Line edits

lootle1 · lootle1 · commit fb8459e72a90 · 2025-05-29T10:17:37.000-05:00
diff --git a/learn-pr/azure/intro-to-azure-bastion/5-knowledge-check.yml b/learn-pr/azure/intro-to-azure-bastion/5-knowledge-check.yml
@@ -41,12 +41,12 @@ quiz:
     - content: "They must deploy Azure Bastion in a different virtual network from the one that contains the VMs."
       isCorrect: false
       explanation: "Incorrect. Azure Bastion must be in the same virtual network as the managed VMs."
-    - content: "They must deploy Azure Bastion in the same virtual network as the one that contains the VMs, and in the same subnet."
+    - content: "They must deploy Azure Bastion in the same virtual network as the one that contains the VMs and in the same subnet."
       isCorrect: false
       explanation: "Incorrect. Although Azure Bastion should be deployed in the same virtual network, it must be in a different subnet."
-    - content: "They must deploy Azure Bastion in the same virtual network as the one that contains the VMs, and in a different subnet."
+    - content: "They must deploy Azure Bastion in the same virtual network as the one that contains the VMs and in a different subnet."
       isCorrect: true
-      explanation: "Correct. Azure Bastion must be deployed in the same virtual network (or peered virtual network) as the VMs, but in its own subnet."
+      explanation: "Correct. Azure Bastion must be deployed in the same virtual network (or peered virtual network) as the VMs but in its own subnet."
   - content: "Your boss is concerned that by implementing Azure Bastion, you need to maintain it with patches and updates. Is your boss correct?"
     choices:
     - content: "No, your boss is wrong. Azure Bastion is a fully managed PaaS service that you don't need to patch or update."
diff --git a/learn-pr/azure/intro-to-azure-bastion/includes/1-introduction.md b/learn-pr/azure/intro-to-azure-bastion/includes/1-introduction.md
@@ -6,7 +6,7 @@ Server administrators understand that it's efficient to remotely administer and
 
 Suppose you have a line-of-business (LOB) app that supports your organization's research department. In the past, this app ran on a couple of Windows Server computers in your head office datacenter. Whenever you needed to administer the app, you connected using Remote Desktop Protocol (RDP) over TCP port **3389**. You also used Secure Shell (SSH), over port **22**, to administer the VMs. Because the app was hosted on a computing resource in a private datacenter, you had some concerns about access from malicious hackers over the internet. However, the app now runs on VMs hosted in Azure.
 
-To connect to the VMs, you must now expose a public IP address on each VM for your RDP/SSH connections. However, potential protocol vulnerabilities make this type of connection undesirable. As a solution, you could use a jump box VM to act as an intermediary between your management console and the target VMs. Or, you could consider implementing Azure Bastion.
+To connect to the VMs, you must now expose a public IP address on each VM for your RDP/SSH connections. However, potential protocol vulnerabilities make this type of connection undesirable. As a solution, you could use a jump box VM to act as an intermediary between your management console and the target VMs. Alternatively, you could consider implementing Azure Bastion.
 
 :::image type="content" source="../media/remote-admin.png" alt-text="A remote administrator connecting with RDP or SSH through the internet to Azure VMs. The VMs are accessible through a public IP address using port 3389 or port 22.":::
 
diff --git a/learn-pr/azure/intro-to-azure-bastion/includes/2-what-is-azure-bastion.md b/learn-pr/azure/intro-to-azure-bastion/includes/2-what-is-azure-bastion.md
@@ -4,7 +4,7 @@ It's vital to be able to securely administer and manage remote hosted VMs. To be
 
 Secure remote management is the ability to connect to a remote resource without exposing that resource to security risks. This type of connection can sometimes be challenging, especially if the resource is being accessed across the internet.
 
-When administrators connect to remote VMs, they typically use either RDP or SSH to achieve their administrative goals. The problem is, to connect to a hosted VM, you must connect to its public IP address. However, exposing the IP ports used by RDP and SSH (**3389** and **22**) to the internet is highly undesirable, because it presents significant security risks.
+When administrators connect to remote VMs, they typically use either RDP or SSH to achieve their administrative goals. The problem is, to connect to a hosted VM, you must connect to its public IP address. However, exposing the IP ports used by RDP and SSH (**3389** and **22**) to the internet is highly undesirable because it presents significant security risks.
 
