Update file-sync-managed-identities.md

updating the document to reflect for directions to use portal for MI

Author: rladbsal

articles/storage/file-sync/file-sync-managed-identities.md

@@ -24,6 +24,31 @@ To learn more about the benefits of using managed identities, see [Managed ident
 To configure your Azure File Sync deployment to utilize system-assigned managed identities, please follow the guidance in the subsequent sections.
 
 ## Prerequisites
+# [Portal](#tab/azure-portal) 
+- You need to have a **Storage Sync Service** [deployed](file-sync-deployment-guide.md) with at least one **registered server**.  
+
+- **Azure File Sync agent version 19.1.0.0 or later** must be installed on the registered server. 
+
+- On your **storage accounts** used by Azure File Sync: 
+
+  - You must be a **member of the Owner management role** or have “Microsoft.Authorization/roleassignments/write” permissions. 
+
+  - **Allow Azure services on the trusted services list to access this storage account** exception must be enabled for preview. [Learn more](file-sync-networking-endpoints.md#grant-access-to-trusted-azure-services-and-restrict-access-to-the-storage-account-public-endpoint-to-specific-virtual-networks) 
+
+  - **Allow storage account key access** must be enabled for preview. To check this setting, navigate to your storage account and select **Configuration** under the Settings section.
+
+# [PowerShell](#tab/azure-powershell) 
+- You need to have a **Storage Sync Service** [deployed](file-sync-deployment-guide.md) with at least one **registered server**.  
+
+- **Azure File Sync agent version 19.1.0.0 or later** must be installed on the registered server. 
+
+- On your **storage accounts** used by Azure File Sync: 
+
+  - You must be a **member of the Owner management role** or have “Microsoft.Authorization/roleassignments/write” permissions. 
+
+  - **Allow Azure services on the trusted services list to access this storage account** exception must be enabled for preview. [Learn more](file-sync-networking-endpoints.md#grant-access-to-trusted-azure-services-and-restrict-access-to-the-storage-account-public-endpoint-to-specific-virtual-networks) 
+
+  - **Allow storage account key access** must be enabled for preview. To check this setting, navigate to your storage account and select **Configuration** under the Settings section. 
 - You need to have a **Storage Sync Service** [deployed](file-sync-deployment-guide.md) with at least one **registered server**. 
 - **Azure File Sync agent version 19.1.0.0 or later** must be installed on the registered server.
 - On your **storage accounts** used by Azure File Sync:
@@ -52,7 +77,13 @@ To enable a system-assigned managed identity on a registered server that has the
 > - Once the Storage Sync Service is configured to use managed identities, registered servers that do not have a system-assigned managed identity will continue to use a shared key to authenticate to your Azure file shares.
  
 ### How to check if your registered servers have a system-assigned managed identity
+# [Portal](#tab/azure-portal) 
+To check if your registered servers have a system-assigned managed identity, perform the following steps using the portal:  
+
+Go to your **Storage Sync Service** in the Azure portal, expand **Settings** and select **Managed identity (preview)**. 
 
+In the Registered Servers section, click the **Ready to use Managed ID** tile. This tile displays a list of servers that have a system-assigned managed identity. If your server is not listed, perform the steps to [Enable a system-assigned managed identity on your registered servers]( #enable-a-system-assigned-managed-identity-on-your-registered-servers).  
+# [PowerShell](#tab/azure-powershell) 
 To check if your registered servers have a system-assigned managed identity, run the following PowerShell command:
 
 ```powershell
@@ -67,6 +98,34 @@ If the value for the **ActiveAuthType** property is **Certificate** and the **La
 > Once a server is configured to use the system-assigned managed identity by following the steps in the following section, the **LatestApplicationId** property is no longer used (will be empty), the **ActiveAuthType** property value will be changed to **ManagedIdentity**, and the **ApplicationId** property will have a GUID which is the system-assigned managed identity.
 
 ## Configure your Azure File Sync deployment to use system-assigned managed identities
+# [Portal](#tab/azure-portal) 
+
+To configure the Storage Sync Service and registered servers to use system-assigned managed identities, perform the following steps in the portal: 
+
+Go to your **Storage Sync Service** in the Azure portal, expand **Settings** and select **Managed identity (preview)**. 
+
+Click “”Turn on Managed identity” to begin setup. 
+
+The following steps are performed and will take several minutes (or longer for large topologies) to complete: 
+
+- Enables a system-assigned managed identity for Storage Sync Service resource. 
+
+- Grants the Storage Sync Service system-assigned managed identity access to your Storage Accounts (Storage Account Contributor role). 
+
+- Grants the Storage Sync Service system-assigned managed identity access to your Azure file shares (Storage File Data Privileged Contributor role). 
+
+- Grants the registered server(s) system-assigned managed identity access to the Azure file shares (Storage File Data Privileged Contributor role). 
+
+- Configures the Storage Sync Service to use system-assigned managed identity. 
+
+- Configures registered server(s) to use system-assigned managed identity.  
+
+> [!NOTE] 
+
+> Once the registered server(s) are configured to use a system-assigned managed identity, it can take up to one hour before the server uses the system-assigned managed identity to authenticate to the Storage Sync Service and file shares.
+
+
+# [PowerShell](#tab/azure-powershell) 
 To configure the Storage Sync Service and registered servers to use system-assigned managed identities, run the following command from an elevated PowerShell window:
 
 ```powershell
@@ -88,6 +147,16 @@ Use the **Set-AzStorageSyncServiceIdentity** cmdlet anytime you need to configur
 > Once the registered server(s) are configured to use a system-assigned managed identity, it can take up to one hour before the server uses the system-assigned managed identity to authenticate to the Storage Sync Service and file shares.
 
 ### How to check if the Storage Sync Service is using a system-assigned managed identity
+
+# [Portal](#tab/azure-portal)  
+
+To check if the Storage Sync Service is using a system-assigned managed identity, perform the following steps in the portal: 
+
+Go to your **Storage Sync Service** in the Azure portal, expand **Settings** and select **Managed identity (preview)**. 
+
+In the Registered Servers section, if you have at least one server listed in the **Using Managed ID” tile, your service is configured to use managed identities.  
+
+# [PowerShell](#tab/azure-powershell) 
 To check if the Storage Sync Service is using a system-assigned managed identity, run the following command from an elevated PowerShell window:
 
 ```powershell
@@ -96,6 +165,16 @@ Get-AzStorageSyncService -ResourceGroupName <string> -StorageSyncServiceName <st
 Verify the value for the **UseIdentity** property is **True**. If the value is **False**, the Storage Sync Service is using shared keys to authenticate to the Azure file shares.
 
 ### How to check if a registered server is configured to use a system-assigned managed identity
+
+# [Portal](#tab/azure-portal) 
+
+To check if a registered server is configured to use a system-assigned managed identity, perform the following steps in the portal: 
+
+Go to your **Storage Sync Service** in the Azure portal, expand **Settings** and select **Managed identity (preview)**. 
+
+In the **Registered Servers** section, click the **Using Managed ID** tile and verify the server is listed. 
+
+# [PowerShell](#tab/azure-powershell) 
 To check if a registered server is configured to use a system-assigned managed identity, run the following command from an elevated PowerShell window:
 
 ```powershell