Merge pull request #300620 from mbender-ms/wb-security-v2

Portfolio Consolidation | Security updates

Author: denrea

articles/ddos-protection/TOC.yml

@@ -10,6 +10,8 @@
     href: ddos-protection-sku-comparison.md
   - name: Price comparison
     href: ddos-pricing-guide.md
+  - name: What is Azure network security?
+    href: /azure/networking/security/network-security.md?toc=/azure/ddos-protection/toc.json
   - name: FAQ
     href: ddos-faq.yml
 - name: Configure
@@ -53,6 +55,22 @@
     href: ../application-gateway/tutorial-protect-application-gateway-ddos.md?toc=/azure/ddos-protection/TOC.json
   - name: Deploy Load Balancer with DDoS Protection
     href: ../load-balancer/tutorial-protect-load-balancer-ddos.md?toc=/azure/ddos-protection/TOC.json
+- name: Secure
+  items:
+  - name: DDoS Protection on Front Door
+    href: ../frontdoor/front-door-ddos.md?toc=/azure/ddos-protection/TOC.json
+  - name: Defend against API Management DDoS attacks
+    href: ../api-management/protect-with-ddos-protection.md?toc=/azure/ddos-protection/TOC.json
+  - name: Inline L7 DDoS protection with Gateway Load Balancer and partner NVAs
+    href: inline-protection-glb.md
+  - name: Manage permissions and restrictions
+    href: manage-permissions.md
+  - name: Onboard partners
+    href: ddos-protection-partner-onboarding.md
+  - name: Security baseline
+    href: /security/benchmark/azure/baselines/azure-ddos-protection-security-baseline?toc=%2fazure%2fddos-protection%2ftoc.json?toc=/azure/ddos-protection/TOC.json
+  - name: Azure Security blog
+    href: https://techcommunity.microsoft.com/category/azure-network-security/blog/azurenetworksecurityblog
 - name: Resiliency
   items:
   - name: Components of a DDoS response strategy
@@ -85,22 +103,6 @@
     href: test-through-simulations.md
   - name: Engage DDoS Rapid Response (DRR)
     href: ddos-rapid-response.md
-- name: Security
-  items:
-  - name: DDoS Protection on Front Door
-    href: ../frontdoor/front-door-ddos.md?toc=/azure/ddos-protection/TOC.json
-  - name: Defend against API Management DDoS attacks
-    href: ../api-management/protect-with-ddos-protection.md?toc=/azure/ddos-protection/TOC.json
-  - name: Inline L7 DDoS protection with Gateway Load Balancer and partner NVAs
-    href: inline-protection-glb.md
-  - name: Manage permissions and restrictions
-    href: manage-permissions.md
-  - name: Onboard partners
-    href: ddos-protection-partner-onboarding.md
-  - name: Security baseline
-    href: /security/benchmark/azure/baselines/azure-ddos-protection-security-baseline?toc=%2fazure%2fddos-protection%2ftoc.json?toc=/azure/ddos-protection/TOC.json
-  - name: Azure Security blog
-    href: https://techcommunity.microsoft.com/category/azure-network-security/blog/azurenetworksecurityblog
 - name: Reference
   items:
   - name: Azure Policy built-ins

articles/ddos-protection/ddos-protection-overview.md

@@ -20,6 +20,9 @@ Azure DDoS Protection, combined with application design best practices, provides
 
 Azure DDoS Protection protects at layer 3 and layer 4 network layers. For web applications protection at layer 7, you need to add protection at the application layer using a WAF offering. For more information, see [Application DDoS protection](../web-application-firewall/shared/application-ddos-protection.md).
 
+> [!NOTE]
+> Azure DDoS Protections is one of the services that make up the Network Security category in Azure. Other services in this category include [Azure Firewall](../firewall/overview.md) and [Azure Web Application Firewall](../web-application-firewall/overview.md). Each service has its own unique features and use cases. For more information on this service category, see [Network Security](../networking/security/network-security.md).
+
 ## Tiers
 
 ### DDoS Network Protection

articles/ddos-protection/index.yml

@@ -107,9 +107,13 @@ landingContent:
     linkLists:
       - linkListType: get-started
         links:
-        - text: Documentation
-          url: https://learn.microsoft.com/en-us/azure/networking/security/
+         - text: What is Azure Network Security?
+           url: /azure/networking/security/network-security
+         - text: Learm more about Azure network security
+           url: /azure/networking/security/
+      - linkListType: overview
+        links:
         - text: Azure Firewall
-          url: /azure/firewall/
-        - text: Azure WAF
-          url: /azure/web-application-firewall/
+          url: /azure/firewall/overview
+        - text: Azure Web Application Firewall
+          url: /azure/web-application-firewall/overview

