MicrosoftDocs
diff --git a/‎articles/container-apps/TOC.yml
Lines changed: 6 additions & 2 deletions b/‎articles/container-apps/TOC.yml
Lines changed: 6 additions & 2 deletions
diff --git a/‎articles/container-apps/containers.md
Lines changed: 5 additions & 40 deletions b/‎articles/container-apps/containers.md
Lines changed: 5 additions & 40 deletions
@@ -78,8 +78,12 @@
       href: scale-app.md
     - name: Manage secrets
       href: manage-secrets.md
-    - name: Use managed identities
-      href: managed-identity.md
+    - name: Managed identities
+      items:
+      - name: Use managed identities
+        href: managed-identity.md
+      - name: Azure Container Registry image pull with managed identity
+        href: managed-identity-image-pull.md
     - name: Monitor an app
       href: monitor.md
     - name: Manage revisions
 
@@ -33,7 +33,7 @@ Features include:
 ## Configuration
 
 
-The following is an example of the `containers` array in the [`properties.template`](azure-resource-manager-api-spec.md#propertiestemplate) section of a container app resource template.  The excerpt shows the available configuration options when setting up a container.
+The following code is an example of the `containers` array in the [`properties.template`](azure-resource-manager-api-spec.md#propertiestemplate) section of a container app resource template.  The excerpt shows the available configuration options when setting up a container.
 
 ```json
 "containers": [
@@ -115,7 +115,7 @@ The following is an example of the `containers` array in the [`properties.templa
 | `volumeMounts` | An array of volume mount definitions. | You can define a temporary volume or multiple permanent storage volumes for your container.  For more information about storage volumes, see [Use storage mounts in Azure Container Apps](storage-mounts.md).|
 | `probes`| An array of health probes enabled in the container. | This feature is based on Kubernetes health probes. For more information about probes settings, see [Health probes in Azure Container Apps](health-probes.md).|
 
-When allocating resources, the total amount of CPUs and memory requested for all the containers in a container app must add up to one of the following combinations.
+The total CPU and memory allocations requested for all the containers in a container app must add up to one of the following combinations.
 
 | vCPUs (cores) | Memory |
 |---|---|
@@ -162,7 +162,7 @@ To use a container registry, you define the required fields in `registries` arra
 }
 ```
 
-With the registry information set up, the saved credentials can be used to pull a container image from the private registry when your app is deployed.
+With the registry information added, the saved credentials can be used to pull a container image from the private registry when your app is deployed.
 
 The following example shows how to configure Azure Container Registry credentials in a container app.
 
@@ -193,17 +193,9 @@ The following example shows how to configure Azure Container Registry credential
 
 ### Managed identity with Azure Container Registry
 
-You can use an Azure managed identity to authenticate with Azure Container Registry instead of using a username and password. To use a managed identity:
+You can use an Azure managed identity to authenticate with Azure Container Registry instead of using a username and password. For more information, see [Managed identities in Azure Container Apps](managed-identity.md).
 
-- Assign a system-assigned or user-assigned managed identity to your container app.
-- Specify the managed identity you want to use for each registry.
-
-> [!NOTE]
-> You will need to [enable an admin user account](../container-registry/container-registry-authentication.md) in your Azure
-> Container Registry even when you use an Azure managed identity.  You will not need to use the ACR admin credentials to pull images into Azure
-> Container Apps, however, it is a prequisite to have the ACR admin user account enabled in the registry Azure Container Apps is pulling from.
-
-When assigned a managed identity to a registry, use the managed identity resource ID for a user-assigned identity, or "system" for the system-assigned identity. For more information about using managed identities see, [Managed identities in Azure Container Apps Preview](managed-identity.md).
+When assigning a managed identity to a registry, use the managed identity resource ID for a user-assigned identity, or "system" for the system-assigned identity.
 
 ```json
 {
@@ -230,36 +222,9 @@ When assigned a managed identity to a registry, use the managed identity resourc
 }
 ```
 
-The managed identity must have `AcrPull` access for the Azure Container Registry. For more information about assigning Azure Container Registry permissions to managed identities, see [Authenticate with managed identity](../container-registry/container-registry-authentication-managed-identity.md).
-
-#### Configure a user-assigned managed identity
-
-To configure a user-assigned managed identity:
-
-1. Create the user-assigned identity if it doesn't exist.
-1. Give the user-assigned identity `AcrPull` permission to your private repository.
-1. Add the identity to your container app configuration as shown above.
-
 For more information about configuring user-assigned identities, see [Add a user-assigned identity](managed-identity.md#add-a-user-assigned-identity).
 
 
-#### Configure a system-assigned managed identity
-
-System-assigned identities are created at the time your container app is created, and therefore, won't have `AcrPull` access to your Azure Container Registry.  As a result, the image can't be pulled from your private registry when your app is first deployed.
-
-To configure a system-assigned identity, you must use one of the following methods.
-
-- **Option 1**: Use a public registry for the initial deployment:
-  1. Create your container app using a public image and a system-assigned identity.
-  1. Give the new system-assigned identity `AcrPull` access to your private Azure Container Registry.
-  1. Update your container app replacing the public image with the image from your private Azure Container Registry.
-- **Option 2**: Restart your app after assigning permissions:
-  1. Create your container app using a private image and a system-assigned identity. (The deployment will result in a failure to pull the image.)
-  1. Give the new system-assigned identity `AcrPull` access to your private Azure Container Registry.
-  1. Restart your container app revision.
-
-For more information about configuring system-assigned identities, see [Add a system-assigned identity](managed-identity.md#add-a-system-assigned-identity).
-
 ## Limitations
 
 Azure Container Apps has the following limitations: