Update documentation for clarity and consistency.

Author: LHL407

articles/app-service/app-service-undelete.md

@@ -111,7 +111,7 @@ Restore-AzDeletedWebApp -ResourceGroupName <original_rg> -Name <original_app> -D
 
 The inputs for command are:
 
-- **Target Resource Group**: Target resource group to which you're restoring the app.
+- **Target Resource Group**: Target resource group where the app will be restored.
 - **TargetName**: Target app to which you're restoring the deleted app.
 - **TargetAppServicePlanName**: App Service plan linked to the app.
 - **Name**: Name for the app. We recommend that it's globally unique.

articles/app-service/configure-language-dotnetcore.md

@@ -151,15 +151,15 @@ az webapp config appsettings set --name <app-name> --resource-group <resource-gr
 
 ## Deploy multi-project solutions
 
-When a Visual Studio solution includes multiple projects, the Visual Studio publish process automatically selects the project to deploy. When you deploy to the App Service deployment engine, such as with Git, or with ZIP deploy [with build automation enabled](deploy-zip.md#enable-build-automation-for-zip-deploy), the App Service deployment engine picks the first **Web Site** or **Web Application Project** it finds as the App Service app. You can specify which project App Service should use by specifying the `PROJECT` app setting. For example, run the following command in [Cloud Shell](https://shell.azure.com):
+When a Visual Studio solution includes multiple projects, the Visual Studio publish process automatically selects the project to deploy. When you deploy to the App Service deployment engine, such as with Git, or with ZIP deploy [with build automation enabled](deploy-zip.md#enable-build-automation-for-zip-deploy), the App Service deployment engine picks the first Web Site or Web Application Project it finds as the App Service app. You can specify which project App Service should use by specifying the `PROJECT` app setting. For example, run the following command in [Cloud Shell](https://shell.azure.com):
 
 ```azurecli-interactive
 az webapp config appsettings set --resource-group <resource-group-name> --name <app-name> --settings PROJECT="<project-name>/<project-name>.csproj"
 ```
 
 ## Access diagnostic logs
 
-ASP.NET Core offers a [built-in logging provider for App Service](/aspnet/core/fundamentals/logging/#azure-app-service). In your project's **Program.cs**, add the provider to your application through the `ConfigureLogging` extension method, as shown in the following example:
+ASP.NET Core offers a [built-in logging provider for App Service](/aspnet/core/fundamentals/logging/#azure-app-service). In your project's program.cs file, add the provider to your application through the `ConfigureLogging` extension method, as shown in the following example:
 
 ```csharp
 public static IHostBuilder CreateHostBuilder(string[] args) =>
@@ -190,7 +190,7 @@ az webapp config appsettings set --name <app-name> --resource-group <resource-gr
 
 ## Detect HTTPS session
 
-In App Service, [TLS/SSL termination](https://wikipedia.org/wiki/TLS_termination_proxy) happens at the network load balancers, so all HTTPS requests reach your app as unencrypted HTTP requests. If your app logic needs to know if user requests are encrypted, configure the **Forwarded Headers Middleware** in `Startup.cs`:
+In App Service, [TLS/SSL termination](https://wikipedia.org/wiki/TLS_termination_proxy) happens at the network load balancers, so all HTTPS requests reach your app as unencrypted HTTP requests. If your app logic needs to know if user requests are encrypted, configure the Forwarded Headers Middleware in `Startup.cs`:
 
 - Configure the middleware with [`ForwardedHeadersOptions`](/dotnet/api/microsoft.aspnetcore.builder.forwardedheadersoptions) to forward the `X-Forwarded-For` and `X-Forwarded-Proto` headers in `Startup.ConfigureServices`.
 - Add private IP address ranges to the known networks, so that the middleware can trust the App Service load balancer.

articles/app-service/configure-language-java-deploy-run.md

@@ -153,7 +153,7 @@ Here's a sample configuration in `pom.xml`:
     ```
 
 1. Configure your web app details. The corresponding Azure resources are created if they don't exist.
-Here's a sample configuration. For details, refer to this [document](https://github.com/microsoft/azure-gradle-plugins/wiki/Webapp-Configuration).
+Here's a sample configuration. For details, refer to [this document](https://github.com/microsoft/azure-gradle-plugins/wiki/Webapp-Configuration).
 
     ```groovy
     azurewebapp {
@@ -271,7 +271,7 @@ All Java runtimes on App Service come with the Java Flight Recorder. You can use
 
 # [Linux](#tab/linux)
 
-SSH into your App Service and run the `jcmd` command to see a list of all the Java processes running. In addition to `jcmd` itself, you should see your Java application running with a Process ID (PID) number.
+SSH into your App Service and run the `jcmd` command to see a list of all the Java processes running. In addition to `jcmd` itself, you should see your Java application running with a process ID (PID) number.
 
