MicrosoftDocs
diff --git a/‎articles/azure-web-pubsub/howto-authorize-from-application.md
Lines changed: 5 additions & 5 deletions b/‎articles/azure-web-pubsub/howto-authorize-from-application.md
Lines changed: 5 additions & 5 deletions
diff --git a/‎articles/azure-web-pubsub/howto-secure-private-endpoints.md
Lines changed: 10 additions & 8 deletions b/‎articles/azure-web-pubsub/howto-secure-private-endpoints.md
Lines changed: 10 additions & 8 deletions
diff --git a/‎articles/azure-web-pubsub/howto-secure-rotate-access-key.md
Lines changed: 8 additions & 8 deletions b/‎articles/azure-web-pubsub/howto-secure-rotate-access-key.md
Lines changed: 8 additions & 8 deletions
diff --git a/‎articles/azure-web-pubsub/howto-secure-shared-private-endpoints-key-vault.md
Lines changed: 11 additions & 7 deletions b/‎articles/azure-web-pubsub/howto-secure-shared-private-endpoints-key-vault.md
Lines changed: 11 additions & 7 deletions
diff --git a/‎articles/azure-web-pubsub/howto-secure-shared-private-endpoints.md
Lines changed: 14 additions & 14 deletions b/‎articles/azure-web-pubsub/howto-secure-shared-private-endpoints.md
Lines changed: 14 additions & 14 deletions
@@ -1,5 +1,5 @@
 ---
-title: Authorize an application request to Web PubSub resources
+title: Authorize an application request by using Microsoft Entra ID
 description: Learn how to authorize an application request to Web PubSub resources by using Microsoft Entra ID.
 author: terencefan
 ms.author: tefa
@@ -8,9 +8,9 @@ ms.service: azure-web-pubsub
 ms.topic: conceptual
 ---
 
-# Authorize an application request to Web PubSub resources by using Microsoft Entra ID
+# Authorize an application request by using Microsoft Entra ID
 
-Azure Web PubSub Service supports Microsoft Entra ID for authorizing requests from [applications](../active-directory/develop/app-objects-and-service-principals.md).
+Azure Web PubSub supports Microsoft Entra ID for authorizing requests from [applications](../active-directory/develop/app-objects-and-service-principals.md).
 
 This article shows you how to configure your Web PubSub resource and codes to authorize the request to a Web PubSub resource from an Azure application.
 
@@ -141,7 +141,7 @@ To learn more about how to assign and manage Azure role assignments, see these a
 
    ![Screenshot that shows the response token when you use Postman to get the token.](./media/howto-authorize-from-application/get-azure-ad-token-using-postman-response.png)
 
-## Sample codes that use Microsoft Entra authorization
+## Code samples that use Microsoft Entra authorization
 
 Get samples that use Microsoft Entra authorization in our four officially supported programming languages:
 
@@ -153,5 +153,5 @@ Get samples that use Microsoft Entra authorization in our four officially suppor
 ## Related content
 
 - [Overview of Microsoft Entra ID for Web PubSub](concept-azure-ad-authorization.md)
-- [Authorize a request to Web PubSub resources with Microsoft Entra ID from managed identities](howto-authorize-from-managed-identity.md)
+- [Use Microsoft Entra ID to authorize a request from a managed identity to Web PubSub resources](howto-authorize-from-managed-identity.md)
 - [Disable local authentication](./howto-disable-local-auth.md)
@@ -1,5 +1,5 @@
 ---
-title: Secure traffic by using a private endpoint
+title: Use a private endpoint for access control
 description: Learn how to use private endpoints for secure access to Azure Web PubSub from a virtual network.
 author: yjin81
 ms.author: yajin1
@@ -8,25 +8,27 @@ ms.topic: how-to
 ms.date: 08/16/2024
 ---
 
-# Use private endpoints for Azure Web PubSub
+# Use private endpoints for access control
 
 You can use [private endpoints](../private-link/private-endpoint-overview.md) for your Azure Web PubSub resource to allow clients in a virtual network (VNet) to securely access data over a [private link](../private-link/private-link-overview.md). The private endpoint uses an IP address from the VNet address space for your Web PubSub resource. Network traffic between the clients on the VNet and your Web PubSub resource traverses a private link on the Microsoft network, eliminating exposure on the public internet.
 
