edits

Author: ktoliver

articles/app-service/app-service-configuration-references.md

@@ -9,7 +9,7 @@ ms.author: mubatra
 
 ---
 
-# Use App Configuration references for App Service and Azure Functions
+# Use App Configuration references for Azure App Service and Azure Functions
 
 This article shows you how to work with configuration data in your Azure App Service or Azure Functions application without making any code changes. [Azure App Configuration](../azure-app-configuration/overview.md) is an Azure service you can use to centrally manage application configuration. It's also an effective audit tool for your configuration values over time or across releases.
 

articles/app-service/app-service-web-configure-tls-mutual-auth.md

@@ -1,5 +1,5 @@
 ---
-title: Set Up TLS mutual authentication
+title: Set Up TLS Mutual Authentication
 description: Learn how to set up TLS mutual authentication in Azure App Service to help secure two-way communication between client and server.
 keywords: TLS mutual authentication, Azure App Service security, secure client-server communication
 author: msangapu-msft

articles/app-service/configure-authentication-oauth-tokens.md

@@ -1,5 +1,5 @@
 ---
-title: Work with OAuth tokens in AuthN/AuthZ
+title: Work with OAuth Tokens in AuthN/AuthZ
 description: Learn how to retrieve tokens, refresh tokens, and extend sessions when you use the built-in authentication and authorization in Azure App Service.
 ms.topic: how-to
 ms.date: 03/29/2021

articles/app-service/deploy-local-git.md

@@ -1,5 +1,5 @@
 ---
-title: Deploy from a Local Git Repository
+title: Deploy From a Local Git Repository
 description: Learn how to enable local Git deployment to Azure App Service. One of the simplest ways to deploy code is from your local computer.
 ms.topic: how-to
 ms.date: 02/29/2024

articles/app-service/overview-app-gateway-integration.md

@@ -1,5 +1,5 @@
 ---
-title: Overview of Application Gateway integration
+title: Application Gateway Integration Overview
 description: Learn how Application Gateway integrates with Azure App Service.
 services: app-service
 author: madsd

articles/app-service/overview-security.md

@@ -1,5 +1,5 @@
 ---
-title: Overview of Security
+title: Security Overview
 description: Learn about how Azure App Service helps secure your app, and how you can help lock down your app from threats. 
 keywords: azure app service, web app, mobile app, api app, function app, security, secure, secured, compliance, compliant, certificate, certificates, https, ftps, tls, trust, encryption, encrypt, encrypted, ip restriction, authentication, authorization, authn, autho, msi, managed service identity, managed identity, secrets, secret, patching, patch, patches, version, isolation, network isolation, ddos, mitm
 ms.topic: overview
@@ -11,15 +11,15 @@ ms.author: cephalin
 ---
 # Security in Azure App Service overview
 
-This article describes how [Azure App Service](overview.md) helps secure your web app, mobile app back end, API app, and [function app](../azure-functions/index.yml). It also shows how you can further help secure your app by using built-in App Service features.
+This article describes how [Azure App Service](overview.md) helps secure your web app, mobile app back end, API app, and [function app](../azure-functions/index.yml). It also shows you how to further help secure your app by using built-in App Service features.
 
 [!INCLUDE [app-service-security-intro](../../includes/app-service-security-intro.md)]
 
 The following sections show you how to further help protect your App Service app from threats.
 
 ## HTTPS and certificates
 
-You can use App Service to secure your apps through [HTTPS](https://wikipedia.org/wiki/HTTPS). When your app is created, its default domain name (`<app_name>.azurewebsites.net`) is already accessible by using HTTPS. If you [configure a custom domain for your app](app-service-web-tutorial-custom-domain.md), you should also [help secure it with a TLS/SSL certificate](configure-ssl-bindings.md) so that client browsers can make secured HTTPS connections to your custom domain. 
+You can use App Service to secure your apps through [HTTPS](https://wikipedia.org/wiki/HTTPS). When your app is created, its default domain name (`<app_name>.azurewebsites.net`) is already accessible by using HTTPS. If you [configure a custom domain for your app](app-service-web-tutorial-custom-domain.md), you should also [help secure it with a TLS/SSL certificate](configure-ssl-bindings.md) so that client browsers can make secured HTTPS connections to your custom domain.
 
