instances by creating a *resource instance network rule*. 
 
-<a id="grant-access-specific-instances"></a>
+Resource instance network rules can be added together with other network rules to control traffic to the storage account. To learn more, see [Azure Storage firewall and virtual network rules](storage-network-security.md).
 
-## Grant access from Azure resource instances
-
-In some cases, an application might depend on Azure resources that can't be isolated through a virtual network or an IP address rule. But you still want to secure and restrict storage account access to only your application's Azure resources. You can configure storage accounts to allow access to specific resource instances of trusted Azure services by creating a resource instance rule.
-
-The Azure role assignments of the resource instance determine the types of operations that a resource instance can perform on storage account data. Resource instances must be from the same tenant as your storage account, but they can belong to any subscription in the tenant.
+## Create a resource instance network rule
 
 ### [Portal](#tab/azure-portal)
 
@@ -147,8 +143,6 @@ az storage account network-rule list \
 
 ---
 
+## See also
 
-## Next steps
-
-- Learn more about [Azure network service endpoints](../../virtual-network/virtual-network-service-endpoints-overview.md).
-- Dig deeper into [security recommendations for Azure Blob storage](../blobs/security-recommendations.md).
+- [Azure Storage firewall and virtual network rules](storage-network-security.md)
diff --git a/articles/storage/common/storage-network-security-set-default-access.md b/articles/storage/common/storage-network-security-set-default-access.md
@@ -94,5 +94,5 @@ By default, storage accounts accept connections from clients on any network. You
 
 ## Next steps
 
-- Learn more about [Azure network service endpoints](../../virtual-network/virtual-network-service-endpoints-overview.md).
-- Dig deeper into [security recommendations for Azure Blob storage](../blobs/security-recommendations.md).
+- [Azure Storage firewall and virtual network rules](storage-network-security.md)
+- [Private endpoints](storage-private-endpoints.md)
diff --git a/articles/storage/common/storage-network-security-trusted-azure-services.md b/articles/storage/common/storage-network-security-trusted-azure-services.md
@@ -103,7 +103,7 @@ You can also combine Azure roles and ACLs together to grant access. To learn mor
 
 We recommend that you [use resource instance rules to grant access to specific resources](storage-network-security-resource-instances.md).
 
-## Next steps
+## See also
 
-- Learn more about [Azure network service endpoints](../../virtual-network/virtual-network-service-endpoints-overview.md).
-- Dig deeper into [security recommendations for Azure Blob storage](../blobs/security-recommendations.md).
+- [Azure Storage firewall and virtual network rules](storage-network-security.md)
+- [Manage Network security exceptions](storage-network-security-manage-exceptions.md)
diff --git a/articles/storage/common/storage-network-security-virtual-networks.md b/articles/storage/common/storage-network-security-virtual-networks.md
@@ -133,7 +133,6 @@ To apply a virtual network rule to a storage account, the user must have the app
 
 ---
 
-## Next steps
+## See also
 
-- Learn more about [Azure network service endpoints](../../virtual-network/virtual-network-service-endpoints-overview.md).
-- Dig deeper into [security recommendations for Azure Blob storage](../blobs/security-recommendations.md).
+- [Azure Storage firewall and virtual network rules](storage-network-security.md)
diff --git a/articles/storage/common/storage-network-security.md b/articles/storage/common/storage-network-security.md
@@ -1,5 +1,5 @@
 ---
-title: Configure Azure Storage firewalls and virtual networks
+title: Azure Storage firewall and virtual network rules
 description: Configure layered network security for your storage account by using the Azure Storage firewall.
 services: storage
 author: normesta
@@ -11,7 +11,7 @@ ms.author: normesta
 
 ---
 
-# Configure Azure Storage firewalls and virtual networks
+# Azure Storage firewall and virtual network rules
 
 You can disable public network access to your storage account, and permit traffic only if it originates from sources that you specify. Sources can include [Azure Virtual Network](../../virtual-network/virtual-networks-overview.md) subnets, public IP address ranges, specific Azure resource instances or traffic from trusted Azure services. Clients that make requests from allowed sources must also meet the authorization requirements of the storage account. To learn more about account authorization, see [Authorize access to data in Azure Storage](../common/authorize-data-access.md).
 
@@ -72,9 +72,9 @@ To allow access to your service resources, you must allow these public IP addres
 
 ## Azure resource instances
 
-Some Azure resources can't be isolated through a virtual network or IP address rule. You can enable traffic from those resources by creating a *resource instance rule*. The Azure role assignments of the resource instance determine the types of operations that a resource instance can perform on storage account data. Resource instances must be from the same tenant as your storage account, but they can belong to any subscription in the tenant.
+Some Azure resources can't be isolated through a virtual network or IP address rule. You can enable traffic from those resources by creating a *resource instance network rule*. The Azure role assignments of the resource instance determine the types of operations that a resource instance can perform on storage account data. Resource instances must be from the same tenant as your storage account, but they can belong to any subscription in the tenant.
 
-To learn how to configure a resource instance rule, see [Configure Azure Storage to accept requests from resource instances](storage-network-security-resource-instances.md).
+To learn how to configure a resource instance rule, see [Create an resource instance network rule for Azure Storage](storage-network-security-resource-instances.md).
 
 <a id="grant-access-to-trusted-azure-services"></a>
 <a id="manage-exceptions"></a>
@@ -88,15 +88,20 @@ To learn how to configure a resource instance rule, see [Configure Azure Storage
 
 If you need to enable traffic from an Azure service outside of the network boundary, you can add a *network security exception*. This can be useful in cases where an Azure service operates from a network that you can't include in your virtual network or IP network rules. For example, some services might need to read resource logs and metrics in your account. You can allow read access for the log files, metrics tables, or both by creating a network rule exception. These services connect to your storage account by using strong authentication.
 
-To learn more about how to add a network security exception, see [Manage Network security exceptions](storage-network-security-manage-exceptions.md).
+To learn more about how to add a network security exception, see [Manage network security exceptions](storage-network-security-manage-exceptions.md).
 
 For a complete list of Azure services you can enable traffic for, see [Trusted Azure services](storage-network-security-trusted-azure-services.md).
 
 ## Restrictions and considerations
 
 Before implementing network security for your storage accounts, make sure to review all restrictions and considerations. For a complete list, see [Restrictions and limitations for Azure Storage firewall and virtual network configuration](storage-network-security-limitations.md).
 
-## Next steps
+## See also
 
-- Learn more about [Azure network service endpoints](../../virtual-network/virtual-network-service-endpoints-overview.md).
-- Dig deeper into [security recommendations for Azure Blob storage](../blobs/security-recommendations.md).
+- [Azure Storage network security overview](azure-storage-network-security-overview.md)
+- [Restrictions and considerations](storage-network-security-limitations.md)
+- [Virtual network rules](storage-network-security-virtual-networks.md)
+- [IP network rules](storage-network-security-ip-address-range.md)
+- [Resource instance rules](storage-network-security-resource-instances.md)
+- [Network rule exceptions](storage-network-security-manage-exceptions.md)
+- [Trusted Azure services](storage-network-security-trusted-azure-services.md)
