Merge pull request #308372 from asudbring/us503352-dns-threat-how-to

Update DNS security policy how-to for threat intelligence feed.

Author: v-ccolin

articles/dns/dns-traffic-log-how-to.md

@@ -11,7 +11,7 @@ ms.author: allensu
 
 # Secure and view DNS traffic
 
-This article shows you how to view and filter DNS traffic at the virtual network with [DNS security policy](dns-security-policy.md).
+This article shows you how to view and filter DNS traffic at the virtual network with [DNS security policy](dns-security-policy.md) and secure your DNS traffic with Threat intelligence feed in Azure DNS.
 
 ## Prerequisites
 
@@ -132,6 +132,20 @@ To configure diagnostic settings:
 
     ![Screenshot of DNS traffic rules.](./media/dns-traffic-log-how-to/dns-traffic-rules.png)
 
+## Secure DNS traffic with Threat intelligence feed
+
+The threat intelligence feed is a fully managed domain list that’s continuously updated in the background. Within DNS Security Policy, it’s treated just like any other standard domain list — using the same configuration model for priority and for the chosen action (allow, block, or alert). 
+
+Select it by adding a new DNS traffic rule and configure it with the action you would like to apply and its respective priority. 
+
+Associate threat intelligence feed with a DNS traffic rule by selecting **Azure DNS threat intel**: 
+
+:::image type="content" source="./media/dns-traffic-log-how-to/enable-threat-intelligence-feed.png" alt-text="Screenshot of enablement of Threat intelligence feed." lightbox="./media/dns-traffic-log-how-to/enable-threat-intelligence-feed.png":::
+
+Configure the action and priority:
+
+:::image type="content" source="./media/dns-traffic-log-how-to/threat-intelligence-rule.png" alt-text="Screenshot of threat intelligence rule." lightbox="./media/dns-traffic-log-how-to/threat-intelligence-rule.png":::
+
 ## View and test DNS logs
 
 1. Navigate to your DNS security policy and then under **Monitoring**, select **Diagnostic settings**.