Merge pull request #242956 from spelluru/sbmonitor0626

freshness

Author: JamesJBarnett

articles/azure-relay/includes/trusted-services.md

@@ -0,0 +1,21 @@
+---
+author: spelluru
+ms.service: service-bus-relay
+ms.topic: include
+ms.date: 06/26/2023
+ms.author: spelluru
+---
+
+## Trusted services
+The following services are the trusted services for Azure Relay.
+- Azure Event Grid
+- Azure IoT Hub
+- Azure Stream Analytics
+- Azure Monitor
+- Azure API Management
+- Azure Synapse
+- Azure Data Explorer
+- Azure IoT Central
+- Azure Healthcare Data Services
+- Azure Digital Twins
+- Azure Arc

articles/azure-relay/ip-firewall-virtual-networks.md

@@ -120,20 +120,8 @@ The template takes one parameter: **ipMask**, which is a single IPv4 address or
 
 To deploy the template, follow the instructions for [Azure Resource Manager](../azure-resource-manager/templates/deploy-powershell.md).
 
-## Trusted services
-The following services are the trusted services for Azure Relay.
-- Azure Event Grid
-- Azure IoT Hub
-- Azure Stream Analytics
-- Azure Monitor
-- Azure API Management
-- Azure Synapse
-- Azure Data Explorer
-- Azure IoT Central
-- Azure Healthcare Data Services
-- Azure Digital Twins
-- Azure Arc
 
+[!INCLUDE [trusted-services](./includes/trusted-services.md)]
 
 ## Next steps
 To learn about other network security-related features, see [Network security](network-security.md).

articles/azure-relay/media/private-link-service/public-access-disabled.png

@@ -28,15 +28,20 @@ Your private endpoint and virtual network must be in the same region. When you s
 
 Your private endpoint uses a private IP address in your virtual network.
 
-### Steps
-For step-by-step instructions on creating a new Azure Relay namespace and entities in it, see [Create an Azure Relay namespace using the Azure portal](relay-create-namespace-portal.md).
+### Configure private access for a Relay namespace
+The following procedure provides step-by-step instructions for disabling public access to a Relay namespace and then adding a private endpoint to the namespace. 
+
 
 1. Sign in to the [Azure portal](https://portal.azure.com). 
 2. In the search bar, type in **Relays**.
 3. Select the **namespace** from the list to which you want to add a private endpoint.
 4. On the left menu, select the **Networking** tab under **Settings**.
-5. Select the **Private endpoint connections** tab at the top of the page
-6. Select the **+ Private Endpoint** button at the top of the page.
+1. On the **Networking** page, for **Public network access**, select **Disabled** if you want the namespace to be accessed only via private endpoints. 
+1. For **Allow trusted Microsoft services to bypass this firewall**, select **Yes** if you want to allow [trusted Microsoft services](#trusted-services) to bypass this firewall. 
+
+    :::image type="content" source="./media/private-link-service/public-access-disabled.png" alt-text="Screenshot of the Networking page with public network access as Disabled.":::
+1. Select the **Private endpoint connections** tab at the top of the page
+1. Select the **+ Private Endpoint** button at the top of the page.
 
     :::image type="content" source="./media/private-link-service/add-private-endpoint-button.png" alt-text="Screenshot showing the selection of the Add private endpoint button on the Private endpoint connections tab of the Networking page.":::
 7. On the **Basics** page, follow these steps: 
@@ -226,6 +231,8 @@ Aliases:  <namespace-name>.servicebus.windows.net
 - Maximum number of Azure Relay namespaces with private endpoints per subscription: 64.
 - Network Security Group (NSG) rules and User-Defined Routes don't apply to Private Endpoint. For more information, see [Azure Private Link service: Limitations](../private-link/private-link-service-overview.md#limitations)
 
+[!INCLUDE [trusted-services](./includes/trusted-services.md)]
+
 ## Next Steps
 
 - Learn more about [Azure Private Link](../private-link/private-link-service-overview.md)

articles/azure-relay/private-link-service.md

@@ -47,15 +47,10 @@ If you already have an Event Hubs namespace, you can create a private link conne
 1. Sign in to the [Azure portal](https://portal.azure.com). 
 2. In the search bar, type in **event hubs**.
 3. Select the **namespace** from the list to which you want to add a private endpoint.
-1. On the **Networking** page, for **Public network access**, you can set one of the three following options. Select **Disabled** if you want the namespace to be accessed only via private endpoints. 
+1. On the **Networking** page, for **Public network access**, select **Disabled** if you want the namespace to be accessed only via private endpoints. 
+1. For **Allow trusted Microsoft services to bypass this firewall**, select **Yes** if you want to allow [trusted Microsoft services](#trusted-microsoft-services) to bypass this firewall. 
 
