update token validation policies

Author: dlepow

articles/api-management/validate-azure-ad-token-policy.md

@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: api-management
 ms.topic: article
-ms.date: 12/08/2022
+ms.date: 10/19/2023
 ms.author: danlep
 ---
 
@@ -92,7 +92,6 @@ The `validate-azure-ad-token` policy enforces the existence and validity of a JS
 ### Usage notes
 
 * You can use access restriction policies in different scopes for different purposes. For example, you can secure the whole API with Microsoft Entra authentication by applying the `validate-azure-ad-token` policy on the API level, or you can apply it on the API operation level and use `claims` for more granular control.
-* When using a custom header (`header-name`), the header value cannot be prefixed with `Bearer ` and should be removed.
 
 ## Examples
 

articles/api-management/validate-jwt-policy.md

@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: api-management
 ms.topic: article
-ms.date: 12/08/2022
+ms.date: 10/19/2023
 ms.author: danlep
 ---
 
@@ -121,7 +121,6 @@ The `validate-jwt` policy enforces existence and validity of a supported JSON we
 * The policy supports tokens encrypted with symmetric keys using the following encryption algorithms: A128CBC-HS256, A192CBC-HS384, A256CBC-HS512.
 * To configure the policy with one or more OpenID configuration endpoints for use with a self-hosted gateway, the OpenID configuration endpoints URLs must also be reachable by the cloud gateway.
 * You can use access restriction policies in different scopes for different purposes. For example, you can secure the whole API with Microsoft Entra authentication by applying the `validate-jwt` policy on the API level, or you can apply it on the API operation level and use `claims` for more granular control.
-* When using a custom header (`header-name`), the header value cannot be prefixed with `Bearer ` and should be removed.
 
 
 ## Examples