Merge pull request #50047 from v-thpra/azure-triage-fix-1044058

Technical Review 1044058: Introduction to Azure Private Link

Author: JamesJBarnett

learn-pr/azure-networking/introduction-azure-private-link/1-introduction.yml

@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.introduction-azure-private-link.1-introduction
-title: Introduction
-metadata:
-  title: Introduction
-  description: Introduction to the Introduction to Azure Private Link module.
-  ms.date: 01/22/2024
-  author: asudbring
-  ms.author: allensu
-  ms.topic: unit
-durationInMinutes: 4
-content: |
-  [!include[](includes/1-introduction.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.introduction-azure-private-link.1-introduction
+title: Introduction
+metadata:
+  title: Introduction
+  description: Introduction to the Introduction to Azure Private Link module.
+  ms.date: 04/17/2025
+  author: asudbring
+  ms.author: allensu
+  ms.topic: unit
+durationInMinutes: 4
+content: |
+  [!include[](includes/1-introduction.md)]
+

learn-pr/azure-networking/introduction-azure-private-link/2-what-is-azure-private-link.yml

@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.introduction-azure-private-link.2-what-is-azure-private-link
-title: What is Azure Private Link?
-metadata:
-  title: What is Azure Private Link?
-  description: Introduces Azure Private Link, Private Endpoint, and Private Link Service.
-  ms.date: 01/22/2024
-  author: asudbring
-  ms.author: allensu
-  ms.topic: unit
-durationInMinutes: 12
-content: |
-  [!include[](includes/2-what-is-azure-private-link.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.introduction-azure-private-link.2-what-is-azure-private-link
+title: What is Azure Private Link?
+metadata:
+  title: What is Azure Private Link?
+  description: Introduces Azure Private Link, Private Endpoint, and Private Link Service.
+  ms.date: 04/17/2025
+  author: asudbring
+  ms.author: allensu
+  ms.topic: unit
+durationInMinutes: 12
+content: |
+  [!include[](includes/2-what-is-azure-private-link.md)]
+

learn-pr/azure-networking/introduction-azure-private-link/3-how-azure-private-link-works.yml

@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.introduction-azure-private-link.3-how-azure-private-link-works
-title: How Azure Private Link works
-metadata:
-  title: How Azure Private Link works
-  description: Learn how Private Link fits into an Azure virtual network, how Azure Private Endpoint works, and how Azure Private Link Service works.
-  ms.date: 01/22/2024
-  author: asudbring
-  ms.author: allensu
-  ms.topic: unit
-durationInMinutes: 10
-content: |
-  [!include[](includes/3-how-azure-private-link-works.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.introduction-azure-private-link.3-how-azure-private-link-works
+title: How Azure Private Link works
+metadata:
+  title: How Azure Private Link works
+  description: Learn how Private Link fits into an Azure virtual network, how Azure Private Endpoint works, and how Azure Private Link Service works.
+  ms.date: 04/17/2025
+  author: asudbring
+  ms.author: allensu
+  ms.topic: unit
+durationInMinutes: 10
+content: |
+  [!include[](includes/3-how-azure-private-link-works.md)]
+

learn-pr/azure-networking/introduction-azure-private-link/4-when-to-use-azure-private-link.yml

@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.introduction-azure-private-link.4-when-to-use-azure-private-link
-title: When to use Azure Private Link
-metadata:
-  title: When to use Azure Private Link
-  description: Learn how to evaluate if Azure Private Link is a suitable choice for you.
-  ms.date: 01/22/2024
-  author: asudbring
-  ms.author: allensu
-  ms.topic: unit
-durationInMinutes: 8
-content: |
-  [!include[](includes/4-when-to-use-azure-private-link.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.introduction-azure-private-link.4-when-to-use-azure-private-link
+title: When to use Azure Private Link
+metadata:
+  title: When to use Azure Private Link
+  description: Learn how to evaluate if Azure Private Link is a suitable choice for you.
+  ms.date: 04/17/2025
+  author: asudbring
+  ms.author: allensu
+  ms.topic: unit
+durationInMinutes: 8
+content: |
+  [!include[](includes/4-when-to-use-azure-private-link.md)]
+

