edits

Author: tejaswikolli-web

.openpublishing.redirection.container-service.json

@@ -1,10 +1,5 @@
 {
     "redirections": [
-        {
-            "source_path_from_root": "/articles/container-service/container-registry-auth-aci.md",
-            "redirect_url": "/azure/container-service/container-registry-authentication",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/container-service/dcos-swarm/container-service-application-specific-marathon.md",
             "redirect_url": "/previous-versions/azure/container-service/dcos-swarm/container-service-application-specific-marathon",

.openpublishing.redirection.json

@@ -3919,11 +3919,6 @@
             "redirect_url": "/azure/batch/monitor-batch",
             "redirect_document_id": false
         },
-        {
-            "source_path_from_root": "/articles/container-registry/container-registry-auth-aci.md",
-            "redirect_url": "/azure/container-registry/container-registry-authentication",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/event-hubs/move-cluster-across-regions.md",
             "redirect_url": "/azure/operational-excellence/relocation-event-hub-cluster",

articles/container-instances/container-instances-tutorial-deploy-app.md

@@ -33,7 +33,7 @@ In this section, you use the Azure CLI to deploy the image built in the [first t
 
 When you deploy an image that's hosted in a private Azure container registry like the one created in the [second tutorial](container-instances-tutorial-prepare-acr.md), you must supply credentials to access the registry. 
 
-A best practice for many scenarios is to create and configure a Microsoft Entra service principal with *pull* permissions to your registry. Take note of the *service principal ID* and *service principal password*. You use these credentials to access the registry when you deploy the container.
+A best practice for many scenarios is to create and configure a Microsoft Entra service principal with *pull* permissions to your registry. See [Authenticate with Azure Container Registry from Azure Container Instances](../container-registry/container-registry-auth-aci.md) for sample scripts to create a service principal with the necessary permissions. Take note of the *service principal ID* and *service principal password*. You use these credentials to access the registry when you deploy the container.
 
 You also need the full name of the container registry login server (replace `<acrName>` with the name of your registry):
 

articles/container-registry/TOC.yml

@@ -178,6 +178,8 @@
           href: container-registry-authentication-managed-identity.md
         - name: Authenticate with token 
           href: container-registry-repository-scoped-permissions.md
+        - name: Authenticate from Azure Container Instances
+          href: container-registry-auth-aci.md
         - name: Authenticate from Kubernetes
           items:
           - name: Kubernetes scenarios

articles/container-registry/buffer-gate-public-content.md

@@ -126,7 +126,7 @@ Expanding on image import, set up an [Azure Container Registry task](container-r
 For a detailed example, see [How to consume and maintain public content with Azure Container Registry Tasks](tasks-consume-public-content.md). 
 
 > [!NOTE]
-> A single preconfigured task can automatically rebuild every application image that references a dependent base image. 
+> A single pre configured task can automatically rebuild every application image that references a dependent base image. 
  
 ## Next steps
 * Learn more about [ACR Tasks](container-registry-tasks-overview.md) to build, run, push, and patch container images in Azure.

articles/container-registry/container-registry-auth-aci.md

@@ -0,0 +1,65 @@
+---
+title: Access from Container Instances
+description: Learn how to provide access to images in your private container registry from Azure Container Instances by using a Microsoft Entra service principal.
+ms.topic: article
+ms.custom: devx-track-azurecli
+ms.service: container-registry
+author: tejaswikolli-web
+ms.author: tejaswikolli
+ms.date: 10/31/2023
+---
+
+# Authenticate with Azure Container Registry from Azure Container Instances
+
+You can use a Microsoft Entra service principal to provide access to your private container registries in Azure Container Registry.
+
+In this article, you learn to create and configure a Microsoft Entra service principal with *pull* permissions to your registry. Then, you start a container in Azure Container Instances (ACI) that pulls its image from your private registry, using the service principal for authentication.
+
+## When to use a service principal
+
+You should use a service principal for authentication from ACI in **headless scenarios**, such as in applications or services that create container instances in an automated or otherwise unattended manner.
+
+For example, if you have an automated script that runs nightly and creates a [task-based container instance](../container-instances/container-instances-restart-policy.md) to process some data, it can use a service principal with pull-only permissions to authenticate to the registry. You can then rotate the service principal's credentials or revoke its access completely without affecting other services and applications.
+
+Service principals should also be used when the registry [admin user](container-registry-authentication.md#admin-account) is disabled.
+
+[!INCLUDE [container-registry-service-principal](../../includes/container-registry-service-principal.md)]
+
+## Authenticate using the service principal
+
+To launch a container in Azure Container Instances using a service principal, specify its ID for `--registry-username`, and its password for `--registry-password`.
+
+```azurecli-interactive
+az container create \
+    --resource-group myResourceGroup \
+    --name mycontainer \
+    --image mycontainerregistry.azurecr.io/myimage:v1 \
+    --registry-login-server mycontainerregistry.azurecr.io \
+    --registry-username <service-principal-ID> \
+    --registry-password <service-principal-password>
+```
+
+>[!Note]
+> We recommend running the commands in the most recent version of the Azure Cloud Shell. Set `export MSYS_NO_PATHCONV=1` for running on-perm bash environment.
+
+## Sample scripts
+
+You can find the preceding sample scripts for Azure CLI on GitHub, as well versions for Azure PowerShell:
+
+* [Azure CLI][acr-scripts-cli]
+* [Azure PowerShell][acr-scripts-psh]
+
+## Next steps
+
+The following articles contain additional details on working with service principals and ACR:
+
+* [Azure Container Registry authentication with service principals](container-registry-auth-service-principal.md)
+* [Authenticate with Azure Container Registry from Azure Kubernetes Service (AKS)](../aks/cluster-container-registry-integration.md)
+
+<!-- IMAGES -->
+
+<!-- LINKS - External -->
+[acr-scripts-cli]: https://github.com/Azure/azure-docs-cli-python-samples/tree/master/container-registry/create-registry/create-registry-service-principal-assign-role.sh
+[acr-scripts-psh]: https://github.com/Azure/azure-docs-powershell-samples/tree/master/container-registry
+
+<!-- LINKS - Internal -->