MicrosoftDocs
diff --git a/‎articles/applied-ai-services/form-recognizer/managed-identities.md
Lines changed: 9 additions & 6 deletions b/‎articles/applied-ai-services/form-recognizer/managed-identities.md
Lines changed: 9 additions & 6 deletions
diff --git a/‎articles/applied-ai-services/form-recognizer/media/managed-identities/rbac-flow.png
46.4 KB b/‎articles/applied-ai-services/form-recognizer/media/managed-identities/rbac-flow.png
46.4 KB
diff --git a/‎articles/cognitive-services/Translator/document-translation/how-to-guides/create-use-managed-identities.md
Lines changed: 13 additions & 9 deletions b/‎articles/cognitive-services/Translator/document-translation/how-to-guides/create-use-managed-identities.md
Lines changed: 13 additions & 9 deletions
diff --git a/‎articles/cognitive-services/Translator/document-translation/media/managed-identity-rbac-flow.png
51 KB b/‎articles/cognitive-services/Translator/document-translation/media/managed-identity-rbac-flow.png
51 KB
@@ -7,14 +7,16 @@ manager: nitinme
 ms.service: applied-ai-services
 ms.subservice: forms-recognizer
 ms.topic: how-to
-ms.date: 10/20/2022
+ms.date: 02/09/2023
 ms.author: lajanuar
 monikerRange: '>=form-recog-2.1.0'
 recommendations: false
 ---
 
 # Managed identities for Form Recognizer
 
+:::image type="content" source="media/managed-identities/rbac-flow.png" alt-text="Screenshot of managed identity flow (RBAC).":::
+
 [!INCLUDE [applies to v3.0 and v2.1](includes/applies-to-v3-0-and-v2-1.md)]
 
 Managed identities for Azure resources are service principals that create an Azure Active Directory (Azure AD) identity and specific permissions for Azure managed resources:
@@ -28,6 +30,7 @@ Managed identities for Azure resources are service principals that create an Azu
 > [!TIP]
 > Managed identities eliminate the need for you to manage credentials, including Shared Access Signature (SAS) tokens. Managed identities are a safer way to grant access to data without having credentials in your code.
 
+
 ## Private storage account access
 
  Private Azure storage account access and authentication are supported by [managed identities for Azure resources](../../active-directory/managed-identities-azure-resources/overview.md). If you have an Azure storage account, protected by a Virtual Network (VNet) or firewall, Form Recognizer can't directly access your storage account data. However, once a managed identity is enabled, Form Recognizer can access your storage account using an assigned managed identity credential.
@@ -40,13 +43,13 @@ Managed identities for Azure resources are service principals that create an Azu
 
 ## Prerequisites
 
-To get started, you'll need:
+To get started, you need:
 
 * An active [**Azure account**](https://azure.microsoft.com/free/cognitive-services/)—if you don't have one, you can [**create a free account**](https://azure.microsoft.com/free/).
 
 * A [**Form Recognizer**](https://portal.azure.com/#create/Microsoft.CognitiveServicesTextTranslation) or [**Cognitive Services**](https://portal.azure.com/#create/Microsoft.CognitiveServicesAllInOne) resource in the Azure portal. For detailed steps, _see_ [Create a Cognitive Services resource using the Azure portal](../../cognitive-services/cognitive-services-apis-create-account.md?tabs=multiservice%2cwindows).
 
-* An [**Azure blob storage account**](https://portal.azure.com/#create/Microsoft.StorageAccount-ARM) in the same region as your Form Recognizer resource. You'll create containers to store and organize your blob data within your storage account.
+* An [**Azure blob storage account**](https://portal.azure.com/#create/Microsoft.StorageAccount-ARM) in the same region as your Form Recognizer resource. You also need to create containers to store and organize your blob data within your storage account.
 
   * If your storage account is behind a firewall, **you must enable the following configuration**: </br></br>
 
@@ -67,9 +70,9 @@ There are two types of managed identity: **system-assigned** and **user-assigned
 
 * A system-assigned managed identity is **enabled** directly on a service instance. It isn't enabled by default; you must go to your resource and update the identity setting.
 
-* The system-assigned managed identity is tied to your resource throughout its lifecycle. If you delete your resource, the managed identity will be deleted as well.
+* The system-assigned managed identity is tied to your resource throughout its lifecycle. If you delete your resource, the managed identity is deleted as well.
 
-In the following steps, we'll enable a system-assigned managed identity and grant Form Recognizer limited access to your Azure blob storage account.
+In the following steps, we enable a system-assigned managed identity and grant Form Recognizer limited access to your Azure blob storage account.
 
 ## Enable a system-assigned managed identity
 
@@ -95,7 +98,7 @@ You need to grant Form Recognizer access to your storage account before it can c
 
     :::image type="content" source="media/managed-identities/enable-system-assigned-managed-identity-portal.png" alt-text="Screenshot: enable system-assigned managed identity in Azure portal.":::
 
-1. An Azure role assignments page will open. Choose your subscription from the drop-down menu then select **&plus; Add role assignment**.
+1. On the Azure role assignments page that opens, choose your subscription from the drop-down menu then select **&plus; Add role assignment**.
 
