Merge pull request #189092 from barclayn/mi-clarity-02

PMEds28 · web-flow · commit bf0a6f103e27 · 2022-02-18T15:46:51.000Z
Mi clarity 02
diff --git a/articles/active-directory/managed-identities-azure-resources/tutorial-vm-windows-access-storage.md b/articles/active-directory/managed-identities-azure-resources/tutorial-vm-windows-access-storage.md
@@ -13,7 +13,7 @@ ms.subservice: msi
 ms.topic: tutorial
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 01/11/2022
+ms.date: 02/18/2022
 ms.author: barclayn
 ms.collection: M365-identity-device-management
 ---
@@ -51,12 +51,12 @@ This tutorial shows you how to use a system-assigned managed identity for a Wind
 
 In this section, you create a storage account.
 
-1. Click the **+ Create a resource** button found on the upper left-hand corner of the Azure portal.
-2. Click **Storage**, then **Storage account - blob, file, table, queue**.
+1. Select the **+ Create a resource** button found on the upper left-hand corner of the Azure portal.
+2. Select **Storage**, then **Storage account - blob, file, table, queue**.
 3. Under **Name**, enter a name for the storage account.
 4. **Deployment model** and **Account kind** should be set to **Resource manager** and **Storage (general purpose v1)**.
 5. Ensure the **Subscription** and **Resource Group** match the ones you specified when you created your VM in the previous step.
-6. Click **Create**.
+6. Select **Create**.
 
     ![Create new storage account](./media/msi-tutorial-linux-vm-access-storage/msi-storage-create.png)
 
@@ -65,24 +65,24 @@ In this section, you create a storage account.
 Files require blob storage so you need to create a blob container in which to store the file. You then upload a file to the blob container in the new storage account.
 
 1. Navigate back to your newly created storage account.
-2. Under **Blob Service**, click **Containers**.
-3. Click **+ Container** on the top of the page.
-4. Under **New container**, enter a name for the container and under **Public access level** keep the default value .
+2. Under **Blob Service**, select **Containers**.
+3. Select **+ Container** on the top of the page.
+4. Under **New container**, enter a name for the container and under **Public access level** keep the default value.
 
     ![Create storage container](./media/msi-tutorial-linux-vm-access-storage/create-blob-container.png)
 
 5. Using an editor of your choice, create a file titled *hello world.txt* on your local machine. Open the file and add the text (without the quotes) "Hello world! :)" and then save it.
 6. Upload the file to the newly created container by clicking on the container name, then **Upload**
-7. In the **Upload blob** pane, under **Files**, click the folder icon and browse to the file **hello_world.txt** on your local machine, select the file, then click **Upload**.
+7. In the **Upload blob** pane, under **Files**, select the folder icon and browse to the file **hello_world.txt** on your local machine, select the file, then select **Upload**.
     ![Upload text file](./media/msi-tutorial-linux-vm-access-storage/upload-text-file.png)
 
 ### Grant access
 
 This section shows how to grant your VM access to an Azure Storage container. You can use the VM's system-assigned managed identity to retrieve the data in the Azure storage blob.
 
 1. Navigate back to your newly created storage account.
-1. Click **Access control (IAM)**.
-1. Click **Add** > **Add role assignment** to open the Add role assignment page.
+1. Select **Access control (IAM)**.
+1. Select **Add** > **Add role assignment** to open the Add role assignment page.
 1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../../role-based-access-control/role-assignments-portal.md).
     
     | Setting | Value |
@@ -96,9 +96,9 @@ This section shows how to grant your VM access to an Azure Storage container. Yo
 
 ## Access data 
 
-Azure Storage natively supports Azure AD authentication, so it can directly accept access tokens obtained using a managed identity. This is part of Azure Storage's integration with Azure AD, and is different from supplying credentials on the connection string.
+Azure Storage natively supports Azure AD authentication, so it can directly accept access tokens obtained using a managed identity. This approach uses Azure Storage's integration with Azure AD, and is different from supplying credentials on the connection string.
 
