MicrosoftDocs
diff --git a/‎articles/digital-twins/how-to-create-endpoints.md
Lines changed: 19 additions & 22 deletions b/‎articles/digital-twins/how-to-create-endpoints.md
Lines changed: 19 additions & 22 deletions
@@ -4,7 +4,7 @@ titleSuffix: Azure Digital Twins
 description: Learn how to set up endpoints for Azure Digital Twins data
 author: baanders
 ms.author: baanders
-ms.date: 02/08/2023
+ms.date: 06/19/2025
 ms.topic: how-to
 ms.service: azure-digital-twins
 ms.custom: devx-track-azurecli
@@ -14,12 +14,12 @@ ms.custom: devx-track-azurecli
 
 This article explains how to create an *endpoint* for Azure Digital Twin events using the [Azure portal](https://portal.azure.com) or the [Azure CLI](/cli/azure/dt/endpoint). You can also manage endpoints with the [DigitalTwinsEndpoint control plane APIs](/rest/api/digital-twins/controlplane/endpoints).
 
-Routing [event notifications](concepts-event-notifications.md) from Azure Digital Twins to downstream services or connected compute resources is a two-step process: create endpoints, then create event routes that send data to those endpoints. This article covers the first step, setting up endpoints that can receive the events. Later, you can create [event routes](how-to-create-routes.md) that specify which events generated by Azure Digital Twins are delivered to which endpoints.
+Routing [event notifications](concepts-event-notifications.md) from Azure Digital Twins to downstream services or connected compute resources is a two-step process: create endpoints, then create event routes that send data to those endpoints. This article covers the first step, setting up endpoints that can receive the events. Later, you can [create event routes](how-to-create-routes.md) that specify which events generated by Azure Digital Twins are delivered to which endpoints.
 
 ## Prerequisites
 
 * An Azure account, which you can [set up for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
-* An Azure Digital Twins instance in your Azure subscription. If you don't have an instance, create one by following the steps in [Set up an instance and authentication](how-to-set-up-instance-portal.md). Have the following values from setup handy to use later in this article:
+* An Azure Digital Twins instance in your Azure subscription. If you don't have an instance, create one by following the steps in [Set up an instance and authentication](how-to-set-up-instance-portal.md). Have the following values from setup available to use later in this article:
     - Instance name
     - Resource group
 
@@ -39,35 +39,35 @@ These services are the supported types of endpoints that you can create for your
 * [Event Hubs](../event-hubs/event-hubs-about.md) hub
 * [Service Bus](../service-bus-messaging/service-bus-messaging-overview.md) topic
 
-
-To link an endpoint to Azure Digital Twins, the Event Grid topic, event hub, or Service Bus topic that you're using for the endpoint needs to exist already.
+Before you link an endpoint to Azure Digital Twins, you need to create the Event Grid topic, event hub, or Service Bus topic that you're using for the endpoint.
 
 Use the following chart to see what resources you should set up before creating your endpoint.
 
 | Endpoint type | Required resources (linked to creation instructions) |
 | --- | --- |
-| Event Grid endpoint | [Event Grid topic](../event-grid/custom-event-quickstart-portal.md#create-a-custom-topic)<br/>*event schema must be Event Grid Schema or Cloud Event Schema v1.0 |
-| Event Hubs endpoint | [Event&nbsp;Hubs&nbsp;namespace](../event-hubs/event-hubs-create.md)<br/><br/>[event hub](../event-hubs/event-hubs-create.md)<br/><br/>(Optional) [authorization rule](../event-hubs/authorize-access-shared-access-signature.md) for key-based authentication |
-| Service Bus endpoint | [Service Bus namespace](../service-bus-messaging/service-bus-quickstart-topics-subscriptions-portal.md)<br/><br/>[Service Bus topic](../service-bus-messaging/service-bus-quickstart-topics-subscriptions-portal.md)<br/><br/> (Optional) [authorization rule](../service-bus-messaging/service-bus-authentication-and-authorization.md#shared-access-signature) for key-based authentication|
+| Event Grid endpoint | [Event Grid topic](../event-grid/custom-event-quickstart-portal.md#create-a-custom-topic)<br/>(Event schema must be Event Grid Schema or Cloud Event Schema v1.0) |
+| Event Hubs endpoint | [Event&nbsp;Hubs&nbsp;namespace](../event-hubs/event-hubs-create.md)<br/><br/>[event hub](../event-hubs/event-hubs-create.md)<br/><br/>(Optional) [Authorization rule](../event-hubs/authorize-access-shared-access-signature.md) for key-based authentication |
+| Service Bus endpoint | [Service Bus namespace](../service-bus-messaging/service-bus-quickstart-topics-subscriptions-portal.md)<br/><br/>[Service Bus topic](../service-bus-messaging/service-bus-quickstart-topics-subscriptions-portal.md)<br/><br/> (Optional) [Authorization rule](../service-bus-messaging/service-bus-authentication-and-authorization.md#shared-access-signature) for key-based authentication|
 
 ## Create the endpoint 
 
-After creating the endpoint resources, use them for an Azure Digital Twins endpoint. 
+After creating the endpoint resources, you can create the Azure Digital Twins endpoint. Use the following tabs to select your preferred experience.
 
