Merge pull request #287333 from KendalBond007/APIforFHIRbatch3_Sep24

APIforFHIRbatch3_Sep24

Author: Stacyrch140

articles/healthcare-apis/azure-api-for-fhir/configure-azure-rbac.md

@@ -11,34 +11,34 @@ ms.author: kesheth
 
 # Configure Azure RBAC for FHIR 
 
-[!INCLUDE [retirement banner](../includes/healthcare-apis-azure-api-fhir-retirement.md)]
+[!INCLUDE[retirement banner](../includes/healthcare-apis-azure-api-fhir-retirement.md)]
 
-In this article, you'll learn how to use [Azure role-based access control (Azure RBAC)](../../role-based-access-control/index.yml) to assign access to the Azure API for FHIR data plane. Azure RBAC is the preferred methods for assigning data plane access when data plane users are managed in the Microsoft Entra tenant associated with your Azure subscription. If you're using an external Microsoft Entra tenant, refer to the [local RBAC assignment reference](configure-local-rbac.md).
+In this article, you learn how to use [Azure role-based access control (Azure RBAC)](../../role-based-access-control/index.yml) to assign access to the Azure API for FHIR® data plane. Azure RBAC is the preferred methods for assigning data plane access when data plane users are managed in the Microsoft Entra tenant associated with your Azure subscription. If you're using an external Microsoft Entra tenant, refer to the [local RBAC assignment reference](configure-local-rbac.md).
 
 ## Confirm Azure RBAC mode
 
-To use Azure RBAC, your Azure API for FHIR must be configured to use your Azure subscription tenant for data plane and there should be no assigned identity object IDs. You can verify your settings by inspecting the **Authentication** blade of your Azure API for FHIR:
+To use Azure RBAC, your Azure API for FHIR must be configured to use your Azure subscription tenant for data plane, and there should be no assigned identity object IDs. You can verify your settings by inspecting the **Authentication** of your Azure API for FHIR:
 
 :::image type="content" source="media/rbac/confirm-azure-rbac-mode.png" alt-text="Confirm Azure RBAC mode":::
 
-The **Authority** should be set to the Microsoft Entra tenant associated with your subscription and there should be no GUIDs in the box labeled **Allowed object IDs**. You'll also notice that the box is disabled and a label indicates that Azure RBAC should be used to assign data plane roles.
+The **Authority** should be set to the Microsoft Entra tenant associated with your subscription and there should be no GUIDs in the box labeled **Allowed object IDs**. Notice the box is disabled and a label indicates that Azure RBAC should be used to assign data plane roles.
 
 ## Assign roles
 
-To grant users, service principals or groups access to the FHIR data plane, select **Access control (IAM)**, then select **Role assignments** and select **+ Add**:
+To grant users, service principals, or groups access to the FHIR data plane, select **Access control (IAM)**, then select **Role assignments** and select **+ Add**.
 
 :::image type="content" source="media/rbac/add-azure-rbac-role-assignment.png" alt-text="Add Azure role assignment":::
 
-In the **Role** selection, search for one of the built-in roles for the FHIR data plane:
+In the **Role** selection, search for one of the built-in roles for the FHIR data plane.
 
 :::image type="content" source="media/rbac/built-in-fhir-data-roles.png" alt-text="Built-in FHIR data roles":::
 
-You can choose between:
+You can choose from among the following.
 
-* FHIR Data Reader: Can read (and search) FHIR data.
-* FHIR Data Writer: Can read, write, and soft delete FHIR data.
-* FHIR Data Exporter: Can read and export (`$export` operator) data.
-* FHIR Data Contributor: Can perform all data plane operations.
+* FHIR Data Reader: Can read (and search) FHIR data
+* FHIR Data Writer: Can read, write, and soft delete FHIR data
+* FHIR Data Exporter: Can read and export (`$export` operator) data
+* FHIR Data Contributor: Can perform all data plane operations
 
 In the **Select** box, search for a user, service principal, or group that you wish to assign the role to.
 
