Added auth content and review feedback edits

Author: gsteve88

includes/iot-hub-howto-auth-device-cert-dotnet.md

@@ -16,9 +16,11 @@ To connect a device to IoT Hub using an X.509 certificate:
 
 1. Use [DeviceAuthenticationWithX509Certificate](/dotnet/api/microsoft.azure.devices.client.deviceauthenticationwithx509certificate) to create an object that contains device and certificate information. `DeviceAuthenticationWithX509Certificate` is passed as the second parameter to `DeviceClient.Create` (step 2).
 
-1. Use [DeviceClient.Create](/dotnet/api/microsoft.azure.devices.client.deviceclient.create?view=azure-dotnet&#microsoft-azure-devices-client-deviceclient-create(system-string-microsoft-azure-devices-client-iauthenticationmethod-microsoft-azure-devices-client-transporttype)) to connect the device to IoT Hub using an X.509 certificate.
+1. Use [DeviceClient.Create](/dotnet/api/microsoft.azure.devices.client.deviceclient.create?&#microsoft-azure-devices-client-deviceclient-create(system-string-microsoft-azure-devices-client-iauthenticationmethod-microsoft-azure-devices-client-transporttype)) to connect the device to IoT Hub using an X.509 certificate.
 
-In this example, the device and certificate information are populated in the `auth` `DeviceAuthenticationWithX509Certificate` object that is passed to `DeviceClient.Create`.
+In this example, device and certificate information is populated in the `auth` `DeviceAuthenticationWithX509Certificate` object that is passed to `DeviceClient.Create`.
+
+This example shows certificate input parameter values as local variables for clarity. In a production system, store sensitive input parameters in environment variables or another more secure storage location. For example, use `Environment.GetEnvironmentVariable("HOSTNAME")` to read the host name environment variable.
 
 ```csharp
 RootCertPath = "~/certificates/certs/sensor-thl-001-device.cert.pem";
@@ -46,10 +48,6 @@ For more information about certificate authentication, see:
 
 * [Authenticate identities with X.509 certificates](/azure/iot-hub/authenticate-authorize-x509)
 * [Tutorial: Create and upload certificates for testing](/azure/iot-hub/tutorial-x509-test-certs)
-* [X509Certificate2Collection](/dotnet/api/system.security.cryptography.x509certificates.x509certificate2collection)
-* [X509Certificate2](/dotnet/api/system.security.cryptography.x509certificates.x509certificate2)
-* [Tutorial: Provision multiple X.509 devices using enrollment groups](/azure/iot-dps/tutorial-custom-hsm-enrollment-group-x509?pivots=programming-language-csharp)
-* [OpenSSL CA](https://openssl-ca.readthedocs.io/)
 
 ##### Code samples
 

includes/iot-hub-howto-auth-device-cert-java.md

@@ -42,8 +42,6 @@ For more information about certificate authentication, see:
 
 * [Authenticate identities with X.509 certificates](/azure/iot-hub/authenticate-authorize-x509)
 * [Tutorial: Create and upload certificates for testing](/azure/iot-hub/tutorial-x509-test-certs)
-* [Tutorial: Provision multiple X.509 devices using enrollment groups](/azure/iot-dps/tutorial-custom-hsm-enrollment-group-x509?pivots=programming-language-java)
-* [OpenSSL CA](https://openssl-ca.readthedocs.io/)
 
 ##### Code samples
 

includes/iot-hub-howto-auth-device-cert-node.md

@@ -5,7 +5,7 @@ description: Learn how to connect a device to IoT Hub using a certificate and th
 author: kgremban
 ms.author: kgremban
 ms.service: iot-hub
-ms.devlang: python
+ms.devlang: node
 ms.topic: include
 ms.manager: lizross
 ms.date: 12/12/2024
@@ -15,7 +15,7 @@ The X.509 certificate is attached to the device-to-IoT Hub connection transport.
 
 To configure a device-to-IoT Hub connection using an X.509 certificate:
 
-1. Call [fromConnectionString](/javascript/api/azure-iothub/client?#azure-iothub-client-fromconnectionstring) to add the device connection string and transport type.
+1. Call [fromConnectionString](/javascript/api/azure-iothub/client?#azure-iothub-client-fromconnectionstring) to add the device connection string and transport type. Add `x509=true` to the device connection string to indicate that a certificate will be added to `DeviceClientOptions`. For example: `HostName=xxxxx.azure-devices.net;DeviceId=Device-1;SharedAccessKey=xxxxxxxxxxxxx;x509=true`.
 1. Configure a JSON variable with certificate details and pass it to [DeviceClientOptions](/javascript/api/azure-iot-device/deviceclientoptions).
 1. Call [setOptions](/javascript/api/azure-iot-device/client?#azure-iot-device-client-setoptions-1) to add an X.509 certificate and key (and optionally, passphrase) to the client transport.
