From 9df8aa3f583b81fcd31456c6ec2caab38432d467 Mon Sep 17 00:00:00 2001
From: shainaraskas <shaina.raskas@elastic.co>
Date: Tue, 7 Apr 2026 10:10:05 -0400
Subject: [PATCH 1/8] remove all mentions of serverless plus

---
 .../elasticsearch-billing-dimensions.md       |  6 -----
 .../serverless-project-billing-dimensions.md  | 10 --------
 .../_snippets/serverless-plus-availability.md | 13 ----------
 .../deploy/_snippets/serverless-plus.md       | 11 --------
 ...nces-from-other-elasticsearch-offerings.md |  2 +-
 .../deploy/elastic-cloud/project-settings.md  | 25 ++++---------------
 deploy-manage/security/ip-filtering-cloud.md  | 10 --------
 deploy-manage/security/ip-filtering.md        |  4 ---
 .../security/network-security-api.md          |  4 ---
 .../security/private-connectivity-aws.md      | 14 -----------
 .../security/private-connectivity.md          |  2 --
 redirects.yml                                 |  3 +++
 .../es-serverless-add-ons.md                  | 20 ---------------
 .../observability-serverless-feature-tiers.md |  1 -
 .../security-serverless-feature-tiers.md      |  3 ---
 solutions/toc.yml                             |  1 -
 16 files changed, 9 insertions(+), 120 deletions(-)
 delete mode 100644 deploy-manage/deploy/_snippets/serverless-plus-availability.md
 delete mode 100644 deploy-manage/deploy/_snippets/serverless-plus.md
 delete mode 100644 solutions/elasticsearch-solution-project/es-serverless-add-ons.md

diff --git a/deploy-manage/cloud-organization/billing/elasticsearch-billing-dimensions.md b/deploy-manage/cloud-organization/billing/elasticsearch-billing-dimensions.md
index 3f5fda0e04..7ba0111a6c 100644
--- a/deploy-manage/cloud-organization/billing/elasticsearch-billing-dimensions.md
+++ b/deploy-manage/cloud-organization/billing/elasticsearch-billing-dimensions.md
@@ -39,12 +39,6 @@ For detailed {{es-serverless}} project rates, refer to the [{{es-serverless}} pr
 
 {{es-serverless}} projects store data in the [Search AI Lake](/deploy-manage/deploy/elastic-cloud/project-settings.md#elasticsearch-manage-project-search-ai-lake-settings). You are charged per GB of stored data at rest. Note that if you perform operations at ingest such as vectorization or enrichment, the size of your stored data will differ from the size of the original source data.
 
-## Serverless Plus add-on [elasticsearch-billing-serverless-plus-add-on]
-
-The [Serverless Plus add-on](/deploy-manage/deploy/elastic-cloud/project-settings.md#serverless-plus) is an optional add-on for {{es-serverless}} projects. It includes enterprise features such as IP filtering, private connectivity, and {{cps}} (coming soon).
-
-Serverless Plus is free for a limited promotional period. Enabling or using features included in the add-on opts your project in. When the promotional period ends, a charge for the add-on is applied as a percentage of the project's ECUs. To learn more about the add-on and the promotional period, refer to [Project features and add-ons](/deploy-manage/deploy/elastic-cloud/project-settings.md#serverless-plus).
-
 ## Managing {{es}} costs [elasticsearch-billing-managing-elasticsearch-costs]
 
 You can control costs using the following strategies:
diff --git a/deploy-manage/cloud-organization/billing/serverless-project-billing-dimensions.md b/deploy-manage/cloud-organization/billing/serverless-project-billing-dimensions.md
index aeef424fb1..501493b9b8 100644
--- a/deploy-manage/cloud-organization/billing/serverless-project-billing-dimensions.md
+++ b/deploy-manage/cloud-organization/billing/serverless-project-billing-dimensions.md
@@ -38,13 +38,3 @@ To learn about billing dimensions for specific offerings, refer to:
 
 If your subscription level is Standard, there is no separate charge for Support reflected on your bill. If your subscription level is Gold, Platinum, or Enterprise, a charge is made for Support as a percentage (%) of the ECUs. To find out more about our support levels, go to [https://www.elastic.co/support](https://www.elastic.co/support).
 