learn-pr/azure-networking/introduction-azure-private-link/5-knowledge-check.yml

@@ -1,50 +1,50 @@
-### YamlMime:ModuleUnit
-uid: learn.introduction-azure-private-link.5-knowledge-check
-title: Module assessment
-metadata:
-  title: Module assessment
-  description: Check your knowledge.
-  ms.date: 01/22/2024
-  author: asudbring
-  ms.author: allensu
-  ms.topic: unit
-durationInMinutes: 4
-content: |
-  [!include[](includes/5-knowledge-check.md)]
-quiz:
-  title: Check your knowledge
-  questions:
-  - content: "Suppose a company wants clients in their Azure virtual network to have secure and nonpublic access to a particular Azure resource. Which of the following technologies should their IT staff add to their virtual network?"
-    choices:
-    - content: "Azure Service Endpoint"
-      isCorrect: false
-      explanation: "Incorrect. With Azure Service Endpoint, access to the resource still uses the resource's public IP address."
-    - content: "Azure Private Endpoint"
-      isCorrect: true
-      explanation: "Correct. Adding a Private Endpoint to a virtual network enables clients to access an Azure resource privately."
-    - content: "Azure Firewall"
-      isCorrect: false
-      explanation: "Incorrect. Implementing a firewall doesn't change resource access from public to private."
-  - content: "Suppose a company wants to give private access to Azure resources via an Azure virtual network. How does Azure Private Endpoint map an Azure resource to offer private access?"
-    choices:
-    - content: "By using an IP address from a subnet of an Azure virtual network."
-      isCorrect: true
-      explanation: "Correct. Private Endpoint maps an unused IP address from the address space of the subnet in which it resides."
-    - content: "By using a private IP address supplied by Azure."
-      isCorrect: false
-      explanation: "Incorrect. Azure doesn't supply an IP address to Private Endpoint."
-    - content: "By using Azure ExpressRoute private peering."
-      isCorrect: false
-      explanation: "Incorrect. ExpressRoute private peering is a technology that peers an on-premises network to an Azure virtual network."
-  - content: "Suppose a company wants to offer private access to a custom Azure service via Azure Private Link Service. Which of the following technologies is a requirement for implementing Private Link Service?" 
-    choices:
-    - content: "Azure Application Gateway"
-      isCorrect: false
-      explanation: "Incorrect. Application Gateway isn't a requirement for using Private Link Service."
-    - content: "Azure Basic Load Balancer"
-      isCorrect: false
-      explanation: "Incorrect. Azure's basic version of its load balancer doesn't support Private Link Service."
-    - content: "Azure Standard Load Balancer"
-      isCorrect: true
-      explanation: "Correct. Azure's standard version of its load balancer is the one you must use for Private Link Service."
-
+### YamlMime:ModuleUnit
+uid: learn.introduction-azure-private-link.5-knowledge-check
+title: Module assessment
+metadata:
+  title: Module assessment
+  description: Check your knowledge.
+  ms.date: 04/17/2025
+  author: asudbring
+  ms.author: allensu
+  ms.topic: unit
+durationInMinutes: 4
+content: |
+  [!include[](includes/5-knowledge-check.md)]
+quiz:
+  title: Check your knowledge
+  questions:
+  - content: "Suppose a company wants to give clients in their Azure virtual network secure and nonpublic access to a particular Azure resource. Which of the following technologies should their IT staff add to their virtual network?"
+    choices:
+    - content: "Azure Service Endpoint"
+      isCorrect: false
+      explanation: "Incorrect. With Azure Service Endpoint, access to the resource still uses the resource's public IP address."
+    - content: "Azure Private Endpoint"
+      isCorrect: true
+      explanation: "Correct. Adding a Private Endpoint to a virtual network enables clients to access an Azure resource privately."
+    - content: "Azure Firewall"
+      isCorrect: false
+      explanation: "Incorrect. Implementing a firewall doesn't change resource access from public to private."
+  - content: "Suppose a company wants to give private access to Azure resources via an Azure virtual network. How does Azure Private Endpoint map an Azure resource to offer private access?"
+    choices:
+    - content: "By using an IP address from a subnet of an Azure virtual network."
+      isCorrect: true
+      explanation: "Correct. Private Endpoint maps an unused IP address from the address space of the subnet in which it resides."
+    - content: "By using a private IP address supplied by Azure."
+      isCorrect: false
+      explanation: "Incorrect. Azure doesn't supply an IP address to Private Endpoint."
+    - content: "By using Azure ExpressRoute private peering."
+      isCorrect: false
+      explanation: "Incorrect. ExpressRoute private peering is a technology that peers an on-premises network to an Azure virtual network."
+  - content: "Suppose a company wants to offer private access to a custom Azure service via Azure Private Link Service. Which of the following technologies is a requirement for implementing Private Link Service?" 
+    choices:
+    - content: "Azure Application Gateway"
+      isCorrect: false
+      explanation: "Incorrect. Application Gateway isn't a requirement for using Private Link Service."
+    - content: "Azure Basic Load Balancer"
+      isCorrect: false
+      explanation: "Incorrect. Azure's basic version of its load balancer doesn't support Private Link Service."
+    - content: "Azure Standard Load Balancer"
+      isCorrect: true
+      explanation: "Correct. Azure's standard version of its load balancer is the one you must use for Private Link Service."
+

