Address comments

Author: hahahahahaiyiwen

articles/azure-app-configuration/concept-enable-rbac.md

@@ -1,6 +1,6 @@
 ---
 title: Authorize access to Azure App Configuration using Microsoft Entra ID
-description: Enable Azure RBAC to authorize access to your Azure App Configuration instance
+description: Enable Azure RBAC to authorize access to your Azure App Configuration instance.
 author: maud-lv
 ms.author: malev
 ms.date: 05/26/2020
@@ -9,14 +9,14 @@ ms.service: azure-app-configuration
 
 ---
 # Authorize access to Azure App Configuration using Microsoft Entra ID
-Besides using Hash-based Message Authentication Code (HMAC), Azure App Configuration supports using Microsoft Entra ID to authorize requests to App Configuration instances.  Microsoft Entra ID allows you to use Azure role-based access control (Azure RBAC) to grant permissions to a security principal.  A security principal may be a user, a [managed identity](../active-directory/managed-identities-azure-resources/overview.md) or an [application service principal](../active-directory/develop/app-objects-and-service-principals.md).  To learn more about roles and role assignments, see [Understanding different roles](../role-based-access-control/overview.md).
+Besides using Hash-based Message Authentication Code (HMAC), Azure App Configuration supports using Microsoft Entra ID to authorize requests to App Configuration instances. Microsoft Entra ID allows you to use Azure role-based access control (Azure RBAC) to grant permissions to a security principal. A security principal may be a user, a [managed identity](../active-directory/managed-identities-azure-resources/overview.md), or an [application service principal](../active-directory/develop/app-objects-and-service-principals.md). To learn more about roles and role assignments, see [Understanding different roles](../role-based-access-control/overview.md).
 
 ## Overview
 Requests made by a security principal to access an App Configuration resource must be authorized. With Microsoft Entra ID, access to a resource is a two-step process:
-1. The security principal's identity is authenticated and an OAuth 2.0 token is returned.  The resource name to request a token is `https://login.microsoftonline.com/{tenantID}` where `{tenantID}` matches the Microsoft Entra tenant ID to which the service principal belongs.
+1. The security principal's identity is authenticated and an OAuth 2.0 token is returned. The resource name to request a token is `https://login.microsoftonline.com/{tenantID}` where `{tenantID}` matches the Microsoft Entra tenant ID to which the service principal belongs.
 2. The token is passed as part of a request to the App Configuration service to authorize access to the specified resource.
 
-The authentication step requires that an application request contains an OAuth 2.0 access token at runtime.  If an application is running within an Azure entity, such as an Azure Functions app, an Azure Web App, or an Azure VM, it can use a managed identity to access the resources.  To learn how to authenticate requests made by a managed identity to Azure App Configuration, see [Authenticate access to Azure App Configuration resources with Microsoft Entra ID and managed identities for Azure Resources](howto-integrate-azure-managed-service-identity.md).
+The authentication step requires that an application request contains an OAuth 2.0 access token at runtime. If an application is running within an Azure entity, such as an Azure Functions app, an Azure Web App, or an Azure VM, it can use a managed identity to access the resources. To learn how to authenticate requests made by a managed identity to Azure App Configuration, see [Authenticate access to Azure App Configuration resources with Microsoft Entra ID and managed identities for Azure Resources](howto-integrate-azure-managed-service-identity.md).
 
 The authorization step requires that one or more Azure roles be assigned to the security principal. Azure App Configuration provides Azure roles that encompass sets of permissions for App Configuration resources. The roles that are assigned to a security principal determine the permissions provided to the principal. For more information about Azure roles, see [Azure built-in roles for Azure App Configuration](#azure-built-in-roles-for-azure-app-configuration). 
 
@@ -28,10 +28,10 @@ When an Azure role is assigned to a Microsoft Entra security principal, Azure gr
 ## Azure built-in roles for Azure App Configuration
 Azure provides the following Azure built-in roles for authorizing access to App Configuration data using Microsoft Entra ID:
 
-- **App Configuration Data Owner**: Use this role to give read/write/delete access to App Configuration data. This does not grant access to the App Configuration resource.
-- **App Configuration Data Reader**: Use this role to give read access to App Configuration data. This does not grant access to the App Configuration resource.
-- **Contributor** or **Owner**: Use this role to manage the App Configuration resource. It grants access to the resource's access keys. While the App Configuration data can be accessed using access keys, this role does not grant direct access to the data using Microsoft Entra ID. This role is required if you access the App Configuration data via ARM template, Bicep, or Terraform during deployment. For more information, see [deployment](quickstart-deployment-overview.md).
-- **Reader**: Use this role to give read access to the App Configuration resource. This does not grant access to the resource's access keys, nor to the data stored in App Configuration.
+- **App Configuration Data Owner**: Use this role to give read/write/delete access to App Configuration data. This role doesn't grant access to the App Configuration resource.
+- **App Configuration Data Reader**: Use this role to give read access to App Configuration data. This role doesn't grant access to the App Configuration resource.
+- **Contributor** or **Owner**: Use this role to manage the App Configuration resource. It grants access to the resource's access keys. While the App Configuration data can be accessed using access keys, this role doesn't grant direct access to the data using Microsoft Entra ID. This role is required if you access the App Configuration data via ARM template, Bicep, or Terraform during deployment. For more information, see [deployment](quickstart-deployment-overview.md).
+- **Reader**: Use this role to give read access to the App Configuration resource. This role doesn't grant access to the resource's access keys, nor to the data stored in App Configuration.
 
 > [!NOTE]
 > After a role assignment is made for an identity, allow up to 15 minutes for the permission to propagate before accessing data stored in App Configuration using this identity.

articles/azure-app-configuration/howto-disable-access-key-authentication.md

@@ -1,7 +1,7 @@
 ---
 title: Disable access key authentication for an Azure App Configuration instance
 titleSuffix: Azure App Configuration
-description: Learn how to disable access key authentication for an Azure App Configuration instance
+description: Learn how to disable access key authentication for an Azure App Configuration instance.
 ms.service: azure-app-configuration
 author: jimmyca15
 ms.author: jimmyca
@@ -17,7 +17,7 @@ When you disable access key authentication for an Azure App Configuration resour
 
 ## Disable access key authentication
 
-Disabling access key authentication will delete all access keys. If any running applications are using access keys for authentication they will begin to fail once access key authentication is disabled. Enabling access key authentication again will generate a new set of access keys and any applications attempting to use the old access keys will still fail.
+Disabling access key authentication will deletes all access keys. If any running applications are using access keys for authentication, they will begin to fail once access key authentication is disabled. Enabling access key authentication again will generate a new set of access keys and any applications attempting to use the old access keys will still fail.
 
 > [!WARNING]
 > If any clients are currently accessing data in your Azure App Configuration resource with access keys, then Microsoft recommends that you migrate those clients to [Microsoft Entra ID](./concept-enable-rbac.md) before disabling access key authentication.
@@ -29,7 +29,7 @@ To disallow access key authentication for an Azure App Configuration resource in
 1. Navigate to your Azure App Configuration resource in the Azure portal.
 2. Locate the **Access settings** setting under **Settings**.
 
-    :::image type="content" border="true" source="./media/access-settings-blade.png" alt-text="Screenshot showing how to access an Azure App Configuration resources access key blade":::
+    :::image type="content" border="true" source="./media/access-settings-blade.png" alt-text="Screenshot showing how to access an Azure App Configuration resources access key blade.":::
 
 3. Set the **Enable access keys** toggle to **Disabled**.
 
@@ -43,7 +43,7 @@ The capability to disable access key authentication using the Azure CLI is in de
 
 ### Verify that access key authentication is disabled
 
-To verify that access key authentication is no longer permitted, a request can be made to list the access keys for the Azure App Configuration resource. If access key authentication is disabled there will be no access keys and the list operation will return an empty list.
+To verify that access key authentication is no longer permitted, a request can be made to list the access keys for the Azure App Configuration resource. If access key authentication is disabled, there will be no access keys, and the list operation will return an empty list.
 
 # [Azure portal](#tab/portal)
 
@@ -52,7 +52,7 @@ To verify access key authentication is disabled for an Azure App Configuration r
 1. Navigate to your Azure App Configuration resource in the Azure portal.
 2. Locate the **Access settings** setting under **Settings**.
 
