Merge pull request #299270 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: v-alje

articles/app-service/includes/deploy-intelligent-apps/deploy-intelligent-apps-linux-python-pivot.md

@@ -81,7 +81,7 @@ After the files are updated, prepare your environment variables to work with Ope
 
 ### API keys and endpoints
 
-To make calls to OpenAI with your client, you need to first get the keys and endpoint values from Azure OpenAI or OpenAI, and add them as secrets for use in your application. Save the values for later use.
+To make calls to OpenAI with your client, first get the keys and endpoint values from Azure OpenAI or OpenAI, and add them as secrets for use in your application. Save the values for later use.
 
 For Azure OpenAI, see [this documentation](/azure/ai-services/openai/quickstart?pivots=programming-language-csharp&tabs=command-line%2Cpython#retrieve-key-and-endpoint) to retrieve the following values. If you're planning to use a [managed identity](../../overview-managed-identity.md) to secure your app, you don't need the API key value.
 

articles/azure-maps/authentication-best-practices.md

@@ -12,23 +12,23 @@ ms.subservice: authentication
 
 # Authentication best practices
 
-The single most important part of your application is its security. No matter how good the user experience might be, if your application isn't secure a hacker can ruin it.
+The security of your application is crucial. Regardless of how excellent the user experience is, an insecure application can be compromised by hackers, undermining its integrity and deteriorating user trust.
 
-The following are some tips to keep your Azure Maps application secure. When using Azure, be sure to familiarize yourself with the security tools available to you. For more information, See the [introduction to Azure security].
+This article contains tips to ensure the security of your Azure Maps application. When using Azure, it's important to familiarize yourself with the available security tools. For more information, See [Introduction to Azure security] in the Azure security documentation.
 
 ## Understanding security threats
 
-Hackers gaining access to your account could potentially make unlimited billable transactions, resulting in unexpected costs and decreased performance due to QPS limits.
+If hackers gain access to your account, they could potentially execute unlimited billable transactions, leading to unexpected costs and reduced performance due to QPS limits.
 
-When considering best practices for securing your Azure Maps applications, you need to understand the different authentication options available.
+To implement best practices for securing your Azure Maps applications, it's essential to understand the various authentication options available.
 
 ## Authentication best practices in Azure Maps
 
-When creating publicly facing client applications with Azure Maps, you must ensure that your authentication secrets aren't publicly accessible.
+When developing publicly facing client applications with Azure Maps, it's crucial to ensure that your authentication secrets remain private and aren't publicly accessible.
 
-Subscription key-based authentication (Shared Key) can be used in either client side applications or web services, however it's the least secure approach to securing your application or web service. The reason is the key is easily obtained from an HTTP request and grants access to all Azure Maps REST API available in the SKU (Pricing Tier). If you do use subscription keys, be sure to [rotate them regularly] and keep in mind that Shared Key doesn't allow for configurable lifetime, it must be done manually. You should also consider using [Shared Key authentication with Azure Key Vault], which enables you to securely store your secret in Azure.
+Subscription key-based authentication (Shared Key) can be used in client-side applications or web services, but it's the least secure method for protecting your application or web service. This is because the key can be easily extracted from an HTTP request, granting access to all Azure Maps REST APIs available in the SKU (Pricing Tier). If you use subscription keys, make sure to [rotate them regularly] and remember that Shared Key doesn't support configurable lifetimes, so rotation must be done manually. Consider using [Shared Key authentication with Azure Key Vault] to securely store your secret in Azure.
 
-If using [Microsoft Entra authentication] or [Shared Access Signature (SAS) Token authentication], access to Azure Maps REST APIs is authorized using [role-based access control (RBAC)]. RBAC enables you to control what access is given to the issued tokens. You should consider how long access should be granted for the tokens. Unlike Shared Key authentication, the lifetime of these tokens is configurable.
+When using [Microsoft Entra authentication] or [Shared Access Signature (SAS) Token authentication], access to Azure Maps REST APIs is authorized using [role-based access control (RBAC)]. RBAC enables you to specify the level of access granted to the issued tokens. It's important to consider the duration for which access should be granted. Unlike Shared Key authentication, the lifetime of these tokens is configurable.
 
