Merge branch 'patch-36' of https://github.com/jessie-jyy/Jessie-azure-docs-pr into managedafd

duongau · duongau · commit d4f642c9c5e9 · 2022-11-15T10:23:09.000-08:00
diff --git a/articles/frontdoor/managed-identity.md b/articles/frontdoor/managed-identity.md
@@ -18,7 +18,7 @@ Azure Front Door also supports using managed identities to access Key Vault cert
 > See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 
 > [!NOTE]
-> Once you enable managed identities in Azure Front Door and grant proper permissions to access Key Vault, Azure Front Door will always use managed identities to access Key Vault for customer certificate. 
+> Once you enable managed identities in Azure Front Door and grant proper permissions to access Key Vault, Azure Front Door will always use managed identities to access Key Vault for customer certificate. **Please make sure that you add managed identities permissoin to access Key Vault after enabling**. If you fail to do this step, custom certificate autorotation and adding new certifcate will fail without permission to Key Vault. If you disable managed identities, AFD will fallback to use the orignal configured AAD App, but this is not recommended.
 > 
 > You can grant two types of identities to an Azure Front Door profile:
 > * A **system-assigned** identity is tied to your service and is deleted if your service is deleted. The service can have only **one** system-assigned identity.

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ Azure Front Door also supports using managed identities to access Key Vault cert`
`18`	`18`	`> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.`
`19`	`19`
`20`	`20`	`> [!NOTE]`
`21`		`-> Once you enable managed identities in Azure Front Door and grant proper permissions to access Key Vault, Azure Front Door will always use managed identities to access Key Vault for customer certificate.`
	`21`	+> Once you enable managed identities in Azure Front Door and grant proper permissions to access Key Vault, Azure Front Door will always use managed identities to access Key Vault for customer certificate. Please make sure that you add managed identities permissoin to access Key Vault after enabling. If you fail to do this step, custom certificate autorotation and adding new certifcate will fail without permission to Key Vault. If you disable managed identities, AFD will fallback to use the orignal configured AAD App, but this is not recommended.
`22`	`22`	`>`
`23`	`23`	`> You can grant two types of identities to an Azure Front Door profile:`
`24`	`24`	`> * A system-assigned identity is tied to your service and is deleted if your service is deleted. The service can have only one system-assigned identity.`