Merge pull request #196135 from barclayn/vc-ad-free-updates

PRMerger-2 · web-flow · commit dbe45441675c · 2022-04-27T09:07:03.000-07:00
minor edit
diff --git a/articles/active-directory/verifiable-credentials/verifiable-credentials-configure-issuer.md b/articles/active-directory/verifiable-credentials/verifiable-credentials-configure-issuer.md
@@ -7,7 +7,7 @@ author: barclayn
 manager: karenhoran
 ms.author: barclayn
 ms.topic: tutorial
-ms.date: 04/26/2022
+ms.date: 10/08/2021
 # Customer intent: As an enterprise, we want to enable customers to manage information about themselves by using verifiable credentials.
 
 ---
@@ -46,7 +46,7 @@ The following diagram illustrates the Azure AD Verifiable Credentials architectu
 
 ## Create a storage account
 
-Azure Blob Storage is an object storage solution for the cloud. Azure AD Verifiable Credentials use [Azure Blob Storage](../../storage/blobs/storage-blobs-introduction.md) to store the configuration files when the service is issuing verifiable credentials.
+Azure Blob Storage is an object storage solution for the cloud. Azure AD Verifiable Credentials uses [Azure Blob Storage](../../storage/blobs/storage-blobs-introduction.md) to store the configuration files when the service is issuing verifiable credentials.
 
 Create and configure Blob Storage by following these steps:
 
@@ -59,9 +59,36 @@ Create and configure Blob Storage by following these steps:
 
    ![Screenshot that shows how to create a container.](media/verifiable-credentials-configure-issuer/create-container.png)
 
+## Grant access to the container
+
+After you create your container, grant the signed-in user the correct role assignment so they can access the files in Blob Storage.
+
+1. From the list of containers, select **vc-container**.
+
+1. From the menu, select **Access Control (IAM)**.
+
+1. Select **+ Add,** and then select **Add role assignment**.
+
+     ![Screenshot that shows how to add a new role assignment to the blob container.](media/verifiable-credentials-configure-issuer/add-role-assignment.png)
+
+1. In **Add role assignment**:
+
+    1. For the **Role**, select **Storage Blob Data Reader**.
+
+    1. For the **Assign access to**, select **User, group, or service
+        principal**.
+
+    1. Then, search the account that you're using to perform these steps, and
+        select it.
+
+        ![Screenshot that shows how to set up the new role assignment.](media/verifiable-credentials-configure-issuer/add-role-assignment-container.png)
+
+>[!IMPORTANT]
+>By default, container creators get the owner role assigned. The owner role isn't enough on its own. Your account needs the storage blob data reader role. For more information, see [Use the Azure portal to assign an Azure role for access to blob and queue data](../../storage/blobs/assign-azure-role-data-access.md).
+
 ### Upload the configuration files
 
-Azure AD Verifiable Credentials service uses two JSON configuration files, the rules file and the display file. 
+Azure AD Verifiable Credentials uses two JSON configuration files, the rules file and the display file. 
 
 - The *rules* file describes important properties of verifiable credentials. In particular, it describes the claims that subjects (users) need to provide before a verifiable credential is issued for them. 
 - The *display* file controls the branding of the credential and styling of the claims.
@@ -148,7 +175,7 @@ In this step, you create the verified credential expert card by using Azure AD V
 
     1. For **Subscription**, select your Azure AD subscription where you created Blob Storage.
 
-    1. Under the **Display file**, select **Select display file**. In the Storage accounts section, select **vc-container**. Then select the **VerifiedCredentialExpertDisplay.json** file and select **Select**.
+    1. Under the **Display file**, select **Select display file**. In the Storage accounts section, select **vc-container**. Then select the **VerifiedCredentialExpertDisplay.json** file and click **Select**.
 
     1. Under the **Rules file**, **Select rules file**. In the Storage accounts section, select the **vc-container**. Then select the **VerifiedCredentialExpertRules.json** file, and choose **Select**.
 
@@ -281,7 +308,7 @@ Now you're ready to issue your first verified credential expert card by running
 
      ![Screenshot that shows how to respond to the warning message.](media/verifiable-credentials-configure-issuer/at-risk.png)
 
-1. At the risky website warning, select **Proceed anyways (unsafe)**. You're seeing this warning because your domain isn't linked to your decentralized identifier (DID). To verify your domain, follow the guidance in [Link your domain to your decentralized identifier (DID)](how-to-dnsbind.md). For this tutorial, you can skip the domain registration, and select **Proceed anyways (unsafe).**
+1. At the risky website warning, select **Proceed anyways (unsafe)**. You're seeing this warning because your domain isn't linked to your decentralized identifier (DID). To verify your domain, follow [Link your domain to your decentralized identifier (DID)](how-to-dnsbind.md). For this tutorial, you can skip the domain registration, and select **Proceed anyways (unsafe).**
 
      ![Screenshot that shows how to proceed with the risky warning.](media/verifiable-credentials-configure-issuer/proceed-anyway.png)
 
diff --git a/articles/active-directory/verifiable-credentials/verifiable-credentials-faq.md b/articles/active-directory/verifiable-credentials/verifiable-credentials-faq.md
@@ -28,7 +28,7 @@ This page contains commonly asked questions about Verifiable Credentials and Dec
 
 ### What is a DID? 
 
-Decentralized Identifers(DIDs) are identifiers that can be used to secure access to resources, sign and verify credentials, and facilitate application data exchange. Unlike traditional usernames and email addresses, DIDs are owned and controlled by the entity itself (be it a person, device, or company). DIDs exist independently of any external organization or trusted intermediary. [The W3C Decentralized Identifier spec](https://www.w3.org/TR/did-core/) explains this in further detail.
+Decentralized Identifers(DIDs) are unique identifiers that can be used to secure access to resources, sign and verify credentials, and facilitate application data exchange. Unlike traditional usernames and email addresses, DIDs are owned and controlled by the entity itself (be it a person, device, or company). DIDs exist independently of any external organization or trusted intermediary. [The W3C Decentralized Identifier spec](https://www.w3.org/TR/did-core/) explains this in further detail.
 
 ### Why do we need a DID?
 
@@ -161,13 +161,6 @@ For the Request API the new scope for your application or Postman is now:
 
 ```3db474b9-6a0c-96ac-1fceb342124f/.default```
 
-#### **5. Clean up configuration**
-
-**Suggested after May 6, 2022**. Once you have confirmed that the Azure AD verifiable credentials service is working normally, you can issue, verify, etc after May 6, 2022 you can proceed to clean up your tenant so that the Azure AD Verifiable Credentials service has only the new service principals.
-
-1. Run the following PowerShell command to connect to your Azure AD tenant. Replace ```<your tenant ID>``` with your Azure AD tenant ID.
-1. Run the following commands in the same PowerShell session. The AppId ```603b8c59-ba28-40ff-83d1-408eee9a93e5``` and ```bbb94529-53a3-4be5-a069-7eaf2712b826``` refer to the previous Verifiable Credentials service principals.
-
 ### How do I reset the Azure AD Verifiable credentials service?
 
 Resetting requires that you opt out and opt back into the Azure Active Directory Verifiable Credentials service, your existing verifiable credentials configurations will reset and your tenant will obtain a new DID to use during issuance and presentation.
diff --git a/articles/active-directory/verifiable-credentials/whats-new.md b/articles/active-directory/verifiable-credentials/whats-new.md
@@ -6,7 +6,7 @@ manager: karenhoran
 ms.service: active-directory
 ms.subservice: verifiable-credentials
 ms.topic: reference
-ms.date: 04/26/2022
+ms.date: 04/27/2022
 ms.custom: references_regions
 ms.author: barclayn
 
@@ -20,10 +20,10 @@ This article lists the latest features, improvements, and changes in the Azure A
 
 ## April
 
-From April 25th, 2022 the Verifiable Credentials service is available to more Azure tenants. This important update requires any tenant created prior to April 25, 2022 to make a 15 minutes reconfiguration of the service to ensure ongoing operation. Verifiable Credentials service Administrators must perform the [following steps](verifiable-credentials-faq.md?#updating-the-vc-service-configuration) to avoid service disruptions.
+Verifiable Credentials service Administrators must perform a small configuration change before **May 4, 2022** following [these steps](verifiable-credentials-faq.md?#updating-the-vc-service-configuration) to avoid service disruptions. On May 4, 2022 we'll roll out updates on our service that will result in errors on issuance and presentation on those tenants that haven't applied the changes.
 
 >[!IMPORTANT]
-> When the configuration on your tenant has not been updated, there will be errors on issuance and presentation flows of verifiable credentials from/to your tenant. [Service configuration instructions](verifiable-credentials-faq.md?#updating-the-vc-service-configuration).
+> When the configuration on your tenant has not been updated, . [Service configuration instructions](verifiable-credentials-faq.md?#updating-the-vc-service-configuration).
 
 ## March 2022
 - Azure AD Verifiable Credentials customers can now change the [domain linked](how-to-dnsbind.md) to their DID easily from the Azure portal.
