PR review

Author: dlepow

articles/api-management/how-to-deploy-self-hosted-gateway-azure-arc.md

@@ -7,6 +7,7 @@ ms.service: azure-api-management
 ms.custom: devx-track-azurecli
 ms.topic: how-to 
 ms.date: 10/06/2025
+ms.custom: references_regions
 ---
 
 # Deploy an Azure API Management gateway on Azure Arc (preview)

articles/api-management/how-to-self-hosted-gateway-on-kubernetes-in-production.md

@@ -19,15 +19,15 @@ In order to run the self-hosted gateway in production, there are various aspects
 
 This article provides guidance on how to run [self-hosted gateway](./self-hosted-gateway-overview.md) on Kubernetes for production workloads to ensure that it will run smoothly and reliably.
 
-## Access token
+## Authentication
 
 By default, an access token (also called an authentication key) is used by the self-hosted gateway to authenticate with the API Management instance.
 
 Without a valid access token, a self-hosted gateway can't access and download configuration data from the endpoint of the associated API Management service. The access token can be valid for a maximum of 30 days. It must be regenerated, and the cluster configured with a fresh token, either manually or via automation before it expires.
 
 When you're automating token refresh, use [this management API operation](/rest/api/apimanagement/current-ga/gateway/generate-token) to generate a new token. For information on managing Kubernetes secrets, see the [Kubernetes website](https://kubernetes.io/docs/concepts/configuration/secret).
 
-You can also deploy the self-hosted gateway to Kubernetes and enable authentication to the API Management instance by using Microsoft Entra ID. For more information, see [Self-hosted gateway authentication options](self-hosted-gateway-authentication-options.md).
+You can also deploy the self-hosted gateway to Kubernetes and enable authentication to the API Management instance by using Microsoft Entra ID. For more information and considerations, see [Self-hosted gateway authentication options](self-hosted-gateway-authentication-options.md).
 
 ## Autoscaling
 
@@ -50,7 +50,7 @@ Kubernetes allows you to autoscale the self-hosted gateway based on resource usa
 An alternative is to use Kubernetes Event-driven Autoscaling (KEDA) allowing you to scale workloads based on a [variety of scalers](https://keda.sh/docs/latest/scalers/), including CPU and memory.
 
 > [!TIP]
-> If you are already using KEDA to scale other workloads, we recommend using KEDA as a unified app autoscaler. If that is not the case, then we strongly suggest to rely on the native Kubernetes functionality through Horizontal Pod Autoscaler.
+> If you are already using KEDA to scale other workloads, we recommend using KEDA as a unified app autoscaler. If that is not the case, then we strongly suggest relying on the native Kubernetes functionality through Horizontal Pod Autoscaler.
 
 ### Traffic-based autoscaling
 

articles/api-management/self-hosted-gateway-authentication-options.md

@@ -1,5 +1,5 @@
 ---
-title: Authentication Options for API Management Self-hosted Gateway
+title: Authentication Options for Self-hosted Gateway - Azure API Management
 description: Options for the Azure API Management self-hosted gateway to authenticate to the cloud-based API Management instance.
 services: api-management
 author: dlepow
@@ -12,7 +12,11 @@ ms.author: danlep
 
 # Self-hosted gateway authentication options
 
-The gateway container's [configuration settings](self-hosted-gateway-settings-reference.md) provide the following options for authenticating the connection between the self-hosted gateway and the cloud-based API Management instance's configuration endpoint.
+The gateway container's [configuration settings](self-hosted-gateway-settings-reference.md) provide options for authenticating the connection between the self-hosted gateway and the cloud-based API Management instance's configuration endpoint.
+
+### Options and considerations
+
+THe following table lists authentication options for the self-hosted gateway and considerations for each option. The linked articles provide step-by-step instructions for how to configure each authentication method.
 
 |Option  |Considerations  |
 |---------|---------|

articles/api-management/self-hosted-gateway-enable-azure-ad.md

@@ -59,10 +59,10 @@ Create a new Microsoft Entra app. For steps, see [Create a Microsoft Entra appli
 
 #### Step 2: Assign API Management Gateway Configuration Reader Service Role
 
-[Assign](../active-directory/develop/howto-create-service-principal-portal.md#assign-a-role-to-the-application) the API Management Gateway Configuration Reader Service Role to the app.
+[Assign](../active-directory/develop/howto-create-service-principal-portal.md#assign-a-role-to-the-application) the API Management Gateway Configuration Reader Service role to the app.
 
