Merge pull request #194626 from dksimpson/1912257-RBAC-fix-22

Update RBAC role assignment steps - batch 22

Author: ttorble

articles/virtual-desktop/create-file-share.md

@@ -6,6 +6,7 @@ ms.topic: how-to
 ms.date: 12/08/2021
 ms.author: helohr
 manager: femila
+ms.custom: subject-rbac-steps
 ---
 # Create a profile container with Azure Files and AD DS
 
@@ -84,19 +85,25 @@ To assign Azure role-based access control (Azure RBAC) permissions:
 
 1. Open the Azure portal.
 
-2. Open the storage account you created in [Set up a storage account](#set-up-a-storage-account).
+1. Open the storage account you created in [Set up a storage account](#set-up-a-storage-account).
+
+1. Select **File shares**, then select the name of the file share you plan to use.
 
-3. Select **File shares**, then select the name of the file share you plan to use.
+1. Select **Access control (IAM)**.
 
-4. Select **Access Control (IAM)**.
+1. Select **Add** > **Add role assignment** to open the **Add role assignment** page.
 
-5. Select **Add a role assignment**.
+1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
 
-6. In the **Add role assignment** tab, select **Storage File Data SMB Share Elevated Contributor** for the administrator account.
+    | Setting | Value |
+    | --- | --- |
+    | Role | Storage File Data SMB Share Elevated Contributor |
+    | Assign access to | User, group, or service principal |
+    | Members | \<Name of the administrator account> |
 
-     To assign users permissions for their FSLogix profiles, follow these same instructions. However, when you get to step 5, select **Storage File Data SMB Share Contributor** instead.
+    To assign users permissions for their FSLogix profiles, select the **Storage File Data SMB Share Contributor** role instead.
 
-7. Select **Save**.
+    ![Screenshot showing Add role assignment page in Azure portal.](../../includes/role-based-access-control/media/add-role-assignment-page.png)
 
 ## Assign users permissions on the Azure file share
 

articles/virtual-desktop/create-profile-container-adds.md

@@ -6,6 +6,7 @@ ms.topic: how-to
 ms.date: 12/08/2021
 ms.author: helohr
 manager: femila
+ms.custom: subject-rbac-steps
 ---
 
 # Create a profile container with Azure Files and Azure AD DS
@@ -56,17 +57,19 @@ To assign users access permissions:
 
 1. From the Azure portal, open the file share you created in [Set up an Azure Storage account](#set-up-an-azure-storage-account).
 
-2. Select **Access Control (IAM)**.
+1. Select **Access control (IAM)**.
 
-3. Select **Add a role assignment**.
+1. Select **Add** > **Add role assignment** to open the **Add role assignment** page.
 
-4. In the **Add role assignment** tab, select the appropriate built-in role from the role list. You'll need to at least select **Storage File Data SMB Share Contributor** for the account to get proper permissions.
+1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
 
-5. For **Assign access to**, select **Azure Active Directory user, group, or service principal**.
+    | Setting | Value |
+    | --- | --- |
+    | Role | Storage File Data SMB Share Contributor |
+    | Assign access to | User, group, or service principal |
+    | Members | \<Name or email address for the target Azure Active Directory identity> |
 
-6. Select a name or email address for the target Azure Active Directory identity.
-
-7. Select **Save**.
+    ![Screenshot showing Add role assignment page in Azure portal.](../../includes/role-based-access-control/media/add-role-assignment-page.png)
 
 ## Get the Storage Account access key
 

articles/virtual-desktop/media/add-role-assignment.png

@@ -6,6 +6,7 @@ ms.topic: how-to
 ms.date: 04/14/2022
 ms.author: helohr
 manager: femila
+ms.custom: subject-rbac-steps
 ---
 # Start Virtual Machine on Connect
 
@@ -68,19 +69,23 @@ To use the Azure portal to create a custom role for Start VM on Connect:
 
 After that, you'll need to assign the role to the Azure Virtual Desktop service principal.
 
-To assign the custom role:
+The following steps describe how to assign the custom role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
 
-1. In the **Access control (IAM) tab**, select **Add role assignment**.
+1. In the navigation menu of the subscription, select **Access control (IAM)**.
 
-2. Search for and select the role you just created.
+1. Select **Add** > **Add role assignment** to open the **Add role assignment** page.
 
-3. On the **Members** tab, enter and select **Windows Virtual Desktop** in the search bar.
+1. On the **Role** tab, search for and select the role you just created.
 
-      >[!NOTE]
-      >You might see both the Windows Virtual Desktop and Windows Virtual Desktop Azure Resource Manager Provider first party applications appear if you've deployed Azure Virtual Desktop (classic). Assign the role to both apps.
-      >
-      > [!div class="mx-imgBorder"]
-      > ![A screenshot of the Access control (IAM) tab. In the search bar, both Azure Virtual Desktop and Azure Virtual Desktop (classic) are highlighted in red.](media/add-role-assignment.png)
+1. On the **Members** tab, search for and select **Windows Virtual Desktop**.
+
+   > [!NOTE]
+   > If you've deployed Azure Virtual Desktop (classic), both the Windows Virtual Desktop and Windows Virtual Desktop Azure Resource Manager Provider first party applications might appear. If so, assign the role to both apps.
+   >
+
+   ![Screenshot showing Add role assignment page in Azure portal.](../../includes/role-based-access-control/media/add-role-assignment-page.png)
+
+1. On the **Review + assign** tab, select **Review + assign** to assign the role.
 
 ### Create a custom role with a JSON file template