 App Service supports these types of certificates:
 
@@ -34,9 +34,9 @@ For more information, see [Add a TLS/SSL certificate in Azure App Service](confi
 
 To secure your app against all unencrypted (HTTP) connections, App Service provides one-click configuration to enforce HTTPS. Unsecured requests are turned away before they even reach your application code. For more information, see [Enforce HTTPS](configure-ssl-bindings.md#enforce-https).
 
-[TLS](https://wikipedia.org/wiki/Transport_Layer_Security) 1.0 is no longer considered secure by industry standards, such as [PCI DSS](https://wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard). Use App Service to disable outdated protocols by [enforcing TLS 1.1/1.2](configure-ssl-bindings.md#enforce-tls-versions).
+[TLS](https://wikipedia.org/wiki/Transport_Layer_Security) 1.0 is no longer considered secure by industry standards, such as the [PCI DSS](https://wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard). Use App Service to disable outdated protocols by [enforcing TLS 1.1/TLS 1.2](configure-ssl-bindings.md#enforce-tls-versions).
 
-App Service supports both FTP and FTPS for deploying your files. But use FTPS instead of FTP, if at all possible. When one or both of these protocols aren't in use, you should [disable them](deploy-ftp.md#enforce-ftps).
+App Service supports both FTP and FTPS for deploying your files. To increase security, use FTPS instead of FTP, if at all possible. When one or both of these protocols aren't in use, you should [disable them](deploy-ftp.md#enforce-ftps).
 
 ## Static IP restrictions
 
@@ -52,10 +52,10 @@ App Service authentication and authorization support multiple authentication pro
 
 ## Service-to-service authentication
 
-When you authenticate against a back-end service, App Service provides two different mechanisms depending on your need:
+When you authenticate against a back-end service, App Service provides two mechanisms depending on your need:
 
-- **Service identity** - Sign in to the remote resource by using the identity of the app itself. App Service lets you easily create a [managed identity](overview-managed-identity.md), which you can use to authenticate with other services, such as [Azure SQL Database](/azure/sql-database/) or [Azure Key Vault](/azure/key-vault/). For an end-to-end tutorial of this approach, see [Secure an Azure SQL Database connection from App Service by using a managed identity](tutorial-connect-msi-sql-database.md).
-- **On behalf of (OBO)** - Make delegated access to remote resources on behalf of the user. With Microsoft Entra ID as the authentication provider, your App Service app can perform delegated sign-in to a remote service, such as [Microsoft Graph](/graph/overview) or a remote API app in App Service. For an end-to-end tutorial of this approach, see [Authenticate and authorize users end-to-end in Azure App Service](tutorial-auth-aad.md).
+- **Service identity** - Sign in to the remote resource by using the identity of the app itself. In App Service, you can easily create a [managed identity](overview-managed-identity.md), which you can use to authenticate with other services, such as [Azure SQL Database](/azure/sql-database/) or [Azure Key Vault](/azure/key-vault/). For an end-to-end tutorial of this approach, see [Secure an Azure SQL Database connection from App Service by using a managed identity](tutorial-connect-msi-sql-database.md).
+- **On behalf of (OBO)** - Make delegated access to remote resources on behalf of the user. With Microsoft Entra ID as the authentication provider, your App Service app can perform delegated sign-in to a remote service, such as to [Microsoft Graph](/graph/overview) or to a remote API app in App Service. For an end-to-end tutorial of this approach, see [Authenticate and authorize users end-to-end in Azure App Service](tutorial-auth-aad.md).
 
