MicrosoftDocs
diff --git a/‎articles/frontdoor/endpoint.md
Lines changed: 18 additions & 18 deletions b/‎articles/frontdoor/endpoint.md
Lines changed: 18 additions & 18 deletions
diff --git a/‎articles/frontdoor/front-door-ddos.md
Lines changed: 25 additions & 25 deletions b/‎articles/frontdoor/front-door-ddos.md
Lines changed: 25 additions & 25 deletions
@@ -6,59 +6,59 @@ services: frontdoor
 author: duongau
 ms.service: azure-frontdoor
 ms.topic: conceptual
-ms.date: 08/09/2023
+ms.date: 11/13/2024
 ms.author: duau
 ---
 
 # Endpoints in Azure Front Door
 
-In Azure Front Door, an *endpoint* is a logical grouping of one or more routes that are associated with domain names. Each endpoint is [assigned a domain name](#endpoint-domain-names) by Front Door, and you can associate your own custom domains by using routes.
+In Azure Front Door, an *endpoint* is a logical grouping of one or more routes associated with domain names. Each endpoint is [assigned a domain name](#endpoint-domain-names) by Front Door, and you can also associate your own custom domains using routes.
 
 ## How many endpoints should I create?
 
-A Front Door profile can contain multiple endpoints. However, in many situations you might only need a single endpoint.
+A Front Door profile can contain multiple endpoints, but in many cases, a single endpoint might suffice.
 
-When you're planning the endpoints to create, consider the following factors:
+Consider the following factors when planning your endpoints:
 
-- If all of your domains use the same or similar route paths, it's probably best to combine them into a single endpoint.
-- If you use different routes and route paths for each domain, consider using separate endpoints, such as by having an endpoint for each custom domain.
-- If you need to enable or disable all of your domains together, consider using a single endpoint. An entire endpoint can be enabled or disabled together.
+- If all your domains use the same or similar route paths, it's likely best to combine them into a single endpoint.
+- If you use different routes and route paths for each domain, consider creating separate endpoints, such as one for each custom domain.
+- If you need to enable or disable all your domains together, consider using a single endpoint, as an entire endpoint can be enabled or disabled at once.
 
 ## Endpoint domain names
 
 Endpoint domain names are automatically generated when you create a new endpoint. Front Door generates a unique domain name based on several components, including:
 
 - The endpoint's name.
-- A pseudorandom hash value, which gets determined by Front Door. By using hash values as part of the domain name, Front Door helps to protect against [subdomain takeover](../security/fundamentals/subdomain-takeover.md) attacks.
-- The base domain name for your Front Door environment. Generally is `z01.azurefd.net`.
+- A pseudorandom hash value determined by Front Door, which helps protect against [subdomain takeover](../security/fundamentals/subdomain-takeover.md) attacks.
+- The base domain name for your Front Door environment, generally `z01.azurefd.net`.
 
-For example, suppose you have created an endpoint named `myendpoint`. The endpoint domain name might be `myendpoint-mdjf2jfgjf82mnzx.z01.azurefd.net`.
+For example, if you create an endpoint named `myendpoint`, the endpoint domain name might be `myendpoint-mdjf2jfgjf82mnzx.z01.azurefd.net`.
 
 The endpoint domain is accessible when you associate it with a route.
 
 ### Reuse of an endpoint domain name
 
-When you delete and redeploy an endpoint, you might expect to get the same pseudorandom hash value, and therefore the same endpoint domain name. Front Door enables you to control how the pseudorandom hash values are reused on an endpoint-by-endpoint basis.
+When you delete and redeploy an endpoint, you might expect to get the same pseudorandom hash value and, therefore, the same endpoint domain name. Front Door allows you to control how these pseudorandom hash values are reused on an endpoint-by-endpoint basis.
 
 An endpoint's domain can be reused within the same tenant, subscription, or resource group scope level. You can also choose to not allow the reuse of an endpoint domain. By default, Front Door allows reuse of the endpoint domain within the same Microsoft Entra tenant.
 
-You can use Bicep, an Azure Resource Manager template (ARM template), the Azure CLI, or Azure PowerShell to configure the scope level of the endpoint's domain reuse behavior. You can also configure it for all Front Door endpoints in your whole organization by using Azure Policy. The Azure portal uses the scope level you define through the command line once it has been changed.
+You can configure the scope level of the endpoint's domain reuse behavior using Bicep, an Azure Resource Manager (ARM) template, the Azure CLI, or Azure PowerShell. Additionally, you can configure it for all Front Door endpoints in your organization using Azure Policy. The Azure portal uses the scope level you define through the command line once it has been changed.
 
 The following table lists the allowable values for the endpoint's domain reuse behavior:
 
 | Value | Description |
 |--|--|
 | `TenantReuse` | This is the default value. Endpoints with the same name in the same Microsoft Entra tenant receive the same domain label. |
 | `SubscriptionReuse` | Endpoints with the same name in the same Azure subscription receive the same domain label. |
-| `ResourceGroupReuse` | Endpoints with the same name in the same resource group receives the same domain label. |
+| `ResourceGroupReuse` | Endpoints with the same name in the same resource group receive the same domain label. |
 | `NoReuse` | Endpoints always receive a new domain label. |
 
 > [!NOTE]
-> You can't modify the reuse behavior of an existing Front Door endpoint. The reuse behavior only applies to newly created endpoints.
+> The reuse behavior cannot be modified for an existing Front Door endpoint. It only applies to newly created endpoints.
 
-The following example shows how to create a new Front Door endpoint with a reuse scope of `SubscriptionReuse`:
+The following examples demonstrate how to create a new Front Door endpoint with the reuse scope set to `SubscriptionReuse`:
 
-# [Azure CLI](#tab/azurecli)
+### Azure CLI
 
 ```azurecli
 az afd endpoint create \
@@ -68,7 +68,7 @@ az afd endpoint create \
   --name-reuse-scope SubscriptionReuse
 ```
 
-# [Azure PowerShell](#tab/azurepowershell)
+### Azure PowerShell
 
 ```azurepowershell
 New-AzFrontDoorCdnEndpoint `
@@ -79,7 +79,7 @@ New-AzFrontDoorCdnEndpoint `
    -AutoGeneratedDomainNameLabelScope SubscriptionReuse
 ```
 
-# [Bicep](#tab/bicep)
+### Bicep
 
 ```bicep
 resource endpoint 'Microsoft.Cdn/profiles/afdEndpoints@2021-06-01' = {
 
@@ -1,57 +1,57 @@
 ---
 title: DDoS protection on Azure Front Door
-description: This page provides information about how Azure Front Door helps to protect against DDoS attacks.
+description: Learn how Azure Front Door provides robust protection against DDoS attacks, ensuring the security and performance of your web applications.
 services: frontdoor
 author: duongau
 ms.service: azure-frontdoor
 ms.topic: conceptual
-ms.date: 10/23/2023
+ms.date: 11/13/2024
 ms.author: duau
 ---
 
-# DDoS protection on Front Door
+# DDoS Protection on Azure Front Door
 
-Azure Front Door is a Content Delivery Network (CDN) that can help you protect your origins from HTTP(S) DDoS attacks by distributing the traffic across its 192 edge POPs worldwide. These POPs uses our large private WAN to deliver your web applications and services faster and more securely to your end users. Azure Front Door also includes layer 3, 4, and 7 DDoS protection and a web application firewall (WAF) to help protect your applications from common exploits and vulnerabilities.
+Azure Front Door is a Content Delivery Network (CDN) that helps protect your origins from HTTP(S) DDoS attacks by distributing traffic across its 192 edge Points of Presence (POPs) worldwide. These POPs use Azure's large private WAN to deliver your web applications and services faster and more securely to your end users. Azure Front Door includes layer 3, 4, and 7 DDoS protection and a Web Application Firewall (WAF) to safeguard your applications from common exploits and vulnerabilities.
 
-## Infrastructure DDoS protection
+## Infrastructure DDoS Protection
 
-Azure Front Door benefits from the [default Azure infrastructure DDoS protection](../ddos-protection/ddos-protection-overview.md). This protection monitors and mitigates network layer attacks in real time by using the global scale and capacity of Front Door’s network. This protection has a proven track record in safeguarding Microsoft’s enterprise and consumer services from large-scale attacks.
+Azure Front Door benefits from the [default Azure infrastructure DDoS protection](../ddos-protection/ddos-protection-overview.md). This protection monitors and mitigates network layer attacks in real-time using the global scale and capacity of Azure Front Door’s network. It has a proven track record of safeguarding Microsoft’s enterprise and consumer services from large-scale attacks.
 
-## Protocol blocking
+## Protocol Blocking
 
-Azure Front Door supports only the HTTP and HTTPS protocols, and requires a valid `Host`` header for each request. This behavior helps to prevent some common DDoS attack types such as volumetric attacks that use various protocols and ports, DNS amplification attacks, and TCP poisoning attacks.
+Azure Front Door supports only HTTP and HTTPS protocols and requires a valid `Host` header for each request. This behavior helps prevent common DDoS attack types such as volumetric attacks using various protocols and ports, DNS amplification attacks, and TCP poisoning attacks.
 
-## Capacity absorption
+## Capacity Absorption
 
-Azure Front Door is a large-scale, globally distributed service. It serves many customers, including Microsoft’s own cloud products that handle hundreds of thousands of requests per second. Front Door is situated at the edge of Azure’s network, where it can intercept and geographically isolate large volume attacks. Therefore, Front Door can prevent malicious traffic from reaching beyond the edge of the Azure network.
+Azure Front Door is a large-scale, globally distributed service that serves many customers, including Microsoft’s own cloud products, which handle hundreds of thousands of requests per second. Positioned at the edge of Azure’s network, Azure Front Door can intercept and geographically isolate large volume attacks, preventing malicious traffic from reaching beyond the edge of the Azure network.
 
 ## Caching
 
-You can use [Front Door’s caching capabilities](./front-door-caching.md) to protect your backends from large traffic volumes generated by an attack. Front Door edge nodes return cached resources and avoid forwarding them to your backend. Even short cache expiry times (seconds or minutes) on dynamic responses can significantly reduce the load on your backend services. For more information about caching concepts and patterns, see [Caching considerations](/azure/architecture/best-practices/caching) and [Cache-aside pattern](/azure/architecture/patterns/cache-aside).
