MicrosoftDocs
diff --git a/‎articles/azure-resource-manager/managed-applications/media/publish-managed-identity/identity-role-assignment.png
-10.6 KB b/‎articles/azure-resource-manager/managed-applications/media/publish-managed-identity/identity-role-assignment.png
-10.6 KB
diff --git a/‎articles/azure-resource-manager/managed-applications/publish-managed-identity.md
Lines changed: 5 additions & 4 deletions b/‎articles/azure-resource-manager/managed-applications/publish-managed-identity.md
Lines changed: 5 additions & 4 deletions
@@ -5,6 +5,7 @@ ms.topic: conceptual
 ms.author: jobreen
 author: jjbfour
 ms.date: 05/13/2019
+ms.custom: subject-rbac-steps
 ---
 # Azure Managed Application with Managed Identity
 
@@ -191,9 +192,9 @@ A basic Azure Resource Manager template that deploys a Managed Application with
 
 ## Granting access to Azure resources
 
-Once a Managed Application is granted an identity, it can be granted access to existing Azure resources. This process can be done through the Access control (IAM) interface in the Azure portal. The name of the Managed Application or **user-assigned identity** can be searched to add a role assignment.
+Once a Managed Application is granted an identity, it can be granted access to existing Azure resources by creating a role assignment.
 
-![Add role assignment for Managed Application](./media/publish-managed-identity/identity-role-assignment.png)
+To do so, search for and select the name of the Managed Application or **user-assigned identity**, and then select **Access control (IAM)**. For detailed steps, see [Assign Azure roles using the Azure portal](../../role-based-access-control/role-assignments-portal.md).
 
 ## Linking existing Azure resources
 
@@ -306,7 +307,7 @@ Once the Managed Application package is created, the Managed Application can be
 
 The token of the Managed Application can now be accessed through the `listTokens` api from the publisher tenant. An example request might look like:
 
-``` HTTP
+```http
 POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Solutions/applications/{applicationName}/listTokens?api-version=2018-09-01-preview HTTP/1.1
 
 {
@@ -327,7 +328,7 @@ userAssignedIdentities | *no* | The list of user-assigned managed identities to
 
 A sample response might look like:
 
-``` HTTP
+```http
 HTTP/1.1 200 OK
 Content-Type: application/json