Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into updateImages

Author: roygara

articles/api-management/api-management-access-restriction-policies.md

@@ -31,6 +31,9 @@ This topic provides a reference for the following API Management policies. For i
 -   [Set usage quota by key](#SetUsageQuotaByKey) - Allows you to enforce a renewable or lifetime call volume and/or bandwidth quota, on a per key basis.
 -   [Validate JWT](api-management-access-restriction-policies.md#ValidateJWT) - Enforces existence and validity of a JWT extracted from either a specified HTTP Header or a specified query parameter.
 
+> [!TIP]
+> You can use access restriction policies in different scopes for different purposes. For example, you can secure the whole API with AAD authentication by applying the `validate-jwt` policy on the API level or you can apply it on the API operation level and use `claims` for more granular control.
+
 ## <a name="CheckHTTPHeader"></a> Check HTTP header
 
 Use the `check-header` policy to enforce that a request has a specified HTTP header. You can optionally check to see if the header has a specific value or check for a range of allowed values. If the check fails, the policy terminates request processing and returns the HTTP status code and error message specified by the policy.