Merge pull request #227253 from halkazwini/docs-editor/manage-network-security-group-1676354424

prmerger-automator[bot] · web-flow · commit f1a315aa1813 · 2023-02-14T06:19:30.000Z
fix screenshot link
diff --git a/articles/virtual-network/manage-network-security-group.md b/articles/virtual-network/manage-network-security-group.md
@@ -7,7 +7,7 @@ author: asudbring
 ms.service: virtual-network
 ms.topic: how-to
 ms.workload: infrastructure-services
-ms.date: 11/16/2022
+ms.date: 02/14/2023
 ms.author: allensu
 ms.custom: template-how-to, engagement-fy23
 ---
@@ -80,7 +80,6 @@ az network nsg create --resource-group MyResourceGroup --name myNSG
 ```
 
 ---
-
 ### View all network security groups
 
 # [**Portal**](#tab/network-security-group-portal)
@@ -106,7 +105,6 @@ az network nsg list --out table
 ```
 
 ---
-
 ### View details of a network security group
 
 # [**Portal**](#tab/network-security-group-portal)
@@ -162,7 +160,6 @@ To learn more about the common Azure settings listed, see the following articles
 - [Locks](../azure-resource-manager/management/lock-resources.md)
 
 ---
-
 ### Change a network security group
 
 The most common changes to a network security group are:
@@ -215,7 +212,6 @@ az network vnet subnet update --resource-group myResourceGroup --vnet-name myVNe
 ```
 
 ---
-
 ### Delete a network security group
 
 If a network security group is associated to any subnets or network interfaces, it can't be deleted. Dissociate a network security group from all subnets and network interfaces before attempting to delete it.
@@ -247,7 +243,6 @@ az network nsg delete --resource-group myResourceGroup --name myNSG
 ```
 
 ---
-
 ## Work with security rules
 
 A network security group contains zero or more security rules. You can [create](#create-a-security-rule), [view all](#view-all-security-rules), [view details of](#view-details-of-a-security-rule), [change](#change-a-security-rule), and [delete](#delete-a-security-rule) a security rule.
@@ -314,7 +309,6 @@ az network nsg rule create --resource-group myResourceGroup --nsg-name myNSG --n
 ```
 
 ---
-
 ### View all security rules
 
 A network security group contains zero or more rules. To learn more about the information listed when viewing rules, see [Security rules](./network-security-groups-overview.md#security-rules).
@@ -351,7 +345,6 @@ az network nsg rule list --resource-group myResourceGroup --nsg-name myNSG
 ```
 
 ---
-
 ### View details of a security rule
 
 # [**Portal**](#tab/network-security-group-portal)
@@ -395,7 +388,6 @@ az network nsg rule show --resource-group myResourceGroup --nsg-name myNSG --nam
 > This procedure only applies to a custom security rule. It doesn't work if you choose a default security rule.
 
 ---
-
 ### Change a security rule
 
 # [**Portal**](#tab/network-security-group-portal)
@@ -445,7 +437,6 @@ az network nsg rule update --resource-group myResourceGroup --nsg-name myNSG --n
 > This procedure only applies to a custom security rule. You aren't allowed to change a default security rule.
 
 ---
-
 ### Delete a security rule
 
 # [**Portal**](#tab/network-security-group-portal)
@@ -493,7 +484,6 @@ az network nsg rule delete --resource-group myResourceGroup --nsg-name myNSG --n
 > This procedure only applies to a custom security rule. You aren't allowed to change a default security rule.
 
 ---
-
 ## Work with application security groups
 
 An application security group contains zero or more network interfaces. To learn more, see [application security groups](./network-security-groups-overview.md#application-security-groups). All network interfaces in an application security group must exist in the same virtual network. To learn how to add a network interface to an application security group, see [Add a network interface to an application security group](virtual-network-network-interface.md#add-or-remove-from-application-security-groups).
@@ -517,7 +507,7 @@ An application security group contains zero or more network interfaces. To learn
     | Name | Enter a name for the application security group you're creating. |
     | Region | Select the region you want to create the application security group in. |
 
-    :::image type="content" source="./media/manage-network-security-group/create-network-security-group.png" alt-text="Screenshot of create an application security group in Azure portal.":::
+    :::image type="content" source="./media/manage-network-security-group/create-application-security-group.png" alt-text="Screenshot of create an application security group in Azure portal.":::
 
 5. Select **Review + create**.
 
@@ -540,7 +530,6 @@ az network asg create --resource-group myResourceGroup --name myASG --location e
 ```
 
 ---
-
 ### View all application security groups
 
 # [**Portal**](#tab/network-security-group-portal)
@@ -566,7 +555,6 @@ az network asg list --resource-group myResourceGroup --out table
 ```
 
 ---
-
 ### View details of a specific application security group
 
 # [**Portal**](#tab/network-security-group-portal)
@@ -592,7 +580,6 @@ az network asg show --resource-group myResourceGroup --name myASG
 ```
 
 ---
-
 ### Change an application security group
 
 # [**Portal**](#tab/network-security-group-portal)
@@ -629,7 +616,6 @@ az network asg update --resource-group myResourceGroup --name myASG --tags Dept=
 > You can't change the resource group, subscription or location of an application security group using the Azure CLI.
 
 ---
-
 ### Delete an application security group
 
 You can't delete an application security group if it contains any network interfaces. To remove all network interfaces from the application security group, either change the network interface settings or delete the network interfaces. To learn more, see [Add or remove from application security groups](virtual-network-network-interface.md#add-or-remove-from-application-security-groups) or [Delete a network interface](virtual-network-network-interface.md#delete-a-network-interface).
@@ -662,7 +648,6 @@ az network asg delete --resource-group myResourceGroup --name myASG
 ```
 
 ---
-
 ## Permissions
 
 To do tasks on network security groups, security rules, and application security groups, your account must be assigned to the [Network contributor](../role-based-access-control/built-in-roles.md?toc=%2fazure%2fvirtual-network%2ftoc.json#network-contributor) role or to a [Custom role](../role-based-access-control/custom-roles.md?toc=%2fazure%2fvirtual-network%2ftoc.json) that's assigned the appropriate permissions as listed in the following tables:
@@ -677,10 +662,12 @@ To do tasks on network security groups, security rules, and application security
 | Microsoft.Network/networkSecurityGroups/join/action           |   Associate a network security group to a subnet or network interface 
 
 
+
 >[!NOTE]
 > To perform `write` operations on a network security group, the subscription account must have at least `read` permissions for resource group along with `Microsoft.Network/networkSecurityGroups/write` permission.
 
 
+
 ### Network security group rule
 
 | Action                                                        |   Name                                                                |
@@ -703,3 +690,4 @@ To do tasks on network security groups, security rules, and application security
 
 - Add or remove [a network interface to or from an application security group](./virtual-network-network-interface.md?tabs=network-interface-portal#add-or-remove-from-application-security-groups).
 - Create and assign [Azure Policy definitions](./policy-reference.md) for virtual networks
+
