MicrosoftDocs
diff --git a/‎articles/azure-maps/how-to-manage-authentication.md
Lines changed: 48 additions & 25 deletions b/‎articles/azure-maps/how-to-manage-authentication.md
Lines changed: 48 additions & 25 deletions
diff --git a/‎articles/azure-maps/how-to-manage-creator.md
Lines changed: 31 additions & 16 deletions b/‎articles/azure-maps/how-to-manage-creator.md
Lines changed: 31 additions & 16 deletions
@@ -13,14 +13,15 @@ custom.ms: subject-rbac-steps
 
 # Manage authentication in Azure Maps
 
-When you create an Azure Maps account, your client ID is automatically generated along with primary and secondary keys that are required for authentication when using [Azure Active Directory (Azure AD)](../active-directory/fundamentals/active-directory-whatis.md) or [Shared Key authentication](./azure-maps-authentication.md#shared-key-authentication).
+When you create an Azure Maps account, your client ID and shared keys are created automatically. These values are required for authentication when using either [Azure Active Directory (Azure AD)] or [Shared Key authentication].
 
 ## Prerequisites
 
-Sign in to the [Azure portal](https://portal.azure.com). If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/) before you begin.
-- A familiarization with [managed identities for Azure resources](../active-directory/managed-identities-azure-resources/overview.md). Be sure to understand the two [Managed identity types](../active-directory/managed-identities-azure-resources/overview.md#managed-identity-types) and how they differ.
-- [An Azure Maps account](quick-demo-map-app.md#create-an-azure-maps-account).
-- A familiarization with [Azure Maps Authentication](./azure-maps-authentication.md).
+Sign in to the [Azure portal]. If you don't have an Azure subscription, create a [free account] before you begin.
+
+- A familiarization with [managed identities for Azure resources]. Be sure to understand the two [Managed identity types] and how they differ.
+- [An Azure Maps account].
+- A familiarization with [Azure Maps Authentication].
 
 ## View authentication details
 
@@ -29,7 +30,7 @@ Sign in to the [Azure portal](https://portal.azure.com). If you don't have an Az
 
 To view your Azure Maps authentication details:
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the [Azure portal].
 
 2. Select **All resources** in the **Azure services** section, then select your Azure Maps account.
 
@@ -41,18 +42,18 @@ To view your Azure Maps authentication details:
 
 ## Choose an authentication category
 
-Depending on your application needs, there are specific pathways to application security. Azure AD defines specific authentication categories to support a wide range of authentication flows. To choose the best category for your application, see [application categories](../active-directory/develop/authentication-flows-app-scenarios.md#application-categories).
+Depending on your application needs, there are specific pathways to application security. Azure AD defines specific authentication categories to support a wide range of authentication flows. To choose the best category for your application, see [application categories].
 
 > [!NOTE]
 > Understanding categories and scenarios will help you secure your Azure Maps application, whether you use Azure Active Directory or shared key authentication.
 
 ## How to add and remove managed identities
 
-To enable [Shared access signature (SAS) token authentication](./azure-maps-authentication.md#shared-access-signature-token-authentication) with the Azure Maps REST API you need to add a user-assigned managed identity to your Azure Maps account.
+To enable [Shared access signature (SAS) token authentication] with the Azure Maps REST API, you need to add a user-assigned managed identity to your Azure Maps account.
 
