Acrolinx, freshness, security, and format updates

Author: whhender

articles/synapse-analytics/security/media/synpase-workspace-ip-firewall/azure-synapse-analytics-networking-managed-virtual-network-outbound-traffic.png

@@ -5,7 +5,7 @@ author: ashinMSFT
 ms.service: azure-synapse-analytics
 ms.topic: overview
 ms.subservice: security
-ms.date: 08/16/2021
+ms.date: 01/22/2025
 ms.author: seshin
 ms.reviewer: wiassaf
 ---
@@ -18,25 +18,25 @@ This article will explain Managed Virtual Network in Azure Synapse Analytics.
 
 When you create your Azure Synapse workspace, you can choose to associate it to a Microsoft Azure Virtual Network. The Virtual Network associated with your workspace is managed by Azure Synapse. This Virtual Network is called a *Managed workspace Virtual Network*.
 
-Managed workspace Virtual Network provides you value in four ways:
+Managed workspace Virtual Network provides you with value in four ways:
 
 - With a Managed workspace Virtual Network you can offload the burden of managing the Virtual Network to Azure Synapse.
 - You don't have to configure inbound NSG rules on your own Virtual Networks to allow Azure Synapse management traffic to enter your Virtual Network. Misconfiguration of these NSG rules causes service disruption for customers.
 - You don't need to create a subnet for your Spark clusters based on peak load.
 - Managed workspace Virtual Network along with Managed private endpoints protects against data exfiltration. You can only create Managed private endpoints in a workspace that has a Managed workspace Virtual Network associated with it.
 
-Creating a workspace with a Managed workspace Virtual Network associated with it ensures that your workspace is network isolated from other workspaces. Azure Synapse provides various analytic capabilities in a workspace: Data integration,serverless Apache Spark pool, dedicated SQL pool, and serverless SQL pool.
+Creating a workspace with a Managed workspace Virtual Network associated with it ensures that your workspace is network isolated from other workspaces. Azure Synapse provides various analytic capabilities in a workspace: Data integration, serverless Apache Spark pool, dedicated SQL pool, and serverless SQL pool.
 
 If your workspace has a Managed workspace Virtual Network, Data integration and Spark resources are deployed in it. A Managed workspace Virtual Network also provides user-level isolation for Spark activities because each Spark cluster is in its own subnet.
 
-Dedicated SQL pool and serverless SQL pool are multi-tenant capabilities and therefore reside outside of the Managed workspace Virtual Network. Intra-workspace communication to dedicated SQL pool and serverless SQL pool use Azure private links. These private links are automatically created for you when you create a workspace with a Managed workspace Virtual Network associated to it.
+Dedicated SQL pool and serverless SQL pool are multitenant capabilities and therefore reside outside of the Managed workspace Virtual Network. Intra-workspace communication to dedicated SQL pool and serverless SQL pool use Azure private links. These private links are automatically created for you when you create a workspace with a Managed workspace Virtual Network associated to it.
 
 >[!IMPORTANT]
->You cannot change this workspace configuration after the workspace is created. For example, you cannot reconfigure a workspace that does not have a Managed workspace Virtual Network associated with it and associate a Virtual Network to it. Similarly, you cannot reconfigure a workspace with a Managed workspace Virtual Network associated to it and disassociate the Virtual Network from it.
+>You can't change this workspace configuration after the workspace is created. For example, you can't reconfigure a workspace that doesn't have a Managed workspace Virtual Network associated with it and associate a Virtual Network to it. Similarly, you can't reconfigure a workspace with a Managed workspace Virtual Network associated to it and disassociate the Virtual Network from it.
 
 ## Create an Azure Synapse workspace with a Managed workspace Virtual Network
 
-If you have not already done so, register the Network resource provider. Registering a resource provider configures your subscription to work with the resource provider. Choose *Microsoft.Network* from the list of resource providers when you [register](../../azure-resource-manager/management/resource-providers-and-types.md).
+If you haven't already done so, register the Network resource provider. Registering a resource provider configures your subscription to work with the resource provider. Choose *Microsoft.Network* from the list of resource providers when you [register](../../azure-resource-manager/management/resource-providers-and-types.md#azure-portal).
 
 To create an Azure Synapse workspace that has a Managed workspace Virtual Network associated with it, select the **Networking** tab in Azure portal and check the **Enable managed virtual network** checkbox.
 
@@ -47,26 +47,22 @@ If you leave the checkbox unchecked, then your workspace won't have a Virtual Ne
 
 :::image type="content" source="./media/synpase-workspace-ip-firewall/azure-synapse-analytics-networking-managed-virtual-network-outbound-traffic.png" lightbox="./media/synpase-workspace-ip-firewall/azure-synapse-analytics-networking-managed-virtual-network-outbound-traffic.png" alt-text="Screenshot of the Create Synapse workspace networking page, with the Managed virtual network option Enabled and the Allow outbound data traffic only to approved targets option to Yes.":::
 
-After you choose to associate a Managed workspace Virtual Network with your workspace, you can protect against data exfiltration by allowing outbound connectivity from the Managed workspace Virtual Network only to approved targets using [Managed private endpoints](./synapse-workspace-managed-private-endpoints.md). Select **Yes** to limit outbound traffic from the Managed workspace Virtual Network to targets through Managed private endpoints. 
-
-
+After you choose to associate a Managed workspace Virtual Network with your workspace, you can protect against data exfiltration by allowing outbound connectivity from the Managed workspace Virtual Network only to approved targets using [Managed private endpoints](./synapse-workspace-managed-private-endpoints.md). Select **Yes** to limit outbound traffic from the Managed workspace Virtual Network to targets through Managed private endpoints.
 
 :::image type="content" source="./media/synpase-workspace-ip-firewall/azure-synapse-workspace-managed-virtual-network-allow-outbound-traffic.png" lightbox="./media/synpase-workspace-ip-firewall/azure-synapse-workspace-managed-virtual-network-allow-outbound-traffic.png" alt-text="Screenshot of the Managed virtual network page, with the Allow outbound data traffic only to approved targets option to Yes.":::
 
 Select **No** to allow outbound traffic from the workspace to any target.
 
-You can also control the targets to which Managed private endpoints are created from your Azure Synapse workspace. By default, Managed private endpoints to resources in the same AAD tenant that your subscription belongs to are allowed. If you want to create a Managed private endpoint to a resource in an AAD tenant that is different from the one that your subscription belongs to, then you can add that AAD tenant by selecting **+ Add**. You can either select the AAD tenant from the dropdown or manually enter the AAD tenant ID.
+You can also control the targets to which Managed private endpoints are created from your Azure Synapse workspace. By default, Managed private endpoints to resources in the same Microsoft Entra ID tenant that your subscription belongs to are allowed. If you want to create a Managed private endpoint to a resource in a Microsoft Entra ID tenant that is different from the one that your subscription belongs to, then you can add that Microsoft Entra ID tenant by selecting **+ Add**. You can either select the Microsoft Entra ID tenant from the dropdown or manually enter the Microsoft Entra ID tenant ID.
 
-:::image type="content" source="./media/synpase-workspace-ip-firewall/azure-synapse-workspace-managed-virtual-network-private-endpoints-azure-ad.png" lightbox="./media/synpase-workspace-ip-firewall/azure-synapse-workspace-managed-virtual-network-private-endpoints-azure-ad.png" alt-text="Screenshot of the Managed virtual network page, with the Add button for Azure Tenant Tenants highlighted.":::
+:::image type="content" source="./media/synpase-workspace-ip-firewall/azure-synapse-workspace-managed-virtual-network-private-endpoints-azure-ad.png" lightbox="./media/synpase-workspace-ip-firewall/azure-synapse-workspace-managed-virtual-network-private-endpoints-azure-ad.png" alt-text="Screenshot of the Managed virtual network page, with the Add button for Azure Tenants highlighted.":::
 
 After the workspace is created, you can check whether your Azure Synapse workspace is associated to a Managed workspace Virtual Network by selecting **Overview** from Azure portal.
 
 :::image type="content" source="./media/synpase-workspace-ip-firewall/azure-synapse-analytics-overview-managed-virtual-network-enabled.png" lightbox="./media/synpase-workspace-ip-firewall/azure-synapse-analytics-overview-managed-virtual-network-enabled.png" alt-text="Screenshot of the Azure Synapse workspace overview page indicating that a managed virtual network is enabled.":::
 
-## Next steps
-
-Create an [Azure Synapse Workspace](../quickstart-create-workspace.md)
-
-Learn more about [Managed private endpoints](./synapse-workspace-managed-private-endpoints.md)
+## Related content
 
-[Create Managed private endpoints to your data sources](./how-to-create-managed-private-endpoints.md)
+- Create an [Azure Synapse Workspace](../quickstart-create-workspace.md)
+- Learn more about [Managed private endpoints](./synapse-workspace-managed-private-endpoints.md)
+- [Create Managed private endpoints to your data sources](./how-to-create-managed-private-endpoints.md)

articles/synapse-analytics/security/synapse-workspace-managed-vnet.md

@@ -3,10 +3,10 @@ title: Dedicated SQL pool (formerly SQL DW) architecture
 description: Learn how Dedicated SQL pool (formerly SQL DW) in Azure Synapse Analytics combines distributed query processing capabilities with Azure Storage to achieve high performance and scalability.
 author: WilliamDAssafMSFT
 ms.author: wiassaf
-ms.date: 07/20/2022
+ms.date: 01/22/2025
 ms.service: azure-synapse-analytics
 ms.subservice: sql-dw
-ms.topic: conceptual
+ms.topic: concept-article
 ---
 
