addressing feedback

Author: mattgotteiner

articles/search/search-security-rbac.md

@@ -356,7 +356,7 @@ If you're already a Contributor or Owner of your search service, you can present
 
 ## Grant access to a single index
 
-In some scenarios, you may want to limit application's access to a single resource, such as an index. 
+In some scenarios, you might want to limit an application's access to a single resource, such as an index.
 
 The portal doesn't currently support role assignments at this level of granularity, but it can be done with [PowerShell](../role-based-access-control/role-assignments-powershell.md) or the [Azure CLI](../role-based-access-control/role-assignments-cli.md).
 
@@ -569,9 +569,9 @@ To enable a Conditional Access policy for Azure AI Search, follow the below step
 > [!IMPORTANT]
 > If your search service has a managed identity assigned to it, the specific search service will show up as a cloud app that can be included or excluded as part of the Conditional Access policy. Conditional Access policies can't be enforced on a specific search service. Instead make sure you select the general **Azure AI Search** cloud app.
 
-## Troubleshooting Azure RBAC issues
+## Troubleshooting role-based access control issues
 
-When developing applications that use role-based access control for authentication, some common issues may occur:
+When developing applications that use role-based access control for authentication, some common issues might occur:
 
-* If the authorization token came from a [managed identity](/entra/identity/managed-identities-azure-resources/overview) and the appropriate permissions were recently assigned, it [may take several hours](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/managed-identity-best-practice-recommendations#limitation-of-using-managed-identities-for-authorization) for these permissions assignments to actually be reflected.
-* The search service may only allow [API-key based authentication](#configure-role-based-access-for-data-plane). If the service only allows API-key based authentication, then all requests used role-based authentication will automatically be denied regardless of the underlying permissions.
+* If the authorization token came from a [managed identity](/entra/identity/managed-identities-azure-resources/overview) and the appropriate permissions were recently assigned, it [might take several hours](/entra/identity/managed-identities-azure-resources/managed-identity-best-practice-recommendations#limitation-of-using-managed-identities-for-authorization) for these permissions assignments to take effect.
+* The default configuration for a search service is [key-based authentication only](#configure-role-based-access-for-data-plane). If you didn't change the default key setting to **Both** or **Role-based access control**, then all requests using role-based authentication are automatically denied regardless of the underlying permissions.