Acrolynx and Copilot improvements

Author: normesta

articles/storage/blobs/TOC.yml

@@ -301,17 +301,17 @@ items:
         href: storage-encrypt-decrypt-blobs-key-vault.md
     - name: Networking
       items:
-      - name: Network security overview
+      - name: Network security
         href: ../common/storage-network-security-overview.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
       - name: Private endpoints
         href: ../common/storage-private-endpoints.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
-      - name: Public endpoints
+      - name: Public endpoint
         items:
         - name: Default access level
           href: ../common/storage-network-security-set-default-access.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
         - name: Firewall rules
           items:
-          - name: Firewall rules overview
+          - name: Firewall rules
             href: ../common/storage-network-security.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
           - name: Guidelines and limitations
             href: ../common/storage-network-security-limitations.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json

articles/storage/common/storage-network-security-ip-address-range.md

@@ -12,7 +12,7 @@ ms.author: normesta
 
 # Create an IP network rule for Azure Storage
 
-You can deny all public access to your storage account, and then configure Azure network settings to accept requests from specific IP address ranges. To enable traffic from a specific public IP address ranges, create one or more IP network rules. To learn more, see [Permit access to IP address ranges](storage-network-security.md#grant-access-from-an-internet-ip-range).
+You can deny all public access to your storage account and then configure Azure network settings to accept requests from specific IP address ranges. To enable traffic from specific public IP address ranges, create one or more IP network rules. To learn more, see [Permit access to IP address ranges](storage-network-security.md#grant-access-from-an-internet-ip-range).
 
 ## Create an IP network rule
 
@@ -22,7 +22,7 @@ You can deny all public access to your storage account, and then configure Azure
 
 2. In the service menu, under **Security + networking**, select **Networking**.
 
-3. To allow traffic from IP address ranges, make sure that **Enabled from selected virtual networks and IP addresses** is selected.  
+3. To allow traffic from IP address ranges, make sure that **Enabled from selected virtual networks and IP addresses** is selected.
 
 4. To grant access to an internet IP range, enter the IP address or address range (in CIDR format) under **Firewall** > **Address Range**.
 
@@ -34,7 +34,7 @@ You can deny all public access to your storage account, and then configure Azure
 
 1. Install [Azure PowerShell](/powershell/azure/install-azure-powershell) and [sign in](/powershell/azure/authenticate-azureps).
 
-2. To allow traffic to IP address ranges, use the `Update-AzStorageAccountNetworkRuleSet` command and set the `-DefaultAction` parameter to `Deny`:
+2. To allow traffic from IP address ranges, use the `Update-AzStorageAccountNetworkRuleSet` command and set the `-DefaultAction` parameter to `Deny`:
 
    ```powershell
    Update-AzStorageAccountNetworkRuleSet -ResourceGroupName "myresourcegroup" -Name "mystorageaccount" -DefaultAction Deny
@@ -77,7 +77,6 @@ You can deny all public access to your storage account, and then configure Azure
 
 1. Install the [Azure CLI](/cli/azure/install-azure-cli) and [sign in](/cli/azure/authenticate-azure-cli).
 
-
 2. To allow traffic from IP address ranges, use the `az storage account update` command and set the `--default-action` parameter to `Deny`:
 
    ```azurecli

articles/storage/common/storage-network-security-limitations.md

@@ -13,15 +13,15 @@ ms.author: normesta
 
 # Guidelines and limitations for the Azure Storage firewall
 
-Before you implement network security for your storage accounts, review the important restrictions and considerations discussed in this section.
+Before you implement network security for your storage accounts, review the important restrictions and considerations in this section.
 
 ## General guidelines and limitations
 
-- Azure Storage firewall rules apply only to [data plane](../../azure-resource-manager/management/control-plane-and-data-plane.md#data-plane) operations. [Control plane](../../azure-resource-manager/management/control-plane-and-data-plane.md#control-plane) operations are not subject to the restrictions specified in firewall rules.
+- Azure Storage firewall rules apply only to [data plane](../../azure-resource-manager/management/control-plane-and-data-plane.md#data-plane) operations. [Control plane](../../azure-resource-manager/management/control-plane-and-data-plane.md#control-plane) operations aren't subject to the restrictions specified in firewall rules.
 
 - To access data by using tools such as the Azure portal, Azure Storage Explorer, and AzCopy, you must be on a machine within the trusted boundary that you establish when configuring network security rules.
 
