change paragraph to a note and change wording

jimmart-dev · jimmart-dev · commit d9854f0651e5 · 2022-12-30T08:25:46.000-05:00
diff --git a/articles/storage/common/transport-layer-security-configure-minimum-version.md b/articles/storage/common/transport-layer-security-configure-minimum-version.md
@@ -7,7 +7,7 @@ author: jimmart-dev
 
 ms.service: storage
 ms.topic: how-to
-ms.date: 12/29/2022
+ms.date: 12/30/2022
 ms.author: jammart
 ms.reviewer: fryu
 ms.subservice: common 
@@ -23,12 +23,13 @@ Azure Storage currently supports three versions of the TLS protocol: 1.0, 1.1, a
 
 Azure Storage accounts permit clients to send and receive data with the oldest version of TLS, TLS 1.0, and above. To enforce stricter security measures, you can configure your storage account to require that clients send and receive data with a newer version of TLS. If a storage account requires a minimum version of TLS, then any requests made with an older version will fail.
 
-The cipher suite used when connecting to a storage account is dependent on the TLS version used. It is not possible to configure a storage account to block the use of specific ciphers, other than by requiring a minimum TLS version. If you require the ability to block specific cipher suites, consider [Configuring TLS policy versions and cipher suites on Application Gateway](../../application-gateway/application-gateway-configure-ssl-policy-powershell.md).
-
 This article describes how to use a DRAG (Detection-Remediation-Audit-Governance) framework to continuously manage secure TLS for your storage accounts.
 
 For information about how to specify a particular version of TLS when sending a request from a client application, see [Configure Transport Layer Security (TLS) for a client application](transport-layer-security-configure-client-version.md).
 
+> [!NOTE]
+> The cipher suite used when clients send data to and receive data from a storage account is dependent on the TLS version used. It is not possible to configure a storage account to block the use of specific ciphers, other than by requiring a minimum TLS version. If you require the ability to allow only specific cipher suites when connecting to your storage account, consider using Azure Application Gateway. For more information about using Application Gateway for this purpose, see [Configure TLS policy versions and cipher suites on Azure Application Gateway](../../application-gateway/application-gateway-configure-ssl-policy-powershell.md).
+
 ## Detect the TLS version used by client applications
 
 When you enforce a minimum TLS version for your storage account, you risk rejecting requests from clients that are sending data with an older version of TLS. To understand how configuring the minimum TLS version may affect client applications, Microsoft recommends that you enable logging for your Azure Storage account and analyze the logs after an interval of time to detect what versions of TLS client applications are using.