 - Scope: The API Management instance (or resource group or subscription in which the app is deployed)
-- Role: API Management Gateway Configuration Reader Role
+- Role: API Management Gateway Configuration Reader role
 - Assign access to: Microsoft Entra app
 
 ## Deploy the self-hosted gateway
@@ -73,7 +73,7 @@ Deploy the self-hosted gateway to a containerized environment, such as Kubernete
 
 You can deploy the self-hosted gateway with Microsoft Entra authentication by using a [Helm chart](https://github.com/Azure/api-management-self-hosted-gateway). 
 
-Replace the following values in the the `helm install` command with your actual values:
+Replace the following values in the `helm install` command with your actual values:
 
 - `<gateway-name>`: Your Azure API Management instance name
 - `<gateway-url>`: The URL of your gateway, in the format `https://<gateway-name>.configuration.azure-api.net`

articles/api-management/self-hosted-gateway-enable-workload-identity.md

@@ -54,7 +54,7 @@ To enable workload identity authentication, complete the following steps:
 
 <a name='step-1-register-azure-ad-app-and-configure-workload-identity'></a>
 
-#### Step 1: Register Microsoft Entra app and configure workload identity
+#### Step 1: Register the Microsoft Entra app and configure workload identity
 
 Create a new Microsoft Entra app. For steps, see [Create a Microsoft Entra application and service principal that can access resources](../active-directory/develop/howto-create-service-principal-portal.md). The Microsoft Entra app is used by the self-hosted gateway to authenticate to the API Management instance.
 
@@ -77,12 +77,12 @@ Next, configure federated identity credentials to establish trust between your M
 
 For more information, see [Configure a federated identity credential on an app](/entra/workload-id/workload-identity-federation-create-trust).
 
-#### Step 2: Assign API Management Gateway Configuration Reader Service Role
+#### Step 2: Assign API Management Gateway Configuration Reader Service role
 
-[Assign](../active-directory/develop/howto-create-service-principal-portal.md#assign-a-role-to-the-application) the API Management Gateway Configuration Reader Service Role to the app.
+[Assign](../active-directory/develop/howto-create-service-principal-portal.md#assign-a-role-to-the-application) the API Management Gateway Configuration Reader Service role to the app.
 
 - Scope: The API Management instance (or resource group or subscription in which the app is deployed)
-- Role: API Management Gateway Configuration Reader Role
+- Role: API Management Gateway Configuration Reader role
 - Assign access to: Microsoft Entra app
 
 ## Deploy the self-hosted gateway

articles/api-management/self-hosted-gateway-overview.md

@@ -215,7 +215,6 @@ With v2.1.1 and later, you can manage the ciphers that are being used via config
 
 -   [API gateway overview](api-management-gateways-overview.md)
 -   [Support policy for self-hosted gateway](self-hosted-gateway-support-policies.md)
--   [API Management in a hybrid and multicloud world](https://aka.ms/hybrid-and-multi-cloud-api-management)
 -   [Guidance for running self-hosted gateway on Kubernetes in production](how-to-self-hosted-gateway-on-kubernetes-in-production.md)
 -   [Deploy a self-hosted gateway to Docker](how-to-deploy-self-hosted-gateway-docker.md)
 -   [Deploy a self-hosted gateway to Kubernetes](how-to-deploy-self-hosted-gateway-kubernetes.md)