Merge pull request #235410 from khdownie/kendownie042123-4

prmerger-automator[bot] · web-flow · commit 3f1d48795278 · 2023-04-21T19:33:12.000Z
clarifying api perms
diff --git a/articles/storage/files/storage-files-identity-auth-azure-active-directory-enable.md b/articles/storage/files/storage-files-identity-auth-azure-active-directory-enable.md
@@ -4,7 +4,7 @@ description: Learn how to enable identity-based Kerberos authentication for hybr
 author: khdownie
 ms.service: storage
 ms.topic: how-to
-ms.date: 03/28/2023
+ms.date: 04/18/2023
 ms.author: kendownie
 ms.subservice: files
 ms.custom: engagement-fy23
@@ -144,7 +144,7 @@ After enabling Azure AD Kerberos authentication, you'll need to explicitly grant
 
 4. Select the application with the name matching **[Storage Account] `<your-storage-account-name>`.file.core.windows.net**.
 5. Select **API permissions** in the left pane.
-6. Select **Grant admin consent for [Directory Name]** to grant consent for the requested permissions for all accounts in the Directory.
+6. Select **Grant admin consent for [Directory Name]** to grant consent for the three requested API permissions (openid, profile, and User.Read) for all accounts in the directory.
 7. Select **Yes** to confirm.
 
   > [!IMPORTANT]
