Update after discussing with Seth

Author: spelluru

articles/event-grid/authenticate-with-namespaces-using-json-web-tokens.md

@@ -43,7 +43,11 @@ az eventgrid namespace update --resource-group <resource group name> --name <nam
 
 For information configuring system and user-assigned identities using the Azure portal, see [Enable managed identity for an Event Grid namespace](event-grid-namespace-managed-identity.md).
 
-## Create an Azure Key Vault account and upload your server certificate 
+
+## Configure OAuth 2.0 JWT authentication settings on your Event Grid namespace -Key Vault 
+First, create an Azure Key Vault account, upload your server certificate, and assign the namespace's managed identity an appropriate role on the key vault. Then, you configure custom authentication settings on your Event Grid namespace using Azure portal and Azure CLI. You need to create the namespace first then update it using the following steps.
+
+### Create an Azure Key Vault account and upload your server certificate 
 
 1. Use the following command to create an Azure Key Vault account: 
 
@@ -59,7 +63,7 @@ For information configuring system and user-assigned identities using the Azure
     > Your certificate must include the domain name in the Subject Alternative name for DNS. For more information, see [Tutorial: Import a certificate in Azure Key Vault](/azure/key-vault/certificates/tutorial-import-certificate).
 
 
-## Add role assignment in Azure Key Vault for the namespace’s managed identity 
+### Add role assignment in Azure Key Vault for the namespace’s managed identity 
 You need to provide access to the namespace to access your Azure Key Vault account using the following steps: 
 
 1. Get Event Grid namespace system managed identity principal ID using the following command 
@@ -80,17 +84,15 @@ You need to provide access to the namespace to access your Azure Key Vault accou
 
     For more information about Key Vault access and the portal experience, see [Provide access to Key Vault keys, certificates, and secrets with an Azure role-based access control](/azure/key-vault/general/rbac-guide). 
 
-## Configure OAuth 2.0 JWT authentication settings on your Event Grid namespace -Key Vault 
-In this step, you configure custom authentication settings on your Event Grid namespace using Azure portal and Azure CLI. You need to create the namespace first then update it using the following steps.
 
-### Use Azure portal
+### Use Azure portal to configure authentication
 
 1. Navigate to your Event Grid namespace in the [Azure portal](https://portal.azure.com).
 1. On the **Event Grid Namespace** page, select **Configuration** on the left menu. 
 1. In the **Custom JWT authentication** section, specify values for the following properties:  
     1. Select **Enable custom JWT authentication**. 
     1. **Token Issuer**: Enter the value of the issuer claims of the JWTs, presented by the MQTT clients. 
-    1. Select **Add issuer certificate**
+    1. For **Issuer certificate**, select **From Azure Key Vault**. 
     
         :::image type="content" source="./media/authenticate-with-namespaces-using-json-web-tokens/configuration-custom-authentication.png" alt-text="Screenshot that shows the Custom JWT authentication section of the Configuration page for an Event Grid namespace." lightbox="./media/authenticate-with-namespaces-using-json-web-tokens/configuration-custom-authentication.png":::
     1. In the new page, specify values for the following properties.

articles/event-grid/mqtt-client-custom-jwt.md

@@ -24,6 +24,26 @@ You can authenticate MQTT clients with OAuth 2.0 JWT to connect to the Event Gri
 ## Authentication using OAuth 2.0 JWT
 You can use the MQTT v5 CONNECT packet to provide the OAuth 2.0 JWT to authenticate your client and the MQTT v5 AUTH packet to refresh the token.  
 
+> [!IMPORTANT]
+> If you don't set the CONNECT packet's authentication method to CUSTOM-JWT, you receive an 'invalid issuer' error—even if all other configurations are correct.
+
+In the CONNECT packet, you can provide the required values in the following fields:
+
+|Field  | Value  |
+|---------|---------|
+|Authentication Method | CUSTOM-JWT |
+|Authentication Data | JWT |
+
+In the AUTH packet, you can provide the required values in the following fields:
+
+|Field | Value |
+|---------|---------|
+| Authentication Method | CUSTOM-JWT |
+| Authentication Data | JWT |
+| Authentication Reason Code | 25 |
+ 
+Authenticate Reason Code with value 25 signifies reauthentication.
+
 > [!NOTE]
 > Audience: `aud` claim must be set to `https://[namespace].ts.eventgrid.azure.net/`. 
 

articles/event-grid/toc.yml

@@ -112,7 +112,7 @@ items:
           href: custom-disaster-recovery-client-side.md
         - name: How to configure multiple sessions for an MQTT client
           href: mqtt-establishing-multiple-sessions-per-client.md
-        - name: Send events to Microsoft Fabric via Azure Event Hubs
+        - name: Send MQTT events to Microsoft Fabric
           href: mqtt-events-fabric.md
         - name: MQTT Request Response messaging
           href: mqtt-request-response-messages.md