Merge pull request #213595 from kaistrubel/accesscontrolissues

Accesscontrolissues

Author: Stacyrch140

articles/key-vault/general/assign-access-policy.md

@@ -26,27 +26,27 @@ A Key Vault access policy determines whether a given security principal, namely
 
 1.	In the [Azure portal](https://portal.azure.com), navigate to the Key Vault resource. 
 
-1.	Under **Settings**, select **Access policies**, then select **Add Access Policy**:
+1.	Select **Access policies**, then select **Create**:
 
-	![Select Access policies, selecting Add role assignment](../media/authentication/assign-policy-portal-01.png)
+	![Select Access policies, selecting Add role assignment](../media/authentication/assign-access-01.png)
 
-1.	Select the permissions you want under **Certificate permissions**, **Key permissions**, and **Secret permissions**. You can also select a template that contains common permission combinations:
+1.	Select the permissions you want under **Key permissions**, **Secret permissions**, and **Certificate permissions**. 
 
-	![Specifying access policy permissions](../media/authentication/assign-policy-portal-02.png)
+	![Specifying access policy permissions](../media/authentication/assign-access-02.png)
 
-1. Under **Select principal**, choose the **None selected** link to open the **Principal** selection pane. Enter the name of the user, app or service principal in the search field, select the appropriate result, then choose **Select**.
+1. Under the **Principal** selection pane, enter the name of the user, app or service principal in the search field and select the appropriate result.
 
-	![Selecting the security principal for the access policy](../media/authentication/assign-policy-portal-03.png)
+	![Selecting the security principal for the access policy](../media/authentication/assign-access-03.png)
 
     If you're using a managed identity for the app, search for and select the name of the app itself. (For more information on security principals, see [Key Vault authentication](authentication.md).
 
-1.	Back in the **Add access policy** pane, select **Add** to save the access policy.
+1.	Review the access policy changes and select **Create** to save the access policy.
 
-	![Adding the access policy with the security principal assigned](../media/authentication/assign-policy-portal-04.png)
+	![Adding the access policy with the security principal assigned](../media/authentication/assign-access-04.png)
 
-1. Back on the **Access policies** page, verify that your access policy is listed under **Current Access Policies**, then select **Save**. Access policies aren't applied until you save them.
+1. Back on the **Access policies** page, verify that your access policy is listed. 
 
-	![Saving the access policy changes](../media/authentication/assign-policy-portal-05.png)
+	![Saving the access policy changes](../media/authentication/assign-access-05.png)
 
 # [Azure CLI](#tab/azure-cli)
 

articles/key-vault/general/network-security.md

@@ -70,6 +70,10 @@ To understand how to configure a private link connection on your key vault, plea
 > * IP network rules are only allowed for public IP addresses. IP address ranges reserved for private networks (as defined in RFC 1918) are not allowed in IP rules. Private networks include addresses that start with **10.**, **172.16-31**, and **192.168.**. 
 > * Only IPv4 addresses are supported at this time.
 
+### Public Access Disabled (Private Endpoint Only)
+
+To enhance network security, you can configure your vault to disable public access.  This will deny all public configurations and allow only connections through private endpoints.
+
 ## References
 * ARM Template Reference: [Azure Key Vault ARM Template Reference](/azure/templates/Microsoft.KeyVault/vaults)
 * Azure CLI commands: [az keyvault network-rule](/cli/azure/keyvault/network-rule)