acrolinx

Author: v-dirichards

articles/ddos-protection/fundamental-best-practices.md

@@ -56,7 +56,7 @@ A defense in depth strategy uses multiple layers of security to reduce the risk
 Reduce your exposure by minimizing the publicly accessible surface area:
 
 - Use [Azure Private Link](../private-link/private-link-overview.md) to access Azure PaaS services over a private endpoint in your virtual network, eliminating exposure to the public internet.
-- Use an allowlist to restrict the exposed IP address space and listening ports that aren't needed on load balancers ([Azure Load Balancer](../load-balancer/quickstart-load-balancer-standard-public-portal.md) and [Azure Application Gateway](../application-gateway/application-gateway-create-probe-portal.md)).
+- Use an allow list to restrict the exposed IP address space and listening ports that aren't needed on load balancers ([Azure Load Balancer](../load-balancer/quickstart-load-balancer-standard-public-portal.md) and [Azure Application Gateway](../application-gateway/application-gateway-create-probe-portal.md)).
 - Use [network security groups (NSGs)](../virtual-network/network-security-groups-overview.md) to restrict traffic.
 - Use [service tags](../virtual-network/network-security-groups-overview.md#service-tags) and [application security groups](../virtual-network/network-security-groups-overview.md#application-security-groups) to simplify creating security rules and configure network security as a natural extension of an application's structure.
 - Deploy Azure services in a [virtual network](../virtual-network/virtual-networks-overview.md) whenever possible so that service resources communicate through private IP addresses. Use [service endpoints](../virtual-network/virtual-network-service-endpoints-overview.md) to switch service traffic to use virtual network private addresses as source IP addresses.