Address Reviewer Feedback

Author: Orin-Thomas

learn-pr/advocates/intro-ai-agent-service-security-controls/1-understand-azure-ai-agent-service.yml

@@ -3,7 +3,7 @@ uid: learn.introduction-ai-agent-service-security-controls.understand-azure-ai-a
 title: Understand the Azure AI Agent Service
 metadata:
   title: Understand the Azure AI Agent Service
-  description: Lern about the Azure AI Agent Service.
+  description: Learn about the Azure AI Agent Service.
   ms.date: 03/20/2025
   author: Orin-Thomas
   ms.author: orthomas

learn-pr/advocates/intro-ai-agent-service-security-controls/includes/1-understand-azure-ai-agent-service.md

@@ -2,10 +2,10 @@ Azure AI Agent Service is a fully managed service designed to empower developers
 
 An AI Agent acts as a "smart" microservice that can be used to answer questions (Retrieval Augmented Generation), perform actions, or completely automate workflows. AI agents achieve this by combining the power of generative AI models to understand information resources with tools that allow that model to access and interact with real-world data sources.
 
-Because Azure AI Agent Service is a service fully managed by Microsoft, you can focus on building workflows and the agents that power them without needing to worry about scaling, security, or management of the underlying infrastructure for individual agents. 
+Because Azure AI Agent Service is a service fully managed by Microsoft, you can focus on building workflows and the agents that power them without needing to worry about scaling, security, or management of the underlying infrastructure for individual agents.
 
 As Azure AI Agent Service is a service managed by Microsoft and you don't need to worry about the underlying security of its moving parts, you should still apply standard security principals when you use the AI agent service. These principles include:
 
 - Restrict access to the service using role based access control. Ensure that only appropriate security principals can interact with the AI agent service.
-- Restrict the access of the AI Agent service. The AI Agent service will be interacting with sensitive resources, such as organizational data. Ensure that the scope of this access is limited and that the AI Agent service and its tools only has necessary visibility of resources such as data stores.
+- Restrict the access of the AI Agent service. The AI Agent service is interacting with sensitive resources, such as organizational data. Ensure that the scope of this access is limited and that the AI Agent service and its tools only have necessary visibility of resources such as data stores.
 - Restrict network access to the AI Agent service and the network access of the AI agent service. Limit which network hosts can interact with the AI Agent service and control which network hosts the AI Agent service and it's associated tools are able to reach.

learn-pr/advocates/intro-ai-agent-service-security-controls/includes/2-secure-azure-ai-agent-service.md

@@ -2,10 +2,10 @@ In Azure AI Foundry, Agents are associated with projects and projects are locate
 
 Projects function as isolated development spaces, allowing developers and data scientists to build, test, and deploy AI systems. Each time a new project gets created within a hub, it automatically inherits that hub's security settings. Agents, being part of projects, can leverage the resources and configurations set at both the hub and project levels.
 
-You can apply security controls through the Azure AI Foundry interface or by applying security controls through the Azure portal. When you deploy a hub and project, these resources are stored within a resource group in your Azure subscription. The Azure AI Foundry provides an abstracted way of interacting with these security controls without requiring an understanding of Azure administration principles.  Azure AI Foundry allows you to configure role based access control roles. Within the Azure portal, you can configure the following security settings at the Azure AI Hub level:
+You can apply security controls through the Azure AI Foundry interface or by applying security controls through the Azure portal. When you deploy a hub and project, these resources are stored within a resource group in your Azure subscription. The Azure AI Foundry provides an abstracted way of interacting with these security controls without requiring an understanding of Azure administration principles. Azure AI Foundry allows you to configure role based access control roles. Within the Azure portal, you can configure the following security settings at the Azure AI Hub level:
 
 - Role based access control
 - Network access
 - Monitoring alerts, metrics and logs
 
-At the Azure AI project level, you can configure role based access control, monitoring alerts, metrics, and logs, but can't configure network access restrictions. In most scenarios you'll configure security controls related to Azure AI Agents Service agents at the hub level. When you need to have different sets of security controls, you'll host Azure AI Agent Service agents in different Azure AI hubs.
+At the Azure AI project level, you can configure role based access control, monitoring alerts, metrics, and logs, but can't configure network access restrictions. In most scenarios you configure security controls related to Azure AI Agents Service agents at the hub level. When you need to have different sets of security controls, you host Azure AI Agent Service agents in different Azure AI hubs.

learn-pr/advocates/intro-ai-agent-service-security-controls/includes/3-azure-ai-agent-service-role-based-access-control.md

@@ -33,4 +33,4 @@ When you create a hub, the built-in role-based access control permissions grant
 - The resource you're trying to use has permissions set up to allow you to access it.
 - Your hub is allowed to access it.
 
-For example, if you're trying to consume a new Blob storage that isn't hosted within the associated Azure AI hub. In this circumstance you need to ensure that hub's managed identity is added to the Blob Storage Reader role for the Blob. You will also need to ensure that you have configured workplace managed outbound access to allow network communication to the endpoint associated with the blob storage. Network access configuration is covered in more detail by the next unit.
+For example, if you're trying to consume a new Blob storage that isn't hosted within the associated Azure AI hub. In this circumstance, you need to ensure that hub's managed identity is added to the Blob Storage Reader role for the Blob. You'll also need to ensure that you have configured workplace managed outbound access to allow network communication to the endpoint associated with the blob storage. Network access configuration is covered in more detail by the next unit.

learn-pr/advocates/intro-ai-agent-service-security-controls/includes/4-agent-service-network-access.md

@@ -9,8 +9,8 @@ You have the following options when configuring network access:
   - Allow Internet Outbound: Compute can access private resources and outbound data movement is unrestricted.
   - Allow Only Approved Outbound. Compute can access resources that specifically allowlisted and outbound data movement is restricted to approved addresses.
 
-![Screenshot of Azure AI Hub networking configuraiton in Azure portal](../media/networking-configuration.png)
+![Screenshot of Azure AI Hub networking configuraiton in Azure portal.](../media/networking-configuration.png)
 
 To access your non-Azure resources located in a different virtual network or located entirely on-premises from your Azure AI Foundry's managed virtual network, you need to configure and deploy an Application Gateway. Through this Application Gateway, you can configure full end to end access to your resources. Once you configure the Application Gateway, you can create a private endpoint from the Azure AI Foundry hub's managed virtual network to the Application Gateway. With the private endpoint, the full end to end path is secured and not routed through the Internet.
 
-![Architecture diagram of Application Gateway connection from Azure AI Foundary to external resources](../media/ai-foundry-app-gateway.png)
+![Architecture diagram of Application Gateway connection from Azure AI Foundary to external resources.](../media/ai-foundry-app-gateway.png)