-### Serverless Plus [serverless-plus-add-on]
-
-:::{include} /deploy-manage/deploy/_snippets/serverless-plus.md
-:::
-
-#### Availability [serverless-plus-add-on-availability]
-
-:::{include} /deploy-manage/deploy/_snippets/serverless-plus-availability.md
-:::
-
diff --git a/deploy-manage/deploy/_snippets/serverless-plus-availability.md b/deploy-manage/deploy/_snippets/serverless-plus-availability.md
deleted file mode 100644
index 8e43ac6dff..0000000000
--- a/deploy-manage/deploy/_snippets/serverless-plus-availability.md
+++ /dev/null
@@ -1,13 +0,0 @@
-Serverless Plus features are included at no additional charge in the following feature tiers:
-
-* {{sec-serverless}} projects: [Security Analytics Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#elastic-sec-project-features)
-* {{obs-serverless}} projects: [Observability Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#obs-serverless-project-features)
-
-For {{es}} projects, Serverless Plus is offered as an optional add-on.
-
-Serverless Plus is free for a limited promotional period. Enabling or using these features opts your project in to Serverless Plus. At the end of the promotional period, for any project using Serverless Plus:
-
-* **{{es-serverless}}**: A charge for the add-on as a percentage of the ECUs will be applied.
-* **{{obs-serverless}}** or **{{sec-serverless}}**: The project must be on the relevant Complete tier, or will be moved to it.
-
-To opt out of Serverless Plus before the end of the promotional period, stop using the features on the relevant project. For example, you can [disconnect your network security policies](/deploy-manage/security/network-security-policies.md#review-the-policies-associated-with-a-resource) from the project.
\ No newline at end of file
diff --git a/deploy-manage/deploy/_snippets/serverless-plus.md b/deploy-manage/deploy/_snippets/serverless-plus.md
deleted file mode 100644
index dd001238b0..0000000000
--- a/deploy-manage/deploy/_snippets/serverless-plus.md
+++ /dev/null
@@ -1,11 +0,0 @@
-The Serverless Plus add-on is a package of enterprise features that help you to secure your data and enhance your data insights.
-
-Serverless Plus includes the following features:
-
-* Network security features, including [IP filtering](/deploy-manage/security/ip-filtering-cloud.md) and [private connectivity](/deploy-manage/security/private-connectivity.md)
-* Coming soon: {{cps-cap}}
-
-In future, Serverless Plus will include the following additional features:
-
-* Cross-project replication
-* Encryption at rest with customer-managed keys
\ No newline at end of file
diff --git a/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md b/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
index 9d04fbddf3..e36b74c2fd 100644
--- a/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
+++ b/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
@@ -69,7 +69,7 @@ This table compares core identity, access, and platform capabilities between {{e
 | **Email service** | ✅ | ✅ | Preconfigured email connector available - [Learn more about limits and usage](/deploy-manage/deploy/elastic-cloud/tools-apis.md#elastic-cloud-email-service) |
 | **Hardware configuration** | Limited control | Managed | Hardware choices are managed by Elastic |
 | **High availability** | ✅ | ✅ | Automatic resilience |
-| **Network security** | IP filtering, private connectivity (VPCs, PrivateLink) | IP filtering, private connectivity (VPCs, PrivateLink) | Private connectivity for Serverless projects is currently supported in AWS regions only. Requires the [Serverless Plus add-on](/deploy-manage/deploy/elastic-cloud/project-settings.md#serverless-plus). |
+| **Network security** | IP filtering, private connectivity (VPCs, PrivateLink) | IP filtering, private connectivity (VPCs, PrivateLink) | Private connectivity for Serverless projects is currently supported in AWS regions only. |
 | **[API keys](/deploy-manage/api-keys.md)** | ✅ | ✅ | Available across {{ech}} and Serverless using deployment/project and cloud API key types. |
 | **[Native realm authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/native.md)** | ✅ | ❌ | Only API key-based authentication is supported at the project level. User authentication, including SAML SSO, is managed at the [organization level](/deploy-manage/users-roles/cloud-organization.md). |
 | **Role-based access control** | ✅ | ✅ | In Serverless, RBAC is managed at organization level with optional project custom roles. |
diff --git a/deploy-manage/deploy/elastic-cloud/project-settings.md b/deploy-manage/deploy/elastic-cloud/project-settings.md
index 543569a4e0..fd151ad692 100644
--- a/deploy-manage/deploy/elastic-cloud/project-settings.md
+++ b/deploy-manage/deploy/elastic-cloud/project-settings.md
@@ -59,17 +59,12 @@ $$$elasticsearch-manage-project-search-power-settings$$$
 
 ## Project features and add-ons [project-features-add-ons]
 
-Project features and add-ons control which capabilities are available in your serverless project and how they are billed. What you can configure depends on your project type: 
+Project features and add-ons control which capabilities are available in your serverless project and how they are billed. What you can configure depends on your project type:
 
-* [{{es-serverless}} project features](#es-serverless-project-features)
 * [{{sec-serverless}} project features](#elastic-sec-project-features)
 * [{{obs-serverless}} project features](#obs-serverless-project-features) 
 
-[Serverless Plus](#serverless-plus) is included at no additional charge in the Security Analytics Complete and Observability Complete feature tiers, and is offered as an optional add-on for {{es}} projects.
-
-### {{es-serverless}} project features [es-serverless-project-features]
-
-The only add-on available for {{es}} projects is Serverless Plus. To opt in during the promotional period, start using the features on the relevant project. For more information, refer to [Serverless Plus add-on](#serverless-plus).
+There are no additional project features or add-ons for {{es-serverless}} projects.
 
 ### {{sec-serverless}} project features [elastic-sec-project-features]
 
@@ -78,8 +73,8 @@ For {{sec-serverless}} projects, edit the **Project features** to select a featu
 | Feature tier | Description and add-ons |
 | :--- | :--- |
 | **Elastic AI SOC Engine (EASE)** | A package of AI-powered tools meant to work with and enhance your existing SOC platforms: triage and correlate alerts from any platform using Attack Discovery, get realtime recommendations and assistance from AI Assistant, and share insights with your other tools.  |
-| **Security Analytics Essentials** | A suite of security analytics, detections, investigations, and collaboration tools. Does not include AI-powered tools. Allows these add-ons:<br>• **Endpoint Protection Essentials**: endpoint protections with {{elastic-defend}}.<br>• **Cloud Protection Essentials**: Cloud native security features.<br> |
-| **Security Analytics Complete** | Everything in **Security Analytics Essentials** and **EASE**, plus advanced features such as entity analytics, threat intelligence, and more. Allows these add-ons:<br><br>• **Endpoint Protection Complete**: Everything in **Endpoint Protection Essentials** plus advanced endpoint detection and response features.<br>• **Cloud Protection Complete**: Everything in **Cloud Protection Essentials** plus advanced cloud security features.<br><br>The [Serverless Plus add-on](#serverless-plus) is included with this tier at no additional charge. |
+| **Security Analytics Essentials** | A suite of security analytics, detections, investigations, and collaboration tools. Does not include AI-powered tools. Allows these add-ons:<br>• **Endpoint Protection Essentials**: endpoint protections with {{elastic-defend}}.<br>• **Cloud Protection Essentials**: Cloud native security features.|
+| **Security Analytics Complete** | Everything in **Security Analytics Essentials** and **EASE**, plus advanced features such as entity analytics, threat intelligence, and more. Allows these add-ons:<br><br>• **Endpoint Protection Complete**: Everything in **Endpoint Protection Essentials** plus advanced endpoint detection and response features.<br>• **Cloud Protection Complete**: Everything in **Cloud Protection Essentials** plus advanced cloud security features.|
 
 #### Downgrading the feature tier [elasticsearch-manage-project-downgrading-the-feature-tier]
 
@@ -122,22 +117,12 @@ For {{obs-serverless}} projects, edit the **Project features** to select a featu
 | Feature tier | Description|
 | :--- | :--- |
 | **Observability Logs Essentials** | Includes everything you need to store and analyze logs at scale.<br> |
-| **Observability Complete** | Adds full-stack observability capabilities to monitor cloud-native and hybrid environments.<br><br>The [Serverless Plus add-on](#serverless-plus) is included with this tier at no additional charge. |
+| **Observability Complete** | Adds full-stack observability capabilities to monitor cloud-native and hybrid environments.|
 
 :::{tip}
 For a full feature comparison, upgrading instructions, and more, refer to [{{obs-serverless}} feature tiers](../../../solutions/observability/observability-serverless-feature-tiers.md).
 :::
 
