Updates per PM feedback

Author: ecfan

articles/logic-apps/logic-apps-limits-and-config.md

@@ -32,7 +32,6 @@ Here are the limits for a single logic app definition:
 | Length of `description` | 256 characters | |
 | Maximum `parameters` | 50 | |
 | Maximum `outputs` | 10 | |
-||||
 
 <a name="run-duration-retention-limits"></a>
 
@@ -151,7 +150,7 @@ Some connector operations make asynchronous calls or listen for webhook requests
 |------|--------------------|---------------------------------------|-------|
 | Message size | 100 MB | 200 MB | To work around this limit, see [Handle large messages with chunking](../logic-apps/logic-apps-handle-large-messages.md). However, some connectors and APIs might not support chunking or even the default limit. |
 | Message size with chunking | 1 GB | 5 GB | This limit applies to actions that natively support chunking or let you enable chunking in their runtime configuration. <p>For the integration service environment, the Logic Apps engine supports this limit, but connectors have their own chunking limits up to the engine limit, for example, see the [Azure Blob Storage connector's API reference](https://docs.microsoft.com/connectors/azureblob/). For more information chunking, see [Handle large messages with chunking](../logic-apps/logic-apps-handle-large-messages.md). |
-|||||   
+|||||
 
 #### Character limits
 
@@ -170,6 +169,18 @@ Some connector operations make asynchronous calls or listen for webhook requests
 | Retry min delay | 5 seconds | To change the default, use the [retry policy parameter](../logic-apps/logic-apps-workflow-actions-triggers.md). |
 ||||
 
+<a name="authentication-limits"></a>
+
+### Authentication limits
+
+Here are the limits for a logic app that starts with a Request trigger and enables [Azure Active Directory Open Authentication](../active-directory/develop/about-microsoft-identity-platform.md) (Azure AD OAuth) for authorizing inbound calls to the Request trigger:
+
+| Name | Limit | Notes |
+| ---- | ----- | ----- |
+| Azure AD authorization policies | 5 | |
+| Claims per authorization policy | 10 | |
+||||
+
 <a name="custom-connector-limits"></a>
 
 ## Custom connector limits

articles/logic-apps/logic-apps-securing-a-logic-app.md

@@ -96,15 +96,15 @@ In the body, include the `KeyType` property as either `Primary` or `Secondary`.
 
 If your logic app starts with a Request trigger, you can enable [Azure Active Directory Open Authentication](../active-directory/develop/about-microsoft-identity-platform.md) (Azure AD OAuth) for authorizing inbound calls to the Request trigger. Before you enable this authentication, review these considerations:
 
-* Your logic app can have up to five authorization policies. Each authorization policy can have up to 10 [claims](../active-directory/develop/developer-glossary.md#claim).
+* Your logic app is limited to a maximum number of authorization policies. Each authorization policy also has a maximum number of [claims](../active-directory/develop/developer-glossary.md#claim). For more information, see [Limits and configuration for Azure Logic Apps](../logic-apps/logic-apps-limits-and-config.md#authentication-limits).
 
 * An authorization policy must include at least the **Issuer** claim, which has a value that starts with `https://sts.windows.net/` as the Azure AD issuer ID.
 
-* Your logic app can't use both Azure AD OAuth and [Shared Access Signatures (SAS)](#sas) authorization schemes.
+* An inbound call to your logic app can use only one authorization scheme, either Azure AD OAuth or [Shared Access Signatures (SAS)](#sas).
 
-* OAuth tokens are supported only for workflow trigger requests.
+* OAuth tokens are supported only for the Request trigger.
 
-* Only Bearer-type authorization schemes are supported for OAuth tokens.
+* Only [Bearer-type](../active-directory/develop/active-directory-v2-protocols.md#tokens) authorization schemes are supported for OAuth tokens.
 
 To enable Azure AD OAuth, follow these steps to add one or more authorization policies to your logic app.