MicrosoftDocs
diff --git a/‎articles/azure-web-pubsub/howto-custom-domain.md
Lines changed: 42 additions & 41 deletions b/‎articles/azure-web-pubsub/howto-custom-domain.md
Lines changed: 42 additions & 41 deletions
diff --git a/‎articles/azure-web-pubsub/howto-disable-local-auth.md
Lines changed: 20 additions & 22 deletions b/‎articles/azure-web-pubsub/howto-disable-local-auth.md
Lines changed: 20 additions & 22 deletions
@@ -24,80 +24,81 @@ In addition to the default domain that the Azure Web PubSub service provides, yo
 
 Before you can add a custom domain, add a matching custom certificate. A custom certificate is a resource of your instance of Web PubSub. It references a certificate in your key vault. For security and compliance, Web PubSub doesn't permanently store your certificate. Instead, it fetches the certificate from your key vault and keeps it in memory.
 
-### Step 1: Grant your Web PubSub resource access to Key Vault
+### Step 1: Grant your Web PubSub resource access to the key vault
 
 Azure Web PubSub Service uses Managed Identity to access your Key Vault. In order to authorize, it needs to be granted permissions.
 
 1. In the Azure portal, go to your Azure Web PubSub resource.
 1. On the left pane, select **Identity**.
 
-1. Select the type of identity you want to use: **System assigned** or **User assigned**. To use a user-assigned identity, first you create one.
+1. Select the type of identity to use: **System assigned** or **User assigned**. To use a user-assigned identity, first you create one.
 
     To use a system-assigned identity:
 
     1. Select **On**.
     1. Select **Yes** to confirm.
     1. Select **Save**.
 
-   :::image type="content" alt-text="Screenshot of enabling system assigned managed identity." source="media\howto-custom-domain\portal-identity.png" :::
+   :::image type="content" alt-text="Screenshot of enabling a system-assigned managed identity." source="media\howto-custom-domain\portal-identity.png" :::
 
     To use a user-assigned identity:
 
     1. Select **Add user assigned managed identity**.
     1. Select an existing identity.
     1. Select **Add**.
 
-    :::image type="content" alt-text="Screenshot of enabling user assigned managed identity." source="media\howto-custom-domain\portal-user-assigned-identity.png" :::
+    :::image type="content" alt-text="Screenshot of enabling a user-assigned managed identity." source="media\howto-custom-domain\portal-user-assigned-identity.png" :::
 
 1. Select **Save**.
 
 Depending on how you configure your Azure Key Vault permissions model, you might need to grant permissions at different locations in the Azure portal.
 
 #### [Vault access policy](#tab/vault-access-policy)
 
-If you're using Key Vault built-in access policy as Key Vault permission model:
+If you use a key vault built-in access policy as a key vault permissions model:
 
-   :::image type="content" alt-text="Screenshot of built-in access policy selected as Key Vault permission model." source="media\howto-custom-domain\portal-key-vault-perm-model-access-policy.png" :::
+:::image type="content" alt-text="Screenshot of a built-in access policy selected as the key vault permissions model." source="media\howto-custom-domain\portal-key-vault-perm-model-access-policy.png" :::
 
 1. Go to your Key Vault resource.
-1. In the menu pane, select **Access configuration**.
+1. On the left menu, select **Access configuration**.
 1. Select **Vault access policy**.
 1. Select **Go to access policies**.
 1. Select **Create**.
-1. Select **Secret Get** permission.
-1. Select **Certificate Get** permission.
+1. On the **Create an access policy** pane, select the **Permissions** tab.
+1. For **Secret permissions**, select **Get**.
+1. For **Certificate permissions**, select **Get**.
 1. Select **Next**.
 
-   :::image type="content" alt-text="Screenshot of permissions selection in Key Vault." source="media\howto-custom-domain\portal-key-vault-permissions.png" :::
+   :::image type="content" alt-text="Screenshot of permissions selection in a key vault." source="media\howto-custom-domain\portal-key-vault-permissions.png" :::
 
-1. Search for the Azure Web PubSub resource name.
+1. Search for the Web PubSub resource name.
 1. Select **Next**.
 
-   :::image type="content" alt-text="Screenshot of principal selection in Key Vault." source="media\howto-custom-domain\portal-key-vault-principal.png" :::
+   :::image type="content" alt-text="Screenshot of principal selection in a key vault." source="media\howto-custom-domain\portal-key-vault-principal.png" :::
 
-1. Select **Next** on the **Application** tab.
+1. Select the **Application** tab, and then select **Next**.
 1. Select **Create**.
 
 #### [Azure role-based access control](#tab/azure-rbac)
 
 If you're using Azure role-based access control as Key Vault permission model:
 
-   :::image type="content" alt-text="Screenshot of Azure RBAC selected as Key Vault permission model." source="media\howto-custom-domain\portal-key-vault-perm-model-rbac.png" :::
+:::image type="content" alt-text="Screenshot of Azure RBAC selected as the key vault permission model." source="media\howto-custom-domain\portal-key-vault-perm-model-rbac.png" :::
 
 1. Go to your Key Vault resource.
-1. On the left menu, select **Go to access control (IAM)**.
+1. On the left menu, select **Access control (IAM)**.
 1. Select **Add** > **Add role assignment**.
 
-   :::image type="content" alt-text="Screenshot of Key Vault IAM." source="media\howto-custom-domain\portal-key-vault-iam.png" :::
+   :::image type="content" alt-text="Screenshot of the key vault Access control pane." source="media\howto-custom-domain\portal-key-vault-iam.png" :::
 
-1. Under the **Role** tab, select **Key Vault Secrets User**. Select **Next**.
+1. Select the **Role** tab, and then select **Key Vault Secrets User**. Select **Next**.
 
-   :::image type="content" alt-text="Screenshot of role tab when adding role assignment to Key Vault." source="media\howto-custom-domain\portal-key-vault-role.png" :::
+   :::image type="content" alt-text="Screenshot of the Role tab when adding a role assignment to a key vault." source="media\howto-custom-domain\portal-key-vault-role.png" :::
 
-1. Under the **Members** tab, select **Managed identity**.
-1. Search for and **Select** the Azure Web PubSub Service resource name or the user assigned identity name.
+1. Select the **Members** tab, and then select **Managed identity**.
+1. Search for and then select the Web PubSub resource name or the name of the user-assigned identity.
 
-   :::image type="content" alt-text="Screenshot of members tab when adding role assignment to Key Vault." source="media\howto-custom-domain\portal-key-vault-members.png" :::
+   :::image type="content" alt-text="Screenshot of the Members tab when adding a role assignment to a key vault." source="media\howto-custom-domain\portal-key-vault-members.png" :::
 
 1. Select **Next**.
 1. Select **Review + assign**.
@@ -106,51 +107,51 @@ If you're using Azure role-based access control as Key Vault permission model:
 
 ### Step 2: Create a custom certificate
 
-1. In the Azure portal, go to your Azure Web PubSub Service resource.
-1. In the menu pane, select **Custom domain**.
-1. In the **Custom certificate** section, select **Add**.
+1. In the Azure portal, go to your Web PubSub resource.
+1. On the left menu, select **Custom domain**.
+1. On the **Custom certificate** pane, select **Add**.
 
    :::image type="content" alt-text="Screenshot of custom certificate management." source="media\howto-custom-domain\portal-custom-certificate-management.png" :::
 
-1. Fill in a name for the custom certificate.
-1. Select **Select from your Key Vault** to choose a Key Vault certificate. After selection the following **Key Vault Base URI**, the **Key Vault Secret Name** will be automatically filled in. Alternatively you can also fill in these fields manually.
-1. Optionally, you can specify a **Key Vault Secret Version** if you want to pin the certificate to a specific version.
+1. Enter a name for the custom certificate.
+1. Select **Select from your Key Vault** to choose a key vault certificate. After you select a key vault, values for **Key Vault Base URI** and **Key Vault Secret Name** are automatically added. You also have to option to edit these fields manually.
+1. (Optional) To pin the certificate to a specific version, enter a value for **Key Vault Secret Version**.
 1. Select **Add**.
 
