MicrosoftDocs
diff --git a/‎articles/azure-web-pubsub/howto-authorize-from-application.md
Lines changed: 4 additions & 4 deletions b/‎articles/azure-web-pubsub/howto-authorize-from-application.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎articles/azure-web-pubsub/howto-authorize-from-managed-identity.md
Lines changed: 8 additions & 8 deletions b/‎articles/azure-web-pubsub/howto-authorize-from-managed-identity.md
Lines changed: 8 additions & 8 deletions
diff --git a/‎articles/azure-web-pubsub/howto-client-certificate.md
Lines changed: 6 additions & 6 deletions b/‎articles/azure-web-pubsub/howto-client-certificate.md
Lines changed: 6 additions & 6 deletions
diff --git a/‎articles/azure-web-pubsub/howto-custom-domain.md
Lines changed: 46 additions & 39 deletions b/‎articles/azure-web-pubsub/howto-custom-domain.md
Lines changed: 46 additions & 39 deletions
@@ -12,7 +12,7 @@ ms.topic: conceptual
 
 Azure Web PubSub supports Microsoft Entra ID for authorizing requests from [applications](../active-directory/develop/app-objects-and-service-principals.md).
 
-This article shows you how to configure your Web PubSub resource and codes to authorize the request to a Web PubSub resource from an Azure application.
+This article shows you how to configure your Web PubSub resource and code to authorize the request to a Web PubSub resource from an Azure application.
 
 ## Register an application
 
@@ -24,10 +24,10 @@ The first step is to register an Azure application.
 
    ![Screenshot that shows registering an application.](./media/howto-authorize-from-application/register-an-application.png)
 
-1. Enter a display **Name** for your application.
+1. For **Name**, enter a name to use for your application.
 1. Select **Register** to confirm the register.
 
-When your application is registered, go to the application **Overview** pane to view the values for **Application (client) ID** and **Directory (tenant) ID**. You use these values in the following sections.
+When your application is registered, go to the application overview to view the values for **Application (client) ID** and **Directory (tenant) ID**. You use these values in the following sections.
 
 ![Screenshot that shows an application.](./media/howto-authorize-from-application/application-overview.png)
 
@@ -59,7 +59,7 @@ You can also upload a certificate instead of creating a client secret.
 
 ![Screenshot that shows uploading a certificate.](./media/howto-authorize-from-application/upload-certificate.png)
 
-For information about adding credentials, see [Add credentials](../active-directory/develop/quickstart-register-app.md#add-credentials).
+For more information about adding credentials, see [Add credentials](../active-directory/develop/quickstart-register-app.md#add-credentials).
 
 ## Add a role assignment in the Azure portal
 
 
@@ -1,31 +1,31 @@
 ---
-title: Authorize a managed identity request to Web PubSub resources
-description: Learn how to authorize a managed identity request to Web PubSub resources by using Microsoft Entra ID.
+title: Authorize a managed identity request
+description: Learn how to authorize a managed identity request to your Web PubSub resources by using Microsoft Entra ID.
 author: terencefan
 ms.author: tefa
 ms.date: 08/16/2024
 ms.service: azure-web-pubsub
 ms.topic: conceptual
 ---
 
-# Authorize a managed identity request to Web PubSub resources by using Microsoft Entra ID
+# Authorize a managed identity request by using Microsoft Entra ID
 
 Azure Web PubSub Service supports Microsoft Entra ID for authorizing requests from [managed identities](../active-directory/managed-identities-azure-resources/overview.md).
 
-This article shows you how to configure your Web PubSub resource and codes to authorize the request to a Web PubSub resource from a managed identity.
+This article shows you how to configure your Web PubSub resource and code to authorize the request to a Web PubSub resource from a managed identity.
 
 ## Configure managed identities
 
 The first step is to configure managed identities.
 
-In this section, you set a system-assigned managed identity on a virtual machine by using the Azure portal.
+In this section, you set up a system-assigned managed identity on a virtual machine by using the Azure portal.
 
