Line edits2

lootle1 · lootle1 · commit 77cfb0043171 · 2025-07-09T15:27:10.000-05:00
diff --git a/learn-pr/azure/azure-vmware-solution/9-exercise-configure-custom-router.yml b/learn-pr/azure/azure-vmware-solution/9-exercise-configure-custom-router.yml
@@ -32,16 +32,16 @@ quiz:
           explanation: "Incorrect. Azure vWAN can create and inject default route."
     - content: "How many private IP addresses are assigned to Azure Route Server?"
       choices:
-        - content: "0"
+        - content: "Zero"
           isCorrect: false
           explanation: "Incorrect. Two private IP addresses are assigned to Azure Route Server."
-        - content: "1"
+        - content: "One"
           isCorrect: false
           explanation: "Incorrect. Two private IP addresses are assigned to Azure Route Server."
-        - content: "2"
+        - content: "Two"
           isCorrect: true
           explanation: "Correct. Two private IP addresses are assigned to Azure Route Server."
-        - content: "3"
+        - content: "Three"
           isCorrect: false
           explanation: "Incorrect. Two private IP addresses are assigned to Azure Route Server."
 
diff --git a/learn-pr/azure/azure-vmware-solution/includes/10-network-security-management.md b/learn-pr/azure/azure-vmware-solution/includes/10-network-security-management.md
@@ -6,7 +6,7 @@ Azure Firewall is configured in "block by default" design. It means any network
 
 ## Outbound network rules
 
-While "block by default" is a good principle, you need legitimate traffic to be excluded from this principle.  You can use one of the two features provided by Azure Firewall to exclude legitimate traffic from "block by default" configuration.
+While "block by default" is a good principle, you need legitimate traffic to be excluded from this principle. You can use one of the two features provided by Azure Firewall to exclude legitimate traffic from "block by default" configuration.
 
 The first feature is called "classic rules" or just "rules." Each Azure Firewall instance is configured with a rule, which consists of a protocol, source IP address space, source ports, destination IP address space, and destination ports. This is an excellent choice for smaller deployments. But for enterprise-grade deployments, this approach has limited scalability as the rules are defined per Azure Firewall instance. When there are multiple Azure Firewall instances, the process of defining rules becomes repetitive and difficult to manage. This is where the second feature, which uses Azure Firewall policy, becomes handy. By using Azure Firewall policy, rules are defined only once and then applied to multiple Azure Firewall instances.
 
diff --git a/learn-pr/azure/azure-vmware-solution/includes/2-outbound-internet-connectivity.md b/learn-pr/azure/azure-vmware-solution/includes/2-outbound-internet-connectivity.md
@@ -8,7 +8,7 @@ Choosing the right way for outbound internet connectivity depends upon whether y
 
 ## Controlling internet traffic
 
-Contoso has very prescriptive requirements on how workloads should be connected to the internet. Such requirements allow Contoso to have a centralized exit for internet bound traffic from all applications running inside and outside of Azure VMware Solution.  To meet these requirements, Contoso wants to implement customized internet outbound connectivity on top of options provided by Azure VMware Solution.
+Contoso has very prescriptive requirements on how workloads should be connected to the internet. Such requirements allow Contoso to have a centralized exit for internet bound traffic from all applications running inside and outside of Azure VMware Solution. To meet these requirements, Contoso wants to implement customized internet outbound connectivity on top of options provided by Azure VMware Solution.
 
 ### Disable outbound internet connectivity
 
diff --git a/learn-pr/azure/azure-vmware-solution/includes/4-exchange-routes-with-avs.md b/learn-pr/azure/azure-vmware-solution/includes/4-exchange-routes-with-avs.md
@@ -2,7 +2,7 @@
 
 ## Network paths in Azure VMware Solution private cloud
 
-Azure VMware Solution private cloud contains a management segment which is used to run infrastructure services such as vSAN, NSX Data Center, private cloud management, etc. Additionally, there can be one or more network segments for running applications, commonly referred to as workload segments. Management and workload segments both use the private IP address space. Virtual machines (VMs) running on a workload segment can communicate with each other. However, extra configuration is required for workload segment VMs to communicate outside of Azure VMware Solution private cloud which is discussed in the [Default outbound internet connectivity for Azure VMware Solution](../2-outbound-internet-connectivity.yml) unit.
+Azure VMware Solution private cloud contains a management segment, which is used to run infrastructure services such as vSAN, NSX Data Center, private cloud management, etc. Additionally, there can be one or more network segments for running applications, commonly referred to as workload segments. Management and workload segments both use the private IP address space. Virtual machines (VMs) running on a workload segment can communicate with each other. However, extra configuration is required for workload segment VMs to communicate outside of Azure VMware Solution private cloud, which is discussed in the [Default outbound internet connectivity for Azure VMware Solution](../2-outbound-internet-connectivity.yml) unit.
 
