Reorganized article

Author: msmbaldwin

articles/key-vault/tutorial-net-windows-virtual-machine.md

@@ -49,32 +49,36 @@ When you enable MSI for an Azure service, such as Azure Virtual Machines, Azure
 
 Next, to get an access token, your code calls a local metadata service that's available on the Azure resource. To authenticate to an Azure Key Vault service, your code uses the access token that it gets from the local MSI endpoint. 
 
-## Log in to Azure
+## Set up the project
+
+Before you start coding you need to create some resources, put a secret into your key vault, and set up the .NET project.
+
+### Log in to Azure
 
 To log in to Azure by using the Azure CLI, enter:
 
 ```azurecli
 az login
 ```
 
-## Create a resource group
+### Create resources and assign permissions
 
-An Azure resource group is a logical container into which Azure resources are deployed and managed.
+#### Create a resource group
 
-Create a resource group by using the [az group create](/cli/azure/group#az-group-create) command. 
+An Azure resource group is a logical container into which Azure resources are deployed and managed. Create a resource group by using the [az group create](/cli/azure/group#az-group-create) command. 
 
-Then, select a resource group name and fill in the placeholder. The following example creates a resource group in the West US location:
+This example creates a resource group in the West US location:
 
 ```azurecli
 # To list locations: az account list-locations --output table
 az group create --name "<YourResourceGroupName>" --location "West US"
 ```
 
-You use your newly created resource group throughout this tutorial.
+Your newly created resource group will be used throughout this tutorial.
 
-## Create a key vault
+#### Create a key vault and populate it with a secret
 
-To create a key vault in the resource group that you created in the preceding step, provide the following information:
+Create a key vault in your resource group by providing the [az keyvault create](/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create) command with the following information:
 
 * Key vault name: a string of 3 to 24 characters that can contain only numbers (0-9), letters (a-z, A-Z), and hyphens (-)
 * Resource group name
@@ -85,9 +89,8 @@ az keyvault create --name "<YourKeyVaultName>" --resource-group "<YourResourceGr
 ```
 At this point, your Azure account is the only one that's authorized to perform operations on this new key vault.
 
-## Add a secret to the key vault
+Now add a secret to your key vault using the [az keyvault secret set](/cli/azure/keyvault/secret?view=azure-cli-latest#az-keyvault-secret-set) command
 
-We're adding a secret to help illustrate how this works. The secret might be a SQL connection string or any other information that you need to keep both secure and available to your application.
 
 To create a secret in the key vault called **AppSecret**, enter the following command:
 
@@ -97,15 +100,15 @@ az keyvault secret set --vault-name "<YourKeyVaultName>" --name "AppSecret" --va
 
 This secret stores the value **MySecret**.
 
-## Create a virtual machine
-You can create a virtual machine by using one of the following methods:
+#### Create a virtual machine
+Create a virtual machine by using one of the following methods:
 
 * [The Azure CLI](https://docs.microsoft.com/azure/virtual-machines/windows/quick-create-cli)
 * [PowerShell](https://docs.microsoft.com/azure/virtual-machines/windows/quick-create-powershell)
 * [The Azure portal](https://docs.microsoft.com/azure/virtual-machines/windows/quick-create-portal)
 
-## Assign an identity to the VM
-In this step, you create a system-assigned identity for the virtual machine by running the following command in the Azure CLI:
+#### Assign an identity to the VM
+Create a system-assigned identity for the virtual machine bwith the [az vm identity assign]/cli/azure/vm/identity?view=azure-cli-latest#az-vm-identity-assign) command:
 
 ```azurecli
 az vm identity assign --name <NameOfYourVirtualMachine> --resource-group <YourResourceGroupName>
@@ -120,17 +123,19 @@ Note the system-assigned identity that's displayed in the following code. The ou
 }
 ```
 
-## Assign permissions to the VM identity
-Now you can assign the previously created identity permissions to your key vault by running the following command:
+#### Assign permissions to the VM identity
+Assign the previously created identity permissions to your key vault with the [az keyvault set-policy](/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-set-policy) command:
 
 ```azurecli
 az keyvault set-policy --name '<YourKeyVaultName>' --object-id <VMSystemAssignedIdentity> --secret-permissions get list
 ```
 
-## Log on to the virtual machine
+#### Log on to the virtual machine
 
 To log on to the virtual machine, follow the instructions in [Connect and log on to an Azure virtual machine running Windows](https://docs.microsoft.com/azure/virtual-machines/windows/connect-logon).
 
+## Set up the console app
+
 ## Install .NET Core
 
 To install .NET Core, go to the [.NET downloads](https://www.microsoft.com/net/download) page.
@@ -141,12 +146,24 @@ Open a command prompt.
 
 You can print "Hello World" to the console by running the following commands:
 
-```batch
+```console
 dotnet new console -o helloworldapp
 cd helloworldapp
 dotnet run
 ```
 
+### Install the packages
+
+ From the console window, install the .NET packages required for this quickstart:
+
+ ```console
+dotnet add package System.IO;
+dotnet add package System.Net;
+dotnet add package System.Text;
+dotnet add package Newtonsoft.Json;
+dotnet add package Newtonsoft.Json.Linq;
+```
+
 ## Edit the console app
 
 Open the *Program.cs* file and add these packages: