MicrosoftDocs
diff --git a/‎articles/ddos-protection/alerts.md
Lines changed: 30 additions & 22 deletions b/‎articles/ddos-protection/alerts.md
Lines changed: 30 additions & 22 deletions
diff --git a/‎articles/ddos-protection/ddos-configure-log-analytics-workspace.md
Lines changed: 7 additions & 6 deletions b/‎articles/ddos-protection/ddos-configure-log-analytics-workspace.md
Lines changed: 7 additions & 6 deletions
diff --git a/‎articles/ddos-protection/ddos-diagnostic-alert-templates.md
Lines changed: 11 additions & 10 deletions b/‎articles/ddos-protection/ddos-diagnostic-alert-templates.md
Lines changed: 11 additions & 10 deletions
@@ -1,28 +1,28 @@
 ---
-title: 'Configure Azure DDoS Protection metric alerts through portal'
+title: 'Tutorial: Configure Azure DDoS Protection metric alerts through portal'
 description: Learn how to configure DDoS protection metric alerts for Azure DDoS Protection.
 services: ddos-protection
 author: AbdullahBell
 ms.service: ddos-protection
 ms.topic: tutorial
-ms.date: 08/07/2023
+ms.date: 07/17/2024
 ms.author: abell
 ---
-# Configure Azure DDoS Protection metric alerts through portal
 
-DDoS Protection metrics alerts are an important step in alerting your team through Azure portal, email, SMS message, push, or voice notification when an attack is detected.
+# Tutorial: Configure Azure DDoS Protection metric alerts through portal
 
 In this tutorial, you learn how to:
 
 > [!div class="checklist"]
 > * Configure metrics alerts through Azure Monitor.
 
+DDoS Protection metrics alerts are an important step in alerting your team through Azure portal, email, SMS message, push, or voice notification when an attack is detected.
 
 ## Prerequisites
 
 - An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 - [DDoS Network Protection](manage-ddos-protection.md) must be enabled on a virtual network or [DDoS IP Protection](manage-ddos-protection-powershell-ip.md) must be enabled on a public IP address. 
-- DDoS Protection monitors public IP addresses assigned to resources within a virtual network. If you don't have any resources with public IP addresses in the virtual network, you must first create a resource with a public IP address. You can monitor the public IP address of all resources deployed through Resource Manager (not classic) listed in [Virtual network for Azure services](../virtual-network/virtual-network-for-azure-services.md#services-that-can-be-deployed-into-a-virtual-network) (including Azure Load Balancers where the backend virtual machines are in the virtual network), except for Azure App Service Environments. To continue with this How-To guide, you can quickly create a [Windows](../virtual-machines/windows/quick-create-portal.md?toc=%2fazure%2fvirtual-network%2ftoc.json) or [Linux](../virtual-machines/linux/quick-create-portal.md?toc=%2fazure%2fvirtual-network%2ftoc.json) virtual machine.     
+- DDoS Protection monitors public IP addresses assigned to resources within a virtual network. If you don't have any resources with public IP addresses in the virtual network, you must first create a resource with a public IP address.    
 
 ## Configure metric alerts through portal
 
@@ -34,7 +34,7 @@ You can select any of the available Azure DDoS Protection metrics to alert you w
 
 1. Select **+ Create** on the navigation bar, then select **Alert rule**.
 
-    :::image type="content" source="./media/ddos-alerts/ddos-protection-alert-page.png" alt-text="Screenshot of creating Alerts." lightbox="./media/ddos-alerts/ddos-protection-alert-page.png":::
+    :::image type="content" source="./media/ddos-alerts/ddos-protection-alert-page.png" alt-text="Screenshot of DDoS Protection creating Alerts." lightbox="./media/ddos-alerts/ddos-protection-alert-page.png":::
 
 1. On the **Create an alert rule** page, select **+ Select scope**, then select the following information in the **Select a resource** page.
 
@@ -48,49 +48,55 @@ You can select any of the available Azure DDoS Protection metrics to alert you w
     |Resource | Select the specific **Public IP address** you want to log metrics for. |
 
 1. Select **Done**, then select **Next: Condition**.
-1. On the **Condition** page, select **+ Add Condition**, then in the *Search by signal name* search box, search and select **Under DDoS attack or not**.
+1. On the **Condition** page, select **+ Add Condition**, then in the *Search by signal name* search box, search, and select **Under DDoS attack or not**.
 
     :::image type="content" source="./media/ddos-alerts/ddos-protection-alert-add-condition.png" alt-text="Screenshot of adding DDoS Protection attack alert condition." lightbox="./media/ddos-alerts/ddos-protection-alert-add-condition.png":::
 
-1. In the **Create an alert rule** page, enter or select the following information. 
-  :::image type="content" source="./media/ddos-alerts/ddos-protection-alert-signal.png" alt-text="Screenshot of adding DDoS Protection attack alert signal." lightbox="./media/ddos-alerts/ddos-protection-alert-signal.png":::
+1. In the **Create an alert rule** page, select the following information. 
+
+    :::image type="content" source="./media/ddos-alerts/ddos-protection-alert-signal.png" alt-text="Screenshot of adding DDoS Protection attack alert signal." lightbox="./media/ddos-alerts/ddos-protection-alert-signal.png":::
 
     | Setting | Value |
     |--|--|
-    | Threshold | Leave as default. |
-    | Aggregation type | Leave as default. |
+    | Threshold | Leave as the default *Static*. |
+    | Aggregation type | Leave as default *Maximum*. |
     | Operator | Select **Greater than or equal to**. |
-    | Unit | Leave as default. |
+    | Unit | Leave as default *Count*. |
     | Threshold value | Enter **1**. For the *Under DDoS attack or not metric*, **0** means you're not under attack while **1** means you are under attack. |
-
+    | Check every | Choose how often the alert rule will check if the condition is met. Leave as default *1 minute*. |
+    | Lookback period | This is the lookback period, or the time period to look back at each time the data is checked. For example, every 1 minute you’ll be looking at the past 5 minutes. Leave as default *5 minutes*. |
 
 
 1. Select **Next: Actions** then select **+ Create action group**.
 
 ### Create action group
 
 1. In the **Create action group** page, enter the following information, then select **Next: Notifications**.
-:::image type="content" source="./media/ddos-alerts/ddos-protection-alert-action-group-basics.png" alt-text="Screenshot of adding DDoS Protection attack alert action group basics." lightbox="./media/ddos-alerts/ddos-protection-alert-action-group-basics.png":::
+
+    :::image type="content" source="./media/ddos-alerts/ddos-protection-alert-action-group-basics.png" alt-text="Screenshot of adding DDoS Protection attack alert action group basics." lightbox="./media/ddos-alerts/ddos-protection-alert-action-group-basics.png":::
 
     | Setting | Value |
     |--|--|
     | Subscription | Select your Azure subscription that contains the public IP address you want to log. |   
     | Resource Group | Select your Resource group. |
-    | Region | Leave as default. |
-    | Action Group | Enter **myDDoSAlertsActionGroup**. |
-    | Display name | Enter **myDDoSAlerts**. |
+    | Region | Choose these locations for the broadest set of Azure products and long-term capacity growth. |
+    | Action Group | Provide an action group name that is unique within the resource group. For this example, enter **myDDoSAlertsActionGroup**. |
+    | Display name | This display name will be shown as the action group name in email and SMS notifications. For this example, enter **myDDoSAlerts**. |
 
 
-1. On the *Notifications* tab, under *Notification type*, select **Email/SMS message/Push/Voice**. Under *Name*, enter **myUnderAttackEmailAlert**.
+1. On the *Notifications* tab, under *Notification type*, select the notification type you wish to use. For this example, we select **Email/SMS message/Push/Voice**. In the *Name* tab, enter **myUnderAttackEmailAlert**.
 
     :::image type="content" source="./media/ddos-alerts/ddos-protection-alert-action-group-notification.png" alt-text="Screenshot of adding DDoS Protection attack alert notification type." lightbox="./media/ddos-alerts/ddos-protection-alert-action-group-notification.png":::
 
-
 1. On the *Email/SMS message/Push/Voice* page, select the **Email** check box, then enter the required email. Select **OK**.
 
