peters minor edits

Author: Nicolas Oman

articles/service-fabric/concepts-managed-identity.md

@@ -12,9 +12,9 @@ ms.author: atsenthi
 
 # Managed Identity for Service Fabric Application (Preview)
 
-A common challenge when building cloud applications is how to manage the credentials in your code for authenticating to cloud services. Keeping the credentials secure is an important task, since they never appear on developer workstations and aren't checked into source control. The Managed Identity for Azure resources feature in Azure Active Directory (Azure AD) solves this problem. The feature provides Azure services with an automatically-managed identity in Azure AD. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code.
+A common challenge when building cloud applications is how to manage the credentials in your code for authenticating to cloud services. Keeping credentials secure is an important task, since they never appear on developer workstations and are not checked into source control. The Managed Identity feature for Azure resources in Azure Active Directory (Azure AD) solves this problem. The feature provides Azure services with an automatically-managed identity in Azure AD. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code.
 
-Managed Identity for Azure resources feature is free with Azure AD for Azure subscriptions. There's no additional cost.
+The Managed Identity feature for Azure resources is free with Azure AD for Azure subscriptions. There is no additional cost.
 
 > [!NOTE]
 > Managed Identity for Azure resources is the new name for the service formerly known as Managed Service Identity (MSI).
@@ -41,13 +41,13 @@ The following terms are used throughout the Managed Identity for Azure resources
 
 ## Supported scenarios for Service Fabric applications
 
-It is important to clarify that managed identities for Service Fabric applications are only supported in Azure Service Fabric clusters, and only for applications deployed as Azure resources; applications deployed directly to a cluster may not and cannot be assigned an identity. Conceptually speaking, support for managed identities in Azure Service Fabric cluster consists of two phases:
+Managed identities for Service Fabric is only supported in Azure deployed Service Fabric clusters, and only for applications deployed as Azure resources; applications which are not deployed as an Azure resource cannot be assigned an identity. Conceptually speaking, support for managed identities in Azure Service Fabric cluster consists of two phases:
 
 1. Assign one or more managed identities to the application resource; an application may be assigned a single system-assigned identity, and/or up to 32 user-assigned identities, respectively.
 
 2. Within the application's definition, map one of the identities assigned to the application to any individual service comprising the application.
 
-The system-assigned identity of an application is unique to that application; a user-assigned identity is a standalone resource, which may be assigned to multiple applications. Within an application, a single identity (whether system-assigned or user-assigned) can be assigned to multiple services of the application, but at most one identity can be assigned to an individual service. Lastly, a service must be assigned an identity explicitly in order to have access to this feature. In effect, the mapping of an application's identities to its constituent services allows for an in-application isolation - a service may only use the identity mapped to it (and none at all if it was not explicitly assigned one.)  
+The system-assigned identity of an application is unique to that application; a user-assigned identity is a standalone resource, which may be assigned to multiple applications. Within an application, a single identity (whether system-assigned or user-assigned) can be assigned to multiple services of the application, but each individual service can only be assigned one identity. Lastly, a service must be assigned an identity explicitly to have access to this feature. In effect, the mapping of an application's identities to its constituent services allows for an in-application isolation - a service may only use the identity mapped to it (and none at all if it was not explicitly assigned one.)  
 
 The list of supported scenarios for the preview release is as follows:
 
@@ -58,7 +58,7 @@ The list of supported scenarios for the preview release is as follows:
 
 The following scenarios are not supported or not recommended; note these actions may not be blocked, but can lead to outages in your applications:
 
-   - Remove or change the identities assigned to an application; if you must make changes, submit separate deployments to first add a new identity assignment, and then to remove a previously assigned one. Removal of an identity from an existing application can have undesirable effects, including leaving your application in an unupgradeable state. It is safe to delete the application altogether if the removal of an identity is necessary; note this will delete the system-assigned identity (if so defined) associated with the application, and will remove any associations with the user-assigned identities assigned to the application.
+   - Remove or change the identities assigned to an application;if you must make changes, submit separate deployments to first add a new identity assignment, and then to remove a previously assigned one. Removal of an identity from an existing application can have undesirable effects, including leaving your application in a state which is not upgradeable. It is safe to delete the application altogether if the removal of an identity is necessary; note this will delete the system-assigned identity (if so defined) associated with the application, and will remove any associations with the user-assigned identities assigned to the application.
 
    - It is not recommended to mix system-assigned and user-assigned identities in the same application.
 >

articles/service-fabric/configure-existing-cluster-enable-managed-identity-token-service.md

@@ -11,7 +11,7 @@ ms.author: atsenthi
 ---
 
 # Configure an existing Azure Service Fabric cluster to enable Managed Identity support
-In order to access the managed identity feature for Azure Service Fabric applications, you must first configure the cluster enable the **Managed Identity Token Service** system service. This service is responsible for the authentication of Service Fabric applications using their managed identities, and also for obtaining access tokens on their behalf. Once the service is enabled, you can see it in Service Fabric Explorer under the **System** section in the left pane, running under the name **fabric:/System/ManagedIdentityTokenService** next to other system services.
+In order to access the managed identity feature for Azure Service Fabric applications, you must first enable the **Managed Identity Token Service** on the cluster. This service is responsible for the authentication of Service Fabric applications using their managed identities, and for obtaining access tokens on their behalf. Once the service is enabled, you can see it in Service Fabric Explorer under the **System** section in the left pane, running under the name **fabric:/System/ManagedIdentityTokenService**.
 
