elastic · shainaraskas · Jul 22, 2025 · Jun 6, 2025 · Jun 9, 2025 · Jun 14, 2025
@@ -1,7 +1,9 @@
 {{ecloud}} has built-in security. For example, HTTPS communications between {{ecloud}} and the internet, as well as inter-node communications, are secured automatically, and cluster data is encrypted at rest.
 
+In both {{ech}} and {{serverless-full}}, you can also configure [IP filters](/deploy-manage/security/ip-filtering-cloud.md) to prevent unauthorized access to your deployments and projects.
+
 In {{ech}}, you can augment these security features in the following ways:
-* Configure [traffic filtering](/deploy-manage/security/traffic-filtering.md) to prevent unauthorized access to your deployments.
+* [Configure private connectivity and apply VPC filtering](/deploy-manage/security/private-connectivity.md) to establish a secure connection for your {{ecloud}} deployments to communicate with other cloud services, and restrict traffic to deployments based on those private connections.
 * Encrypt your deployment with a [customer-managed encryption key](/deploy-manage/security/encrypt-deployment-with-customer-managed-encryption-key.md).
 * [Secure your settings](/deploy-manage/security/secure-settings.md) using {{es}} and {{kib}} keystores.
 * Use the list of [{{ecloud}} static IPs](/deploy-manage/security/elastic-cloud-static-ips.md) to allow or restrict communications in your infrastructure.

@@ -57,7 +57,7 @@ From the deployment main page, you can quickly access the following configuratio
 From the **Deployment > Security** view, you can manage security settings, authentication, and access controls. Refer to [Secure your clusters](../../../deploy-manage/users-roles/cluster-or-deployment-auth.md) for more details on security options for your deployments.
 
 * [Reset the `elastic` user password](../../users-roles/cluster-or-deployment-auth/manage-elastic-user-cloud.md)
-* [Set up traffic filters](../../security/traffic-filtering.md) to restrict traffic to your deployment
+* [Set up IP filters](../../security/ip-filtering-ece.md) to restrict traffic to your deployment
 * Configure {{es}} keystore settings, also known as [secure settings](../../security/secure-settings.md)
 * Configure trust relationships for [remote clusters](../../remote-clusters/ece-enable-ccs.md)
 

@@ -103,7 +103,7 @@ Check the following sections to learn more about the Azure Native ISV Service:
 * **Troubleshooting**
 
     * [I receive an error message about not having required authorization.](#azure-integration-authorization-access)
-    * [My {{ecloud}} deployment creation failed.](#azure-integration-deployment-failed-traffic-filter)
+    * [My {{ecloud}} deployment creation failed.](#azure-integration-deployment-failed-network-security)
     * [I can’t SSO into my {{ecloud}} deployment.](#azure-integration-failed-sso)
     * [I see some deployments in the {{ecloud}} console but not in the Azure Portal.](#azure-integration-cant-see-deployment)
     * [My {{ecloud}} Azure Native ISV Service logs are not being ingested.](#azure-integration-logs-not-ingested)
@@ -319,18 +319,7 @@ $$$azure-integration-how-to-access$$$How can I access my {{ecloud}} deployment?
 
 
 $$$azure-integration-modify-deployment$$$How can I modify my {{ecloud}} deployment?
-:   Modify your {{ecloud}} deployment in the {{ecloud}} console, which is accessed from the Azure UI through the **Advanced Settings** link on the deployment overview page. In the {{ecloud}} console you can perform a number of actions against your deployment, including:
-
-    * [Re-size](ec-customize-deployment-components.md) to increase or decrease the amount of RAM, CPU, and storage available to your deployment, or to add additional availability zones.
-    * [Upgrade](../../upgrade/deployment-or-cluster.md) your deployment to a new {{stack}} version.
-    * Enable or disable individual {{stack}} components such as APM and Machine Learning.
-    * [Update {{stack}} user settings](edit-stack-settings.md) in the component YML files.
-    * [Add or remove custom plugins](add-plugins-extensions.md).
-    * [Configure IP filtering](../../security/traffic-filtering.md).
-    * [Monitor your {{ecloud}} deployment](../../monitor/stack-monitoring/ece-ech-stack-monitoring.md) to ensure it remains healthy.
-    * Add or remove API keys to use the [REST API](cloud://reference/cloud-hosted/ec-api-restful.md).
-    * [And more](cloud-hosted.md)
-
+:   Modify your {{ecloud}} deployment in the {{ecloud}} console, which is accessed from the Azure UI through the **Advanced Settings** link on the deployment overview page. In the {{ecloud}} console you can perform [a number of actions against your deployment](/deploy-manage/deploy/elastic-cloud/cloud-hosted.md#ec_how_to_operate_elasticsearch_service).
 
