Merge pull request #180595 from stevemunk/SM-Update-azure-maps-authentication

Update azure-maps-authentication.md

Author: PRMerger5

articles/azure-maps/azure-maps-authentication.md

@@ -2,13 +2,12 @@
 title: Authentication with Microsoft Azure Maps
 titleSuffix: Azure Maps
 description: "Learn about two ways of authenticating requests in Azure Maps: shared key authentication and Azure Active Directory (Azure AD) authentication."
-author: anastasia-ms
-ms.author: v-stharr
+author: stevemunk
+ms.author: v-munksteve
 ms.date: 05/25/2021
 ms.topic: conceptual
 ms.service: azure-maps
 services: azure-maps
-
 ms.custom: mvc
 ---
 
@@ -21,7 +20,13 @@ Azure Maps supports two ways to authenticate requests: Shared Key authentication
 
 ## Shared Key authentication
 
- Primary and secondary keys are generated after the Azure Maps account is created. You're encouraged to use the primary key as the subscription key when calling Azure Maps with shared key authentication. Shared Key authentication passes a key generated by an Azure Maps account to an Azure Maps service. For each request to Azure Maps services, add the *subscription key* as a parameter to the URL. The secondary key can be used in scenarios like rolling key changes.  
+ Primary and secondary keys are generated after the Azure Maps account is created. You're encouraged to use the primary key as the subscription key when calling Azure Maps with shared key authentication. Shared Key authentication passes a key generated by an Azure Maps account to an Azure Maps service. For each request to Azure Maps services, add the *subscription key* as a parameter to the URL. The secondary key can be used in scenarios like rolling key changes.
+
+Example using the *subscription key* as a parameter in your URL:
+
+```http
+https://atlas.microsoft.com/mapData/upload?api-version=1.0&dataFormat=zip&subscription-key={Azure-Maps-Primary-Subscription-key}
+```  
 
 For information about viewing your keys in the Azure portal, see [Manage authentication](./how-to-manage-authentication.md#view-authentication-details).
 
@@ -91,7 +96,7 @@ The following role definition types exist to support application scenarios.
 | Azure Maps Data Contributor | Provides access to mutable Azure Maps REST APIs. Mutability is defined by the actions: write and delete. |
 | Custom Role Definition      | Create a crafted role to enable flexible restricted access to Azure Maps REST APIs.                      |
 
-Some Azure Maps services may require elevated privileges to perform write or delete actions on Azure Maps REST APIs. Azure Maps Data Contributor role is required for services which provide write or delete actions. The following table describes which services Azure Maps Data Contributor is applicable for when using write or delete actions on the given service. If only read actions are used on the service, then Azure Maps Data Reader can be used instead of Azure Maps Data Contributor.
+Some Azure Maps services may require elevated privileges to perform write or delete actions on Azure Maps REST APIs. Azure Maps Data Contributor role is required for services, which provide write or delete actions. The following table describes what services Azure Maps Data Contributor is applicable when using write or delete actions. When only read actions are required, the Azure Maps Data Reader role can be used in place of the Azure Maps Data Contributor role.
 
 | Azure Maps Service | Azure Maps Role Definition  |
 | :----------------- | :-------------------------- |
@@ -103,7 +108,7 @@ For information about viewing your Azure RBAC settings, see [How to configure Az
 
 #### Custom role definitions
 
-One aspect of application security is to apply the principle of least privilege. This principle implies that the security principal should only be allowed the access which is required, and have no additional access. Creating custom role definitions can support use cases which require further granularity to access control. To create a custom role definition, you can select specific data actions to include or exclude for the definition.
+One aspect of application security is the principle of least privilege, the practice of limiting access rights to only those needed to do the job at hand. To accomplish this, create custom role definitions that support use cases, which require further granularity to access control. To create a custom role definition, select specific data actions to include or exclude for the definition.
 
 The custom role definition can then be used in a role assignment for any security principal. To learn more about Azure custom role definitions, see [Azure custom roles](../role-based-access-control/custom-roles.md).
 
@@ -112,9 +117,9 @@ Here are some example scenarios where custom roles can improve application secur
 | Scenario                                                                                                                                                                                                                 | Custom Role Data Action(s)                                                                                                                  |
 | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------ |
 | A public facing or interactive sign-in web page with base map tiles and no other REST APIs.                                                                                                                              | `Microsoft.Maps/accounts/services/render/read`                                                                                              |
-| An application which only requires reverse geocoding and no other REST APIs.                                                                                                                                             | `Microsoft.Maps/accounts/services/search/read`                                                                                              |
-| A role for a security principal which requests reading of Azure Maps Creator based map data and base map tile REST APIs.                                                                                                 | `Microsoft.Maps/accounts/services/data/read`, `Microsoft.Maps/accounts/services/render/read`                                                |
-| A role for a security principal which requires reading, writing, and deleting of Creator based map data. This can be defined as a map data editor role but does not allow access to other REST APIs like base map tiles. | `Microsoft.Maps/accounts/services/data/read`, `Microsoft.Maps/accounts/services/data/write`, `Microsoft.Maps/accounts/services/data/delete` |
+| An application, which only requires reverse geocoding and no other REST APIs.                                                                                                                                             | `Microsoft.Maps/accounts/services/search/read`                                                                                              |
+| A role for a security principal, which requests reading of Azure Maps Creator based map data and base map tile REST APIs.                                                                                                 | `Microsoft.Maps/accounts/services/data/read`, `Microsoft.Maps/accounts/services/render/read`                                                |
+| A role for a security principal, which requires reading, writing, and deleting of Creator based map data. This can be defined as a map data editor role, but does not allow access to other REST APIs like base map tiles. | `Microsoft.Maps/accounts/services/data/read`, `Microsoft.Maps/accounts/services/data/write`, `Microsoft.Maps/accounts/services/data/delete` |
 
 ### Understanding scope