other misc edits

Author: HeidiSteen

articles/search/search-security-enable-roles.md

@@ -14,7 +14,7 @@ ms.date: 06/18/2024
 
 # Enable or disable role-based access control in Azure AI Search
 
-If you want to use Azure role-based access control for connections into Azure AI Search, this article explains how to enable it for your search service.
+If you want to use Azure role assignments for authorized access to Azure AI Search, this article explains how to enable role-based access for your search service.
 
 Role-based access for data plane operations is optional, but recommended. The alternative is [key-based authentication](search-security-api-keys.md), which is the default. 
 
@@ -33,10 +33,10 @@ Roles for service administration (control plane) are built in and can't be enabl
 
 When you enable roles for the data plane, the change is effective immediately, but wait a few seconds before assigning roles.
 
-The default failure mode is `http401WithBearerChallenge`. Alternatively, you can set the failure mode to `http403`. 
-
 Once role-based access is enabled, the search service recognizes an **authorization** header on data plane requests that provide an OAuth2 access token.
 
+The default failure mode for unauthorized requests is `http401WithBearerChallenge`. Alternatively, you can set the failure mode to `http403`. 
+
 ### [**Azure portal**](#tab/config-svc-portal)
 
 1. Sign in to the [Azure portal](https://portal.azure.com) and open the search service page.