Merge pull request #230315 from flang-msft/fxl---More-affirmative-content-on-the-storage-account-RBAC-and-identity

Fxl---more affirmative content on the storage account rbac and identity

Author: prmerger-automator[bot]

articles/azure-cache-for-redis/cache-managed-identity.md

@@ -42,9 +42,9 @@ Managed identity can be enabled either when you create a cache instance or after
 
 ### Prerequisites and limitations
 
-Managed identity for storage is only used with the import/export feature and persistence feature at present, which limits its use to the Premium tier of Azure Cache for Redis.
+Managed identity for storage is only used with the import/export feature and persistence feature now, which limits its use to the Premium tier of Azure Cache for Redis.
 
-Managed identity for storage is not supported on caches that have a dependency on Cloud Services (classic). For more information on how to check on whether your cache is using Cloud Services (classi), see [How do I know if a cache is affected?](cache-faq.yml#how-do-i-know-if-a-cache-is-affected).
+Managed identity for storage isn't supported on caches that have a dependency on Cloud Services (classic). For more information on how to check on whether your cache is using Cloud Services (classic), see [How do I know if a cache is affected?](cache-faq.yml#how-do-i-know-if-a-cache-is-affected).
 
 ## Create a new cache with managed identity using the portal
 
@@ -131,7 +131,7 @@ Set-AzRedisCache -ResourceGroupName \"MyGroup\" -Name \"MyCache\" -IdentityType
 
    :::image type="content" source="media/cache-managed-identity/role-assignment.png"  alt-text="Screenshot showing Add role assignment form with list of roles.":::
 
-4. Select the **Members** tab. Under **Assign access to** select **Managed Identity**, and select on **Select members**. A sidebar pops up on the right.
+4. Select the **Members** tab. Under **Assign access to** select **Managed Identity**, and select on **Select members**. A sidebar pops up next to the working pane.
 
    :::image type="content" source="media/cache-managed-identity/select-members.png"  alt-text="Screenshot showing add role assignment form with members pane.":::
 
@@ -144,15 +144,20 @@ Set-AzRedisCache -ResourceGroupName \"MyGroup\" -Name \"MyCache\" -IdentityType
    :::image type="content" source="media/cache-managed-identity/blob-data.png"  alt-text="Screenshot of Storage Blob Data Contributor list.":::
 
 > [!NOTE]
-> Adding an Azure Cache for Redis instance as a storage blob data contributor through system-assigned identity conveniently adds the cache instance to the [trusted services list](../storage/common/storage-network-security.md?tabs=azure-portal), making firewall exceptions easier to implement. If you're not using managed identity and instead authorizing a storage account with a key, then having firewall exceptions on the storage account tends to break the persistence process and the import-export processes.
+> For _export_ to work with a storage account with firewall exceptions, you must:
+>- add an Azure Cache for Redis instance as a storage blob data contributor through system-assigned identity, and 
+>- check [**Allow Azure services on the trusted services list to access this storage account**](../storage/common/storage-network-security.md?tabs=azure-portal#grant-access-to-trusted-azure-services). 
+
+
+If you're not using managed identity and instead authorizing a storage account with a key, then having firewall exceptions on the storage account breaks the persistence process and the import-export processes.
 
 ## Use managed identity to access a storage account
 
 ### Use managed identity with data persistence
 
 1. Open the Azure Cache for Redis instance that has been assigned the Storage Blob Data Contributor role and go to the **Data persistence** on the Resource menu.
 
-2. Change the **Authentication Method** to **Managed Identity** and select the storage account you configured above. select **Save**.
+2. Change the **Authentication Method** to **Managed Identity** and select the storage account you configured earlier in the article. select **Save**.
 
    :::image type="content" source="media/cache-managed-identity/data-persistence.png"  alt-text="Screenshot showing data persistence pane with authentication method selected.":::