-### Serverless Plus add-on [serverless-plus]
-
-:::{include} ../_snippets/serverless-plus.md
-:::
-
-#### Availability [serverless-plus-add-on-availability]
-
-:::{include} ../_snippets/serverless-plus-availability.md
-:::
-
 ## Project tags
 
 Project tags are custom metadata key-value pairs that allow you to categorize and organize your projects.
diff --git a/deploy-manage/security/ip-filtering-cloud.md b/deploy-manage/security/ip-filtering-cloud.md
index ddfb3cf135..4bc9420462 100644
--- a/deploy-manage/security/ip-filtering-cloud.md
+++ b/deploy-manage/security/ip-filtering-cloud.md
@@ -36,14 +36,6 @@ To learn how to create IP filters for {{ece}} deployments, refer to [](ip-filter
 To learn how to create IP filters for self-managed clusters or {{eck}} deployments, refer to [](ip-filtering-basic.md).
 :::
 
-## Requirements
-
-Serverless projects require the [Serverless Plus add-on](/deploy-manage/deploy/elastic-cloud/project-settings.md#serverless-plus) to apply IP filter policies. During the promotional period, applying an IP filter policy to a project opts that project in to Serverless Plus. 
-
-:::{tip}
-You can opt out by disconnecting all policies from the project.
-:::
-
 ## Apply an IP filter to a deployment or project
 
 To apply an IP filter to a deployment or project, you must first create an IP filter policy (referred to as "IP filter") at the organization or platform level, and then apply it to your deployment.
@@ -70,8 +62,6 @@ To create an IP filter:
 
 You can associate an IP filter with your deployment or project from the IP filter's settings, or from your deployment or project's settings. After you associate the IP filter with a deployment or project, it starts filtering traffic.
 
-Serverless projects require the [Serverless Plus add-on](/deploy-manage/deploy/elastic-cloud/project-settings.md#serverless-plus) to apply IP filters. During the promotional period, applying an IP filter to a project opts that project in to Serverless Plus.
-
 :::{tip}
 You can apply multiple policies to a single deployment or project. For {{ech}} deployments and {{serverless-short}} projects, you can apply both IP filter policies and private connection policies. In case of multiple policies, traffic can match any associated policy to be forwarded to the resource. If none of the policies match, the request is rejected with `403 Forbidden`.
 
diff --git a/deploy-manage/security/ip-filtering.md b/deploy-manage/security/ip-filtering.md
index 679c7370cc..25094a469e 100644
--- a/deploy-manage/security/ip-filtering.md
+++ b/deploy-manage/security/ip-filtering.md
@@ -36,10 +36,6 @@ In {{serverless-full}} and {{ech}}, IP filters are a type of [network security p
   
 To learn how multiple IP filters are processed, and how IP filters and [private connections](/deploy-manage/security/private-connectivity.md) work together in ECH, refer to [](/deploy-manage/security/network-security-policies.md).
 
-:::{note}
-Serverless projects require the [Serverless Plus add-on](/deploy-manage/deploy/elastic-cloud/project-settings.md#serverless-plus) to apply IP filter policies. During the promotional period, applying an IP filter policy to a project opts that project in to Serverless Plus.
-:::
-
 ## ECE
 
 In {{ece}}, filter rules are created at the platform level, and then applied at the deployment level. Follow these guides to learn how to create, apply, and manage these policies using your preferred method:
diff --git a/deploy-manage/security/network-security-api.md b/deploy-manage/security/network-security-api.md
index 41e8910dff..b0846b2937 100644
--- a/deploy-manage/security/network-security-api.md
+++ b/deploy-manage/security/network-security-api.md
@@ -45,10 +45,6 @@ Refer to [](network-security.md) to learn more about network security across all
 Policies in {{ecloud}} are the equivalent of rule sets in {{ece}} and the {{ecloud}} API.
 :::
 
-:::{note}
-Serverless projects require the [Serverless Plus add-on](/deploy-manage/deploy/elastic-cloud/project-settings.md#serverless-plus) to apply network security policies. During the promotional period, applying a network security policy to a project opts that project in to Serverless Plus.
-:::
-
 ## API reference
 
 To learn more about these endpoints, refer to the reference for your deployment type:
diff --git a/deploy-manage/security/private-connectivity-aws.md b/deploy-manage/security/private-connectivity-aws.md
index 376efc7289..ff510d2964 100644
--- a/deploy-manage/security/private-connectivity-aws.md
+++ b/deploy-manage/security/private-connectivity-aws.md
@@ -31,14 +31,6 @@ To learn how private connection policies impact your deployment or project, refe
 {{ech}} and {{serverless-full}} also support [IP filters](/deploy-manage/security/ip-filtering-cloud.md). You can apply both IP filters and private connections to a single {{ecloud}} resource.
 :::
 
-## Requirements
-
-Serverless projects require the [Serverless Plus add-on](/deploy-manage/deploy/elastic-cloud/project-settings.md#serverless-plus) to apply private connection policies. During the promotional period, applying a private connection policy to a project opts that project in to Serverless Plus. 
-
-:::{tip}
-You can opt out by disconnecting all policies from the project.
-:::
-
 ## Considerations
 
 Before you begin, review  the following considerations:
@@ -347,10 +339,6 @@ Create a new private connection policy.
     :::
 
 8.  Optional: Under **Apply to resources**, associate the new private connection policy with one or more deployments or projects. If you specified a VPC filter, then after you associate the filter with a resource, it starts filtering traffic.
-    
-    :::{note}
-    Serverless projects require the [Serverless Plus add-on](/deploy-manage/deploy/elastic-cloud/project-settings.md#serverless-plus) to apply private connection policies. During the promotional period, applying a private connection policy to a project opts that project in to Serverless Plus.
-    :::
 9. To automatically attach this private connection policy to new resources of this type, select **Apply by default**.
 10.  Click **Create**.
 11. (Optional) If you created a private connection policy for {{ech}} deployments, you can [claim your VPC endpoint ID](/deploy-manage/security/claim-private-connection-api.md), so that no other organization is able to use it in a private connection policy.
@@ -361,8 +349,6 @@ The next step is to [associate the policy](#associate-private-connection-policy)
 
 You can associate a private connection policy with your deployment or project from the policy's settings, or from your deployment's or project's settings. 
 
