AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-04-10 · Documentation low

File: bedrock-agentcore/latest/devguide/identity-idp-microsoft.md

Summary

Fixed URL formatting issues by removing incorrect backticks around tenantId variable in Microsoft Entra ID configuration examples

Security assessment

The change corrects malformed URL examples by removing backticks that were incorrectly placed around 'tenantId' variable. This fixes documentation errors but doesn't address any specific security vulnerability or add security features. However, accurate documentation of OAuth endpoints is important for proper security configuration.

Diff

diff --git a/bedrock-agentcore/latest/devguide/identity-idp-microsoft.md b/bedrock-agentcore/latest/devguide/identity-idp-microsoft.md
index 5c9ed9fbb..d2d073052 100644
--- a//bedrock-agentcore/latest/devguide/identity-idp-microsoft.md
+++ b//bedrock-agentcore/latest/devguide/identity-idp-microsoft.md
@@ -32 +32 @@ For all token types, in your custom authorizer:
-    * For v1.0 tokens use: `https://login.microsoftonline.com/`tenantId`/.well-known/openid-configuration`
+    * For v1.0 tokens use: `https://login.microsoftonline.com/tenantId/.well-known/openid-configuration`
@@ -34 +34 @@ For all token types, in your custom authorizer:
-    * For v2.0 tokens use: `https://login.microsoftonline.com/`tenantId`/v2.0/.well-known/openid-configuration`
+    * For v2.0 tokens use: `https://login.microsoftonline.com/tenantId/v2.0/.well-known/openid-configuration`
@@ -45 +45 @@ When fetching the token from Microsoft Entra:
-  * Include in authorization URL a scope like ``entra-application-id`/.default` alongside any other scopes your application might require. This allows Microsoft to know that you intend to use the access token against resources other than Microsoft's Graph API and will result in a token that can be validated by AgentCore Identity.
+  * Include in authorization URL a scope like `entra-application-id/.default` alongside any other scopes your application might require. This allows Microsoft to know that you intend to use the access token against resources other than Microsoft’s Graph API and will result in a token that can be validated by AgentCore Identity.