     :::image type="content" source="media/managed-identities/azure-role-assignments-page-portal.png" alt-text="Screenshot: Azure role assignments page in the Azure portal.":::
 
 
@@ -7,12 +7,14 @@ manager: nitinme
 ms.service: cognitive-services
 ms.subservice: translator-text
 ms.topic: how-to
-ms.date: 12/17/2022
+ms.date: 02/09/2023
 ms.author: lajanuar
 ---
 
 # Managed identities for Document Translation
 
+:::image type="content" source="../media/managed-identity-rbac-flow.png" alt-text="Screenshot of managed identity flow (RBAC).":::
+
 > [!IMPORTANT]
 >
 > * Currently, Document Translation doesn't support managed identity in the global region. If you intend to use managed identities for Document Translation operations, [create your Translator resource](https://portal.azure.com/#create/Microsoft.CognitiveServicesTextTranslation) in a non-global Azure region.
@@ -24,7 +26,7 @@ Managed identities for Azure resources are service principals that create an Azu
 
 * You can use managed identities to grant access to any resource that supports Azure AD authentication, including your own applications. Managed identities eliminate the need for you to include shared access signature tokens (SAS) with your HTTP requests.
 
-* To grant access to an Azure resource, you'll assign an Azure role to a managed identity using [Azure role-based access control (`Azure RBAC`)](../../../../role-based-access-control/overview.md).
+* To grant access to an Azure resource, assign an Azure role to a managed identity using [Azure role-based access control (`Azure RBAC`)](../../../../role-based-access-control/overview.md).
 
 * There's no added cost to use managed identities in Azure.
 
@@ -34,16 +36,18 @@ Managed identities for Azure resources are service principals that create an Azu
 >
 > * Managed identities are a safer way to grant access to data without having SAS tokens included with your HTTP requests.
 
+
 ## Prerequisites
-To get started, you'll need:
+
+To get started, you need:
 
 * An active [**Azure account**](https://azure.microsoft.com/free/cognitive-services/)—if you don't have one, you can [**create a free account**](https://azure.microsoft.com/free/).
 
 * A [**single-service Translator**](https://portal.azure.com/#create/Microsoft.CognitiveServicesTextTranslation) (not a multi-service Cognitive Services) resource assigned to a **non-global** region. For detailed steps, _see_ [Create a Cognitive Services resource using the Azure portal](../../../cognitive-services-apis-create-account.md?tabs=multiservice%2cwindows).
 
 * A brief understanding of [**Azure role-based access control (`Azure RBAC`)**](../../../../role-based-access-control/role-assignments-portal.md) using the Azure portal.
 
-* An [**Azure blob storage account**](https://portal.azure.com/#create/Microsoft.StorageAccount-ARM) in the same region as your Translator resource. You'll create containers to store and organize your blob data within your storage account.
+* An [**Azure blob storage account**](https://portal.azure.com/#create/Microsoft.StorageAccount-ARM) in the same region as your Translator resource. You also need to create containers to store and organize your blob data within your storage account.
 
 * **If your storage account is behind a firewall, you must enable the following configuration**: </br>
 
@@ -63,9 +67,9 @@ There are two types of managed identities: **system-assigned** and **user-assign
 
 * A system-assigned managed identity is **enabled** directly on a service instance. It isn't enabled by default; you must go to your resource and update the identity setting.
 
-* The system-assigned managed identity is tied to your resource throughout its lifecycle. If you delete your resource, the managed identity will be deleted as well.
+* The system-assigned managed identity is tied to your resource throughout its lifecycle. If you delete your resource, the managed identity is deleted as well.
 
-In the following steps, we'll enable a system-assigned managed identity and grant your Translator resource limited access to your Azure blob storage account.
+In the following steps, we enable a system-assigned managed identity and grant your Translator resource limited access to your Azure blob storage account.
 
 ## Enable a system-assigned managed identity
 
@@ -93,7 +97,7 @@ The **Storage Blob Data Contributor** role gives Translator (represented by the
 
     :::image type="content" source="../../media/managed-identities/enable-system-assigned-managed-identity-portal.png" alt-text="Screenshot: enable system-assigned managed identity in Azure portal.":::
 
-1. An Azure role assignments page will open. Choose your subscription from the drop-down menu then select **&plus; Add role assignment**.
+1. On the Azure role assignments page that opened, choose your subscription from the drop-down menu then select **&plus; Add role assignment**.
 
     :::image type="content" source="../../media/managed-identities/azure-role-assignments-page-portal.png" alt-text="Screenshot: Azure role assignments page in the Azure portal.":::
 
@@ -124,11 +128,11 @@ The **Storage Blob Data Contributor** role gives Translator (represented by the
 
 * A batch Document Translation request is submitted to your Translator service endpoint via a POST request.
 
-* With managed identity and `Azure RBAC`, you'll no longer need to include SAS URLs.
+* With managed identity and `Azure RBAC`, you no longer need to include SAS URLs.
 
 * If successful, the POST method returns a `202 Accepted`  response code and the batch request is created by the service. 
 
-* The translated documents will appear in your target container.
+* The translated documents appear in your target container.
 
 ### Headers