MicrosoftDocs
diff --git a/‎articles/firewall/deploy-bicep.md‎
Lines changed: 12 additions & 13 deletions b/‎articles/firewall/deploy-bicep.md‎
Lines changed: 12 additions & 13 deletions
diff --git a/‎articles/firewall/deploy-terraform.md‎
Lines changed: 27 additions & 26 deletions b/‎articles/firewall/deploy-terraform.md‎
Lines changed: 27 additions & 26 deletions
diff --git a/‎articles/firewall/quick-create-ipgroup-bicep.md‎
Lines changed: 12 additions & 12 deletions b/‎articles/firewall/quick-create-ipgroup-bicep.md‎
Lines changed: 12 additions & 12 deletions
@@ -1,23 +1,22 @@
 ---
 title: 'Quickstart: Create an Azure Firewall with Availability Zones - Bicep'
-description: In this quickstart, you deploy Azure Firewall using Bicep. The virtual network has one VNet with three subnets. Two Windows Server virtual machines, a jump box, and a server are deployed.
-services: firewall
+description: In this quickstart, you deploy Azure Firewall using Bicep. The virtual network has one virtual network with three subnets. Two Windows Server virtual machines, a jump box, and a server are deployed.
 author: duongau
+ms.author: duau
 ms.service: azure-firewall
 ms.topic: quickstart
+ms.date: 03/28/2026
 ms.custom: subject-armqs, mode-arm, devx-track-bicep
-ms.date: 06/28/2022
-ms.author: duau
 # Customer intent: "As a cloud administrator, I want to deploy an Azure Firewall using Bicep in a virtual network with multiple subnets, so that I can manage network security effectively and ensure high availability across Availability Zones."
 ---
 
 # Quickstart: Deploy Azure Firewall with Availability Zones - Bicep
 
-In this quickstart, you use Bicep to deploy an Azure Firewall in three Availability Zones.
+In this quickstart, use Bicep to deploy an Azure Firewall in three Availability Zones.
 
 [!INCLUDE [About Bicep](~/reusable-content/ce-skilling/azure/includes/resource-manager-quickstart-bicep-introduction.md)]
 
-The Bicep file creates a test network environment with a firewall. The network has one virtual network (VNet) with three subnets: *AzureFirewallSubnet*, *ServersSubnet*, and *JumpboxSubnet*. The *ServersSubnet* and *JumpboxSubnet* subnet each have a single, two-core Windows Server virtual machine.
+The Bicep file creates a test network environment with a firewall. The network has one virtual network with three subnets: *AzureFirewallSubnet*, *ServersSubnet*, and *JumpboxSubnet*. The *ServersSubnet* and *JumpboxSubnet* subnets each have a single, two-core Windows Server virtual machine.
 
 The firewall is in the *AzureFirewallSubnet* subnet, and has an application rule collection with a single rule that allows access to `www.microsoft.com`.
 
@@ -37,7 +36,7 @@ The Bicep file used in this quickstart is from [Azure Quickstart Templates](http
 
 :::code language="bicep" source="~/quickstart-templates/quickstarts/microsoft.network/azurefirewall-with-zones-sandbox/main.bicep":::
 
-Multiple Azure resources are defined in the Bicep file:
+The Bicep file defines multiple Azure resources, including:
 
 - [**Microsoft.Storage/storageAccounts**](/azure/templates/microsoft.storage/storageAccounts)
 - [**Microsoft.Network/routeTables**](/azure/templates/microsoft.network/routeTables)
@@ -50,8 +49,8 @@ Multiple Azure resources are defined in the Bicep file:
 
 ## Deploy the Bicep file
 
-1. Save the Bicep file as `main.bicep` to your local computer.
-1. Deploy the Bicep file using either Azure CLI or Azure PowerShell.
+1. Save the Bicep file as `main.bicep` on your local computer.
+1. Deploy the Bicep file by using either Azure CLI or Azure PowerShell.
 
     # [CLI](#tab/CLI)
 
@@ -70,9 +69,9 @@ Multiple Azure resources are defined in the Bicep file:
     ---
 
     > [!NOTE]
-    > Replace **\<admin-user\>** with the administrator login username for the virtual machine. You'll be prompted to enter **adminPassword**.
+    > Replace **\<admin-user\>** with the administrator sign-in username for the virtual machine. You're prompted to enter **adminPassword**.
 
-  When the deployment finishes, you should see a message indicating the deployment succeeded.
+  When the deployment finishes, you see a message indicating the deployment succeeded.
 
 ## Review deployed resources
 
@@ -96,7 +95,7 @@ To learn about the syntax and properties for a firewall in a Bicep file, see [Mi
 
 ## Clean up resources
 
-When you no longer need them, use the Azure portal, Azure CLI, or Azure PowerShell to remove the resource group, firewall, and all related resources.
+When you no longer need the resources, use the Azure portal, Azure CLI, or Azure PowerShell to remove the resource group, firewall, and all related resources.
 
 # [CLI](#tab/CLI)
 
@@ -117,4 +116,4 @@ Remove-AzResourceGroup -Name exampleRG
 Next, you can monitor the Azure Firewall logs.
 
