Merge pull request #260431 from nikhilkaul-msft/private-link-agent-service

Private link agent service

Author: prmerger-automator[bot]

articles/chaos-studio/chaos-studio-permissions-security.md

@@ -89,6 +89,14 @@ Chaos Studio encrypts all data by default. Chaos Studio only accepts input for s
 
 These properties shouldn't be used to store sensitive data, such as payment information or passwords. For more information on how Chaos Studio protects your data, see [Azure customer data protection](../security/fundamentals/protection-customer-data.md).
 
+## Customer Lockbox
+
+Lockbox gives you the control to approve or reject Microsoft engineer request to access your experiment data during a support request.
+
+Lockbox can be enabled for chaos experiment information, and permission to access data is granted by the customer at the subscription level if lockbox is enabled.
+
+Learn more about [Customer Lockbox for Microsoft Azure](../security/fundamentals/customer-lockbox-overview.md)
+
 ## Next steps
 Now that you understand how to secure your chaos experiment, you're ready to:
 

articles/chaos-studio/chaos-studio-private-link-agent-service.md

@@ -179,6 +179,8 @@ After noting the IP address, you need to open the "hosts" file on your host VM a
 
 > [!NOTE]
 > **Path of hosts file on Windows:** C:\Windows\System32\drivers\etc
+>
+> 
 > **Path of hosts file on Linux:** /etc/hosts
 
 Example of what the "hosts" file should look like. The IP address and Azure region change for your scenario:

articles/chaos-studio/chaos-studio-private-networking.md

@@ -15,7 +15,7 @@ Azure [Virtual Network](../virtual-network/virtual-networks-overview.md) is the
 
 Virtual network injection allows an Azure Chaos Studio resource provider to inject containerized workloads into your virtual network so that resources without public endpoints can be accessed via a private IP address on the virtual network. After you've configured virtual network injection for a resource in a virtual network and enabled the resource as a target, you can use it in multiple experiments. An experiment can target a mix of private and nonprivate resources if the private resources are configured according to the instructions in this article.
 
-We are also now excited to share that Chaos Studio supports running **agent-based experiments** using Private Endpoints! Chaos Studio now supports Private Link for **both** service-direct and agent-based experiments. If you would like to use Private-Link for agent-service, please reach out to your CSA or the Chaos Studio help team for instructions on how to get yourself onboarded. For private link for service-direct faults, read the following sections for instructions on how to use them. 
+We are also now excited to share that Chaos Studio supports running **agent-based experiments** using Private Endpoints! Chaos Studio now supports Private Link for **both** service-direct and agent-based experiments. If you would like to use Private-Link for agent-based experiments, please reach out to your CSA or visit [How to: Setup private link for agent-based experiments](chaos-studio-private-link-agent-service.md). For private link for service-direct faults, read the following sections for instructions on how to use them. 
 
 ## Resource type support
 Currently, you can only enable certain resource types for Chaos Studio virtual network injection:

articles/security/fundamentals/customer-lockbox-overview.md

@@ -25,6 +25,7 @@ The following services are currently supported for Customer Lockbox:
 - Azure API Management
 - Azure App Service
 - Azure AI Search
+- Azure Chaos Studio
 - Azure Cognitive Services
 - Azure Container Registry
 - Azure Data Box