edits

alexwolfmsft · alexwolfmsft · commit 7a2683494e8f · 2023-01-23T15:36:50.000-05:00
diff --git a/articles/service-bus-messaging/service-bus-migrate-azure-credentials.md b/articles/service-bus-messaging/service-bus-migrate-azure-credentials.md
@@ -37,7 +37,7 @@ Connection strings should be used with caution. Developers must be diligent to n
 
 ## Steps to migrate an app to use passwordless authentication
 
-The following steps explain how to migrate an existing application to use passwordless connections instead of a key-based solution. These same migration steps should apply whether you're using access keys directly, or through connection strings.
+The following steps explain how to migrate an existing application to use passwordless connections instead of a key-based solution. You'll first configure a local development environment, and then apply those concepts to an Azure app hosting environment. These same migration steps should apply whether you're using access keys directly, or through connection strings.
 
 ### Configure roles and users for local development authentication
 
diff --git a/includes/passwordless/migration-guide/create-managed-identity-portal.md b/includes/passwordless/migration-guide/create-managed-identity-portal.md
@@ -37,6 +37,7 @@ The Service Connector will automatically create a system-assigned managed identi
 1. On the main overview page of your Azure App Service instance, select **Identity** from the left navigation.
 
 1. Under the **System assigned** tab, make sure to set the **Status** field to **on**. A system assigned identity is managed by Azure internally and handles administrative tasks for you. The details and IDs of the identity are never exposed in your code.
+
    :::image type="content" source="../media/migration-create-identity-small.png" alt-text="Screenshot showing how to create a system assigned managed identity."  lightbox="../media/migration-create-identity.png":::
 
 ### [Azure Spring Apps](#tab/spring-apps)
diff --git a/includes/passwordless/service-bus/service-bus-assign-roles-tabbed.md b/includes/passwordless/service-bus/service-bus-assign-roles-tabbed.md
@@ -10,7 +10,7 @@ ms.author: alexwolf
 ms.custom: include file
 ---
 
-When developing locally, make sure that the user account that is accessing Service Bus has the correct permissions. You'll need **Azure Service Bus Data Owner** to send and receive data. To assign yourself this role, you'll need to be assigned the **User Access Administrator** role, or another role that includes the **Microsoft.Authorization/roleAssignments/write** action. You can assign Azure RBAC roles to a user using the Azure portal, Azure CLI, or Azure PowerShell. You can learn more about the available scopes for role assignments on the [scope overview](../../../articles/role-based-access-control/scope-overview.md) page.
+When developing locally, make sure that the user account that is accessing Service Bus has the correct permissions. In this example you'll use the **Azure Service Bus Data Owner** role to send and receive data, though more granular roles are also available. To assign yourself this role, you'll need to be assigned the **User Access Administrator** role, or another role that includes the **Microsoft.Authorization/roleAssignments/write** action. You can assign Azure RBAC roles to a user using the Azure portal, Azure CLI, or Azure PowerShell. You can learn more about the available scopes for role assignments on the [scope overview](../../../articles/role-based-access-control/scope-overview.md) page.
 
 In this scenario, you'll assign permissions to your user account scoped to a specific Service Bus namespace, to follow the [Principle of Least Privilege](../../../articles/active-directory/develop/secure-least-privileged-access.md). This practice gives users only the minimum permissions needed and creates more secure production environments.
 
@@ -47,7 +47,7 @@ To assign a role at the resource level using the Azure CLI, you first must retri
 az servicebus namespace show --resource-group '<your-resource-group-name>' --name '<your-service-bus-namespace>' --query id
 ```
 
-Copy the output `Id` from the preceding command. You can then assign roles using the [az role](/cli/azure/role) command of the Azure CLI.
+Copy the output `ID` from the preceding command. You can then assign roles using the [az role](/cli/azure/role) command of the Azure CLI.
 
 ```azurecli
 az role assignment create --assignee "<user@domain>" \
@@ -63,7 +63,7 @@ To assign a role at the resource level using Azure PowerShell, you first must re
 Get-AzResource -ResourceGroupName "<yourResourceGroupname>" -Name "<yourServiceBusName>"
 ```
 
-Copy the `Id` value from the preceding command output. You can then assign roles using the [New-AzRoleAssignment](/powershell/module/az.resources/new-azroleassignment) command in PowerShell.
+Copy the `ID` value from the preceding command output. You can then assign roles using the [New-AzRoleAssignment](/powershell/module/az.resources/new-azroleassignment) command in PowerShell.
 
 ```azurepowershell
 New-AzRoleAssignment -SignInName <user@domain> `
