Merge pull request #115345 from jlichwa/patch-25

v-shils · web-flow · commit 57bc605f9d07 · 2020-05-19T07:51:06.000-07:00
Update group-permissions-for-apps.md
diff --git a/articles/key-vault/general/group-permissions-for-apps.md b/articles/key-vault/general/group-permissions-for-apps.md
@@ -104,9 +104,6 @@ Id                    : 1cef38c4-388c-45a9-b5ae-3d88375e166a
 ...
 ```
 
-> [!WARNING]
-> Azure AD Groups with Managed Identities require up to 8hr to refresh token and become effective.
-
 #### Users
 
 You can also add an individual user to an key vault's access control policy. **We do not recommend this.** We instead encourage you to add users to an Azure AD group, and add the group on the policies.
@@ -222,6 +219,9 @@ Lastly, give the AD group permissions to your key vault using the Azure CLI [az
 
 The application also needs at least one Identity and Access Management (IAM) role assigned to the key vault. Otherwise it will not be able to login and will fail with insufficient rights to access the subscription.
 
+> [!WARNING]
+> Azure AD Groups with Managed Identities may require up to 8hr to refresh token and become effective.
+
 ## Next steps
 
 - [Azure Key Vault security: Identity and access management](overview-security.md#identity-and-access-management)
