review-1

Author: v-thpra

learn-pr/azure-networking/introduction-azure-private-link/5-knowledge-check.yml

@@ -1,50 +1,50 @@
-### YamlMime:ModuleUnit
-uid: learn.introduction-azure-private-link.5-knowledge-check
-title: Module assessment
-metadata:
-  title: Module assessment
-  description: Check your knowledge.
-  ms.date: 01/22/2024
-  author: asudbring
-  ms.author: allensu
-  ms.topic: unit
-durationInMinutes: 4
-content: |
-  [!include[](includes/5-knowledge-check.md)]
-quiz:
-  title: Check your knowledge
-  questions:
-  - content: "Suppose a company wants clients in their Azure virtual network to have secure and nonpublic access to a particular Azure resource. Which of the following technologies should their IT staff add to their virtual network?"
-    choices:
-    - content: "Azure Service Endpoint"
-      isCorrect: false
-      explanation: "Incorrect. With Azure Service Endpoint, access to the resource still uses the resource's public IP address."
-    - content: "Azure Private Endpoint"
-      isCorrect: true
-      explanation: "Correct. Adding a Private Endpoint to a virtual network enables clients to access an Azure resource privately."
-    - content: "Azure Firewall"
-      isCorrect: false
-      explanation: "Incorrect. Implementing a firewall doesn't change resource access from public to private."
-  - content: "Suppose a company wants to give private access to Azure resources via an Azure virtual network. How does Azure Private Endpoint map an Azure resource to offer private access?"
-    choices:
-    - content: "By using an IP address from a subnet of an Azure virtual network."
-      isCorrect: true
-      explanation: "Correct. Private Endpoint maps an unused IP address from the address space of the subnet in which it resides."
-    - content: "By using a private IP address supplied by Azure."
-      isCorrect: false
-      explanation: "Incorrect. Azure doesn't supply an IP address to Private Endpoint."
-    - content: "By using Azure ExpressRoute private peering."
-      isCorrect: false
-      explanation: "Incorrect. ExpressRoute private peering is a technology that peers an on-premises network to an Azure virtual network."
-  - content: "Suppose a company wants to offer private access to a custom Azure service via Azure Private Link Service. Which of the following technologies is a requirement for implementing Private Link Service?" 
-    choices:
-    - content: "Azure Application Gateway"
-      isCorrect: false
-      explanation: "Incorrect. Application Gateway isn't a requirement for using Private Link Service."
-    - content: "Azure Basic Load Balancer"
-      isCorrect: false
-      explanation: "Incorrect. Azure's basic version of its load balancer doesn't support Private Link Service."
-    - content: "Azure Standard Load Balancer"
-      isCorrect: true
-      explanation: "Correct. Azure's standard version of its load balancer is the one you must use for Private Link Service."
-
+### YamlMime:ModuleUnit
+uid: learn.introduction-azure-private-link.5-knowledge-check
+title: Module assessment
+metadata:
+  title: Module assessment
+  description: Check your knowledge.
+  ms.date: 01/22/2024
+  author: asudbring
+  ms.author: allensu
+  ms.topic: unit
+durationInMinutes: 4
+content: |
+  [!include[](includes/5-knowledge-check.md)]
+quiz:
+  title: Check your knowledge
+  questions:
+  - content: "Suppose a company wants to give clients in their Azure virtual network secure and nonpublic access to a particular Azure resource. Which of the following technologies should their IT staff add to their virtual network?"
+    choices:
+    - content: "Azure Service Endpoint"
+      isCorrect: false
+      explanation: "Incorrect. With Azure Service Endpoint, access to the resource still uses the resource's public IP address."
+    - content: "Azure Private Endpoint"
+      isCorrect: true
+      explanation: "Correct. Adding a Private Endpoint to a virtual network enables clients to access an Azure resource privately."
+    - content: "Azure Firewall"
+      isCorrect: false
+      explanation: "Incorrect. Implementing a firewall doesn't change resource access from public to private."
+  - content: "Suppose a company wants to give private access to Azure resources via an Azure virtual network. How does Azure Private Endpoint map an Azure resource to offer private access?"
+    choices:
+    - content: "By using an IP address from a subnet of an Azure virtual network."
+      isCorrect: true
+      explanation: "Correct. Private Endpoint maps an unused IP address from the address space of the subnet in which it resides."
+    - content: "By using a private IP address supplied by Azure."
+      isCorrect: false
+      explanation: "Incorrect. Azure doesn't supply an IP address to Private Endpoint."
+    - content: "By using Azure ExpressRoute private peering."
+      isCorrect: false
+      explanation: "Incorrect. ExpressRoute private peering is a technology that peers an on-premises network to an Azure virtual network."
+  - content: "Suppose a company wants to offer private access to a custom Azure service via Azure Private Link Service. Which of the following technologies is a requirement for implementing Private Link Service?" 
+    choices:
+    - content: "Azure Application Gateway"
+      isCorrect: false
+      explanation: "Incorrect. Application Gateway isn't a requirement for using Private Link Service."
+    - content: "Azure Basic Load Balancer"
+      isCorrect: false
+      explanation: "Incorrect. Azure's basic version of its load balancer doesn't support Private Link Service."
+    - content: "Azure Standard Load Balancer"
+      isCorrect: true
+      explanation: "Correct. Azure's standard version of its load balancer is the one you must use for Private Link Service."
+

