Skip to content

Commit c960393

Browse files
update overview
1 parent 84c72ef commit c960393

File tree

1 file changed

+5
-7
lines changed

1 file changed

+5
-7
lines changed

articles/azure-app-configuration/quickstart-deployment-overview.md

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -17,18 +17,16 @@ Azure App Configuration supports following methods to read and manage your confi
1717
- [Bicep](./quickstart-bicep.md)
1818
- Terraform
1919

20-
## Manage Azure App Configuration resources
21-
Azure App Configuration resources can be managed during deployment.
22-
20+
## Manage Azure App Configuration resources in deployment
2321
### Authorization
2422
You must have permissions to manage Azure App Configuration resources. Azure role-based access control (Azure RBAC) roles that provide these permissions include the Microsoft.AppConfiguration/configurationStores/write or Microsoft.AppConfiguration/configurationStores/* action. Built-in roles with this action include:
2523
- The Azure Resource Manager Owner role
2624
- The Azure Resource Manager Contributor role
2725

2826
To learn more about Azure RBAC and Microsoft Entra ID, see [Authorize access to Azure App Configuration using Microsoft Entra ID](./concetp-enable-rbac.md)
2927

30-
## Manage Azure App Configuration data
31-
Azure App Configuration data, such as key-values and snapshots, can be managed during deployment.
28+
## Manage Azure App Configuration data in deployment
29+
Azure App Configuration data, such as key-values and snapshots, can be managed in deployment. It's recommended to configure **Pass-through** ARM authentication mode to require proper Azure App Configuration data plane authorization.
3230

3331
### ARM authentication mode
3432
# [Azure portal](#tab/portal)
@@ -47,10 +45,10 @@ To configure ARM authentication mode of Azure App Configuration resource in the
4745
---
4846

4947
> [!NOTE]
50-
> Local authentication mode is for backward compatibility and has several limitations. Local authentication mode does not support proper auditing for accessing data during deployment. Key-value data access inside an ARM template/Bicep/Terraform is disabled if access key authentication is disabled under local authentication mode. For more information, see [disable access we key authentication](./howto-disable-access-key-authentication.md#limitations). Azure App Configuration data plane permissions are not required for accessing data under local authentication mode.
48+
> Local authentication mode is for backward compatibility and has several limitations. It does not support proper auditing for accessing data in deployment. Under local authentication mode, key-value data access inside an ARM template/Bicep/Terraform is disabled if [access key authentication is disabled](./howto-disable-access-key-authentication.md#limitations). Azure App Configuration data plane permissions are not required for accessing data under local authentication mode.
5149
5250
### Authorization
53-
You must have permissions to read and manage Azure App Configuration data during deployment. In addition to the permissions required for Azure App Configuration resource, which are provided by built-in Owner or Contributor roles, Azure App Configuration data plane permissions including Microsoft.AppConfiguration/configurationStores/keyValues/read and Microsoft.AppConfiguration/configurationStores/snapshots/read are also required under pass-through authentication mode. Built-in roles with this action include:
51+
You must have permissions to read and manage Azure App Configuration data in deployment. In addition to the permissions required for Azure App Configuration resource, which are provided by built-in Owner or Contributor roles, Azure App Configuration data plane permissions including Microsoft.AppConfiguration/configurationStores/keyValues/read and Microsoft.AppConfiguration/configurationStores/snapshots/read are also required under pass-through authentication mode. Built-in roles with this action include:
5452
- App Configuration Data Owner
5553
- App Configuration Data Reader
5654

0 commit comments

Comments
 (0)