     :::image type="content" source="./media/ddos-alerts/ddos-protection-alert-notification.png" alt-text="Screenshot of adding DDoS Protection attack alert notification page." lightbox="./media/ddos-alerts/ddos-protection-alert-notification.png":::
 
 1. Select **Review + create** and then select **Create**.
+
+> [!NOTE]
+> Review the [Action groups](../azure-monitor/alerts/action-groups.md) documentation for more information on creating action groups. 
+
 ### Continue configuring alerts through portal
 
 1. Select **Next: Details**. 
@@ -108,7 +114,7 @@ You can select any of the available Azure DDoS Protection metrics to alert you w
 
 Within a few minutes of attack detection, you should receive an email from Azure Monitor metrics that looks similar to the following picture:
 
-:::image type="content" source="./media/ddos-alerts/ddos-alert.png" alt-text="Screenshot of a DDoS Attack Alert." lightbox="./media/ddos-alerts/ddos-alert.png":::
+:::image type="content" source="./media/ddos-alerts/ddos-alert.png" alt-text="Screenshot of a DDoS attack Alert after a DDoS attack." lightbox="./media/ddos-alerts/ddos-alert.png":::
 
 You can also learn more about [configuring webhooks](../azure-monitor/alerts/alerts-webhooks.md?toc=%2fazure%2fvirtual-network%2ftoc.json) and [logic apps](../logic-apps/logic-apps-overview.md?toc=%2fazure%2fvirtual-network%2ftoc.json) for creating alerts.
 
@@ -117,14 +123,16 @@ You can keep your resources for the next tutorial. If no longer needed, delete t
 
 1. In the search box at the top of the portal, enter **Alerts**. Select **Alerts** in the search results.
 
-    :::image type="content" source="./media/ddos-alerts/ddos-protection-alert-rule.png" alt-text="Screenshot of Alerts page." lightbox="./media/ddos-alerts/ddos-protection-alert-rule.png":::
+    :::image type="content" source="./media/ddos-alerts/ddos-protection-alert-rule.png" alt-text="Screenshot of Alerts page within Azure for DDoS Protection." lightbox="./media/ddos-alerts/ddos-protection-alert-rule.png":::
 
 1. Select **Alert rules**. 
 
-     :::image type="content" source="./media/ddos-alerts/ddos-protection-delete-alert-rules.png" alt-text="Screenshot of Alert rules page." lightbox="./media/ddos-alerts/ddos-protection-delete-alert-rules.png":::
+     :::image type="content" source="./media/ddos-alerts/ddos-protection-delete-alert-rules.png" alt-text="Screenshot of Alert rules page within Azure for DDoS Protection." lightbox="./media/ddos-alerts/ddos-protection-delete-alert-rules.png":::
 
 1. In the Alert rules page, select your subscription.
+
 1. Select the alerts created in this tutorial, then select **Delete**. 
+
 ## Next steps
 
 In this tutorial you learned how to configure metric alerts through Azure portal.
 
@@ -1,23 +1,23 @@
 ---
-title: 'Configure Azure DDoS Protection Log Analytics workspace'
+title: 'Tutorial: Configure Azure DDoS Protection Log Analytics workspace'
 description: Learn how to configure Log Analytics workspace for Azure DDoS Protection.
 services: ddos-protection
 author: AbdullahBell
 ms.service: ddos-protection
 ms.topic: tutorial
-ms.date: 08/07/2023
+ms.date: 07/17/2024
 ms.author: abell
 ---
 
-# Configure Azure DDoS Protection Log Analytics workspace
-
-In order to use diagnostic logging, you'll first need a Log Analytics workspace with diagnostic settings enabled.
+# Tutorial: Configure Azure DDoS Protection Log Analytics workspace
 
 In this tutorial, you learn how to:
 
 > [!div class="checklist"]
 > * Configure a Log Analytics workspace for DDoS Protection.
 
+In order to use diagnostic logging, you'll first need a Log Analytics workspace with diagnostic settings enabled.
+
 ## Prerequisites
 
 - If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
@@ -48,7 +48,8 @@ In this tutorial, you learn how to:
     :::image type="content" source="./media/ddos-log-analytics-workspace/ddos-protection-log-analytics-workspace-settings.png" alt-text="Screenshot of locating log analytics workspace diagnostic setting.":::
 
 1. On the *Diagnostic setting* page, under *Destination details*, select **Send to Log Analytics workspace**, then enter the following information.
-:::image type="content" source="./media/ddos-log-analytics-workspace/ddos-protection-diagnostic-settings.png" alt-text="Screenshot of log analytics workspace diagnostic setting.":::
+
+    :::image type="content" source="./media/ddos-log-analytics-workspace/ddos-protection-diagnostic-settings.png" alt-text="Screenshot of log analytics workspace diagnostic setting.":::
 
     | Setting | Value |
     |--|--|
 
@@ -1,36 +1,37 @@
 ---
-title: 'Configure Azure DDoS Protection diagnostic logging alerts'
+title: 'Tutorial: Configure Azure DDoS Protection diagnostic logging alerts'
 description: Learn how to configure DDoS protection diagnostic alerts for Azure DDoS Protection.
 services: ddos-protection
 author: AbdullahBell
 ms.service: ddos-protection
 ms.topic: tutorial
-ms.date: 08/07/2023
+ms.date: 07/17/2024
 ms.author: abell
 ---
 
