Merge pull request #247461 from terencefan/tefa/entra-id-rebrand-webpubsub

Rebrand AAD to Microsoft Entra ID for Web PubSub

Author: v-ccolin

articles/azure-web-pubsub/concept-azure-ad-authorization.md

@@ -1,6 +1,6 @@
 ---
-title: Authorize access with Azure Active Directory for Azure Web PubSub
-description: This article provides information on authorizing access to Azure Web PubSub Service resources using Azure Active Directory.
+title: Authorize access with Microsoft Entra ID for Azure Web PubSub
+description: This article provides information on authorizing access to Azure Web PubSub Service resources using Microsoft Entra ID.
 author: terencefan
 
 ms.author: tefa
@@ -9,39 +9,39 @@ ms.service: azure-web-pubsub
 ms.topic: conceptual
 ---
 
-# Authorize access to Web PubSub resources using Azure Active Directory
+# Authorize access to Web PubSub resources using Microsoft Entra ID
 
-The Azure Web PubSub Service allows for the authorization of requests to Web PubSub resources by using Azure Active Directory (Azure AD).
+The Azure Web PubSub Service enables the authorization of requests to Azure Web PubSub resources by utilizing Microsoft Entra ID.
 
-By utilizing role-based access control (RBAC) within Azure AD, permissions can be granted to a security principal<sup>[<a href="#security-principal">1</a>]</sup>. Azure AD authenticates this security principal and returns an OAuth 2.0 token, which Web PubSub resources can then use to authorize a request.
+By utilizing role-based access control (RBAC) with Microsoft Entra ID, permissions can be granted to a security principal<sup>[<a href="#security-principal">1</a>]</sup>. Microsoft Entra authorizes this security principal and returns an OAuth 2.0 token, which Web PubSub resources can then use to authorize a request.
 
-Using Azure AD for authorization of Web PubSub requests offers improved security and ease of use compared to Access Key authorization. Microsoft recommends utilizing Azure AD authorization with Web PubSub resources when possible to ensure access with the minimum necessary privileges.
+Using Microsoft Entra ID for authorization of Web PubSub requests offers improved security and ease of use compared to Access Key authorization. Microsoft recommends utilizing Microsoft Entra ID authorization with Web PubSub resources when possible to ensure access with the minimum necessary privileges.
 
 <a id="security-principal"></a>
 _[1] security principal: a user/resource group, an application, or a service principal such as system-assigned identities and user-assigned identities._
 
-## Overview of Azure AD for Web PubSub
+## Overview of Microsoft Entra ID for Web PubSub
 
-Authentication is necessary to access a Web PubSub resource when using Azure AD. This authentication involves two steps:
+Authentication is necessary to access a Web PubSub resource when using Microsoft Entra ID. This authentication involves two steps:
 
 1. First, Azure authenticates the security principal and issues an OAuth 2.0 token.
 2. Second, the token is added to the request to the Web PubSub resource. The Web PubSub service uses the token to check if the service principal has the access to the resource.
 
-### Client-side authentication while using Azure AD
+### Client-side authentication while using Microsoft Entra ID
 
 The negotiation server/Function App shares an access key with the Web PubSub resource, enabling the Web PubSub service to authenticate client connection requests using client tokens generated by the access key.
 
-However, access key is often disabled when using Azure AD to improve security.
+However, access key is often disabled when using Microsoft Entra ID to improve security.
 
 To address this issue, we have developed a REST API that generates a client token. This token can be used to connect to the Azure Web PubSub service.
 
-To use this API, the negotiation server must first obtain an **Azure AD Token** from Azure to authenticate itself. The server can then call the Web PubSub Auth API with the **Azure AD Token** to retrieve a **Client Token**. The **Client Token** is then returned to the client, who can use it to connect to the Azure Web PubSub service.
+To use this API, the negotiation server must first obtain an **Microsoft Entra Token** from Azure to authenticate itself. The server can then call the Web PubSub Auth API with the **Microsoft Entra Token** to retrieve a **Client Token**. The **Client Token** is then returned to the client, who can use it to connect to the Azure Web PubSub service.
 