-    :::image type="content" border="true" source="./media/access-settings-blade.png" alt-text="Screenshot showing how to access an Azure App Configuration resources access key blade":::
+    :::image type="content" border="true" source="./media/access-settings-blade.png" alt-text="Screenshot showing how to access an Azure App Configuration resources access key blade.":::
 
 3. Verify there are no access keys displayed and **Enable access keys** is toggled to **Disabled**.
 
@@ -68,7 +68,7 @@ az appconfig credential list \
     --resource-group <resource-group>
 ```
 
-If access key authentication is disabled then an empty list will be returned.
+If access key authentication is disabled, then an empty list will be returned.
 
 ```
 C:\Users\User>az appconfig credential list -g <resource-group> -n <app-configuration-name>

articles/azure-app-configuration/media/quickstarts/deployment/enable-arm-private-access.png renamed to articles/azure-app-configuration/media/quickstarts/deployment/enable-azure-resource-manager-private-access.png

@@ -26,7 +26,7 @@ If you don't have an Azure subscription, create a [free account](https://azure.m
 
 ## Authorization
 
-Managing an Azure App Configuration resource with Bicep file requires an Azure Resource Manager role, such as contributor or owner. Accessing Azure App Configuration data (key-values, snapshots) requires an Azure Resource Manager role and addtional an Azure App Configuration [data plane role](concept-enable-rbac.md) when the configuration store's ARM authentication mode is set to [pass-through](./quickstart-deployment-overview.md#arm-authentication-mode) ARM authentication mode.
+Managing an Azure App Configuration resource with Bicep file requires an Azure Resource Manager role, such as contributor or owner. Accessing Azure App Configuration data (key-values, snapshots) requires an Azure Resource Manager role and an additional Azure App Configuration [data plane role](concept-enable-rbac.md) when the configuration store's ARM authentication mode is set to [pass-through](./quickstart-deployment-overview.md#arm-authentication-mode) ARM authentication mode.
 
 ## Review the Bicep file
 

articles/azure-app-configuration/quickstart-bicep.md

@@ -31,22 +31,22 @@ To learn more about Azure RBAC and Microsoft Entra ID, see [Authorize access to
 
 ## Manage Azure App Configuration data in deployment
 
-Azure App Configuration data, such as key-values and snapshots, can be managed in deployment. When managing App Configuration data using this method, it is recommended to set your configuration store's ARM authentication mode to **Pass-through**. This ensures that data access requires a combination of data plane and ARM management roles as well as ensuring that data access can be properly attributed to the deployment caller for auditing purpose.
+Azure App Configuration data, such as key-values and snapshots, can be managed in deployment. When managing App Configuration data using this method, it's recommended to set your configuration store's Azure Resource Manager authentication mode to **Pass-through**. This authentication mode ensures that data access requires a combination of data plane and Azure Resource Manager management roles and ensuring that data access can be properly attributed to the deployment caller for auditing purpose.
 
-### ARM authentication mode
+### Azure Resource Manager authentication mode
 
 # [Azure portal](#tab/portal)
 
-To configure the ARM authentication mode of an Azure App Configuration resource in the Azure portal, follow these steps:
+To configure the Azure Resource Manager authentication mode of an Azure App Configuration resource in the Azure portal, follow these steps:
 
 1. Navigate to your Azure App Configuration resource in the Azure portal
 2. Locate the **Access settings** setting under **Settings**
 
-    :::image type="content" border="true" source="./media/access-settings-blade.png" alt-text="Screenshot showing how to access an Azure App Configuration resources access settings blade":::
+    :::image type="content" border="true" source="./media/access-settings-blade.png" alt-text="Screenshot showing how to access an Azure App Configuration resources access settings blade.":::
 
 3. Select the recommended **Pass-through** authentication mode under **Azure Resource Manager Authentication Mode**
 
-    :::image type="content" border="true" source="./media/quickstarts/deployment/select-passthrough-authentication-mode.png" alt-text="Screenshot showing pass-through authentication mode being selected under Azure Resource Manager Authentication Mode":::
+    :::image type="content" border="true" source="./media/quickstarts/deployment/select-passthrough-authentication-mode.png" alt-text="Screenshot showing pass-through authentication mode being selected under Azure Resource Manager Authentication Mode.":::
 
