make change suggested by reviewer

ktoliver · web-flow · commit f486a31b4507 · 2019-11-08T09:49:58.000-08:00
diff --git a/articles/active-directory/develop/scenario-protected-web-api-app-configuration.md b/articles/active-directory/develop/scenario-protected-web-api-app-configuration.md
@@ -137,10 +137,6 @@ The JwtBearer middleware, like the OpenID Connect middleware in web apps, is dir
 
 There can also be special validations. For example, it's possible to validate that signing keys (when embedded in a token) are trusted and that the token isn't being replayed. Finally, some protocols require specific validations.
 
-## Token validation in Azure Functions
-
-It is also possible to validate incoming access tokens in Azure functions. You can find examples of validating tokens in Azure functions in [Dotnet](https://github.com/Azure-Samples/ms-identity-dotnet-webapi-azurefunctions), [NodeJS](https://github.com/Azure-Samples/ms-identity-nodejs-webapi-azurefunctions), or [Python](https://github.com/Azure-Samples/ms-identity-python-webapi-azurefunctions)
-
 ### Validators
 
 The validation steps are captured in validators, which are all in the [Microsoft IdentityModel Extensions for .NET](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) open-source library, in one source file: [Microsoft.IdentityModel.Tokens/Validators.cs](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/master/src/Microsoft.IdentityModel.Tokens/Validators.cs).
@@ -158,6 +154,10 @@ The validators are described in this table:
 
 The validators are all associated with properties of the `TokenValidationParameters` class, themselves initialized from the ASP.NET/ASP.NET Core configuration. In most cases, you won't have to change the parameters. There's one exception, for apps that aren't single tenants. (That is, web apps that accept users from any organization or from personal Microsoft accounts.) In this case, the issuer must be validated.
 
+## Token validation in Azure Functions
+
+It's also possible to validate incoming access tokens in Azure functions. You can find examples of validating tokens in Azure functions in [Dotnet](https://github.com/Azure-Samples/ms-identity-dotnet-webapi-azurefunctions), [NodeJS](https://github.com/Azure-Samples/ms-identity-nodejs-webapi-azurefunctions), and [Python](https://github.com/Azure-Samples/ms-identity-python-webapi-azurefunctions).
+
 ## Next steps
 
 > [!div class="nextstepaction"]
