edit pass: azure-migrate-key-concepts

ShawnJackson · ShawnJackson · commit c512a4cb32ec · 2025-07-16T17:11:11.000-05:00
diff --git a/articles/migrate/best-practices-least-privileged-account.md b/articles/migrate/best-practices-least-privileged-account.md
@@ -70,7 +70,7 @@ For quick discovery of software inventory, server dependencies, and database ins
 | Quick guest discovery  | Software inventory <br /><br /> Server dependencies (limited data) <br /><br />Inventory of database instances  | Windows <br /><br /> Linux | Local guest user account <br /><br /> Any non-Sudo guest user account |
 
 > [!NOTE]
-> You can use a Windows guest or a Linux non-Sudo user account to get dependency-mapping data. But with least privileged accounts, you might not collect process information (like process name or app name) for some processes that run with higher privileges. These processes appear as **Unknown** under the machine in the single-server view.
+> You can use a Windows guest or a Linux non-Sudo user account to get dependency mapping data. But with least privileged accounts, you might not collect process information (like process name or app name) for some processes that run with higher privileges. These processes appear as **Unknown** under the machine in the single-server view.
 
 #### In-depth guest discovery
 
@@ -79,7 +79,7 @@ For in-depth discovery of software inventory, server dependencies, and web apps
 | Use case  | Discovered metadata  | Credential type| Required permissions |
 | --- | --- | --- | --- |
 | In-depth guest discovery  | Software inventory <br /><br /> Server dependencies (full data)<br /><br /> Inventory of database instances <br /><br /> Web apps like .NET and Java Tomcat  | Windows | Administrator  |
-|In-depth guest discovery | Software inventory <br /><br /> Server dependencies (full data)<br /><br /> Inventory of database instances <br /><br /> Web apps like .NET and Java Tomcat  | Linux  | The following Sudo permissions are required to identify server dependencies:  <br /><br /> `/usr/bin/netstat`, `/usr/bin/ls` <br /><br /> If `netstat` is not available, Sudo permissions on `ss` are required. <br /><br /> For Java web app discovery (Tomcat servers), the user should have read and execute (`r-x`) permissions on all Catalina homes. <br /><br /> Use the following command to find all Catalina homes: <br /><br /> `ps -ef \| grep catalina.home` <br /><br /> Here's a sample command to set up a least privileged user: <br /><br /> `setfacl -m u:johndoe:rx <catalina/home/path>`  |
+|In-depth guest discovery | Software inventory <br /><br /> Server dependencies (full data)<br /><br /> Inventory of database instances <br /><br /> Web apps like .NET and Java Tomcat  | Linux  | The following Sudo permissions are required to identify server dependencies: `/usr/bin/netstat` and `/usr/bin/ls`. <br /><br /> If `netstat` is not available, Sudo permissions on `ss` are required. <br /><br /> For Java web app discovery (Tomcat servers), the user should have read and execute (`r-x`) permissions on all Catalina homes. <br /><br /> Use the following command to find all Catalina homes: `ps -ef \| grep catalina.home`. <br /><br /> Here's a sample command to set up a least privileged user: `setfacl -m u:<username>:rx <catalina/home/path>`.  |
 
 ## Discovery of the Hyper-V estate
 
@@ -161,9 +161,9 @@ For quick discovery of Linux servers:
 
 For in-depth discovery of software inventory, server dependencies, and web apps such as .NET and Java Tomcat, you need the following permissions:
 
-| Use case | Discovered metadata   | Credentials type | Commands to configure |
+| Use case | Discovered metadata   | Credential type | Commands to configure |
 | --- | --- | --- | --- |
-| In-depth server discovery | In-depth discovery of web apps such as .NET and Java Tomcat <br /><br />Agentless dependency analysis (full data) |Windows <br /><br /> Linux | Administrator permissions are required. <br /><br /> To discover Java web apps on Tomcat servers, the user account needs read and execute (`r-x`) permissions on all Catalina home directories.<br /><br />Use the following command to find all Catalina homes: `ps -ef \| grep catalina.home`.<br /><br />Here's a sample command to set up a least privileged user: `setfacl -m u:johndoe:rx <catalina/home/path>`.  |
+| In-depth server discovery | In-depth discovery of web apps such as .NET and Java Tomcat <br /><br />Agentless dependency analysis (full data) |Windows <br /><br /> Linux | Administrator permissions are required. <br /><br /> To discover Java web apps on Tomcat servers, the user account needs read and execute (`r-x`) permissions on all Catalina home directories.<br /><br />Use the following command to find all Catalina homes: `ps -ef \| grep catalina.home`.<br /><br />Here's a sample command to set up a least privileged user: `setfacl -m u:<username>:rx <catalina/home/path>`.  |
 
 ## Database discovery
 
@@ -358,8 +358,8 @@ To discover MySQL databases, add MySQL database credentials to the appliance.
 
 Ensure that the user who corresponds to the added MySQL credentials has the following privileges:
 
-- Select permission on `information_schema` tables.
-- Select permission on `mysql.users` tables.
+- Select permission on `information_schema` tables
+- Select permission on `mysql.users` tables
 
 Use the following commands to grant the necessary privileges to the MySQL user:
 
diff --git a/articles/migrate/best-practices-security.md b/articles/migrate/best-practices-security.md
@@ -13,7 +13,7 @@ ms.custom:
 
 # Security best practices for deploying the Azure Migrate appliance
 
-[Azure Migrate](./migrate-services-overview.md) provides a hub of tools that help you to discover, assess, and migrate apps, infrastructure, and workloads to Microsoft Azure. The hub includes Azure Migrate tools and offerings from non-Microsoft software development companies.
+[Azure Migrate](./migrate-services-overview.md) provides a hub of tools that help you to discover, assess, and migrate apps, infrastructure, and workloads to Microsoft Azure. The hub includes Azure Migrate tools, along with offerings from other software development companies.
 
 This article summarizes the best practices to follow when you're deploying the Azure Migrate appliance. These best practices help ensure the security of your migration.
 
@@ -72,7 +72,7 @@ All the credentials provided on the appliance configuration manager are stored l
 
 Follow these recommendations for handling credentials:
 
-- Depending on the workloads that you discover, use least privileged credentials specifically for the scenarios that you plan to use Azure Migrate appliance for.
+- Depending on the workloads that you discover, use least privileged credentials specifically for the scenarios that you plan to use the Azure Migrate appliance for.
 - Use a domain account to reduce the total number of accounts required for discovery. This approach reduces the operational overhead in managing multiple user accounts. It also builds agility to update the credentials in the event of a security breach.  
 
 ## Identity and access management
diff --git a/articles/migrate/how-to-use-azure-migrate-with-private-endpoints.md b/articles/migrate/how-to-use-azure-migrate-with-private-endpoints.md
@@ -4,15 +4,15 @@ description: Use Azure Migrate to discover, assess, and migrate servers by using
 author: vijain
 ms.author: vijain
 ms.custom: subject-rbac-steps, engagement-fy23
-ms.topic: how-to
+ms.topic: concept-article
 ms.service: azure-migrate
 ms.date: 02/06/2024
 # Customer intent: As a cloud architect, I want to use Azure Migrate with private endpoints so that I can securely discover, assess, and migrate servers without relying on public networks.
 ---
 
 # Support requirements and considerations for private endpoint connectivity
 
-The article series describes how to use Azure Migrate to discover, assess, and migrate servers over a private network by using [Azure Private Link](../private-link/private-endpoint-overview.md). You can use the Azure Migrate Discovery and Assessment tool and the Azure Migrate and Modernize tool to connect to Azure Migrate over an Azure ExpressRoute private peering connection or a site-to-site (S2S) VPN connection by using Private Link. For more information about these tools, see [What is Azure Migrate?](migrate-services-overview.md).
+This article describes how to use Azure Migrate to discover, assess, and migrate servers over a private network by using [Azure Private Link](../private-link/private-endpoint-overview.md). You can use the Azure Migrate Discovery and Assessment tool and the Azure Migrate and Modernize tool to connect to Azure Migrate over an Azure ExpressRoute private peering connection or a site-to-site VPN connection by using Private Link. For more information about these tools, see [What is Azure Migrate?](migrate-services-overview.md).
 
 We recommend the method of private endpoint connectivity when there's an organizational requirement to access Azure Migrate and other Azure resources without traversing public networks. By using Private Link, you can use your existing ExpressRoute private peering circuits for better bandwidth or latency requirements.
 
@@ -22,7 +22,7 @@ The functionality is now in general availability in supported [public cloud](sup
 
 ## Required permissions
 
-You must have Contributor + User Access Administrator or Owner permissions on the subscription.
+You must have Contributor, User Access Administrator, or Owner permissions on the subscription.
 
 ## Supported scenarios and tools
 
@@ -51,7 +51,7 @@ Consideration | Details
 --- | ---
 Pricing | See [Azure page blobs pricing](https://azure.microsoft.com/pricing/details/storage/page-blobs/) and [Azure Private Link pricing](https://azure.microsoft.com/pricing/details/private-link/).
 Virtual network requirements | The ExpressRoute/VPN gateway endpoint should reside in the selected virtual network or a virtual network connected to it. You might need about 15 IP addresses in the virtual network.
-PowerShell support | PowerShell isn't supported. We recommend using the Azure portal or REST APIs for Azure Migrate Private Link support.
+PowerShell support | PowerShell isn't supported. We recommend using the Azure portal or REST APIs for Private Link support in Azure Migrate.
 
 ## Related content
 
diff --git a/articles/migrate/migrate-support-matrix.md b/articles/migrate/migrate-support-matrix.md
@@ -20,7 +20,7 @@ Deployment | Details
 Discovery | Discover server metadata and dynamic performance data.
 Software inventory | Discover apps, roles, and features running on VMware virtual machines (VMs). Currently, this feature is limited to discovery only. Assessment is currently at the server level. We don't yet offer app, role, or feature-based assessments.
 Assessment | Assess on-premises workloads and data running on VMware VMs, Hyper-V VMs, and physical servers. Assess by using Azure Migrate Discovery and Assessment, Microsoft Data Migration Assistant, and tools from other software development companies.
-Migration | Migrate workloads and data running on physical servers, VMware VMs, Hyper-V VMs, physical servers, and cloud-based VMs to Azure. Migrate by using the Azure Migrate and Modernize tool, Azure Database Migration Service, and tools from other software development companies.
+Migration | Migrate workloads and data running on physical servers, VMware VMs, Hyper-V VMs, physical servers, and cloud-based VMs to Azure. Migrate by using Azure Migrate and Modernize, Azure Database Migration Service, and tools from other software development companies.
 
 ## Project
 