 We provided helper functions (for example `GenerateClientAccessUri) for supported programming languages.
 
 ## Assign Azure roles for access rights
 
-Azure Active Directory (Azure AD) authorizes access rights to secured resources through [Azure role-based access control](../role-based-access-control/overview.md). Azure Web PubSub defines a set of Azure built-in roles that encompass common sets of permissions used to access Web PubSub resources. You can also define custom roles for access to Web PubSub resources.
+Microsoft Entra ID authorizes access rights to secured resources through [Azure role-based access control](../role-based-access-control/overview.md). Azure Web PubSub defines a set of Azure built-in roles that encompass common sets of permissions used to access Web PubSub resources. You can also define custom roles for access to Web PubSub resources.
 
 ### Resource scope
 
@@ -65,7 +65,7 @@ You can scope access to Azure SignalR resources at the following levels, beginni
 
   At this scope, a role assignment applies to all of the resources in all of the resource groups in all of the subscriptions in the management group.
 
-## Azure built-in roles for Web PubSub resources.
+## Azure built-in roles for Web PubSub resources
 
 - `Web PubSub Service Owner`
 
@@ -81,13 +81,13 @@ You can scope access to Azure SignalR resources at the following levels, beginni
 
 ## Next steps
 
-To learn how to create an Azure application and use Azure AD auth, see
+To learn how to create an Azure application and use Microsoft Entra authorization, see
 
-- [Authorize request to Web PubSub resources with Azure AD from Azure applications](howto-authorize-from-application.md)
+- [Authorize request to Web PubSub resources with Microsoft Entra ID from applications](howto-authorize-from-application.md)
 
-To learn how to configure a managed identity and use Azure AD auth, see
+To learn how to configure a managed identity and use Microsoft Entra ID auth, see
 
-- [Authorize request to Web PubSub resources with Azure AD from managed identities](howto-authorize-from-managed-identity.md)
+- [Authorize request to Web PubSub resources with Microsoft Entra ID from managed identities](howto-authorize-from-managed-identity.md)
 
 To learn more about roles and role assignments, see
 
@@ -97,6 +97,6 @@ To learn how to create custom roles, see
 
 - [Steps to create a custom role](../role-based-access-control/custom-roles.md#steps-to-create-a-custom-role)
 
-To learn how to use only Azure AD authentication, see
+To learn how to use only Microsoft Entra authorization, see
 
 - [Disable local authentication](./howto-disable-local-auth.md)

articles/azure-web-pubsub/concept-service-internals.md

@@ -88,27 +88,33 @@ var pubsub = new WebSocket(
 A PubSub WebSocket client can:
 
 - Join a group, for example:
+
   ```json
   {
     "type": "joinGroup",
     "group": "<group_name>"
   }
   ```
+
 - Leave a group, for example:
+
   ```json
   {
     "type": "leaveGroup",
     "group": "<group_name>"
   }
   ```
+
 - Publish messages to a group, for example:
+
   ```json
   {
     "type": "sendToGroup",
     "group": "<group_name>",
     "data": { "hello": "world" }
   }
   ```
+
 - Send custom events to the upstream server, for example:
 