    :::image type="content" alt-text="Screenshot of adding a custom certificate." source="media\howto-custom-domain\portal-custom-certificate-add.png" :::
 
-Azure Web PubSub Service fetches the certificate and validates its contents. When it succeeds, the certificate's **Provisioning State** is **Succeeded**.
+Web PubSub fetches the certificate and validates its contents. When certificate validation succeeds, **Provisioning State** for the certificate is **Succeeded**.
 
-   :::image type="content" alt-text="Screenshot of an added custom certificate." source="media\howto-custom-domain\portal-custom-certificate-added.png" :::
+:::image type="content" alt-text="Screenshot of an added custom certificate." source="media\howto-custom-domain\portal-custom-certificate-added.png" :::
 
 ## Create a custom domain CNAME
 
-To validate the ownership of your custom domain, you need to create a CNAME record for the custom domain and point it to the default domain of Azure Web PubSub Service.
+To validate the ownership of your custom domain, you need to create a CNAME record for the custom domain and point it to the default domain of your Web PubSub resource.
 
-For example, if your default domain is `contoso.webpubsub.azure.com`, and your custom domain is `contoso.example.com`, you need to create a CNAME record on `example.com` like:
+For example, if your default domain is `contoso.webpubsub.azure.com` and your custom domain is `contoso.example.com`, create a CNAME record on `example.com` like in this example:
 
 ```plaintext
 contoso.example.com. 0 IN CNAME contoso.webpubsub.azure.com.
 ```
 
-If you're using Azure DNS Zone, see [manage DNS records](../dns/dns-operations-recordsets-portal.md) to learn how to add a CNAME record.
+If you're using Azure DNS Zone, see [Manage DNS records](../dns/dns-operations-recordsets-portal.md) to learn how to add a CNAME record.
 
-   :::image type="content" alt-text="Screenshot of adding a CNAME record in Azure DNS Zone." source="media\howto-custom-domain\portal-dns-cname.png" :::
+:::image type="content" alt-text="Screenshot of adding a CNAME record in Azure DNS Zone." source="media\howto-custom-domain\portal-dns-cname.png" :::
 
-If you're using other DNS providers, follow provider's guide to create a CNAME record.
+If you use other DNS providers, use the provider's documentation to create a CNAME record.
 
 ## Add a custom domain
 
-A custom domain is another sub resource of your Azure Web PubSub Service. It contains all configurations for a custom domain.
+A custom domain is another sub resource of your Web PubSub instance. It contains all configurations that are required for a custom domain.
 
-1. In the Azure portal, go to your Azure Web PubSub Service resource.
-1. In the menu pane, select **Custom domain**.
-1. Under **Custom domain**, select **Add**.
+1. In the Azure portal, go to your Web PubSub resource.
+1. On the left menu, select **Custom domain**.
+1. On the **Custom domain** pane, select **Add**.
 
    :::image type="content" alt-text="Screenshot of custom domain management." source="media\howto-custom-domain\portal-custom-domain-management.png" :::
 
-1. Enter a name for the custom domain. It's the sub resource name.
-1. Enter the domain name. It's the full domain name of your custom domain, for example, `contoso.com`.
+1. Enter a name for the custom domain. Use the sub resource name.
+1. Enter the domain name. Use the full domain name of your custom domain, for example, `contoso.com`.
 1. Select a custom certificate that applies to this custom domain.
 1. Select **Add**.
 
@@ -160,7 +161,7 @@ A custom domain is another sub resource of your Azure Web PubSub Service. It con
 
 You can now access your Web PubSub endpoint by using the custom domain.
 
-To verify the domain, you can access the health API. Here's an example that uses cURL:
+To verify the domain, you can access the health API. The following examples use cURL.
 
