Merge pull request #248826 from terencefan/tefa/entra-id-rebrand-signalr

Rebrand AAD to Microsoft Entra ID

Author: ttorble

articles/azure-signalr/TOC.yml

@@ -85,9 +85,9 @@
     href: signalr-concept-performance.md
   - name: Authentication
     href: signalr-concept-authenticate-oauth.md
-  - name: Authorization with Azure AD
+  - name: Authorization with Microsoft Entra ID
     items:
-      - name: Overview of Azure AD for Azure SignalR Service
+      - name: Overview of Microsoft Entra ID for Azure SignalR Service
         href: signalr-concept-authorize-azure-active-directory.md
   - name: Event handling
     href: signalr-concept-event-grid-integration.md

articles/azure-signalr/concept-connection-string.md

@@ -53,18 +53,18 @@ The local auth method is used when `AuthType` is set to null.
 | --------- | ---------------------------------------------------------- | -------- | ------------- | ---------------------------------------- |
 | AccessKey | The key string in base64 format for building access token. | Y        | null          | ABCDEFGHIJKLMNOPQRSTUVWEXYZ0123456789+=/ |
 
-### Use Azure Active Directory
+### Use Microsoft Entra ID
 
-The Azure AD auth method is used when `AuthType` is set to `azure`, `azure.app` or `azure.msi`.
+The Microsoft Entra ID auth method is used when `AuthType` is set to `azure`, `azure.app` or `azure.msi`.
 
 | Key            | Description                                                                             | Required | Default value | Example value                              |
 | -------------- | --------------------------------------------------------------------------------------- | -------- | ------------- | ------------------------------------------ |
 | ClientId       | A GUID of an Azure application or an Azure identity.                                    | N        | null          | `00000000-0000-0000-0000-000000000000`     |
-| TenantId       | A GUID of an organization in Azure Active Directory.                                    | N        | null          | `00000000-0000-0000-0000-000000000000`     |
+| TenantId       | A GUID of an organization in Microsoft Entra ID.                                        | N        | null          | `00000000-0000-0000-0000-000000000000`     |
 | ClientSecret   | The password of an Azure application instance.                                          | N        | null          | `***********************.****************` |
 | ClientCertPath | The absolute path of a client certificate (cert) file to an Azure application instance. | N        | null          | `/usr/local/cert/app.cert`                 |
 
-A different `TokenCredential` is used to generate Azure AD tokens depending on the parameters you have given.
+A different `TokenCredential` is used to generate Microsoft Entra tokens depending on the parameters you have given.
 
 - `type=azure`
 
@@ -78,7 +78,7 @@ A different `TokenCredential` is used to generate Azure AD tokens depending on t
 
   1. A user-assigned managed identity is used if `clientId` has been given in connection string.
 
-     ```
+     ```text
      Endpoint=xxx;AuthType=azure.msi;ClientId=<client_id>
      ```
 
@@ -94,7 +94,7 @@ A different `TokenCredential` is used to generate Azure AD tokens depending on t
 
 - `type=azure.app`
 
-  `clientId` and `tenantId` are required to use [Azure AD application with service principal](../active-directory/develop/howto-create-service-principal-portal.md).
+  `clientId` and `tenantId` are required to use [Microsoft Entra application with service principal](../active-directory/develop/howto-create-service-principal-portal.md).
 
   1. [ClientSecretCredential(clientId, tenantId, clientSecret)](/dotnet/api/azure.identity.clientsecretcredential) is used if `clientSecret` is given.
 
@@ -126,17 +126,17 @@ You can also use Azure CLI to get the connection string:
 az signalr key list -g <resource_group> -n <resource_name>
 ```
 
-## Connect with an Azure AD application
+## Connect with a Microsoft Entra application
 
-You can use an [Azure AD application](../active-directory/develop/app-objects-and-service-principals.md) to connect to your SignalR service. As long as the application has the right permission to access SignalR service, no access key is needed.
+You can use a [Microsoft Entra application](../active-directory/develop/app-objects-and-service-principals.md) to connect to your SignalR service. As long as the application has the right permission to access SignalR service, no access key is needed.
 
-To use Azure AD authentication, you need to remove `AccessKey` from connection string and add `AuthType=azure.app`. You also need to specify the credentials of your Azure AD application, including client ID, client secret and tenant ID. The connection string looks as follows:
+To use Microsoft Entra authentication, you need to remove `AccessKey` from connection string and add `AuthType=azure.app`. You also need to specify the credentials of your Microsoft Entra application, including client ID, client secret and tenant ID. The connection string looks as follows:
 
