Merge pull request #225650 from tamram/tamram23-0130

add dev center auth articles to TOC

Author: Court72

articles/active-directory/develop/scenario-web-app-call-api-call-api.md

@@ -150,7 +150,7 @@ public async Task<IActionResult> Profile()
 > [!NOTE]
 > You can use the same principle to call any web API.
 >
-> Most Azure web APIs provide an SDK that simplifies calling the API as is the case for Microsoft Graph. See, for instance, [Create a web application that authorizes access to Blob storage with Azure AD](../../storage/common/storage-auth-aad-app.md?tabs=dotnet&toc=%2fazure%2fstorage%2fblobs%2ftoc.json) for an example of a web app using Microsoft.Identity.Web and using the Azure Storage SDK.
+> Most Azure web APIs provide an SDK that simplifies calling the API as is the case for Microsoft Graph.
 
 # [Java](#tab/java)
 

articles/data-factory/connector-azure-blob-storage.md

@@ -238,7 +238,7 @@ For general information about Azure Storage service principal authentication, se
 
 To use service principal authentication, follow these steps:
 
-1. Register an application entity in Azure Active Directory (Azure AD) by following [Register your application with an Azure AD tenant](../storage/common/storage-auth-aad-app.md#register-your-application-with-an-azure-ad-tenant). Make note of these values, which you use to define the linked service:
+1. Register an application with the Microsoft Identity platform. To learn how, see [Quickstart: Register an application with the Microsoft identity platform](../active-directory/develop/quickstart-register-app.md). Make note of these values, which you use to define the linked service:
 
     - Application ID
     - Application key

articles/data-factory/connector-azure-cosmos-db.md

@@ -145,7 +145,7 @@ The Azure Cosmos DB for NoSQL connector supports the following authentication ty
 
 To use service principal authentication, follow these steps.
 
-1. Register an application entity in Azure Active Directory (Azure AD) by following the steps in [Register your application with an Azure AD tenant](../storage/common/storage-auth-aad-app.md#register-your-application-with-an-azure-ad-tenant). Make note of the following values, which you use to define the linked service:
+1. Register an application with the Microsoft Identity platform. To learn how, see [Quickstart: Register an application with the Microsoft identity platform](../active-directory/develop/quickstart-register-app.md). Make note of these values, which you use to define the linked service:
 
     - Application ID
     - Application key

articles/data-factory/connector-azure-data-explorer.md

@@ -88,7 +88,7 @@ The Azure Data Explorer connector supports the following authentication types. S
 
 To use service principal authentication, follow these steps to get a service principal and to grant permissions:
 
-1. Register an application entity in Azure Active Directory by following the steps in [Register your application with an Azure AD tenant](../storage/common/storage-auth-aad-app.md#register-your-application-with-an-azure-ad-tenant). Make note of the following values, which you use to define the linked service:
+1. Register an application with the Microsoft Identity platform. To learn how, see [Quickstart: Register an application with the Microsoft identity platform](../active-directory/develop/quickstart-register-app.md). Make note of these values, which you use to define the linked service:
 
     - Application ID
     - Application key

articles/data-factory/connector-azure-data-lake-storage.md

@@ -129,7 +129,7 @@ To use storage account key authentication, the following properties are supporte
 
 To use service principal authentication, follow these steps.
 
-1. Register an application entity in Azure Active Directory (Azure AD) by following the steps in [Register your application with an Azure AD tenant](../storage/common/storage-auth-aad-app.md#register-your-application-with-an-azure-ad-tenant). Make note of the following values, which you use to define the linked service:
+1. Register an application with the Microsoft Identity platform. To learn how, see [Quickstart: Register an application with the Microsoft identity platform](../active-directory/develop/quickstart-register-app.md). Make note of these values, which you use to define the linked service:
 
     - Application ID
     - Application key

articles/data-factory/connector-dynamics-ax.md

@@ -69,7 +69,7 @@ The following sections provide details about properties you can use to define Da
 
 To use service principal authentication, follow these steps:
 
-1. Register an application entity in Azure Active Directory (Azure AD) by following [Register your application with an Azure AD tenant](../storage/common/storage-auth-aad-app.md#register-your-application-with-an-azure-ad-tenant). Make note of the following values, which you use to define the linked service:
+1. Register an application with the Microsoft Identity platform. To learn how, see [Quickstart: Register an application with the Microsoft identity platform](../active-directory/develop/quickstart-register-app.md). Make note of these values, which you use to define the linked service:
 
     - Application ID
     - Application key

articles/data-factory/connector-sharepoint-online-list.md

@@ -38,7 +38,7 @@ Specifically, this SharePoint List Online connector uses service principal authe
 
 The SharePoint List Online connector uses service principal authentication to connect to SharePoint. Follow these steps to set it up:
 
-1. Register an application entity in Azure Active Directory (Azure AD) by following [Register your application with an Azure AD tenant](../storage/common/storage-auth-aad-app.md#register-your-application-with-an-azure-ad-tenant). Make note of the following values, which you use to define the linked service:
+1. Register an application with the Microsoft Identity platform. To learn how, see [Quickstart: Register an application with the Microsoft identity platform](../active-directory/develop/quickstart-register-app.md). Make note of these values, which you use to define the linked service:
 
     - Application ID
     - Application key

articles/hdinsight/domain-joined/identity-broker.md

@@ -115,11 +115,11 @@ To troubleshoot authentication issues, see [this guide](./domain-joined-authenti
 
 ## Clients using OAuth to connect to an HDInsight gateway with HDInsight ID Broker
 
-In the HDInsight ID Broker setup, custom apps and clients that connect to the gateway can be updated to acquire the required OAuth token first. Follow the steps in [this document](../../storage/common/storage-auth-aad-app.md) to acquire the token with the following information:
+In the HDInsight ID Broker setup, custom apps and clients that connect to the gateway can be updated to acquire the required OAuth token first. For more information, see [How to authenticate .NET applications with Azure services](/dotnet/azure/sdk/authentication). The key values required for authorizing access to an HDInsight gateway are:
 
-*    OAuth resource uri: `https://hib.azurehdinsight.net` 
-*   AppId: 7865c1d2-f040-46cc-875f-831a1ef6a28a
-*    Permission: (name: Cluster.ReadWrite, id: 8f89faa0-ffef-4007-974d-4989b39ad77d)
+* OAuth resource uri: `https://hib.azurehdinsight.net`
+* AppId: 7865c1d2-f040-46cc-875f-831a1ef6a28a
+* Permission: (name: Cluster.ReadWrite, id: 8f89faa0-ffef-4007-974d-4989b39ad77d)
 
 After you acquire the OAuth token, use it in the authorization header of the HTTP request to the cluster gateway (for example, https://\<clustername\>-int.azurehdinsight.net). A sample curl command to Apache Livy API might look like this example:
 

articles/service-fabric/how-to-managed-cluster-app-deployment-template.md

@@ -39,25 +39,24 @@ Then, you create a Resource Manager template, update the parameters file with ap
 
 ### Create a storage account
 
-To deploy an application from a Resource Manager template, you must have a storage account. The storage account is used to stage the application image. 
+To deploy an application from a Resource Manager template, you must have a storage account. The storage account is used to stage the application image.
 
-You can reuse an existing storage account or you can create a new storage account for staging your applications. If you use an existing storage account, you can skip this step. 
+You can reuse an existing storage account or you can create a new storage account for staging your applications. If you use an existing storage account, you can skip this step.
 
 ![Create a storage account][CreateStorageAccount]
 
-### Configure your storage account
-
-After the storage account is created, you create a blob container where the applications can be staged. In the Azure portal, go to the Azure Storage account where you want to store your applications. Select **Blobs** > **Add Container**. 
+> [!CAUTION]
+> Anonymous public access to blob data in your storage account presents a security risk. When you create a storage account, we recommend that you disable anonymous public access to blob data at the account level, by setting the **AllowBlobPublicAccess** property to **false**. For more information, see [Remediate anonymous public read access to blob data (Azure Resource Manager deployments)](../storage/blobs/anonymous-read-access-prevent.md).
 
-Resources in your cluster can be secured by setting the public access level to **private**. You can grant access in multiple ways:
+### Configure your storage account
 
-* Authorize access to blobs and queues by using [Azure Active Directory](../storage/common/storage-auth-aad-app.md).
-* Grant access to Azure blob and queue data by using [Azure RBAC in the Azure portal](../storage/blobs/assign-azure-role-data-access.md).
-* Delegate access by using a [shared access signature](/rest/api/storageservices/delegate-access-with-shared-access-signature).
+After the storage account is created, you create a blob container where the applications can be staged. In the Azure portal, go to the Azure Storage account where you want to store your applications. Select **Blobs** > **Add Container**.
 
-The example in the following screenshot uses anonymous read access for blobs.
+You can grant access to the container in one of the following ways:
 
-![Create blob][CreateBlob]
+* You can assign an Azure RBAC role that grants permissions to the container to a security principal, so that that security principal can access data in the container via Azure AD authorization. For more information, see [Authorize access to blobs using Azure Active Directory](../storage/blobs/authorize-access-azure-active-directory.md).
+* You can delegate access to the container with a shared access signature to grant a client access to blobs in the container for a limited period of time and with specific permissions. For more information, see [Grant limited access to Azure Storage resources using shared access signatures (SAS)](../storage/common/storage-sas-overview.md).
+* You can use the account access keys to authorize access to blob data. This approach is the least secure and so is not recommended.
 
 ### Stage the application in your storage account
 

articles/storage/.openpublishing.redirection.storage.json

@@ -180,6 +180,11 @@
             "redirect_url": "/azure/storage/blobs/sas-service-create",
             "redirect_document_id": true
         },
+        {
+            "source_path_from_root": "/articles/storage/blobs/sas-service-create.md",
+            "redirect_url": "/azure/storage/blobs/sas-service-create-dotnet",
+            "redirect_document_id": true
+        },
         {
             "source_path_from_root": "/articles/storage/blobs/storage-blob-snapshots.md",
             "redirect_url": "/azure/storage/blobs/snapshots-overview",
@@ -410,6 +415,11 @@
             "redirect_url": "/azure/storage/blobs/encryption-customer-provided-keys",
             "redirect_document_id": true
         },
+        {
+            "source_path_from_root": "/articles/storage/common/identity-library-acquire-token.md",
+            "redirect_url": "/azure/storage/blobs/authorize-access-azure-active-directory",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/storage/common/manage-account-default-access-tier.md",
             "redirect_url": "/azure/storage/blobs/access-tiers-online-manage",
@@ -460,6 +470,26 @@
             "redirect_url": "/azure/storage/blobs/authorize-managed-identity",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/storage/blobs/authorize-managed-identity.md",
+            "redirect_url": "/azure/storage/blobs/authorize-access-azure-active-directory",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/storage/queues/authorize-managed-identity.md",
+            "redirect_url": "/azure/storage/queues/authorize-access-azure-active-directory",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/storage/tables/authorize-managed-identity.md",
+            "redirect_url": "/azure/storage/tables/authorize-access-azure-active-directory",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/storage/common/storage-auth-aad-app.md",
+            "redirect_url": "/azure/storage/blobs/authorize-access-azure-active-directory",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/storage/common/storage-auth-aad-rbac-cli.md",
             "redirect_url": "/azure/storage/blobs/assign-azure-role-data-access",