Merge pull request #225179 from MGoedtel/ghp225164

prmerger-automator[bot] · web-flow · commit 0d0cf7961dae · 2023-01-26T14:47:48.000Z
fixed sentence added in PR 225164
diff --git a/articles/aks/private-clusters.md b/articles/aks/private-clusters.md
@@ -105,7 +105,7 @@ The following parameters can be used to configure private DNS zone.
 - **CUSTOM_PRIVATE_DNS_ZONE_RESOURCE_ID**, requires you to create a private DNS zone only in the following format for Azure global cloud: `privatelink.<region>.azmk8s.io` or `<subzone>.privatelink.<region>.azmk8s.io`. You'll need the Resource ID of that private DNS zone going forward. Additionally, you need a user assigned identity or service principal with at least the [Private DNS Zone Contributor][private-dns-zone-contributor-role]  and [Network Contributor][network-contributor-role] roles. When deploying using API server VNet integration, a private DNS zone additionally supports the naming format of `private.<region>.azmk8s.io` or `<subzone>.private.<region>.azmk8s.io`.
   - If the private DNS zone is in a different subscription than the AKS cluster, you need to register the Azure provider **Microsoft.ContainerServices** in both subscriptions.
   - "fqdn-subdomain" can be utilized with "CUSTOM_PRIVATE_DNS_ZONE_RESOURCE_ID" only to provide subdomain capabilities to `privatelink.<region>.azmk8s.io`.
-  - if AKS has SPN configured, AKS does not allow to use system-assigned managed identity with custom private DNS zone. 
+  - If your AKS cluster is configured with an Active Directory service principal, AKS does not support using a system-assigned managed identity with custom private DNS zone.
 
 ### Create a private AKS cluster with private DNS zone
 