articles/firewall/index.yml

@@ -10,7 +10,7 @@ metadata:
   ms.topic: landing-page
   author: duongau
   ms.author: duau
-  ms.date: 03/17/2025
+  ms.date: 05/30/2025
   ms.custom: e2e-hybrid
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | whats-new
@@ -157,16 +157,18 @@ landingContent:
 # Card
   - title: Learn about Azure network security
     linkLists:
-      - linkListType: overview
+      - linkListType: get-started
         links:
-         - text: Azure network security
-           url: ../networking/security/index.yml
-      - linkListType: concept
+         - text: What is Azure network security?
+           url: /azure/networking/security/network-security
+         - text: Learm more about Azure network security
+           url: /azure/networking/security/
+      - linkListType: overview
         links:
           - text: Azure DDoS Protection
-            url: ../ddos-protection/index.yml
+            url: /azure/ddos-protection/ddos-protection-overview
           - text: Azure Web Application Firewall
-            url: ../web-application-firewall/index.yml
+            url: /azure/web-application-firewall/overview
 
 # Card
   - title: Reference

articles/firewall/overview.md

@@ -17,6 +17,9 @@ Azure Firewall is a cloud-native, intelligent network firewall security service
 
 Azure Firewall is available in three SKUs: Basic, Standard, and Premium.
 
+> [!NOTE]
+> Azure Firewall is one of the services that make up the Network Security category in Azure. Other services in this category include [Azure DDoS Protection](../ddos-protection/ddos-protection-overview.md) and [Azure Web Application Firewall](../web-application-firewall/overview.md). Each service has its own unique features and use cases. For more information on this service category, see [Network Security](../networking/security/network-security.md).
+
 ## Azure Firewall Basic
 
 Azure Firewall Basic is designed for small and medium-sized businesses (SMBs) to secure their Azure cloud environments. It provides essential protection at an affordable price.

articles/firewall/toc.yml

@@ -7,6 +7,8 @@ items:
     href: overview.md
   - name: Well-Architected review of Azure Firewall
     href: /azure/architecture/framework/services/networking/azure-firewall?toc=/azure/firewall/toc.json&bc=/azure/firewall/breadcrumb/toc.json
+  - name: What is Azure network security?
+    href: /azure/networking/security/network-security.md?toc=/azure/firewall/toc.json&bc=/azure/firewall/breadcrumb/toc.json
   - name: SKU comparison
     href: choose-firewall-sku.md
   - name: Preview features
@@ -166,15 +168,7 @@ items:
     href: sql-fqdn-filtering.md
   - name: SNAT private ranges
     href: snat-private-range.md
-- name: Migration and upgrades
-  items:
-  - name: Migrate to Azure Firewall Premium
-    href: premium-migrate.md
-  - name: Migrate to Premium using Terraform
-    href: /azure/developer/terraform/firewall-upgrade-premium?toc=/azure/firewall/toc.json&bc=/azure/firewall/breadcrumb/toc.json
-  - name: Easy upgrade/downgrade
-    href: easy-upgrade.md
-- name: Security
+- name: Secure
   items:
   - name: Security baseline
     href: /security/benchmark/azure/baselines/firewall-security-baseline?toc=/azure/firewall/toc.json
@@ -196,6 +190,14 @@ items:
       href: detect-malware-with-sentinel.md
   - name: Network security blog
     href: https://techcommunity.microsoft.com/category/azure-network-security/blog/azurenetworksecurityblog
+- name: Migration and upgrades
+  items:
+  - name: Migrate to Azure Firewall Premium
+    href: premium-migrate.md
+  - name: Migrate to Premium using Terraform
+    href: /azure/developer/terraform/firewall-upgrade-premium?toc=/azure/firewall/toc.json&bc=/azure/firewall/breadcrumb/toc.json
+  - name: Easy upgrade/downgrade
+    href: easy-upgrade.md
 - name: Operational excellence
   items:
   - name: Monitoring

articles/networking/load-balancer-content-delivery/index.yml

@@ -11,7 +11,7 @@ metadata:
   author: mbender-ms
   ms.author: mbender
   manager: kumudD
-  ms.date: 05/13/2025
+  ms.date: 05/27/2025
   ms.custom: portfolio-consolidation-2025
 
 highlightedContent:
@@ -29,6 +29,9 @@ highlightedContent:
     - title: What's new in Azure Load Balancer
       itemType: whats-new
       url: /azure/load-balancer/whats-new
+    - title: Choose a load balancing solution in Azure
+      itemType: concept
+      url: /azure/architecture/guide/technology-choices/load-balancing-overview
 
 productDirectory:
   title: Get started

articles/networking/security/network-security.md

@@ -31,7 +31,7 @@ Choosing the right network security solution for your Azure workloads depends on
 