learn-pr/azure-networking/introduction-azure-private-link/6-summary.yml

@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.introduction-azure-private-link.6-summary
-title: Summary
-metadata:
-  title: Summary
-  description: Summary.
-  ms.date: 01/22/2024
-  author: asudbring
-  ms.author: allensu
-  ms.topic: unit
-durationInMinutes: 2
-content: |
-  [!include[](includes/6-summary.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.introduction-azure-private-link.6-summary
+title: Summary
+metadata:
+  title: Summary
+  description: Summary.
+  ms.date: 04/17/2025
+  author: asudbring
+  ms.author: allensu
+  ms.topic: unit
+durationInMinutes: 2
+content: |
+  [!include[](includes/6-summary.md)]
+

learn-pr/azure-networking/introduction-azure-private-link/includes/2-what-is-azure-private-link.md

@@ -1,6 +1,6 @@
 Before you learn about Azure Private Link and its features and benefits, let's examine the problem that Private Link is designed to solve.
 
-Contoso has an Azure virtual network and you want to connect to a PaaS resource such as an Azure SQL database. When you create such resources, you normally specify a *public endpoint* as the connectivity method.
+Contoso has an Azure virtual network and wants to connect it to a PaaS resource such as an Azure SQL database. When you create such resources, you normally specify a *public endpoint* as the connectivity method.
 
 Having a public endpoint means that the resource is assigned a public IP address. So, even though both your virtual network and the Azure SQL database are located within the Azure cloud, the connection between them takes place over the internet.
 
@@ -29,26 +29,26 @@ Private Link provides secure access to Azure services. Private Link achieves tha
 Private Endpoint is the key technology behind Private Link. Private Endpoint is a network interface that enables a private and secure connection between your virtual network and an Azure service. In other words, Private Endpoint is the network interface that replaces the resource's public endpoint.
 
 > [!NOTE]
-> Private Endpoint is not a free service. You pay a set fee per hour, as well as a set fee per gigabyte for both inbound and outbound traffic that passes through the Private Endpoint.
+> Private Endpoint isn't a free service. You pay a set fee per hour, and a set fee per gigabyte for both inbound and outbound traffic that passes through the Private Endpoint.
 
 ## What is Azure Private Link Service?
 
-Private Link gives you private access from your Azure virtual network to PaaS services and Microsoft Partner services in Azure. However, what if your company has created its own Azure services for your company's customers to consume? Is it possible to offer those customers a private connection to your company's services?
+Private Link gives you private access from your Azure virtual network to PaaS services and Microsoft Partner services in Azure. However, what if your company creates its own Azure services for your company's customers to consume? Is it possible to offer those customers a private connection to your company's services?
 
 Yes, by using Azure Private Link Service. This service lets you offer Private Link connections to your custom Azure services. Consumers of your custom services can then access those services privately—that is, without using the internet—from their own Azure virtual networks.
 
 > [!NOTE]
-> There is no charge to use Private Link Service.
+> There's no charge to use Private Link Service.
 
 ## Key benefits of Private Link
 
 Private Link working together with Private Endpoint and Private Link Service provides the following benefits:
 
