diff --git a/articles/virtual-network/ip-services/associate-public-ip-address-vm.md b/articles/virtual-network/ip-services/associate-public-ip-address-vm.md
index ea96c8ce33961..9c052d23e04e2 100644
--- a/articles/virtual-network/ip-services/associate-public-ip-address-vm.md
+++ b/articles/virtual-network/ip-services/associate-public-ip-address-vm.md
@@ -116,7 +116,7 @@ Install the [Azure CLI](/cli/azure/install-azure-cli?toc=%2fazure%2fvirtual-netw
    > [!NOTE]
    > An IP address is assigned from the pool of public IP addresses reserved for an Azure region. For a list of the address pools used in each region, see [Azure IP ranges and service tags](https://www.microsoft.com/download/details.aspx?id=56519). If you need the address to be assigned from a specific prefix, use a [Public IP address prefix](public-ip-address-prefix.md).
 
-1. Open the necessary ports in your security groups by adjusting the security rules in the network security groups. For information, see [Allow network traffic to the VM](#allow-network-traffic-to-the-vm).
+1. Open the necessary ports in your network security groups by adjusting the inbound security rules. For information, see [Allow network traffic to the VM](#allow-network-traffic-to-the-vm).
 
 # [Azure PowerShell](#tab/azure-powershell)
 
@@ -214,7 +214,7 @@ Install [Azure PowerShell](/powershell/azure/install-azure-powershell) on your m
    > [!NOTE]
    > An IP address is assigned from the pool of public IP addresses reserved for an Azure region. For a list of the address pools used in each region, see [Azure IP ranges and service tags](https://www.microsoft.com/download/details.aspx?id=56519). If you need the address to be assigned from a specific prefix, use a [Public IP address prefix](public-ip-address-prefix.md).
 
-1. Open the necessary ports in your security groups by adjusting the security rules in the network security groups. For information, see [Allow network traffic to the VM](#allow-network-traffic-to-the-vm).
+1. Open the necessary ports in your network security groups by adjusting the inbound security rules. For information, see [Allow network traffic to the VM](#allow-network-traffic-to-the-vm).
 
 ---
 > [!NOTE]  
@@ -222,7 +222,7 @@ Install [Azure PowerShell](/powershell/azure/install-azure-powershell) on your m
 
 ## Allow network traffic to the VM
 
-Before you can connect to a public IP address from the internet, you must open the necessary ports in your security groups. These ports must be open in any network security group that you might have associated to the network interface, the subnet of the network interface, or both. Although security groups filter traffic to the private IP address of the network interface, after inbound internet traffic arrives at the public IP address, Azure translates the public address to the private IP address. Therefore, if a network security group prevents the traffic flow, the communication with the public IP address fails.
+Before you can connect to a public IP address from the internet, you must open the necessary ports/protocols in your network security groups. These ports must be open in any network security group that you might have associated to the network interface, the subnet of the network interface, or both. Although network security groups filter traffic to the private IP address of the network interface, after inbound internet traffic arrives at the public IP address, Azure translates the public address to the private IP address. Therefore, if a network security group prevents the traffic flow, the communication with the public IP address fails.
 
 You can view the effective security rules for a network interface and its subnet for the [Azure portal](../../virtual-network/diagnose-network-traffic-filter-problem.md#diagnose-using-azure-portal), the [Azure CLI](../../virtual-network/diagnose-network-traffic-filter-problem.md#diagnose-using-azure-cli), or [Azure PowerShell](../../virtual-network/diagnose-network-traffic-filter-problem.md#diagnose-using-powershell).