@@ -48,7 +48,7 @@ In the **Select** box, search for a user, service principal, or group that you w
 
 ## Caching behavior
 
-The Azure API for FHIR will cache decisions for up to 5 minutes. If you grant a user access to the FHIR server by adding them to the list of allowed object IDs, or you remove them from the list, you should expect it to take up to five minutes for changes in permissions to propagate.
+The Azure API for FHIR caches decisions for up to 5 minutes. If you grant a user access to the FHIR server by adding them to the list of allowed object IDs, or you remove them from the list, you should expect it to take up to five minutes for changes in permissions to propagate.
 
 ## Next steps
 
@@ -72,4 +72,4 @@ In this article, you learned how to assign Azure roles for the FHIR data plane.
 >[!div class="nextstepaction"]
 >[Configure Private Link](configure-private-link.md)
 
-FHIR® is a registered trademark of [HL7](https://hl7.org/fhir/) and is used with the permission of HL7. 
+[!INCLUDE[FHIR trademark statement](../includes/healthcare-apis-fhir-trademark.md)]

articles/healthcare-apis/azure-api-for-fhir/configure-cross-origin-resource-sharing.md

@@ -10,15 +10,15 @@ ms.subservice: fhir
 ---
 # Configure cross-origin resource sharing in Azure API for FHIR
 
-[!INCLUDE [retirement banner](../includes/healthcare-apis-azure-api-fhir-retirement.md)]
+[!INCLUDE[retirement banner](../includes/healthcare-apis-azure-api-fhir-retirement.md)]
 
-Azure API for FHIR supports [cross-origin resource sharing (CORS)](https://wikipedia.org/wiki/Cross-Origin_Resource_Sharing). CORS allows you to configure settings so that applications from one domain (origin) can access resources from a different domain, known as a cross-domain request.
+Azure API for FHIR® supports [cross-origin resource sharing (CORS)](https://wikipedia.org/wiki/Cross-Origin_Resource_Sharing). CORS allows you to configure settings so that applications from one domain (origin) can access resources from a different domain, known as a cross-domain request.
 
 CORS is often used in a single-page app that must call a RESTful API to a different domain.
 
 ## Configure CORS settings
 
-To configure a CORS setting in the Azure API for FHIR, specify the following settings:
+To configure a CORS setting in the Azure API for FHIR, specify the following settings.
 
 - **Origins (Access-Control-Allow-Origin)**. A list of domains allowed to make cross-origin requests to the Azure API for FHIR. Each domain (origin) must be entered in a separate line. You can enter an asterisk (*) to allow calls from any domain, but we don't recommend it because it's a security risk.
 
@@ -42,4 +42,4 @@ In this article, you learned how to configure cross-origin resource sharing in A
 >[!div class="nextstepaction"]
 >[Deploy Azure API for FHIR](fhir-paas-portal-quickstart.md)
 
-FHIR® is a registered trademark of [HL7](https://hl7.org/fhir/) and is used with the permission of HL7. 
+[!INCLUDE[FHIR trademark statement](../includes/healthcare-apis-fhir-trademark.md)]

articles/healthcare-apis/azure-api-for-fhir/configure-database.md

@@ -8,18 +8,19 @@ ms.topic: reference
 ms.date: 09/27/2023
 ms.author: kesheth
 ---
-# Configure database settings 
 
-[!INCLUDE [retirement banner](../includes/healthcare-apis-azure-api-fhir-retirement.md)]
+# Configure database settings
 
-Azure API for FHIR uses database to store its data. Performance of the underlying database depends on the number of Request Units (RU) selected during service provisioning or in database settings after the service has been provisioned.
+[!INCLUDE[retirement banner](../includes/healthcare-apis-azure-api-fhir-retirement.md)]
 
-Azure API for FHIR borrows the concept of [Request Units (RUs) in Azure Cosmos DB](/azure/cosmos-db/request-units)) when setting the performance of underlying database. 
+Azure API for FHIR® uses a database to store its data. Performance of the underlying database depends on the number of Request Units (RU) selected during service provisioning or in database settings after the service has been provisioned.
 
-Throughput must be provisioned to ensure that sufficient system resources are available for your database at all times. How many RUs you need for your application depends on operations you perform. Operations can range from simple read and writes to more complex queries. 
+Azure API for FHIR borrows the concept of [Request Units (RUs) in Azure Cosmos DB](/azure/cosmos-db/request-units) when setting the performance of underlying database. 
+
+Throughput must be provisioned to ensure that sufficient system resources are always available for your database. How many RUs you need for your application depends on operations you perform. Operations can range from simple read and writes to more complex queries. 
 