 1. In the [Azure portal](https://portal.azure.com/), search for and then select a virtual machine (VM).
 1. Under **Settings**, select **Identity**.
 1. On the **System assigned** tab, set **Status** to **On**.
 
    ![Screenshot that shows creating a system identity for a virtual machine.](./media/howto-authorize-from-managed-identity/identity-virtual-machine.png)
-1. Select the **Save** button to confirm the change.
+1. Select **Save** to confirm the change.
 
 ### Create a user-assigned managed identity
 
@@ -37,7 +37,7 @@ Learn how to [create a user-assigned managed identity](../active-directory/manag
 - [Configure managed identities for Azure resources on an Azure VM by using Azure PowerShell](../active-directory/managed-identities-azure-resources/qs-configure-powershell-windows-vm.md)
 - [Configure managed identities for Azure resources on an Azure VM by using the Azure CLI](../active-directory/managed-identities-azure-resources/qs-configure-cli-windows-vm.md)
 - [Configure managed identities for Azure resources on an Azure VM by using a template](../active-directory/managed-identities-azure-resources/qs-configure-template-windows-vm.md)
-- [Configure a VM with managed identities for Azure resources by using an Azure SDK](../active-directory/managed-identities-azure-resources/qs-configure-sdk-windows-vm.md)
+- [Configure managed identities for Azure resources on a VM by using the Azure SDK](../active-directory/managed-identities-azure-resources/qs-configure-sdk-windows-vm.md)
 
 ### Configure managed identities for Azure App Service and Azure Functions
 
@@ -52,7 +52,7 @@ This section demonstrates how to assign the Web PubSub Service Owner role to a s
 
 1. In the [Azure portal](https://portal.azure.com/), go to your Web PubSub resource.
 
-1. On the left menu, select **Access control (IAM)** to display access control settings for your Web PubSub service.
+1. On the left menu, select **Access control (IAM)** to display access control settings for your Web PubSub instance.
 
 1. Select the **Role assignments** tab and view the role assignments at this scope.
 
 
@@ -1,25 +1,25 @@
 ---
-title: Enable client certificate authentication for Azure Web PubSub (Preview)
-titleSuffix: Azure Web PubSub Service
-description: Learn how to enable client certificate authentication for Azure Web PubSub (Preview)
+title: Turn on client certificate authentication (preview)
+titleSuffix: Azure Web PubSub
+description: Learn how to turn on client certificate authentication for Azure Web PubSub (preview).
 author: ArchangelSDY
 ms.service: azure-web-pubsub
 ms.topic: how-to
 ms.date: 06/20/2023
 ms.author: dayshen
 ---
 
-# Enable client certificate authentication for Azure Web PubSub (Preview)
+# Turn on client certificate authentication (preview)
 
-You can restrict access to your instance of Azure Web PubSub by enabling different types of authentication for it. One authentication method is to request a client certificate and validate the certificate in event handlers. This mechanism is called *client certificate authentication* or *Transport Layer Security (TLS) mutual authentication*. This article shows you how to set up your Web PubSub instance to use client certificate authentication.
+You can restrict access to your instance of Azure Web PubSub by turning on different types of authentication for the resource. One authentication method is to request a client certificate and validate the certificate in event handlers. This mechanism is called *client certificate authentication* or *Transport Layer Security (TLS) mutual authentication*. This article shows you how to set up your Web PubSub instance to use client certificate authentication.
 
 > [!NOTE]
 > Enabling client certificate authentication in a browser scenario generally is not recommended. Different browsers have different behaviors when they process a client certificate request, and you have little control in a JavaScript application. If you want to enable client certificate authentication, we recommend that you use it in scenarios in which you have strong control over TLS settings. An example is in a native application.
 
 ## Prerequisites
 
 * An Azure account with an active subscription. If you don't have an Azure account, you can [create an account for free](https://azure.microsoft.com/free/).
-* An Azure Web PubSub instance (must be minimum Standard tier).
+* An Azure Web PubSub instance at a minimum Standard tier.
 * A function created in Azure Functions to handle connect events.
 * A client certificate. You need to know its SHA-1 thumbprint.
 
 
@@ -1,56 +1,65 @@
 ---
-title: Configure a custom domain for Azure Web PubSub
-titleSuffix: Azure Web PubSub Service
-description: Learn how to configure a custom domain for Azure Web PubSub.
+title: Add a custom domain
+titleSuffix: Azure Web PubSub
+description: Learn how to create and configure a custom domain for Azure Web PubSub.
 author: ArchangelSDY
 ms.service: azure-web-pubsub
 ms.topic: how-to
-ms.date: 03/30/2023
+ms.date: 08/16/2024
 ms.author: dayshen
 ---
 
-# Configure a custom domain for Azure Web PubSub
+# Add a custom domain
 
-In addition to the default domain that the Azure Web PubSub service provides, you can add a custom domain. A custom domain is a domain name that you own and manage. You can use a custom domain to access your Web PubSub resource. For example, you can use `contoso.example.com` instead of `contoso.webpubsub.azure.com` to access your Azure Web PubSub resource.
+In addition to the default domain that is included in an instance of Azure Web PubSub, you can add a custom domain. A custom domain is a domain name that you own and manage. You can use a custom domain to access your Web PubSub resources. For example, you can use `contoso.example.com` instead of `contoso.webpubsub.azure.com` to access your resources.
 
 ## Prerequisites
 
 * An Azure account with an active subscription. If you don't have an Azure account, you can [create an account for free](https://azure.microsoft.com/free/).
-* An Azure Web PubSub service (must be minimum Premium tier).
+* An Azure Web PubSub resource at a minimum Premium tier.
 * An Azure Key Vault resource.
 * A custom certificate matching custom domain that is stored in Azure Key Vault.
 
 ## Add a custom certificate
 
 Before you can add a custom domain, add a matching custom certificate. A custom certificate is a resource of your instance of Web PubSub. It references a certificate in your key vault. For security and compliance, Web PubSub doesn't permanently store your certificate. Instead, it fetches the certificate from your key vault and keeps it in memory.
 
-### Grant your Web PubSub resource access to the key vault
+## Give access to a managed identity
 
-Azure Web PubSub Service uses Managed Identity to access your Key Vault. In order to authorize, it needs to be granted permissions.
+Azure Web PubSub uses a managed identity to access your key vault. To authorize access, it must be granted permissions.
 
-1. In the Azure portal, go to your Azure Web PubSub resource.
-1. On the left pane, select **Identity**.
+### Create a managed identity
 
-1. Select the type of identity to use: **System assigned** or **User assigned**. To use a user-assigned identity, first you create one.
+1. In the Azure portal, go to your Web PubSub resource.
+
+1. On the left menu, select **Identity**.
+
+1. Select the type of identity to use: **System assigned** or **User assigned**. To use a user-assigned identity, you create one first.
 
-    To use a system-assigned identity:
+    To use a system-assigned identity:  
 
     1. Select **On**.
+
     1. Select **Yes** to confirm.
+
     1. Select **Save**.
 
-   :::image type="content" alt-text="Screenshot of enabling a system-assigned managed identity." source="media\howto-custom-domain\portal-identity.png" :::
+   :::image type="content" alt-text="Screenshot that shows adding a system-assigned managed identity." source="media\howto-custom-domain\portal-identity.png" :::
 
-    To use a user-assigned identity:
+    To add a user-assigned identity:  
 
     1. Select **Add user assigned managed identity**.
+
     1. Select an existing identity.
+
     1. Select **Add**.
 
-    :::image type="content" alt-text="Screenshot of enabling a user-assigned managed identity." source="media\howto-custom-domain\portal-user-assigned-identity.png" :::
+    :::image type="content" alt-text="Screenshot that shows adding a user-assigned managed identity." source="media\howto-custom-domain\portal-user-assigned-identity.png" :::
 
 1. Select **Save**.
 
+### Grant permissions to the key vault
+
 Depending on how you configure your Azure Key Vault permissions model, you might need to grant permissions at different locations in the Azure portal.
 