-Serverless projects require the [Serverless Plus add-on](/deploy-manage/deploy/elastic-cloud/project-settings.md#serverless-plus) to apply private connection policies. During the promotional period, applying a private connection policy to a project opts that project in to Serverless Plus.
-
 #### From a deployment or project
 
 :::::{applies-switch}
diff --git a/deploy-manage/security/private-connectivity.md b/deploy-manage/security/private-connectivity.md
index 419bd1d727..efc5595f1e 100644
--- a/deploy-manage/security/private-connectivity.md
+++ b/deploy-manage/security/private-connectivity.md
@@ -12,8 +12,6 @@ products:
 
 Private connectivity is a secure way for your {{ecloud}} deployments and projects to communicate with other cloud provider services over your cloud provider's private network. You can create a virtual private connection (VPC) using your provider's private link service, and then manage it in {{ecloud}} using a private connection policy. You can also optionally filter traffic to your deployments and projects by creating ingress filters for your VPC in {{ecloud}}.
 
-Serverless projects require the [Serverless Plus add-on](/deploy-manage/deploy/elastic-cloud/project-settings.md#serverless-plus) to apply private connection policies. During the promotional period, applying a private connection policy to a project opts that project in to Serverless Plus.
-
 :::{tip}
 Private connection policies are a type of [network security policy](/deploy-manage/security/network-security-policies.md).
 :::
diff --git a/redirects.yml b/redirects.yml
index c6a6cc0024..1f2cf2bb85 100644
--- a/redirects.yml
+++ b/redirects.yml
@@ -842,3 +842,6 @@ redirects:
 
 # Renamed for SEO - URL now matches page title
   'solutions/security/detect-and-alert/requirements-privileges.md': 'solutions/security/detect-and-alert/turn-on-detections.md'
+
+# Removed Serverless Plus add-on
+  'solutions/elasticsearch-solution-project/es-serverless-add-ons.md': 'solutions/elasticsearch-solution-project.md'
diff --git a/solutions/elasticsearch-solution-project/es-serverless-add-ons.md b/solutions/elasticsearch-solution-project/es-serverless-add-ons.md
deleted file mode 100644
index addc4ba00e..0000000000
--- a/solutions/elasticsearch-solution-project/es-serverless-add-ons.md
+++ /dev/null
@@ -1,20 +0,0 @@
----
-mapped_pages:
-  - https://www.elastic.co/guide/en/serverless/current/elasticsearch-add-ons.html
-applies_to:
-  serverless:
-    elasticsearch: ga
-products:
-  - id: cloud-serverless
-navigation_title: Add-ons
-description: Learn about add-ons for Elasticsearch Serverless projects.
----
-
-# {{es-serverless}} add-ons [elasticsearch-add-ons]
-
-{{es-serverless}} projects currently support the optional **Serverless Plus** add-on.
-
-:::{include} /deploy-manage/deploy/_snippets/serverless-plus.md
-:::
-
-This add-on is currently free for a limited promotional period. Enabling or using these features opts your project in to Serverless Plus. [Learn more](/deploy-manage/deploy/elastic-cloud/project-settings.md#serverless-plus).
diff --git a/solutions/observability/observability-serverless-feature-tiers.md b/solutions/observability/observability-serverless-feature-tiers.md
index f41c9f4ab0..11bd1b9f9a 100644
--- a/solutions/observability/observability-serverless-feature-tiers.md
+++ b/solutions/observability/observability-serverless-feature-tiers.md
@@ -39,7 +39,6 @@ The following table compares features available in Observability Complete and Ob
 | {applies_to}`serverless: preview` **[Agent Builder](/solutions/observability/ai/agent-builder-observability.md)** | ✅ | ❌ |
 | **[Custom knowledge bases](/solutions/observability/ai/observability-ai-assistant.md#obs-ai-kb-ui)** | ✅ | ❌ |
 | **[Synthetics testing and browser experience monitoring](/solutions/observability/synthetics/index.md)** | ✅ | ❌ |
-| **[Serverless Plus add-on](/deploy-manage/deploy/elastic-cloud/project-settings.md#serverless-plus)** | ✅ | ❌ |
 
 ## Add data to a serverless project [obs-subscription-ingest]
 
diff --git a/solutions/security/security-serverless-feature-tiers.md b/solutions/security/security-serverless-feature-tiers.md
index 2039fba393..b7912c2c6d 100644
--- a/solutions/security/security-serverless-feature-tiers.md
+++ b/solutions/security/security-serverless-feature-tiers.md
@@ -41,7 +41,6 @@ The following table compares features available in each feature tier:
 | **[Entity analytics / UEBA](/solutions/security/advanced-entity-analytics.md)** | ✅ | ❌ | ❌ |
 | **Extended security content** | ✅ | ❌ | ❌ |
 | **Threat intelligence management** | ✅ | ❌ | ❌ |
-| **[Serverless Plus add-on](/deploy-manage/deploy/elastic-cloud/project-settings.md#serverless-plus)** | ✅ | ❌ | ❌ |
 
 
 ## Add-on options
@@ -68,8 +67,6 @@ Both the **Security Analytics Complete** and **Security Analytics Essentials** f
 
 % commenting this out until it gets reintroduced in 9.3 | **Drift protection for containers** | ✅ | ❌ |
 
-The [Serverless Plus add-on](/deploy-manage/deploy/elastic-cloud/project-settings.md#serverless-plus) is automatically included with the **Security Analytics Complete** feature tier at no additional charge.
-
 ## Upgrade to a higher feature tier [sec-subscription-upgrade]
 
 :::{warning}
diff --git a/solutions/toc.yml b/solutions/toc.yml
index f2b1f58224..59cf8ea888 100644
--- a/solutions/toc.yml
+++ b/solutions/toc.yml
@@ -84,7 +84,6 @@ toc:
           - file: elasticsearch-solution-project/search-applications/search-application-api.md
           - file: elasticsearch-solution-project/search-applications/search-application-security.md
           - file: elasticsearch-solution-project/search-applications/search-application-client.md
-      - file: elasticsearch-solution-project/es-serverless-add-ons.md
   - file: observability.md
     children:
       - file: observability/get-started.md

From e89f160fe1eb607e44501f4ab56deaccce03ff73 Mon Sep 17 00:00:00 2001
From: shainaraskas <shaina.raskas@elastic.co>
Date: Tue, 7 Apr 2026 10:14:04 -0400
Subject: [PATCH 2/8] edit comment

---
 redirects.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/redirects.yml b/redirects.yml
index 1f2cf2bb85..264042c5f9 100644
--- a/redirects.yml
+++ b/redirects.yml
@@ -843,5 +843,5 @@ redirects:
 # Renamed for SEO - URL now matches page title
   'solutions/security/detect-and-alert/requirements-privileges.md': 'solutions/security/detect-and-alert/turn-on-detections.md'
 
-# Removed Serverless Plus add-on
+# No more elasticsearch solution add-ons
   'solutions/elasticsearch-solution-project/es-serverless-add-ons.md': 'solutions/elasticsearch-solution-project.md'

From 5ab2651c7eb4c17c862103c622629fd9f8f1921e Mon Sep 17 00:00:00 2001
From: shainaraskas <shaina.raskas@elastic.co>
Date: Tue, 7 Apr 2026 10:37:40 -0400
Subject: [PATCH 3/8] private connectivity and ip filtering is gated by tier in
 obs and sec projects

---
 ...differences-from-other-elasticsearch-offerings.md |  2 +-
 .../security/_snippets/network-sec-tier-reqs.md      |  4 ++++
 deploy-manage/security/ip-filtering-cloud.md         | 10 ++++++++++
 deploy-manage/security/ip-filtering.md               |  7 +++++++
 deploy-manage/security/network-security-api.md       | 12 ++++++++++++
 deploy-manage/security/private-connectivity-aws.md   | 10 ++++++++++
 deploy-manage/security/private-connectivity.md       |  7 +++++++
 .../observability-serverless-feature-tiers.md        |  2 ++
 .../security/security-serverless-feature-tiers.md    |  2 ++
 9 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 deploy-manage/security/_snippets/network-sec-tier-reqs.md

diff --git a/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md b/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
index e36b74c2fd..262837ad13 100644
--- a/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
+++ b/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
@@ -69,7 +69,7 @@ This table compares core identity, access, and platform capabilities between {{e
 | **Email service** | ✅ | ✅ | Preconfigured email connector available - [Learn more about limits and usage](/deploy-manage/deploy/elastic-cloud/tools-apis.md#elastic-cloud-email-service) |
 | **Hardware configuration** | Limited control | Managed | Hardware choices are managed by Elastic |
 | **High availability** | ✅ | ✅ | Automatic resilience |
-| **Network security** | IP filtering, private connectivity (VPCs, PrivateLink) | IP filtering, private connectivity (VPCs, PrivateLink) | Private connectivity for Serverless projects is currently supported in AWS regions only. |
+| **Network security** | IP filtering, private connectivity (VPCs, PrivateLink) | IP filtering, private connectivity (VPCs, PrivateLink) | Private connectivity for Serverless projects is currently supported in AWS regions only.<br><br>For Observability projects, requires [Observability Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#observability-complete).<br><br>For Security projects, requires [Security Analytics Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#security-analytics-complete).|
 | **[API keys](/deploy-manage/api-keys.md)** | ✅ | ✅ | Available across {{ech}} and Serverless using deployment/project and cloud API key types. |
 | **[Native realm authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/native.md)** | ✅ | ❌ | Only API key-based authentication is supported at the project level. User authentication, including SAML SSO, is managed at the [organization level](/deploy-manage/users-roles/cloud-organization.md). |
 | **Role-based access control** | ✅ | ✅ | In Serverless, RBAC is managed at organization level with optional project custom roles. |
diff --git a/deploy-manage/security/_snippets/network-sec-tier-reqs.md b/deploy-manage/security/_snippets/network-sec-tier-reqs.md
new file mode 100644
index 0000000000..05b55b45a7
--- /dev/null
+++ b/deploy-manage/security/_snippets/network-sec-tier-reqs.md
@@ -0,0 +1,4 @@
+The following requirements apply to the project where you want to apply a {{policy-type}} policy:
+
+* For Observability projects, requires the [Observability Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#observability-complete) feature tier.
+* For Security projects, requires the [Security Analytics Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#security-analytics-complete) feature tier.
\ No newline at end of file
diff --git a/deploy-manage/security/ip-filtering-cloud.md b/deploy-manage/security/ip-filtering-cloud.md
index 4bc9420462..12f95ae7aa 100644
--- a/deploy-manage/security/ip-filtering-cloud.md
+++ b/deploy-manage/security/ip-filtering-cloud.md
@@ -36,6 +36,16 @@ To learn how to create IP filters for {{ece}} deployments, refer to [](ip-filter
 To learn how to create IP filters for self-managed clusters or {{eck}} deployments, refer to [](ip-filtering-basic.md).
 :::
 
+## Requirements
+```{applies_to}
+serverless:
+```
+
+:::{include} _snippets/network-sec-tier-reqs.md
+:::
+
+There are no specific requirements for {{es-serverless}} projects or {{ech}} deployments.
+
 ## Apply an IP filter to a deployment or project
 
 To apply an IP filter to a deployment or project, you must first create an IP filter policy (referred to as "IP filter") at the organization or platform level, and then apply it to your deployment.
diff --git a/deploy-manage/security/ip-filtering.md b/deploy-manage/security/ip-filtering.md
index 25094a469e..980c874a78 100644
--- a/deploy-manage/security/ip-filtering.md
+++ b/deploy-manage/security/ip-filtering.md
@@ -36,6 +36,13 @@ In {{serverless-full}} and {{ech}}, IP filters are a type of [network security p
   
 To learn how multiple IP filters are processed, and how IP filters and [private connections](/deploy-manage/security/private-connectivity.md) work together in ECH, refer to [](/deploy-manage/security/network-security-policies.md).
 
+:::{note}
+{{serverless-short}} Observability and Security projects must belong to a specific feature tier to apply IP filter policies:
+
+* Observability: [Observability Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#observability-complete) 
+* Security: [Security Analytics Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#security-analytics-complete) 
+:::
+
 ## ECE
 
 In {{ece}}, filter rules are created at the platform level, and then applied at the deployment level. Follow these guides to learn how to create, apply, and manage these policies using your preferred method:
diff --git a/deploy-manage/security/network-security-api.md b/deploy-manage/security/network-security-api.md
index b0846b2937..3f209a69d1 100644
--- a/deploy-manage/security/network-security-api.md
+++ b/deploy-manage/security/network-security-api.md
@@ -12,6 +12,8 @@ products:
   - id: cloud-enterprise
   - id: cloud-serverless
 navigation_title: Through the API
+sub:
+  policy-type: "network security"
 ---
 
 # Manage network security through the API
@@ -45,6 +47,16 @@ Refer to [](network-security.md) to learn more about network security across all
 Policies in {{ecloud}} are the equivalent of rule sets in {{ece}} and the {{ecloud}} API.
 :::
 