 > [!TIP]
 >
@@ -43,14 +43,14 @@ There are different security concerns between public and confidential client app
 
 ### Public client applications
 
-For apps that run on devices or desktop computers or in a web browser, you should consider defining which domains have access to your Azure Map account using [Cross origin resource sharing (CORS)]. CORS instructs the clients' browser on which origins such as "https://microsoft.com" are allowed to request resources for the Azure Map account.
+For applications running on devices, desktop computers, or web browsers, it's advisable to define which domains can access your Azure Maps account using [Cross origin resource sharing (CORS)]. CORS informs the client's browser which origins, such as "https://microsoft.com," are permitted to request resources for the Azure Maps account.
 
 > [!NOTE]
-> If you're developing a web server or service, your Azure Maps account does not need to be configured with CORS. If you have JavaScript code in the client side web application, CORS does apply.
+> If you're developing a web server or service, configuring your Azure Maps account with CORS is unnecessary. However, if your client-side web application includes JavaScript code, CORS does apply.
 
 ### Confidential client applications
 
-For apps that run on servers (such as web services and service/daemon apps), if you prefer to avoid the overhead and complexity of managing secrets, consider [Managed Identities]. Managed identities can provide an identity for your web service to use when connecting to Azure Maps using [Microsoft Entra authentication]. If so, your web service uses that identity to obtain the required Microsoft Entra tokens. You should use Azure RBAC to configure what access the web service is given, using the [Least privileged roles] possible.
+For server-based applications, such as web services and service/daemon apps, consider using [Managed Identities] to avoid the complexity of managing secrets. Managed identities can provide an identity for your web service to connect to Azure Maps using [Microsoft Entra authentication]. Your web service can then use this identity to obtain the necessary Microsoft Entra tokens. It's recommended to use Azure RBAC to configure the access granted to the web service, applying the [Least privileged roles] possible.
 
 ## Next steps
 
@@ -68,7 +68,7 @@ For apps that run on servers (such as web services and service/daemon apps), if
 [Configurable token lifetimes in the Microsoft identity platform (preview)]: ../active-directory/develop/configurable-token-lifetimes.md
 [Create SAS tokens]: azure-maps-authentication.md#create-sas-tokens
 [Cross origin resource sharing (CORS)]: azure-maps-authentication.md#cross-origin-resource-sharing-cors
-[introduction to Azure security]: ../security/fundamentals/overview.md
+[Introduction to Azure security]: ../security/fundamentals/overview.md
 [Least privileged roles]: ../active-directory/roles/delegate-by-task.md
 [Manage authentication in Azure Maps]: how-to-manage-authentication.md
 [Managed Identities]: ../active-directory/managed-identities-azure-resources/overview.md

articles/azure-maps/azure-maps-authentication.md

@@ -152,16 +152,16 @@ Here are some example scenarios where custom roles can improve application secur
 
 ### Understand scope
 
-Role assignments are defined within the Azure resource hierarchy, from the top-level [management group] to the lowest level like an Azure Maps account.
+Role assignments are defined within the Azure resource hierarchy, from the top-level management group to the lowest level like an Azure Maps account. For more information, see [What are Azure management groups?].
 
-Assigning a role assignment to a resource group can enable access to multiple Azure Maps accounts or resources in the group.
+By assigning a role to a resource group, you can grant access to multiple Azure Maps accounts or resources within that group.
 
 > [!TIP]
-> Microsoft's general recommendation is to assign access to the Azure Maps account scope because it prevents **unintended access to other Azure Maps accounts** existing in the same Azure subscription.
+> Microsoft generally recommends assigning access at the Azure Maps account scope to prevent unintended access to other Azure Maps accounts within the same Azure subscription.
 
 ## Disable local authentication
 
-Azure Maps accounts support the standard Azure property in the [Management API] for `Microsoft.Maps/accounts` called `disableLocalAuth`. When _true_, all authentication to the Azure Maps data-plane REST API is disabled, except [Microsoft Entra authentication]. This is configured using Azure Policy to control distribution and management of shared keys and SAS tokens. For more information, see [What is Azure Policy?].
+Azure Maps accounts support the standard Azure property in the [Maps Management API] for `Microsoft.Maps/accounts` called `disableLocalAuth`. When _true_, all authentication to the Azure Maps data-plane REST API is disabled, except [Microsoft Entra authentication]. This is configured using Azure Policy to control distribution and management of shared keys and SAS tokens. For more information, see [What is Azure Policy?].
 
 Disabling local authentication doesn't take effect immediately. Allow a few minutes for the service to block future authentication requests. To re-enable local authentication, set the property to _false_ and after a few minutes local authentication resumes.
 
