tweak intro

Author: laurenhughes

articles/aks/use-managed-identity.md

@@ -11,7 +11,7 @@ ms.author: saudas
 
 # Use managed identities in Azure Kubernetes Service
 
-Currently, an Azure Kubernetes Service (AKS) cluster (specifically, the Kubernetes cloud provider) requires a *service principal* to create additional resources like load balancers and managed disks in Azure. Either you must provide a service principal or AKS creates one on your behalf. Service principals typically have an expiration date. Clusters eventually reach a state in which the service principal must be renewed to keep the cluster working. Managing service principals adds complexity.
+Currently, an Azure Kubernetes Service (AKS) cluster (specifically, the Kubernetes cloud provider) uses either a *managed identity* or a *service principal* to create additional resources like load balancers and managed disks in Azure. If you use a service principal, you must either provide one or AKS creates one on your behalf. Clusters eventually reach a state in which the service principal must be renewed to keep the cluster working. Managing service principals adds complexity, which is why it's easier to use managed identities instead.
 
 *Managed identities* are essentially a wrapper around service principals, and make their management simpler. To learn more, read about [managed identities for Azure resources](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview).