Add a note for trusted service

Author: lrtoyou1223

articles/data-factory/create-self-hosted-integration-runtime.md

@@ -463,7 +463,7 @@ For some cloud databases, such as Azure SQL Database and Azure Data Lake, you mi
 
 
 
-### Self-contained interactive authoring (preview)
+### Self-contained interactive authoring
 In order to perform interactive authoring actions such as data preview and connection testing, the self-hosted integration runtime requires a connection to Azure Relay. If the connection isn't established, there are two possible solutions to ensure uninterrupted functionality. The first option is to add the Azure Relay endpoints to your firewall's allowlist [Get URL of Azure Relay](#get-url-of-azure-relay). Alternatively, you can enable self-contained interactive authoring.
 
 > [!NOTE]

articles/data-factory/data-access-strategies.md

@@ -31,7 +31,22 @@ This should work in many scenarios, and we do understand that a unique Static IP
 ## Data access strategies through Azure Data Factory
 
 * **[Private Link](../private-link/private-link-overview.md)** - You can create an Azure Integration Runtime within Azure Data Factory Managed Virtual Network and it will leverage private endpoints to securely connect to supported data stores. Traffic between Managed Virtual Network and data sources travels the Microsoft backbone network and is not exposed to the public network.
-* **[Trusted Service](../storage/common/storage-network-security.md#exceptions)** - Azure Storage (Blob, ADLS Gen2) supports firewall configuration that enables select trusted Azure platform services to access the storage account securely. Trusted Services enforces Managed Identity authentication, which ensures no other data factory can connect to this storage unless approved to do so using it's managed identity. You can find more details in **[this blog](https://techcommunity.microsoft.com/t5/azure-data-factory/data-factory-is-now-a-trusted-service-in-azure-storage-and-azure/ba-p/964993)**. Hence, this is extremely secure and recommended.
+* **[Trusted Service](../storage/common/storage-network-security.md#exceptions)** - Azure Storage (Blob, ADLS Gen2) supports firewall configuration that enables select trusted Azure platform services to access the storage account securely. Trusted Services enforces Managed Identity authentication, which ensures no other data factory can connect to this storage unless approved to do so using it's managed identity. 
+<!-- You can find more details in **[this blog](https://techcommunity.microsoft.com/t5/azure-data-factory/data-factory-is-now-a-trusted-service-in-azure-storage-and-azure/ba-p/964993)**. Hence, this is extremely secure and recommended. -->
+
+> [!NOTE]
+> Below scenarios are not in the trusted services list:
+> 1. Using a self-hosted integration runtime or SSIS integration runtime
+> 2. Using any of the following activity types:
+     >     - Webhook
+     >     - Custom
+     >     - Azure Function
+> 3. Using any of the following connectors:
+     >     - AzureBatch
+     >     - AzureFunction
+     >     - AzureFile
+     >     - OData
+
 * **Unique Static IP** - You will need to set up a self-hosted integration runtime to get a Static IP for Data Factory connectors. This mechanism ensures you can block access from all other IP addresses.
 * **[Static IP range](./azure-integration-runtime-ip-addresses.md)** - You can use Azure Integration Runtime's IP addresses to allow list it in your storage (say S3, Salesforce, etc.). It certainly restricts IP addresses that can connect to the data stores but also relies on Authentication/ Authorization rules.
 * **[Service Tag](../virtual-network/service-tags-overview.md)** - A service tag represents a group of IP address prefixes from a given Azure service (like Azure Data Factory). Microsoft manages the address prefixes encompassed by the service tag and automatically updates the service tag as addresses change, minimizing the complexity of frequent updates to network security rules. It is useful when filtering data access on IaaS hosted data stores in Virtual Network.
@@ -67,13 +82,14 @@ For more information about supported network security mechanisms on data stores
     |                                | Azure Data Lake Gen1                                          | Yes       | -                   |
     |                                | Azure Database for   MariaDB, MySQL, PostgreSQL               | Yes       | -                   |
     |                                | Azure Files                                            | Yes       | -                   |
-    |                                | Azure Blob storage and ADLS Gen2                             | Yes       | Yes (MSI auth only) |
+    |                                | Azure Blob storage and ADLS Gen2                             | Yes       | - |
     |                                | Azure SQL DB, Azure Synapse Analytics), SQL   Ml          | Yes       | -                   |
-    |                                | Azure Key Vault (for   fetching secrets/   connection string) | Yes       | Yes                 |
+    |                                | Azure Key Vault (for   fetching secrets/   connection string) | Yes       | -                 |
     | Other PaaS/   SaaS Data stores | AWS   S3, SalesForce, Google Cloud Storage, etc.              | Yes       | -                   |
     | Azure laaS                     | SQL Server,   Oracle,   etc.                                  | Yes       | -                   |
     | On-premise   laaS              | SQL Server,   Oracle,   etc.                                  | Yes       | -                   |
 
+
 ## Related content
 
 For more information, see the following related articles: