Merge pull request #249546 from samurp/samurptrustedrelay

Update trusted-services.md

Author: v-regandowner

articles/azure-relay/includes/trusted-services.md

@@ -6,8 +6,16 @@ ms.date: 06/26/2023
 ms.author: spelluru
 ---
 
-## Trusted services
-The following services are the trusted services for Azure Relay.
+## Trusted Microsoft services
+When you enable the **Allow trusted Microsoft services to bypass this firewall** setting, the following services are granted access to your Azure Relay resources:
+
+| Trusted service | Supported usage scenarios | 
+| --------------- | ------------------------- | 
+| Azure Machine Learning | AML Kubernetes uses Azure Relay to facilitate communication between AML services and the Kubernetes cluster. Azure Relay is a fully managed service that provides secure bi-directional communication between applications hosted on different networks. This makes it ideal for use in private link environments, where communication between Azure resources and on-premises resources is restricted. |
+| Azure Arc | Azure Arc-enabled services associated with the Resource Providers above will be able to connect to the hybrid connections in your Azure Relay namespace as a sender without being blocked by the IP firewall rules set on the Azure Relay namespace. `Microsoft.Hybridconnectivity` service creates the hybrid connections in your Azure Relay namespace and provides the connection information to the relevant Arc service based on the scenario. These services communicate only with your Azure Relay namespace if you're using Azure Arc, with the following Azure Services: <br/><br> - Azure Kubernetes<br/> - Azure Machine Learning <br/> - Microsoft Purview |
+
+
+The other trusted services for Azure Relay can be found below:
 - Azure Event Grid
 - Azure IoT Hub
 - Azure Stream Analytics
@@ -18,4 +26,3 @@ The following services are the trusted services for Azure Relay.
 - Azure IoT Central
 - Azure Healthcare Data Services
 - Azure Digital Twins
-- Azure Arc

articles/azure-relay/ip-firewall-virtual-networks.md

@@ -22,7 +22,7 @@ This section shows you how to use the Azure portal to create IP firewall rules f
 1. To restrict access to specific networks and IP addresses, select the **Selected networks** option. In the **Firewall** section, follow these steps:
     1. Select **Add your client IP address** option to give your current client IP the access to the namespace. 
     2. For **address range**, enter a specific IPv4 address or a range of IPv4 address in CIDR notation. 
-    3. If you want to allow Microsoft services trusted by the Azure Relay service to bypass this firewall, select **Yes** for **Allow [trusted Microsoft services](#trusted-services) to bypass this firewall?**. 
+    3. If you want to allow Microsoft services trusted by the Azure Relay service to bypass this firewall, select **Yes** for **Allow [trusted Microsoft services](#trusted-microsoft-services) to bypass this firewall?**. 
 
         :::image type="content" source="./media/ip-firewall/selected-networks-trusted-access-disabled.png" alt-text="Screenshot showing the Public access tab of the Networking page with the Firewall enabled.":::
 1. Select **Save** on the toolbar to save the settings. Wait for a few minutes for the confirmation to show up on the portal notifications.

articles/azure-relay/private-link-service.md

@@ -37,7 +37,7 @@ The following procedure provides step-by-step instructions for disabling public
 3. Select the **namespace** from the list to which you want to add a private endpoint.
 4. On the left menu, select the **Networking** tab under **Settings**.
 1. On the **Networking** page, for **Public network access**, select **Disabled** if you want the namespace to be accessed only via private endpoints. 
-1. For **Allow trusted Microsoft services to bypass this firewall**, select **Yes** if you want to allow [trusted Microsoft services](#trusted-services) to bypass this firewall. 
+1. For **Allow trusted Microsoft services to bypass this firewall**, select **Yes** if you want to allow [trusted Microsoft services](#trusted-microsoft-services) to bypass this firewall. 
 
     :::image type="content" source="./media/private-link-service/public-access-disabled.png" alt-text="Screenshot of the Networking page with public network access as Disabled.":::
 1. Select the **Private endpoint connections** tab at the top of the page