format

Author: whhender

articles/data-factory/enable-customer-managed-key.md

@@ -46,8 +46,10 @@ If you are creating a new Azure Key Vault through Azure portal, __Soft Delete__
 ### Grant Data Factory access to Azure Key Vault
 
 Make sure Azure Key Vault and Azure Data Factory are in the same Microsoft Entra tenant and in the _same region_. You can use either access policies or access control permissions:
-    1. _Access policy_ - In your key vault select **Access policies** -> **Add access Policy** -> search for your Azure Data Factory managed identity and grant _Get_, _Unwrap Key_, and _Wrap Key_ permissions in the Secret permissions dropdown.
-    1. _Access control_ - Your managed identity will need two roles in Access control: [**Key Vault Crypto Service Encryption User**](/azure/role-based-access-control/built-in-roles/security#key-vault-crypto-service-encryption-user) and [**Key Vault Secrets User**](/azure/role-based-access-control/built-in-roles/security#key-vault-secrets-user). In your key vault select **Access control (IAM)** -> **+ Add** -> **Add role assignment**. Select one of the roles, and then select **Next**. Under **Members** select **Managed identity** then **Select members** and search for your Azure Data Factory managed identity. Then select **Review + assign**. Repeat for the second role.
+
+1. _Access policy_ - In your key vault select **Access policies** -> **Add access Policy** -> search for your Azure Data Factory managed identity and grant _Get_, _Unwrap Key_, and _Wrap Key_ permissions in the Secret permissions dropdown.
+
+1. _Access control_ - Your managed identity will need two roles in Access control: [**Key Vault Crypto Service Encryption User**](/azure/role-based-access-control/built-in-roles/security#key-vault-crypto-service-encryption-user) and [**Key Vault Secrets User**](/azure/role-based-access-control/built-in-roles/security#key-vault-secrets-user). In your key vault select **Access control (IAM)** -> **+ Add** -> **Add role assignment**. Select one of the roles, and then select **Next**. Under **Members** select **Managed identity** then **Select members** and search for your Azure Data Factory managed identity. Then select **Review + assign**. Repeat for the second role.
 
 * If you want to add customer managed key encryption [after factory creation in Data Factory UI](#post-factory-creation-in-data-factory-ui), ensure data factory's managed service identity (MSI) has the correct permissions to Key Vault
 * If you want to add customer managed key encryption [during factory creation time in Azure portal](#during-factory-creation-in-azure-portal), ensure the user-assigned managed identity (UA-MI) has the correct permissions to Key Vault