 ## Connectivity to remote resources
 
@@ -65,7 +65,7 @@ Your app might need to access three types of remote resources:
 - [Resources inside an Azure virtual network](#resources-inside-an-azure-virtual-network)
 - [On-premises resources](#on-premises-resources)
 
-In each of these scenarios, App Service provides a way for you to make secure connections, but you should still observe security best practices. For example, always use encrypted connections even if the back-end resource allows unencrypted connections. Furthermore, make sure that your back-end Azure service allows the minimum set of IP addresses. You can find the outbound IP addresses for your app at [Inbound and outbound IP addresses in Azure App Service](overview-inbound-outbound-ips.md).
+In each of these scenarios, App Service provides a way for you to make secure connections, but you should still observe security best practices. For example, always use encrypted connections, even if the back-end resource allows unencrypted connections. Also ensure that your back-end Azure service allows the minimum set of IP addresses. You can find the outbound IP addresses for your app at [Inbound and outbound IP addresses in Azure App Service](overview-inbound-outbound-ips.md).
 
 ### Azure resources
 
@@ -77,31 +77,31 @@ If your app is hosted in an [App Service Environment](environment/intro.md), you
 
 Your app can access resources in an [Azure virtual network](../virtual-network/index.yml) through [virtual network integration](./overview-vnet-integration.md). The integration is established with a virtual network by using a point-to-site VPN. The app can then access the resources in the virtual network by using their private IP addresses. The point-to-site connection, however, still traverses the shared networks in Azure.
 
-To isolate your resource connectivity completely from the shared networks in Azure, create your app in an [App Service Environment](environment/intro.md). Because an App Service Environment is always deployed to a dedicated virtual network, connectivity between your app and resources in the virtual network is fully isolated. For other aspects of network security in an App Service Environment, see [Network isolation](#network-isolation).
+To isolate your resource connectivity completely from the shared networks in Azure, create your app in an [App Service Environment](environment/intro.md). Because an App Service Environment is always deployed to a dedicated virtual network, connectivity between your app and resources in the virtual network is fully isolated. For more information about network security in an App Service Environment, see [Network isolation](#network-isolation).
 
 ### On-premises resources
 
 You can securely access on-premises resources, such as databases, in three ways:
 
-- *[Hybrid connection](app-service-hybrid-connections.md)* - Use a hybrid connection to establish a point-to-point connection to your remote resource through a TCP tunnel. The TCP tunnel is established by using TLS 1.2 with shared access signature keys.
-- *[Virtual network integration](./overview-vnet-integration.md) with a site-to-site VPN* - As described in [Resources inside an Azure virtual network](#resources-inside-an-azure-virtual-network), but in virtual network integration, the virtual network can be connected to your on-premises network through a [site-to-site VPN](../vpn-gateway/tutorial-site-to-site-portal.md). In this network topology, your app can connect to on-premises resources like it connects to other resources in the virtual network.
-- *[App Service Environment](environment/intro.md) with a site-to-site VPN* - As described in [Resources inside an Azure virtual network](#resources-inside-an-azure-virtual-network), but in an App Service Environment, the virtual network can be connected to your on-premises network through a [site-to-site VPN](../vpn-gateway/tutorial-site-to-site-portal.md). In this network topology, your app can connect to on-premises resources like it connects to other resources in the virtual network.
+- **[Hybrid connection](app-service-hybrid-connections.md)** - Use a hybrid connection to establish a point-to-point connection to your remote resource through a TCP tunnel. The TCP tunnel is established by using TLS 1.2 with shared access signature keys.
+- **[Virtual network integration](./overview-vnet-integration.md) with a site-to-site VPN** - As described in [Resources inside an Azure virtual network](#resources-inside-an-azure-virtual-network), but in virtual network integration, the virtual network can be connected to your on-premises network through a [site-to-site VPN](../vpn-gateway/tutorial-site-to-site-portal.md). In this network topology, your app can connect to on-premises resources like it connects to other resources in the virtual network.
+- **[App Service Environment](environment/intro.md) with a site-to-site VPN** - As described in [Resources inside an Azure virtual network](#resources-inside-an-azure-virtual-network), but in an App Service Environment, the virtual network can be connected to your on-premises network through a [site-to-site VPN](../vpn-gateway/tutorial-site-to-site-portal.md). In this network topology, your app can connect to on-premises resources like it connects to other resources in the virtual network.
 
