MicrosoftDocs
diff --git a/‎articles/api-management/api-management-howto-mutual-certificates.md‎
Lines changed: 5 additions & 9 deletions b/‎articles/api-management/api-management-howto-mutual-certificates.md‎
Lines changed: 5 additions & 9 deletions
diff --git a/‎articles/api-management/developer-portal-wordpress-plugin.md‎
Lines changed: 90 additions & 42 deletions b/‎articles/api-management/developer-portal-wordpress-plugin.md‎
Lines changed: 90 additions & 42 deletions
diff --git a/‎articles/api-management/get-started-create-service-instance.md‎
Lines changed: 32 additions & 26 deletions b/‎articles/api-management/get-started-create-service-instance.md‎
Lines changed: 32 additions & 26 deletions
@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 11/14/2025
+ms.date: 03/31/2026
 ms.author: danlep 
 ms.custom:
   - devx-track-azurepowershell
@@ -35,7 +35,6 @@ API Management provides two options for managing certificates that are used to s
 
 [!INCLUDE [api-management-workspace-key-vault-availability](../../includes/api-management-workspace-key-vault-availability.md)]
 
-
 We recommend that you use key vault certificates because doing so improves API Management security:
 
 * Certificates stored in key vaults can be reused across services.
@@ -49,14 +48,11 @@ We recommend that you use key vault certificates because doing so improves API M
 * If you haven't created an API Management instance yet, see [Create an API Management service instance](get-started-create-service-instance.md).
 * Configure your backend service client certificate authentication. For information about configuring certificate authentication in Azure App Service, see [Configure TLS mutual authentication in App Service][to configure certificate authentication in Azure WebSites refer to this article]. 
 * Ensure that you have access to the certificate and the password for management in an Azure key vault, or a certificate to upload to the API Management service. The certificate must be in PFX format. Self-signed certificates are allowed. 
-* If you use a self-signed certificate or other custom CA certificate and your API Management instance is in one of the classic tiers, install the corresponding root and intermediate CA certificates in API Management to enable validation of the backend service certificate. For more information, see [How to add a custom CA certificate in Azure API Management](api-management-howto-ca-certificates.md)
-
-    If you don't install the CA certificates, API Management can't validate the backend service certificate, and requests to the backend service fail unless you disable certificate chain validation. See [Disable certificate chain validation for self-signed certificates](#disable-certificate-chain-validation-for-self-signed-certificates) later in this article.
-
-    [!INCLUDE [api-management-ca-certificate-v2-tiers](../../includes/api-management-ca-certificate-v2-tiers.md)]
+* If you use a self-signed certificate and your API Management instance is in one of the classic tiers, disable certificate chain validation. See [Disable certificate chain validation for self-signed certificates](#disable-certificate-chain-validation-for-self-signed-certificates) later in this article.
 
     > [!NOTE]
-    > CA certificates for certificate validation aren't supported in the Consumption tier.
+    > When a client certificate is used by API Management for **outbound authentication** (for example, when API Management presents the certificate to a backend service), you don't need to upload the root or intermediate CA certificates to the API Management CA store. In this scenario, API Management *presents* the client certificate and doesn't perform certificate chain validation.<br/><br/>
+    > Uploading trusted root or intermediate CA certificates is only required when API Management must *validate* a certificate chain, such as during inbound client certificate authentication.
 
 [!INCLUDE [api-management-client-certificate-key-vault](../../includes/api-management-client-certificate-key-vault.md)]
 
@@ -118,4 +114,4 @@ To delete a certificate, select **Delete** on the ellipsis (**...**) menu:
 [Create an API Management service instance]: get-started-create-service-instance.md
 