 #### [PowerShell](#tab/azure-powershell)
 
 
@@ -1,6 +1,6 @@
 ---
-title: Disable local (access key) authentication with Azure Web PubSub Service
-description: This article provides information about how to disable access key authentication and use only Microsoft Entra authorization with Azure Web PubSub Service.
+title: Disable local (access key) authentication with Azure Web PubSub
+description: Learn how to disable access key authentication and use only Microsoft Entra authorization with Azure Web PubSub.
 author: terencefan
 
 ms.author: tefa
@@ -10,34 +10,34 @@ ms.custom: devx-track-arm-template
 ms.topic: conceptual
 ---
 
-# Disable local (access key) authentication with Azure Web PubSub Service
+# Disable local (access key) authentication with Azure Web PubSub
 
-There are two ways to authenticate to Azure Web PubSub Service resources: Microsoft Entra ID and Access Key. Microsoft Entra ID provides superior security and ease of use over access key. With Microsoft Entra ID, there’s no need to store the tokens in your code and risk potential security vulnerabilities. We recommend that you use Microsoft Entra ID with your Azure Web PubSub Service resources when possible.
+Azure Web PubSub resources can authenticate requests in two ways: via a Microsoft Entra ID or via an access key. Microsoft Entra ID provides superior security and ease of use over an access key. If you use Microsoft Entra ID, you don't need to store the tokens in your code and risk potential security vulnerabilities. We recommend that you use Microsoft Entra ID with your Web PubSub resources when possible.
 
 > [!IMPORTANT]
-> Disabling local authentication can have following influences.
+> Disabling local authentication might have the following results:
 >
-> - The current set of access keys will be permanently deleted.
-> - Tokens signed with current set of access keys will become unavailable.
-> - Signature will **NOT** be attached in the upstream request header. Please visit _[how to validate access token](./howto-use-managed-identity.md#validate-access-tokens)_ to learn how to validate requests via Microsoft Entra token.
+> - The current set of access keys is permanently deleted.
+> - Tokens that are signed by using the current set of access keys become unavailable.
+> - A signature will *not* be attached in the upstream request header. Learn how to [validate an access token](./howto-use-managed-identity.md#validate-access-tokens) .
 
-## Use Azure portal
+## Use the Azure portal
 
-In this section, you will learn how to use the Azure portal to disable local authentication.
+To disable local authentication by using the Azure portal:
 
-1. Navigate to your Web PubSub Service resource in the [Azure portal](https://portal.azure.com).
+1. In the [Azure portal](https://portal.azure.com), go to your Web PubSub resource.
 
-2. in the **Settings** section of the menu sidebar, select **Keys** tab.
+2. On the left menu under **Settings**, select **Keys**.
 
-3. Select **Disabled** for local authentication.
+3. For local authentication, select **Disabled**.
 
-4. Click **Save** button.
+4. Select **Save**.
 
-![Screenshot of disabling local auth.](./media/howto-disable-local-auth/disable-local-auth.png)
+![Screenshot that shows disabling local authentication.](./media/howto-disable-local-auth/disable-local-auth.png)
 
-## Use Azure Resource Manager template
+## Use a Azure Resource Manager template
 
-You can disable local authentication by setting `disableLocalAuth` property to true as shown in the following Azure Resource Manager template.
+You can disable local authentication by setting `disableLocalAuth` property to `true` as shown in the following Azure Resource Manager template:
 
 ```json
 {
@@ -89,13 +89,11 @@ You can disable local authentication by setting `disableLocalAuth` property to t
 
 ## Use Azure Policy
 
-You can assign the [Azure Web PubSub Service should have local authentication methods disabled](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fb66ab71c-582d-4330-adfd-ac162e78691e) Azure policy to an Azure subscription or a resource group to enforce disabling of local authentication for all Web PubSub resources in the subscription or the resource group.
+You can assign the policy [Azure Web PubSub Service should have local authentication methods disabled](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fb66ab71c-582d-4330-adfd-ac162e78691e) in Azure Policy to an Azure subscription or to a resource group to enforce disabling local authentication for all Web PubSub resources in the subscription or resource group.
 
-![Screenshot of disabling local auth policy.](./media/howto-disable-local-auth/disable-local-auth-policy.png)
+![Screenshot that shows disabling local authentication policy.](./media/howto-disable-local-auth/disable-local-auth-policy.png)
 
-## Next steps
-
-See the following docs to learn about authentication methods.
+## Related content
 
 - [Overview of Microsoft Entra ID for Web PubSub](concept-azure-ad-authorization.md)
 - [Authenticate with Azure applications](./howto-authorize-from-application.md)