-    Here are more details about options available in the **Public network access** page:
-    - **Disabled**. This option disables any public access to the namespace. The namespace is accessible only through [private endpoints](private-link-service.md). 
-    - **Selected networks**. This option enables public access to the namespace using an access key from selected networks. 
-
-        > [!IMPORTANT]
-        > If you choose **Selected networks**, add at least one IP firewall rule or a virtual network that will have access to the namespace. Choose **Disabled** if you want to restrict all traffic to this namespace over [private endpoints](private-link-service.md) only.
-    - **All networks** (default). This option enables public access from all networks using an access key. If you select the **All networks** option, the event hub accepts connections from any IP address (using the access key). This setting is equivalent to a rule that accepts the 0.0.0.0/0 IP address range. 
+    :::image type="content" source="./media/private-link-service/public-access-disabled.png" alt-text="Screenshot of the Networking page with public network access as Disabled.":::
 1. Switch to the **Private endpoint connections** tab. 
 1. Select the **+ Private Endpoint** button at the top of the page.
 

articles/event-hubs/media/private-link-service/public-access-disabled.png

@@ -3,7 +3,7 @@ title: Monitoring Azure Service Bus
 description: Learn how to use Azure Monitor to view, analyze, and create alerts on metrics from Azure Service Bus. 
 ms.topic: conceptual
 ms.custom: subject-monitoring
-ms.date: 02/10/2022
+ms.date: 06/26/2023
 ---
 
 # Monitor Azure Service Bus

articles/event-hubs/private-link-service.md

@@ -57,15 +57,12 @@ If you already have an existing namespace, you can create a private endpoint by
 
     > [!NOTE]
     > You see the **Networking** tab only for **premium** namespaces.  
-1. On the **Networking** page, for **Public network access**, you can set one of the three following options. Select **Disabled** if you want the namespace to be accessed only via private endpoints. 
-    - **Disabled**. This option disables any public access to the namespace. The namespace is accessible only through [private endpoints](private-link-service.md). 
-    - **Selected networks**. This option enables public access to the namespace using an access key from selected networks. 
+1. On the **Networking** page, for **Public network access**, select **Disabled** if you want the namespace to be accessed only via private endpoints. 
+1. For **Allow trusted Microsoft services to bypass this firewall**, select **Yes** if you want to allow [trusted Microsoft services](#trusted-microsoft-services) to bypass this firewall. 
 
-        > [!IMPORTANT]
-        > If you choose **Selected networks**, add at least one IP firewall rule or a virtual network that will have access to the namespace. Choose **Disabled** if you want to restrict all traffic to this namespace over [private endpoints](private-link-service.md) only.       
-    - **All networks** (default). This option enables public access from all networks using an access key. If you select the **All networks** option, Service Bus accepts connections from any IP address (using the access key). This setting is equivalent to a rule that accepts the 0.0.0.0/0 IP address range.
-5. To allow access to the namespace via private endpoints, select the **Private endpoint connections** tab at the top of the page
-6. Select the **+ Private Endpoint** button at the top of the page.
+    :::image type="content" source="./media/private-link-service/public-access-disabled.png" alt-text="Screenshot of the Networking page with public network access as Disabled.":::
+1. To allow access to the namespace via private endpoints, select the **Private endpoint connections** tab at the top of the page
+1. Select the **+ Private Endpoint** button at the top of the page.
 
     ![Add private endpoint button](./media/private-link-service/private-link-service-3.png)
 7. On the **Basics** page, follow these steps: 
@@ -190,7 +187,7 @@ There are four provisioning states:
 
 ### Approve a private endpoint connection
 
-1. If there are any connections that are pending, you'll see a connection listed with **Pending** in the provisioning state. 
+1. If there are any connections that are pending, you see a connection listed with **Pending** in the provisioning state. 
 2. Select the **private endpoint** you wish to approve
 3. Select the **Approve** button.