 ### Create a managed identity
 
-You can create a user-assigned managed identity before or after creating a map account. You can add the managed identity through the portal, Azure management SDKs, or the Azure Resource Manager (ARM) template. To add a user-assigned managed identity through an ARM template, specify the resource identifier of the user-assigned managed identity. See example below:
+You can create a user-assigned managed identity before or after creating a map account. You can add the managed identity through the portal, Azure management SDKs, or the Azure Resource Manager (ARM) template. To add a user-assigned managed identity through an ARM template, specify the resource identifier of the user-assigned managed identity.
 
 ```json
 "identity": {
@@ -67,7 +68,7 @@ You can create a user-assigned managed identity before or after creating a map a
 
 You can remove a system-assigned identity by disabling the feature through the portal or the Azure Resource Manager template in the same way that it was created. User-assigned identities can be removed individually. To remove all identities, set the identity type to `"None"`.
 
-Removing a system-assigned identity in this way will also delete it from Azure AD. System-assigned identities are also automatically removed from Azure AD when the Azure Maps account is deleted.
+Removing a system-assigned identity in this way also deletes it from Azure AD. System-assigned identities are also automatically removed from Azure AD when the Azure Maps account is deleted.
 
 To remove all identities by using the Azure Resource Manager template, update this section:
 
@@ -79,20 +80,20 @@ To remove all identities by using the Azure Resource Manager template, update th
 
 ## Choose an authentication and authorization scenario
 
-This table outlines common authentication and authorization scenarios in Azure Maps. Each scenario describes a type of app which can be used to access Azure Maps REST API. Use the links to learn detailed configuration information for each scenario.
+This table outlines common authentication and authorization scenarios in Azure Maps. Each scenario describes a type of app that can be used to access Azure Maps REST API. Use the links to learn detailed configuration information for each scenario.
 
 > [!IMPORTANT]
 > For production applications, we recommend implementing Azure AD with Azure role-based access control (Azure RBAC).
 
-| Scenario                                                                            | Authentication | Authorization | Development effort | Operational effort |
-| ----------------------------------------------------------------------------------- | -------------- | ------------- | ------------------ | ------------------ |
-| [Trusted daemon app or non-interactive client app](./how-to-secure-daemon-app.md)   | Shared Key     | N/A           | Medium             | High               |
-| [Trusted daemon or non-interactive client app](./how-to-secure-daemon-app.md)       | Azure AD       | High          | Low                | Medium             |
-| [Web single page app with interactive single-sign-on](./how-to-secure-spa-users.md) | Azure AD       | High          | Medium             | Medium             |
-| [Web single page app with non-interactive sign-on](./how-to-secure-spa-app.md)      | Azure AD       | High          | Medium             | Medium             |
-| [Web app, daemon app, or non-interactive sign-on app](./how-to-secure-sas-app.md)   | SAS Token      | High          | Medium             | Low                |
-| [Web application with interactive single-sign-on](./how-to-secure-webapp-users.md)  | Azure AD       | High          | High               | Medium             |
-| [IoT device or an input constrained application](./how-to-secure-device-code.md)    | Azure AD       | High          | Medium             | Medium             |
+| Scenario                                             | Authentication | Authorization | Development effort | Operational effort |
+| -----------------------------------------------------| -------------- | ------------- | ------------------ | ------------------ |
+| [Trusted daemon app or non-interactive client app]   | Shared Key     | N/A           | Medium             | High               |
+| [Trusted daemon or non-interactive client app]       | Azure AD       | High          | Low                | Medium             |
+| [Web single page app with interactive single-sign-on]| Azure AD       | High          | Medium             | Medium             |
+| [Web single page app with non-interactive sign-on]   | Azure AD       | High          | Medium             | Medium             |
+| [Web app, daemon app, or non-interactive sign-on app]| SAS Token      | High          | Medium             | Low                |
+| [Web application with interactive single-sign-on]    | Azure AD       | High          | High               | Medium             |
+| [IoT device or an input constrained application]     | Azure AD       | High          | Medium             | Medium             |
 
 ## View built-in Azure Maps role definitions
 
@@ -131,7 +132,7 @@ Request a token from the Azure AD token endpoint. In your Azure AD request, use
 | Azure public cloud     | `https://login.microsoftonline.com` | `https://atlas.microsoft.com/` |
 | Azure Government cloud | `https://login.microsoftonline.us`  | `https://atlas.microsoft.com/` |
 
