MicrosoftDocs
diff --git a/‎articles/azure-app-configuration/concept-enable-rbac.md‎
Lines changed: 96 additions & 92 deletions b/‎articles/azure-app-configuration/concept-enable-rbac.md‎
Lines changed: 96 additions & 92 deletions
diff --git a/‎articles/azure-app-configuration/monitor-app-configuration.md‎
Lines changed: 11 additions & 0 deletions b/‎articles/azure-app-configuration/monitor-app-configuration.md‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎articles/azure-app-configuration/rest-api-authentication-azure-ad.md‎
Lines changed: 1 addition & 1 deletion b/‎articles/azure-app-configuration/rest-api-authentication-azure-ad.md‎
Lines changed: 1 addition & 1 deletion
@@ -60,9 +60,27 @@ Follow these steps to assign App Configuration Data roles to your credential.
 3. On the **Members** tab, follow the wizard to select the credential you're granting access to and then select **Next**.
 4. Finally, on the **Review + assign** tab, select **Review + assign** to assign the role.
 
-## Cloud-specific audience for Entra ID authentication
+## Audience for Entra ID authentication
 
-When using Entra ID and the following Azure App Configuration libraries in clouds other than Azure cloud, Azure Government, and Microsoft Azure operated by 21Vianet, an appropriate Entra ID audience must be configured to enable authentication.
+The audience for Microsoft Entra ID authentication defines who is permitted to access a specific resource. It identifies the intended recipient of the security token. App Configuration supports different audiences for different clouds.
+
+### App Configuration audience
+
+For Azure App Configuration in the global Azure cloud, use the following audience: 
+
+`https://appconfig.azure.com`
+
+For Azure App Configuration in the national clouds, use the applicable audience specified in the table below:
+
+| **National cloud**                   | **Audience**                        |
+| ------------------------------------ | ----------------------------------- |
+| Azure Government                     | `https://appconfig.azure.us`        |
+| Microsoft Azure operated by 21Vianet | `https://appconfig.azure.cn`        |
+| Bleu                                 | `https://appconfig.sovcloud-api.fr` |
+
+### Configure cloud-specific audience
+
+When using Entra ID to authenticate with Azure App Configuration in clouds other than Azure cloud, Azure Government, and Microsoft Azure operated by 21Vianet, an appropriate Entra ID audience must be configured.
 
 > [!TIP]
 > If you encounter the following error when connecting to Azure App Configuration, it’s typically because you’re using App Configuration in a specific cloud without explicitly configuring the Microsoft Entra ID audience.
@@ -74,32 +92,12 @@ When using Entra ID and the following Azure App Configuration libraries in cloud
 > To resolve this issue, configure the appropriate Entra ID audience as shown in the code snippets below.
 
 ### [.NET](#tab/dotnet)
+#### .NET configuration provider
 
-The Audience for the target cloud must be configured for the following packages.
-
-- Azure SDK for .NET: Azure.Data.AppConfiguration >= 1.6.0
-- .NET configuration provider: Microsoft.Extensions.Configuration.AzureAppConfiguration >= 8.2.0
-
-In the **Azure SDK for .NET**, audience is configured by utilizing the following API calls:
-
-* The ConfigurationClient constructor [accepts ConfigurationClientOptions](/dotnet/api/azure.data.appconfiguration.configurationclient.-ctor#azure-data-appconfiguration-configurationclient-ctor(system-uri-azure-core-tokencredential-azure-data-appconfiguration-configurationclientoptions))
-* ConfigurationClientOptions allows [Audience](/dotnet/api/azure.data.appconfiguration.configurationclientoptions.audience#azure-data-appconfiguration-configurationclientoptions-audience) to be set
-
-The following code snippet demonstrates how to instantiate a configuration client with a cloud-specific audience.
-
-```csharp
-var configurationClient = new ConfigurationClient(
-    myStoreEndpoint,
-    new DefaultAzureCredential(),
-    new ConfigurationClientOptions
-    {
-        Audience = "{Cloud specific audience here}"
-    });
-```
-
-In the **.NET configuration provider**, audience is configured by utilizing the following API calls:
-
-* AzureAppConfigurationOptions exposes a [ConfigureClientOptions](/dotnet/api/microsoft.extensions.configuration.azureappconfiguration.azureappconfigurationoptions.configureclientoptions#microsoft-extensions-configuration-azureappconfiguration-azureappconfigurationoptions-configureclientoptions(system-action((azure-data-appconfiguration-configurationclientoptions)))) method
+If your application uses any of the following packages, audience can be configured by utilizing the [ConfigureClientOptions](/dotnet/api/microsoft.extensions.configuration.azureappconfiguration.azureappconfigurationoptions.configureclientoptions#microsoft-extensions-configuration-azureappconfiguration-azureappconfigurationoptions-configureclientoptions(system-action((azure-data-appconfiguration-configurationclientoptions)))) method. Use version **8.2.0** or later of any of the following packages to configure the audience.
+ - `Microsoft.Extensions.Configuration.AzureAppConfiguration`
+ - `Microsoft.Azure.AppConfiguration.AspNetCore`
+ - `Microsoft.Azure.AppConfiguration.Functions.Worker`
 
 The following code snippet demonstrates how to add the Azure App Configuration provider into a .NET application with a cloud-specific audience.
 
@@ -110,30 +108,34 @@ builder.AddAzureAppConfiguration(o =>
             myStoreEndpoint,
             new DefaultAzureCredential());
 
-        o.ConfigureClientOptions(clientOptions => clientOptions.Audience = "{Cloud specific audience here}");
+        o.ConfigureClientOptions(clientOptions =>
+            clientOptions.Audience = "{Cloud specific audience here}");
     });
 ```
 
-### [Java](#tab/java)
-
-The Audience for the target cloud must be configured for the following packages.
+#### Azure SDK for .NET
 
-- Azure SDK for Java: azure-data-appconfiguration >= 1.8.0
-- Java configuration provider: spring-cloud-azure-appconfiguration-config >= 5.22.0
-
-In the **Azure SDK for Java**, audience is configured by passing the `audience` option to the `ConfigurationClientBuilder` when building a `ConfigurationClient`.
+If your application uses the following package, audience can be configured in `ConfigurationClientOptions` when constructing the `ConfigurationClient` object. Use version **1.6.0** or later of the following package.
+ - `Azure.Data.AppConfiguration`
 
 The following code snippet demonstrates how to instantiate a configuration client with a cloud-specific audience.
 
-```java
-ConfigurationClient configurationClient = new ConfigurationClientBuilder()
-    .endpoint(myStoreEndpoint)
-    .credential(new DefaultAzureCredentialBuilder().build())
-    .audience(ConfigurationAudience.fromString("{Cloud specific audience here}"))
-    .buildClient();
+```csharp
+var configurationClient = new ConfigurationClient(
+    myStoreEndpoint,
+    new DefaultAzureCredential(),
+    new ConfigurationClientOptions
+    {
+        Audience = "{Cloud specific audience here}"
+    });
 ```
 
-In the **Spring configuration provider**, audience is configured by customizing the `ConfigurationClientBuilder` through the `ConfigurationClientCustomizer` interface, then adding it to the bootstrap registry.
+### [Java](#tab/java)
+#### Spring configuration provider
+
+If your application uses any of the following packages, audience can be configured by customizing the `ConfigurationClientBuilder` through the `ConfigurationClientCustomizer` interface, then adding it to the bootstrap registry. Use version **5.22.0** or later of the following packages to configure the audience.
+ - `spring-cloud-azure-appconfiguration-config`
+ - `spring-cloud-azure-appconfiguration-config-web`
 
 The following code snippet demonstrates how to add the Azure App Configuration provider into a Spring Boot application with a cloud-specific audience.
 
