edits

Author: ktoliver

articles/app-service/app-service-configuration-references.md

@@ -1,6 +1,6 @@
 ---
 title: Use App Configuration References
-description: Learn how to set up Azure App Service and Azure Functions to use Azure App Configuration references. Make App Configuration key-value pairs available to your application code without changing it.
+description: Learn how to set up Azure App Service and Azure Functions to use Azure App Configuration references. Make App Configuration key/value pairs available to your application code without changing it.
 author: muksvso
 
 ms.topic: how-to
@@ -15,7 +15,7 @@ This article shows you how to work with configuration data in your Azure App Ser
 
 ## Grant app access to App Configuration
 
-To get started with using App Configuration references in App Service, first you create an App Configuration store. Then, you grant permissions to your app to access the configuration key-value pairs that are in the store.
+To get started with using App Configuration references in App Service, first you create an App Configuration store. Then, you grant permissions to your app to access the configuration key/value pairs that are in the store.
 
 1. To create an App Configuration store, complete the [App Configuration quickstart](../azure-app-configuration/quickstart-azure-app-configuration-create.md).
 
@@ -45,10 +45,10 @@ This configuration applies to all references from this app.
 
 ## Grant your app access to referenced key vaults
 
-In addition to storing raw configuration values, Azure App Configuration has its own format for storing [key vault references][app-config-key-vault-references]. If the value of an App Configuration reference is a key vault reference in the App Configuration store, your app also must have permissions to access the key vault that is specified in the reference.
+In addition to storing raw configuration values, Azure App Configuration has its own format for storing [Azure Key Vault references][app-config-key-vault-references]. If the value of an App Configuration reference is a Key Vault reference in the App Configuration store, your app also must have permissions to access the key vault that is specified in the reference.
 
 > [!NOTE]
-> The [App Configuration key vault references concept][app-config-key-vault-references] shouldn't be confused with [the App Service and Azure Functions key vault references concept][app-service-key-vault-references]. Your app can use any combination of these references, but there are some important differences. If your vault needs to be network restricted or if you need the app to periodically update to latest versions, consider using the App Service and Azure Functions direct approach instead of using an App Configuration reference.
+> The [App Configuration Key Vault references concept][app-config-key-vault-references] shouldn't be confused with [the App Service and Azure Functions Key Vault references concept][app-service-key-vault-references]. Your app can use any combination of these references, but there are some important differences. If your vault needs to be network restricted or if you need the app to periodically update to latest versions, consider using the App Service and Azure Functions direct approach instead of using an App Configuration reference.
 
 [app-config-key-vault-references]: ../azure-app-configuration/use-key-vault-references-dotnet-core.md
 [app-service-key-vault-references]: app-service-key-vault-references.md
@@ -81,14 +81,14 @@ Here's an example that doesn't include `Label`:
 @Microsoft.AppConfiguration(Endpoint=https://myAppConfigStore.azconfig.io; Key=myAppConfigKey)​
 ```
 
-Any configuration change to the app that results in a site restart causes an immediate refetch of all referenced key-value pairs from the App Configuration store.
+Any configuration change to the app that results in a site restart causes an immediate refetch of all referenced key/value pairs from the App Configuration store.
 
 > [!NOTE]
-> Automatic refresh and refetch of these values when the key-value pairs are updated in App Configuration currently isn't supported.
+> Automatic refresh and refetch of these values when the key/value pairs are updated in App Configuration currently isn't supported.
 
 ## Source application settings from App Configuration
 
-You can use App Configuration references as values for [application settings](configure-common.md#configure-app-settings), so you can keep configuration data in App Configuration instead of in the site configuration settings. Application settings and App Configuration key-value pairs both are securely encrypted at rest. If you need centralized configuration management capabilities, add configuration data to App Configuration.
+You can use App Configuration references as values for [application settings](configure-common.md#configure-app-settings), so you can keep configuration data in App Configuration instead of in the site configuration settings. Application settings and App Configuration key/value pairs both are securely encrypted at rest. If you need centralized configuration management capabilities, add configuration data to App Configuration.
 
 To use an App Configuration reference for an [app setting](configure-common.md#configure-app-settings), set the reference as the value of the setting. Your app can reference the Configuration value through its key as usual. No code changes are required.
 
@@ -241,7 +241,7 @@ Here's a demonstration template for a function app that has App Configuration re
 
 If a reference isn't resolved properly, the reference value is used instead. For an application setting in this scenario, an environment variable that uses the syntax `@Microsoft.AppConfiguration(...)` is created. The reference might cause an error because the application was expecting a configuration value.
 
-This error most commonly is the result of a misconfiguration of the [App Configuration access policy](#grant-app-access-to-app-configuration). But it also might occur if there's a syntax error in the reference or if the configuration key-value pair doesn't exist in the store.
+This error most commonly is the result of a misconfiguration of the [App Configuration access policy](#grant-app-access-to-app-configuration). But it also might occur if there's a syntax error in the reference or if the configuration key/value pair doesn't exist in the store.
 
 ## Related content
 

articles/app-service/app-service-web-configure-tls-mutual-auth.md

@@ -1,5 +1,6 @@
 ---
 title: Set Up TLS Mutual Authentication
+titleSuffix: Azure App Service
 description: Learn how to set up TLS mutual authentication in Azure App Service to help secure two-way communication between client and server.
 keywords: TLS mutual authentication, Azure App Service security, secure client-server communication
 author: msangapu-msft
@@ -32,7 +33,7 @@ When you enable client certificates for your app, you should select your choice
 
 ### [Azure portal](#tab/azureportal)
 
-To set up your app to require client certificates in the Azure portal:
+To use the Azure portal to set up your app to require client certificates:
 
 1. Go to your app management page.
 1. On the left menu, select **Configuration** > **General Settings**.
@@ -41,15 +42,17 @@ To set up your app to require client certificates in the Azure portal:
 
 ### [Azure CLI](#tab/azurecli)
 
-With the Azure CLI, run the following command in the [Cloud Shell](https://shell.azure.com):
+To use the Azure CLI, run the following command in the [Cloud Shell](https://shell.azure.com):
 
