Merge pull request #282192 from axisc/encourage_capture_with_msi

Encourage Event Hubs capture to be used with MSI

Author: prmerger-automator[bot]

articles/event-hubs/event-hubs-capture-managed-identity.md

@@ -7,34 +7,29 @@ ms.date: 03/20/2024
 
 
 # Authenticate modes for capturing events to destinations in Azure Event Hubs
-Azure Event Hubs allows you to select different authentication modes when capturing events to a destination such as [Azure Blob storage](https://azure.microsoft.com/services/storage/blobs/) or [Azure Data Lake Storage Gen 1 or Gen 2](https://azure.microsoft.com/services/data-lake-store/) account of your choice. The authentication mode determines how the capture agent running in Event Hubs authenticate with the capture destination. 
-
-## SAS based authentication 
-The default authentication method is to use Shared Access Signature(SAS) to access the capture destination from Event Hubs service. 
 
-:::image type="content" source="./media/event-hubs-capture-overview/event-hubs-capture-default.png" alt-text="Image showing capturing of Event Hubs data into Azure Storage or Azure Data Lake Storage using default SAS authentication mode":::
+Azure Event Hubs allows you to select different authentication modes when capturing events to a destination such as [Azure Blob storage](https://azure.microsoft.com/services/storage/blobs/) or [Azure Data Lake Storage Gen 1 or Gen 2](https://azure.microsoft.com/services/data-lake-store/) account of your choice. The authentication mode determines how the capture agent running in Event Hubs authenticate with the capture destination. 
 
-With this approach, you can capture data to destinations resources that are in the **same subscription** only. 
+## Use managed identity
 
-## Use managed identity 
-With [managed identity](../active-directory/managed-identities-azure-resources/overview.md), users can seamlessly capture data to a preferred destination by using Microsoft Entra ID based authentication and authorization. 
+[Managed identity](../active-directory/managed-identities-azure-resources/overview.md) is the preferred way to seamlessly access the capture destination from your Event Hub, using Microsoft Entra ID based authentication and authorization.
 
 :::image type="content" source="./media/event-hubs-capture-overview/event-hubs-capture-msi.png" alt-text="Image showing capturing of Event Hubs data into Azure Storage or Azure Data Lake Storage using Managed Identity":::
 
 You can use system-assigned or user-assigned managed identities with Event Hubs Capture destinations.
 
-## Use a system-assigned managed identity to capture events
+### Use a system-assigned managed identity to capture events
 System-assigned Managed Identity is automatically created and associated with an Azure resource, which is an Event Hubs namespace in this case. 
 
 To use system assigned identity, the capture destination must have the required role assignment enabled for the corresponding system assigned identity. 
 Then you can select `System Assigned` managed identity option when enabling the capture feature in an event hub.
 
 :::image type="content" source="./media/event-hubs-capture-overview/event-hubs-captute-system-assigned.png" alt-text="Image showing capturing of Event Hubs data into Azure Storage or Azure Data Lake Storage using System Assigned managed identity.":::
 
- Then capture agent would use the identity of the namespace for authentication and authorization with the capture destination. 
+Then capture agent would use the identity of the namespace for authentication and authorization with the capture destination. 
 
-### Azure Resource Manager template
-Here's an example Azure Resource Manager template to configure capturing of data using a system-assigned managed identity. 
+#### Azure Resource Manager template
+Here's an example Azure Resource Manager (ARM) template to configure capturing of data using a system-assigned managed identity. 
 
 ```json
 {
@@ -296,7 +291,7 @@ Here's an example Azure Resource Manager template to configure capturing of data
 }
 ```
 
-## Use a user-assigned managed identity to capture events
+### Use a user-assigned managed identity to capture events
 You can create a user-assigned managed identity and use it for authenticate and authorize with the capture destination of Event hubs. Once the managed identity is created, you can assign it to the Event Hubs namespace and make sure that the capture destination has the required role assignment enabled for the corresponding user assigned identity. 
 
 Then you can select `User Assigned` managed identity option when enabling the capture feature in an event hub and assign the required user assigned identity when enabling the capture feature. 
@@ -306,7 +301,7 @@ Then you can select `User Assigned` managed identity option when enabling the ca
  Then capture agent would use the configured user assigned identity for authentication and authorization with the capture destination. 
 
 
-### Capturing events to a capture destination in a different subscription 
+#### Capturing events to a capture destination in a different subscription 
 The Event Hubs Capture feature also support capturing data to a capture destination in a different subscription with the use of managed identity. 
 
 > [!IMPORTANT]
@@ -378,3 +373,11 @@ For example, following ARM template can be used to create an event hub with capt
     }
   ]
 ```
+
+## Related content
+
+Learn more about the feature and how to enable it using the Azure portal and Azure Resource Manager template:
+
+- [Capture events through Azure Event Hubs in Azure Blob Storage or Azure Data Lake Storage](event-hubs-capture-overview.md)
+- [Use the Azure portal to enable Event Hubs Capture](event-hubs-capture-enable-through-portal.md)
+- [Use an Azure Resource Manager template to enable Event Hubs Capture](event-hubs-resource-manager-namespace-event-hub-enable-capture.md)