-# Configure Azure DDoS Protection diagnostic logging alerts
-
-DDoS Protection diagnostic logging alerts provide visibility into DDoS attacks and mitigation actions. You can configure alerts for all DDoS protected public IP addresses that you have enabled diagnostic logging on.
+# Tutorial: Configure Azure DDoS Protection diagnostic logging alerts
 
 In this tutorial, you learn how to:
 
 > [!div class="checklist"]
 > * Configure diagnostic logging alerts through Azure Monitor and Logic App.
+
+DDoS Protection diagnostic logging alerts provide visibility into DDoS attacks and mitigation actions. You can configure alerts for all DDoS protected public IP addresses that you have enabled diagnostic logging on.
+
 ## Prerequisites
 
 - If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
 - [DDoS Network Protection](manage-ddos-protection.md) must be enabled on a virtual network or [DDoS IP Protection](manage-ddos-protection-powershell-ip.md) must be enabled on a public IP address. 
 - In order to use diagnostic logging, you must first create a [Log Analytics workspace with diagnostic settings enabled](ddos-configure-log-analytics-workspace.md). 
-- DDoS Protection monitors public IP addresses assigned to resources within a virtual network. If you don't have any resources with public IP addresses in the virtual network, you must first create a resource with a public IP address. You can monitor the public IP address of all resources deployed through Resource Manager (not classic) listed in [Virtual network for Azure services](../virtual-network/virtual-network-for-azure-services.md#services-that-can-be-deployed-into-a-virtual-network) (including Azure Load Balancers where the backend virtual machines are in the virtual network), except for Azure App Service Environments. To continue with this guide, you can quickly create a [Windows](../virtual-machines/windows/quick-create-portal.md?toc=%2fazure%2fvirtual-network%2ftoc.json) or [Linux](../virtual-machines/linux/quick-create-portal.md?toc=%2fazure%2fvirtual-network%2ftoc.json) virtual machine. 
+- DDoS Protection monitors public IP addresses assigned to resources within a virtual network. If you don't have any resources with public IP addresses in the virtual network, you must first create a resource with a public IP address. 
 
 ## Configure diagnostic logging alerts through Azure Monitor
 
-With these templates, you'll be able to configure alerts for all public IP addresses that you have enabled diagnostic logging on. 
+With these templates, you are able to configure alerts for all public IP addresses that you have enabled diagnostic logging on. 
 
 ### Create Azure Monitor alert rule
 
-The Azure Monitor alert rule template will run a query against the diagnostic logs to detect when an active DDoS mitigation is occurring. The alert indicates a potential attack. Action groups can be used to invoke actions as a result of the alert.
+The Azure Monitor alert rule template runs a query against the diagnostic logs to detect when an active DDoS mitigation is occurring. The alert indicates a potential attack. Action groups can be used to invoke actions as a result of the alert.
 
 
 #### Deploy the template
@@ -48,7 +49,7 @@ The Azure Monitor alert rule template will run a query against the diagnostic lo
     | Subscription | Select your Azure subscription. |   
     | Resource Group | Select your Resource group. | 
     | Region | Select your Region. |
-    | Workspace Name | Enter your workspace name. In this example the *Workspace name* is **myLogAnalyticsWorkspace**. | 
+    | Workspace Name | Enter your workspace name. In this example, the *Workspace name* is **myLogAnalyticsWorkspace**. | 
     | Location | Enter **East US**. |
 
     > [!NOTE]
@@ -78,7 +79,7 @@ This DDoS Mitigation Alert Enrichment template deploys the necessary components
     | Alert Name | Leave as default. | 
     | Security Team Email | Enter the required email address. |
     | Company Domain | Enter the required domain. |
-    | Workspace Name | Enter your workspace name. In this example the *Workspace name* is **myLogAnalyticsWorkspace**. |
+    | Workspace Name | Enter your workspace name. In this example, the *Workspace name* is **myLogAnalyticsWorkspace**. |
 
 1. Select **Review + create** and then select **Create** after validation passes.