update docs from PR feedback

troy0820 · troy0820 · commit 0f7fb8d389ea · 2025-01-24T15:18:25.000-05:00
Signed-off-by: Troy Connor &lt;troy0820@users.noreply.github.com&gt;
diff --git a/articles/operator-nexus/howto-create-cluster-with-user-assigned-managed-identity.md b/articles/operator-nexus/howto-create-cluster-with-user-assigned-managed-identity.md
@@ -1,5 +1,5 @@
 ---
-title: "Azure Operator Nexus: Create Cluster Resource with User Assigned Managed Identity"
+title: "Azure Operator Nexus: Create Cluster Resource with a Managed Identity"
 description: Create Clusters using the User Assigned Managed Identity to access the Log Analytics Workspace
 author: troy0820 
 ms.author: troyconnor
@@ -10,9 +10,9 @@ ms.custom: template-how-to
 ---
 
 
-# Create a Cluster Resource with a User Assigned Managed Identity
+# Create a Cluster Resource with a Managed Identity
 
-To create a cluster without a service principal user name and password, you can now create a cluster with a user-assigned managed identity that has permissions over the Log Analytics Workspace.  This will be used when installing the extensions that utilize the Log Analytics Workspace.
+To create a cluster without a service principal user name and password, you can now create a cluster with a user-assigned managed identity or a system-assigned managed identity that has permissions over the Log Analytics Workspace.  This will be used when validating the hardware during hardware validation and when installing the extensions that utilize the Log Analytics Workspace.
 
 ## Prerequisites
 
@@ -42,10 +42,11 @@ az networkcloud cluster create --name "<cluster-name>" \
   --mi-user-assigned "<user-assigned-identity-resource-id>" \
   --analytics-output-settings identity-type="UserAssignedIdentity" \
   identity-resource-id="<user-assigned-identity-resource-id>" \
+  ...
   --subscription "<subscription>"
 ```
 
-### View the principal ID for the managed identity
+### View the principal ID for the user-assigned managed identity
 
 The identity resource ID can be found by selecting "JSON view" on the identity resource; the ID is at the top of the panel that appears. The container URL can be found on the Settings -> Properties tab of the container resource.
 
@@ -57,19 +58,9 @@ Example:
 az networkcloud cluster show --ids /subscriptions/<Subscription ID>/resourceGroups/<Cluster Resource Group Name>/providers/Microsoft.NetworkCloud/clusters/<Cluster Name>
 ```
 
-System-assigned identity example:
-
-```
-    "identity": {
-        "principalId": "aaaaaaaa-bbbb-cccc-1111-222222222222",
-        "tenantId": "aaaabbbb-0000-cccc-1111-dddd2222eeee",
-        "type": "SystemAssigned"
-    },
-```
-
 User-assigned identity example:
 
-```
+```json
     "identity": {
         "type": "UserAssigned",
         "userAssignedIdentities": {
@@ -81,4 +72,41 @@ User-assigned identity example:
     },
 ```
 
+### Create and configure Log Analytics Workspace and System Assigned Managed Identity
+
+> [!NOTE]
+> The system-assigned managed identity that is created during cluster creation does not exist until the cluster is created.  This system-assigned managed identity will need to have persmissions over the scope of the Log Analytics Workspace with the role of Log Analytics Contributor before we can update the cluster to utilize this identity.
+
+```azurecli-interactive
+az networkcloud cluster update --name "<cluster-name>" \
+  --resource-group "<cluster-resource-group>" \
+  --mi-system-assigned "<system-assigned-identity-resource-id>" \
+  --analytics-output-settings identity-type="SystemAssignedIdentity" \
+  identity-resource-id="<user-assigned-identity-resource-id>" \
+  ...
+  --subscription "<subscription>"
+```
+
+### View the principal ID for the system-assigned managed identity
+
+The identity resource ID can be found by selecting "JSON view" on the identity resource; the ID is at the top of the panel that appears. The container URL can be found on the Settings -> Properties tab of the container resource.
+
+The CLI can also be used to view the identity and the associated principal ID data within the cluster.
+
+Example:
+
+```console
+az networkcloud cluster show --ids /subscriptions/<Subscription ID>/resourceGroups/<Cluster Resource Group Name>/providers/Microsoft.NetworkCloud/clusters/<Cluster Name>
+```
+
+System-assigned identity example:
+
+```json
+    "identity": {
+        "principalId": "aaaaaaaa-bbbb-cccc-1111-222222222222",
+        "tenantId": "aaaabbbb-0000-cccc-1111-dddd2222eeee",
+        "type": "SystemAssigned"
+    },
+```
+
 