 > [!NOTE]
-> As different operations consume different number of RU, we return the actual number of RUs consumed in every API call in response header. This way you can profile the number of RUs consumed by your application.
+> As different operations consume a different number of RUs, we return the actual number of RUs consumed in every API call in the response header. This way you can profile the number of RUs consumed by your application.
 
 ## Update throughput
 
@@ -28,7 +29,7 @@ To change this setting in the Azure portal, navigate to your Azure API for FHIR
 If the database throughput is greater than 10,000 RU/s or if the data stored in the database is more than 50 GB, your client application must be capable of handling continuation tokens. A new partition is created in the database for every throughput increase of 10,000 RU/s or if the amount of data stored is more than 50 GB. Multiple partitions create a multi-page response in which pagination is implemented by using continuation tokens.
 
 > [!NOTE] 
-> Higher value means higher Azure API for FHIR throughput and higher cost of the service.
+> A higher RU value means higher Azure API for FHIR throughput and higher cost of the service.
 
 ![Configure Azure Cosmos DB](media/database/database-settings.png)
 
@@ -44,4 +45,4 @@ Or you can deploy a fully managed Azure API for FHIR:
 >[!div class="nextstepaction"]
 >[Deploy Azure API for FHIR](fhir-paas-portal-quickstart.md)
 
-FHIR® is a registered trademark of [HL7](https://hl7.org/fhir/) and is used with the permission of HL7.
+[!INCLUDE[FHIR trademark statement](../includes/healthcare-apis-fhir-trademark.md)]

articles/healthcare-apis/azure-api-for-fhir/configure-export-data.md

@@ -11,9 +11,9 @@ ms.author: kesheth
 
 # Configure export settings in Azure API for FHIR
 
-[!INCLUDE [retirement banner](../includes/healthcare-apis-azure-api-fhir-retirement.md)]
+[!INCLUDE[retirement banner](../includes/healthcare-apis-azure-api-fhir-retirement.md)]
 
-Azure API for FHIR supports the $export command, which allows you to export the data out of an Azure API for FHIR instance to a storage account.
+Azure API for FHIR® supports the `$export` command, which allows you to export the data out of an Azure API for FHIR instance to a storage account.
 
 The steps are:
 
@@ -43,21 +43,21 @@ It's here that you add the role [Storage Blob Data Contributor](../../role-based
 
 :::image type="content" source="~/reusable-content/ce-skilling/azure/media/role-based-access-control/add-role-assignment-page.png" alt-text="Screenshot showing RBAC assignment page." lightbox="~/reusable-content/ce-skilling/azure/media/role-based-access-control/add-role-assignment-page.png":::
 
-Next, select the storage account in Azure API for FHIR as a default storage account for $export.
+Next, select the storage account in Azure API for FHIR as a default storage account for `$export`.
 
 ## Select the storage account for $export
 
 The final step is to assign the Azure storage account to export the data to. Go to **Export** in Azure API for FHIR and then select the storage account.
 
 :::image type="content" source="media/export-data/fhir-export-storage.png" alt-text="Screenshot showing selection of the storage account for export." lightbox="media/export-data/fhir-export-storage.png":::
 
-After you complete this final step, you’re ready to export the data by using the $export command.
+After you complete this final step, you’re ready to export the data by using the `$export` command.
 
 > [!Note]
-> Only storage accounts in the same subscription as Azure API for FHIR can be registered as the destination for $export operations.
+> Only storage accounts in the same subscription as Azure API for FHIR can be registered as the destination for `$export` operations.
 
 ## Next steps
 
 [Additional settings](azure-api-for-fhir-additional-settings.md)
 
-[!INCLUDE [FHIR trademark statement](../includes/healthcare-apis-fhir-trademark.md)]
+[!INCLUDE[FHIR trademark statement](../includes/healthcare-apis-fhir-trademark.md)]

articles/healthcare-apis/azure-api-for-fhir/configure-local-rbac.md

@@ -12,18 +12,18 @@ ms.devlang: azurecli
 ---
 # Configure local RBAC for FHIR
 
-[!INCLUDE [retirement banner](../includes/healthcare-apis-azure-api-fhir-retirement.md)]
+[!INCLUDE[retirement banner](../includes/healthcare-apis-azure-api-fhir-retirement.md)]
 
-This article explains how to configure the Azure API for FHIR to use a secondary Microsoft Entra tenant for data access. Use this mode only if it isn't possible for you to use the Microsoft Entra tenant associated with your subscription.
+This article explains how to configure the Azure API for FHIR® to use a secondary Microsoft Entra tenant for data access. Use this mode only if it isn't possible for you to use the Microsoft Entra tenant associated with your subscription.
 
