Merge pull request #226122 from baanders/2-2-doc-day

prmerger-automator[bot] · web-flow · commit d7f96a981edc · 2023-02-02T20:32:16.000Z
ADT: Doc day updates
diff --git a/articles/digital-twins/concepts-security.md b/articles/digital-twins/concepts-security.md
@@ -5,7 +5,7 @@ titleSuffix: Azure Digital Twins
 description: Learn about Azure Digital Twins security best practices.
 author: baanders
 ms.author: baanders # Microsoft employees only
-ms.date: 01/26/2022
+ms.date: 02/02/2023
 ms.topic: conceptual
 ms.service: digital-twins
 
@@ -101,15 +101,18 @@ For instructions on how to enable a managed identity for Azure Digital Twins and
 
 [Azure Private Link](../private-link/private-link-overview.md) is a service that enables you to access Azure resources (like [Azure Event Hubs](../event-hubs/event-hubs-about.md), [Azure Storage](../storage/common/storage-introduction.md), and [Azure Cosmos DB](../cosmos-db/introduction.md)) and Azure-hosted customer and partner services over a private endpoint in your [Azure Virtual Network (VNet)](../virtual-network/virtual-networks-overview.md). 
 
-Similarly, you can use private endpoints for your Azure Digital Twins instance to allow clients located in your virtual network to securely access the instance over Private Link. Configuring a private endpoint for your Azure Digital Twins instance enables you to secure your Azure Digital Twins instance and eliminate public exposure. Additionally, it helps avoid data exfiltration from your [Azure Virtual Network (VNet)](../virtual-network/virtual-networks-overview.md).
+Similarly, you can use private access endpoints for your Azure Digital Twins instance to allow clients located in your virtual network to have secure REST API access to the instance over Private Link. Configuring a private access endpoint for your Azure Digital Twins instance enables you to secure your Azure Digital Twins instance and eliminate public exposure. Additionally, it helps avoid data exfiltration from your [Azure Virtual Network (VNet)](../virtual-network/virtual-networks-overview.md).
 
-The private endpoint uses an IP address from your Azure VNet address space. Network traffic between a client on your private network and the Azure Digital Twins instance traverses over the VNet and a Private Link on the Microsoft backbone network, eliminating exposure to the public internet. Here's a visual representation of this system:
+The private access endpoint uses an IP address from your Azure VNet address space. Network traffic between a client on your private network and the Azure Digital Twins instance traverses over the VNet and a Private Link on the Microsoft backbone network, eliminating exposure to the public internet. Here's a visual representation of this system:
 
 :::image type="content" source="media/concepts-security/private-link.png" alt-text="Diagram showing a network that is a protected VNET with no public cloud access, connecting through Private Link to an Azure Digital Twins instance.":::
 
-Configuring a private endpoint for your Azure Digital Twins instance enables you to secure your Azure Digital Twins instance and eliminate public exposure, as well as avoid data exfiltration from your VNet.
+Configuring a private access endpoint for your Azure Digital Twins instance enables you to secure your Azure Digital Twins instance and eliminate public exposure, as well as avoid data exfiltration from your VNet.
 
-For instructions on how to set up Private Link for Azure Digital Twins, see [Enable private access with Private Link](./how-to-enable-private-link.md).
+For instructions on how to set up Private Link for Azure Digital Twins, see [Enable private access with Private Link](how-to-enable-private-link.md).
+
+>[!NOTE]
+> Private network access with Azure Private Link applies to accessing Azure Digital Twins through its rest APIs. This feature does not apply to egress scenarios using Azure Digital Twins's [event routing](concepts-route-events.md) feature.
 
 ### Design considerations 
 
diff --git a/articles/digital-twins/how-to-enable-private-link.md b/articles/digital-twins/how-to-enable-private-link.md
@@ -181,7 +181,7 @@ For more information and examples, see the [az dt network private-link reference
 
 ## Disable / enable public network access flags
 
-You can configure your Azure Digital Twins instance to deny all public connections and allow only connections through private endpoints to enhance the network security. This action is done with a *public network access flag*. 
+You can configure your Azure Digital Twins instance to deny all public connections and allow only connections through private access endpoints to enhance the network security. This action is done with a *public network access flag*. 
 
 This policy allows you to restrict API access to Private Link connections only. When the public network access flag is set to `disabled`, all REST API calls to the Azure Digital Twins instance data plane from the public cloud will return `403, Unauthorized`. Otherwise, when the policy is set to `disabled` and a request is made through a private endpoint, the API call will succeed.
 
diff --git a/articles/digital-twins/how-to-use-postman-with-digital-twins.md b/articles/digital-twins/how-to-use-postman-with-digital-twins.md
@@ -117,7 +117,7 @@ Next, continue on to the next section to add a bearer token to the collection fo
 
 ### Configure authorization
 
-Next, edit the collection you've created to configure some access details. Highlight the collection you've created and select the **View more actions** icon to pull up a menu. Select **Edit**.
+Next, edit the collection you've created to configure some access details. Highlight the collection you've created and select the **View more actions** icon to display action options. Select **Edit**.
 
 :::image type="content" source="media/how-to-use-postman-with-digital-twins/postman-edit-collection.png" alt-text="Screenshot of Postman. The 'View more actions' icon for the imported collection is highlighted, and 'Edit' is highlighted in the options." lightbox="media/how-to-use-postman-with-digital-twins/postman-edit-collection.png":::
 
@@ -127,12 +127,12 @@ Follow these steps to add a bearer token to the collection for authorization. Us
 
     :::image type="content" source="media/how-to-use-postman-with-digital-twins/postman-authorization-imported.png" alt-text="Screenshot of the imported collection's edit dialog in Postman, showing the 'Authorization' tab." lightbox="media/how-to-use-postman-with-digital-twins/postman-authorization-imported.png":::
 
-1. Set the Type to **OAuth 2.0**, paste your access token into the Access Token box, and select **Save**.
+1. Set the Type to **OAuth 2.0** and paste your access token into the Access Token box. You must use the correct token for the type of API you're using, as there are different tokens for data plane APIs versus control plane APIs. Select **Save**.
 
     :::image type="content" source="media/how-to-use-postman-with-digital-twins/postman-paste-token-imported.png" alt-text="Screenshot of Postman edit dialog for the imported collection, on the 'Authorization' tab. Type is 'OAuth 2.0', and Access Token box is highlighted." lightbox="media/how-to-use-postman-with-digital-twins/postman-paste-token-imported.png":::
 
     > [!TIP]
-    > You must use the correct token for the type of API you're using. There is one access token for data plane APIS and another for control plane APIs.
+    > You can choose to turn on token sharing if you want to store the token with the request on Postman cloud, and potentially share your token with others.
 
 ### Other configuration
 