learn-pr/azure-networking/introduction-azure-private-link/includes/2-what-is-azure-private-link.md

@@ -1,6 +1,6 @@
 Before you learn about Azure Private Link and its features and benefits, let's examine the problem that Private Link is designed to solve.
 
-Contoso has an Azure virtual network and you want to connect to a PaaS resource such as an Azure SQL database. When you create such resources, you normally specify a *public endpoint* as the connectivity method.
+Contoso has an Azure virtual network and wants to connect it to a PaaS resource such as an Azure SQL database. When you create such resources, you normally specify a *public endpoint* as the connectivity method.
 
 Having a public endpoint means that the resource is assigned a public IP address. So, even though both your virtual network and the Azure SQL database are located within the Azure cloud, the connection between them takes place over the internet.
 
@@ -29,26 +29,26 @@ Private Link provides secure access to Azure services. Private Link achieves tha
 Private Endpoint is the key technology behind Private Link. Private Endpoint is a network interface that enables a private and secure connection between your virtual network and an Azure service. In other words, Private Endpoint is the network interface that replaces the resource's public endpoint.
 
 > [!NOTE]
-> Private Endpoint is not a free service. You pay a set fee per hour, as well as a set fee per gigabyte for both inbound and outbound traffic that passes through the Private Endpoint.
+> Private Endpoint isn't a free service. You pay a set fee per hour, and a set fee per gigabyte for both inbound and outbound traffic that passes through the Private Endpoint.
 
 ## What is Azure Private Link Service?
 
-Private Link gives you private access from your Azure virtual network to PaaS services and Microsoft Partner services in Azure. However, what if your company has created its own Azure services for your company's customers to consume? Is it possible to offer those customers a private connection to your company's services?
+Private Link gives you private access from your Azure virtual network to PaaS services and Microsoft Partner services in Azure. However, what if your company creates its own Azure services for your company's customers to consume? Is it possible to offer those customers a private connection to your company's services?
 
 Yes, by using Azure Private Link Service. This service lets you offer Private Link connections to your custom Azure services. Consumers of your custom services can then access those services privately—that is, without using the internet—from their own Azure virtual networks.
 
 > [!NOTE]
-> There is no charge to use Private Link Service.
+> There's no charge to use Private Link Service.
 
 ## Key benefits of Private Link
 
 Private Link working together with Private Endpoint and Private Link Service provides the following benefits:
 