-Here's a .NET code example of opening a connection to Azure Storage using an access token and then reading the contents of the file you created earlier. This code must run on the VM to be able to access the VM's managed identity endpoint. .NET Framework 4.6 or higher is required to use the access token method. Replace the value of `<URI to blob file>` accordingly. You can obtain this value by navigating to file you created and uploaded to blob storage and copying the **URL** under **Properties** the **Overview** page.
+Here's a .NET code example of opening a connection to Azure Storage. The example uses an access token and then reads the contents of the file you created earlier. This code must run on the VM to be able to access the VM's managed identity endpoint. .NET Framework 4.6 or higher is required to use the access token method. Replace the value of `<URI to blob file>` accordingly. You can obtain this value by navigating to file you created and uploaded to blob storage and copying the **URL** under **Properties** the **Overview** page.
 
 ```csharp
 using System;
@@ -181,7 +181,7 @@ The response contains the contents of the file:
 
 ## Next steps
 
-In this tutorial, you learned how enable a Windows VM's system-assigned identity to access Azure Storage.  To learn more about Azure Storage see:
+In this tutorial, you learned how enable a Windows VM's system-assigned identity to access Azure Storage.  To learn more about Azure Storage, see:
 
 > [!div class="nextstepaction"]
 > [Azure Storage](../../storage/common/storage-introduction.md)
diff --git a/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-datalake.md b/articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-datalake.md
@@ -12,7 +12,7 @@ ms.subservice: msi
 ms.topic: tutorial
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 01/11/2022
+ms.date: 02/18/2022
 ms.author: barclayn
 ms.collection: M365-identity-device-management
 ---
@@ -21,7 +21,9 @@ ms.collection: M365-identity-device-management
 
 [!INCLUDE [preview-notice](../../../includes/active-directory-msi-preview-notice.md)]
 
-This tutorial shows you how to use a system-assigned managed identity for a Windows virtual machine (VM) to access an Azure Data Lake Store. Managed Service Identities are automatically managed by Azure and enable you to authenticate to services that support Azure AD authentication, without needing to insert credentials into your code. You learn how to:
+This tutorial shows you how to use a system-assigned managed identity for a Windows virtual machine (VM) to access an Azure Data Lake Store. Managed identities are automatically managed by Azure. They enable your application to authenticate to services that support Azure AD authentication, without needing to insert credentials into your code.
+
+In this article you learn how to:
 
 > [!div class="checklist"]
 > * Grant your VM access to an Azure Data Lake Store
@@ -48,34 +50,34 @@ This tutorial shows you how to use a system-assigned managed identity for a Wind
 
 Now you can grant your VM access to files and folders in an Azure Data Lake Store.  For this step, you can use an existing Data Lake Store or create a new one.  To create a new Data Lake Store using the Azure portal, follow this [Azure Data Lake Store quickstart](../../data-lake-store/data-lake-store-get-started-portal.md). There are also quickstarts that use the Azure CLI and Azure PowerShell in the [Azure Data Lake Store documentation](../../data-lake-store/data-lake-store-overview.md).
 
-In your Data Lake Store, create a new folder and grant your VM's system-assigned identity permission to read, write, and execute files in that folder:
+In your Data Lake Store, create a new folder and grant your VM's system-assigned identity permission. The identity needs rights to read, write, and execute files in that folder:
 
-1. In the Azure portal, click **Data Lake Store** in the left-hand navigation.
-2. Click the Data Lake Store you want to use for this tutorial.
-3. Click **Data Explorer** in the command bar.
-4. The root folder of the Data Lake Store is selected.  Click **Access** in the command bar.
-5. Click **Add**.  In the **Select** field, enter the name of your VM, for example **DevTestVM**.  Click to select your VM from the search results, then click **Select**.
-6. Click **Select Permissions**.  Select **Read** and **Execute**, add to **This folder**, and add as **An access permission only**.  Click **Ok**.  The permission should be added successfully.
+1. In the Azure portal, select **Data Lake Store** in the left-hand navigation.
+2. Select the Data Lake Store you want to use for this tutorial.
+3. Select **Data Explorer** in the command bar.
+4. The root folder of the Data Lake Store is selected.  Select **Access** in the command bar.
+5. Select **Add**.  In the **Select** field, enter the name of your VM, for example **DevTestVM**.  Select to select your VM from the search results, then select **Select**.
+6. Select **Select Permissions**.  Select **Read** and **Execute**, add to **This folder**, and add as **An access permission only**.  Select **Ok**.  The permission should be added successfully.
 7. Close the **Access** blade.
-8. For this tutorial, create a new folder.  Click **New Folder** in the command bar, and give the new folder a name, for example **TestFolder**.  Click **Ok**.
-9. Click on the folder you created, then click **Access** in the command bar.
-10. Similar to step 5, click **Add**, in the **Select** field enter the name of your VM, select it and click **Select**.
-11. Similar to step 6, click **Select Permissions**, select **Read**, **Write**, and **Execute**, add to **This folder**, and add as **An access permission entry and a default permission entry**.  Click **Ok**.  The permission should be added successfully.
