MicrosoftDocs
diff --git a/‎articles/firewall/firewall-copilot.md‎
Lines changed: 35 additions & 35 deletions b/‎articles/firewall/firewall-copilot.md‎
Lines changed: 35 additions & 35 deletions
diff --git a/‎articles/firewall/integrate-lb.md‎
Lines changed: 7 additions & 8 deletions b/‎articles/firewall/integrate-lb.md‎
Lines changed: 7 additions & 8 deletions
@@ -2,12 +2,12 @@
 title: Azure Firewall integration in Microsoft Security Copilot
 description: Learn about using Microsoft Security Copilot to investigate traffic flagged by Azure Firewall with Intrusion Detection and Prevention System (IDPS).
 keywords: security copilot, copilot for security, threat intelligence, IDPS, intrusion detection and prevention system, plugin, integration, azure firewall, firewall copilot, open ai, openai, co-pilot
-author: abhinavsriram
+author: duongau
 ms.author: duau
-ms.date: 04/25/2025
-ms.update-cycle: 180-days
-ms.topic: concept-article
 ms.service: azure-firewall
+ms.topic: concept-article
+ms.date: 03/28/2026
+ms.update-cycle: 180-days
 ms.localizationpriority: high
 ms.custom:
   - ignite-2024
@@ -17,11 +17,11 @@ ms.collection: Tier1, ce-skilling-ai-copilot
 
 # Azure Firewall integration in Microsoft Security Copilot
 
-Security Copilot is a generative AI-powered security solution that helps increase the efficiency and capabilities of security personnel to improve security outcomes at machine speed and scale. It provides a natural language, assistive copilot experience helping support security professionals in end-to-end scenarios such as incident response, threat hunting, intelligence gathering, and posture management. For more information about what it can do, see [What is Microsoft Security Copilot?](/copilot/security/microsoft-security-copilot)
+Security Copilot is a generative AI-powered security solution that helps increase the efficiency and capabilities of security personnel to improve security outcomes at machine speed and scale. It provides a natural language, assistive copilot experience that helps support security professionals in end-to-end scenarios such as incident response, threat hunting, intelligence gathering, and posture management. For more information about what it can do, see [What is Microsoft Security Copilot?](/copilot/security/microsoft-security-copilot)
 
 ## Know before you begin
 
-If you're new to Security Copilot, you should familiarize yourself with it by reading these articles:
+If you're new to Security Copilot, familiarize yourself with it by reading these articles:
 - [What is Microsoft Security Copilot?](/security-copilot/microsoft-security-copilot)
 - [Microsoft Security Copilot experiences](/security-copilot/experiences-security-copilot)
 - [Get started with Microsoft Security Copilot](/security-copilot/get-started-security-copilot)
@@ -30,57 +30,57 @@ If you're new to Security Copilot, you should familiarize yourself with it by re
 
 ## Security Copilot integration in Azure Firewall
 
-Azure Firewall is a cloud-native and intelligent network firewall security service that provides best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
+Azure Firewall is a cloud-native and intelligent network firewall security service that provides best-in-class threat protection for your cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
 
-The Azure Firewall integration in Security Copilot helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS feature of their firewalls across their entire fleet using natural language questions.
+The Azure Firewall integration in Security Copilot helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS feature of their firewalls across their entire fleet by using natural language questions.
 
-You can use this integration in two different experience:
+You can use this integration in two different experiences:
 
 - [Security Copilot portal](https://securitycopilot.microsoft.com) (standalone experience)
 
     :::image type="content" source="media/firewall-copilot/security-copilot-overview.png" alt-text="Screenshot of the Security Copilot portal with a prompt relevant to Firewall." lightbox="media/firewall-copilot/security-copilot-overview.png":::
 
 - [Azure Copilot](/azure/copilot/overview) (embedded experience) in the Azure portal:
 
-    :::image type="content" source="media/firewall-copilot/azure-copilot-overview-image.png" alt-text="Screenshot of the Azure portal with a prompt relevant to Firewall." lightbox="media/firewall-copilot/azure-copilot-overview-image.png"::: 
+    :::image type="content" source="media/firewall-copilot/azure-copilot-overview-image.png" alt-text="Screenshot of the Azure portal with a prompt relevant to Firewall." lightbox="media/firewall-copilot/azure-copilot-overview-image.png":::
 
-For more information, see  [Microsoft Security Copilot experiences](/security-copilot/experiences-security-copilot) and [Azure Copilot capabilities](/azure/copilot/capabilities).
+For more information, see [Microsoft Security Copilot experiences](/security-copilot/experiences-security-copilot) and [Azure Copilot capabilities](/azure/copilot/capabilities).
 
 ## Key features
 
-Security Copilot has built-in system features that can get data from the different plugins that are turned on.
+Security Copilot has built-in system features that get data from the different plugins that are turned on.
 
 To view the list of built-in system capabilities for Azure Firewall, use the following procedure on the Security Copilot portal:
 
 1.	In the prompt bar, select the **Prompts** icon.
 
-2.	Select **See all system capabilities**. 
+2.	Select **See all system capabilities**.
 
 3. The **Azure Firewall** section lists all the available capabilities that you can use.
 
 ## Enable the Azure Firewall integration in Security Copilot
 
-1.  Ensure your Azure Firewall is configured correctly:
- 
-    - [Azure Firewall Structured Logs](firewall-structured-logs.md#resource-specific-mode) – the Azure Firewalls to be used with Security Copilot must be configured with resource specific structured logs for IDPS and these logs must be sent to a Log Analytics workspace.
-    
+1. Ensure your Azure Firewall is configured correctly:
+
+    - [Azure Firewall Structured Logs](monitor-firewall.md#resource-specific-mode) – to use Azure Firewalls with Security Copilot, configure them with resource specific structured logs for IDPS and send these logs to a Log Analytics workspace.
+
     - [Role Based Access Control for Azure Firewall](https://techcommunity.microsoft.com/t5/azure-network-security-blog/role-based-access-control-for-azure-firewall/ba-p/2245598) – the users using the Azure Firewall plugin in Security Copilot must have the appropriate Azure Role-based access control roles to access the Firewall and associated Log Analytics workspaces.
-    
+
 1.	Go to [Security Copilot](https://go.microsoft.com/fwlink/?linkid=2247989) and sign in with your credentials.
 
-1.	Ensure that the Azure Firewall plugin is turned on. In the prompt bar, select the **Sources** icon. In the **Manage sources** pop-up window that appears, confirm that the **Azure Firewall** toggle is turned on. Then, close the window. No other configuration is necessary. As long as structured logs are being sent to a Log Analytics workspace and you have the right Role-based access control permissions, Copilot finds the data it needs to answer your questions.
+1.	Make sure that the Azure Firewall plugin is turned on. In the prompt bar, select the **Sources** icon. In the **Manage sources** pop-up window that appears, confirm that the **Azure Firewall** toggle is turned on. Then, close the window. No other configuration is necessary. As long as structured logs are sent to a Log Analytics workspace and you have the right Role-based access control permissions, Copilot finds the data it needs to answer your questions.
 
-    :::image type="content" source="media/firewall-copilot/azure-firewall-plugin.png" alt-text="Screenshot showing the Azure Firewall plugin.":::    
+    :::image type="content" source="media/firewall-copilot/azure-firewall-plugin.png" alt-text="Screenshot showing the Azure Firewall plugin." lightbox="media/firewall-copilot/azure-firewall-plugin.png":::
 
 1. Enter your prompt in the prompt bar on either the [Security Copilot portal](https://securitycopilot.microsoft.com) or via the [Azure Copilot](/azure/copilot/overview) experience in the Azure portal.
 
     > [!IMPORTANT]
     > Use of Azure Copilot to query Azure Firewall is included with Security Copilot and requires [security compute units (SCUs)](/security-copilot/get-started-security-copilot#security-compute-units). You can deploy SCUs and increase or decrease them at any time. For more information on SCUs, see [Get started with Microsoft Security Copilot](/security-copilot/get-started-security-copilot).
-    > If you don't have Security Copilot properly configured but ask a question relevant to the Azure Firewall capabilities through the Azure Copilot experience then you'll see an error message.
-   
+    > If you don't have Security Copilot properly configured but ask a question relevant to the Azure Firewall capabilities through the Azure Copilot experience, you see an error message.
+
 ## Sample Azure Firewall prompts
 
-There are many prompts you can use to get information from Azure Firewall. This section lists the ones that work best today. They're continuously updated as new capabilities are launched.
+To get information from Azure Firewall, use prompts. This section lists the ones that work best today. It's continuously updated as new capabilities are launched.
 