-  Some operations, such as blob container operations, can be performed through both the control plane and the data plane. So if you attempt to perform an operation such as listing containers from the Azure portal, the operation will succeed unless it is blocked by another mechanism. Attempts to access blob data from an application such as Azure Storage Explorer are controlled by the firewall restrictions.
+  Some operations, such as blob container operations, can be performed through both the control plane and the data plane. If you attempt to perform an operation such as listing containers from the Azure portal, the operation succeeds unless it's blocked by another mechanism. Attempts to access blob data from an application such as Azure Storage Explorer are controlled by the firewall restrictions.
 
   For a list of data plane operations, see the [Azure Storage REST API Reference](/rest/api/storageservices/).
 
@@ -31,13 +31,13 @@ Before you implement network security for your storage accounts, review the impo
 
 - Network rules don't affect virtual machine (VM) disk traffic, including mount and unmount operations and disk I/O, but they do help protect REST access to page blobs.
 
-- You can use unmanaged disks in storage accounts with network rules applied to back up and restore VMs by [creating an exception](storage-network-security.md#manage-exceptions). Firewall exceptions aren't applicable to managed disks, because Azure already manages them.
+- You can use unmanaged disks in storage accounts with network rules applied to back up and restore VMs by [creating an exception](storage-network-security.md#manage-exceptions). Firewall exceptions don't apply to managed disks because Azure already manages them.
 
-- If you delete a subnet that's included in a virtual network rule, it will be removed from the network rules for the storage account. If you create a new subnet by the same name, it won't have access to the storage account. To allow access, you must explicitly authorize the new subnet in the network rules for the storage account.
+- If you delete a subnet that's included in a virtual network rule, it is removed from the network rules for the storage account. If you create a new subnet with the same name, it won't have access to the storage account. To allow access, you must explicitly authorize the new subnet in the network rules for the storage account.
 
-- When referencing a service endpoint in a client application, it's recommended that you avoid taking a dependency on a cached IP address. The storage account IP address is subject to change, and relying on a cached IP address may result in unexpected behavior. Additionally, it's recommended that you honor the time-to-live (TTL) of the DNS record and avoid overriding it. Overriding the DNS TTL may result in unexpected behavior.
+- When referencing a service endpoint in a client application, we recommend that you avoid taking a dependency on a cached IP address. The storage account IP address is subject to change, and relying on a cached IP address might result in unexpected behavior. Additionally, we recommend that you honor the time-to-live (TTL) of the DNS record and avoid overriding it. Overriding the DNS TTL might result in unexpected behavior.
 
-- By design, access to a storage account from trusted services takes the highest precedence over other network access restrictions. If you set **Public network access** to **Disabled** after previously setting it to **Enabled from selected virtual networks and IP addresses**, any [resource instances](storage-network-security.md#grant-access-from-azure-resource-instances) and [exceptions](storage-network-security.md#manage-exceptions) that you previously configured, including [Allow Azure services on the trusted services list to access this storage account](storage-network-security.md#grant-access-to-trusted-azure-services), will remain in effect. As a result, those resources and services might still have access to the storage account.
+- By design, access to a storage account from trusted services takes the highest precedence over other network access restrictions. If you set **Public network access** to **Disabled** after previously setting it to **Enabled from selected virtual networks and IP addresses**, any [resource instances](storage-network-security.md#grant-access-from-azure-resource-instances) and [exceptions](storage-network-security.md#manage-exceptions) that you previously configured, including **Allow Azure services on the trusted services list to access this storage account**, will remain in effect. As a result, those resources and services might still have access to the storage account.
 
 ## Restrictions for IP network rules
 
@@ -47,17 +47,17 @@ Before you implement network security for your storage accounts, review the impo
 
 - You must provide allowed internet address ranges by using [CIDR notation](https://tools.ietf.org/html/rfc4632) in the form 16.17.18.0/24 or as individual IP addresses like 16.17.18.19.
 
-- Small address ranges that use /31 or /32 prefix sizes are not supported. Configure these ranges by using individual IP address rules.
+- Small address ranges that use /31 or /32 prefix sizes aren't supported. Configure these ranges using individual IP address rules.
 
 - Only IPv4 addresses are supported for configuration of storage firewall rules.
 
-- You can't use IP network rules to restrict access to clients in same Azure region as the storage account. IP network rules have no effect on requests that originate from the same Azure region as the storage account. Use [Virtual network rules](storage-network-security-virtual-networks.md) to allow same-region requests.
+- You can't use IP network rules to restrict access to clients in the same Azure region as the storage account. IP network rules have no effect on requests that originate from the same Azure region as the storage account. Use [Virtual network rules](storage-network-security-virtual-networks.md) to allow same-region requests.
 