 ```text
 Endpoint=https://<resource_name>.service.signalr.net;AuthType=azure.app;ClientId=<client_id>;ClientSecret=<client_secret>;TenantId=<tenant_id>;Version=1.0;
 ```
 
-For more information about how to authenticate using Azure AD application, see [Authorize from Azure Applications](signalr-howto-authorize-application.md).
+For more information about how to authenticate using Microsoft Entra application, see [Authorize from Azure Applications](signalr-howto-authorize-application.md).
 
 ## Authenticate with Managed identity
 
@@ -163,16 +163,16 @@ For more information about how to configure managed identity, see [Authorize fro
 
 ### Use the connection string generator
 
-It may be cumbersome and error-prone to build connection strings manually. To avoid making mistakes, SignalR provides a connection string generator to help you generate a connection string that includes Azure AD identities like `clientId`, `tenantId`, etc. To use the tool open your SignalR instance in Azure portal, select **Connection strings** from the left side menu.
+It may be cumbersome and error-prone to build connection strings manually. To avoid making mistakes, SignalR provides a connection string generator to help you generate a connection string that includes Microsoft Entra identities like `clientId`, `tenantId`, etc. To use the tool open your SignalR instance in Azure portal, select **Connection strings** from the left side menu.
 
 :::image type="content" source="media/concept-connection-string/generator.png" alt-text="Screenshot showing connection string generator of SignalR service in Azure portal.":::
 
-In this page you can choose different authentication types (access key, managed identity or Azure AD application) and input information like client endpoint, client ID, client secret, etc. Then connection string is automatically generated. You can copy and use it in your application.
+In this page you can choose different authentication types (access key, managed identity or Microsoft Entra application) and input information like client endpoint, client ID, client secret, etc. Then connection string is automatically generated. You can copy and use it in your application.
 
 > [!NOTE]
 > Information you enter won't be saved after you leave the page. You will need to copy and save your connection string to use in your application.
 
-For more information about how access tokens are generated and validated, see [Authenticate via Azure Active Directory Token](signalr-reference-data-plane-rest-api.md#authenticate-via-azure-active-directory-token-azure-ad-token) in [Azure SignalR service data plane REST API reference](signalr-reference-data-plane-rest-api.md) .
+For more information about how access tokens are generated and validated, see [Authenticate via Microsoft Entra token](signalr-reference-data-plane-rest-api.md#authenticate-via-microsoft-entra-token) in [Azure SignalR service data plane REST API reference](signalr-reference-data-plane-rest-api.md) .
 
 ## Client and server endpoints
 

articles/azure-signalr/howto-disable-local-auth.md

@@ -1,6 +1,6 @@
 ---
 title: Disable local (access key) authentication with Azure SignalR Service
-description: This article provides information about how to disable access key authentication and use only Azure AD authentication with Azure SignalR Service.
+description: This article provides information about how to disable access key authentication and use only Microsoft Entra authorization with Azure SignalR Service.
 author: terencefan
 
 ms.author: tefa
@@ -12,13 +12,15 @@ ms.topic: conceptual
 
 # Disable local (access key) authentication with Azure SignalR Service
 
-There are two ways to authenticate to Azure SignalR Service resources: Azure Active Directory (Azure AD) and Access Key. Azure AD provides superior security and ease of use over access key. With Azure AD, there’s no need to store the tokens in your code and risk potential security vulnerabilities. We recommend that you use Azure AD with your Azure SignalR Service resources when possible.
+There are two ways to authenticate to Azure SignalR Service resources: Microsoft Entra ID and Access Key. Microsoft Entra ID offers superior security and ease of use compared to the access key method. 
+With Microsoft Entra ID, you do not need to store tokens in your code, reducing the risk of potential security vulnerabilities.
+We highly recommend using Microsoft Entra ID for your Azure SignalR Service resources whenever possible.
 
 > [!IMPORTANT]
-> Disabling local authentication can have following influences.
+> Disabling local authentication can have following consequences.
 >
 > - The current set of access keys will be permanently deleted.
