Update security architecture description for clarity

v-meluri · web-flow · commit 88f4f5db30d2 · 2026-02-06T15:24:30.000+05:30
Clarified the role of Microsoft Entra ID in managing identities and access for AI workloads, emphasizing the use of Entra ID tokens over API keys.
diff --git a/learn-pr/wwl-azure/implement-secure-ai-ready-infrastructure-azure-services/includes/2-understand-microsoft-foundry-security-architecture.md b/learn-pr/wwl-azure/implement-secure-ai-ready-infrastructure-azure-services/includes/2-understand-microsoft-foundry-security-architecture.md
@@ -17,7 +17,7 @@ This becomes especially important when your security team needs to respond to ne
 
 ## Core security components
 
-The hub integrates three foundational security services that protect your AI workloads. Microsoft Entra ID provides identity and access management through role-based access control (RBAC), allowing you to define who can create projects, deploy models, and access training data. Unlike service-specific authentication, Microsoft Entra ID centralizes identity management—your existing user groups and conditional access policies apply automatically to AI resources. At the same time, managed identities eliminate credential storage by allowing applications and services to authenticate directly using Microsoft Entra tokens, removing API keys from your codebase entirely.
+The hub integrates three foundational security services that protect your AI workloads. Microsoft Entra ID provides identity and access management through role-based access control (RBAC), allowing you to define who can create projects, deploy models, and access training data. Unlike service-specific authentication, Microsoft Entra ID centralizes identity management—your existing user groups and conditional access policies apply automatically to AI resources. At the same time, managed identities eliminate credential storage by allowing applications and services to authenticate directly using Microsoft Entra ID tokens, removing API keys from your codebase entirely.
 
 Azure Virtual Network delivers network isolation by creating private connectivity between your hub and Azure services. When you deploy a private endpoint for Azure OpenAI Service, all API traffic flows through your virtual network rather than the public internet. This network boundary prevents external access attempts and ensures compliance with data residency requirements. For example, your fraud detection models processing customer transactions stay within EU Azure regions, satisfying data localization mandates.
 
