add tip to sas article

Author: laujan

articles/cognitive-services/Translator/document-translation/how-to-guides/create-sas-tokens.md

@@ -5,12 +5,20 @@ ms.topic: how-to
 manager: nitinme
 ms.author: lajanuar
 author: laujan
-ms.date: 12/17/2022
+ms.date: 03/24/2023
 ---
 
 # Create SAS tokens for your storage containers
 
-In this article, you'll learn how to create user delegation, shared access signature (SAS) tokens, using the Azure portal or Azure Storage Explorer. User delegation SAS tokens are secured with Azure AD credentials. SAS tokens provide secure, delegated access to resources in your Azure storage account.
+In this article, you learn how to create user delegation, shared access signature (SAS) tokens, using the Azure portal or Azure Storage Explorer. User delegation SAS tokens are secured with Azure AD credentials. SAS tokens provide secure, delegated access to resources in your Azure storage account.
+
+>[!TIP]
+>
+> [Managed identities](create-use-managed-identities.md) enable you to grant access to your storage data without the need to include SAS tokens with your HTTP requests. *See*,[Managed identities for Document Translation](create-use-managed-identities.md).
+>
+> * You can use managed identities to grant access to any resource that supports Azure AD authentication, including your own applications.
+> * Using managed identities replaces the requirement for you to include shared access signature tokens (SAS) with your source and target URLs.
+> * There's no added cost to use managed identities in Azure.
 
 At a high level, here's how SAS tokens work:
 
@@ -34,13 +42,13 @@ Azure Blob Storage offers three resource types:
 
 ## Prerequisites
 
-To get started, you'll need the following resources:
+To get started, you need the following resources:
 
 * An active [Azure account](https://azure.microsoft.com/free/cognitive-services/). If you don't have one, you can [create a free account](https://azure.microsoft.com/free/).
 
 * A [Translator](https://portal.azure.com/#create/Microsoft.CognitiveServicesTextTranslation) resource.
 
-* A **standard performance** [Azure Blob Storage account](https://portal.azure.com/#create/Microsoft.StorageAccount-ARM). You'll create containers to store and organize your files within your storage account. If you don't know how to create an Azure storage account with a storage container, follow these quickstarts:
+* A **standard performance** [Azure Blob Storage account](https://portal.azure.com/#create/Microsoft.StorageAccount-ARM). You also need to create containers to store and organize your files within your storage account. If you don't know how to create an Azure storage account with a storage container, follow these quickstarts:
 
   * [Create a storage account](../../../../storage/common/storage-account-create.md). When you create your storage account, select **Standard** performance in the **Instance details** > **Performance** field.
   * [Create a container](../../../../storage/blobs/storage-quickstart-blobs-portal.md#create-a-container). When you create your container, set **Public access level** to **Container** (anonymous read access for containers and files) in the **New Container** window.
@@ -68,16 +76,16 @@ Go to the [Azure portal](https://portal.azure.com/#home) and navigate to your co
 1. Specify the signed key **Start** and **Expiry** times.
 
     * When you create a shared access signature (SAS), the default duration is 48 hours. After 48 hours, you'll need to create a new token.
-    * Consider setting a longer duration period for the time you'll be using your storage account for Translator Service operations.
+    * Consider setting a longer duration period for the time you're using your storage account for Translator Service operations.
     * The value for the expiry time is a maximum of seven days from the creation of the SAS token.
 
-1. The **Allowed IP addresses** field is optional and specifies an IP address or a range of IP addresses from which to accept requests. If the request IP address doesn't match the IP address or address range specified on the SAS token, it won't be authorized.
+1. The **Allowed IP addresses** field is optional and specifies an IP address or a range of IP addresses from which to accept requests. If the request IP address doesn't match the IP address or address range specified on the SAS token, authorization fails.
 
 1. The **Allowed protocols** field is optional and specifies the protocol permitted for a request made with the SAS. The default value is HTTPS.
 
 1. Review then select **Generate SAS token and URL**.
 
-1. The **Blob SAS token** query string and **Blob SAS URL** will be displayed in the lower area of window.
+1. The **Blob SAS token** query string and **Blob SAS URL** are displayed in the lower area of window.
 
 1. **Copy and paste the Blob SAS token and URL values in a secure location. They'll only be displayed once and cannot be retrieved once the window is closed.**
 
@@ -87,7 +95,7 @@ Go to the [Azure portal](https://portal.azure.com/#home) and navigate to your co
 
 Azure Storage Explorer is a free standalone app that enables you to easily manage your Azure cloud storage resources from your desktop.
 