 ```shell
 078990bbcd11:/home# jcmd
@@ -306,7 +306,7 @@ jcmd <pid> JFR.dump name=continuous_recording filename="/home/recording1.jfr"
 
 #### Timed recording
 
-To take a timed recording, you need the Process ID (PID) of the Java application. To find the PID, open a browser to your web app's SCM site at `https://<your-site-name>.scm.azurewebsites.net/ProcessExplorer/`. This page shows the running processes in your web app. Find the process named "java" in the table and copy the corresponding PID.
+To take a timed recording, you need the process ID (PID) of the Java application. To find the PID, open a browser to your web app's SCM site at `https://<your-site-name>.scm.azurewebsites.net/ProcessExplorer/`. This page shows the running processes in your web app. Find the process named "java" in the table and copy the corresponding PID.
 
 Next, open the **Debug Console** in the top toolbar of the SCM site and run the following command. Replace `<pid>` with the PID you copied earlier. This command starts a 30-second profiler recording of your Java application and generates a file named `timed_recording_example.jfr` in the `C:\home` directory.
 
@@ -455,7 +455,7 @@ Alternatively, you can configure the app setting by using the App Service Maven
 
 ### Precompile JSP files
 
-To improve performance of Tomcat applications, you can compile your JSP files before deploying to App Service. You can use the [Maven plugin](https://sling.apache.org/components/jspc-maven-plugin/plugin-info.html) provided by Apache Sling, or use this [Ant build file](https://tomcat.apache.org/tomcat-9.0-doc/jasper-howto.html#Web_Application_Compilation).
+To improve performance of Tomcat applications, you can compile your JSP files before deploying to App Service. You can use the [Maven plugin](https://sling.apache.org/components/jspc-maven-plugin/plugin-info.html) provided by Apache Sling, or use [this Ant build file](https://tomcat.apache.org/tomcat-9.0-doc/jasper-howto.html#Web_Application_Compilation).
 
 ::: zone-end
 
@@ -507,7 +507,7 @@ App Service supports clustering for JBoss EAP versions 7.4.1 and greater. To ena
 > [!NOTE]
 > If you're enabling your virtual network integration with an ARM template, you need to manually set the property `vnetPrivatePorts` to a value of `2`. If you enable virtual network integration from the CLI or portal, this property is set for you automatically.  
 
-When clustering is enabled, the JBoss EAP instances use the `FILE_PING` Groups discovery protocol to discover new instances and persist cluster information (For example: the cluster members, their identifiers, and their IP addresses). On App Service, these files are under `/home/clusterinfo/`. The first EAP instance to start obtains read/write permissions on the cluster membership file. Other instances read the file, find the primary node, and coordinate with that node to be included in the cluster and added to the file.
+When clustering is enabled, the JBoss EAP instances use the `FILE_PING` JGroups discovery protocol to discover new instances and persist cluster information (for example: the cluster members, their identifiers, and their IP addresses). On App Service, these files are under `/home/clusterinfo/`. The first EAP instance to start obtains read/write permissions on the cluster membership file. Other instances read the file, find the primary node, and coordinate with that node to be included in the cluster and added to the file.
 
 > [!Note]
 > You can avoid JBoss EAP clustering timeouts by [cleaning up obsolete discovery files during your app startup](https://github.com/Azure/app-service-linux-docs/blob/master/HowTo/JBOSS/avoid_timeouts_obsolete_nodes.md).
@@ -561,7 +561,7 @@ See the following sections for details and opportunities to customize (such as t
 - If JBoss EAP is launched in the `clustering` configuration:
     - Each JBoss EAP instance receives an internal identifier between 0 and the number of instances that the app is scaled out to.
     - If some files are found in the transaction store path for this server instance (by using its internal identifier), it means this server instance is taking the place of an identical service instance. The other service instance previously crashed and left uncommitted transactions behind. The server is configured to resume the work on these transactions.
-- Regardless of whether JBoss EAP starts in the `clustering` or `standalone` configuration, if the server version is 7.4 or above and the runtime uses Java 17, then the configuration is updated to enable the Elytron subsystem for security.
+- Regardless of whether JBoss EAP starts in the `clustering` or `standalone` configuration, if the server version is 7.4 or later and the runtime uses Java 17, then the configuration is updated to enable the Elytron subsystem for security.
 - If you configure the app setting `WEBSITE_JBOSS_OPTS`, the value is passed to the JBoss launcher script. This setting can be used to provide paths to property files and more flags that influence the startup of JBoss EAP.
 
 ### 3. Server configuration phase
@@ -579,7 +579,7 @@ See the following sections for details and opportunities to customize (such as t
 - If there are JAR files deployed to the `/home/site/libs` directory, a new global module is created with all of these JAR files.
 - At the end of the phase, App Service runs the custom startup script, if one exists. The search logic for the custom startup script is defined as follows:
 
-The custom startup command or script runs as the root user (no need for `sudo`), so they can install Linux packages or launch the JBoss CLI to perform more JBoss EAP install/customization commands (creating data sources, installing resource adapters), etc. For information on Ubuntu package management commands, see the [Ubuntu Server documentation](https://documentation.ubuntu.com/server/how-to/software/package-management/). For JBoss CLI commands, see the [JBoss Management CLI Guide](https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/management_cli_guide/index#how_to_cli).
+The custom startup command or script runs as the root user (no need for `sudo`), so they can install Linux packages or launch the JBoss CLI to perform more JBoss EAP install/customization commands like creating data sources and installing resource adapters. For information on Ubuntu package management commands, see the [Ubuntu Server documentation](https://documentation.ubuntu.com/server/how-to/software/package-management/). For JBoss CLI commands, see the [JBoss Management CLI Guide](https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/management_cli_guide/index#how_to_cli).
 
 ### 4. App deployment phase 
 

articles/app-service/deploy-ci-cd-custom-container.md

@@ -140,7 +140,7 @@ When you enable this option, App Service adds a webhook to your repository in Az
 
 To ensure the proper functioning of the webhook, we recommend that you enable the **Basic Auth Publishing Credentials** option within your web app. If you don't, you might receive a "401 unauthorized" error for the webhook.
 
-To verify whether **Basic Auth Publishing Credentials** is enabled, go to your web app's **Configuration > General Settings**. Look for the **Platform Setting** section, and then select the **Basic Auth Publishing Credentials** option.
+To verify whether **Basic Auth Publishing Credentials** is enabled, go to your web app's **Configuration** > **General Settings**. Look for the **Platform Setting** section, and then select the **Basic Auth Publishing Credentials** option.
 
 For other private registries, you can post to the webhook manually or as a step in a CI/CD pipeline. In **Webhook URL**, select the **Copy** button to get the webhook URL.
 
@@ -162,7 +162,7 @@ Select **Save**.
 
 ## How CI/CD works with GitHub Actions
 
-If you choose **GitHub Actions** in **Source** (see [Choose deployment source](#2-choose-deployment-source)), App Service sets up CI/CD like this:
+If you choose **GitHub Actions** in **Source** (see [Choose deployment source](#2-choose-deployment-source)), App Service sets up CI/CD in the following ways:
 
 * It deposits a GitHub Actions workflow file into your GitHub repository to handle build and deploy tasks to App Service.
 * It adds the credentials for your private registry as GitHub secrets. The generated workflow file runs the [`Azure/docker-login`](https://github.com/Azure/docker-login) action to sign in with your private registry, and then runs `docker push` to deploy to it.
@@ -190,7 +190,7 @@ az ad sp create-for-rbac --name "myAppDeployAuth" --role contributor \
 > [!IMPORTANT]
 > For security, grant the minimum required access to the service principal. The scope in the previous example is limited to the specific App Service app and not the entire resource group.
 