+8. For this tutorial, create a new folder.  Select **New Folder** in the command bar, and give the new folder a name, for example **TestFolder**.  Select **Ok**.
+9. Select on the folder you created, then select **Access** in the command bar.
+10. Similar to step 5, select **Add**, in the **Select** field enter the name of your VM, select it and select **Select**.
+11. Similar to step 6, select **Select Permissions**, select **Read**, **Write**, and **Execute**, add to **This folder**, and add as **An access permission entry and a default permission entry**.  Select **Ok**.  The permission should be added successfully.
 
 Your VM's system-assigned managed identity can now perform all operations on files in the folder you created.  For more information on managing access to Data Lake Store, read this article on [Access Control in Data Lake Store](../../data-lake-store/data-lake-store-access-control.md).
 
 ## Access data
 
-Azure Data Lake Store natively supports Azure AD authentication, so it can directly accept access tokens obtained using managed identities for Azure resources.  To authenticate to the Data Lake Store filesystem you send an access token issued by Azure AD to your Data Lake Store filesystem endpoint, in an Authorization header in the format "Bearer <ACCESS_TOKEN_VALUE>".  To learn more about Data Lake Store support for Azure AD authentication, read [Authentication with Data Lake Store using Azure Active Directory](../../data-lake-store/data-lakes-store-authentication-using-azure-active-directory.md)
+Azure Data Lake Store natively supports Azure AD authentication, so it can directly accept access tokens obtained using managed identities for Azure resources.  To authenticate to the Data Lake Store filesystem, you send an access token issued by Azure AD to your Data Lake Store filesystem endpoint in an Authorization header. The header has the format "Bearer <ACCESS_TOKEN_VALUE>".  To learn more about Data Lake Store support for Azure AD authentication, read [Authentication with Data Lake Store using Azure Active Directory](../../data-lake-store/data-lakes-store-authentication-using-azure-active-directory.md)
 
 > [!NOTE]
 > The Data Lake Store filesystem client SDKs do not yet support managed identities for Azure resources.  This tutorial will be updated when support is added to the SDK.
 
 In this tutorial, you authenticate to the Data Lake Store filesystem REST API using PowerShell to make REST requests. To use the VM's system-assigned managed identity for authentication, you need to make the requests from the VM.
 
-1. In the portal, navigate to **Virtual Machines**, go to your Windows VM, and in the **Overview** click **Connect**.
+1. In the portal, navigate to **Virtual Machines**, go to your Windows VM, and in the **Overview** select **Connect**.
 2. Enter in your **Username** and **Password** for which you added when you created the Windows VM. 
-3. Now that you have created a **Remote Desktop Connection** with the virtual machine, open **PowerShell** in the remote session. 
+3. Now that you've created a **Remote Desktop Connection** with the virtual machine, open **PowerShell** in the remote session. 
 4. Using PowerShell’s `Invoke-WebRequest`, make a request to the local managed identities for Azure resources endpoint to get an access token for Azure Data Lake Store.  The resource identifier for Data Lake Store is `https://datalake.azure.net/`.  Data Lake does an exact match on the resource identifier and the trailing slash is important.
 
    ```powershell
@@ -94,7 +96,7 @@ In this tutorial, you authenticate to the Data Lake Store filesystem REST API us
    $AccessToken = $content.access_token
    ```
 
-5. Using PowerShell's `Invoke-WebRequest', make a request to your Data Lake Store's REST endpoint to list the folders in the root folder.  This is a simple way to check everything is configured correctly.  It is important the string "Bearer" in the Authorization header has a capital "B".  You can find the name of your Data Lake Store in the **Overview** section of the Data Lake Store blade in the Azure portal.
+5. Check that everything is configured correctly. Using PowerShell's `Invoke-WebRequest', make a request to your Data Lake Store's REST endpoint to list the folders in the root folder. It's important the string "Bearer" in the Authorization header has a capital "B".  You can find the name of your Data Lake Store in the **Overview** section of your Data Lake Store.
 
    ```powershell
    Invoke-WebRequest -Uri https://<YOUR_ADLS_NAME>.azuredatalakestore.net/webhdfs/v1/?op=LISTSTATUS -Headers @{Authorization="Bearer $AccessToken"}
@@ -135,7 +137,7 @@ In this tutorial, you authenticate to the Data Lake Store filesystem REST API us
    $HdfsRedirectResponse = Invoke-WebRequest -Uri https://<YOUR_ADLS_NAME>.azuredatalakestore.net/webhdfs/v1/TestFolder/Test1.txt?op=CREATE -Method PUT -Headers @{Authorization="Bearer $AccessToken"} -Infile Test1.txt -MaximumRedirection 0
    ```
 
-   If you inspect the value of `$HdfsRedirectResponse` it should look like the following response:
+   If you inspect the value of `$HdfsRedirectResponse`, it should look like the following response:
 
    ```powershell
    PS C:\> $HdfsRedirectResponse
@@ -190,7 +192,7 @@ Using other Data Lake Store filesystem APIs you can append to files, download fi
 
 ## Next steps
 
-In this tutorial, you learned how to use a system-assigned managed identity for a Windows virtual machine to access an Azure Data Lake Store. To learn more about Azure Data Lake Store see:
+In this tutorial, you learned how to use a system-assigned managed identity for a Windows virtual machine to access an Azure Data Lake Store. To learn more about Azure Data Lake Store, see:
 
 > [!div class="nextstepaction"]
 >[Azure Data Lake Store](../../data-lake-store/data-lake-store-overview.md)