 ## Application secrets
 
-Don't store application secrets like database credentials, API tokens, and private keys in your code or configuration files. The commonly accepted approach is to access them as [environment variables](https://wikipedia.org/wiki/Environment_variable) by using the standard pattern in your language of choice. In App Service, the way to define environment variables is through [app settings](configure-common.md#configure-app-settings) (and, especially for .NET applications, [connection strings](configure-common.md#configure-connection-strings)). App settings and connection strings are stored encrypted in Azure, and they're decrypted only before they're injected into your app's process memory when the app starts. The encryption keys are rotated regularly.
+Don't store application secrets like database credentials, API tokens, and private keys in your code or configuration files. The commonly accepted approach is to access them as [environment variables](https://wikipedia.org/wiki/Environment_variable) by using the standard pattern in your language of choice. In App Service, the way to define environment variables is through [app settings](configure-common.md#configure-app-settings) (and, especially for .NET applications, [connection strings](configure-common.md#configure-connection-strings)). App settings and connection strings are stored encrypted in Azure. They're decrypted only before they're injected into your app's process memory when the app starts. The encryption keys are rotated regularly.
 
-Alternatively, you can integrate your App Service app with [Azure Key Vault](/azure/key-vault/) for advanced secrets management. By [accessing the key vault with a managed identity](/azure/key-vault/general/tutorial-net-create-vault-azure-web-app), your App Service app can securely access the secrets you need.
+Alternatively, you can integrate your App Service app with [Azure Key Vault](/azure/key-vault/) for advanced secrets management. By [accessing the key vault by using a managed identity](/azure/key-vault/general/tutorial-net-create-vault-azure-web-app), your App Service app can securely access the secrets you need.
 
 ## Network isolation
 
-Except for the **Isolated** pricing tier, all tiers run your apps on the shared network infrastructure in App Service. For example, the public IP addresses and front-end load balancers are shared with other tenants. The **Isolated** tier gives you complete network isolation by running your apps inside a dedicated [App Service Environment](environment/intro.md). An App Service Environment runs in your own instance of [Azure Virtual Network](../virtual-network/index.yml).
+Except for the **Isolated** pricing tier, all tiers run your apps on the shared network infrastructure in App Service. For example, the public IP addresses and front-end load balancers are shared with other tenants. The Isolated tier gives you complete network isolation by running your apps inside a dedicated [App Service Environment](environment/intro.md). An App Service Environment runs in your own instance of [Azure Virtual Network](../virtual-network/index.yml).
 
 You can:
 
 - Serve your apps through a dedicated public endpoint, with dedicated front ends.
 - Serve internal application by using an internal load balancer (ILB), which allows access only from inside your Azure virtual network. The ILB has an IP address from your private subnet, which provides total isolation of your apps from the internet.
-- [Use an ILB behind a web application firewall (WAF)](environment/integrate-with-application-gateway.md). The WAF offers enterprise-level protection to your public-facing applications, such as protection from Distributed Denial-of-Service (DDoS) attacks, URI filtering, and preventing SQL injection.
+- [Use an ILB behind a web application firewall (WAF)](environment/integrate-with-application-gateway.md). The WAF offers enterprise-level protection to your public-facing applications, such as protection from distributed denial-of-service (DDoS), URI filtering, and SQL injection.
 
 ## DDoS protection
 

articles/app-service/overview-tls.md

@@ -1,5 +1,5 @@
 ---
-title: TLS and SSL overview
+title: TLS and SSL Overview
 description: Learn how TLS and SSL work in Azure App Service, including TLS version support, certificate management, bindings, and mutual authentication to protect web app traffic.
 keywords: Azure App Service, SSL, TLS, HTTPS, certificate management, TLS mutual authentication, secure bindings, SSL certificates, App Service Certificates, SSL in code, TLS versions
 ms.topic: overview