-- You can't use IP network rules to o restrict access to clients in a [paired region](../../reliability/cross-region-replication-azure.md) that are in a virtual network that has a service endpoint.
+- You can't use IP network rules to restrict access to clients in a [paired region](../../reliability/cross-region-replication-azure.md) that are in a virtual network with a service endpoint.
 
 - You can't use IP network rules to restrict access to Azure services deployed in the same region as the storage account. 
 
-  Services deployed in the same region as the storage account use private Azure IP addresses for communication. So, you can't restrict access to specific Azure services based on their public outbound IP address range.
+  Services deployed in the same region as the storage account use private Azure IP addresses for communication. Therefore, you can't restrict access to specific Azure services based on their public outbound IP address range.
 
 ## Next steps
 

articles/storage/common/storage-network-security-manage-exceptions.md

@@ -11,21 +11,21 @@ ms.author: normesta
 
 ---
 
-# Manage network security exceptions
+# Manage network security exceptions for Azure Storage
 
-You can enable traffic from an Azure service outside of the network boundary by adding a *network security exception*.
+You can enable traffic from Azure services outside of your network boundary by adding a *network security exception*.
 
 For a complete list of trusted Azure services, see [Trusted Azure services](storage-network-security-trusted-azure-services.md).
 
 ## Add a network security exception
 
 ### [Portal](#tab/azure-portal)
 
-1. Go to the storage account for which you want to manage exceptions.
+1. Navigate to the storage account for which you want to manage exceptions.
 
 2. In the service menu, under **Security + networking**, select **Networking**.
 
-3. Check that you've chosen to enable public network access from selected virtual networks and IP addresses.
+3. Verify that you've chosen to enable public network access from selected virtual networks and IP addresses.
 
 4. Under **Exceptions**, select the exceptions that you want to grant.
 
@@ -35,19 +35,18 @@ For a complete list of trusted Azure services, see [Trusted Azure services](stor
 
 1. Install [Azure PowerShell](/powershell/azure/install-azure-powershell) and [sign in](/powershell/azure/authenticate-azureps).
 
-2. Display the exceptions for the storage account's network rules:
+2. Display the exceptions for the storage account network rules:
 
     ```powershell
     (Get-AzStorageAccountNetworkRuleSet -ResourceGroupName "myresourcegroup" -Name "mystorageaccount").Bypass
     ```
 
-3. Configure the exceptions to the storage account's network rules:
+3. Configure the exceptions for the storage account network rules:
 
-    ```powershell
-    Update-AzStorageAccountNetworkRuleSet -ResourceGroupName "myresourcegroup" -Name "mystorageaccount" -Bypass AzureServices,Metrics,Logging
+    ```powershell    Update-AzStorageAccountNetworkRuleSet -ResourceGroupName "myresourcegroup" -Name "mystorageaccount" -Bypass AzureServices,Metrics,Logging
     ```
 
-4. Remove the exceptions to the storage account's network rules:
+4. Remove the exceptions from the storage account network rules:
 
     ```powershell
     Update-AzStorageAccountNetworkRuleSet -ResourceGroupName "myresourcegroup" -Name "mystorageaccount" -Bypass None
@@ -57,19 +56,18 @@ For a complete list of trusted Azure services, see [Trusted Azure services](stor
 
 1. Install the [Azure CLI](/cli/azure/install-azure-cli) and [sign in](/cli/azure/authenticate-azure-cli).
 
-2. Display the exceptions for the storage account's network rules:
+2. Display the exceptions for the storage account network rules:
 
     ```azurecli
     az storage account show --resource-group "myresourcegroup" --name "mystorageaccount" --query networkRuleSet.bypass
     ```
 
-3. Configure the exceptions to the storage account's network rules:
+3. Configure the exceptions for the storage account network rules:
 
-    ```azurecli
-    az storage account update --resource-group "myresourcegroup" --name "mystorageaccount" --bypass Logging Metrics AzureServices
+    ```azurecli    az storage account update --resource-group "myresourcegroup" --name "mystorageaccount" --bypass Logging Metrics AzureServices
     ```
 
-4. Remove the exceptions to the storage account's network rules:
+4. Remove the exceptions from the storage account network rules:
 
     ```azurecli
     az storage account update --resource-group "myresourcegroup" --name "mystorageaccount" --bypass None