dev feedback

robswain · robswain · commit df2b2a13719c · 2024-05-15T19:01:50.000+01:00
diff --git a/articles/private-5g-core/collect-required-information-for-a-site.md b/articles/private-5g-core/collect-required-information-for-a-site.md
@@ -60,40 +60,14 @@ If you have a Remote Authentication Dial-In User Service (RADIUS) authentication
 |---------|---------|
 |IP address for the RADIUS AAA server. |RADIUS server address |
 |IP address for the network access servers (NAS). |RADIUS NAS address |
-|Port to use on the RADIUS AAA server. |RADIUS server port |
+|Authentication port to use on the RADIUS AAA server. |RADIUS server port |
 |The names of one or more data networks that require RADIUS authentication. |RADIUS Auth applies to DNs |
 |Whether to use: </br></br>- the default username and password, defined in your Azure Key Vault </br></br>- the International Mobile Subscriber Identity (IMSI) as the username, with the password defined in your Azure Key Vault. |RADIUS authentication username. |
-|URL of the certificate used to secure communication between the packet core and AAA server, stored in your Azure Key Vault. |Shared secret |
+|URL of the secret used to secure communication between the packet core and AAA server, stored in your Azure Key Vault. |Shared secret |
 |URL of the default username secret, stored in your Azure Key Vault. Not required if using IMSI. |Secret URI for the default username |
 |URL of the default password secret, stored in your Azure Key Vault. |Secret URI for the default password |
 
-To add the default username and password secrets to Azure Key Vault, see [Quickstart: Set and retrieve a secret from Azure Key Vault using the Azure portal](../key-vault/secrets/quick-create-portal.md).
-
-To add the certificate to Azure Key Vault:
-
-   1. Either [create an Azure Key Vault](../key-vault/general/quick-create-portal.md) or choose an existing one to host your certificate. Ensure the key vault is configured with **Azure Virtual Machines for deployment** resource access.
-   1. Ensure your certificate is stored in your key vault. You can either [generate a Key Vault certificate](../key-vault/certificates/create-certificate.md) or [import an existing certificate to your Key Vault](../key-vault/certificates/tutorial-import-certificate.md?tabs=azure-portal#import-a-certificate-to-your-key-vault). Your certificate must:
-
-      - Be signed by a globally known and trusted CA.
-      - Use a private key of type RSA or EC to ensure it's exportable (see [Exportable or non-exportable key](../key-vault/certificates/about-certificates.md) for more information).
-
-      We also recommend setting a DNS name for your certificate.
-
-   1. If you want to configure your certificate to renew automatically, see [Tutorial: Configure certificate auto-rotation in Key Vault](../key-vault/certificates/tutorial-rotate-certificates.md) for information on enabling auto-rotation.
-
-      > [!NOTE]
-      >
-      > - Certificate validation will always be performed against the latest version of the local access certificate in the Key Vault.
-      > - If you enable auto-rotation, it might take up to four hours for certificate updates in the Key Vault to synchronize with the edge location.
-
-   1. Decide how you want to provide access to your certificate. You can use a Key Vault access policy or Azure role-based access control (RBAC).
-
-      - [Assign a Key Vault access policy](../key-vault/general/assign-access-policy.md?tabs=azure-portal). Provide **Get** and **List** permissions under **Secret permissions** and **Certificate permissions** to the **Azure Private MEC** service principal.
-      - [Provide access to Key Vault keys, certificates, and secrets with an Azure role-based access control (RBAC)](../key-vault/general/rbac-guide.md?tabs=azure-cli). Provide **Key Vault Reader** and **Key Vault Secrets User** permissions to the **Azure Private MEC** service principal.
-      - If you want to, assign the Key Vault access policy or Azure RBAC to a [user-assigned identity](../active-directory/managed-identities-azure-resources/overview.md).
-
-          - If you have an existing user-assigned identity configured for diagnostic collection you can modify it.
-          - Otherwise, you can create a new user-assigned identity.
+To add the secrets to Azure Key Vault, see [Quickstart: Set and retrieve a secret from Azure Key Vault using the Azure portal](../key-vault/secrets/quick-create-portal.md).
 
 ## Collect access network values
 
diff --git a/articles/private-5g-core/security.md b/articles/private-5g-core/security.md
@@ -52,7 +52,7 @@ As these credentials are highly sensitive, Azure Private 5G Core won't allow use
 
 ## RADIUS authentication
 
-Azure Private 5G Core supports Remote Authentication Dial-In User Service (RADIUS) authentication. You can configure the packet core to contact a RADIUS authentication, authorization and accounting (AAA) server in your network to authenticate UEs on attachment to the network and session establishment. Communication between the packet core and RADIUS server is secured with a certificate stored in Azure Key Vault. The default username and password for UEs are also stored in Azure Key Vault. You can use the UE's International Mobile Subscriber Identity (IMSI) in place of a default username. See [Collect RADIUS values](collect-required-information-for-a-site.md#collect-radius-values) for details.
+Azure Private 5G Core supports Remote Authentication Dial-In User Service (RADIUS) authentication. You can configure the packet core to contact a RADIUS authentication, authorization and accounting (AAA) server in your network to authenticate UEs on attachment to the network and session establishment. Communication between the packet core and RADIUS server is secured with a shared secret that is stored in Azure Key Vault. The default username and password for UEs are also stored in Azure Key Vault. You can use the UE's International Mobile Subscriber Identity (IMSI) in place of a default username. See [Collect RADIUS values](collect-required-information-for-a-site.md#collect-radius-values) for details.
 
 Your RADIUS server must be reachable from your Azure Stack Edge device on the management network. RADIUS is only supported for initial authentication. Other RADIUS features, such as accounting, are not supported.
 
