MicrosoftDocs
diff --git a/‎articles/cognitive-services/Translator/document-translation/how-to-guides/create-use-managed-identities.md
Lines changed: 12 additions & 9 deletions b/‎articles/cognitive-services/Translator/document-translation/how-to-guides/create-use-managed-identities.md
Lines changed: 12 additions & 9 deletions
diff --git a/‎articles/cognitive-services/Translator/document-translation/media/managed-identity-rbac-flow.png
51 KB b/‎articles/cognitive-services/Translator/document-translation/media/managed-identity-rbac-flow.png
51 KB
@@ -7,7 +7,7 @@ manager: nitinme
 ms.service: cognitive-services
 ms.subservice: translator-text
 ms.topic: how-to
-ms.date: 12/17/2022
+ms.date: 02/09/2023
 ms.author: lajanuar
 ---
 
@@ -24,7 +24,7 @@ Managed identities for Azure resources are service principals that create an Azu
 
 * You can use managed identities to grant access to any resource that supports Azure AD authentication, including your own applications. Managed identities eliminate the need for you to include shared access signature tokens (SAS) with your HTTP requests.
 
-* To grant access to an Azure resource, you'll assign an Azure role to a managed identity using [Azure role-based access control (`Azure RBAC`)](../../../../role-based-access-control/overview.md).
+* To grant access to an Azure resource, assign an Azure role to a managed identity using [Azure role-based access control (`Azure RBAC`)](../../../../role-based-access-control/overview.md).
 
 * There's no added cost to use managed identities in Azure.
 
@@ -34,16 +34,19 @@ Managed identities for Azure resources are service principals that create an Azu
 >
 > * Managed identities are a safer way to grant access to data without having SAS tokens included with your HTTP requests.
 
+:::image type="content" source="../media/managed-identity-rbac-flow.png" alt-text="Screenshot of managed identity flow (RBAC).":::
+
 ## Prerequisites
-To get started, you'll need:
+
+To get started, you need:
 
 * An active [**Azure account**](https://azure.microsoft.com/free/cognitive-services/)—if you don't have one, you can [**create a free account**](https://azure.microsoft.com/free/).
 
 * A [**single-service Translator**](https://portal.azure.com/#create/Microsoft.CognitiveServicesTextTranslation) (not a multi-service Cognitive Services) resource assigned to a **non-global** region. For detailed steps, _see_ [Create a Cognitive Services resource using the Azure portal](../../../cognitive-services-apis-create-account.md?tabs=multiservice%2cwindows).
 
 * A brief understanding of [**Azure role-based access control (`Azure RBAC`)**](../../../../role-based-access-control/role-assignments-portal.md) using the Azure portal.
 
-* An [**Azure blob storage account**](https://portal.azure.com/#create/Microsoft.StorageAccount-ARM) in the same region as your Translator resource. You'll create containers to store and organize your blob data within your storage account.
+* An [**Azure blob storage account**](https://portal.azure.com/#create/Microsoft.StorageAccount-ARM) in the same region as your Translator resource. You also need to create containers to store and organize your blob data within your storage account.
 
 * **If your storage account is behind a firewall, you must enable the following configuration**: </br>
 
@@ -63,9 +66,9 @@ There are two types of managed identities: **system-assigned** and **user-assign
 
 * A system-assigned managed identity is **enabled** directly on a service instance. It isn't enabled by default; you must go to your resource and update the identity setting.
 
-* The system-assigned managed identity is tied to your resource throughout its lifecycle. If you delete your resource, the managed identity will be deleted as well.
+* The system-assigned managed identity is tied to your resource throughout its lifecycle. If you delete your resource, the managed identity is deleted as well.
 
-In the following steps, we'll enable a system-assigned managed identity and grant your Translator resource limited access to your Azure blob storage account.
+In the following steps, we enable a system-assigned managed identity and grant your Translator resource limited access to your Azure blob storage account.
 
 ## Enable a system-assigned managed identity
 
@@ -93,7 +96,7 @@ The **Storage Blob Data Contributor** role gives Translator (represented by the
 
     :::image type="content" source="../../media/managed-identities/enable-system-assigned-managed-identity-portal.png" alt-text="Screenshot: enable system-assigned managed identity in Azure portal.":::
 
-1. An Azure role assignments page will open. Choose your subscription from the drop-down menu then select **&plus; Add role assignment**.
+1. On the Azure role assignments page that opened, choose your subscription from the drop-down menu then select **&plus; Add role assignment**.
 
     :::image type="content" source="../../media/managed-identities/azure-role-assignments-page-portal.png" alt-text="Screenshot: Azure role assignments page in the Azure portal.":::
 
@@ -124,11 +127,11 @@ The **Storage Blob Data Contributor** role gives Translator (represented by the
 
 * A batch Document Translation request is submitted to your Translator service endpoint via a POST request.
 
-* With managed identity and `Azure RBAC`, you'll no longer need to include SAS URLs.
+* With managed identity and `Azure RBAC`, you no longer need to include SAS URLs.
 
 * If successful, the POST method returns a `202 Accepted`  response code and the batch request is created by the service. 
 
-* The translated documents will appear in your target container.
+* The translated documents appear in your target container.
 
 ### Headers