 > [!div class="nextstepaction"]
-> [Tutorial: Monitor Azure Firewall logs](./firewall-diagnostics.md)
+> [Tutorial: Monitor Azure Firewall logs](./monitor-firewall.md)
@@ -1,26 +1,25 @@
 ---
 title: 'Quickstart: Create an Azure Firewall with Availability Zones - Terraform'
-description: In this quickstart, you deploy Azure Firewall using Terraform. The virtual network has one VNet with three subnets. Two Windows Server virtual machines, a jump box, and a server are deployed.
-services: firewall
+description: In this quickstart, you deploy Azure Firewall using Terraform. The virtual network has one virtual network with three subnets. Two Windows Server virtual machines, a jump box, and a server are deployed.
 author: duongau
+ms.author: duau
 ms.service: azure-firewall
 ms.topic: quickstart
+ms.date: 03/28/2026
 ms.custom: devx-track-terraform
-ms.date: 10/15/2023
-ms.author: duau
-content_well_notification: 
+content_well_notification:
   - AI-contribution
 ai-usage: ai-assisted
 # Customer intent: "As a cloud engineer, I want to deploy Azure Firewall using Terraform, so that I can create a secure network environment with high availability across multiple zones."
 ---
 
 # Quickstart: Deploy Azure Firewall with Availability Zones - Terraform
 
-In this quickstart, you use Terraform to deploy an Azure Firewall in three Availability Zones.
+In this quickstart, use Terraform to deploy an Azure Firewall in three Availability Zones.
 
 [!INCLUDE [About Terraform](~/azure-dev-docs-pr/articles/terraform/includes/abstract.md)]
 
-The Terraform configuration creates a test network environment with a firewall. The network has one virtual network (VNet) with three subnets: *AzureFirewallSubnet*, *subnet-server*, and *subnet-jump*. The *subnet-server* and *subnet-jump* subnet each have a single two-core Windows Server virtual machine.
+The Terraform configuration creates a test network environment with a firewall. The network has one virtual network with three subnets: *AzureFirewallSubnet*, *subnet-server*, and *subnet-jump*. The *subnet-server* and *subnet-jump* subnets each have a single two-core Windows Server virtual machine.
 
 The firewall is in the *AzureFirewallSubnet* subnet and has an application rule collection with a single rule that allows access to `www.microsoft.com`.
 
@@ -31,36 +30,38 @@ For more information about Azure Firewall, see [Deploy and configure Azure Firew
 In this article, you learn how to:
 
 > [!div class="checklist"]
-> * Create a random value (to be used in the resource group name) using [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet)
-> * Create an Azure resource group using [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
-> * Create an Azure Virtual Network using [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network)
-> * Create three Azure subnets using [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet)
-> * Create an Azure public IP using [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip)
-> * Create an Azure Firewall Policy using [azurerm_firewall_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy)
-> * Create an Azure Firewall Policy Rule Collection Group using [azurerm_firewall_policy_rule_collection_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy_rule_collection_group)
-> * Create an Azure Firewall using [azurerm_firewall](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall)
-> * Create a network interface using [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface)
-> * Create a network security group (to contain a list of network security rules) using [azurerm_network_security_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group)
-> * Create an association between the network interface and the network security group using - [azurerm_network_interface_security_group_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association)
-> * Create a route table using [azurerm_route_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table)
-> * Create an association between the route table and the subnet using - [azurerm_subnet_route_table_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association)
-> * Create a random value (to be used as the storage name) using [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string)
-> * Create a storage account using [azurerm_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account)
-> * Create a random password for the Windows VM using [random_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password)
-> * Create an Azure Windows Virtual Machine using [azurerm_windows_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine)
+> * Create a random value (to use in the resource group name) by using [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet)
+> * Create an Azure resource group by using [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
+> * Create an Azure Virtual Network by using [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network)
+> * Create three Azure subnets by using [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet)
+> * Create an Azure public IP by using [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip)
+> * Create an Azure Firewall Policy by using [azurerm_firewall_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy)
+> * Create an Azure Firewall Policy Rule Collection Group by using [azurerm_firewall_policy_rule_collection_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy_rule_collection_group)
+> * Create an Azure Firewall by using [azurerm_firewall](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall)
+> * Create a network interface by using [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface)
+> * Create a network security group (to contain a list of network security rules) by using [azurerm_network_security_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group)
+> * Create an association between the network interface and the network security group by using [azurerm_network_interface_security_group_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association)
+> * Create a route table by using [azurerm_route_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table)
+> * Create an association between the route table and the subnet by using [azurerm_subnet_route_table_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association)
+> * Create a random value (to use as the storage name) by using [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string)
+> * Create a storage account by using [azurerm_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account)
+> * Create a random password for the Windows VM by using [random_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password)
+> * Create an Azure Windows Virtual Machine by using [azurerm_windows_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine)
 
 ## Prerequisites
 
 - [Install and configure Terraform](/azure/developer/terraform/quickstart-configure)
 
 ## Implement the Terraform code
 
+
 > [!NOTE]
 > The sample code for this article is located in the [Azure Terraform GitHub repo](https://github.com/Azure/terraform/tree/master/quickstart/201-azfw-with-avzones). You can view the log file containing the [test results from current and previous versions of Terraform](https://github.com/Azure/terraform/tree/master/quickstart/201-azfw-with-avzones/TestRecord.md).
 >
 > See more [articles and sample code showing how to use Terraform to manage Azure resources](/azure/terraform)
 
-1. Create a directory in which to test the sample Terraform code and make it the current directory.
+
+1. Create a directory to test the sample Terraform code and make it the current directory.
 