 # Dedicated SQL pool (formerly SQL DW) architecture in Azure Synapse Analytics
@@ -35,7 +35,7 @@ With decoupled storage and compute, when using a dedicated SQL pool (formerly SQ
 
 ### Azure Storage
 
-Dedicated SQL pool SQL (formerly SQL DW) leverages Azure Storage to keep your user data safe.  Since your data is stored and managed by Azure Storage, there is a separate charge for your storage consumption. The data is sharded into **distributions** to optimize the performance of the system. You can choose which sharding pattern to use to distribute the data when you define the table. These sharding patterns are supported:
+Dedicated SQL pool SQL (formerly SQL DW) leverages Azure Storage to keep your user data safe. Since your data is stored and managed by Azure Storage, there is a separate charge for your storage consumption. The data is sharded into **distributions** to optimize the performance of the system. You can choose which sharding pattern to use to distribute the data when you define the table. These sharding patterns are supported:
 
 - Hash
 - Round Robin
@@ -70,12 +70,12 @@ A hash distributed table can deliver the highest query performance for joins and
 
 To shard data into a hash-distributed table, a hash function is used to deterministically assign each row to one distribution. In the table definition, one of the columns is designated as the distribution column. The hash function uses the values in the distribution column to assign each row to a distribution.
 
-The following diagram illustrates how a full (non-distributed table) gets stored as a hash-distributed table.
+The following diagram illustrates how a full (nondistributed table) gets stored as a hash-distributed table.
 
 ![Distributed table](./media/massively-parallel-processing-mpp-architecture/hash-distributed-table.png "Distributed table")  
 
-- Each row belongs to one distribution.  
-- A deterministic hash algorithm assigns each row to one distribution.  
+- Each row belongs to one distribution. 
+- A deterministic hash algorithm assigns each row to one distribution. 
 - The number of table rows per distribution varies as shown by the different sizes of tables.
 
 There are performance considerations for the selection of a distribution column, such as distinctness, data skew, and the types of queries that run on the system.
@@ -90,15 +90,15 @@ A round-robin distributed table distributes data evenly across the table but wit
 
 A replicated table provides the fastest query performance for small tables.
 
-A table that is replicated caches a full copy of the table on each compute node. Consequently, replicating a table removes the need to transfer data among compute nodes before a join or aggregation. Replicated tables are best utilized with small tables. Extra storage is required and there is additional overhead that is incurred when writing data, which make large tables impractical.  
+A table that is replicated caches a full copy of the table on each compute node. Consequently, replicating a table removes the need to transfer data among compute nodes before a join or aggregation. Replicated tables are best utilized with small tables. Extra storage is required and there is additional overhead that is incurred when writing data, which make large tables impractical. 
 
-The diagram below shows a replicated table that is cached on the first distribution on each compute node.  
+The diagram below shows a replicated table that is cached on the first distribution on each compute node. 
 
 ![Replicated table](./media/massively-parallel-processing-mpp-architecture/replicated-table.png "Replicated table")
 
-## Next steps
+## Related content
 
-Now that you know a bit about Azure Synapse, learn how to quickly [create a dedicated SQL pool (formerly SQL DW)](create-data-warehouse-portal.md) and [load sample data](./load-data-from-azure-blob-storage-using-copy.md). If you are new to Azure, you may find the [Azure glossary](../../azure-glossary-cloud-terminology.md?toc=/azure/synapse-analytics/sql-data-warehouse/toc.json&bc=/azure/synapse-analytics/sql-data-warehouse/breadcrumb/toc.json) helpful as you encounter new terminology. Or look at some of these other Azure Synapse Resources.  
+Now that you know a bit about Azure Synapse, learn how to quickly [create a dedicated SQL pool (formerly SQL DW)](create-data-warehouse-portal.md) and [load sample data](./load-data-from-azure-blob-storage-using-copy.md). If you are new to Azure, you may find the [Azure fundamental concepts](../../fundamental-concepts.md?toc=/azure/synapse-analytics/sql-data-warehouse/toc.json&bc=/azure/synapse-analytics/sql-data-warehouse/breadcrumb/toc.json) helpful as you encounter new terminology. Or look at some of these other Azure Synapse Resources. 
 
 - [Customer success stories](https://azure.microsoft.com/case-studies/?service=sql-data-warehouse)
 - [Blogs](https://azure.microsoft.com/blog/tag/azure-sql-data-warehouse/)