Lots of updates

Author: mbender-ms

articles/private-link/create-network-security-perimeter-cli.md

@@ -5,7 +5,7 @@ author: mbender-ms
 ms.author: mbender
 ms.service: azure-private-link
 ms.topic: quickstart
-ms.date: 11/04/2024
+ms.date: 11/06/2024
 #CustomerIntent: As a network administrator, I want to create a network security perimeter for an Azure resource using Azure CLI, so that I can control the network traffic to and from the resource.
 ---
 
@@ -46,7 +46,7 @@ To get started, connect to [Azure Cloud Shell](https://shell.azure.com) or use y
 
     ```azurecli-interactive
     # List all subscriptions
-    az account set --subscription "Azure Subscription"
+    az account set --subscription <Azure Subscription>
 
     # Re-register the Microsoft.Network resource provider
     az provider register --namespace Microsoft.Network    
@@ -55,23 +55,22 @@ To get started, connect to [Azure Cloud Shell](https://shell.azure.com) or use y
 ## Create a resource group and key vault
 
 Before you can create a network security perimeter, you have to create a resource group and a key vault resource.  
-This example creates a resource group named **test-rg** in the WestCentralUS location and a key vault named **key-vault-YYYYDDMM** in the resource group with the following commands:
+This example creates a resource group named **resource-group** in the WestCentralUS location and a key vault named **key-vault-YYYYDDMM** in the resource group with the following commands:
 
 ```azurecli-interactive
 az group create \
-    --name test-rg \
+    --name resource-group \
     --location westcentralus
 
 # Create a key vault using a datetime value to ensure a unique name
 
 key_vault_name="key-vault-$(date +%s)"
 az keyvault create \
     --name $key_vault_name \
-    --resource-group test-rg \
+    --resource-group resource-group \
     --location westcentralus \
     --query 'id' \
     --output tsv
-
 ```
 
 ## Create a network security perimeter
@@ -84,7 +83,7 @@ In this step, create a network security perimeter with the `az network perimeter
 ```azurecli-interactive
 az network perimeter create\
     --name network-security-perimeter \
-    --resource-group test-rg \
+    --resource-group resource-group \
     -l westcentralus
 ```
 
@@ -101,7 +100,7 @@ In this step, you create a new profile and associate the PaaS resource, the Azur
     # Create a new profile
     az network perimeter profile create \
         --name network-perimeter-profile \
-        --resource-group test-rg \
+        --resource-group resource-group \
         --perimeter-name network-security-perimeter
 
     ```
@@ -112,21 +111,21 @@ In this step, you create a new profile and associate the PaaS resource, the Azur
     # Get key vault id
     az keyvault show \
         --name $key_vault_name \
-        --resource-group test-rg \
+        --resource-group resource-group \
         --query 'id'
         
     # Get the profile id
     az network perimeter profile show \
         --name network-perimeter-profile \
-        --resource-group test-rg \
+        --resource-group resource-group \
         --perimeter-name network-security-perimeter
     
     # Associate the Azure Key Vault with the network security perimeter profile
     # Replace <PaaSArmId> and <networkSecurityPerimeterProfileId> with the ID values for your key vault and profile
     az network perimeter association create \
         --name network-perimeter-association \
         --perimeter-name network-security-perimeter \
-        --resource-group test-rg \
+        --resource-group resource-group \
         --access-mode Learning  \
         --private-link-resource "{id:<PaaSArmId>}" \
         --profile "{id:<networkSecurityPerimeterProfileId>}"
@@ -139,15 +138,15 @@ In this step, you create a new profile and associate the PaaS resource, the Azur
     az network perimeter association create \
         --name network-perimeter-association \
         --perimeter-name network-security-perimeter \
-        --resource-group test-rg \
+        --resource-group resource-group \
         --access-mode Enforced  \
         --private-link-resource "{id:<PaaSArmId>}" \
         --profile "{id:<networkSecurityPerimeterProfileId>}"
     ```
+    
+## Manage network security perimeter access rules
 
-## Create and update network security perimeter access rules
-
-In this step, you create and update network security perimeter access rules with public IP address prefixes using the `az network perimeter profile access-rule create` command.
+In this step, you create, update, and delete a network security perimeter access rules with public IP address prefixes using the `az network perimeter profile access-rule` command.
 