 ## Network paths in Azure
 
diff --git a/learn-pr/azure/azure-vmware-solution/includes/6-securing-network-communication.md b/learn-pr/azure/azure-vmware-solution/includes/6-securing-network-communication.md
@@ -10,6 +10,6 @@ Contoso has multiple Azure Virtual Networks (VNets). Each VNet has multiple subn
 
 ## Firewall Internet Route
 
-After Contoso evaluated the requirements around protection and controlling of network traffic, they chose to use Azure Firewall. It's a stateful, managed firewall as a service. Azure Firewall provides traffic filtering through hybrid network connectivity using ExpressRoute and VPN gateways, which is relevant for Azure VMware Solution private cloud. While Azure Firewall can be used for traffic filtering, it needs direct access to the internet itself which is achieved by configuring the appropriate rules on the subnet in which Azure Firewall is deployed.
+After Contoso evaluated the requirements around protection and controlling of network traffic, they chose to use Azure Firewall. It's a stateful, managed firewall as a service. Azure Firewall provides traffic filtering through hybrid network connectivity using ExpressRoute and VPN gateways, which is relevant for Azure VMware Solution private cloud. While Azure Firewall can be used for traffic filtering, it needs direct access to the internet itself, and that's achieved by configuring the appropriate rules on the subnet in which Azure Firewall is deployed.
 
 Use instructions in the following unit for technical implementation of Azure Firewall and network traffic controls. This implementation helps to meet key network security requirements discussed in this unit.
diff --git a/learn-pr/azure/azure-vmware-solution/includes/8-using-frrouting-nva.md b/learn-pr/azure/azure-vmware-solution/includes/8-using-frrouting-nva.md
@@ -10,7 +10,7 @@ As part of Contoso's IT team, you developed deep knowledge of the NVA over the y
 
 ## Open-source
 
- NVAs can either be proprietary or open source. Open source NVAs are developed by the technical community as opposed to a commercial vendor. Proprietary NVAs incur additional costs but provide guaranteed support. With open source NVAs, you have access to source code and rely upon the technical community for any support. At Contoso, you use an open-source implementation for the NVA. Such an implementation gives you flexibility to use open protocols such as BGP. You can use NVA capability to generate a default route. NVAs offers simple integration with VMs and networks running in Azure.
+ NVAs can either be proprietary or open source. The technical community develops open source NVAs as opposed to a commercial vendor. Proprietary NVAs incur additional costs but provide guaranteed support. With open source NVAs, you have access to source code and rely upon the technical community for any support. At Contoso, you use an open-source implementation for the NVA. Such an implementation gives you flexibility to use open protocols such as BGP. You can use NVA capability to generate a default route. NVAs offers simple integration with VMs and networks running in Azure.
 
 The considerations previously discussed are the key reasons why Contoso uses FRRouting (FRR), an open source and free implementation for network routing.
 
diff --git a/learn-pr/azure/azure-vmware-solution/includes/9-exercise-configure-custom-router.md b/learn-pr/azure/azure-vmware-solution/includes/9-exercise-configure-custom-router.md
@@ -130,6 +130,6 @@ The following steps establish a BGP peer relationship between the FRR NVA and Az
 
     :::image type="content" source="../media/9-config-bgp-route-table.png" alt-text="Screenshot of Azure portal menu. The menu entry titled “ToInternet” route table highlights default route configured with Internet as next hop.":::
 
-At this point, you configured Azure VMware Solution private cloud to implement secure outbound internet connectivity. You deployed Azure Route Server for an effective route exchange between Azure VMware Solution private cloud and the NVA. You then deployed Azure Firewall as the exit point for all internet-bound traffic. This was followed-up by using FRR, a custom router which injects a default route with Azure Firewall as the next hop into Azure VMware Solution private cloud.
+At this point, you configured Azure VMware Solution private cloud to implement secure outbound internet connectivity. You deployed Azure Route Server for an effective route exchange between Azure VMware Solution private cloud and the NVA. You then deployed Azure Firewall as the exit point for all internet-bound traffic. This was followed-up by using FRR, a custom router that injects a default route with Azure Firewall as the next hop into Azure VMware Solution private cloud.
 
 In the next unit, you'll learn how to implement fine-grained access controls in Azure Firewall, which allows/denies network traffic from Azure VMware Solution private cloud.
diff --git a/learn-pr/azure/azure-vmware-solution/index.yml b/learn-pr/azure/azure-vmware-solution/index.yml
@@ -3,7 +3,7 @@ uid: learn.azure.azure-vmware-solution
 title: Secure outbound internet connectivity for Azure VMware Solution
 metadata:
   title: Secure Outbound Internet Connectivity for Azure VMware Solution
-  description: Secure outbound internet connectivity for Azure VMware Solution using Azure Route Server, Azure Firewall and third-party NVA
+  description: Secure outbound internet connectivity for Azure VMware Solution using Azure Route Server, Azure Firewall, and third-party NVA
   ms.date: 07/08/2025
   author: Mahesh-MSFT
   ms.author: maksh