@@ -176,9 +176,9 @@ Disabling local authentication doesn't take effect immediately. Allow a few minu
 
 ## Shared access signature token authentication
 
-Shared access signature (SAS) tokens are authentication tokens created using the JSON Web Token (JWT) format. These tokens are cryptographically signed to authenticate an application with the Azure Maps REST API. These SAS tokens are created by integrating a [user-assigned managed identity] with an Azure Maps account in your Azure subscription. The user-assigned managed identity is given authorization to the Azure Maps account through Azure RBAC using either built-in or custom role definitions.
+Shared access signature (SAS) tokens, which are authentication tokens in the JSON Web Token (JWT) format, are cryptographically signed to authenticate applications with the Azure Maps REST API. These tokens are generated by integrating a [user-assigned managed identity] with an Azure Maps account in your Azure subscription. The managed identity is authorized to access the Azure Maps account through Azure RBAC, using either built-in or custom role definitions.
 
-Functional key differences of SAS token from Microsoft Entra access tokens:
+Key functional differences between SAS tokens and Microsoft Entra access tokens:
 
 - Lifetime of a token for a max expiration of one day (24 hours).
 - Azure location and geography access control per token.
@@ -192,7 +192,7 @@ SAS tokens are immutable. Once they're created, they remain valid until they exp
 
 #### SAS token maximum rate limit can control billing for an Azure Maps resource
 
-When setting a maximum rate limit on the token (`maxRatePerSecond`), any rates exceeding this limit aren't billed to the account, enabling you to establish a cap on billable transactions. However, the application receives client error responses with `429 (TooManyRequests)` for all transactions once that limit is reached. It's the application's responsibility to manage retries and distribution of SAS tokens. There's no restriction on the number of SAS tokens that can be created for an account. To modify an existing token's limit, a new SAS token must be generated. The old SAS token remains valid until it expires.
+When setting a maximum rate limit on the token (`maxRatePerSecond`), any rates exceeding this limit aren't billed to the account, allowing you to cap billable transactions. However, the application will receive client error 429 (`TooManyRequests`) responses for all transactions once the limit is reached. It is the application's responsibility to manage retries and distribute SAS tokens. There is no restriction on the number of SAS tokens that can be created for an account. To modify an existing token's limit, a new SAS token must be generated. The old SAS token remains valid until it expires.
 
 Estimated Example:
 
@@ -213,7 +213,7 @@ Consider the application topology where the endpoint `https://us.atlas.microsoft
 
 #### Default rate limits take precedent over SAS token rate limits
 
-As described in [Azure Maps rate limits](azure-maps-qps-rate-limits.md), the rate limits for individual service offerings are enforced collectively at the account level.
+As described in [Azure Maps QPS rate limits](azure-maps-qps-rate-limits.md), the rate limits for individual service offerings are enforced collectively at the account level.
 
 Consider the case of **Search service - Non-Batch Reverse**, with its limit of 250 queries per second (QPS) for the following tables. Each table represents estimated total successful transactions from example usage.
 
@@ -437,8 +437,8 @@ To learn more about authenticating the Azure Maps Control with Microsoft Entra I
 
 [How to configure Azure RBAC for Azure Maps]: how-to-manage-authentication.md
 [Azure custom roles]: ../role-based-access-control/custom-roles.md
-[management group]: ../governance/management-groups/overview.md
-[Management API]: /rest/api/maps-management/
+[What are Azure management groups?]: ../governance/management-groups/overview.md
+[Maps Management API]: /rest/api/maps-management/
 [Microsoft Entra authentication]: #microsoft-entra-authentication
 [What is Azure Policy?]: ../governance/policy/overview.md
 [user-assigned managed identity]: ../active-directory/managed-identities-azure-resources/overview.md

articles/azure-maps/open-source-projects.md

@@ -49,9 +49,7 @@ The following table lists the open-source projects contributed to, and maintaine
 |--------------------------------|-------------|
 | [Azure Maps Code Samples] | A collection of code samples for using Azure Maps in web-based apps. |
 | [React Azure Maps Playground] | A getting started guide to help you create your first map using the React wrapper for Azure Maps |
-| [Azure Maps & Microsoft Entra ID Samples] | A collection of samples that show how to use Microsoft Entra ID with Azure Maps. |
 | [Azure Maps Jupyter Notebook samples] | A collection of Python samples using the Azure Maps REST services. |
-| [Implement IoT spatial analytics using Azure Maps] | Tracking and capturing relevant events that occur in space and time is a common IoT scenario. |
 
 ## Supportability of open-source projects