   ```json
@@ -123,7 +129,7 @@ A PubSub WebSocket client can:
 
 You may have noticed that for a [simple WebSocket client](#the-simple-websocket-client), the _server_ is a **must have** role to receive the `message` events from clients. A simple WebSocket connection always triggers a `message` event when it sends messages, and always relies on the server-side to process messages and do other operations. With the help of the `json.webpubsub.azure.v1` subprotocol, an authorized client can join a group and publish messages to a group directly. It can also route messages to different event handlers / event listeners by customizing the _event_ the message belongs.
 
-#### Scenarios:
+#### Scenarios
 
 Such clients can be used when clients want to talk to each other. Messages are sent from `client2` to the service and the service delivers the message directly to `client1` if the clients are authorized to do so.
 
@@ -242,13 +248,13 @@ When doing the validation, the `{event}` parameter is resolved to `validate`. Fo
 
 For now, we don't support [WebHook-Request-Rate](https://github.com/cloudevents/spec/blob/v1.0/http-webhook.md#414-webhook-request-rate) and [WebHook-Request-Callback](https://github.com/cloudevents/spec/blob/v1.0/http-webhook.md#413-webhook-request-callback).
 
-#### Authentication between service and webhook
+#### Authentication/Authorization between service and webhook
 
 - Anonymous mode
 - Simple authentication that `code` is provided through the configured Webhook URL.
-- Use Azure Active Directory (Azure AD) authentication. For more information, see [how to use managed identity](howto-use-managed-identity.md) for details.
+- Use Microsoft Entra authorization. For more information, see [how to use managed identity](howto-use-managed-identity.md) for details.
   - Step1: Enable Identity for the Web PubSub service
-  - Step2: Select from existing Azure AD application that stands for your webhook web app
+  - Step2: Select from existing Microsoft Entra application that stands for your webhook web app
 
 ### Connection manager
 

articles/azure-web-pubsub/howto-authorize-from-application.md

@@ -1,6 +1,6 @@
 ---
-title: Authorize request to Web PubSub resources with Azure AD from Azure applications
-description: This article provides information about authorizing request to Web PubSub resources with Azure AD from Azure applications
+title: Authorize request to Web PubSub resources with Microsoft Entra ID from applications
+description: This article provides information about authorizing request to Web PubSub resources with Microsoft Entra ID from applications
 author: terencefan
 
 ms.author: tefa
@@ -9,17 +9,17 @@ ms.service: azure-web-pubsub
 ms.topic: conceptual
 ---
 
-# Authorize request to Web PubSub resources with Azure AD from Azure applications
+# Authorize request to Web PubSub resources with Microsoft Entra ID from Azure applications
 
-Azure Web PubSub Service supports Azure Active Directory (Azure AD) authorizing requests from [Azure applications](../active-directory/develop/app-objects-and-service-principals.md).
+Azure Web PubSub Service supports Microsoft Entra ID for authorizing requests from [applications](../active-directory/develop/app-objects-and-service-principals.md).
 
 This article shows how to configure your Web PubSub resource and codes to authorize the request to a Web PubSub resource from an Azure application.
 
 ## Register an application
 
 The first step is to register an Azure application.
 
-1. On the [Azure portal](https://portal.azure.com/), search for and select **Azure Active Directory**
+1. On the [Azure portal](https://portal.azure.com/), search for and select **Microsoft Entra ID**
 2. Under **Manage** section, select **App registrations**.
 3. Click **New registration**.
 
@@ -66,7 +66,7 @@ To learn more about adding credentials, see
 
 This sample shows how to assign a `Web PubSub Service Owner` role to a service principal (application) over a Web PubSub resource.
 
-> [!Note]
+> [!NOTE]
 > A role can be assigned to any scope, including management group, subscription, resource group or a single resource. To learn more about scope, see [Understand scope for Azure RBAC](../role-based-access-control/scope-overview.md)
 