 # [Portal](#tab/portal) 
 
 To create a new endpoint, go to your instance's page in the [Azure portal](https://portal.azure.com). You can find the instance by entering its name into the portal search bar.
 
-1. From the instance menu, select **Endpoints**. Then from the **Endpoints** page, select **+ Create an endpoint**. This action opens the **Create an endpoint** page.
+1. From the instance menu, select **Connect outputs > Endpoints**. Then from the **Endpoints** page, select **+ Create an endpoint**. This action opens the **Create an endpoint** page.
 
     :::image type="content" source="media/how-to-create-endpoints/create-endpoint-event-grid.png" alt-text="Screenshot of creating an endpoint of type Event Grid in the Azure portal." lightbox="media/how-to-create-endpoints/create-endpoint-event-grid.png":::
 
 1. Enter a **Name** for your endpoint and choose the **Endpoint type**.
 
 1. Complete the other details that are required for your endpoint type, including your subscription and the endpoint resources described [earlier](#create-required-resources).
-    1. For Event Hubs and Service Bus endpoints only, select an **Authentication type**. You can use key-based authentication with a precreated authorization rule, or a system-assigned or user-assigned managed identity. For more information about using the identity authentication options, see [Endpoint options: Identity-based authentication](#endpoint-options-identity-based-authentication).
+    1. For Event Hubs and Service Bus endpoints only, select an **Authentication type**. You can use key-based authentication with a precreated authorization rule, or a system-assigned or user-assigned managed identity. System-assigned identity is only available if you've enabled a system-assigned identity for the instance. For more information about using the identity authentication options, see [Endpoint options: Identity-based authentication](#endpoint-options-identity-based-authentication) later in this article..
 
     :::image type="content" source="media/how-to-create-endpoints/create-endpoint-event-hub-authentication.png" alt-text="Screenshot of creating an endpoint of type Event Hubs in the Azure portal." lightbox="media/how-to-create-endpoints/create-endpoint-event-hub-authentication.png":::
+
 1. Finish creating your endpoint by selecting **Save**.
 
