updated security topics

Author: spelluru

articles/service-bus-relay/ip-firewall-virtual-networks.md

@@ -19,14 +19,19 @@ By default, Relay namespaces are accessible from internet as long as the request
 
 This feature is helpful in scenarios in which Azure Relay should be only accessible from certain well-known sites. Firewall rules enable you to configure rules to accept traffic originating from specific IPv4 addresses. For example, if you use Relay with [Azure Express Route](../expressroute/expressroute-faqs.md#supported-services), you can create a **firewall rule** to allow traffic from only your on-premises infrastructure IP addresses. 
 
+
+> [!IMPORTANT]
+> This feature is currently in preview. 
+
+
 ## Enable IP firewall rules
 The IP firewall rules are applied at the namespace level. Therefore, the rules apply to all connections from clients using any supported protocol. Any connection attempt from an IP address that does not match an allowed IP rule on the namespace is rejected as unauthorized. The response does not mention the IP rule. IP filter rules are applied in order, and the first rule that matches the IP address determines the accept or reject action.
 
 ### Use Azure portal
 This section shows you how to use the Azure portal to create IP firewall rules for a namespace. 
 
 1. Navigate to your **Relay namespace** in the [Azure portal](https://portal.azure.com).
-2. On the left menu, select **Networking** option. If you select the **All networks** option, the Relay namespace accepts connections from any IP address. This setting is equivalent to a rule that accepts the 0.0.0.0/0 IP address range. 
+2. On the left menu, select **Networking** option. If you select the **All networks** option in the  **Allow access from** section, the Relay namespace accepts connections from any IP address. This setting is equivalent to a rule that accepts the 0.0.0.0/0 IP address range. 
 
     ![Firewall - All networks option selected](./media/ip-firewall/all-networks-selected.png)
 1. To restrict access to specific networks and IP addresses, select the **Selected networks** option. In the **Firewall** section, follow these steps:

articles/service-bus-relay/network-security.md

@@ -13,7 +13,7 @@ ms.author: spelluru
 # Network security for Azure Relay 
 This article describes how to use the following security features with Azure Relay: 
 
-- IP Firewall rules
+- IP firewall rules (preview)
 - Private endpoints (preview)
 
 > [!NOTE]

articles/service-bus-relay/private-link-service.md

@@ -207,23 +207,21 @@ There are four provisioning states:
 3. You should see the status changed to **Disconnected**. Then, you will see the endpoint disappear from the list. 
 
 ## Validate that the private link connection works
+You should validate that resources within the same subnet of the private endpoint are connecting to your Azure Relay namespace over its private IP address.
 
-You should validate that the resources within the same subnet of the private endpoint resource are connecting to your Azure Relay namespace over its private IP address. 
+For this test, create a virtual machine by following the steps in the [Create a Windows virtual machine in the Azure portal](../virtual-machines/windows/quick-create-portal.md)
 
-First, create a virtual machine by following the steps in [Create a Windows virtual machine in the Azure portal](../virtual-machines/windows/quick-create-portal.md)
-
-For this test, create a VM in the Azure portal. Do the following steps in the **Networking** tab of the wizard: 
+In the **Networking** tab: 
 
 1. Specify **Virtual network** and **Subnet**. You must select the Virtual Network on which you deployed the private endpoint.
 2. Specify a **public IP** resource.
 3. For **NIC network security group**, select **None**.
 4. For **Load balancing**, select **No**.
 
-
 Connect to the VM and open the command line and run the following command:
 
 ```console
-nslookup <your-relay-namespace-name>.servicebus.azure.net
+nslookup <your-relay-namespace-name>.servicebus.windows.net
 ```
 
 You should see a result that looks like the following.