-For more information about requesting access tokens from Azure AD for users and service principals, see [Authentication scenarios for Azure AD](../active-directory/develop/authentication-vs-authorization.md). To view specific scenarios, see [the table of scenarios](./how-to-manage-authentication.md#choose-an-authentication-and-authorization-scenario).
+For more information about requesting access tokens from Azure AD for users and service principals, see [Authentication scenarios for Azure AD]. To view specific scenarios, see [the table of scenarios].
 
 ## Manage and rotate shared keys
 
@@ -142,14 +143,14 @@ Your Azure Maps subscription keys are similar to a root password for your Azure
 
 ### Manually rotate subscription keys
 
-To help keep your Azure Maps account secure, we recommend periodically rotating your subscription keys. If possible, use Azure Key Vault to manage your access keys. If you aren't using Key Vault, you'll need to manually rotate your keys.
+To help keep your Azure Maps account secure, we recommend periodically rotating your subscription keys. If possible, use Azure Key Vault to manage your access keys. If you aren't using Key Vault, you need to manually rotate your keys.
 
 Two subscription keys are assigned so that you can rotate your keys. Having two keys ensures that your application maintains access to Azure Maps throughout the process.
 
 To rotate your Azure Maps subscription keys in the Azure portal:
 
 1. Update your application code to reference the secondary key for the Azure Maps account and deploy.
-2. In the [Azure portal](https://portal.azure.com/), navigate to your Azure Maps account.
+2. In the [Azure portal], navigate to your Azure Maps account.
 3. Under **Settings**, select **Authentication**.
 4. To regenerate the primary key for your Azure Maps account, select the **Regenerate** button next to the primary key.
 5. Update your application code to reference the new primary key and deploy.
@@ -163,9 +164,31 @@ To rotate your Azure Maps subscription keys in the Azure portal:
 Find the API usage metrics for your Azure Maps account:
 
 > [!div class="nextstepaction"]
-> [View usage metrics](how-to-view-api-usage.md)
+> [View usage metrics]
 
 Explore samples that show how to integrate Azure AD with Azure Maps:
 
 > [!div class="nextstepaction"]
-> [Azure AD authentication samples](https://github.com/Azure-Samples/Azure-Maps-AzureAD-Samples)
+> [Azure AD authentication samples]
+
+[Azure portal]: https://portal.azure.com/
+[Azure AD authentication samples]: https://github.com/Azure-Samples/Azure-Maps-AzureAD-Samples
+[View usage metrics]: how-to-view-api-usage.md
+[Authentication scenarios for Azure AD]: ../active-directory/develop/authentication-vs-authorization.md
+[the table of scenarios]: how-to-manage-authentication.md#choose-an-authentication-and-authorization-scenario
+[Trusted daemon app or non-interactive client app]: how-to-secure-daemon-app.md
+[Trusted daemon or non-interactive client app]: how-to-secure-daemon-app.md
+[Web single page app with interactive single-sign-on]: how-to-secure-spa-users.md
+[Web single page app with non-interactive sign-on]: how-to-secure-spa-app.md
+[Web app, daemon app, or non-interactive sign-on app]: how-to-secure-sas-app.md
+[Web application with interactive single-sign-on]: how-to-secure-webapp-users.md
+[IoT device or an input constrained application]: how-to-secure-device-code.md
+[Shared access signature (SAS) token authentication]: azure-maps-authentication.md#shared-access-signature-token-authentication
+[application categories]: ../active-directory/develop/authentication-flows-app-scenarios.md#application-categories
+[Azure Active Directory (Azure AD)]: ../active-directory/fundamentals/active-directory-whatis.md
+[Shared Key authentication]: azure-maps-authentication.md#shared-key-authentication
+[free account]: https://azure.microsoft.com/free/
+[managed identities for Azure resources]: ../active-directory/managed-identities-azure-resources/overview.md
+[Managed identity types]: ../active-directory/managed-identities-azure-resources/overview.md#managed-identity-types
+[An Azure Maps account]: quick-demo-map-app.md#create-an-azure-maps-account
+[Azure Maps Authentication]: azure-maps-authentication.md
@@ -1,6 +1,6 @@
 ---
 title: Manage Microsoft Azure Maps Creator
-description: In this article, you'll learn how to manage Microsoft Azure Maps Creator.
+description: This article demonstrates how to manage Microsoft Azure Maps Creator.
 author: eriklindeman
 ms.author: eriklind
 ms.date: 01/20/2022
@@ -11,13 +11,13 @@ services: azure-maps
 
 # Manage Azure Maps Creator
 
-You can use Azure Maps Creator to create private indoor map data. Using the Azure Maps API and the Indoor Maps module, you can develop interactive and dynamic indoor map web applications. For pricing information, see the *Creator* section in [Azure Maps pricing](https://aka.ms/CreatorPricing).
+You can use Azure Maps Creator to create private indoor map data. Using the Azure Maps API and the Indoor Maps module, you can develop interactive and dynamic indoor map web applications. For pricing information, see the *Creator* section in [Azure Maps pricing].
 
 This article takes you through the steps to create and delete a Creator resource in an Azure Maps account.
 
 ## Create Creator resource
 
-1. Sign in to the [Azure portal](https://portal.azure.com)
+1. Sign in to the [Azure portal].
 
 2. Navigate to the Azure portal menu. Select **All resources**, and then select your Azure Maps account.
 
@@ -51,26 +51,26 @@ To delete the Creator resource:
 
      :::image type="content" source="./media/how-to-manage-creator/creator-delete.png" alt-text="A screenshot of the Azure Maps Creator Resource page with the delete button highlighted.":::
 
