update

xfz11 · xfz11 · commit 5182c5615af1 · 2024-10-08T10:58:02.000+08:00
diff --git a/articles/service-connector/tutorial-python-aks-sql-database-connection-string.md b/articles/service-connector/tutorial-python-aks-sql-database-connection-string.md
@@ -23,8 +23,6 @@ In this tutorial, you learn how to connect an application deployed to AKS, to an
 > * Update your application code
 > * Clean up Azure resources.
 
-> [!WARNING]
-> Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a very high degree of trust in the application, and carries risks that are not present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable. See the [tutorial using a managed identity](tutorial-python-aks-storage-workload-identity.md).
 
 ## Prerequisites
 
@@ -64,9 +62,9 @@ az provider register --namespace Microsoft.KubernetesConfiguration
 
 ### Create a new connection
 
-Create a service connection between your AKS cluster and your SQL database in the Azure portal or the Azure CLI.
+::: zone pivot="workload-id"
 
-::: zone pivot="connection-string"
+Create a service connection between your AKS cluster and your SQL database using Microsoft Entra Workload ID
 
 ### [Azure portal](#tab/azure-portal)
 
@@ -84,9 +82,9 @@ Create a service connection between your AKS cluster and your SQL database in th
     
     :::image type="content" source="media/tutorial-ask-sql/create-connection.png" alt-text="Screenshot of the Azure portal showing the form to create a new connection to a SQL database in AKS.":::
 
-4. Select **Next: Authentication**.  On the **Authentication** tab, enter your database username and password.
-5. Select **Next: Networking** > **Next: Review + create** >**Create**.
-6. Once the deployment is successful, you can view information about the new connection in the **Service Connector** pane.
+4. Select **Next: Authentication**.  On the **Authentication** tab, select **Workload Identity** and choose one **User assigned managed identity**.
+5. Select **Next: Networking** > **Next: Review + create** >**Create On Cloud Shell**.
+6. The Cloud Shell will be launched and execute the commands to create a connection. You may need to confirm some configuration changes during the command processing. Once command runs successfully, it will show connection information, and you can click refresh button in **Service Connector** pane to show the latest result.
 
 ### [Azure CLI](#tab/azure-cli)
 
@@ -104,14 +102,19 @@ Create a service connection to the SQL database using the [`az aks connection cr
        az aks connection create sql \
           --source-id /subscriptions/<source-subscription>/resourceGroups/<source_resource_group>/providers/Microsoft.ContainerService/managedClusters/<cluster> \
           --target-id /subscriptions/<target-subscription>/resourceGroups/<target_resource_group>/providers/Microsoft.Sql/servers/<server>/databases/<database> \
-          --secret name=<secret-name> secret=<secret>
+          --workload-identity /subscriptions/<identity-subscription>/resourcegroups/<resource_group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<identity_name>
        ```
 
 ---
 
 ::: zone-end
 
-::: zone pivot="workload-id"
+::: zone pivot="connection-string"
+
+> [!WARNING]
+> Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a very high degree of trust in the application, and carries risks that are not present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable. Select the authentication method[Workload ID (Recommended)](#create-a-new-connection).
+
+Create a service connection between your AKS cluster and your SQL database using a connection string
 
 ### [Azure portal](#tab/azure-portal)
 
@@ -129,9 +132,9 @@ Create a service connection to the SQL database using the [`az aks connection cr
     
     :::image type="content" source="media/tutorial-ask-sql/create-connection.png" alt-text="Screenshot of the Azure portal showing the form to create a new connection to a SQL database in AKS.":::
 
-4. Select **Next: Authentication**.  On the **Authentication** tab, select **Workload Identity** and choose one **User assigned managed identity**.
-5. Select **Next: Networking** > **Next: Review + create** >**Create On Cloud Shell**.
-6. The Cloud Shell will be launched and execute the commands to create a connection. You may need to confirm some configuration changes during the command processing. Once command runs successfully, it will show connection information, and you can click refresh button in **Service Connector** pane to show the latest result.
+4. Select **Next: Authentication**.  On the **Authentication** tab, enter your database username and password.
+5. Select **Next: Networking** > **Next: Review + create** >**Create**.
+6. Once the deployment is successful, you can view information about the new connection in the **Service Connector** pane.
 
 ### [Azure CLI](#tab/azure-cli)
 
@@ -149,7 +152,7 @@ Create a service connection to the SQL database using the [`az aks connection cr
        az aks connection create sql \
           --source-id /subscriptions/<source-subscription>/resourceGroups/<source_resource_group>/providers/Microsoft.ContainerService/managedClusters/<cluster> \
           --target-id /subscriptions/<target-subscription>/resourceGroups/<target_resource_group>/providers/Microsoft.Sql/servers/<server>/databases/<database> \
-          --workload-identity /subscriptions/<identity-subscription>/resourcegroups/<resource_group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<identity_name>
+          --secret name=<secret-name> secret=<secret>
        ```
 
 ---
diff --git a/articles/service-connector/zone-pivot-groups.yml b/articles/service-connector/zone-pivot-groups.yml
@@ -26,10 +26,11 @@ groups:
     title: Service principal
 
 - id: aks-authtype
-  title: Choose the authentication type
-  prompt: Choose the authentication type
+  title: Select an authentication method
+  prompt: Select an authentication method
   pivots:
+  - id: workload-id
+    title: Workload ID (Recommended)
   - id: connection-string
     title: Connection string
-  - id: workload-id
-    title: Workload ID
+
