Fix terminology

Author: ecfan

articles/logic-apps/set-up-authentication-agent-workflows.md

@@ -1,6 +1,6 @@
 ---
-title: Protect Agent Workflows with Easy Auth
-description: Learn to set up conversational agent workflows with App Service Authentication (Easy Auth) in Azure Logic Apps.
+title: Protect Agentic Workflows with Easy Auth
+description: Set up conversational agentic workflows with App Service Authentication (Easy Auth) in Azure Logic Apps.
 author: ecfan
 services: logic-apps
 ms.suite: integration
@@ -9,10 +9,10 @@ ms.topic: how-to
 ms.collection: ce-skilling-ai-copilot
 ms.date: 10/08/2025
 ms.update-cycle: 180-days
-#Customer intent: As an integration and AI developer working with Azure Logic Apps, I want to secure access to my conversational agent workflow and external chat client by authenticating and authorizing users through Easy Auth.
+#Customer intent: As an integration and AI developer working with Azure Logic Apps, I want to secure access to my conversational agentic workflow and external chat client by authenticating and authorizing users through Easy Auth.
 ---
 
-# Secure conversational agent workflows with Easy Auth (App Service Authentication) in Azure Logic Apps (Preview)
+# Secure conversational agentic workflows with Easy Auth (App Service Authentication) in Azure Logic Apps (Preview)
 
 [!INCLUDE [logic-apps-sku-standard](../../includes/logic-apps-sku-standard.md)]
 
@@ -21,9 +21,9 @@ ms.update-cycle: 180-days
 > This capability is in preview and is subject to the 
 > [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
-Agent workflows expand integration options because they can exchange messages with more diverse callers, such as people, agents, Model Context Protocol (MCP) servers and clients, tool brokers, and external services. While nonagent workflows interact with a small, known, and fixed set of callers, agent callers can come from dynamic, unknown, and untrusted networks. As a result, you must authenticate and enforce permissions for each caller.
+Agentic workflows expand integration options because they can exchange messages with more diverse callers, such as people, agents, Model Context Protocol (MCP) servers and clients, tool brokers, and external services. While nonagentic workflows interact with a small, known, and fixed set of callers, clients that call agentic workflows can come from dynamic, unknown, and untrusted networks. As a result, you must authenticate and enforce permissions for each caller.
 
-To help protect conversational agent workflows in production, set up Easy Auth to authenticate and authorize callers or people who want to interact with your conversational agent. Easy Auth, also known as App Service Authentication, provides following capabilities for you to use:
+To help protect conversational agentic workflows in production, set up Easy Auth to authenticate and authorize callers or people who want to interact with your conversational agent. Easy Auth, also known as App Service Authentication, provides following capabilities for you to use:
 
 - Provide a validated identity for each caller request.
 - Assign connections to each user.
@@ -34,11 +34,11 @@ To help protect conversational agent workflows in production, set up Easy Auth t
 
 These measures let you authenticate and authorize each caller at a fine-grained level and revoke access quickly when needed. Without these controls, you risk uncontrolled access, leaked secrets such as shared access signature (SAS) URLs and access keys, weak audit trails, and other security hazards.
 
-Easy Auth works with Microsoft Entra ID as a separate security layer to provide built-in authentication and authorization capabilities that meet your needs. With security enforcement operating outside your workflow, you can focus more on developing the business logic instead. This separation of concerns makes agent workflows simpler and easier to build, debug, operate, monitor, maintain, govern, and audit.
+Easy Auth works with Microsoft Entra ID as a separate security layer to provide built-in authentication and authorization capabilities that meet your needs. With security enforcement operating outside your workflow, you can focus more on developing the business logic instead. This separation of concerns makes agentic workflows simpler and easier to build, debug, operate, monitor, maintain, govern, and audit.
 
-Nonagent workflow security usually involves static SAS, rotating secrets, and network boundary controls like access restrictions, IP allowlists, service tags, virtual network integration, and private endpoints. With agent workflows, you design authorization around end users, managed identities, service principals, and their scopes and roles. This approach enables safer global reach but still allows downstream workflow actions to respect fine-grained permissions.
+Nonagentic workflow security usually involves static SAS, rotating secrets, and network boundary controls like access restrictions, IP allowlists, service tags, virtual network integration, and private endpoints. With agentic workflows, you design authorization around end users, managed identities, service principals, and their scopes and roles. This approach enables safer global reach but still allows downstream workflow actions to respect fine-grained permissions.
 
-This guide shows how to create an app registration and then set up Easy Auth for your Standard logic app resource, which can contain agent and nonagent workflows.
+This guide shows how to create an app registration and then set up Easy Auth for your Standard logic app resource, which can contain agentic and nonagentic workflows.
 
 > [!IMPORTANT]
 >
@@ -48,7 +48,7 @@ This guide shows how to create an app registration and then set up Easy Auth for
 
 For more information, see the following articles:
 
-- [Built-in authentication and authorization with Easy Auth for agent workflows](agent-workflows-concepts.md#easy-auth)
+- [Built-in authentication and authorization with Easy Auth for agentic workflows](agent-workflows-concepts.md#easy-auth)
 - [Register an application in Microsoft Entra ID](/entra/identity-platform/quickstart-register-app)
 
 ## Prerequisites
@@ -57,9 +57,9 @@ For more information, see the following articles:
 
 - Microsoft Entra [**Application Developer** built-in role](/entra/identity/role-based-access-control/permissions-reference#application-developer) on your Azure account to create an app registration.
 
-- A deployed Standard logic app resource with a conversational agent workflow.
+- A deployed Standard logic app resource with a conversational agentic workflow.
 
-  For more information, see [Create conversational agent workflows for chat interactions in Azure Logic Apps](create-conversational-agent-workflows.md).
+  For more information, see [Create conversational agentic workflows for chat interactions in Azure Logic Apps](create-conversational-agent-workflows.md).
 
 - Azure [**Contributor** role](/azure/role-based-access-control/built-in-roles#contributor) or higher on the logic app resource with permission to create app registrations for the target tenant using Microsoft Entra.
 
@@ -277,7 +277,7 @@ If you have to reuse an existing app registration that is shared with another AP
 
 ## Test and validate Easy Auth setup
 
-After you set up Easy Auth, the internal chat interface on your workflow's **Chat** page in the Azure portal becomes unavailable. Instead, you must interact with your conversational agent by using the external chat client that is available outside the Azure portal. To confirm that Easy Auth works as expected, perform your testing in the external chat client by following these steps:
+After you set up Easy Auth, the internal chat interface on your workflow's **Chat** page in the Azure portal becomes unavailable. Instead, you must interact with your conversational agent loop by using the external chat client that is available outside the Azure portal. To confirm that Easy Auth works as expected, perform your testing in the external chat client by following these steps:
 
 1. On the designer toolbar or the workflow sidebar, select **Chat**.
 
@@ -327,4 +327,4 @@ For more information, see the following articles:
 
 ## Related content
 
-- [Authentication and authorization in AI agent workflows](agent-workflows-concepts.md#authentication-and-authorization)
+- [Authentication and authorization in AI agentic workflows](agent-workflows-concepts.md#authentication-and-authorization)

articles/logic-apps/set-up-on-behalf-of-user-flow.md

@@ -121,7 +121,7 @@ The following table describes best practices to consider for OBO flow scenarios:
 | Concept | Description |
 |---------|-------------|
 | Mixed identity patterns | Set up OBO authorization for read-only operations. Use app-only authorization for write operations with explicit confirmation. |
-| Clear feedback | Instruct the agent to briefly summarize permission errors and suggest remediation like `You might not have access to this mailbox.` |
+| Clear feedback | Instruct the agent loop to briefly summarize permission errors and suggest remediation like `You might not have access to this mailbox.` |
 | Auditing and logging | Track and analyze the tools that run and the identities they use by reviewing the workflow run history and metrics. |
 
 ## Part 1 - Set up OBO flow on tool actions
@@ -180,7 +180,7 @@ The following steps show how to set up OBO authorization after you select an OBO
 
    1. In the **Description** box, enter a concise but useful tool description that describes the purpose and guidance about the data that the tool works on.
 
-      The tool description helps the agent choose the correct tool when fulfilling requested tasks.
+      The tool description helps the agent loop choose the correct tool when fulfilling requested tasks.
 
       This example uses `Gets the 10 most recent emails from the Inbox for the signed-in user.`
 
@@ -192,7 +192,7 @@ The following steps show how to set up OBO authorization after you select an OBO
 
 ## Part 2 - Test OBO flow with one user
 
-The first time when the agent calls a tool that runs an action set up with per-user connections, the chat user gets an authentication prompt to sign in with their credentials. After the user signs in, reauthentication is required for later calls to the same tool with the same per-user connection.
+The first time when the agent loop calls a tool that runs an action set up with per-user connections, the chat user gets an authentication prompt to sign in with their credentials. After the user signs in, reauthentication is required for later calls to the same tool with the same per-user connection.
 
 The following steps describe how to confirm that your OBO flow setup works as expected:
 
@@ -204,7 +204,7 @@ The following steps describe how to confirm that your OBO flow setup works as ex
 
    This example asks the following question: `What unread emails do I have?`
 
-   If the agent is calling the tool for the first time, the chat interface prompts you to sign in for authentication, for example:
+   If the agent loop is calling the tool for the first time, the chat interface prompts you to sign in for authentication, for example:
 
    :::image type="content" source="media/set-up-on-behalf-of-user-flow/chat-sign-in-prompt.png" alt-text="Screenshot shows internal chat interface with test question and authentication prompt." lightbox="media/set-up-on-behalf-of-user-flow/chat-sign-in-prompt.png":::
 
@@ -214,15 +214,15 @@ The following steps describe how to confirm that your OBO flow setup works as ex
 
    :::image type="content" source="media/set-up-on-behalf-of-user-flow/chat-authentication-success.png" alt-text="Screenshot shows internal chat interface with successful authentication message." lightbox="media/set-up-on-behalf-of-user-flow/chat-authentication-success.png":::
 
-   The agent now returns a summary with unread emails in the chat interface.
+   The agent loop now returns a summary with unread emails in the chat interface.
 
 ## Part 3 - Test OBO flow with two different users
 
 After you test your OBO flow with a single user, try testing with two users that have different permissions. Before you start, make sure to meet the [prerequisites for the two-user test scenario](#prerequisites).
 
 1. Follow the [general steps](set-up-authentication-agent-workflows.md#external-chat-client) to open the external chat client  outside the Azure portal, 
 
-1. In the chat interface, start a session as a user with permissions, and ask the agent to perform a task that requires authorization.
+1. In the chat interface, start a session as a user with permissions, and ask the agent loop to perform a task that requires authorization.
 
    This example asks the same question from the single-user scenario: `What unread emails do I have?`