 $$$azure-integration-delete-deployment$$$How can I delete my {{ecloud}} deployment?
 :   Delete the deployment directly from the Azure console. The delete operation performs clean-up activities in the Elastic console to ensure any running components are removed, so that no additional charges occur.
@@ -349,7 +338,7 @@ $$$azure-integration-monitor$$$How do I monitor my existing Azure services?
 
 
 ::::{note}
-If you want to send platform logs to a deployment that has [IP or Private Link traffic filters](../../security/traffic-filtering.md) enabled, then you need to contact [the Elastic Support Team](#azure-integration-support) to perform additional configurations. Refer support to the article [Azure++ Resource Logs blocked by Traffic Filters](https://support.elastic.co/knowledge/18603788).
+If you want to send platform logs to a deployment that has [network security policies](/deploy-manage/security/network-security.md) applied, then you need to contact [the Elastic Support Team](#azure-integration-support) to perform additional configurations. Refer support to the article [Azure++ Resource Logs blocked by Traffic Filters](https://support.elastic.co/knowledge/18603788).
 
 ::::
 
@@ -462,7 +451,7 @@ $$$azure-integration-authorization-access$$$I receive an error message about not
     Elastic is not currently integrated with Azure user management, so sharing deployment resources through the Cloud console with other Azure users is not possible. However, sharing direct access to these resources is possible. For details, check [Is the {{ecloud}} Azure Native ISV Service connected with Azure user management?](#azure-integration-azure-user-management).
 
 
-$$$azure-integration-deployment-failed-traffic-filter$$$My {{ecloud}} deployment creation failed.
+$$$azure-integration-deployment-failed-network-security$$$My {{ecloud}} deployment creation failed.
 :   When creating a new {{ecloud}} deployment, the deployment creation may fail with a `Your deployment failed` error. The process results with a status message such as:
 
     ```txt
@@ -477,20 +466,15 @@ $$$azure-integration-deployment-failed-traffic-filter$$$My {{ecloud}} deployment
       ]
     ```
 
-    One possible cause of a deployment creation failure is the default traffic filtering rules. Deployments fail to create if a previously created traffic filter has enabled the **Include by default** option. When this option is enabled, traffic to the deployment is blocked, including traffic that is part of the {{ecloud}} Azure Native ISV Service. As a result, some of the integration components are not successfully provisioned and the deployment creation fails.
+    One possible cause of a deployment creation failure is the default network security policies. Deployments fail to create if a previously created network security policy has enabled the **Include by default** option. When this option is enabled, traffic to the deployment is blocked, including traffic that is part of the {{ecloud}} Azure Native ISV Service. As a result, some of the integration components are not successfully provisioned and the deployment creation fails.
 
     Follow these steps to resolve the problem:
 
     1. Login to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
-    2. Go to the [Traffic filters page](https://cloud.elastic.co/deployment-features/traffic-filters).
+    2. Go to the [Network security page](https://cloud.elastic.co/deployment-features/traffic-filters).
     3. Edit the traffic filter and disable the **Include by default** option.
-
-        :::{image} /deploy-manage/images/cloud-ec-marketplace-azure-traffic-filter-option.png
-        :alt: The Include by default option under Add to Deployments on the Traffic Filter page
-        :::
-
     4. In Azure, create a new {{ecloud}} deployment.
-    5. After the deployment has been created successfully, go back to the [Traffic filters page](https://cloud.elastic.co/deployment-features/traffic-filters) in {{ecloud}} and re-enable the **Include by default** option.
+    5. After the deployment has been created successfully, go back to the [Network security page](https://cloud.elastic.co/deployment-features/traffic-filters) in {{ecloud}} and re-enable the **Include by default** option.
 
 
 If your deployment still does not create successfully, [contact the Elastic Support Team](#azure-integration-support) for assistance.
@@ -511,7 +495,7 @@ Mimicking this metadata by manually adding tags to an {{ecloud}} deployment will
 
 $$$azure-integration-logs-not-ingested$$$My {{ecloud}} Azure Native ISV Service logs are not being ingested.
 :   * When you set up monitoring for your Azure services, if your Azure and Elastic resources are in different subscriptions, you need to make sure that the `Microsoft.Elastic` resource provider is registered in the subscription in which the Azure resources exist. Check [How do I monitor my existing Azure services?](#azure-integration-monitor) for details.
-* If you are using [IP or Private Link traffic filters](../../security/traffic-filtering.md), reach out to [the Elastic Support Team](#azure-integration-support).
+* If you are using [network security policies](/deploy-manage/security/network-security.md), reach out to [the Elastic Support Team](#azure-integration-support).
 
 
 

diff --git a/...y-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md b/...y-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
@@ -68,7 +68,7 @@ This table compares the core platform capabilities between {{ech}} deployments a
 | **Email service** | ✅ | ✅ | Preconfigured email connector available - [Learn more about limits and usage](/deploy-manage/deploy/elastic-cloud/tools-apis.md#elastic-cloud-email-service) |
 | **Hardware configuration** | Limited control | Managed | Hardware choices are managed by Elastic |
 | **High availability** | ✅ | ✅ | Automatic resilience |
-| **Network security** | Public IP traffic filtering, private connectivity (VPCs, PrivateLink) | **Planned** | - Traffic filtering anticipated in a future release <br>- Private connectivity options anticipated in a future release |
+| **Network security** | IP filtering, private connectivity (VPCs, PrivateLink) | IP filtering | Private connectivity options anticipated in a future release |
 | **Node management** | User-controlled | Managed | No node configuration access by design |
 | **Snapshot/restore** | ✅ | **Planned** | User-initiated snapshots are anticipated in a future release |
 

@@ -129,7 +129,7 @@ Refer to [Manage your Integrations Server](manage-integrations-server.md) to lea
 
 ## Security [ec_security]
 
-Here, you can configure features that keep your deployment secure: reset the password for the `elastic` user, set up traffic filters, and add settings to the {{es}} keystore. You can also set up remote connections to other deployments.
+Here, you can configure features that keep your deployment secure: reset the password for the `elastic` user, set up network security, and add settings to the {{es}} keystore. You can also set up remote connections to other deployments.
 
 
 ## Actions [ec_actions]

@@ -82,7 +82,7 @@ You might want to add more layers of security to your deployment, such as:
 
 * Add more users to the deployment with third-party authentication providers and services like [SAML](../../users-roles/cluster-or-deployment-auth/saml.md), [OpenID Connect](../../users-roles/cluster-or-deployment-auth/openid-connect.md), or [Kerberos](../../users-roles/cluster-or-deployment-auth/kerberos.md).
 * Do not use clients that only support HTTP to connect to {{ecloud}}. If you need to do so, you should use a reverse proxy setup.
-* Create [traffic filters](../../security/traffic-filtering.md) and apply them to your deployments.
+* Create [network security policies](/deploy-manage/security/network-security.md) and apply them to your deployments.
 * If needed, you can [reset](../../users-roles/cluster-or-deployment-auth/built-in-users.md) the `elastic` password.
 
 ### Scale or adjust your deployment [echscale_or_adjust_your_deployment]