 * Private access to PaaS services and Microsoft Partner services on Azure. When you use Private Endpoint, Azure services are mapped to your Azure virtual network. It doesn't matter that the Azure resource is in a different virtual network and in a different Active Directory tenant. To users in your Azure virtual network, the resource appears to be part of that network.
 * Private access to Azure services in any region. Private Link works globally. The private connection to an Azure service works even if that service's virtual network is in a different region than your own virtual network.
-* Nonpublic routes to Azure services. Once an Azure service has been mapped to your virtual network, the traffic route changes. All inbound and outbound traffic between your virtual network and the Azure service travels over the Microsoft Azure backbone network. The public internet is never used for service traffic.
+* Nonpublic routes to Azure services. Once an Azure service is mapped to your virtual network, the traffic route changes. All inbound and outbound traffic between your virtual network and the Azure service travels over the Microsoft Azure backbone network. The public internet is never used for service traffic.
 * Public endpoints are no longer required. Because all traffic to and from a mapped Azure service now flows over the Microsoft Azure backbone, the public endpoint for the service is no longer required. You can disable that public endpoint and therefore eliminate a possible security threat.
-* Your peered Azure virtual networks also get access to Private Link-powered resources. If you're using one or more peered Azure virtual networks, no extra configuration is needed for those peered networks to access a private Azure resource. Clients within any peered network can access whatever Private Endpoint you've mapped to an Azure service.
+* Your peered Azure virtual networks also get access to Private Link-powered resources. If you're using one or more peered Azure virtual networks, no extra configuration is needed for those peered networks to access a private Azure resource. Clients within any peered network can access whatever Private Endpoint you map to an Azure service.
 * Your on-premises network also gets access to Private Link-powered resources. Does your on-premises network connect to your Azure virtual network using either ExpressRoute private peering or a VPN tunnel? If so, no extra configuration is needed for clients within the on-premises network to access a private Azure resource.
 * Protection against data exfiltration. When you map a Private Endpoint to an Azure service, you map to a specific instance of that service. For example, if you're setting up private access to Azure Storage, you map the access to a blob, table, or other storage instance. If a virtual machine in your network gets compromised, the attacker can't move or copy data to another resource instance.
 * Private access to your own Azure services. You can implement Private Link Service and offer customers private access to your custom Azure services.

learn-pr/azure-networking/introduction-azure-private-link/includes/3-how-azure-private-link-works.md

@@ -21,7 +21,7 @@ Private Endpoint takes an unused private IP address from the address space of a
 Private Endpoint gets an IP address from the same address space, such as 10.1.0.32. Private Endpoint then maps that address to a specified Azure service. Using the private IP address effectively brings the service into your virtual network.
 
 > [!NOTE]
-> Clients that connect to a Private Link resource don't need to use the Private Endpoint's assigned IP address in the connection string. Instead, if you configure the Private Endpoint to integrate with your private DNS zone, then Azure automatically assigns a FQDN to the endpoint. For example, if the Private Link resource is an Azure Storage table, the FQDN will be something like mystorageaccount1234.table.core.windows.net.
+> Clients that connect to a Private Link resource don't need to use the IP address assigned to the Private Endpoint in the connection string. Instead, if you configure the Private Endpoint to integrate with your private DNS zone, then Azure automatically assigns a fully qualified domain name (FQDN) to the endpoint. For example, if the Private Link resource is an Azure Storage table, the FQDN is something like mystorageaccount1234.table.core.windows.net.
 
 Here are a few key points to consider when evaluating Private Endpoint:
 
@@ -34,11 +34,11 @@ Here are a few key points to consider when evaluating Private Endpoint:
 * You can map a maximum of 1,000 Private Endpoint interfaces to the same Private Link resource.
 
 > [!CAUTION]
-> Although it's possible to map multiple Private Endpoint interfaces to a single resource, it's not recommended because doing so can lead to DNS conflicts and other problems. The best practice is to map only a single Private Endpoint to a single Private Link resource.
+> Although it's possible to map multiple Private Endpoint interfaces to a single resource, it isn't recommended. Doing so can lead to Domain Name System (DNS) conflicts and other problems. The best practice is to map only a single Private Endpoint to a single Private Link resource.
 
 * Connections are one way, meaning that only clients can connect to a Private Endpoint interface. If an Azure service is mapped to a Private Endpoint interface, the provider of that service can't connect to (or even perceive) the Private Endpoint interface.
 * A deployed Private Endpoint interface is read-only, meaning that no one can modify it. For example, no one can map the interface to a different resource, nor can anyone change the interface's IP address.
-* Although you must deploy the Private Endpoint in the same region as your virtual network, the Private Link resource can be located in a different region.
+* You must deploy the Private Endpoint in the same region as your virtual network, but the Private Link resource can be located in a different region.
 