 ## Azure Bastion definition
 
@@ -25,15 +25,15 @@ The following table describes the features that are available after you deploy A
 |No hassle of managing Network Security Groups (NSGs)| You don't need to apply any NSGs to the Azure Bastion subnet. Because Azure Bastion connects to your virtual machines over private IP, you can configure your NSGs to allow RDP/SSH from Azure Bastion only. This removes the hassle of managing NSGs each time you need to securely connect to your virtual machines.|
 |No need to manage a separate bastion host on a VM |Azure Bastion is a fully managed platform PaaS service from Azure that is hardened internally to provide you secure RDP/SSH connectivity.|
 |Protection against port scanning|Your VMs are protected against port scanning by rogue and malicious users because you don't need to expose the VMs to the internet.|
-|Hardening in one place only|Azure Bastion sits at the perimeter of your virtual network, so you don’t need to worry about hardening each of the VMs in your virtual network.|
+|Hardening in one place only|Azure Bastion sits at the perimeter of your virtual network, so you don't need to worry about hardening each of the VMs in your virtual network.|
 |Protection against zero-day exploits |The Azure platform protects against zero-day exploits by keeping the Azure Bastion hardened and always up to date for you.|
 
 ## How to avoid exposing remote management ports
 
 By implementing Azure Bastion, you can manage the Azure VMs within a configured Azure virtual network by using either RDP or SSH, without needing to expose those management ports to the public internet. By using Azure Bastion, you can:
 
 - Connect easily to your Azure VMs. Connect your RDP and SSH sessions directly in the Azure portal.
-- Avoid exposing management ports to the internet. Sign in to your Azure VMs and avoid public internet exposure by using SSH and RDP with private IP addresses only.
+- Avoid exposing management ports to the internet. Sign in to your Azure VMs, and avoid public internet exposure by using SSH and RDP with private IP addresses only.
 - Avoid extensive reconfiguration of your existing network infrastructure. Integrate and traverse existing firewalls and security perimeters by using a modern HTML5-based web client over TLS on port **443**.
 - Simplify sign in. Use your SSH keys for authentication when signing in to your Azure VMs.
 
diff --git a/learn-pr/azure/intro-to-azure-bastion/includes/3-how-azure-bastion-works.md b/learn-pr/azure/intro-to-azure-bastion/includes/3-how-azure-bastion-works.md
@@ -16,7 +16,7 @@ The following diagram depicts the architecture of a typical Azure Bastion deploy
 :::image type="content" source="../media/bastion-architecture.png" alt-text="The architecture of Azure Bastion, as described in the preceding text.":::
 
 > [!NOTE]
-> The protected VMs and the Azure  Bastion host are connected to the same virtual network, although in different subnets.
+> The protected VMs and the Azure Bastion host are connected to the same virtual network, although in different subnets.
 
 The typical connection process in Azure Bastion is as follows:
 
diff --git a/learn-pr/azure/intro-to-azure-bastion/includes/4-when-to-use-azure-bastion.md b/learn-pr/azure/intro-to-azure-bastion/includes/4-when-to-use-azure-bastion.md
@@ -34,7 +34,6 @@ To determine whether a jump box or Azure Bastion is the better option to remotel
 | **Ease of management** | Azure Bastion is a fully managed PaaS service. It's not a VM like a jump box, which requires regular updates. You don't need a client or agent to use Azure Bastion, nor do you need to apply patches and updates to it. You also don't need to install or maintain any other software on management consoles.|
 | **Integration** | You can integrate Azure Bastion with other native security services in Azure, such as Azure Firewall. Jump servers don't have this option. |
 
-
 > [!NOTE]
 > You deploy Azure Bastion per virtual network (or peered virtual network) rather than per subscription, account, or VM.
 
diff --git a/learn-pr/azure/intro-to-azure-bastion/includes/6-summary.md b/learn-pr/azure/intro-to-azure-bastion/includes/6-summary.md
@@ -21,4 +21,4 @@ You should now be able to determine how you can use Azure Bastion to help secure
 
 - [Azure Bastion](https://azure.microsoft.com/services/azure-bastion?azure-portal=true)
 - [Azure Bastion pricing](https://azure.microsoft.com/pricing/details/azure-bastion?azure-portal=true)
-- [Quickstart: Deploy Azure Bastion with default settings](/azure/bastion/quickstart-host-portal?azure-portal=true)
+- [Quickstart: Deploy Azure Bastion automatically](/azure/bastion/quickstart-host-portal?azure-portal=true)
