MicrosoftDocs · qinjoshua · Oct 10, 2024 · Oct 10, 2024 · Oct 10, 2024 · Oct 11, 2024
diff --git a/articles/azure-monitor/logs/private-link-configure.md b/articles/azure-monitor/logs/private-link-configure.md
@@ -35,16 +35,25 @@ In this section, we review the step-by-step process of setting up a private link
 
 ### Connect Azure Monitor resources
 
+#### Connect Individual Azure Monitor resources
 Connect Azure Monitor resources like Log Analytics workspaces, Application Insights components, and [data collection endpoints](../essentials/data-collection-endpoint-overview.md)) to your Azure Monitor Private Link Scope (AMPLS).
 
 1. In your AMPLS, select **Azure Monitor Resources** in the menu on the left. Select **Add**.
-1. Add the workspace or component. Selecting **Add** opens a dialog where you can select Azure Monitor resources. You can browse through your subscriptions and resource groups. You can also enter their names to filter down to them. Select the workspace or component and select **Apply** to add them to your scope.
+1. Add the workspace, component, or data collection endpoint. Selecting **Add** opens a dialog where you can select Azure Monitor resources. You can browse through your subscriptions and resource groups. You can also enter their names to filter down to them. Select the resource you'd like to add and select **Apply** to add them to your scope.
 
-    :::image type="content" source="./media/private-link-security/ampls-select-2.png" lightbox="./media/private-link-security/ampls-select-2.png" alt-text="Screenshot that shows selecting a scope.":::
+    :::image type="content" source="./media/private-link-security/ampls-select-resource.png" lightbox="./media/private-link-security/ampls-select-resource.png" alt-text="Screenshot that shows Select a Scope.":::
 
 > [!NOTE]
 > Deleting Azure Monitor resources requires that you first disconnect them from any AMPLS objects they're connected to. It's not possible to delete resources connected to an AMPLS.
 
+#### Connect Platform Metrics subscriptions
+In addition to individual resources, you can also connect Platform Metrics by scoping an entire subscription to your AMPLS. Scoping a subscription for Platform Metrics will not affect individual Azure Monitor resources in that subscription.
+
+1. In your AMPLS, select **Platform Metrics Subscriptions** in the menu on the left. Select **Add**.
+2. From the **Add Subscription** panel, select a subscription you would like to connect to your AMPLS. You can enter their names to filter down to the subscription you are looking for. When you've selected the correct subscription, select **Apply** to add them to your scope
+
+    :::image type="content" source="./media/private-link-security/ampls-select-metrics-subscription.png" lightbox="./media/private-link-security/ampls-select-resource.png" alt-text="Screenshot that shows selecting a platform metrics subscription.":::
+
 ### Connect to a private endpoint
 
 Now that you have resources connected to your AMPLS, create a private endpoint to connect your network. You can do this task in the [Azure portal Private Link Center](https://portal.azure.com/#blade/Microsoft_Azure_Network/PrivateLinkCenterBlade/privateendpoints) or inside your AMPLS, as done in this example.

diff --git a/articles/azure-monitor/logs/private-link-security.md b/articles/azure-monitor/logs/private-link-security.md
@@ -58,6 +58,11 @@ When you configure Private Link even for a single resource, traffic to the follo
 >
 > Private Link settings for Managed Prometheus and ingesting data into your Azure Monitor workspace are configured on the Data Collection Endpoints for the referenced resource. Settings for querying your Azure Monitor workspace over Private Link are made directly on the Azure Monitor workspace and are not handled via AMPLS.
 
+### Kinds of scoped resources
+AMPLS makes a distinction between two kinds of resources, which must be specified when adding resources to a private link scope:
+- `Resource` kind is the label applied to all individual resources that can be scoped to AMPLS. This kind applies to application insights, log analytics workspaces, and data collection endpoints
+- `PlatformMetrics` kind is the label that applies to platform metrics within a subscription. Unlike resource kind, instead of scoping a single resource, an entire subscription and region is added to the AMPLS for platform metrics support. Scoping a subscription with kind `PlatformMetric` will not affect the application insights, log analytics workspaces, or data collection endpoints within that subscription.
+
 ### Resource-specific endpoints
 Log Analytics endpoints are workspace specific, except for the query endpoint discussed earlier. As a result, adding a specific Log Analytics workspace to the AMPLS will send ingestion requests to this workspace over the private link. Ingestion to other workspaces will continue to use the public endpoints.
 
@@ -91,4 +96,4 @@ Although Log Analytics query requests are affected by the AMPLS access mode sett
 - [Design your Azure Private Link setup](private-link-design.md).
 - Learn how to [configure your private link](private-link-configure.md).
 - Learn about [private storage](private-storage.md) for custom logs and customer-managed keys.
-<h3><a id="connect-to-a-private-endpoint"></a></h3>
+<h3><a id="connect-to-a-private-endpoint"></a></h3>