 ```azurecli-interactive
 az webapp update --set clientCertEnabled=true --name <app-name> --resource-group <group-name>
 ```
 
 ### [Bicep](#tab/bicep)
 
-For Bicep, modify the properties `clientCertEnabled`, `clientCertMode`, and `clientCertExclusionPaths`. A sample Bicep snippet is provided for you:
+For Bicep, modify the `clientCertEnabled`, `clientCertMode`, and `clientCertExclusionPaths` properties.
+
+Here's a sample Bicep snippet:
 
 ```bicep
 resource appService 'Microsoft.Web/sites@2020-06-01' = {
@@ -70,9 +73,11 @@ resource appService 'Microsoft.Web/sites@2020-06-01' = {
 
 ### [ARM template](#tab/arm)
 
-For Azure Resource Manager templates (ARM templates), modify the properties `clientCertEnabled`, `clientCertMode`, and `clientCertExclusionPaths`. A sample ARM template snippet is provided for you:
+For Azure Resource Manager templates (ARM templates), modify the `clientCertEnabled`, `clientCertMode`, and `clientCertExclusionPaths` properties.
+
+Here's a sample ARM template snippet:
 
-```ARM
+```json
 {
     "type": "Microsoft.Web/sites",
     "apiVersion": "2020-06-01",
@@ -97,7 +102,7 @@ For Azure Resource Manager templates (ARM templates), modify the properties `cli
 
 ## Exclude paths from requiring authentication
 
-When you enable mutual auth for your application, all paths under the root of your app require a client certificate for access. To remove this requirement for certain paths, define exclusion paths as part of your application configuration.
+When you enable mutual authentication for your application, all paths under the root of your app require a client certificate for access. To remove this requirement for certain paths, define exclusion paths as part of your application configuration.
 
 > [!NOTE]
 > Using any client certificate exclusion path triggers TLS renegotiation for incoming requests to the app.
@@ -147,7 +152,7 @@ In App Service, TLS termination of the request happens at the front-end load bal
 
 For ASP.NET, the client certificate is available through the `HttpRequest.ClientCertificate` property.
 
-For other application stacks (Node.js, PHP), the client cert is available in your app through a base64-encoded value in the `X-ARR-ClientCert` request header.
+For other application stacks (Node.js, PHP), the client certificate is available in your app through a Base64-encoded value in the `X-ARR-ClientCert` request header.
 