 ### Retrieve the top IDPS signature hits for a given Azure Firewall
 
@@ -90,38 +90,38 @@ Get **log information** about the traffic intercepted by the IDPS feature instea
 
 **Sample prompts**:
 
-- Has there been any malicious traffic intercepted by my Firewall `<Firewall name>`?
+- Has my Firewall `<Firewall name>` intercepted any malicious traffic?
 - What are the top 20 IDPS hits from the last seven days for Firewall `<Firewall name>` in resource group `<resource group name>`?
 - Show me in tabular form the top 50 attacks that targeted Firewall `<Firewall name>` in subscription `<subscription name>` in the past month.
 
 ### Enrich the threat profile of an IDPS signature beyond log information
 
-Get **additional details** to enrich the threat information/profile of an IDPS signature instead of compiling it yourself manually.
+Get **additional details** to enrich the threat information and profile of an IDPS signature instead of compiling it yourself manually.
 
 :::image type="content" source="media/firewall-copilot/threat-profile.png" alt-text="Screenshot showing the capability to enrich the threat profile of an IDPS signature beyond log information." lightbox="media/firewall-copilot/threat-profile-expanded.png":::
 
 **Sample prompts**:
 
 - Explain why IDPS flagged the top hit as high severity and the fifth hit as low severity.
 - What can you tell me about this attack? What are the other attacks this attacker is known for?
-- I see that the third signature ID is associated with CVE `<CVE number\>`, tell me more about this CVE.
+- I see that the third signature ID is associated with CVE `<CVE number\>`. Tell me more about this CVE.
 
     > [!NOTE]
     > The Microsoft Threat Intelligence plugin is another source that Security Copilot might use to provide threat intelligence for IDPS signatures.
 
 ### Look for a given IDPS signature across your tenant, subscriptions, or resource groups
 
-Perform a **fleet-wide search** (over any scope) for a threat across all your Firewalls instead of searching for the threat manually.
+Perform a **fleet-wide search** (over any scope) for a threat across all your firewalls instead of searching for the threat manually.
 
 :::image type="content" source="media/firewall-copilot/search-tenant-subscription.png" alt-text="Screenshot showing the capability to search for a given IDPS signature across your tenant, subscriptions, or resource groups." lightbox="media/firewall-copilot/search-tenant-subscription-expanded.png":::
 
 **Sample prompts**:
 
-- Was signature ID `<ID number\>` only stopped by this one Firewall? What about others across this entire tenant?
-- Was the top hit seen by any other Firewall in the subscription `<subscription name>`?
-- Over the past week did any Firewall in resource group `<resource group name\>` see signature ID `<ID number>`?
+- Was signature ID `<ID number\>` only stopped by this one firewall? What about others across this entire tenant?
+- Was the top hit seen by any other firewall in the subscription `<subscription name>`?
+- Over the past week did any firewall in resource group `<resource group name\>` see signature ID `<ID number>`?
 
-### Generate recommendations to secure your environment using Azure Firewall's IDPS feature
+### Generate recommendations to secure your environment by using Azure Firewall's IDPS feature
 
 Get **information from documentation** about using Azure Firewall's IDPS feature to secure your environment instead of having to look up this information manually.
 
@@ -134,18 +134,18 @@ Get **information from documentation** about using Azure Firewall's IDPS feature
 - What is the difference in risk between alert only and alert and block modes for IDPS?
 
     > [!NOTE]
-    > Security Copilot may also use the _Ask Microsoft Documentation_ capability to provide this information and when using this capability via the Azure Copilot experience, the _Get Information_ capability may be used to provide this information.
+    > Security Copilot might also use the _Ask Microsoft Documentation_ capability to provide this information and when using this capability via the Azure Copilot experience, the _Get Information_ capability might be used to provide this information.
 
 ## Provide feedback
 
-Your feedback is vital to guide the current and planned development of the product. The best way to provide this feedback is directly in the product. 
+Your feedback is vital to guide the current and planned development of the product. The best way to provide this feedback is directly in the product.
 
 ### Through Security Copilot
 
 Select **How’s this response?** at the bottom of each completed prompt and choose any of the following options:
 
-- **Looks right** - Select if the results are accurate, based on your assessment. 
-- **Needs improvement** - Select if any detail in the results is incorrect or incomplete, based on your assessment. 
+- **Looks right** - Select if the results are accurate, based on your assessment.
+- **Needs improvement** - Select if any detail in the results is incorrect or incomplete, based on your assessment.
 - **Inappropriate** - Select if the results contain questionable, ambiguous, or potentially harmful information.
 
 For each feedback option, you can provide additional information in the subsequent dialog box. Whenever possible, and especially when the result is **Needs improvement**, write a few words explaining how the outcome can be improved. If you entered prompts specific to Azure Firewall and the results aren't related, include that information.
 
@@ -1,12 +1,11 @@
 ---
 title: Integrate Azure Firewall with Azure Standard Load Balancer
 description: You can integrate an Azure Firewall into a virtual network with an Azure Standard Load Balancer (either public or internal).
-services: firewall
 author: varunkalyana
+ms.author: duau
 ms.service: azure-firewall
 ms.topic: how-to
-ms.date: 03/04/2025
-ms.author: duau
+ms.date: 03/28/2026
 ms.custom: sfi-image-nochange
 # Customer intent: As a network engineer, I want to integrate Azure Firewall with an Azure Standard Load Balancer, so that I can optimize traffic routing and enhance security in my virtual network setup.
 ---
@@ -15,23 +14,23 @@ ms.custom: sfi-image-nochange
 
 You can integrate an Azure Firewall into a virtual network with either a public or internal Azure Standard Load Balancer.
 
-The preferred design is to use an internal load balancer with your Azure Firewall, as it simplifies the setup. If you already have a public load balancer deployed and wish to continue using it, be aware of potential asymmetric routing issues that could disrupt functionality.
+The preferred design is to use an internal load balancer with your Azure Firewall, as it simplifies the setup. If you already have a public load balancer deployed and want to continue using it, be aware of potential asymmetric routing problems that could disrupt functionality.
 
 For more information about Azure Load Balancer, see [What is Azure Load Balancer?](../load-balancer/load-balancer-overview.md)
 
 ## Public load balancer
 
-With a public load balancer, the load balancer is deployed with a public frontend IP address.
+When you use a public load balancer, you deploy the load balancer with a public frontend IP address.
 
 ### Asymmetric routing
 
-Asymmetric routing is where a packet takes one path to the destination and takes another path when returning to the source. This issue occurs when a subnet has a default route going to the firewall's private IP address and you're using a public load balancer. In this case, the incoming load balancer traffic is received via its public IP address, but the return path goes through the firewall's private IP address. Since the firewall is stateful, it drops the returning packet because the firewall isn't aware of such an established session.
+Asymmetric routing occurs when a packet takes one path to the destination and takes another path when returning to the source. This problem occurs when a subnet has a default route going to the firewall's private IP address and you're using a public load balancer. In this case, the incoming load balancer traffic comes through its public IP address, but the return path goes through the firewall's private IP address. Since the firewall is stateful, it drops the returning packet because the firewall isn't aware of such an established session.
 
 ### Fix the routing issue
 
 #### Scenario 1: Azure Firewall without NAT Gateway
-When deploying an Azure Firewall into a subnet, you need to create a default route for the subnet. This route directs packets through the firewall's private IP address located on the AzureFirewallSubnet. For detailed steps, see [Deploy and configure Azure Firewall using the Azure portal](tutorial-firewall-deploy-portal.md#create-a-default-route).
-When integrating the firewall into your load balancer scenario, ensure that your Internet traffic enters through the firewall's public IP address. The firewall applies its rules and NAT the packets to the load balancer's public IP address. The issue arises when packets arrive at the firewall's public IP address but return via the private IP address (using the default route).
+When you deploy an Azure Firewall into a subnet, you need to create a default route for the subnet. This route directs packets through the firewall's private IP address located on the AzureFirewallSubnet. For detailed steps, see [Deploy and configure Azure Firewall using the Azure portal](tutorial-firewall-deploy-portal.md#create-a-default-route).
+When you integrate the firewall into your load balancer scenario, ensure that your Internet traffic enters through the firewall's public IP address. The firewall applies its rules and NATs the packets to the load balancer's public IP address. The problem arises when packets arrive at the firewall's public IP address but return via the private IP address (using the default route).
 
 To prevent asymmetric routing, add a specific route for the firewall's public IP address. Packets intended for the firewall's public IP address are directed through the Internet, bypassing the default route to the firewall's private IP address.