+## Requirements
+```{applies_to}
+serverless:
+```
+
+:::{include} _snippets/network-sec-tier-reqs.md
+:::
+
+There are no specific requirements for {{es-serverless}} projects, {{ech}} deployments, or {{ece}} deployments.
+
 ## API reference
 
 To learn more about these endpoints, refer to the reference for your deployment type:
diff --git a/deploy-manage/security/private-connectivity-aws.md b/deploy-manage/security/private-connectivity-aws.md
index ff510d2964..5ad6be5ebb 100644
--- a/deploy-manage/security/private-connectivity-aws.md
+++ b/deploy-manage/security/private-connectivity-aws.md
@@ -31,6 +31,16 @@ To learn how private connection policies impact your deployment or project, refe
 {{ech}} and {{serverless-full}} also support [IP filters](/deploy-manage/security/ip-filtering-cloud.md). You can apply both IP filters and private connections to a single {{ecloud}} resource.
 :::
 
+## Requirements
+```{applies_to}
+serverless:
+```
+
+:::{include} _snippets/network-sec-tier-reqs.md
+:::
+
+There are no specific requirements for {{es-serverless}} projects or {{ech}} deployments.
+
 ## Considerations
 
 Before you begin, review  the following considerations:
diff --git a/deploy-manage/security/private-connectivity.md b/deploy-manage/security/private-connectivity.md
index efc5595f1e..aaeb2ce6df 100644
--- a/deploy-manage/security/private-connectivity.md
+++ b/deploy-manage/security/private-connectivity.md
@@ -12,6 +12,13 @@ products:
 
 Private connectivity is a secure way for your {{ecloud}} deployments and projects to communicate with other cloud provider services over your cloud provider's private network. You can create a virtual private connection (VPC) using your provider's private link service, and then manage it in {{ecloud}} using a private connection policy. You can also optionally filter traffic to your deployments and projects by creating ingress filters for your VPC in {{ecloud}}.
 
+:::{note}
+{{serverless-short}} Observability and Security projects must belong to a specific feature tier to apply private connection policies:
+
+* Observability: [Observability Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#observability-complete) 
+* Security: [Security Analytics Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#security-analytics-complete) 
+:::
+
 :::{tip}
 Private connection policies are a type of [network security policy](/deploy-manage/security/network-security-policies.md).
 :::
diff --git a/solutions/observability/observability-serverless-feature-tiers.md b/solutions/observability/observability-serverless-feature-tiers.md
index 11bd1b9f9a..4294a55b26 100644
--- a/solutions/observability/observability-serverless-feature-tiers.md
+++ b/solutions/observability/observability-serverless-feature-tiers.md
@@ -39,6 +39,8 @@ The following table compares features available in Observability Complete and Ob
 | {applies_to}`serverless: preview` **[Agent Builder](/solutions/observability/ai/agent-builder-observability.md)** | ✅ | ❌ |
 | **[Custom knowledge bases](/solutions/observability/ai/observability-ai-assistant.md#obs-ai-kb-ui)** | ✅ | ❌ |
 | **[Synthetics testing and browser experience monitoring](/solutions/observability/synthetics/index.md)** | ✅ | ❌ |
+| **[Private connectivity](/deploy-manage/security/private-connectivity.md)** | ✅ | ❌ |
+| **[IP filtering](/deploy-manage/security/ip-filtering.md)** | ✅ | ❌ |
 
 ## Add data to a serverless project [obs-subscription-ingest]
 
diff --git a/solutions/security/security-serverless-feature-tiers.md b/solutions/security/security-serverless-feature-tiers.md
index b7912c2c6d..af84d37e0d 100644
--- a/solutions/security/security-serverless-feature-tiers.md
+++ b/solutions/security/security-serverless-feature-tiers.md
@@ -41,6 +41,8 @@ The following table compares features available in each feature tier:
 | **[Entity analytics / UEBA](/solutions/security/advanced-entity-analytics.md)** | ✅ | ❌ | ❌ |
 | **Extended security content** | ✅ | ❌ | ❌ |
 | **Threat intelligence management** | ✅ | ❌ | ❌ |
+| **[Private connectivity](/deploy-manage/security/private-connectivity.md)** | ✅ | ❌ | ❌ |
+| **[IP filtering](/deploy-manage/security/ip-filtering.md)** | ✅ | ❌ | ❌ |
 
 
 ## Add-on options

From 0e2cbaf258526a1b42a0b763d0cdcc4e41124bc3 Mon Sep 17 00:00:00 2001
From: shainaraskas <shaina.raskas@elastic.co>
Date: Tue, 7 Apr 2026 10:44:14 -0400
Subject: [PATCH 4/8] bad links

---
 deploy-manage/security/_snippets/network-sec-tier-reqs.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/deploy-manage/security/_snippets/network-sec-tier-reqs.md b/deploy-manage/security/_snippets/network-sec-tier-reqs.md
index 05b55b45a7..18110e5654 100644
--- a/deploy-manage/security/_snippets/network-sec-tier-reqs.md
+++ b/deploy-manage/security/_snippets/network-sec-tier-reqs.md
@@ -1,4 +1,4 @@
 The following requirements apply to the project where you want to apply a {{policy-type}} policy:
 
-* For Observability projects, requires the [Observability Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#observability-complete) feature tier.
-* For Security projects, requires the [Security Analytics Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#security-analytics-complete) feature tier.
\ No newline at end of file
+* For Observability projects, requires the [Observability Complete](/solutions/observability/observability-serverless-feature-tiers.md) feature tier.
+* For Security projects, requires the [Security Analytics Complete](/solutions/security/security-serverless-feature-tiers.md) feature tier.
\ No newline at end of file

From 1ffead18ff36373ad6244ebc3f80ee726ceb0a7e Mon Sep 17 00:00:00 2001
From: shainaraskas <shaina.raskas@elastic.co>
Date: Tue, 7 Apr 2026 10:45:09 -0400
Subject: [PATCH 5/8] bad links pt 2