 [WebApp-GraphAPI-DotNet]: https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet
-[to configure certificate authentication in Azure WebSites refer to this article]: ../app-service/app-service-web-configure-tls-mutual-auth.md
+[to configure certificate authentication in Azure WebSites refer to this article]: ../app-service/app-service-web-configure-tls-mutual-auth.md
@@ -1,10 +1,10 @@
 ---
-title: Quickstart - Create Azure API Management instance - Portal
+title: "Quickstart: Create Azure API Management Instance using the Portal"
 description: Use this quickstart to create a new Azure API Management instance by using the Azure portal.
 author: dlepow
 ms.service: azure-api-management
 ms.topic: quickstart
-ms.date: 03/12/2025
+ms.date: 03/27/2026
 ms.author: danlep
 ms.custom:
   - mvc
@@ -17,53 +17,59 @@ ms.custom:
 
 [!INCLUDE [api-management-availability-all-tiers](../../includes/api-management-availability-all-tiers.md)]
 
-This quickstart describes the steps for creating a new API Management instance using the Azure portal. After creating an instance, you can use the Azure portal for common management tasks such as importing APIs in your API Management instance.
+This quickstart describes the steps for creating a new API Management instance by using the Azure portal. After creating an instance, you can use the Azure portal for common management tasks such as importing APIs in your API Management instance.
 
 [!INCLUDE [api-management-quickstart-intro](../../includes/api-management-quickstart-intro.md)]
 
-[!INCLUDE [quickstarts-free-trial-note](~/reusable-content/ce-skilling/azure/includes/quickstarts-free-trial-note.md)]
-
-## Sign in to Azure
+## Prerequisites
 
-Sign in to the [Azure portal](https://portal.azure.com).
+[!INCLUDE [quickstarts-free-trial-note](~/reusable-content/ce-skilling/azure/includes/quickstarts-free-trial-note.md)]
 
 ## Create a new instance
 
-1. From the Azure portal menu, select **Create a resource**. You can also select **Create a resource** on the Azure **Home** page.
-   
-   :::image type="content" source="media/get-started-create-service-instance/create-resource.png" alt-text="Select Create a resource.":::
+1. Sign in to the [Azure portal](https://portal.azure.com).
 
+1. Select **Create a resource**. You can also select **Create a resource** on the Azure **Home** page.
 
+   :::image type="content" source="media/get-started-create-service-instance/create-resource.png" alt-text="Screenshot showing the Azure portal.":::
+
 1. On the **Create a resource** page, select **Integration** > **API Management**.
 
-   :::image type="content" source="media/get-started-create-service-instance/create-resource-page.png" alt-text="Screenshot of creating a     new Azure API Management instance.":::
+   :::image type="content" source="media/get-started-create-service-instance/create-resource-page.png" alt-text="Screenshot showing the Create a resource screen with API Management highlighted.":::
 
 1. On the **Create API Management** page, on the **Basics** tab, enter settings.
 
-   :::image type="content" source="media/get-started-create-service-instance/create-api-management-instance-1.png" alt-text="Create API Management instance.":::
+   :::image type="content" source="media/get-started-create-service-instance/create-api-management-instance-1.png" alt-text="Screenshot showing the basic settings to create an API Management instance.":::
 
-   | Setting                 | Description   |                                                                     
+   | Setting     | Description   |                                                                     
    |-------------------------|-----------------------------------------------|
-   | **Subscription**          | The subscription under which this new service instance will be created.   |
-   | **Resource group**      |  Select a new or existing resource group. A resource group is a logical container into which Azure resources are deployed and managed. |
-   | **Region**          | Select a geographic region near you from the available API Management service locations. | 
-   | **Resource name**                | A unique name for your API Management instance. The name can't be changed later. The service name refers to both the service and the corresponding Azure resource. <br/><br/> The service name is used to generate a default domain name: *\<name\>.azure-api.net.* If you would like to configure a custom domain name later, see [Configure a custom domain](configure-custom-domain.md). |
+   | **Subscription**        | The subscription under which this new service instance will be created.   |
+   | **Resource group**      | Select a new or existing resource group. A resource group is a logical container into which Azure resources are deployed and managed. |
+   | **Region**              | Select a geographic region near you from the available API Management service locations. | 
+   | **Resource name**       | A unique name for your API Management instance. The name can't be changed later. The service name refers to both the service and the corresponding Azure resource. <br/><br/> The service name is used to generate a default domain name: *\<name\>.azure-api.net.* If you would like to configure a custom domain name later, see [Configure a custom domain](configure-custom-domain.md). |
    | **Organization name**   | The name of your organization. This name is used in many places, including the title of the developer portal and sender of notification emails. |                                                         
-   | **Administrator email** | The email address to which all system notifications from **API Management** will be sent.   |  
+   | **Administrator email** | The email address to which all system notifications from **API Management** are sent.   |  
    | **Pricing tier**        | Select a [tier](api-management-features.md) with the features you need. The **Basic v2** tier is an economical choice for development and testing scenarios and is deployed in a few minutes.  |
-   | **Units**  | The number of units of capacity for the selected pricing tier. For evaluating API Management, you can accept the default value of 1 unit. |
+   | **Units**  | The number of units of capacity for the selected pricing tier. For evaluating API Management, you can accept the default value of *1* unit. |
 
 1. On the **Monitor + secure** tab, optionally select one or more recommended add-in services to use with API Management. These services incur extra costs. For example, select **Log Analytics** to define a Log Analytics workspace you can target for API Management logs. 
 
-    > [!TIP]
-    > It can take 30 to 40 minutes or more to create and activate an API Management service in this tier. To quickly find a newly created service, select **Pin to dashboard**.
+1. On the **Networking** tab, optionally select one or more networking options that are supported in your service tier to secure inbound or outbound traffic to API Management.
+
+1. On the **Managed identity** tab, optionally enable a system-assigned managed identity for your instance. This is recommended for many scenarios to connect API Management to other Azure services.
+
+1. On the **Tags** tab, optionally add one or more name-value pairs to help you categorize your Azure resources.
 
+1. Select **Review + create**. After validation completes, select **Create**.
+
+    > [!TIP]
+    > The time to create and activate an API Management service depends on the service tier. To quickly find a newly created service, select **Pin to dashboard**.
 
 [!INCLUDE [api-management-navigate-to-instance](../../includes/api-management-navigate-to-instance.md)]
 
 Review the properties of your service on the **Overview** page.
 
-   :::image type="content" source="media/get-started-create-service-instance/get-started-create-service-instance-created-1.png" alt-text="API Management instance.":::
+   :::image type="content" source="media/get-started-create-service-instance/get-started-create-service-instance-created-1.png" alt-text="Screenshot showing the overview section of your API Management instance.":::
 
 When your API Management service instance is online, you're ready to use it. Start with the tutorial to [import and publish your first API](import-and-publish.md).
 
@@ -73,19 +79,19 @@ When no longer needed, you can remove the resource group and all the related res
 
 1. In the Azure portal, search for and select **Resource groups**. You can also select **Resource groups** on the **Home** page. 
 
-   :::image type="content" source="media/get-started-create-service-instance/resource-groups.png" alt-text="Resource group navigation.":::
+   :::image type="content" source="media/get-started-create-service-instance/resource-groups.png" alt-text="Screenshot showing Resource groups in the portal search bar.":::
 
 1. On the **Resource groups** page, select your resource group.
 
-   :::image type="content" source="media/get-started-create-service-instance/resource-group-page.png" alt-text="Select your resource group.":::
+   :::image type="content" source="media/get-started-create-service-instance/resource-group-page.png" alt-text="Screenshot showing your resource groups.":::
 
 1. On the resource group page, select **Delete resource group**.
 
 1. Type the name of your resource group, and then select **Delete**.
 
-   :::image type="content" source="media/get-started-create-service-instance/delete-resource-group.png" alt-text="Delete resource group.":::
+   :::image type="content" source="media/get-started-create-service-instance/delete-resource-group.png" alt-text="Screenshot showing the button to delete your resource group.":::
 
-## Next steps
+## Next step
 
 > [!div class="nextstepaction"]
 > [Import and publish your first API](import-and-publish.md)