 ---
 
@@ -55,7 +55,7 @@ To configure the ARM authentication mode of an Azure App Configuration resource
 
 ### Azure App Configuration Authorization
 
-When your App Configuration resource has its ARM authentication mode set to **Pass-through**, you must have Azure App Configuration data plane permissions to read and manage Azure App Configuration data in deployment. This is in addition to baseline management permission requirements of the resource.  Azure App Configuration data plane permissions include Microsoft.AppConfiguration/configurationStores/\*/read and Microsoft.AppConfiguration/configurationStores/\*/write. Built-in roles with this action include:
+When your App Configuration resource has its Azure Resource Manager authentication mode set to **Pass-through**, you must have Azure App Configuration data plane permissions to read and manage Azure App Configuration data in deployment. This requirement is in addition to baseline management permission requirements of the resource. Azure App Configuration data plane permissions include Microsoft.AppConfiguration/configurationStores/\*/read and Microsoft.AppConfiguration/configurationStores/\*/write. Built-in roles with this action include:
 
 - App Configuration Data Owner
 - App Configuration Data Reader
@@ -67,27 +67,29 @@ To learn more about Azure RBAC and Microsoft Entra ID, see [Authorize access to
 When an App Configuration resource is restricted to private network access, deployments accessing App Configuration data through public networks will be blocked. To enable successful deployments when access to an App Configuration resource is restricted to private networks the following actions must be taken:
 
 - [Azure Resource Management Private Link](../azure-resource-manager/management/create-private-link-access-portal.md) must be set up
-- The App Configuration resource must have ARM authentication mode set to **Pass-through**
-- The App Configuration resource must have ARM private network access enabled
-- Deployments accessing App Configuration data must run through the configured ARM private link
+- The App Configuration resource must have Azure Resource Manager authentication mode set to **Pass-through**
+- The App Configuration resource must have Azure Resource Manager private network access enabled
+- Deployments accessing App Configuration data must run through the configured Azure Resource Manager private link
 
 If all of these criteria are met, then deployments accessing App Configuration data will be successful.
 
 # [Azure portal](#tab/portal)
 
-To enable ARM private network access for an Azure App Configuration resource in the Azure portal, follow these steps:
+To enable Azure Resource Manager private network access for an Azure App Configuration resource in the Azure portal, follow these steps:
 
 1. Navigate to your Azure App Configuration resource in the Azure portal
 2. Locate the **Networking** setting under **Settings**
 
-    :::image type="content" border="true" source="./media/networking-blade.png" alt-text="Screenshot showing how to access an Azure App Configuration resources networking blade":::
+    :::image type="content" border="true" source="./media/networking-blade.png" alt-text="Screenshot showing how to access an Azure App Configuration resources networking blade.":::
 
 3. Check **Enable Azure Resource Manager Private Access** under **Private Access**
 
-    :::image type="content" border="true" source="./media/quickstarts/deployment/enable-arm-private-access.png" alt-text="Screenshot showing Enable Azure Resource Manager Private Access is checked":::
+    :::image type="content" border="true" source="./media/quickstarts/deployment/enable-azure-resource-manager-private-access.png" alt-text="Screenshot showing Enable Azure Resource Manager Private Access is checked.":::
 
 > [!NOTE]
-> ARM private access can only be enabled under **Pass-through** authentication mode.
+> Azure Resource Manager private network access can only be enabled under **Pass-through** authentication mode.
+
+---
 
 ## Next steps
 

articles/azure-app-configuration/quickstart-deployment-overview.md

@@ -12,7 +12,7 @@ ms.custom: subject-armqs, mode-arm, devx-track-arm-template
 
 # Quickstart: Create an Azure App Configuration store by using an ARM template
 
-This quickstart describes how to :
+This quickstart describes how to:
 
 - Deploy an App Configuration store using an Azure Resource Manager template (ARM template).
 - Create key-values in an App Configuration store using ARM template.