 Using private endpoints for your Web PubSub resource helps you:
 
 - Secure your Web PubSub resource by using network access control to block all connections on the public endpoint for Web PubSub.
 - Increase security for the VNet by enabling you to block exfiltration of data from the VNet.
-- Securely connect to Web PubSub from on-premises networks that connect to the VNet by using [VPN](../vpn-gateway/vpn-gateway-about-vpngateways.md) or [Azure ExpressRoute](../expressroute/expressroute-locations.md) with private-peering.
+- Securely connect to Web PubSub from on-premises networks that connect to the VNet by using a [VPN](../vpn-gateway/vpn-gateway-about-vpngateways.md) or [Azure ExpressRoute](../expressroute/expressroute-locations.md) with private peering.
 
-## Conceptual overview
+## Use private endpoints in a virtual network
 
-:::image type="content" source="./media/howto-secure-private-endpoints/private-endpoint-overview.png" alt-text="Overview of private endpoints for Azure Web PubSub.":::
+:::image type="content" source="./media/howto-secure-private-endpoints/private-endpoint-overview.png" alt-text="Diagram that shows an overview of private endpoints for Azure Web PubSub." lightbox="media/howto-secure-private-endpoints/private-endpoint-overview.png":::
 
-A private endpoint is a special network interface for an Azure service in your [Virtual Network](../virtual-network/virtual-networks-overview.md) (VNet). When you create a private endpoint for your Web PubSub resource, it provides secure connectivity between clients on your VNet and your service. The private endpoint is assigned an IP address from the IP address range of your VNet. The connection between the private endpoint and Azure Web PubSub uses a secure private link.
+A private endpoint is a special network interface for an Azure service in your [virtual network](../virtual-network/virtual-networks-overview.md) (VNet). When you create a private endpoint for your Web PubSub resource, it provides secure connectivity between clients on your VNet and your service. The private endpoint is assigned an IP address from the IP address range of your VNet. The connection between the private endpoint and Azure Web PubSub uses a secure private link.
 
-Applications in the VNet can connect to Azure Web PubSub over the private endpoint seamlessly, **using the same connection strings and authorization mechanisms that they would use otherwise**. Private endpoints can be used with all protocols supported by the Web PubSub resource, including REST API.
+Applications in the VNet can connect to Web PubSub resources seamlessly by using the private endpoint. The applications *use the same connection strings and authorization mechanisms that they would use otherwise.*
 
-When you create a private endpoint for a Web PubSub resource in your VNet, a consent request is sent for approval to the Web PubSub resource owner. If the user requesting the creation of the private endpoint is also an owner of the Web PubSub resource, this consent request is automatically approved.
+Private endpoints can be used with all protocols that the Web PubSub resource supports, including REST API.
+
+When you create a private endpoint for a Web PubSub resource in your VNet, a consent request is sent for approval to the Web PubSub resource owner. If the user who requests the private endpoint is also an owner of the Web PubSub resource, this consent request is automatically approved.
 
 You can manage consent requests and private endpoints for your Web PubSub resource on the **Private endpoints** tab in the [Azure portal](https://portal.azure.com).
 
 
@@ -5,38 +5,38 @@ author: yjin81
 ms.author: yajin1
 ms.service: azure-web-pubsub
 ms.topic: how-to 
-ms.date: 11/08/2021
+ms.date: 08/16/2024
 ---
 
-# Rotate access keys for Azure Web PubSub
+# Rotate access keys
 
 Each Azure Web PubSub instance has a pair of access keys that helps you authenticate clients when requests are made to the service. Both keys are associated with the instance endpoint URL.
 
 Each instance has a primary access key and a secondary access key. Rotate one access key at a time by regenerating a new key of that type, either primary or secondary. Update one access key while the other access key maintains existing authenticated connections.
 
 ## When to rotate access keys
 
-For security reasons and to meet compliance requirements, we recommend that you routinely rotate your access keys.
+For security and compliance requirements, we recommend that you routinely rotate your access keys.
 
 To regenerate an access key, complete the steps that are described in the following sections.
 
 ### Enforced access key rotation
 
-In some scenarios, Azure Web PubSub might enforce a mandatory access key rotation. The service sends notifications via email and in the portal. If you receive this kind of notification or if you encounter service failure due to an access key, regenerate your access keys to rotate the keys.
+In some scenarios, Azure Web PubSub might enforce a mandatory access key rotation. The service sends notifications via email and in the portal. If you receive this kind of notification or if you encounter service failure due to an access key issue, regenerate your access keys to rotate the keys.
 
 ## Regenerate an access key
 
-1. In the [Azure portal](https://portal.azure.com/), sign in with your credentials.
+1. In the [Azure portal](https://portal.azure.com/), sign in with your subscription credentials.
 