 1. On the [Azure portal](https://portal.azure.com/), navigate to your Web PubSub resource.
@@ -111,7 +111,7 @@ This sample shows how to assign a `Web PubSub Service Owner` role to a service p
 - [Assign Azure roles using Azure CLI](../role-based-access-control/role-assignments-cli.md)
 - [Assign Azure roles using Azure Resource Manager templates](../role-based-access-control/role-assignments-template.md)
 
-## Use Postman to get the Azure AD token
+## Use Postman to get the Microsoft Entra token
 
 1. Launch Postman
 
@@ -121,7 +121,7 @@ This sample shows how to assign a `Web PubSub Service Owner` role to a service p
 
 4. On the **Headers** tab, add **Content-Type** key and `application/x-www-form-urlencoded` for the value.
 
-![Screenshot of the basic info using postman to get the token.](./media/howto-authorize-from-application/get-azure-ad-token-using-postman.png)
+   ![Screenshot of the basic info using postman to get the token.](./media/howto-authorize-from-application/get-azure-ad-token-using-postman.png)
 
 5. Switch to the **Body** tab, and add the following keys and values.
    1. Select **x-www-form-urlencoded**.
@@ -130,13 +130,13 @@ This sample shows how to assign a `Web PubSub Service Owner` role to a service p
    4. Add `client_secret` key, and paste the value of client secret you noted down earlier.
    5. Add `resource` key, and type `https://webpubsub.azure.com` for the value.
 
-![Screenshot of the body parameters when using postman to get the token.](./media/howto-authorize-from-application/get-azure-ad-token-using-postman-body.png)
+   ![Screenshot of the body parameters when using postman to get the token.](./media/howto-authorize-from-application/get-azure-ad-token-using-postman-body.png)
 
 6. Select **Send** to send the request to get the token. You see the token in the `access_token` field.
 
-![Screenshot of the response token when using postman to get the token.](./media/howto-authorize-from-application/get-azure-ad-token-using-postman-response.png)
+   ![Screenshot of the response token when using postman to get the token.](./media/howto-authorize-from-application/get-azure-ad-token-using-postman-response.png)
 
-## Sample codes using Azure AD auth
+## Sample codes using Microsoft Entra authorization
 
 We officially support 4 programming languages:
 
@@ -149,6 +149,6 @@ We officially support 4 programming languages:
 
 See the following related articles:
 
-- [Overview of Azure AD for Web PubSub](concept-azure-ad-authorization.md)
-- [Authorize request to Web PubSub resources with Azure AD from managed identities](howto-authorize-from-managed-identity.md)
+- [Overview of Microsoft Entra ID for Web PubSub](concept-azure-ad-authorization.md)
+- [Authorize request to Web PubSub resources with Microsoft Entra ID from managed identities](howto-authorize-from-managed-identity.md)
 - [Disable local authentication](./howto-disable-local-auth.md)

articles/azure-web-pubsub/howto-authorize-from-managed-identity.md

@@ -1,6 +1,6 @@
 ---
-title: Authorize request to Web PubSub resources with Azure AD from managed identities
-description: This article provides information about authorizing request to Web PubSub resources with Azure AD from managed identities
+title: Authorize request to Web PubSub resources with Microsoft Entra ID from managed identities
+description: This article provides information about authorizing request to Web PubSub resources with Microsoft Entra ID from managed identities
 author: terencefan
 
 ms.author: tefa
@@ -9,9 +9,9 @@ ms.service: azure-web-pubsub
 ms.topic: conceptual
 ---
 
-# Authorize request to Web PubSub resources with Azure AD from managed identities
+# Authorize request to Web PubSub resources with Microsoft Entra ID from managed identities
 
-Azure Web PubSub Service supports Azure Active Directory (Azure AD) authorizing requests from [Managed identities for Azure resources](../active-directory/managed-identities-azure-resources/overview.md).
