Update app-service-identities.md

ggailey777 · web-flow · commit b378f1449156 · 2024-08-12T13:58:08.000-07:00
diff --git a/articles/operational-excellence/includes/app-service-identities.md b/articles/operational-excellence/includes/app-service-identities.md
@@ -1,6 +1,8 @@
 
 ### Identities
 
-- **Recreate App Service Managed Service Identities** in the new target region. 
+- You need to recreate any system assigned managed identities along with your app in the new target region. Typically, an automatically created Microsoft Entra ID app, used by EasyAuth, defaults to the app resource name.
 
-- **Assign the new MSI credential downstream service access (RBAC)**. Typically, an automatically created Microsoft Entra ID App (one used by EasyAuth) defaults to the App resource name. Consideration may be required here for recreating a new resource in the target region. A user-defined Service Principal would be useful - as it can be applied to both source and target with extra access permissions to target deployment resources.
+- User-assigned managed identities also can't be moved across regions. To keep user-assigned managed identities in the same resource group with your app, you must recreate them in the new region. For more information, see [Relocate managed identities for Azure resources to another region](relocation-managed-identity.md).
+
+- Grant the managed identities the same permissions in your relocated services as the original identities that they're replacing, including Group memberships. 