@@ -178,24 +180,26 @@ public class Application {
 }
 ```
 
-### [JavaScript](#tab/javascript)
-
-The Audience for the target cloud must be configured for the following packages.
-
-- Azure SDK for JavaScript: @azure/app-configuration >= 1.9.0
-- JavaScript configuration provider: @azure/app-configuration-provider >= 1.0.0
+#### Azure SDK for Java
 
-In the **Azure SDK for JavaScript**, audience is configured by passing the `audience` option to the `AppConfigurationClient` constructor.
+If your application uses the following package, audience can be configured by passing the `audience` option to the `ConfigurationClientBuilder` when building a `ConfigurationClient`. Use version **1.8.0** or later of the following package.
+ - `azure-data-appconfiguration`
 
 The following code snippet demonstrates how to instantiate a configuration client with a cloud-specific audience.
 
-```javascript
-const client = new AppConfigurationClient(myStoreEndpoint, new DefaultAzureCredential(), {
-    audience: "{Cloud specific audience here}",
-});
+```java
+ConfigurationClient configurationClient = new ConfigurationClientBuilder()
+    .endpoint(myStoreEndpoint)
+    .credential(new DefaultAzureCredentialBuilder().build())
+    .audience(ConfigurationAudience.fromString("{Cloud specific audience here}"))
+    .buildClient();
 ```
 
-In the **JavaScript configuration provider**, audience is configured by passing the `clientOptions` with the `audience` property to the `load` function.
+### [JavaScript](#tab/javascript)
+#### JavaScript configuration provider
+
+If your application uses the following package, audience can be configured by passing the `clientOptions` with the `audience` property to the `load` function. Use version **1.0.0** or later of the following package.
+ - `@azure/app-configuration-provider`
 
 The following code snippet demonstrates how to load Azure App Configuration in a JavaScript application with a cloud-specific audience.
 
@@ -207,14 +211,22 @@ const appConfig = await load(myStoreEndpoint, credential, {
 });
 ```
 
-### [Go](#tab/go)
+#### Azure SDK for JavaScript
 
-The Audience for the target cloud must be configured for the following packages.
+If your application uses the following package, audience can be configured by passing the `audience` option to the `AppConfigurationClient` constructor. Use version **1.9.0** or later of the following package.
+ - `@azure/app-configuration`
+
+The following code snippet demonstrates how to instantiate a configuration client with a cloud-specific audience.
+
+```javascript
+const client = new AppConfigurationClient(myStoreEndpoint, new DefaultAzureCredential(), {
+    audience: "{Cloud specific audience here}",
+});
+```
 
-- Azure SDK for Go: azappconfig >= 2.1.0
-- Go configuration provider: azureappconfiguration >= 1.0.0
+### [Go](#tab/go)
 
-You need to import the following packages:
+To configure the Entra ID audience, import the following packages in your Go application first:
 
 ```golang
 import (
@@ -223,13 +235,21 @@ import (
 )
 ```
 
-In the **Azure SDK for Go**, audience is configured by utilizing the cloud configuration.
+#### Go configuration provider
 
-The following code snippet demonstrates how to instantiate a configuration client with a cloud-specific audience.
+If your application uses the following package, audience can be configured by passing the `ClientOptions` with the cloud configuration to the `Load` function. Use version **1.0.0** or later of the following package.
+ - `azureappconfiguration`
+
+The following code snippet demonstrates how to load Azure App Configuration in a Go application with a cloud-specific audience.
 
 ```golang
 credential, _:= azidentity.NewDefaultAzureCredential(nil)
 
+authOptions := azureappconfiguration.AuthenticationOptions{
+    Endpoint: myStoreEndpoint,
+    Credential: credential,
+}
+
 cloudConfig := cloud.Configuration{
     Services: map[cloud.ServiceName]cloud.ServiceConfiguration{
         azappconfig.ServiceName: {
@@ -238,27 +258,27 @@ cloudConfig := cloud.Configuration{
     },
 }
 
-clientOptions := &azappconfig.ClientOptions{
-    ClientOptions: policy.ClientOptions{
-        Cloud: cloudConfig,
+options := &azureappconfiguration.Options{
+    ClientOptions: &azappconfig.ClientOptions{
+        ClientOptions: policy.ClientOptions{
+            Cloud: cloudConfig,
+        },
     },
 }
 
-client, _ := azappconfig.NewClient(myStoreEndpoint, credential, clientOptions)
+appConfig, _ := azureappconfiguration.Load(context.Background(), authOptions, options)
 ```
 
-In the **Go configuration provider**, audience is configured by passing the `ClientOptions` with the cloud configuration to the `Load` function.
+#### Azure SDK for Go
 
-The following code snippet demonstrates how to load Azure App Configuration in a Go application with a cloud-specific audience.
+If your application uses the following package, audience can be configured by utilizing the cloud configuration. Use version **2.1.0** or later of the following package.
+ - `azappconfig`
+
+The following code snippet demonstrates how to instantiate a configuration client with a cloud-specific audience.
 