-3. You'll be asked to confirm deletion by typing in the name of your Creator resource. After the resource is deleted, you see a confirmation page that looks like the following:
+3. You're prompted to confirm deletion by typing in the name of your Creator resource. After the resource is deleted, you see a confirmation page that looks like the following example:
 
      :::image type="content" source="./media/how-to-manage-creator/creator-confirm-delete.png" alt-text="A screenshot of the Azure Maps Creator Resource deletion confirmation page.":::
 
 ## Authentication
 
 Creator inherits Azure Maps Access Control (IAM) settings. All API calls for data access must be sent with authentication and authorization rules.
 
-Creator usage data is incorporated in your Azure Maps usage charts and activity log.  For more information, see [Manage authentication in Azure Maps](./how-to-manage-authentication.md).
+Creator usage data is incorporated in your Azure Maps usage charts and activity log.  For more information, see [Manage authentication in Azure Maps].
 
 >[!Important]
 >We recommend using:
 >
-> * Azure Active Directory (Azure AD) in all solutions that are built with an Azure Maps account using Creator services. For more information, on Azure AD, see [Azure AD authentication](azure-maps-authentication.md#azure-ad-authentication).
+> * Azure Active Directory (Azure AD) in all solutions that are built with an Azure Maps account using Creator services. For more information, on Azure AD, see [Azure AD authentication].
 >
->* Role-based access control settings (RBAC). Using these settings, map makers can act as the Azure Maps Data Contributor role, and Creator map data users can act as the Azure Maps Data Reader role. For more information, see [Authorization with role-based access control](azure-maps-authentication.md#authorization-with-role-based-access-control).
+>* Role-based access control settings (RBAC). Using these settings, map makers can act as the Azure Maps Data Contributor role, and Creator map data users can act as the Azure Maps Data Reader role. For more information, see [Authorization with role-based access control].
 
 ## Access to Creator services
 
-Creator services and services that use data hosted in Creator (for example, Render service), are accessible at a geographical URL. The geographical URL is determined by the location selected during creation. For example, if Creator is created in a region in the United States geographical location, all calls to the Conversion service must be submitted to `us.atlas.microsoft.com/conversions`. To view mappings of region to geographical location, [see Creator service geographic scope](creator-geographic-scope.md).
+Creator services and services that use data hosted in Creator (for example, Render service), are accessible at a geographical URL. The geographical URL determines the location selected during creation. For example, if Creator is created in a region in the United States geographical location, all calls to the Conversion service must be submitted to `us.atlas.microsoft.com/conversions`. To view mappings of region to geographical location, [see Creator service geographic scope].
 
 Also, all data imported into Creator should be uploaded into the same geographical location as the Creator resource. For example, if Creator is provisioned in the United States, all raw data should be uploaded via `us.atlas.microsoft.com/mapData/upload`.
 
@@ -79,27 +79,42 @@ Also, all data imported into Creator should be uploaded into the same geographic
 Introduction to Creator services for indoor mapping:
 
 > [!div class="nextstepaction"]
-> [Data upload](creator-indoor-maps.md#upload-a-drawing-package)
+> [Data upload]
 
 > [!div class="nextstepaction"]
-> [Data conversion](creator-indoor-maps.md#convert-a-drawing-package)
+> [Data conversion]
 
 > [!div class="nextstepaction"]
-> [Dataset](creator-indoor-maps.md#datasets)
+> [Dataset]
 
 > [!div class="nextstepaction"]
-> [Tileset](creator-indoor-maps.md#tilesets)
+> [Tileset]
 
 > [!div class="nextstepaction"]
-> [Feature State set](creator-indoor-maps.md#feature-statesets)
+> [Feature State set]
 
 Learn how to use the Creator services to render indoor maps in your application:
 
 > [!div class="nextstepaction"]
-> [Azure Maps Creator tutorial](tutorial-creator-indoor-maps.md)
+> [Azure Maps Creator tutorial]
 
 > [!div class="nextstepaction"]
-> [Indoor map dynamic styling](indoor-map-dynamic-styling.md)
+> [Indoor map dynamic styling]
 
 > [!div class="nextstepaction"]
-> [Use the Indoor Maps module](how-to-use-indoor-module.md)
+> [Use the Indoor Maps module]
+
+[Authorization with role-based access control]: azure-maps-authentication.md#authorization-with-role-based-access-control
+[Azure AD authentication]: azure-maps-authentication.md#azure-ad-authentication
+[Azure Maps Creator tutorial]: tutorial-creator-indoor-maps.md
+[Azure Maps pricing]: https://aka.ms/CreatorPricing
+[Azure portal]: https://portal.azure.com
+[Data conversion]: creator-indoor-maps.md#convert-a-drawing-package
+[Data upload]: creator-indoor-maps.md#upload-a-drawing-package
+[Dataset]: creator-indoor-maps.md#datasets
+[Feature State set]: creator-indoor-maps.md#feature-statesets
+[Indoor map dynamic styling]: indoor-map-dynamic-styling.md
+[Manage authentication in Azure Maps]: how-to-manage-authentication.md
+[see Creator service geographic scope]: creator-geographic-scope.md
+[Tileset]: creator-indoor-maps.md#tilesets
+[Use the Indoor Maps module]: how-to-use-indoor-module.md