MicrosoftDocs
diff --git a/‎articles/event-hubs/event-hubs-managed-service-identity.md
Lines changed: 16 additions & 11 deletions b/‎articles/event-hubs/event-hubs-managed-service-identity.md
Lines changed: 16 additions & 11 deletions
diff --git a/‎articles/event-hubs/event-hubs-role-based-access-control.md
Lines changed: 8 additions & 1 deletion b/‎articles/event-hubs/event-hubs-role-based-access-control.md
Lines changed: 8 additions & 1 deletion
diff --git a/‎articles/event-hubs/media/event-hubs-managed-service-identity/add-role-assignment-button.png
97.4 KB b/‎articles/event-hubs/media/event-hubs-managed-service-identity/add-role-assignment-button.png
97.4 KB
diff --git a/‎articles/event-hubs/media/event-hubs-managed-service-identity/add-role-assignment-dialog.png
21.2 KB b/‎articles/event-hubs/media/event-hubs-managed-service-identity/add-role-assignment-dialog.png
21.2 KB
diff --git a/‎articles/event-hubs/media/event-hubs-managed-service-identity/role-assignments.png
50 KB b/‎articles/event-hubs/media/event-hubs-managed-service-identity/role-assignments.png
50 KB
@@ -29,25 +29,30 @@ You can only add a managed identity to the "Owner" or "Contributor" roles of an
 
 
 ## Event Hubs roles and permissions
-
-You can add a managed identity to the "Service Bus Data Owner" role of a Service Bus namespace. It grants the identity, full control (for management and data operations) on all entities in the namespace.
+You can add a managed identity to the **Event Hubs Data Owner** role of an Event Hubs namespace. It grants the identity, full control (for management and data operations) on all entities in the namespace.
 
 >[!IMPORTANT]
-> We earlier supported adding managed identity to the **"Owner"** or **"Contributor"** role.
+> We earlier supported adding managed identity to the **Owner** or **Contributor** role.
 >
-> However, data access privileges for **"Owner"** and **"Contributor"** role will no longer be honored. If you were using the **"Owner"** or **"Contributor"** role, then those will need to be adapted to utilize the **"Service Bus Data Owner"** role.
+> However, data access privileges for **Owner** and **Contributor** role are no longer honored. If you are using the **Owner** or **Contributor** role, switch to using the **Event Hubs Data Owner** role.
 
-To use the new built-in role, please complete the below steps -
+To use the new built-in role, follow these steps: 
 
-1. proceed to the [Azure portal](https://portal.azure.com)
-2. Navigate to the Service Bus namespace where you have currently setup the "Owner" or "Contributor" role.
-3. Click on "Access Control(IAM)" from the left pane menu.
-4. Proceed to add a new role assignment as below
+1. Navigate to the [Azure portal](https://portal.azure.com)
+2. Navigate to the Event Hubs namespace where you have currently setup the **Owner** or **Contributor** role.
+3. Select **Access Control(IAM)** from the left menu.
+4. On the **Access Control (IAM)** page, select **Add** in the **Add a role assignment** section. 
 
-    ![Service Bus RBAC Data Owner](./media/service-bus-role-based-access-control/ServiceBus_RBAC_SBDataOwner.png)
+    ![Add a role assignment button](./media/event-hubs-managed-service-identity/add-role-assignment-button.png)
+5. On the **Add role assignment** page, do the following steps: 
+    1. For **Role**, select **Azure Eevent Hubs Data Owner**. 
+    2. Select the **identity** to be added to the role.
+    3. Select **Save**. 
 
-5. Hit "Save" to save the new role assignment.
+        ![Event Hubs Data Owner role](./media/event-hubs-managed-service-identity/add-role-assignment-dialog.png)
+6. Switch to the **Role assignments** page and confirm that the user is added to the **Azure Event Hubs Data Owner** role. 
 
+    ![Confirm user is added to the role](./media/event-hubs-managed-service-identity/role-assignments.png)
 
 ## Use Event Hubs with managed identities for Azure Resources
 
 
@@ -24,8 +24,15 @@ For Azure Event Hubs, the management of namespaces and all related resources thr
 An application that uses Azure AD RBAC does not need to handle SAS rules and keys or any other access tokens specific to Event Hubs. The client app interacts with Azure AD to establish an authentication context, and acquires an access token for Event Hubs. With domain user accounts that require interactive login, the application never handles any credentials directly.
 
 ## Event Hubs roles and permissions
+Azure provides the following built-in RBAC roles for authorizing access to an Event Hubs namespace:
+
+* [Event Hubs Data Owner (preview)](../role-based-access-control/built-in-roles.md#service-bus-data-owner): Enables data access to an Event Hubs namespace and its entities (Queues, Topics, Subscriptions and Filters)
+
+>[!IMPORTANT]
+> We earlier supported adding managed identity to the **Owner** or **Contributor** role.
+>
+> However, data access privileges for **Owner** and **Contributor** role are no longer honored. If you are using the **Owner** or **Contributor** role, switch to using the **Event Hubs Data Owner** role.
 
-For the initial public preview, you can only add Azure AD accounts and service principals to the "Owner" or "Contributor" roles of an Event Hubs namespace. This operation grants the identity full control over all entities in the namespace. Management operations that change the namespace topology are initially only supported though Azure resource management and not through the native Event Hubs REST management interface. This support also means that the .NET Framework client [NamespaceManager](/dotnet/api/microsoft.servicebus.namespacemanager) object cannot be used with an Azure AD account.  
 
 ## Use Event Hubs with an Azure AD domain user account