 1. Call [open](/javascript/api/azure-iothub/client?#azure-iothub-client-open) to open the connection from the device to IoT Hub.
@@ -41,9 +41,7 @@ For more information about certificate authentication, see:
 
 * [Authenticate identities with X.509 certificates](/azure/iot-hub/authenticate-authorize-x509)
 * [Create and upload certificates for testing](/azure/iot-hub/tutorial-x509-test-certs)
-* [Tutorial: Provision multiple X.509 devices using enrollment groups](/azure/iot-dps/tutorial-custom-hsm-enrollment-group-x509?pivots=programming-language-nodejs)
-* [OpenSSL CA](https://openssl-ca.readthedocs.io/)
 
-##### Code samples
+##### Code sample
 
 For a working sample of device X.509 certificate authentication, see [Simple sample device X.509](https://github.com/Azure/azure-iot-sdk-node/blob/main/device/samples/javascript/simple_sample_device_x509.js).

includes/iot-hub-howto-auth-device-cert-python.md

@@ -51,8 +51,6 @@ For more information about certificate authentication, see:
 
 * [Authenticate identities with X.509 certificates](/azure/iot-hub/authenticate-authorize-x509)
 * [Tutorial: Create and upload certificates for testing](/azure/iot-hub/tutorial-x509-test-certs)
-* [Tutorial: Provision multiple X.509 devices using enrollment groups](/azure/iot-dps/tutorial-custom-hsm-enrollment-group-x509?pivots=programming-language-python)
-* [OpenSSL CA](https://openssl-ca.readthedocs.io/)
 
 ##### Code samples
 

includes/iot-hub-howto-file-upload-dotnet.md

@@ -29,7 +29,7 @@ Follow this procedure to upload a file from a device to IoT hub:
 1. Upload the file to Azure storage
 1. Notify IoT hub of the file upload status
 
-### Connect to the device
+### Connect a device to IoT Hub
 
 A device app can authenticate with IoT Hub using the following methods:
 

includes/iot-hub-howto-file-upload-java.md

@@ -7,7 +7,7 @@ ms.author: kgremban
 ms.service: azure-iot-hub
 ms.devlang: java
 ms.topic: include
-ms.date: 07/01/2024
+ms.date: 12/12/2024
 ms.custom: amqp, mqtt, devx-track-java, devx-track-extended-java
 ---
 
@@ -129,18 +129,63 @@ This section describes how to receive a file upload notification in a backend ap
 
 The [ServiceClient](/java/api/com.azure.core.annotation.serviceclient) class contains methods that services can use to receive file upload notifications.
 
+### Add import statements
+
+Add these **import** statements to use the Azure IoT Java SDK and exception handler.
+
+```java
+import com.microsoft.azure.sdk.iot.service.*;
+import java.io.IOException;
+import java.net.URISyntaxException;
+```
+
 ### Connect to the IoT Hub
 
-Create a `IotHubServiceClientProtocol` object. The connection uses the `AMQPS` protocol.
+You can connect a backend service to IoT Hub using the following methods:
+
+* Shared access policy
+* Microsoft Entra
+
+[!INCLUDE [iot-authentication-service-connection-string.md](iot-authentication-service-connection-string.md)]
+
+#### Connect using a shared access policy
+
+##### Define the connection protocol
+
+Use [IotHubServiceClientProtocol](/java/api/com.microsoft.azure.sdk.iot.service.iothubserviceclientprotocol) to define the application-layer protocol used by the service client to communicate with an IoT Hub.
+
+`IotHubServiceClientProtocol` only accepts the `AMQPS` or `AMQPS_WS` enum.
+
+```java
+private static final IotHubServiceClientProtocol protocol =    
+    IotHubServiceClientProtocol.AMQPS;
+```
+
+##### Create the ServiceClient object
+
+Create the [ServiceClient](/java/api/com.azure.core.annotation.serviceclient) object, supplying the Iot Hub connection string and protocol.
+
+To invoke a direct method on a device through IoT Hub, your service needs the **service connect** permission. By default, every IoT Hub is created with a shared access policy named **service** that grants this permission.
+
+As a parameter to the `ServiceClient` constructor, supply the **service** shared access policy. For more information about shared access policies, see [Control access to IoT Hub with shared access signatures](/azure/iot-hub/authenticate-authorize-sas).
 
-Call `createFromConnectionString` to connect to IoT hub. Pass the IoT hub primary connection string.
+```java
+String iotHubConnectionString = "HostName=xxxxx.azure-devices.net;SharedAccessKeyName=service;SharedAccessKey=xxxxxxxxxxxxxxxxxxxxxxxx";
+private static final ServiceClient serviceClient (iotHubConnectionString, protocol);
+```
+
+##### Open the connection between application and IoT Hub
+
+[open](/java/api/com.microsoft.azure.sdk.iot.service.serviceclient?#com-microsoft-azure-sdk-iot-service-serviceclient-open()) the AMQP sender connection. This method creates the connection between the application and IoT Hub.
 
 ```java
-private static final String connectionString = "{IoT hub primary connection string}";
-private static final IotHubServiceClientProtocol protocol = IotHubServiceClientProtocol.AMQPS;
-ServiceClient sc = ServiceClient.createFromConnectionString(connectionString, protocol);
+serviceClient.open();
 ```
 
+#### Connect using Microsoft Entra
+
+[!INCLUDE [iot-hub-howto-connect-service-iothub-entra-java](iot-hub-howto-connect-service-iothub-entra-java.md)]
+
 ### Check for file upload status
 
 To check for file upload status:
@@ -152,7 +197,7 @@ To check for file upload status:
 For example:
 
 ```java
-FileUploadNotificationReceiver receiver = sc.getFileUploadNotificationReceiver();
+FileUploadNotificationReceiver receiver = serviceClient.getFileUploadNotificationReceiver();
 receiver.open();
 FileUploadNotification fileUploadNotification = receiver.receive(2000);
 

includes/iot-hub-howto-file-upload-node.md

@@ -226,7 +226,9 @@ The SDK includes an [upload to blob advanced](https://github.com/Azure/azure-iot
 
 ## Create a backend application
 
-This section describes how to receive file upload notification in a backend application.
+This section describes how to receive file upload notifications in a backend application.
+
+The [ServiceClient](/javascript/api/azure-iothub/client) class contains methods that services can use to receive file upload notifications.
 
 ### Install service SDK package
 
@@ -236,41 +238,36 @@ Run this command to install **azure-iothub** on your development machine:
 npm install azure-iothub --save
 ```
 
-## Receive file upload notification in a backend application
+### Connect to IoT hub
 
-You can create a backend application to check the IoT hub service client for device file upload notifications.
+You can connect a backend service to IoT Hub using the following methods:
 
-To create a file upload notification application:
+* Shared access policy
+* Microsoft Entra
 
-1. Connect to the IoT hub service client
-1. Check for a file upload notification
+[!INCLUDE [iot-authentication-service-connection-string.md](iot-authentication-service-connection-string.md)]
 
-### Connect to the IoT hub service client
+#### Connect using a shared access policy
 
-The [ServiceClient](/javascript/api/azure-iothub/client) class contains methods that services can use to receive file upload notifications.
+Use [fromConnectionString](/javascript/api/azure-iothub/client?#azure-iothub-client-fromconnectionstring) to connect to IoT hub.
 
-Connect to IoT hub using [fromConnectionString](/javascript/api/azure-iothub/client?#azure-iothub-client-fromconnectionstring). Pass the IoT hub primary connection string.
+To upload a file from a device, your service needs the **service connect** permission. By default, every IoT Hub is created with a shared access policy named **service** that grants this permission.
+
+As a parameter to `CreateFromConnectionString`, supply the **service** shared access policy connection string. For more information about shared access policies, see [Control access to IoT Hub with shared access signatures](/azure/iot-hub/authenticate-authorize-sas).
 
 ```javascript
-const Client = require('azure-iothub').Client;
-const connectionString = "{IoT hub primary connection string}";
-const serviceClient = Client.fromConnectionString(connectionString);
+var Client = require('azure-iothub').Client;
+var connectionString = '{IoT hub shared access policy connection string}';
+var client = Client.fromConnectionString(connectionString);
 ```
 
-[Open](/javascript/api/azure-iothub/client?#azure-iothub-client-open-1) the connection to IoT hub.
+#### Connect using Microsoft Entra
 
-```javascript
-//Open the connection to IoT hub
-serviceClient.open(function (err) {
-  if (err) {
-    console.error('Could not connect: ' + err.message);
-  } else {
-    console.log('Service client connected');
-```
+[!INCLUDE [iot-hub-howto-connect-service-iothub-entra-node](iot-hub-howto-connect-service-iothub-entra-node.md)]
 
-### Check for a file upload notification
+### Create a file upload notification callback receiver
 
-To check for file upload notifications:
+To create a file upload notification callback receiver:
 
 1. Call [getFileNotificationReceiver](/javascript/api/azure-iothub/client?#azure-iothub-client-getfilenotificationreceiver). Supply the name of a file upload callback method that are called when notification messages are received.
 1. Process file upload notifications in the callback method.
@@ -296,3 +293,7 @@ if (err) {
   });
 }
 ```
+
+#### SDK file upload notification sample
+
+The SDK includes a [file upload](https://github.com/Azure/azure-iot-sdk-node/blob/main/e2etests/test/file_upload.js) sample.