+Azure Web PubSub Service supports Microsoft Entra ID for authorizing requests from [managed identities](../active-directory/managed-identities-azure-resources/overview.md).
 
 This article shows how to configure your Web PubSub resource and codes to authorize the request to a Web PubSub resource from a managed identity.
 
@@ -109,6 +109,6 @@ We officially support 4 programming languages:
 
 See the following related articles:
 
-- [Overview of Azure AD for Web PubSub](concept-azure-ad-authorization.md)
-- [Authorize request to Web PubSub resources with Azure AD from Azure applications](howto-authorize-from-application.md)
+- [Overview of Microsoft Entra ID for Web PubSub](concept-azure-ad-authorization.md)
+- [Authorize request to Web PubSub resources with Microsoft Entra ID from Azure applications](howto-authorize-from-application.md)
 - [Disable local authentication](./howto-disable-local-auth.md)

articles/azure-web-pubsub/howto-create-serviceclient-with-java-and-azure-identity.md

@@ -12,7 +12,7 @@ ms.topic: how-to
 
 # How to create a `WebPubSubServiceClient` with Java and Azure Identity
 
-This how-to guide shows you how to create a `WebPubSubServiceClient` with Java and Azure Identity.
+This how-to guide shows you how to create a `WebPubSubServiceClient` using Microsoft Entra ID in Java.
 
 ## Requirements
 
@@ -103,4 +103,4 @@ This how-to guide shows you how to create a `WebPubSubServiceClient` with Java a
 
 ## Complete sample
 
-- [Simple chatroom with AAD Auth](https://github.com/Azure/azure-webpubsub/tree/main/samples/java/chatapp-aad)
+- [Simple chatroom with Microsoft Entra ID authorization](https://github.com/Azure/azure-webpubsub/tree/main/samples/java/chatapp-aad)

articles/azure-web-pubsub/howto-create-serviceclient-with-javascript-and-azure-identity.md

@@ -12,7 +12,7 @@ ms.topic: how-to
 
 # How to create a `WebPubSubServiceClient` with JavaScript and Azure Identity
 
-This how-to guide shows you how to create a `WebPubSubServiceClient` using Azure Active Directory in JavaScript.
+This how-to guide shows you how to create a `WebPubSubServiceClient` using Microsoft Entra ID in JavaScript.
 
 ## Requirements
 
@@ -68,4 +68,4 @@ This how-to guide shows you how to create a `WebPubSubServiceClient` using Azure
 
 ## Complete sample
 
-- [Simple chatroom with AAD Auth](https://github.com/Azure/azure-webpubsub/tree/main/samples/javascript/chatapp-aad)
+- [Simple chatroom with Microsoft Entra ID authorization](https://github.com/Azure/azure-webpubsub/tree/main/samples/javascript/chatapp-aad)

articles/azure-web-pubsub/howto-create-serviceclient-with-net-and-azure-identity.md

@@ -11,7 +11,7 @@ ms.topic: how-to
 
 # How to create a `WebPubSubServiceClient` with .NET and Azure Identity
 
-This how-to guide shows you how to create a `WebPubSubServiceClient` using Azure Active Directory in .NET.
+This how-to guide shows you how to create a `WebPubSubServiceClient` using Microsoft Entra ID in .NET.
 
 ## Requirements
 
@@ -112,4 +112,4 @@ This how-to guide shows you how to create a `WebPubSubServiceClient` using Azure
 
 ## Complete sample
 
-- [Simple chatroom with AAD Auth](https://github.com/Azure/azure-webpubsub/tree/main/samples/csharp/chatapp-aad)
+- [Simple chatroom with Microsoft Entra ID authorization](https://github.com/Azure/azure-webpubsub/tree/main/samples/csharp/chatapp-aad)

articles/azure-web-pubsub/howto-create-serviceclient-with-python-and-azure-identity.md

@@ -11,7 +11,7 @@ ms.topic: how-to
 
 # How to create a `WebPubSubServiceClient` with Python and Azure Identity
 
-This how-to guide shows you how to create a `WebPubSubServiceClient` using Azure Active Directory in Python.
+This how-to guide shows you how to create a `WebPubSubServiceClient` using Microsoft Entra ID in Python.
 
 ## Requirements
 
@@ -63,4 +63,4 @@ This how-to guide shows you how to create a `WebPubSubServiceClient` using Azure
 
 ## Complete sample
 
-- [Simple chatroom with AAD Auth](https://github.com/Azure/azure-webpubsub/tree/main/samples/python/chatapp-aad)
+- [Simple chatroom with Microsoft Entra ID authorization](https://github.com/Azure/azure-webpubsub/tree/main/samples/python/chatapp-aad)