---
 .../differences-from-other-elasticsearch-offerings.md         | 2 +-
 deploy-manage/security/ip-filtering.md                        | 4 ++--
 deploy-manage/security/private-connectivity.md                | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md b/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
index 262837ad13..fd223ac109 100644
--- a/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
+++ b/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
@@ -69,7 +69,7 @@ This table compares core identity, access, and platform capabilities between {{e
 | **Email service** | ✅ | ✅ | Preconfigured email connector available - [Learn more about limits and usage](/deploy-manage/deploy/elastic-cloud/tools-apis.md#elastic-cloud-email-service) |
 | **Hardware configuration** | Limited control | Managed | Hardware choices are managed by Elastic |
 | **High availability** | ✅ | ✅ | Automatic resilience |
-| **Network security** | IP filtering, private connectivity (VPCs, PrivateLink) | IP filtering, private connectivity (VPCs, PrivateLink) | Private connectivity for Serverless projects is currently supported in AWS regions only.<br><br>For Observability projects, requires [Observability Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#observability-complete).<br><br>For Security projects, requires [Security Analytics Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#security-analytics-complete).|
+| **Network security** | IP filtering, private connectivity (VPCs, PrivateLink) | IP filtering, private connectivity (VPCs, PrivateLink) | Private connectivity for Serverless projects is currently supported in AWS regions only.<br><br>For Observability projects, requires [Observability Complete](solutions/observability/observability-serverless-feature-tiers.md).<br><br>For Security projects, requires [Security Analytics Complete](solutions/security/security-serverless-feature-tiers.md).|
 | **[API keys](/deploy-manage/api-keys.md)** | ✅ | ✅ | Available across {{ech}} and Serverless using deployment/project and cloud API key types. |
 | **[Native realm authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/native.md)** | ✅ | ❌ | Only API key-based authentication is supported at the project level. User authentication, including SAML SSO, is managed at the [organization level](/deploy-manage/users-roles/cloud-organization.md). |
 | **Role-based access control** | ✅ | ✅ | In Serverless, RBAC is managed at organization level with optional project custom roles. |
diff --git a/deploy-manage/security/ip-filtering.md b/deploy-manage/security/ip-filtering.md
index 980c874a78..91ec4936ab 100644
--- a/deploy-manage/security/ip-filtering.md
+++ b/deploy-manage/security/ip-filtering.md
@@ -39,8 +39,8 @@ To learn how multiple IP filters are processed, and how IP filters and [private
 :::{note}
 {{serverless-short}} Observability and Security projects must belong to a specific feature tier to apply IP filter policies:
 
-* Observability: [Observability Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#observability-complete) 
-* Security: [Security Analytics Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#security-analytics-complete) 
+* Observability: [Observability Complete](solutions/observability/observability-serverless-feature-tiers.md) 
+* Security: [Security Analytics Complete](solutions/security/security-serverless-feature-tiers.md) 
 :::
 
 ## ECE
diff --git a/deploy-manage/security/private-connectivity.md b/deploy-manage/security/private-connectivity.md
index aaeb2ce6df..a9b8e4e165 100644
--- a/deploy-manage/security/private-connectivity.md
+++ b/deploy-manage/security/private-connectivity.md
@@ -15,8 +15,8 @@ Private connectivity is a secure way for your {{ecloud}} deployments and project
 :::{note}
 {{serverless-short}} Observability and Security projects must belong to a specific feature tier to apply private connection policies:
 
-* Observability: [Observability Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#observability-complete) 
-* Security: [Security Analytics Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md#security-analytics-complete) 
+* Observability: [Observability Complete](solutions/observability/observability-serverless-feature-tiers.md) 
+* Security: [Security Analytics Complete](solutions/security/security-serverless-feature-tiers.md) 
 :::
 
 :::{tip}

From 181e44887f05a9df18e1c8a8c37229178f2f59bf Mon Sep 17 00:00:00 2001
From: shainaraskas <shaina.raskas@elastic.co>
Date: Tue, 7 Apr 2026 10:46:22 -0400
Subject: [PATCH 6/8] bad links pt 3

---
 .../differences-from-other-elasticsearch-offerings.md         | 2 +-
 deploy-manage/security/ip-filtering.md                        | 4 ++--
 deploy-manage/security/private-connectivity.md                | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md b/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
index fd223ac109..8f371c3fb6 100644
--- a/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
+++ b/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
@@ -69,7 +69,7 @@ This table compares core identity, access, and platform capabilities between {{e
 | **Email service** | ✅ | ✅ | Preconfigured email connector available - [Learn more about limits and usage](/deploy-manage/deploy/elastic-cloud/tools-apis.md#elastic-cloud-email-service) |
 | **Hardware configuration** | Limited control | Managed | Hardware choices are managed by Elastic |
 | **High availability** | ✅ | ✅ | Automatic resilience |
-| **Network security** | IP filtering, private connectivity (VPCs, PrivateLink) | IP filtering, private connectivity (VPCs, PrivateLink) | Private connectivity for Serverless projects is currently supported in AWS regions only.<br><br>For Observability projects, requires [Observability Complete](solutions/observability/observability-serverless-feature-tiers.md).<br><br>For Security projects, requires [Security Analytics Complete](solutions/security/security-serverless-feature-tiers.md).|
+| **Network security** | IP filtering, private connectivity (VPCs, PrivateLink) | IP filtering, private connectivity (VPCs, PrivateLink) | Private connectivity for Serverless projects is currently supported in AWS regions only.<br><br>For Observability projects, requires [Observability Complete](/solutions/observability/observability-serverless-feature-tiers.md).<br><br>For Security projects, requires [Security Analytics Complete](/solutions/security/security-serverless-feature-tiers.md) .|
 | **[API keys](/deploy-manage/api-keys.md)** | ✅ | ✅ | Available across {{ech}} and Serverless using deployment/project and cloud API key types. |
 | **[Native realm authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/native.md)** | ✅ | ❌ | Only API key-based authentication is supported at the project level. User authentication, including SAML SSO, is managed at the [organization level](/deploy-manage/users-roles/cloud-organization.md). |
 | **Role-based access control** | ✅ | ✅ | In Serverless, RBAC is managed at organization level with optional project custom roles. |
diff --git a/deploy-manage/security/ip-filtering.md b/deploy-manage/security/ip-filtering.md
index 91ec4936ab..48c79cfd66 100644
--- a/deploy-manage/security/ip-filtering.md
+++ b/deploy-manage/security/ip-filtering.md
@@ -39,8 +39,8 @@ To learn how multiple IP filters are processed, and how IP filters and [private
 :::{note}
 {{serverless-short}} Observability and Security projects must belong to a specific feature tier to apply IP filter policies:
 
-* Observability: [Observability Complete](solutions/observability/observability-serverless-feature-tiers.md) 
-* Security: [Security Analytics Complete](solutions/security/security-serverless-feature-tiers.md) 
+* Observability: [Observability Complete](/solutions/observability/observability-serverless-feature-tiers.md) 
+* Security: [Security Analytics Complete](/solutions/security/security-serverless-feature-tiers.md)  
 :::
 