 * Private access to PaaS services and Microsoft Partner services on Azure. When you use Private Endpoint, Azure services are mapped to your Azure virtual network. It doesn't matter that the Azure resource is in a different virtual network and in a different Active Directory tenant. To users in your Azure virtual network, the resource appears to be part of that network.
 * Private access to Azure services in any region. Private Link works globally. The private connection to an Azure service works even if that service's virtual network is in a different region than your own virtual network.
-* Nonpublic routes to Azure services. Once an Azure service has been mapped to your virtual network, the traffic route changes. All inbound and outbound traffic between your virtual network and the Azure service travels over the Microsoft Azure backbone network. The public internet is never used for service traffic.
+* Nonpublic routes to Azure services. Once an Azure service is mapped to your virtual network, the traffic route changes. All inbound and outbound traffic between your virtual network and the Azure service travels over the Microsoft Azure backbone network. The public internet is never used for service traffic.
 * Public endpoints are no longer required. Because all traffic to and from a mapped Azure service now flows over the Microsoft Azure backbone, the public endpoint for the service is no longer required. You can disable that public endpoint and therefore eliminate a possible security threat.
-* Your peered Azure virtual networks also get access to Private Link-powered resources. If you're using one or more peered Azure virtual networks, no extra configuration is needed for those peered networks to access a private Azure resource. Clients within any peered network can access whatever Private Endpoint you've mapped to an Azure service.
+* Your peered Azure virtual networks also get access to Private Link-powered resources. If you're using one or more peered Azure virtual networks, no extra configuration is needed for those peered networks to access a private Azure resource. Clients within any peered network can access whatever Private Endpoint you map to an Azure service.
 * Your on-premises network also gets access to Private Link-powered resources. Does your on-premises network connect to your Azure virtual network using either ExpressRoute private peering or a VPN tunnel? If so, no extra configuration is needed for clients within the on-premises network to access a private Azure resource.
 * Protection against data exfiltration. When you map a Private Endpoint to an Azure service, you map to a specific instance of that service. For example, if you're setting up private access to Azure Storage, you map the access to a blob, table, or other storage instance. If a virtual machine in your network gets compromised, the attacker can't move or copy data to another resource instance.
 * Private access to your own Azure services. You can implement Private Link Service and offer customers private access to your custom Azure services.

learn-pr/azure-networking/introduction-azure-private-link/includes/3-how-azure-private-link-works.md

@@ -21,7 +21,7 @@ Private Endpoint takes an unused private IP address from the address space of a
 Private Endpoint gets an IP address from the same address space, such as 10.1.0.32. Private Endpoint then maps that address to a specified Azure service. Using the private IP address effectively brings the service into your virtual network.
 
 > [!NOTE]
-> Clients that connect to a Private Link resource don't need to use the Private Endpoint's assigned IP address in the connection string. Instead, if you configure the Private Endpoint to integrate with your private DNS zone, then Azure automatically assigns a FQDN to the endpoint. For example, if the Private Link resource is an Azure Storage table, the FQDN will be something like mystorageaccount1234.table.core.windows.net.
+> Clients that connect to a Private Link resource don't need to use the IP address assigned to the Private Endpoint in the connection string. Instead, if you configure the Private Endpoint to integrate with your private DNS zone, then Azure automatically assigns a fully qualified domain name (FQDN) to the endpoint. For example, if the Private Link resource is an Azure Storage table, the FQDN is something like mystorageaccount1234.table.core.windows.net.
 
 Here are a few key points to consider when evaluating Private Endpoint:
 
@@ -34,11 +34,11 @@ Here are a few key points to consider when evaluating Private Endpoint:
 * You can map a maximum of 1,000 Private Endpoint interfaces to the same Private Link resource.
 
 > [!CAUTION]
-> Although it's possible to map multiple Private Endpoint interfaces to a single resource, it's not recommended because doing so can lead to DNS conflicts and other problems. The best practice is to map only a single Private Endpoint to a single Private Link resource.
+> Although it's possible to map multiple Private Endpoint interfaces to a single resource, it isn't recommended. Doing so can lead to Domain Name System (DNS) conflicts and other problems. The best practice is to map only a single Private Endpoint to a single Private Link resource.
 
 * Connections are one way, meaning that only clients can connect to a Private Endpoint interface. If an Azure service is mapped to a Private Endpoint interface, the provider of that service can't connect to (or even perceive) the Private Endpoint interface.
 * A deployed Private Endpoint interface is read-only, meaning that no one can modify it. For example, no one can map the interface to a different resource, nor can anyone change the interface's IP address.
-* Although you must deploy the Private Endpoint in the same region as your virtual network, the Private Link resource can be located in a different region.
+* You must deploy the Private Endpoint in the same region as your virtual network, but the Private Link resource can be located in a different region.
 
 > [!NOTE]
 > What is the difference between a service endpoint and a private endpoint? A *service endpoint* configures an Azure resource to allow connections only from a specified virtual network. However, that connection is still made via the resource's public endpoint, so some security risks remain. Private Endpoint removes those risks by supporting the disabling of a resource's public endpoint.