Line edits3

lootle1 · lootle1 · commit 30fef77d7a9b · 2025-05-09T12:43:26.000-05:00
diff --git a/learn-pr/azure/secure-your-azure-sql-database/includes/1-create-database.md b/learn-pr/azure/secure-your-azure-sql-database/includes/1-create-database.md
@@ -90,7 +90,7 @@ Create the Linux VM to use through some examples.
     Where `nnn.nnn.nnn.nnn` is the value from the `publicIpAddress` output in the previous step.
 
     > [!NOTE]
-    > Two things to note. First, you don't need a password because you generated an SSH key pair as part of the VM creation. Second, on the first shell connection into the VM, you are prompted about the authenticity of the host. This occurs because you are connecting to an IP address instead of a host name. Answering _yes_ saves the IP address as a valid host for connection and allows the connection to proceed.
+    > Two things to note. First, you don't need a password because you generated an SSH key pair as part of the VM creation. Second, on the first shell connection into the VM, you're prompted about the authenticity of the host. This occurs because you're connecting to an IP address instead of a host name. Answering _yes_ saves the IP address as a valid host for connection and allows the connection to proceed.
 
 1. Finish things by installing mssql-tools on the Linux VM so you can connect to your database through sqlcmd.
 
diff --git a/learn-pr/azure/secure-your-azure-sql-database/includes/2-restrict-network-access.md b/learn-pr/azure/secure-your-azure-sql-database/includes/2-restrict-network-access.md
@@ -101,7 +101,7 @@ Because your VM has outbound internet access, you can use the **Allow access to
 
 1. Scroll down to **Exceptions**, select the checkbox for **Allow Azure services and resources to access this server**, and then select **Save**. Wait until the system acknowledges this change.
 
-1. Back in your SSH session, try to connect to your database again.
+1. Back in your SSH session try to connect to your database again.
 
     ```bash
     sqlcmd -S tcp:[server-name].database.windows.net,1433 -d marketplaceDb -U '[username]' -P '[password]' -N -l 30
diff --git a/learn-pr/azure/secure-your-azure-sql-database/includes/3-manage-authentication.md b/learn-pr/azure/secure-your-azure-sql-database/includes/3-manage-authentication.md
@@ -1,4 +1,4 @@
-Even though you might be able to connect to the database over the network, that doesn't mean you can actually gain access to the data itself. Following a layered approach, you want to ensure that only users who need access to the data can actually access it. This access is where authentication and authorization come in to play.
+Even though you might be able to connect to the database over the network that doesn't mean you can actually gain access to the data itself. Following a layered approach, you want to ensure that only users who need access to the data can actually access it. This access is where authentication and authorization come in to play.
 
 ## Authentication
 
@@ -16,13 +16,13 @@ This authentication method uses identities managed by Microsoft Entra ID and is
 
 ## Authorization
 
-Authorization refers to what an identity can do within an Azure SQL Database. This authorization is controlled by permissions granted directly to the user account and database role memberships. A database role is used to group permissions together to ease administration. Add a user to a role to grant the permissions the role has. These permissions can include the ability to sign in to the database, the ability to read a table, and the ability to add and remove columns from a database. As a best practice, you should grant users the least privileges necessary. The process of granting authorization to both SQL and Microsoft Entra users is the same.
+Authorization refers to what an identity can do within an Azure SQL Database. Permissions granted directly to the user account and database role memberships control this authorization. A database role is used to group permissions together to ease administration. Add a user to a role to grant the permissions the role has. These permissions can include the ability to sign in to the database, the ability to read a table, and the ability to add and remove columns from a database. As a best practice, you should grant users the least privileges necessary. The process of granting authorization to both SQL and Microsoft Entra users is the same.
 
 In the example here, the server admin account that you connect with is a member of the db_owner role, which has authority to do anything within the database.
 
 ## Authentication and authorization in practice
 
-As a best practice, your application should use a dedicated account to authenticate. This way, you can limit the permissions granted to the application and reduce the risks of malicious activity in case the application code is vulnerable to a SQL injection attack. We recommend that you create a contained database user, which allows your app to authenticate directly to the database. For more information, see [Contained Database Users - Making Your Database Portable](/sql/relational-databases/security/contained-database-users-making-your-database-portable).
+As a best practice, your application should use a dedicated account to authenticate. This way, you can limit the permissions granted to the application and reduce the risks of malicious activity in case the application code is vulnerable to a SQL injection attack. We recommend that you create a contained database user, which allows your app to authenticate directly to the database. For more information, see [Make your Database Portable by Using Contained Databases](/sql/relational-databases/security/contained-database-users-making-your-database-portable).
 
 Use Microsoft Entra authentication to centrally manage identities of database users and as an alternative to SQL Server authentication.
 
diff --git a/learn-pr/azure/secure-your-azure-sql-database/includes/4-data-security.md b/learn-pr/azure/secure-your-azure-sql-database/includes/4-data-security.md
@@ -23,7 +23,7 @@ Take a look in the Azure portal at where TDE is configured on your _marketplaceD
 Because new databases are encrypted by default, you can be sure that your data is encrypted on disk from as soon as you create the database.
 
 > [!NOTE]
-> Azure includes a built in service called Microsoft Defender for Cloud that gives you visibility into the security of your environment, including Azure SQL databases. Microsoft Defender for Cloud flags any databases that don't have TDE enabled on them, giving you the ability to report and take action to secure your data.
+> Azure includes a built-in service called Microsoft Defender for Cloud that gives you visibility into the security of your environment, including Azure SQL databases. Microsoft Defender for Cloud flags any databases that don't have TDE enabled on them, giving you the ability to report and take action to secure your data.
 
 ## Dynamic data masking
 
