Update to TOC

Author: mbender-ms

articles/virtual-network-manager/TOC.yml

@@ -37,12 +37,14 @@
     href: concept-remove-components-checklist.md
 - name: How-to guides
   items:
-  - name: Block network traffic
+  - name: Secure network traffic
     items:
-    - name: Portal
+    - name: Block network traffic - Portal
       href: how-to-block-network-traffic-portal.md
-    - name: PowerShell
+    - name: Block network traffic -PowerShell
       href: how-to-block-network-traffic-powershell.md
+    - name: Protect high-risk network ports
+      href: how-to-block-high-risk-ports.md
   - name: Create a network topology
     items:
     - name: Mesh

articles/virtual-network-manager/concept-security-admins.md

@@ -59,10 +59,10 @@ Based on the industry study and suggestions from Microsoft, below is what we rec
 Security admin rules are similar to NSG rules in structure and the parameters they intake, but as we’ve explored so far, they’re not the exact same construct. The first difference is intended audience – admin rules are intended to be used by network admins of a central governance team, thereby delegating NSG rules to individual application or service teams to further specify security as needed. With these intentions, admin rules were designed to have a higher priority than NSGs and therefore be evaluated before NSG rules. Admin rules also include an additional action type of “Always Allow”, which allows the specified traffic through to its intended destination and terminates further (and possibly conflicting) evaluation by NSGs rules. Admin rules are also applied not only to a network group’s existing VNets but also to newly provisioned resources, as described in the previous section. Admin rules are currently applied at the VNet level, whereas NSGs can be associated at the subnet and NIC level.
 Let’s boil down these differences and similarities:
 
-| Target Audience | Applied On | Evaluation Order | Action Types | Parameters |
+| Rule Type | Target Audience | Applied On | Evaluation Order | Action Types | Parameters |
 | --- | ---- | ---- | ---- | ---- | ---- | 
-| **Security Admin Rules** | Network admins, central governance team | 	Virtual networks | 	Higher priority | 	Allow, Deny, Always Allow | 	Priority, protocol, action, source, destination
-| **NSG Rules** | 	Individual teams | 	Subnets, NICs | 	Lower priority, after security admin rules | 	Allow, Deny	|
+| **Security Admin Rules** | Network admins, central governance team | 	Virtual networks | 	Higher priority | 	Allow, Deny, Always Allow | 	Priority, protocol, action, source, destination |
+| **NSG Rules** | 	Individual teams | 	Subnets, NICs | Lower priority, after security admin rules | Allow, Deny | Priority, protocol, action, source, destination |
 
 ### The Order of Evaluation
 

articles/virtual-network-manager/concept-why-admin-rules.md

@@ -1,5 +1,5 @@
 ---
-title: 'Why Security Admin Rules?'
+title: 'Virtual network enforcement with Security Admin Rules?'
 description: #Required; You'll learn why you should use Security Admin Rules and how they differ from NSGs. 
 author: mbender-ms
 ms.author: mbender
@@ -8,16 +8,11 @@ ms.topic: conceptual #Required; leave this attribute/value as-is.
 ms.date: 06/28/2022
 ms.custom: template-concept #Required; leave this attribute/value as-is.
 ---
+# Virtual network enforcement with Security Admin Rules?
 
-<!-- reference of WHY doc: https://docs.microsoft.com/en-us/azure/applied-ai-services/why-applied-ai-services -->
+In this article, you'll learn how Security Admins Rules provide flexible and scalable enforcement of security policies over tools like network security groups. First, you learn the different models of virtual network enforcement. Then, you'll learn the general steps for enforcing security with security admin rules.
 
-<!-- reference of WHAT doc: https://docs.microsoft.com/en-us/azure/applied-ai-services/what-are-applied-ai-services -->
-
-# Why Security Admin Rules?
-
-[add your introductory paragraph]
-
-### Virtual network enforcement
+### Virtual network enforcement models
 
 With NSGs alone, widespread enforcement on VNets across several applications, teams, or even entire organizations can be tricky. Often there’s a balancing act between attempts at centralized enforcement across an organization and handing over granular, flexible control to teams. Let’s look at a few common models of security management without security admin rules, and their pros and cons:
 
@@ -57,10 +52,6 @@ After the deployment of the security admin configuration, all VNets in the compa
 
 ## When to use Security Admin Rules
 
-<!-- 4. Next steps
-Required. Provide at least one next step and no more than three. Include some 
-context so the customer can determine why they would click the link.
--->
 
 ## Next steps
 <!-- Add a context sentence for the following links -->

articles/virtual-network-manager/how-to-block-high-risk-ports.md

@@ -1,5 +1,5 @@
 ---
-title: 'How to block high-risk network ports with SecurityAdmin Rules in Azure Virtual Network Manager.'
+title: 'Protect high-risk network ports with SecurityAdmin Rules in Azure Virtual Network Manager.'
 description: #Required; In this article, you will deploy Security admin rules to block high-risk security ports with Azure Virtual Network Manager.
 author: mbender-ms
 ms.author: mbender
@@ -14,10 +14,10 @@ Remove all the comments in this template before you sign-off or merge to the
 main branch.
 -->
 
-# How to block high-risk network ports with Security Admin Rules in Azure Virtual Network Manager
+# Protect high-risk network ports with Security Admin Rules in Azure Virtual Network Manager
 
 
-In this article, you'll learn to block high risk network ports using Azure Virtual Network Manager and Security Admin Rules. You'll walk through the creation of an Azure Virtual Network Manager instance, group your virtual networks (VNets) with network groups, and create & deploy security admin configurations for your organization. You'll deploy a general block rule for high risk ports. Then you'll create an exception for managing a specific application's VNet. This allows you to manage access to the application VNets using network security groups.
+In this article, you'll learn to block high risk network ports using [Azure Virtual Network Manager](overview.md) and Security Admin Rules. You'll walk through the creation of an Azure Virtual Network Manager instance, group your virtual networks (VNets) with [network groups](concept-network-groups.md), and create & deploy security admin configurations for your organization. You'll deploy a general block rule for high risk ports. Then you'll create an exception for managing a specific application's VNet. This allows you to manage access to the application VNets using network security groups.
 
 ### Describe Scenario
 
@@ -46,7 +46,7 @@ For this How-to, you'll need a virtual network environment that includes product
 * Place all virtual networks in the subscription, region, and resource group
 
 
-Not sure how to build a virtual network? Learn more in [Quickstart: Create a virtual network using the Azure portal](quick-create-portal.md).
+Not sure how to build a virtual network? Learn more in [Quickstart: Create a virtual network using the Azure portal](/azure/virtual-network/quick-create-portal).
 
 ## Create a Virtual Network Manager
 In this section, you'll deploy a Virtual Network Manager instance with the Security admin feature in your organization.
@@ -186,9 +186,9 @@ We’re at the final step, which is to redeploy OurSecurityConfig since we’ve
 
 ## Next steps
 <!-- Add a context sentence for the following links -->
-- [Write how-to guides](contribute-how-to-write-howto.md)
-- [Links](links-how-to.md)
+- Learn how to [create a mesh network topology with Azure Virtual Network Manager using the Azure portal](how-to-create-mesh-network.md)
 
+- Checkout the [Azure Virtual Network Manager FAQ](faq.md)
 <!--
 Remove all the comments in this template before you sign-off or merge to the 
 main branch.