added the script info and feedback from PM

Author: SnehaSudhirG

articles/automation/automation-managed-identity-faq.md

@@ -15,20 +15,20 @@ This Microsoft FAQ is a list of commonly asked questions when you're migrating f
 
 ## How long will you support Run As account?
 
-Automation Run As account will be supported for the next one year until **September 30, 2023**. While we continue to support existing users, we recommend all new users to use Managed identities as the preferred way of runbook authentication. Existing users can still create the Run As account, see the  account properties and renew the certificate upon expiration till **January 30, 2023**. After this date, you won't be able to create a Run As account from the Azure portal. You will still be able to create a Run As account through [PowerShell script](/azure/automation/create-run-as-account#create-account-using-powershell) until the supported time of one year. You can [use this script](/script) to renew the certificate post **January 30, 2023** until **September 30, 2023**.
+Automation Run As account will be supported for the next one year until **September 30, 2023**. While we continue to support existing users, we recommend all new users to use Managed identities as the preferred way of runbook authentication. Existing users can still create the Run As account, see the  account properties and renew the certificate upon expiration till **January 30, 2023**. After this date, you won't be able to create a Run As account from the Azure portal. You will still be able to create a Run As account through [PowerShell script](/azure/automation/create-run-as-account#create-account-using-powershell) until the supported time of one year. You can [use this script](https://github.com/azureautomation/runbooks/blob/master/Utility/AzRunAs/RunAsAccountAssessAndRenew.ps1) to renew the certificate post **January 30, 2023** until **September 30, 2023**. This script will assess automation account which has configured Run As accounts and renews the certificate if the user chooses to do so. On confirmation, it will renew the key credentials of Azure-AD App and upload new self-signed certificate to the Azure-AD App.
 
 
 ## Will existing runbooks that use the Run As account be able to authenticate?
 Yes, they will be able to authenticate and there will be no impact to the existing runbooks using Run As account.
 
 ## How can I renew the existing Run as accounts post January 30, 2023 when portal support to renew the account to removed?
-You can [use this script](/script) to renew the Run As account certificate post January 30, 2023 until September 30, 2023.
+You can [use this script](https://github.com/azureautomation/runbooks/blob/master/Utility/AzRunAs/RunAsAccountAssessAndRenew.ps1) to renew the Run As account certificate post January 30, 2023 until September 30, 2023.
 
 ## Can Run As account still be created post September 30, 2023 when Run As account will retire?
-Yes, you can still create the Run As account using the [PowerShell script](/script) However, this would be an unsupported scenario.
+Yes, you can still create the Run As account using the [PowerShell script](../automation/create-run-as-account.md#create-account-using-powershell). However, this would be an unsupported scenario.
 
 ## Can Run As accounts still be renewed post September 30, 2023 when Run As account will retire?
-You can [use this script](/script) to renew the Run As account certificate post September 30, 2023 when Run As account will retire. However, it would be an unsupported scenario.
+You can [use this script](https://github.com/azureautomation/runbooks/blob/master/Utility/AzRunAs/RunAsAccountAssessAndRenew.ps1) to renew the Run As account certificate post September 30, 2023 when Run As account will retire. However, it would be an unsupported scenario.
 
 ## Will the runbooks that still use the Run As account be able to authenticate even after September 30, 2023?
 Yes, the runbooks will be able to authenticate until the Run As account certificate expires.
@@ -58,8 +58,8 @@ Yes, only in a scenario when Managed identities aren't supported for specific on
 ## How can I migrate from existing Run As account to Managed identities?
 Follow the steps mentioned in [migrate Run As accounts to Managed identity](/azure/automationmigrate-run-as-accounts-managed-identity).
 
-## How do I see the runbooks that are using Run As account?
-Use the script here to find out which Automation accounts are using Run As account
+## How do I see the runbooks that are using Run As account and know what permissions are assigned to the Run As account?
+Use the [script](https://github.com/azureautomation/runbooks/blob/master/Utility/AzRunAs/Check-AutomationRunAsAccountRoleAssignments.ps1) here to find out which Automation accounts are using Run As account. If your Azure Automation accounts contain a Run As account, it will by default, have the built-in contributor role assigned to it. You can use this script to check the role assignments of your Azure Automation Run As accounts and determine if their role assignment is the default one or if it has been changed to a different role definition.
 
 ## Next steps
 

articles/automation/migrate-run-as-accounts-managed-identity.md

@@ -158,7 +158,7 @@ foreach ($ResourceGroup in $ResourceGroups)
 
 ## Graphical runbooks
 
-You can test the managed identity to verify if the Graphical runbook is working as expected by creating a copy of your production runbook to use the managed identity and updating your test graphical runbook code to authenticate by using the managed identity. You can add this functionality to a graphical runbook by adding `Connect-AzAccount` cmdlet.
+You must test the managed identity to verify if the Graphical runbook is working as expected by creating a copy of your production runbook to use the managed identity and updating your test graphical runbook code to authenticate by using the managed identity. You can add this functionality to a graphical runbook by adding `Connect-AzAccount` cmdlet.
 
 Listed below is an example to guide on how a graphical runbook that uses Run As account use managed identities:
 
@@ -168,13 +168,13 @@ Listed below is an example to guide on how a graphical runbook that uses Run As
 
     :::image type="content" source="./media/migrate-run-as-account-managed-identity/edit-graphical-runbook-inline.png" alt-text="Screenshot of edit graphical runbook." lightbox="./media/migrate-run-as-account-managed-identity/edit-graphical-runbook-expanded.png":::
 
-1. Replace, Run As connection that uses `AzureRunAsConnection`and connection asset that internally uses PowerShell `Get-AutomationConnection` cmdlet with graphical runbook functionality.
+1. Replace, Run As connection that uses `AzureRunAsConnection`and connection asset that internally uses PowerShell `Get-AutomationConnection` cmdlet with `Connect-AzAccount` cmdlet.
 
-1. Connect to Azure that uses `Connect-AzAccount` to add the authenticated Run As account for use in the runbook with `Connect-AzAccount` activity from the `Az.Accounts` cmdlet that uses the PowerShell code to connect to identity.
+1. Connect to Azure that uses `Connect-AzAccount` to add the identity support for use in the runbook using `Connect-AzAccount` activity from the `Az.Accounts` cmdlet that uses the PowerShell code to connect to identity.
 
     :::image type="content" source="./media/migrate-run-as-account-managed-identity/add-functionality-inline.png" alt-text="Screenshot of add functionality to graphical runbook." lightbox="./media/migrate-run-as-account-managed-identity/add-functionality-expanded.png":::
 
-1. Select **Code** to enter the following code.
+1. Select **Code** to enter the following code to pass the identity.
 
 ```powershell-interactive
 try 
@@ -190,7 +190,7 @@ catch {
 
 For example, in the runbook `Start Azure V2 VMs` in the runbook gallery, you must replace `Get Run As Connection` and `Connect to Azure` activities with `Connect-AzAccount` cmdlet activity.
 
-For more information, see sample runbook name *AzureAutomationTutorialWithIdentityGraphical* that you created with the Automation account.
+For more information, see sample runbook name *AzureAutomationTutorialWithIdentityGraphical* that gets created with the Automation account.
 
 
 ## Next steps