 > [!NOTE]
 > If your FHIR service is configured to use your primary Microsoft Entra tenant associated with your subscription, [use Azure RBAC to assign data plane roles](configure-azure-rbac.md).
 
 ## Add a new service principal or use an existing one
 
-Local RBAC allows you to use a service principal in the secondary Microsoft Entra tenant with your FHIR server. You can  create a new service principal through the Azure portal, PowerShell or CLI commands, or use an existing service principal. The process is also known as [application registration](../register-application.md). You can review and modify the service principals through Microsoft Entra ID from the portal or using scripts.
+Local role-based access control (RBAC) allows you to use a service principal in the secondary Microsoft Entra tenant with your FHIR server. You can create a new service principal through the Azure portal, PowerShell or CLI commands, or use an existing service principal. The process is also known as [application registration](../register-application.md). You can review and modify the service principals through Microsoft Entra ID from the portal or using scripts.
 
-The PowerShell and CLI scripts below, which are tested and validated in Visual Studio Code, create a new service principal (or client application), and add a client secret. The service principal ID is used for local RBAC and the application ID and client secret will be used to access the FHIR service later.
+The following PowerShell and CLI scripts, which are tested and validated in Visual Studio Code, create a new service principal (or client application), and add a client secret. The service principal ID is used for local RBAC and the application ID and client secret is used to access the FHIR service later.
 
 You can use the `Az` PowerShell module:
 
@@ -50,11 +50,11 @@ clientsecret=$(az ad app credential reset --id $appid --append --credential-desc
 
 ## Configure local RBAC
 
-You can configure the Azure API for FHIR to use a secondary Microsoft Entra tenant in the **Authentication** blade:
+You can configure the Azure API for FHIR to use a secondary Microsoft Entra tenant in the **Authentication** blade.
 
 ![Local RBAC assignments](media/rbac/local-rbac-guids.png)
 
-In the authority box, enter a valid secondary Microsoft Entra tenant. Once the tenant has been validated, the **Allowed object IDs** box should be activated and you can enter one or a list of Microsoft Entra service principal object IDs. These IDs can be the identity object IDs of:
+In the authority box, enter a valid secondary Microsoft Entra tenant. Once the tenant is validated, the **Allowed object IDs** box should be activated and you can enter one or a list of Microsoft Entra service principal object IDs. These IDs can be the identity object IDs of:
 
 * A Microsoft Entra user.
 * A Microsoft Entra service principal.
@@ -71,16 +71,16 @@ The local RBAC setting is only visible from the authentication blade; it isn't v
 
 ## Caching behavior
 
-The Azure API for FHIR will cache decisions for up to 5 minutes. If you grant a user access to the FHIR server by adding them to the list of allowed object IDs, or you remove them from the list, you should expect it to take up to five minutes for changes in permissions to propagate.
+The Azure API for FHIR caches decisions for up to 5 minutes. If you grant a user access to the FHIR server by adding them to the list of allowed object IDs, or you remove them from the list, you should expect it to take up to five minutes for changes in permissions to propagate.
 
 ## Next steps
 
-In this article, you learned how to assign FHIR data plane access using an external (secondary) Microsoft Entra tenant. Next learn about additional settings for the Azure API for FHIR:
+In this article, you learned how to assign FHIR data plane access using an external (secondary) Microsoft Entra tenant. Next learn about additional settings for the Azure API for FHIR.
 
 >[!div class="nextstepaction"]
 >[Configure CORS](configure-cross-origin-resource-sharing.md)
 
 >[!div class="nextstepaction"]
 >[Configure Private Link](configure-private-link.md)
 
-FHIR® is a registered trademark of [HL7](https://hl7.org/fhir/) and is used with the permission of HL7.
+[!INCLUDE[FHIR trademark statement](../includes/healthcare-apis-fhir-trademark.md)]