-In [GitHub](https://github.com/), go to your repository, and then select **Settings > Secrets > Add a new secret**. Paste the entire JSON output from the Azure CLI command into the secret's value field. Give the secret a name like `AZURE_CREDENTIALS`.
+In [GitHub](https://github.com/), go to your repository, and then select **Settings** > **Secrets** > **Add a new secret**. Paste the entire JSON output from the Azure CLI command into the secret's value field. Give the secret a name like `AZURE_CREDENTIALS`.
 
 In the workflow file generated by the **Deployment Center**, revise the `azure/webapps-deploy` step with code similar to the following example:
 

articles/app-service/includes/deploy-intelligent-apps/deploy-intelligent-apps-linux-dotnet-pivot.md

@@ -212,7 +212,7 @@ var kernel = Kernel.CreateBuilder()
 	.Build();
 ```
 
-After the credentials are added to the application, you'll need to enable managed identity in your application and grant access to the resource.
+After the credentials are added to the application, you'll need to enable a managed identity in your application and grant access to the resource.
 
 1. In your web app resource, go to the **Identity** pane and turn on **System assigned** and select **Save**.
 1. After **System assigned** identity is turned on, it registers the web app with Microsoft Entra ID. The web app can be granted permissions to access protected resources.  
@@ -354,6 +354,6 @@ You're now ready to deploy to App Service. If you run into any issues, make sure
 
 ### Authentication
 
-Although optional, we highly recommend that you also add authentication to your web app when using an Azure OpenAI or OpenAI service. Adding authentication can add a level of security with no other code. Learn how to enable authentication for your web app [here](../../scenario-secure-app-authentication-app-service.md).
+We highly recommend that you also add authentication to your web app when using an Azure OpenAI or OpenAI service. This optional step can add a level of security with no other code. Learn how to enable authentication for your web app [here](../../scenario-secure-app-authentication-app-service.md).
 
 After the app is deployed, browse to the web app and go to the OpenAI tab. Enter a query to the service and you should see a populated response from the server.

articles/app-service/includes/deploy-intelligent-apps/deploy-intelligent-apps-linux-java-pivot.md

@@ -156,7 +156,7 @@ OpenAIClient client = new OpenAIClientBuilder()
     .buildClient();
 ```
 
-After the credentials are added to the application, enable managed identity in your application and grant access to the resource:
+After the credentials are added to the application, enable a managed identity in your application and grant access to the resource:
 
 1. In your web app resource, go to the **Identity** pane and turn on **System assigned** and select **Save**.
 1. After system-assigned identity is turned on, it will register the web app with Microsoft Entra ID and the web app can be granted permissions to access protected resources.  

articles/app-service/includes/deploy-intelligent-apps/deploy-intelligent-apps-linux-node-pivot.md

@@ -175,7 +175,7 @@ Create the Azure OpenAI client with the token provider.
   const client = new AzureOpenAI({ azureADTokenProvider, deployment, apiVersion });
 ```
 
-After the credentials are added to the application, enable managed identity in your application and grant access to the resource:
+After the credentials are added to the application, enable a managed identity in your application and grant access to the resource:
 
 1. In your web app resource, go to the **Identity** pane and turn on **System assigned**. Select **Save**.
 1. After system-assigned identity is turned on, it will register the web app with Microsoft Entra ID and the web app can be granted permissions to access protected resources.

articles/app-service/includes/deploy-intelligent-apps/deploy-intelligent-apps-linux-python-pivot.md

@@ -300,7 +300,7 @@ To secure your application, complete the following steps:
     )
     ```
 
-After the credential code is added to the application, enable managed identity in your application and grant access to the resource.
+After the credential code is added to the application, enable a managed identity in your application and grant access to the resource.
 
 1. In your web app resource, go to the **Identity** pane and turn on **System assigned** and select **Save**.
 1. After system-assigned identity is turned on, it registers the web app with Microsoft Entra ID and the web app can be granted permissions to access protected resources.