 > [!NOTE]
 > What is the difference between a service endpoint and a private endpoint? A *service endpoint* configures an Azure resource to allow connections only from a specified virtual network. However, that connection is still made via the resource's public endpoint, so some security risks remain. Private Endpoint removes those risks by supporting the disabling of a resource's public endpoint.

learn-pr/azure-networking/introduction-azure-private-link/includes/4-when-to-use-azure-private-link.md

@@ -11,7 +11,7 @@ As part of your Azure Private Link evaluation, you know that Contoso has several
 
 ## Bringing Azure PaaS services into your virtual network
 
-Depending on the resource and how it's configured, connecting to Azure PaaS services can be complicated. Private Link reduces that complexity by making Azure services appear to be just another node on your Azure virtual network. With a Private Link resource now effectively part of your virtual network, clients can use a relatively straightforward FQDN to make the connection.
+Depending on the resource and how you configure it, connecting to Azure PaaS services can be complicated. Private Link reduces that complexity by making Azure services appear to be just another node on your Azure virtual network. With a Private Link resource now effectively part of your virtual network, clients can use a relatively straightforward fully qualified domain name (FQDN) to make the connection.
 
 ## Securing traffic between your company network and the Azure cloud
 
@@ -27,7 +27,7 @@ Most Azure PaaS resources are internet-facing. These resources have, by default,
 
 The public endpoint exposes the resource to the internet, which is by design. However, that endpoint can also act as an attack point for black-hat hackers seeking a way to infiltrate or disrupt the service.
 
-Private Link doesn't do anything to prevent such attacks. However, once you've created a Private Endpoint and mapped it to the Azure resource, you no longer need the resource's public endpoint. Fortunately, you can configure the resource to disable its public endpoint so that it no longer presents an attack surface to the internet.
+Private Link doesn't do anything to prevent such attacks. However, once you create a Private Endpoint and map it to the Azure resource, you no longer need the resource's public endpoint. Fortunately, you can configure the resource to disable its public endpoint so that it no longer presents an attack surface to the internet.
 
 ## Accessing Azure PaaS resources across networks
 
@@ -43,7 +43,7 @@ Without Private Link, these networks must create their own connections to a spec
 
 Suppose a virtual machine in your network is connected to an Azure service. It's often possible for a user on the virtual machine to access multiple resources in the Azure service. For example, if the service is Azure Storage, a user could access multiple blobs, tables, files, and so on.
 
-Now suppose that the user is a malicious infiltrator who has taken control of the virtual machine. In that scenario, the user could move data from one resource to another one that they control.
+Now suppose that the user is a malicious infiltrator who takes control of the virtual machine. In that scenario, the user could move data from one resource to another one that they control.
 
 This scenario is an example of *data exfiltration*. Private Link lowers the risk of data exfiltration by  mapping a Private Endpoint to a single instance of an Azure resource. An attacker might still be able view the data, but has no way to copy or move it to another resource.
 
@@ -57,7 +57,7 @@ Suppose your company creates custom Azure services. Who consumes those services?
 * Company suppliers or vendors.
 * Your company's employees.
 
-You can say that each consumer in the above list is a *customer* of your service.
+You can say that each consumer in this list is a *customer* of your service.
 
 There's an excellent chance that the data accessed and created by those customers is every bit as important as your company's data. So your customer's data deserves the same level of privacy and security as your company data.
 

learn-pr/azure-networking/introduction-azure-private-link/includes/6-summary.md

@@ -16,4 +16,4 @@ Here are some links to more information about Private Link:
 - [Azure Private Link pricing](https://azure.microsoft.com/pricing/details/private-link?azure-portal=true)
 - [Products available by region](https://azure.microsoft.com/global-infrastructure/services/?products=private-link&regions=all)
 - [Azure updates](https://azure.microsoft.com/updates/?product=private-link)
-- [SLA for Azure Private Link](https://azure.microsoft.com/support/legal/sla/private-link/v1_0/)
+- [Service Level Agreements (SLA) for Online Services (Search on Private Link)](https://azure.microsoft.com/support/legal/sla/)