 > [!NOTE]
 > Service Fabric runtime version 6.5.658.9590 or higher is required to enable the **Managed Identity Token Service**.  
@@ -57,7 +57,7 @@ In order for the changes to take effect, you will also need to change the upgrad
 
 ## Errors and troubleshooting
 
-If the deployment fails with the following message, it means the cluster is not on the required Service Fabric version:
+If the deployment fails with the following message, it means the cluster is not running on a high enough Service Fabric version:
 
 ```json
 {

articles/service-fabric/configure-new-azure-service-fabric-enable-managed-identity.md

@@ -12,7 +12,7 @@ ms.author: atsenthi
 
 # Create a new Azure Service Fabric cluster with Managed Identity support
 
-In order to access the managed identity feature for Azure Service Fabric applications, you must first enable the Managed Identity Token Service system service on the cluster. This service is responsible for the authentication of Service Fabric applications using their managed identities, and also for obtaining access tokens on their behalf. Once the service is enabled, you can see it in Service Fabric Explorer under the **System** section in the left pane, running under the name **fabric:/System/ManagedIdentityTokenService** next to other system services.
+In order to access the managed identity feature for Azure Service Fabric applications, you must first enable the Managed Identity Token Service on the cluster. This service is responsible for the authentication of Service Fabric applications using their managed identities, and for obtaining access tokens on their behalf. Once the service is enabled, you can see it in Service Fabric Explorer under the **System** section in the left pane, running under the name **fabric:/System/ManagedIdentityTokenService** next to other system services.
 
 > [!NOTE]
 > Service Fabric runtime version 6.5.658.9590 or higher is required to enable the **Managed Identity Token Service**.  

articles/service-fabric/how-to-deploy-service-fabric-application-system-assigned-managed-identity.md

@@ -12,7 +12,7 @@ ms.author: atsenthi
 
 # Deploy Service Fabric application with system-assigned managed identity
 
-Managed identities in Service Fabric are only supported for applications deployed as Azure resources, via Azure Resource Manager. This is typically done using an Azure Resource Manager template. Applications created or deployed directly to a Service Fabric cluster (for instance, by using the native Service Fabric API) cannot be assigned or use managed identities. For more information on how to deploy Service Fabric applications through Azure Resource Manager, see [Manage applications and services as Azure Resource Manager resources](service-fabric-application-arm-resource.md).
+In order to access the managed identity feature for Azure Service Fabric applications, you must first enable the Managed Identity Token Service on the cluster. This service is responsible for the authentication of Service Fabric applications using their managed identities, and for obtaining access tokens on their behalf. Once the service is enabled, you can see it in Service Fabric Explorer under the **System** section in the left pane, running under the name **fabric:/System/ManagedIdentityTokenService** next to other system services.
 
 > [!NOTE] 
 > Deployment of Service Fabric applications with managed identities are supported starting with API version `"2019-06-01-preview"`. You can also use the same API version for application type, application type version and service resources. The minimum supported Service Fabric runtime is 6.5 CU2.

articles/service-fabric/how-to-deploy-service-fabric-application-user-assigned-managed-identity.md

@@ -15,14 +15,14 @@ To deploy a Service Fabric application with managed identity, the application ne
 
 > [!NOTE] 
 > 
-> Applications created and deployed with native Service Fabric API **cannot** have Managed Identities. 
+> Applications which are not deployed as an Azure resource **cannot** have Managed Identities. 
 >
 > Service Fabric application deployment with Managed Identity is supported with API version `"2019-06-01-preview"`. You can also use the same API version for application type, application type version and service resources.
 >
 
 ## User-Assigned Identity
 
-To enable application with User-Assigned identity, first add **identity** property to the application resource with type **userAssigned** and the referenced user-assigned identities, then add a **managedIdentities** section inside the **properties** section for the **application** resource which contains a list of friendly name to principalId mapping for each of the user-assigned identities.
+To enable application with User-Assigned identity, first add the **identity** property to the application resource with type **userAssigned** and the referenced user-assigned identities. Then add a **managedIdentities** section inside the **properties** section for the **application** resource which contains a list of friendly name to principalId mapping for each of the user-assigned identities.
 
 ### Application template
 
@@ -61,7 +61,7 @@ In the example above the resource name of the user assigned identity is being us
 
 ### Application package
 
-1. For each identity defined in the `managedIdentities` section in the Azure Resource Manager template, add a `<ManagedIdentity>` in the application manifest under **Principals** section. The `Name` attribute needs to match the `name` property defined in the `managedIdentities` section.
+1. For each identity defined in the `managedIdentities` section in the Azure Resource Manager template, add a `<ManagedIdentity>` tag in the application manifest under **Principals** section. The `Name` attribute needs to match the `name` property defined in the `managedIdentities` section.
 
     **ApplicationManifest.xml**
 
@@ -73,7 +73,7 @@ In the example above the resource name of the user assigned identity is being us
       </Principals>
     ```
 
-2. In the **ServiceManifestImport** section, for the service that uses the Managed Identity add a **IdentityBindingPolicy**, which maps the `AdminUser` identity to a service-specific identity name that needs to be added into the service manifest later on.
+2. In the **ServiceManifestImport** section, add a **IdentityBindingPolicy** for the service that uses the Managed Identity. This policy maps the `AdminUser` identity to a service-specific identity name that needs to be added into the service manifest later on.
 
     **ApplicationManifest.xml**