 ## Azure Firewall
 
-[Azure Firewall](../../firewall/index.yml) is a cloud-native, intelligent network firewall service that offers full stateful protection with built-in high availability and unlimited cloud scalability. It provides both network and application-level security for your Azure workloads. As a managed service, Azure Firewall can be deployed in a virtual network and integrates seamlessly with other Azure services like Azure Monitor, Azure Security Center, and Microsoft Sentinel for enhanced security and monitoring.
+[Azure Firewall](../../firewall/overview.md) is a cloud-native, intelligent network firewall service that offers full stateful protection with built-in high availability and unlimited cloud scalability. It provides both network and application-level security for your Azure workloads. As a managed service, Azure Firewall can be deployed in a virtual network and integrates seamlessly with other Azure services like Azure Monitor, Azure Security Center, and Microsoft Sentinel for enhanced security and monitoring.
 
 :::image type="content" source="./media/network-security/firewall.png" alt-text="Diagram showing how Azure Firewall inspects traffic to and from the internet before routing it to its destination.":::
 
@@ -53,7 +53,7 @@ For more information, see [Azure Firewall overview](../../firewall/overview.md).
 
 ## Azure DDoS Protection
 
-[Azure DDoS Protection](../../ddos-protection/index.yml) is a service that provides enhanced DDoS mitigation features to defend against DDoS attacks. It's automatically tuned to help protect your specific Azure resources in a virtual network. Protection is simple to enable on any new or existing virtual network or public IP address resources, and it requires no application or resource changes. 
+[Azure DDoS Protection](../../ddos-protection/ddos-protection-overview.md) is a service that provides enhanced DDoS mitigation features to defend against DDoS attacks. It's automatically tuned to help protect your specific Azure resources in a virtual network. Protection is simple to enable on any new or existing virtual network or public IP address resources, and it requires no application or resource changes. 
 
 - **IP protection**: Azure DDoS IP Protection provides protection for your Azure resources that are assigned a public IP address. It protects against volumetric, protocol, and application layer attacks.
 
@@ -73,7 +73,7 @@ For more information, see [Azure DDoS Protection overview](../../ddos-protection
 
 ## Azure Web Application Firewall
 
-[Azure Web Application Firewall](../../web-application-firewall/index.yml) (WAF) is a web application firewall that provides centralized protection to your web applications from common exploits and vulnerabilities. WAF uses rules to monitor HTTP requests and responses, and it can block or allow traffic based on the rules you define. 
+[Azure Web Application Firewall](../../web-application-firewall/overview.md) (WAF) is a web application firewall that provides centralized protection to your web applications from common exploits and vulnerabilities. WAF uses rules to monitor HTTP requests and responses, and it can block or allow traffic based on the rules you define. 
 
 :::image type="content" source="./media/network-security/web-application-firewall.png" alt-text="Diagram illustrating Azure Web Application Firewall applied to both Azure Application Gateway and Azure Front Door, allowing valid requests and blocking web attacks.":::
 

articles/web-application-firewall/index.yml

@@ -115,16 +115,18 @@ landingContent:
 # Card
   - title: Learn about Azure network security
     linkLists:
-      - linkListType: overview
+      - linkListType: get-started
         links:
-         - text: Azure network security
-           url: ../networking/security/index.yml
-      - linkListType: concept
+         - text: What is Azure network security?
+           url: /azure/networking/security/network-security
+         - text: Learm more about Azure network security
+           url: /azure/networking/security/
+      - linkListType: overview
         links:
           - text: Azure DDoS Protection
-            url: ../ddos-protection/index.yml
+            url: /azure/ddos-protection/ddos-protection-overview
           - text: Azure Firewall
-            url: ../firewall/index.yml
+            url: /azure/firewall/overview
 
 # Card
   - title: Reference

articles/web-application-firewall/overview.md

@@ -21,6 +21,9 @@ Preventing such attacks in application code is challenging. It can require rigor
 
 A WAF solution can  react to a security threat faster by centrally patching a known vulnerability, instead of securing each individual web application.
 
+> [!NOTE]
+> Azure Web Application Firewall is one of the services that make up the Network Security category in Azure. Other services in this category include [Azure DDoS Protection](../ddos-protection/ddos-protection-overview.md) and [Azure Firewall](../firewall/overview.md). Each service has its own unique features and use cases. For more information on this service category, see [Network Security](../networking/security/network-security.md).
+
 ## Supported service
 
 WAF can be deployed with Azure Application Gateway,  Azure Front Door, and Azure Content Delivery Network (CDN) service from Microsoft. WAF on Azure CDN is currently under public preview. WAF has features that are customized for each specific service. For more information about WAF features for each service, see the overview for each service.