 After creating your endpoint, you can verify that it was successfully created by checking the notification icon in the top Azure portal bar: 
@@ -100,7 +100,7 @@ To create a Service Bus topic endpoint (key-based authentication):
 az dt endpoint create servicebus --endpoint-name <Service-Bus-endpoint-name> --servicebus-resource-group <Service-Bus-resource-group-name> --servicebus-namespace <Service-Bus-namespace> --servicebus-topic <Service-Bus-topic-name> --servicebus-policy <Service-Bus-topic-policy> --dt-name <your-Azure-Digital-Twins-instance-name>
 ```
 
-After you successfully run these commands, the Event Grid topic, event hub, or Service Bus topic is available as an endpoint in Azure Digital Twins. The endpoint is under the name you supplied with the `--endpoint-name` argument. Typically, you use that name as the target of an event route, which you can create in [Create routes and filters](how-to-create-routes.md).
+After you run these commands, the Event Grid topic, event hub, or Service Bus topic is available as an endpoint in Azure Digital Twins. The endpoint has the name you supplied with the `--endpoint-name` argument. Typically, you use that name as the target of an event route, which you can create in [Create routes and filters](how-to-create-routes.md).
 
 ---
 
@@ -116,7 +116,7 @@ Use the following tabs for instructions that match your preferred experience.
 
 # [Portal](#tab/portal) 
 
-First, make sure that you enabled a [managed identity](how-to-set-up-instance-portal.md#enabledisable-managed-identity-for-the-instance) for your Azure Digital Twins instance.
+First, make sure that you [enable a managed identity](how-to-set-up-instance-portal.md#enabledisable-managed-identity-for-the-instance) for your Azure Digital Twins instance.
 
 Also, make sure you have *Azure Digital Twins Data Owner* role on the instance. You can find instructions in [Set up user access permissions](how-to-set-up-instance-portal.md#set-up-user-access-permissions).
 
@@ -225,7 +225,7 @@ az dt endpoint create eventhub --endpoint-name <endpoint-name> --eventhub-resour
 
 ### Considerations for disabling managed identities
 
-An identity is managed separately from the endpoints that use it. Because of this fact, it's important to consider how any change to the identity or its roles can affect the endpoints in your Azure Digital Twins instance. If you disable the identity or remove a necessary role for an endpoint, the endpoint becomes inaccessible, and the flow of events is disrupted.
+An identity is managed separately from the endpoints that use it, so it's important to consider how any change to the identity or its roles can affect the endpoints in your Azure Digital Twins instance. If you disable the identity or remove a necessary role for an endpoint, the endpoint becomes inaccessible, and the flow of events is disrupted.
 
 To continue using an endpoint that was set up with a managed identity that you disabled, delete the endpoint and [re-create it](#create-the-endpoint) with a different authentication type. It might take up to an hour for events to resume delivery to the endpoint after this change.
 
@@ -255,17 +255,14 @@ Next, create a SAS token for your storage account that the endpoint can use to a
 # [Portal](#tab/portal)
 
 1. Navigate to your storage account in the [Azure portal](https://portal.azure.com/#home) (you can find it by name with the portal search bar).
-1. In the storage account page, choose the **Shared access signature** link in the left navigation bar to start setting up the SAS token.
+1. In the storage account page, choose the **Security + networking > Shared access signature** link in the left navigation bar to start setting up the SAS token.
 
-    :::image type="content" source="media/how-to-create-endpoints/generate-sas-token-1.png" alt-text="Screenshot of the storage account page in the Azure portal." lightbox="media/how-to-create-endpoints/generate-sas-token-1.png":::
+    :::image type="content" source="media/how-to-create-endpoints/generate-token.png" alt-text="Screenshot of the storage account page in the Azure portal." lightbox="media/how-to-create-endpoints/generate-token.png":::
 
 1. On the **Shared access signature page**, under **Allowed services** and **Allowed resource types**, select the settings you want. You need to select at least one box in each category. Under **Allowed permissions**, choose **Write**. You can also select other permissions.
 1. Set the values you want for the remaining settings.
 1. When you're finished, select **Generate SAS and connection string** to generate the SAS token. 
-
-    :::image type="content" source="media/how-to-create-endpoints/generate-sas-token-2.png" alt-text="Screenshot of the storage account page in the Azure portal showing all the setting selection to generate a SAS token." lightbox="media/how-to-create-endpoints/generate-sas-token-2.png":::
-
-1. Doing so generates several SAS and connection string values at the bottom of the same page, underneath the setting selections. Scroll down to view the values, and use the **Copy to clipboard** icon to copy the **SAS token** value. Save it to use later.
+1. Completing this process generates several SAS and connection string values at the bottom of the same page, underneath the setting selections. Scroll down to view the values, and use the **Copy to clipboard** icon to copy the **SAS token** value. Save it to use later.
 
 # [CLI](#tab/cli)
 
@@ -284,7 +281,7 @@ Next, create a SAS token for your storage account that the endpoint can use to a
     The output of this command is the SAS token. Copy the SAS token value to use later.
 
     > [!NOTE]
-    > This command includes "**b**lob", "**f**ile", "**q**ueue", and "**t**able" *services*; an "**o**bject" *resource type*; and allows "**w**rite" *permissions*.
+    > The example set of parameters in the previous command include "**b**lob", "**f**ile", "**q**ueue", and "**t**able" services (`--services bfqt`), an "**o**bject" resource type (`--resource-types o`), and "**w**rite" permissions (`--permissions w`).
     > 
     > For more information about the `az storage account generate-sas` command and its parameters, see the [Azure CLI reference](/cli/azure/storage/account#az-storage-account-generate-sas).
 
@@ -351,4 +348,4 @@ Here's an example of a dead-letter message for a [twin create notification](conc
 
 ## Next steps
 
-To send data from Azure Digital Twins to an endpoint, define an [event route](concepts-route-events.md). With these routes, you can set up event flow throughout the system and to downstream services. A single route can allow multiple notifications and event types to be selected. To create an event route to your endpoint, see [Create routes and filters](how-to-create-routes.md).
+After you create an endpoint, define an [event route](concepts-route-events.md) to send data to the endpoint. Event routes allow you to set up event flow throughout the system and to downstream services. A single route can allow multiple notifications and event types. Create an event route to your endpoint with the instrutions in see [Create routes and filters](how-to-create-routes.md).