 ```golang
 credential, _:= azidentity.NewDefaultAzureCredential(nil)
 
-authOptions := azureappconfiguration.AuthenticationOptions{
-    Endpoint: myStoreEndpoint,
-    Credential: credential,
-}
-
 cloudConfig := cloud.Configuration{
     Services: map[cloud.ServiceName]cloud.ServiceConfiguration{
         azappconfig.ServiceName: {
@@ -267,32 +287,16 @@ cloudConfig := cloud.Configuration{
     },
 }
 
-options := &azureappconfiguration.Options{
-    ClientOptions: &azappconfig.ClientOptions{
-        ClientOptions: policy.ClientOptions{
-            Cloud: cloudConfig,
-        },
+clientOptions := &azappconfig.ClientOptions{
+    ClientOptions: policy.ClientOptions{
+        Cloud: cloudConfig,
     },
 }
 
-appConfig, _ := azureappconfiguration.Load(context.Background(), authOptions, options)
+client, _ := azappconfig.NewClient(myStoreEndpoint, credential, clientOptions)
 ```
 
 ---
 
-### Audience
-
-For Azure App Configuration in the global Azure cloud, use the following audience: 
-
-`https://appconfig.azure.com`
-
-For Azure App Configuration in the national clouds, use the applicable audience specified in the table below:
-
-| **National cloud**                   | **Audience**                        |
-| ------------------------------------ | ----------------------------------- |
-| Azure Government                     | `https://appconfig.azure.us`        |
-| Microsoft Azure operated by 21Vianet | `https://appconfig.azure.cn`        |
-| Bleu                                 | `https://appconfig.sovcloud-api.fr` |
-
 ## Next steps
 Learn how to [use managed identities to access your App Configuration store](howto-integrate-azure-managed-service-identity.md).
@@ -237,6 +237,17 @@ The following table lists common and recommended alert rules for App C
 ### Metrics schema
 For details on the metrics schema, see [App Configuration Metrics](/azure/azure-monitor/reference/supported-metrics/microsoft-appconfiguration-configurationstores-metrics)
 
+#### Metrics Dimensions
+| Metric Name | Dimension description |
+|-------|-----|
+| HTTP Incoming Request Count | The supported dimensions are the **HttpStatusCode**, **AuthenticationScheme**, and **Endpoint** of each request. **AuthenticationScheme** can be filtered by "AAD" or "HMAC" authentication. |
+| HTTP Incoming Request Duration | The supported dimensions are the **HttpStatusCode**, **AuthenticationScheme**, and **Endpoint** of each request. **AuthenticationScheme** can be filtered by "AAD" or "HMAC" authentication. |
+| Throttled HTTP Request Count | The **Endpoint** of each request is included as a dimension. |
+| Daily Storage Usage | This metric does not have any dimensions. |
+| Request Quota Usage | The supported dimensions are the **OperationType** ("Read" or "Write") and **Endpoint** of each request. |
+| Replication Latency | The **Endpoint** of the replica that data was replicated to is included as a dimension. |
+| Snapshot Storage Size | This metric does not have any dimensions. |
+
 ### Logs schema
 
 #### Activity logs schema
 
@@ -39,7 +39,7 @@ Before acquiring a Microsoft Entra token, you must identify what user you want t
 
 Request the Microsoft Entra token with a proper audience. The audience can also be referred to as the *resource* that the token is being requested for.
 
-For details on which audience to use for which cloud, refer to the [audience section of the  Entra ID access overview](./concept-enable-rbac.md#audience).
+For details on which audience to use for which cloud, refer to the [audience section of the  Entra ID access overview](./concept-enable-rbac.md#app-configuration-audience).
 
 <a name='azure-ad-authority'></a>