-1. Go to the Azure Web PubSub instance that has keys you want to rotate.
+1. Go to the Web PubSub instance that has keys you want to rotate.
 
 1. On the resource menu, select **Keys**.
 
 1. Select **Regenerate Primary Key** or **Regenerate Secondary Key**.
 
-   A new key and a corresponding connection string are created and shown.
+   A new key and a corresponding connection string are created. You manage them in your Web PubSub instance.
 
-You also can regenerate a key by using the Azure CLI when the Azure Web PubSub service is generally available.
+When the Azure Web PubSub service becomes generally available, you can also regenerate a key by using the Azure CLI.
 
 ## Update configurations with the new connection string
 
 
@@ -1,7 +1,7 @@
 ---
 title: Access a key vault in a private network via shared private endpoints
-titleSuffix: Azure Web PubSub Service
-description: Learn how to access a key vault in private network through shared private endpoints.
+titleSuffix: Azure Web PubSub
+description: Learn how to access a key vault in a private network through shared private endpoints.
 author: ArchangelSDY
 ms.service: azure-web-pubsub
 ms.custom: devx-track-azurecli
@@ -45,8 +45,11 @@ Private endpoints of secured resources created through Azure Web PubSub APIs are
    :::image type="content" alt-text="Screenshot of shared private endpoints management." source="media\howto-secure-shared-private-endpoints-key-vault\portal-shared-private-endpoints-management.png" lightbox="media\howto-secure-shared-private-endpoints-key-vault\portal-shared-private-endpoints-management.png" :::
 
 1. For **Name**, enter a name to use for the shared private endpoint.
-1. Enter your key vault resource: Choose **Select from your resources** and then select your resource from the lists, or select **Specify resource ID** and enter your key vault resource ID.
-1. For **Request message**, enter **please approve**.
+1. To select your key vault resource, complete one of the following steps:
+
+   * Choose **Select from your resources** and select your resource from the lists.
+   * Select **Specify resource ID** and enter your key vault resource ID.
+1. For **Request message**, enter **Please approve**.
 1. Select **Add**.
 
    :::image type="content" alt-text="Screenshot of adding a shared private endpoint." source="media\howto-secure-shared-private-endpoints-key-vault\portal-shared-private-endpoints-add.png" :::
@@ -94,7 +97,7 @@ az rest --method get --uri https://management.azure.com/subscriptions/00000000-0
 
 ### Approve the private endpoint connection for the key vault
 
-After the private endpoint connection is created, you need to approve the connection request from Web PubSub in your Key Vault resource.
+After the private endpoint connection is created, the connection request from Web PubSub must be approved in your Key Vault resource.
 
 #### [Azure portal](#tab/azure-portal)
 
@@ -105,8 +108,9 @@ After the private endpoint connection is created, you need to approve the connec
    :::image type="content" alt-text="Screenshot of the Azure portal, showing the Private endpoint connections pane." source="media\howto-secure-shared-private-endpoints-key-vault\portal-key-vault-approve-private-endpoint.png" :::
 
 1. Select the private endpoint that Web PubSub created.
-1. Select **Approve** and then select **Yes** to confirm.
-1. Wait for the private endpoint connection to be approved.
+1. Select **Approve**, and then select **Yes** to confirm.
+
+    It might take a few minutes for the private endpoint connection status to change to **Approved**.
 
    :::image type="content" alt-text="Screenshot of the Azure portal, showing an Approved status on the Private endpoint connections pane." source="media\howto-secure-shared-private-endpoints-key-vault\portal-key-vault-approved-private-endpoint.png" :::
 
 
@@ -1,7 +1,7 @@
 ---
-title: Secure Azure Web PubSub outbound traffic through shared private endpoints
-titleSuffix: Azure Web PubSub Service
-description: Learn how to secure Azure Web PubSub outbound traffic through shared private endpoints.
+title: Secure outbound traffic through shared private endpoints
+titleSuffix: Azure Web PubSub
+description: Learn how to secure Azure Web PubSub outbound traffic by using shared private endpoints.
 author: ArchangelSDY
 ms.service: azure-web-pubsub
 ms.custom: devx-track-azurecli
@@ -10,7 +10,7 @@ ms.date: 08/16/2024
 ms.author: dayshen
 ---
 
-# Secure Azure Web PubSub outbound traffic through shared private endpoints
+# Secure outbound traffic through shared private endpoints
 
 If you're using an [event handler](concept-service-internals.md#event-handler) in Azure Web PubSub, you might have outbound traffic to upstream endpoints to a static web app that you created by using the Web Apps feature of Azure App Service or to a function that you created by using Azure Functions. You can configure Web Apps and Functions to use endpoints that accept connections from a list of virtual networks and refuse outside connections that originate in a public network. You can create an outbound [private endpoint connection](../private-link/private-endpoint-overview.md) in your Web PubSub services to reach these endpoints.
 
