add warning note

Author: duongau

articles/cdn/cdn-manage-expiration-of-blob-content.md

@@ -8,7 +8,7 @@ manager: kumudd
 ms.service: azure-cdn
 ms.devlang: csharp
 ms.topic: how-to
-ms.date: 03/20/2024
+ms.date: 2/25/2025
 ms.author: duau
 ms.custom: devx-track-azurepowershell, devx-track-dotnet
 ---
@@ -22,6 +22,9 @@ ms.custom: devx-track-azurepowershell, devx-track-dotnet
 > - [Azure Blob storage](cdn-manage-expiration-of-blob-content.md)
 >
 
+> [!WARNING]
+> Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a very high degree of trust in the application, and carries risks that are not present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable.
+
 The [Blob storage service](../storage/common/storage-introduction.md#blob-storage) in Azure Storage is one of several Azure-based origins integrated with Azure Content Delivery Network. Any publicly accessible blob content can be cached in Azure Content Delivery Network until its time to live (TTL) elapses. The TTL gets determined by the `Cache-Control` header in the HTTP response from the origin server. This article describes several ways that you can set the `Cache-Control` header on a blob in Azure Storage.
 
 You can also control cache settings from the Azure portal by setting content delivery network caching rules. If you create a caching rule and set its caching behavior to **Override** or **Bypass cache**, the origin-provided caching settings discussed in this article are ignored. For information about general caching concepts, see [How caching works](cdn-how-caching-works.md).