 1. Create an inbound access rule with a public IP address prefix for the profile created with the following command:
 
@@ -158,7 +157,7 @@ In this step, you create and update network security perimeter access rules with
         --name access-rule \
         --profile-name network-perimeter-profile \
         --perimeter-name network-security-perimeter \
-        --resource-group test-rg \
+        --resource-group resource-group \
         --address-prefixes "[192.0.2.0/24]"
 
     ```
@@ -172,11 +171,21 @@ In this step, you create and update network security perimeter access rules with
         --name access-rule \
         --profile-name network-perimeter-profile \
         --perimeter-name network-security-perimeter \
-        --resource-group test-rg \
+        --resource-group resource-group \
         --address-prefixes "['198.51.100.0/24', '192.0.2.0/24']"
 
     ```
 
+1. If you need to delete an access rule, use the following command:
+
+    ```azurepowershell-interactive
+    # Delete the access rule
+    az network perimeter profile access-rule delete \
+        --Name network-perimeter-association \
+        --profile-name network-perimeter-profile \
+        --perimeter-name network-security-perimeter \
+        --resource-group resource-group
+
 [!INCLUDE [network-security-perimeter-note-managed-id](../../includes/network-security-perimeter-note-managed-id.md)]
 
 ## Delete all resources
@@ -188,22 +197,22 @@ To delete a network security perimeter and other resources in this quickstart, u
     # Delete the network security perimeter association
     az network perimeter association delete \
         --name network-perimeter-association \
-        --resource-group test-rg \
+        --resource-group resource-group \
         --perimeter-name network-security-perimeter
 
     # Delete the network security perimeter
     az network perimeter delete \
-        --resource-group test-rg \
+        --resource-group resource-group \
         --name network-security-perimeter --yes
     
     # Delete the key vault
     az keyvault delete \
         --name $key_vault_name \
-        --resource-group test-rg
+        --resource-group resource-group
     
     # Delete the resource group
     az group delete \
-        --name test-rg \
+        --name resource-group \
         --yes \
         --no-wait
 

articles/private-link/create-network-security-perimeter-portal.md

@@ -98,7 +98,7 @@ When you no longer need a network security perimeter, you remove any resources a
 
 1. From your network security perimeter, select **Associated resources** under **Settings**.
 2. Select **key-vault-YYYYDDMM** from the list of associated resources.
-3. From the action bar,select **Settings ** and then select **Remove** in the .
+3. From the action bar,select **Settings ** and then select **Remove** in the confirmation window.
 4. Navigate back to the **Overview** page of your network security perimeter.
 5. Select **Delete** and confirm the deletion by entering **network-security-perimeter** in the text box for the name of the resource.
 6. Browse to the **resource-group** and select **Delete** to remove the resource group and all resources within it.

articles/private-link/create-network-security-perimeter-powershell.md

@@ -5,13 +5,13 @@ author: mbender-ms
 ms.author: mbender
 ms.service: azure-private-link
 ms.topic: quickstart
-ms.date: 11/04/2024
+ms.date: 11/06/2024
 #CustomerIntent: As a network administrator, I want to create a network security perimeter for an Azure resource using Azure PowerShell, so that I can control the network traffic to and from the resource.
 ---
 
 # Quickstart: Create a network security perimeter - Azure PowerShell
 
-Get started with network security perimeter by creating a network security perimeter for an Azure key vault using Azure PowerShell. A [network security perimeter](network-security-perimeter-concepts.md) allows [Azure Platform as a Service (PaaS)](./network-security-perimeter-concepts.md#onboarded-private-link-resources) resources to communicate within an explicit trusted boundary. Next, You create and update a PaaS resource's association in a network security perimeter profile. Then you create and update network security perimeter access rules. When you're finished, you delete all resources created in this quickstart.
+Get started with network security perimeter by creating a network security perimeter for an Azure key vault using Azure PowerShell. A [network security perimeter](network-security-perimeter-concepts.md) allows [Azure Platform as a Service (PaaS)](./network-security-perimeter-concepts.md#onboarded-private-link-resources) resources to communicate within an explicit trusted boundary. You create and update a PaaS resource's association in a network security perimeter profile. Then you create and update network security perimeter access rules. When you're finished, you delete all resources created in this quickstart.
 
 [!INCLUDE [network-security-perimeter-preview-message](../../includes/network-security-perimeter-preview-message.md)]
 
@@ -24,22 +24,42 @@ Get started with network security perimeter by creating a network security perim
 - The latest version of the Azure PowerShell module with tools for network security perimeter.
 
     ```azurepowershell
+    # Install the Az.Tools.Installer module    
     Install-Module -Name Az.Tools.Installer -Repository PSGallery
     ```
 
 - Use `Az.Tools.Installer` to install the preview build of the `Az.Network`:
 
     ```azurepowershell-interactive
+    # Install the preview build of the Az.Network module
     Install-Module -Name Az.Tools.Installer -Repository PSGallery -allowprerelease -force
+
+    # List the current versions of the Az.Network module available in the PowerShell Gallery
+    Find-Module -Name Az.Network -Allversions -AllowPrerelease
+
+    # Install the preview build of the Az.Network module using the 
+
     Install-AzModule -Name Az.Network -AllowPrerelease -Force
-    Install-AzModule -Path https://azposhpreview.blob.core.windows.net/public/Az.Network.5.6.1-preview.nupkg
+    Install-AzModule -Path <previewVersionNumber>
     ```
-* If you choose to use Azure PowerShell locally:
-  * [Install the latest version of the Az PowerShell module](/powershell/azure/install-azure-powershell).
-  * Connect to your Azure account using the
+    > [!NOTE]
+    > The preview version of the Az.Network module is required to use network security perimeter capabilities. The latest version of the Az.Network module is available in the PowerShell Gallery. Look for the newest version that ends in `-preview`.
+
+- If you choose to use Azure PowerShell locally:
+  - [Install the latest version of the Az PowerShell module](/powershell/azure/install-azure-powershell).
+  - Connect to your Azure account using the
     [Connect-AzAccount](/powershell/module/az.accounts/connect-azaccount) cmdlet.
-* If you choose to use Azure Cloud Shell:
-  * For more information on Azure Cloud Shell, see [Overview of Azure Cloud Shell](/azure/cloud-shell/overview).
+- If you choose to use Azure Cloud Shell:
+  - For more information on Azure Cloud Shell, see [Overview of Azure Cloud Shell](/azure/cloud-shell/overview).
+- To get help with the PowerShell cmdlets, use the `Get-Help` command:
+    ```azurepowershell-interactive
+    
+    # Get help for a specific command
+    get-help -Name <powershell-command> - full
+
+    # Example
+    get-help -Name New-AzNetworkSecurityPerimeter - full
+    ```
 
 ## Sign in to your Azure account and select your subscription
 
@@ -155,9 +175,9 @@ In this step, you create a new profile and associate the PaaS resource, the Azur
         Update-AzNetworkSecurityPerimeterAssociation @updateAssociation | format-list
     ```     
 
-## Create and update network security perimeter access rules
+## Manage network security perimeter access rules
 
-In this step, you create and update network security perimeter access rules with public IP address prefixes.
+In this step, you create, update and delete network security perimeter access rules with public IP address prefixes.
 
