Merge pull request #178445 from spelluru/egridglobal1102

Both system and user assigned identities & Global

Author: GitHubber17

articles/event-grid/enable-identity-custom-topics-domains.md

@@ -2,19 +2,16 @@
 title: Enable managed identity on Azure Event Grid custom topics and domains
 description: This article describes how enable managed service identity for an Azure Event Grid custom topic or domain. 
 ms.topic: how-to
-ms.date: 08/20/2021
+ms.date: 11/09/2021
 ---
 
 # Assign a managed identity to an Event Grid custom topic or domain 
-This article shows you how to assign a system-assigned or a user-assigned identity to an Event Grid custom topic or a domain. To learn about managed identities, see [What are managed identities for Azure resources](../active-directory/managed-identities-azure-resources/overview.md).
-
-> [!IMPORTANT]
-> You can enable either system-assigned identity or user-assigned identity for an Event Grid topic or domain, but not both. You can have at most two user-assigned identities assigned to a topic or domain. 
+This article shows you how to use the Azure portal and CLI to assign a system-assigned or a user-assigned [managed identity](../active-directory/managed-identities-azure-resources/overview.md) to an Event Grid custom topic or a domain. 
 
 ## Enable identity when creating a topic or domain
 
 # [Azure portal](#tab/portal)
-You can assign a system-assigned identity or a user-assigned identity to a custom topic or domain while creating it in the Azure portal. 
+In the **Azure portal**, when creating a topic or a domain, you can assign either a system-assigned identity or two user-assigned identities, but not both types of identities. Once the topic or domain is created, you can assign both types of identities by following steps in the [Enable identity for an existing topic or domain](#enable-identity-for-an-existing-custom-topic-or-domain) section.
 
 ### Enable system-assigned identity
 On the **Advanced** tab of the topic or domain creation wizard, select **Enable system assigned identity**. 
@@ -28,7 +25,9 @@ On the **Advanced** tab of the topic or domain creation wizard, select **Enable
 1. In the **Select user assigned identity** window, select the subscription that has the user-assigned identity, select the **user-assigned identity**, and then click **Select**. 
 
 # [Azure CLI](#tab/cli)
-You can also use the Azure CLI to create a custom topic or a domain with a system-assigned identity. Use the `az eventgrid topic create` command with the `--identity` parameter set to `systemassigned`. If you don't specify a value for this parameter, the default value `noidentity` is used. 
+You can also use Azure CLI to create a custom topic or a domain with a system-assigned identity. Currently, Azure CLI doesn't support assigning a user-assigned identity to a topic or a domain.  
+
+Use the `az eventgrid topic create` command with the `--identity` parameter set to `systemassigned`. If you don't specify a value for this parameter, the default value `noidentity` is used. 
 
 ```azurecli-interactive
 # create a custom topic with a system-assigned identity
@@ -37,16 +36,15 @@ az eventgrid topic create -g <RESOURCE GROUP NAME> --name <TOPIC NAME> -l <LOCAT
 
 Similarly, you can use the `az eventgrid domain create` command to create a domain with a system-assigned identity.
 
-> [!NOTE]
-> Azure CLI doesn't support assigning a user-assigned managed identity to an Event Grid topic or a domain yet. 
-
 ---
 
 ## Enable identity for an existing custom topic or domain
 In this section, you learn how to enable a system-assigned identity or a user-assigned identity for an existing custom topic or domain. 
 
 # [Azure portal](#tab/portal)
-The following procedure shows you how to enable system-assigned identity for a custom topic. The steps for enabling an identity for a domain are similar. 
+When you use Azure portal, you can assign one system assigned identity and up to two user assigned identities to an existing topic or a domain.
+
+The following procedures show you how to enable an identity for a custom topic. The steps for enabling an identity for a domain are similar. 
 
 1. Go to the [Azure portal](https://portal.azure.com).
 2. Search for **event grid topics** in the search bar at the top.
@@ -73,6 +71,8 @@ The following procedure shows you how to enable system-assigned identity for a c
 You can use similar steps to enable an identity for an event grid domain.
 
 # [Azure CLI](#tab/cli)
+You can also use Azure CLI to assign a system-assigned identity to an existing custom topic or domain. Currently, Azure CLI doesn't support assigning a user-assigned identity to a topic or a domain.
+
 Use the `az eventgrid topic update` command with `--identity` set to `systemassigned` to enable system-assigned identity for an existing custom topic. If you want to disable the identity, specify `noidentity` as the value. 
 