 ## ECE
diff --git a/deploy-manage/security/private-connectivity.md b/deploy-manage/security/private-connectivity.md
index a9b8e4e165..42bf63d1df 100644
--- a/deploy-manage/security/private-connectivity.md
+++ b/deploy-manage/security/private-connectivity.md
@@ -15,8 +15,8 @@ Private connectivity is a secure way for your {{ecloud}} deployments and project
 :::{note}
 {{serverless-short}} Observability and Security projects must belong to a specific feature tier to apply private connection policies:
 
-* Observability: [Observability Complete](solutions/observability/observability-serverless-feature-tiers.md) 
-* Security: [Security Analytics Complete](solutions/security/security-serverless-feature-tiers.md) 
+* Observability: [Observability Complete](/solutions/observability/observability-serverless-feature-tiers.md) 
+* Security: [Security Analytics Complete](/solutions/security/security-serverless-feature-tiers.md)  
 :::
 
 :::{tip}

From 007b4c299a39fa9ae21c1b4141cef7d2e0d2cfb2 Mon Sep 17 00:00:00 2001
From: shainaraskas <58563081+shainaraskas@users.noreply.github.com>
Date: Wed, 8 Apr 2026 11:15:54 -0400
Subject: [PATCH 7/8] Update
 deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md

---
 .../differences-from-other-elasticsearch-offerings.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md b/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
index 8f371c3fb6..4cf496c4b3 100644
--- a/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
+++ b/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
@@ -69,7 +69,7 @@ This table compares core identity, access, and platform capabilities between {{e
 | **Email service** | ✅ | ✅ | Preconfigured email connector available - [Learn more about limits and usage](/deploy-manage/deploy/elastic-cloud/tools-apis.md#elastic-cloud-email-service) |
 | **Hardware configuration** | Limited control | Managed | Hardware choices are managed by Elastic |
 | **High availability** | ✅ | ✅ | Automatic resilience |
-| **Network security** | IP filtering, private connectivity (VPCs, PrivateLink) | IP filtering, private connectivity (VPCs, PrivateLink) | Private connectivity for Serverless projects is currently supported in AWS regions only.<br><br>For Observability projects, requires [Observability Complete](/solutions/observability/observability-serverless-feature-tiers.md).<br><br>For Security projects, requires [Security Analytics Complete](/solutions/security/security-serverless-feature-tiers.md) .|
+| **Network security** | IP filtering, private connectivity (VPCs, PrivateLink) | IP filtering, private connectivity (VPCs, PrivateLink) | Private connectivity for Serverless projects is currently supported in AWS regions only.<br><br>For Observability projects, requires [Observability Complete](/solutions/observability/observability-serverless-feature-tiers.md).<br><br>For Security projects, requires [Security Analytics Complete](/solutions/security/security-serverless-feature-tiers.md).|
 | **[API keys](/deploy-manage/api-keys.md)** | ✅ | ✅ | Available across {{ech}} and Serverless using deployment/project and cloud API key types. |
 | **[Native realm authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/native.md)** | ✅ | ❌ | Only API key-based authentication is supported at the project level. User authentication, including SAML SSO, is managed at the [organization level](/deploy-manage/users-roles/cloud-organization.md). |
 | **Role-based access control** | ✅ | ✅ | In Serverless, RBAC is managed at organization level with optional project custom roles. |

From 1517e5b99e6ed92615640621447f405040ec1558 Mon Sep 17 00:00:00 2001
From: shainaraskas <shaina.raskas@elastic.co>
Date: Thu, 9 Apr 2026 09:53:08 -0400
Subject: [PATCH 8/8] grammar

---
 deploy-manage/security/_snippets/network-sec-tier-reqs.md | 2 --
 deploy-manage/security/ip-filtering-cloud.md              | 1 +
 deploy-manage/security/network-security-api.md            | 2 ++
 deploy-manage/security/private-connectivity-aws.md        | 2 ++
 4 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/deploy-manage/security/_snippets/network-sec-tier-reqs.md b/deploy-manage/security/_snippets/network-sec-tier-reqs.md
index 18110e5654..bc51c6a8c4 100644
--- a/deploy-manage/security/_snippets/network-sec-tier-reqs.md
+++ b/deploy-manage/security/_snippets/network-sec-tier-reqs.md
@@ -1,4 +1,2 @@
-The following requirements apply to the project where you want to apply a {{policy-type}} policy:
-
 * For Observability projects, requires the [Observability Complete](/solutions/observability/observability-serverless-feature-tiers.md) feature tier.
 * For Security projects, requires the [Security Analytics Complete](/solutions/security/security-serverless-feature-tiers.md) feature tier.
\ No newline at end of file
diff --git a/deploy-manage/security/ip-filtering-cloud.md b/deploy-manage/security/ip-filtering-cloud.md
index 12f95ae7aa..24eb53a258 100644
--- a/deploy-manage/security/ip-filtering-cloud.md
+++ b/deploy-manage/security/ip-filtering-cloud.md
@@ -40,6 +40,7 @@ To learn how to create IP filters for self-managed clusters or {{eck}} deploymen
 ```{applies_to}
 serverless:
 ```
+The following requirements apply to the project where you want to apply an IP filter policy:
 
 :::{include} _snippets/network-sec-tier-reqs.md
 :::
diff --git a/deploy-manage/security/network-security-api.md b/deploy-manage/security/network-security-api.md
index 3f209a69d1..9cce32d49c 100644
--- a/deploy-manage/security/network-security-api.md
+++ b/deploy-manage/security/network-security-api.md
@@ -52,6 +52,8 @@ Policies in {{ecloud}} are the equivalent of rule sets in {{ece}} and the {{eclo
 serverless:
 ```
 
+The following requirements apply to the project where you want to apply a network security policy:
+
 :::{include} _snippets/network-sec-tier-reqs.md
 :::
 
diff --git a/deploy-manage/security/private-connectivity-aws.md b/deploy-manage/security/private-connectivity-aws.md
index 5ad6be5ebb..a1d0008eaf 100644
--- a/deploy-manage/security/private-connectivity-aws.md
+++ b/deploy-manage/security/private-connectivity-aws.md
@@ -36,6 +36,8 @@ To learn how private connection policies impact your deployment or project, refe
 serverless:
 ```
 
+The following requirements apply to the project where you want to apply a private connection policy:
+
 :::{include} _snippets/network-sec-tier-reqs.md
 :::