-> - Tokens signed with current set of access keys will become unavailable.
+> - Tokens signed with the current set of access keys will become unavailable.
 
 ## Use Azure portal
 
@@ -116,6 +118,6 @@ You can assign the [Azure SignalR Service should have local authentication metho
 
 See the following docs to learn about authentication methods.
 
-- [Overview of Azure AD for SignalR](signalr-concept-authorize-azure-active-directory.md)
+- [Overview of Microsoft Entra ID for SignalR](signalr-concept-authorize-azure-active-directory.md)
 - [Authenticate with Azure applications](./signalr-howto-authorize-application.md)
 - [Authenticate with managed identities](./signalr-howto-authorize-managed-identity.md)

articles/azure-signalr/howto-use-managed-identity.md

@@ -10,7 +10,7 @@ ms.author: lianwei
 
 # Managed identities for Azure SignalR Service
 
-In Azure SignalR Service, you can use a managed identity from Azure Active Directory to:
+In Azure SignalR Service, you can use a managed identity from Microsoft Entra ID to:
 
 - Obtain access tokens
 - Access secrets in Azure Key Vault
@@ -92,9 +92,9 @@ The token in the `Authorization` header is a [Microsoft identity platform access
 
 To validate access tokens, your app should also validate the audience and the signing tokens. These tokens need to be validated against the values in the OpenID discovery document. For example, see the [tenant-independent version of the document](https://login.microsoftonline.com/common/.well-known/openid-configuration).
 
-The Azure Active Directory (Azure AD) middleware has built-in capabilities for validating access tokens. You can browse through our [samples](../active-directory/develop/sample-v2-code.md) to find one in the language of your choice.
+The Microsoft Entra ID middleware has built-in capabilities for validating access tokens. You can browse through our [samples](../active-directory/develop/sample-v2-code.md) to find one in the language of your choice.
 
-Libraries and code samples that show how to handle token validation are available. There are also several open-source partner libraries available for JSON Web Token (JWT) validation. There's at least one option for almost every platform and language. For more information about Azure AD authentication libraries and code samples, see [Microsoft identity platform authentication libraries](../active-directory/develop/reference-v2-libraries.md).
+Libraries and code samples that show how to handle token validation are available. There are also several open-source partner libraries available for JSON Web Token (JWT) validation. There's at least one option for almost every platform and language. For more information about Microsoft Entra authentication libraries and code samples, see [Microsoft identity platform authentication libraries](../active-directory/develop/reference-v2-libraries.md).
 
 #### Authentication in Function App
 
@@ -104,9 +104,9 @@ You can easily set access validation for a Function App without code changes usi
 1. Select **Authentication** from the menu.
 1. Select **Add identity provider**.
 1. In the **Basics** tab, select **Microsoft** from the **Identity provider** dropdown.
-1. Select **Log in with Azure Active Directory** in **Action to take when request is not authenticated**.
-1. Select **Microsoft** in the identity provider dropdown. The option to create a new registration is selected by default. You can change the name of the registration. For more information on enabling Azure AD provider, see [Configure your App Service or Azure Functions app to use Azure AD login](../app-service/configure-authentication-provider-aad.md)
-   :::image type="content" source="media/signalr-howto-use-managed-identity/function-aad.png" alt-text="Screenshot showing Function Add.":::
+1. Select **Log in with Microsoft Entra ID** in **Action to take when request is not authenticated**.
+1. Select **Microsoft** in the identity provider dropdown. The option to create a new registration is selected by default. You can change the name of the registration. For more information on enabling Microsoft Entra ID provider, see [Configure your App Service or Azure Functions app to login with Microsoft Entra ID](../app-service/configure-authentication-provider-aad.md)
+   :::image type="content" source="media/signalr-howto-use-managed-identity/function-aad.png" alt-text="Function Microsoft Entra ID":::
 1. Navigate to SignalR Service and follow the [steps](howto-use-managed-identity.md#add-a-system-assigned-identity) to add a system-assigned identity or user-assigned identity.
 1. go to **Upstream settings** in SignalR Service and choose **Use Managed Identity** and **Select from existing Applications**. Select the application you created previously.