Merge pull request #95819 from ramthi/patch-6

Update sdk-connection-string.md

Author: Jak-MS

articles/azure-monitor/app/sdk-connection-string.md

@@ -90,7 +90,12 @@ See also: [Regions that require endpoint modification](./custom-endpoints.md#reg
 - [Profiler](./profiler-overview.md): `profiler`
 - [Snapshot](./snapshot-debugger.md): `snapshot`
 
+#### Is Connection string a secret?
 
+Connection string contains iKey which is a unique identifier used by the ingestion service to associate telemetry to a specific Application Insights resource.  It is not to be considered a security token or key. The ingestion endpoint provides Azure AD-based authenticated telemetry ingestion options if you want to protect your AI resource from misuse.
+
+> [!NOTE]
+> Application Insights JavaScript SDK requires the connection string to be passed in during initialization/configuration.  This is viewable in plain text in client browsers. There is no easy way to use the Azure AD-based authentication for browser telemetry.  It is recommended that customers consider creating a separate Application Insights resource for browser telemetry if they need to secure the service telemetry.
 
 ## Connection string examples
 
@@ -297,4 +302,4 @@ Get started at development time with:
 * [ASP.NET Core](./asp-net-core.md)
 * [Java](./java-in-process-agent.md)
 * [Node.js](./nodejs.md)
-* [Python](./opencensus-python.md)
+* [Python](./opencensus-python.md)