Merge pull request #211502 from khdownie/kendownie091522-3

moving warning

Author: prmerger-automator[bot]

articles/storage/files/storage-files-identity-auth-azure-active-directory-enable.md

@@ -85,11 +85,11 @@ To enable Azure AD Kerberos authentication on Azure Files for hybrid user accoun
 
 1. Select **Save**.
 
-## Grant admin consent to the new service principal
-
 > [!WARNING]
 > If you've previously enabled Azure AD Kerberos authentication through manual limited preview steps to store FSLogix profiles on Azure Files for Azure AD-joined VMs, the password for the storage account's service principal is set to expire every six months. Once the password expires, users won't be able to get Kerberos tickets to the file share. To mitigate this, see "Error - Service principal password has expired in Azure AD" under [Potential errors when enabling Azure AD Kerberos authentication for hybrid users](storage-troubleshoot-windows-file-connection-problems.md#potential-errors-when-enabling-azure-ad-kerberos-authentication-for-hybrid-users).
 
+## Grant admin consent to the new service principal
+
 After enabling Azure AD Kerberos authentication, you'll need to explicitly grant admin consent to the new Azure AD application registered in your Azure AD tenant to complete your configuration. You can configure the API permissions from the [Azure portal](https://portal.azure.com) by following these steps:
 
 1. Open **Azure Active Directory**.