 #### [Key vault access policy](#tab/vault-access-policy)
@@ -59,7 +68,7 @@ If you use a key vault built-in access policy as a key vault permissions model:
 
 :::image type="content" alt-text="Screenshot of a built-in access policy selected as the key vault permissions model." source="media\howto-custom-domain\portal-key-vault-perm-model-access-policy.png" :::
 
-1. Go to your Key Vault resource.
+1. Go to your key vault resource.
 1. On the left menu, select **Access configuration**.
 1. Select **Vault access policy**.
 1. Select **Go to access policies**.
@@ -81,11 +90,11 @@ If you use a key vault built-in access policy as a key vault permissions model:
 
 #### [Azure role-based access control](#tab/azure-rbac)
 
-If you're using Azure role-based access control as Key Vault permission model:
+If you use Azure role-based access control (Azure RBAC) as a key vault permissions model:
 
-:::image type="content" alt-text="Screenshot of Azure RBAC selected as the key vault permission model." source="media\howto-custom-domain\portal-key-vault-perm-model-rbac.png" :::
+:::image type="content" alt-text="Screenshot of Azure RBAC selected as the key vault permissions model." source="media\howto-custom-domain\portal-key-vault-perm-model-rbac.png" :::
 
-1. Go to your Key Vault resource.
+1. Go to your key vault resource.
 1. On the left menu, select **Access control (IAM)**.
 1. Select **Add** > **Add role assignment**.
 
@@ -122,50 +131,48 @@ If you're using Azure role-based access control as Key Vault permission model:
 
 Web PubSub fetches the certificate and validates its contents. When certificate validation succeeds, **Provisioning State** for the certificate is **Succeeded**.
 
-:::image type="content" alt-text="Screenshot of an added custom certificate." source="media\howto-custom-domain\portal-custom-certificate-added.png" :::
+:::image type="content" alt-text="Screenshot that shows an added custom certificate." source="media\howto-custom-domain\portal-custom-certificate-added.png" :::
 
 ## Create a custom domain CNAME
 
-To validate the ownership of your custom domain, you need to create a CNAME record for the custom domain and point it to the default domain of your Web PubSub resource.
+To validate the ownership of your custom domain, create a CNAME record for the custom domain and point it to the default domain of your Web PubSub resource.
 
 For example, if your default domain is `contoso.webpubsub.azure.com` and your custom domain is `contoso.example.com`, create a CNAME record on `example.com` like in this example:
 
-```plaintext
-contoso.example.com. 0 IN CNAME contoso.webpubsub.azure.com.
-```
+`contoso.example.com. 0 IN CNAME contoso.webpubsub.azure.com`
 
-If you're using Azure DNS Zone, see [Manage DNS records](../dns/dns-operations-recordsets-portal.md) to learn how to add a CNAME record.
+If you use Azure DNS Zone, to learn how to add a CNAME record, see [Manage DNS records](../dns/dns-operations-recordsets-portal.md).
 
-:::image type="content" alt-text="Screenshot of adding a CNAME record in Azure DNS Zone." source="media\howto-custom-domain\portal-dns-cname.png" :::
+:::image type="content" alt-text="Screenshot that shows adding a CNAME record in Azure DNS Zone." source="media\howto-custom-domain\portal-dns-cname.png" :::
 
-If you use other DNS providers, use the provider's documentation to create a CNAME record.
+If you use other DNS providers, follow guidance in the provider's documentation to create a CNAME record.
 
-## Add a custom domain
+## Add a custom domain to Web PubSub
 
 A custom domain is another sub resource of your Web PubSub instance. It contains all configurations that are required for a custom domain.
 