 ```azurepowershell-interactive
     # Create an inbound access rule for a public IP address prefix
@@ -185,9 +205,9 @@ In this step, you create and update network security perimeter access rules with
 
 [!INCLUDE [network-security-pe~rimeter-note-managed-id](../../includes/network-security-perimeter-note-managed-id.md)]
 
-## Delete a network security perimeter 
+## Delete all resources 
 
-To delete a network security perimeter, use the following commands:
+When you no longer need the network security perimeter, remove all resources associated with the network security perimeter, remove the perimeter, and then remove the resource group.
 
 ```azurepowershell-interactive
 

articles/private-link/network-security-perimeter-concepts.md

@@ -51,20 +51,20 @@ When creating a network security perimeter, you can specify the following proper
 | **Property** | **Description** |
 |------------------|-------------|
 | **Name** | A unique name within the resource group. |
-| **Location** | Supported regions. |
+| **Location** | A supported Azure region where the resource is located. |
 | **Resource group name** | Name of the resource group where the network security perimeter should be present. |
 
 ## Access modes in network security perimeter
 
-Administrators add PaaS resources to a perimeter by creating resource associations. These associations offer different access modes for PaaS resources. The access modes are:
+Administrators add PaaS resources to a perimeter by creating resource associations. These associations can be made in two access modes. The access modes are:
 
 | **Mode** | **Description** |
 |----------------|--------|
 | **Learning mode**  | - Default access mode.</br>- Helps network administrators to understand the existing access patterns of their PaaS resources.</br>- Advised mode of use before transitioning to enforced mode.|
 | **Enforced mode**  | - Must be set by the administrator.</br>- By default, all traffic except intra perimeter traffic is denied in this mode unless an *Allow* access rule exists. |
 
 
-Learn more on transitioning from learning mode to enforced mode in [transitioning to a network security perimeter](network-security-perimeter-transition.md) article.
+Learn more on transitioning from learning mode to enforced mode in [Transitioning to a network security perimeter](network-security-perimeter-transition.md) article.
 
 ## Why use Network Security Perimeter?
 
@@ -86,7 +86,6 @@ Access rules can be used to approve public inbound and outbound traffic outside
 
 For example, when creating a network security perimeter and associating a set of PaaS resources, like Azure Key Vault and SQL DB, with the perimeter, all incoming and outgoing public traffic is denied to these PaaS resources by default. To allow any access outside the perimeter, necessary access rules can be created. Within the same perimeter, profiles can also be created to group PaaS resources with similar set of inbound and outbound access requirements.
 
-
 ## Onboarded private link resources
 A network security perimeter-aware private link resource is a PaaS resource that can be associated with a network security perimeter. Currently the list of onboarded private link resources are as follows: