revised based on PM feedback

Michael Bender · Michael Bender · commit c83d575fd3a0 · 2024-02-07T16:12:33.000-06:00
diff --git a/articles/security/fundamentals/overview.md b/articles/security/fundamentals/overview.md
@@ -200,15 +200,16 @@ Azure networking supports various secure remote access scenarios. Some of these
 - [Connect Azure Virtual Networks to each other](../../vpn-gateway/vpn-gateway-vnet-vnet-rm-ps.md)
 
 ### Azure Virtual Network Manager
-[Azure Virtual Network Manager](../../virtual-network-manager/overview.md)  provides a centralized solution for protecting your virtual networks at scale. It uses Security Admin Rules to centrally define and enforce security policies for your virtual networks across your entire organization. Security admin rules takes precedence over Network Security Group (NSGs) rules. This allows organizations to enforce core security policies while still enabling application teams to tailor NSGs according to their specific needs at the application group level. Depending on the needs of your organization, you can use **Allow**, **Deny**, or **Always Allow** rule actions to enforce security policies. 
+
+[Azure Virtual Network Manager](../../virtual-network-manager/overview.md)  provides a centralized solution for protecting your virtual networks at scale. It uses [Security Admin Rules](../../virtual-network-manager/concept-security-admins.md) to centrally define and enforce security policies for your virtual networks across your entire organization. Security admin rules takes precedence over Network Security Group (NSG) rules. This allows organizations to enforce core security policies while still enabling application teams to tailor NSGs according to their specific needs at the application group level. Depending on the needs of your organization, you can use **Allow**, **Deny**, or **Always Allow** rule actions to enforce security policies. 
 
 | Rule Action | Description |
 |-------------|-------------|
 | **Allow**       | Allow the traffic trusted boundary by default unless denied by NSGs created by individual teams. |
-| **Always allow** | Always allow monitoring agent's traffic.</br>Always allow domain controller traffic</br>Always allow management traffic.|
+| **Always allow** | Always allow monitoring agent's traffic.</br>Always allow domain controller traffic.</br>Always allow management traffic.|
 | **Deny**          | Protect high-risk ports by default for all exiting and new VNets. |
 
-To manage your virtual networks in Azure Virtual Network Manager, you use network groups. [Network groups](../../virtual-network-manager/concept-network-groups.md) allow you to group virtual networks together for centralized management and enforcement of security policies. Network groups are a logical grouping of virtual networks based on your needs from a topology and security perspective. You can manually create network groups or use dynamic network groups with Azure Policy.
+In Azure Virtual Network Manager, [Network groups](../../virtual-network-manager/concept-network-groups.md) allow you to group virtual networks together for centralized management and enforcement of security policies. Network groups are a logical grouping of virtual networks based on your needs from a topology and security perspective. You can manually create network groups or use [dynamic network groups with Azure Policy](../../virtual-network-manager/concept-azure-policy-integration.md).
 
 ### Azure Private Link
 