@@ -40,32 +40,32 @@ Private endpoints of secured resources that are created by using Azure Web PubSu
 >
 > To use the steps in the following examples, replace these values with your own subscription ID, the name of your Web PubSub resource, and the name of your Azure Functions resource.
 
-## Create a shared private link resource to the function
+## Create a shared private link resource to a function
 
 ### [Azure portal](#tab/azure-portal)
 
 1. In the Azure portal, go to your Azure Web PubSub resource.
 1. On the left menu, select **Networking**.
-1. Select the **Private access** tab.
+1. Select **Private access**.
 1. Select **Add shared private endpoint**.
 
-   :::image type="content" alt-text="Screenshot of shared private endpoints management." source="media\howto-secure-shared-private-endpoints\portal-shared-private-endpoints-management.png" lightbox="media\howto-secure-shared-private-endpoints\portal-shared-private-endpoints-management.png" :::
+   :::image type="content" alt-text="Screenshot that shows managing shared private endpoints." source="media\howto-secure-shared-private-endpoints\portal-shared-private-endpoints-management.png" lightbox="media\howto-secure-shared-private-endpoints\portal-shared-private-endpoints-management.png" :::
 
 1. Enter a name for the shared private endpoint.
 1. To set your target linked sources, either choose **Select from your resources** or enter your resource ID in **Specify resource ID**.
 
     Optionally, you can enter text in **Request message** to send a request to the target resource owner.
 1. Select **Add**.
 
-   :::image type="content" alt-text="Screenshot of adding a shared private endpoint." source="media\howto-secure-shared-private-endpoints\portal-shared-private-endpoints-add.png" :::
+   :::image type="content" alt-text="Screenshot that shows adding a shared private endpoint." source="media\howto-secure-shared-private-endpoints\portal-shared-private-endpoints-add.png" :::
 
-The **Provisioning state** value for the shared private endpoint resource is **Succeeded**. **Connection state** is **Pending** until the endpoint is approved at the target resource.
+The value for **Provisioning state** in the shared private endpoint resource is **Succeeded**. **Connection state** is **Pending** until the endpoint is approved at the target resource.
 
-:::image type="content" alt-text="Screenshot of an added shared private endpoint." source="media\howto-secure-shared-private-endpoints\portal-shared-private-endpoints-added.png" lightbox="media\howto-secure-shared-private-endpoints\portal-shared-private-endpoints-added.png" :::
+:::image type="content" alt-text="Screenshot that shows an added shared private endpoint pending approval." source="media\howto-secure-shared-private-endpoints\portal-shared-private-endpoints-added.png" lightbox="media\howto-secure-shared-private-endpoints\portal-shared-private-endpoints-added.png" :::
 
 ### [Azure CLI](#tab/azure-cli)
 
-Use the following API call with the [Azure CLI](/cli/azure/) to create a shared private link resource. Replace the values in the following example with the values in your scenario.
+Use the following API call with the [Azure CLI](/cli/azure/) to create a shared private link resource. Replace the values in the following example with the values from your scenario.
 
 ```bash:
 
@@ -104,10 +104,10 @@ Wait until the status changes to "Succeeded" before you go to the next step.
 
 ## Approve the private endpoint connection for the function
 
-When the shared private endpoint connection has a **Pending** status, you must approve the connection request at the target resource.
+When the shared private endpoint connection has a **Pending** status, the connection request must be approved at the target resource.
 
 > [!IMPORTANT]
-> After you approve the private endpoint connection, the function is no longer accessible from a public network. You might need to create other private endpoints in your own virtual network to access the function endpoint.
+> After the private endpoint connection is approved, the function is no longer accessible from a public network. You might need to create other private endpoints in your own virtual network to access the function endpoint.
 
 ### [Azure portal](#tab/azure-portal)
 
@@ -194,7 +194,7 @@ When `properties.provisioningState` is `Succeeded` and `properties.status` (conn
 
 At this point, the private endpoint between Azure Web PubSub and Azure Functions is established.
 
-## Verify that upstream calls are from a private IP
+## Verify that upstream calls are from a private IP address
 
 When the private endpoint is set up, you can verify that incoming calls are from a private IP address by checking the `X-Forwarded-For` header for upstream calls.