+You can use Azure Front Door [caching capabilities](./front-door-caching.md) to protect your backends from large traffic volumes generated by an attack. Azure Front Door edge nodes return cached resources, avoiding forwarding them to your backend. Even short cache expiry times (seconds or minutes) on dynamic responses can significantly reduce the load on your backend services. For more information about caching concepts and patterns, see [Caching considerations](/azure/architecture/best-practices/caching) and [Cache-aside pattern](/azure/architecture/patterns/cache-aside).
 
 ## Web Application Firewall (WAF)
 
-You can use [Front Door's Web Application Firewall (WAF)](../web-application-firewall/afds/afds-overview.md) to mitigate many different types of attacks:
+You can use [Azure Web Application Firewall (WAF)](../web-application-firewall/afds/afds-overview.md) to mitigate various types of attacks:
 
-* The managed rule set protects your application from many common attacks.  For more information, see [Managed rules](../web-application-firewall/afds/waf-front-door-drs.md).
-* You can block or redirect traffic from outside or inside a specific geographic region to a static webpage. For more information, see [Geo-filtering](../web-application-firewall/afds/waf-front-door-geo-filtering.md).
-* You can block IP addresses and ranges that you identify as malicious. For more information, see [IP restrictions](../web-application-firewall/afds/waf-front-door-configure-ip-restriction.md).
-* You can apply rate limiting to prevent IP addresses from calling your service too frequently. For more information, see [Rate limiting](../web-application-firewall/afds/waf-front-door-rate-limit.md).
-* You can create [custom WAF rules](../web-application-firewall/afds/waf-front-door-custom-rules.md)  to automatically block and rate limit HTTP or HTTPS attacks that have known signatures.
-* The bot protection managed rule set protects your application from known bad bots. For more information, see [Configuring bot protection](../web-application-firewall/afds/waf-front-door-policy-configure-bot-protection.md).
+- The managed rule set protects your application from many common attacks. For more information, see [Managed rules](../web-application-firewall/afds/waf-front-door-drs.md).
+- Block or redirect traffic from specific geographic regions to a static webpage. For more information, see [Geo-filtering](../web-application-firewall/afds/waf-front-door-geo-filtering.md).
+- Block IP addresses and ranges identified as malicious. For more information, see [IP restrictions](../web-application-firewall/afds/waf-front-door-configure-ip-restriction.md).
+- Apply rate limiting to prevent IP addresses from calling your service too frequently. For more information, see [Rate limiting](../web-application-firewall/afds/waf-front-door-rate-limit.md).
+- Create [custom WAF rules](../web-application-firewall/afds/waf-front-door-custom-rules.md) to automatically block and rate limit HTTP or HTTPS attacks with known signatures.
+- The bot protection managed rule set protects your application from known bad bots. For more information, see [Configuring bot protection](../web-application-firewall/afds/waf-front-door-policy-configure-bot-protection.md).
 
-Refer to [Application DDoS protection](../web-application-firewall/shared/application-ddos-protection.md) for guidance on how to use Azure WAF to protect against DDoS attacks.
+Refer to [Application DDoS protection](../web-application-firewall/shared/application-ddos-protection.md) for guidance on using Azure WAF to protect against DDoS attacks.
 
-## Protect virtual network origins
+## Protect Virtual Network Origins
 
-To protect your public IPs from DDoS attacks, enable [Azure DDoS Protection](../ddos-protection/ddos-protection-overview.md) on the origin virtual network. DDoS Protection customers receive extra benefits such as cost protection, SLA guarantee, and access to experts from the DDoS Rapid Response Team for immediate assistance during an attack.
+Enable [Azure DDoS Protection](../ddos-protection/ddos-protection-overview.md) on your origin virtual network to safeguard your public IPs from DDoS attacks. This service offers more benefits such as cost protection, an SLA guarantee, and access to the DDoS Rapid Response Team for expert assistance during an attack.
 
 ## Private Link
 
-Enhance the security of your Azure-hosted origins by restricting their access to Azure Front Door through [Azure Private Link](private-link.md). This feature enables a private network connection between Azure Front Door and your application servers, eliminating the need to expose your origins to the public internet.
+Enhance the security of your Azure-hosted origins by using [Azure Private Link](private-link.md) to restrict access to Azure Front Door. This feature establishes a private network connection between Azure Front Door and your application servers, eliminating the need to expose your origins to the public internet.
 
 ## Next steps
 
-- Learn how to set up a [WAF policy for Azure Front Door](front-door-waf.md). 
-- Learn how to [create an Azure Front Door profile](quickstart-create-front-door.md).
-- Learn [how Azure Front Door works](front-door-routing-architecture.md).
+- Set up a [WAF policy for Azure Front Door](front-door-waf.md).
+- Create an [Azure Front Door profile](quickstart-create-front-door.md).
+- Understand [how Azure Front Door works](front-door-routing-architecture.md).