 ```azurecli-interactive
@@ -82,9 +82,6 @@ az eventgrid topic update -g $rg --name $topicname --identity systemassigned --s
 
 The command for updating an existing domain is similar (`az eventgrid domain update`).
 
-> [!NOTE]
-> Azure CLI doesn't support assigning a user-assigned managed identity to an Event Grid topic or a domain yet. 
-
 ---
 
 ## Next steps

articles/event-grid/enable-identity-system-topics.md

@@ -2,22 +2,23 @@
 title: Enable managed identity on Azure Event Grid system topic
 description: This article describes how enable managed service identity for an Azure Event Grid system topic. 
 ms.topic: how-to
-ms.date: 08/20/2021
+ms.date: 11/02/2021
 ---
 
 # Assign a system-managed identity to an Event Grid system topic
-In this article, you learn how to assign system-assigned or user-assigned identity to an existing Event Grid system topic. To learn about managed identities, see [What are managed identities for Azure resources](../active-directory/managed-identities-azure-resources/overview.md).  
+In this article, you learn how to assign a system-assigned or a user-assigned identity to an Event Grid system topic. To learn about managed identities in general, see [What are managed identities for Azure resources](../active-directory/managed-identities-azure-resources/overview.md).  
 
-> [!IMPORTANT]
-> You can enable either system-assigned identity or user-assigned identity for a system topic, but not both. You can have at most two user-assigned identities assigned to a system topic. 
+> [!NOTE]
+> - You can assign one system-assigned identity and up to two user-assigned identities to a system topic. 
+> - You can enable identities for system topics associated with global Azure resources such as Azure subscriptions, resource groups, or Azure Maps. System topics for these global sources are also not associated with a specific region.
 
 ## Enable managed identity for an existing system topic
 This section shows you how to enable a managed identity for an existing system topic. 
 
 1. Go to the [Azure portal](https://portal.azure.com).
 2. Search for **event grid system topics** in the search bar at the top.
 3. Select the **system topic** for which you want to enable the managed identity. 
-4. Select **Identity** on the left menu. You don't see this option for a system topic that's in the global location. 
+4. Select **Identity** on the left menu.  
 
 ### Enable system-assigned identity
 1. Turn **on** the switch to enable the identity. 
@@ -36,7 +37,7 @@ This section shows you how to enable a managed identity for an existing system t
 1. First, create a user-assigned identity by following instructions in the [Manage user-assigned managed identities](../active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md) article. 
 1. On the **Identity** page, switch to the **User assigned** tab in the right pane, and then select **+ Add** on the toolbar.
 
-    :::image type="content" source="./media/managed-service-identity/system-topic-user-identity-add-button.png" alt-text="Image showing the Add button seleted in the User assigned tab of the Identity page.":::
+    :::image type="content" source="./media/managed-service-identity/system-topic-user-identity-add-button.png" alt-text="Image showing the Add button selected in the User assigned tab of the Identity page.":::
 1. In the **Add user managed identity** window, follow these steps:
     1. Select the **Azure subscription** that has the user-assigned identity. 
     1. Select the **user-assigned identity**. 
@@ -67,14 +68,8 @@ This section shows you how to enable a managed identity for an existing system t
                 1. Select **Add**.                         
 
 > [!NOTE]
-> Currently, you can't enable a managed identity for a new system topic when creating an event subscription on an Azure resource that supports system topics. 
-
-
-## Global Azure sources
-You can enable system-managed identity only for the regional Azure resources. You can't enable it for system topics associated with global Azure resources such as Azure subscriptions, resource groups, or Azure Maps. The system topics for these global sources are also not associated with a specific region. You don't see the **Identity** page for the system topic whose location is set to **Global**. 
-
-:::image type="content" source="./media/managed-service-identity/system-topic-location-global.png" alt-text="System topic with location set to Global"::: 
-
+> - Currently, Azure portal doesn't allow you to assign both system assigned and user assigned identities when creating a system topic. You can assign both after the system topic is created. 
+> - Currently, you can't enable a managed identity for a new system topic when creating an event subscription on an Azure resource that supports system topics. 
 
 
 ## Next steps