-* You'll need the [**Azure Storage Explorer**](../../../../vs-azure-tools-storage-manage-with-storage-explorer.md) app installed in your Windows, macOS, or Linux development environment.
+* You need the [**Azure Storage Explorer**](../../../../vs-azure-tools-storage-manage-with-storage-explorer.md) app installed in your Windows, macOS, or Linux development environment.
 
 * After the Azure Storage Explorer app is installed, [connect it to the storage account](../../../../vs-azure-tools-storage-manage-with-storage-explorer.md?tabs=windows#connect-to-a-storage-account-or-service) you're using for Document Translation. Follow these steps to create tokens for a storage container or specific blob file:
 
@@ -104,7 +112,7 @@ Azure Storage Explorer is a free standalone app that enables you to easily manag
     * Define your container **Permissions** by checking and/or clearing the appropriate check box.
     * Review and select **Create**.
 
-1. A new window will appear with the **Container** name, **URI**, and **Query string** for your container.
+1. A new window appears with the **Container** name, **URI**, and **Query string** for your container.
 1. **Copy and paste the container, URI, and query string values in a secure location. They'll only be displayed once and can't be retrieved once the window is closed.**
 1. To [construct a SAS URL](#use-your-sas-url-to-grant-access), append the SAS token (URI) to the URL for a storage service.
 
@@ -125,15 +133,15 @@ Azure Storage Explorer is a free standalone app that enables you to easily manag
     * Select **key1** or **key2**.
     * Review and select **Create**.
 
-1. A new window will appear with the **Blob** name, **URI**, and **Query string** for your blob.
+1. A new window appears with the **Blob** name, **URI**, and **Query string** for your blob.
 1. **Copy and paste the blob, URI, and query string values in a secure location. They will only be displayed once and cannot be retrieved once the window is closed.**
 1. To [construct a SAS URL](#use-your-sas-url-to-grant-access), append the SAS token (URI) to the URL for a storage service.
 
 ---
 
 ### Use your SAS URL to grant access
 
-The SAS URL includes a special set of [query parameters](/rest/api/storageservices/create-user-delegation-sas#assign-permissions-with-rbac). Those parameters indicate how the resources may be accessed by the client.
+The SAS URL includes a special set of [query parameters](/rest/api/storageservices/create-user-delegation-sas#assign-permissions-with-rbac). Those parameters indicate how the client accesses the resources.
 
 You can include your SAS URL with REST API requests in two ways:
 

articles/cognitive-services/Translator/document-translation/how-to-guides/create-use-managed-identities.md

@@ -7,13 +7,13 @@ manager: nitinme
 ms.service: cognitive-services
 ms.subservice: translator-text
 ms.topic: how-to
-ms.date: 03/17/2023
+ms.date: 03/24/2023
 ms.author: lajanuar
 ---
 
 # Managed identities for Document Translation
 
-Managed identities for Azure resources are service principals that create an Azure Active Directory (Azure AD) identity and specific permissions for Azure managed resources. Managed identities are a safer way to grant access to data without having SAS tokens included with your HTTP requests.
+  Managed identities for Azure resources are service principals that create an Azure Active Directory (Azure AD) identity and specific permissions for Azure managed resources. Managed identities are a safer way to grant access to data without the need to include SAS tokens with your HTTP requests.
 
    :::image type="content" source="../media/managed-identity-rbac-flow.png" alt-text="Screenshot of managed identity flow (RBAC).":::
 

articles/cognitive-services/Translator/document-translation/overview.md

@@ -16,12 +16,6 @@ recommendations: false
 
 Document Translation is a cloud-based feature of the [Azure Translator](../translator-overview.md) service and is part of the Azure Cognitive Service family of REST APIs. The Document Translation API can be used to translate multiple and complex documents across all [supported languages and dialects](../../language-support.md), while preserving original document structure and data format.
 
-This documentation contains the following article types:
-
-* [**Quickstarts**](get-started-with-document-translation.md) are getting-started instructions to guide you through making requests to the service.
-* [**How-to guides**](create-sas-tokens.md) contain instructions for using the feature in more specific or customized ways.
-* [**Reference**](reference/rest-api-guide.md) provide REST API settings, values, keywords, and configuration.
-
 ## Document Translation key features
 
 | Feature | Description |