 1. Create a file named `providers.tf` and insert the following code:
 
@@ -127,4 +128,4 @@ In this article, you learn how to:
 Next, you can monitor the Azure Firewall logs.
 
 > [!div class="nextstepaction"]
-> [Tutorial: Monitor Azure Firewall logs](./firewall-diagnostics.md)
+> [Tutorial: Monitor Azure Firewall logs](./monitor-firewall.md)
@@ -1,19 +1,18 @@
 ---
 title: 'Quickstart: Create an Azure Firewall and IP Groups - Bicep'
 description: In this quickstart, you learn how to use a Bicep file to create an Azure Firewall and IP Groups.
-services: firewall
 author: duongau
+ms.author: duau
 ms.service: azure-firewall
 ms.topic: quickstart
+ms.date: 03/29/2026
 ms.custom: subject-bicepqs, mode-arm, devx-track-bicep
-ms.date: 08/25/2022
-ms.author: duau
 # Customer intent: As a cloud engineer, I want to deploy an Azure Firewall using a Bicep file, so that I can easily manage and group IP addresses within firewall rules in my network infrastructure.
 ---
 
 # Quickstart: Create an Azure Firewall and IP Groups - Bicep
 
-In this quickstart, you use a Bicep file to deploy an Azure Firewall with sample IP Groups used in a network rule and application rule. An IP Group is a top-level resource that allows you to define and group IP addresses, ranges, and subnets into a single object. IP Group is useful for managing IP addresses in Azure Firewall rules. You can either manually enter IP addresses or import them from a file.
+In this quickstart, use a Bicep file to deploy an Azure Firewall with sample IP Groups used in a network rule and application rule. An IP Group is a top-level resource that you use to define and group IP addresses, ranges, and subnets into a single object. An IP Group is useful for managing IP addresses in Azure Firewall rules. You can either manually enter IP addresses or import them from a file.
 
 [!INCLUDE [About Bicep](~/reusable-content/ce-skilling/azure/includes/resource-manager-quickstart-bicep-introduction.md)]
 
@@ -29,7 +28,7 @@ The Bicep file used in this quickstart is from [Azure Quickstart Templates](http
 
 :::code language="bicep" source="~/quickstart-templates/quickstarts/microsoft.network/azurefirewall-create-with-ipgroups-and-linux-jumpbox/main.bicep":::
 
-Multiple Azure resources are defined in the Bicep file:
+The Bicep file defines multiple Azure resources:
 
 - [**Microsoft.Network/ipGroups**](/azure/templates/microsoft.network/ipGroups?pivots=deployment-language-bicep)
 - [**Microsoft.Storage/storageAccounts**](/azure/templates/microsoft.storage/storageAccounts?pivots=deployment-language-bicep)
@@ -43,8 +42,8 @@ Multiple Azure resources are defined in the Bicep file:
 
 ## Deploy the Bicep file
 
-1. Save the Bicep file as **main.bicep** to your local computer.
-1. Deploy the Bicep file using either Azure CLI or Azure PowerShell.
+1. Save the Bicep file as **main.bicep** on your local computer.
+1. Deploy the Bicep file by using either Azure CLI or Azure PowerShell.
 
     # [CLI](#tab/CLI)
 
@@ -62,12 +61,12 @@ Multiple Azure resources are defined in the Bicep file:
 
     ---
 
-You'll be prompted to enter the following values:
+Enter the following values when prompted:
 
-- **Admin Username**: Type username for the administrator user account
-- **Admin Password**: Type an administrator password or key
+- **Admin Username**: Enter a username for the administrator user account.
+- **Admin Password**: Enter an administrator password or key.
 
-When the deployment finishes, you should see a message indicating the deployment succeeded.
+When the deployment finishes, you see a message indicating the deployment succeeded.
 
 ## Review deployed resources
 
@@ -85,13 +84,14 @@ az resource list --resource-group exampleRG
 Get-AzResource -ResourceGroupName exampleRG
 ```
 
+
 ---
 
 To learn about the Bicep syntax and properties for a firewall in a Bicep file, see [Microsoft.Network azureFirewalls template reference](/azure/templates/microsoft.network/azurefirewalls?pivots=deployment-language-bicep).
 
 ## Clean up resources
 
-When you no longer need them, use the Azure portal, Azure CLI, or Azure PowerShell to remove the resource group, firewall, and all related resources.
+When you no longer need the resources, use the Azure portal, Azure CLI, or Azure PowerShell to remove the resource group, firewall, and all related resources.
 
 # [CLI](#tab/CLI)