 1. In the Azure portal, go to your Web PubSub resource.
 1. On the left menu, select **Custom domain**.
 1. On the **Custom domain** pane, select **Add**.
 
-   :::image type="content" alt-text="Screenshot of custom domain management." source="media\howto-custom-domain\portal-custom-domain-management.png" :::
+   :::image type="content" alt-text="Screenshot that shows custom domain management." source="media\howto-custom-domain\portal-custom-domain-management.png" :::
 
 1. Enter a name for the custom domain. Use the sub resource name.
 1. Enter the domain name. Use the full domain name of your custom domain, for example, `contoso.com`.
 1. Select a custom certificate that applies to this custom domain.
 1. Select **Add**.
 
-   :::image type="content" alt-text="Screenshot of adding a custom domain." source="media\howto-custom-domain\portal-custom-domain-add.png" :::
+   :::image type="content" alt-text="Screenshot that shows adding a custom domain." source="media\howto-custom-domain\portal-custom-domain-add.png" :::
 
 ## Verify a custom domain
 
 You can now access your Web PubSub endpoint by using the custom domain.
 
-To verify the domain, you can access the health API. The following examples use cURL.
+To verify the domain, you can access the Health API. The following examples use cURL.
 
 #### [PowerShell](#tab/azure-powershell)
 
-```powershell
+```azurepowershell
 PS C:\> curl.exe -v https://contoso.example.com/api/health
 ...
 > GET /api/health HTTP/1.1
@@ -192,21 +199,21 @@ $ curl -vvv https://contoso.example.com/api/health
 
 -----
 
-The health API should return a `200` status code without any certificate errors.
+The Health API should return a `200` status code without any certificate errors.
 
 ## Private network key vault
 
-If you configure a [private endpoint](../private-link/private-endpoint-overview.md) to your key vault, Web PubSub can't access the key vault by using a public network. You must set up a [shared private endpoint](./howto-secure-shared-private-endpoints-key-vault.md) to let Web PubSub access your key vault via a private network.
+If you configure a [private endpoint](../private-link/private-endpoint-overview.md) to your key vault, Web PubSub can't access the key vault by using a public network. You must set up a [shared private endpoint](./howto-secure-shared-private-endpoints-key-vault.md) to give Web PubSub access to your key vault via a private network.
 
-After you create a shared private endpoint, you can create a custom certificate as usual. *You don't have to change the domain in the key vault URI.* For example, if your key vault base URI is `https://contoso.vault.azure.net`, you still use this URI to configure a custom certificate.
+After you create a shared private endpoint, you can create a custom certificate as usual. You *don't have to change the domain in the key vault URI*. For example, if your key vault base URI is `https://contoso.vault.azure.net`, continue to use this URI to configure a custom certificate.
 
-You don't have to explicitly allow Web PubSub IP addresses in your key vault firewall settings. For more information, see [Key Vault private link diagnostics](/azure/key-vault/general/private-link-diagnostics).
+You don't have to explicitly allow Web PubSub IP addresses in your key vault firewall settings. For more information, see [Key vault private link diagnostics](/azure/key-vault/general/private-link-diagnostics).
 
 ## Certificate rotation
 
-If you don't specify a secret version when you create custom certificate, Web PubSub periodically checks latest version in Key Vault. When a new version is detected, it's automatically applied. The delay is usually within an hour.
+If you don't specify a secret version when you create a custom certificate, Web PubSub periodically checks for the latest version in the key vault. When a new version is detected, it's automatically applied. The delay is usually within an hour.
 
-Alternatively, you can also pin a custom certificate to a specific secret version in your key vault. When you need to apply a new certificate, you can edit the secret version, and then update the custom certificate proactively.
+Alternatively, you can pin a custom certificate to a specific secret version in your key vault. When you need to apply a new certificate, you can edit the secret version, and then update the custom certificate proactively.
 
 ## Related content