 ## ASP.NET Core sample
 
@@ -342,7 +347,7 @@ public class Startup
 
 ## Node.js sample
 
-The following Node.js sample code gets the `X-ARR-ClientCert` header and uses [node-forge](https://github.com/digitalbazaar/forge) to convert the base64-encoded Privacy Enhanced Mail (PEM) string into a certificate object and validate it:
+The following Node.js sample code gets the `X-ARR-ClientCert` header and uses [node-forge](https://github.com/digitalbazaar/forge) to convert the Base64-encoded Privacy Enhanced Mail (PEM) string into a certificate object and validate it:
 
 ```javascript
 import { NextFunction, Request, Response } from 'express';
@@ -612,7 +617,7 @@ def authorize_certificate(view):
     return _wrapped_view
 ```
 
-The following code snippet shows how to use the decorator on a Django view function.
+The following code snippet shows how to use the decorator on a Django view function:
 
 ```python
 @authorize_certificate
@@ -622,4 +627,3 @@ def hellocert(request):
 ```
 
 ---
-

articles/app-service/configure-authentication-user-identities.md

@@ -20,7 +20,7 @@ Some example headers are described in the following table:
 
 | Header                       | Description                                                           |
 |------------------------------|-----------------------------------------------------------------------|
-| `X-MS-CLIENT-PRINCIPAL`      | A base64-encoded JSON representation of available claims. For more information, see [Decode the client principal header](#decode-the-client-principal-header).   |
+| `X-MS-CLIENT-PRINCIPAL`      | A Base64-encoded JSON representation of available claims. For more information, see [Decode the client principal header](#decode-the-client-principal-header).   |
 | `X-MS-CLIENT-PRINCIPAL-ID`   | An identifier for the caller, which the identity provider sets.            |
 | `X-MS-CLIENT-PRINCIPAL-NAME` | A human-readable name for the caller, set by the identity provider, such as an email address or a user principal name.   |
 | `X-MS-CLIENT-PRINCIPAL-IDP`  | The name of the identity provider that App Service authentication uses. |
@@ -34,7 +34,7 @@ Code that is written in any language or framework can get the information that i
 
 ### Decode the client principal header
 
-`X-MS-CLIENT-PRINCIPAL` contains the full set of available claims as base64-encoded JSON. These claims go through a default claims-mapping process, so some might have different names than you would see if you processed the token directly.
+`X-MS-CLIENT-PRINCIPAL` contains the full set of available claims as Base64-encoded JSON. These claims go through a default claims-mapping process, so some might have different names than you would see if you processed the token directly.
 
 Here's how the decoded payload is structured:
 
@@ -61,7 +61,7 @@ Here's how the decoded payload is structured:
 | `name_typ` | string           | The name claim type, which is typically a URI that provides scheme information about the `name` claim if one is defined. |
 | `role_typ` | string           | The role claim type, which is typically a URI that provides scheme information about the `role` claim if one is defined. |
 
-To process this header, your app must decode the payload and iterate through the `claims` array to find relevant claims. It might be convenient to convert claims into a representation that the app's language framework uses. Here's an example of this process in C# that constructs a [ClaimsPrincipal](/dotnet/api/system.security.claims.claimsprincipal) type for the app to use:
+To process this header, your app must decode the payload and iterate through the `claims` array to find relevant claims. It might be convenient to convert claims into a representation that the app's language framework uses. Here's an example of this process in C# that constructs a [`ClaimsPrincipal`](/dotnet/api/system.security.claims.claimsprincipal) type for the app to use:
 
 ```csharp
 using System;
@@ -127,11 +127,11 @@ public static class ClaimsPrincipalParser
 
 ### Framework-specific alternatives
 
-For ASP.NET 4.6 apps, App Service populates [ClaimsPrincipal.Current](/dotnet/api/system.security.claims.claimsprincipal.current) with the authenticated user's claims. You can follow the standard .NET code pattern, including the `[Authorize]` attribute. Similarly, for PHP apps, App Service populates the `_SERVER['REMOTE_USER']` variable. For Java apps, the claims are [accessible from the Tomcat servlet](configure-language-java-security.md#authenticate-users-easy-auth).
+For ASP.NET 4.6 apps, App Service populates [`ClaimsPrincipal.Current`](/dotnet/api/system.security.claims.claimsprincipal.current) with the authenticated user's claims. You can follow the standard .NET code pattern, including the [`Authorize`] attribute. Similarly, for PHP apps, App Service populates the `_SERVER['REMOTE_USER']` variable. For Java apps, the claims are [accessible from the Tomcat servlet](configure-language-java-security.md#authenticate-users-easy-auth).
 
 For [Azure Functions](../azure-functions/functions-overview.md), `ClaimsPrincipal.Current` isn't populated for .NET code, but you can still find the user claims in the request headers, or get the `ClaimsPrincipal` object from the request context or even through a binding parameter. For more information, see [Work with client identities in Azure Functions](../azure-functions/functions-bindings-http-webhook-trigger.md#working-with-client-identities).
 
-For .NET Core, [Microsoft.Identity.Web](https://www.nuget.org/packages/Microsoft.Identity.Web/) supports populating the current user with App Service authentication. To learn more, review the [Microsoft.Identity.Web wiki](https://github.com/AzureAD/microsoft-identity-web/wiki/1.2.0#integration-with-azure-app-services-authentication-of-web-apps-running-with-microsoftidentityweb) or see it demonstrated in [this tutorial for a web app accessing Microsoft Graph](./scenario-secure-app-access-microsoft-graph-as-user.md?tabs=command-line#install-client-library-packages).
+For .NET Core, [`Microsoft.Identity.Web`](https://www.nuget.org/packages/Microsoft.Identity.Web/) supports populating the current user with App Service authentication. To learn more, review the [Microsoft.Identity.Web wiki](https://github.com/AzureAD/microsoft-identity-web/wiki/1.2.0#integration-with-azure-app-services-authentication-of-web-apps-running-with-microsoftidentityweb) or see it demonstrated in [this tutorial for a web app accessing Microsoft Graph](./scenario-secure-app-access-microsoft-graph-as-user.md?tabs=command-line#install-client-library-packages).
 
 > [!NOTE]
 > For claims mapping to work, you must enable the [token store](overview-authentication-authorization.md#token-store).

articles/app-service/deploy-local-git.md

@@ -1,5 +1,5 @@
 ---
-title: Deploy From a Local Git Repository
+title: Deploy from a Local Git Repository
 description: Learn how to enable local Git deployment to Azure App Service. One of the simplest ways to deploy code is from your local computer.
 ms.topic: how-to
 ms.date: 02/29/2024
@@ -45,7 +45,7 @@ Run [az webapp create](/cli/azure/webapp#az-webapp-create) with the `--deploymen
 
 For example:
 
-```azurecli-interactive
+```azurecli
 az webapp create --resource-group <group-name> --plan <plan-name> --name <app-name> --runtime "<runtime-flag>" --deployment-local-git
 ```
 
@@ -57,7 +57,7 @@ Run [New-AzWebApp](/powershell/module/az.websites/new-azwebapp) from the root of
 
 For example:
 
-```azurepowershell-interactive
+```azurepowershell
 New-AzWebApp -Name <app-name>
 ```
 
@@ -79,7 +79,7 @@ Run [az webapp deployment source config-local-git](/cli/azure/webapp/deployment/
 
 For example:
 
-```azurecli-interactive
+```azurecli
 az webapp deployment source config-local-git --name <app-name> --resource-group <group-name>
 ```
 
@@ -92,7 +92,7 @@ The output contains a URL like the example `https://<deployment-username>@<app-n
 
 Set the `scmType` of your app by running the [Set-AzResource](/powershell/module/az.resources/set-azresource) cmdlet.
 
-```powershell-interactive
+```azurepowershell
 $PropertiesObject = @{
     scmType = "LocalGit";
 }
@@ -109,7 +109,7 @@ Set-AzResource -PropertyObject $PropertiesObject -ResourceGroupName <group-name>
 1. On the resource menu, select **Deployment Center** > **Settings**.
 1. For **Source**, select **Local Git**, and then select **Save**.
 
-    ![Screenshot that shows how to enable local Git deployment for App Service in the Azure portal.](./media/deploy-local-git/enable-portal.png)
+   :::image type="content" source="media/deploy-local-git/enable-portal.png" alt-text="Screenshot that shows how to enable local Git deployment for App Service in the Azure portal.":::
 
 1. In the **Local Git** section, copy the value for **Git Clone Uri** to use later. This URI doesn't contain any sign-in information.
 
@@ -154,7 +154,7 @@ When you push commits to your App Service repository, App Service deploys the fi
 
   To do it by using the Azure CLI:
 
-  ```azurecli-interactive
+  ```azurecli
   az webapp config appsettings set --name <app-name> --resource-group <group-name> --settings DEPLOYMENT_BRANCH='main'
   git push azure main
   ```

articles/app-service/media/deploy-local-git/enable-portal.png

@@ -1,5 +1,5 @@
 ---
-title: Application Gateway Integration Overview
+title: What Is Application Gateway Integration?
 description: Learn how Azure Application Gateway integrates with Azure App Service.
 services: app-service
 author: madsd
@@ -11,7 +11,7 @@ ms.custom: devx-track-azurecli, devx-track-arm-template
 ms.devlang: azurecli
 ---
 
-# Application Gateway integration with Azure App Service overview
+# What is Application Gateway integration with Azure App Service?
 
 This article describes how to configure Azure Application Gateway with Azure App Service by using private endpoints to secure traffic. The article also discusses considerations for using service endpoints and integrating with internal and external App Service Environments. The article describes how to set access restrictions on a Source Control Manager (SCM) site.