tweaks

alexwolfmsft · alexwolfmsft · commit edaeb71caaee · 2023-03-29T09:38:20.000-04:00
diff --git a/articles/storage/common/migrate-azure-credentials.md b/articles/storage/common/migrate-azure-credentials.md
@@ -82,19 +82,17 @@ After making these code changes, run your application locally. The new configura
 
 Once your application is configured to use passwordless connections and runs locally, the same code can authenticate to Azure services after it's deployed to Azure. The sections that follow explain how to configure a deployed application to connect to Azure Blob Storage using a managed identity.
 
-#### Create a managed identity
+#### Create the managed identity
 
 [!INCLUDE [create-managed-identity](../../../includes/passwordless/migration-guide/create-user-assigned-managed-identity.md)]
 
-After the resource is created, select **Go to resource** to view the details of the managed identity.
-
 #### Associate the managed identity with your web app
 
 You need to configure your web app to use the managed identity you created. Assign the identity to your app using either the Azure portal or the Azure CLI.
 
 # [Azure Portal](#tab/azure-portal-associate)
 
-Complete the following steps to use the Azure portal to associate an identity with your app. These steps apply to the following Azure services:
+Complete the following steps in the Azure portal to associate an identity with your app. These same steps apply to the following Azure services:
 
 * Azure Spring Apps
 * Azure Container Apps
@@ -103,7 +101,7 @@ Complete the following steps to use the Azure portal to associate an identity wi
 
 1. Navigate to the overview page of your web app.
 1. Select **Identity** from the left navigation.
-1. On the Identity page, switch to the **User assigned** tab.
+1. On the **Identity** page, switch to the **User assigned** tab.
 1. Select **+ Add** to open the **Add user assigned managed identity** flyout.
 1. Select the subscription you used previously to create the identity.
 1. Search for the **MigrationIdentity** by name and select it from the search results.
@@ -175,23 +173,23 @@ If you connected your services using the Service Connector you don't need to com
 
 #### Update the application code
 
-You need to configure your application code to look for the specific managed identity you created when it is deployed to Azure. Explicitly setting the managed identity for the app also prevents other environment identities from accidentally being detected and used automatically.
+You need to configure your application code to look for the specific managed identity you created when it is deployed to Azure. In some scenarios, explicitly setting the managed identity for the app also prevents other environment identities from accidentally being detected and used automatically.
 
 1. On the managed identity overview page, copy the client ID value to your clipboard.
 1. Update the `DefaultAzureCredential` object in the `Program.cs` file of your app to specify this managed identity client ID.
 
-```csharp
-// TODO: Update the <your-storage-account-name> and <your-managed-identity-client-id> placeholders
-var blobServiceClient = new BlobServiceClient(
-                    new Uri("https://<your-storage-account-name>.blob.core.windows.net"),
-                    new DefaultAzureCredential(
-                        new DefaultAzureCredentialOptions() 
-                        { 
-                            ManagedIdentityClientId = "<your-managed-identity-client-id>" 
-                        }));
-```
-
-You will need to redeploy your code to Azure after making this change in order for the configuration updates to be applied.
+    ```csharp
+    // TODO: Update the <your-storage-account-name> and <your-managed-identity-client-id> placeholders
+    var blobServiceClient = new BlobServiceClient(
+                        new Uri("https://<your-storage-account-name>.blob.core.windows.net"),
+                        new DefaultAzureCredential(
+                            new DefaultAzureCredentialOptions() 
+                            { 
+                                ManagedIdentityClientId = "<your-managed-identity-client-id>" 
+                            }));
+    ```
+
+3. Redeploy your code to Azure after making this change in order for the configuration updates to be applied.
 
 #### Test the app
 
diff --git a/includes/passwordless/migration-guide/associate-managed-identity-cli.md b/includes/passwordless/migration-guide/associate-managed-identity-cli.md
@@ -1,13 +1,13 @@
 Use the following Azure CLI commands to associate an identity with your app:
 
-# [Azure App Service](#tab/app-service-identity)
-
 Retrieve the ID of the managed identity you created using the [az identity show](/cli/azure/identity) command. Copy the output value to use in the next step.
 
 ```azurecli
 az identity show --name MigrationIdentity -g <your-identity-resource-group-name> --query id
 ```
 
+# [Azure App Service](#tab/app-service-identity)
+
 You can assign a managed identity to an Azure App Service instance with the [az webapp identity assign](/cli/azure/webapp/identity) command.
 
 ```azurecli
@@ -19,12 +19,6 @@ az webapp identity assign \
 
 # [Azure Spring Apps](#tab/spring-apps-identity)
 
-Retrieve the ID of the managed identity you created using the [az identity show](/cli/azure/identity) command. Copy the output value to use in the next step.
-
-```azurecli
-az identity show --name MigrationIdentity -g <your-identity-resource-group-name> --query id
-```
-
 You can assign a managed identity to an Azure Spring Apps instance with the [az spring app identity assign](/cli/azure/spring/app/identity) command.
 
 ```azurecli
@@ -37,13 +31,6 @@ az spring app identity assign \
 
 # [Azure Container Apps](#tab/container-apps-identity)
 
-Retrieve the ID of the managed identity you created using the [az identity show](/cli/azure/identity) command. Copy the output value to use in the next step.
-
-```azurecli
-az identity show --name MigrationIdentity -g <your-identity-resource-group-name> --query id
-```
-You can assign a managed identity to an Azure Container Apps instance with the [az container app identity assign](/cli/azure/containerapp/identity) command.
-
 ```azurecli
 az containerapp identity assign \
     --resource-group <resource-group-name> \
@@ -53,12 +40,6 @@ az containerapp identity assign \
 
 # [Azure virtual machines](#tab/virtual-machines-identity)
 
-Retrieve the ID of the managed identity you created using the [az identity show](/cli/azure/identity) command. Copy the output value to use in the next step.
-
-```azurecli
-az identity show --name MigrationIdentity -g <your-identity-resource-group-name> --query id
-```
-
 You can assign a managed identity to a virtual machine with the [az vm identity assign](/cli/azure/vm/identity) command.
 
 ```azurecli
@@ -70,12 +51,6 @@ az vm identity assign \
 
 # [Azure Kubernetes Service](#tab/aks-identity)
 
-Retrieve the ID of the managed identity you created using the [az identity show](/cli/azure/identity) command. Copy the output value to use in the next step.
-
-```azurecli
-az identity show --name MigrationIdentity -g <your-identity-resource-group-name> --query id
-```
-
 You can assign a managed identity to an Azure Kubernetes Service (AKS) instance with the [az aks update](/cli/azure/aks) command.
 
 ```azurecli
diff --git a/includes/passwordless/migration-guide/create-user-assigned-managed-identity.md b/includes/passwordless/migration-guide/create-user-assigned-managed-identity.md
@@ -1,4 +1,4 @@
-You can create a user-assigned managed identity using the Azure portal or the Azure CLI. Your application uses the identity to authenticate to other services.
+You can create a user-assigned managed identity using the Azure portal or the Azure CLI. Your application uses the identity to authenticate to other services. 
 
 # [Azure portal](#tab/azure-portal-create)
 
@@ -9,14 +9,16 @@ You can create a user-assigned managed identity using the Azure portal or the Az
     * **Resource Group**: Select your desired resource group.
     * **Region**: Select a region near your location.
     * **Name**: Enter a recognizable name for your identity, such as *MigrationIdentity*.
-1. Select **Review & Create** at the bottom of the page.
+1. Select **Review + create** at the bottom of the page.
 1. When the validation checks finish, select **Create**. Azure creates a new user-assigned identity.
 
-:::image type="content" source="../../../articles/storage/common/media/create-managed-identity-portal-small.png" alt-text="A screenshot showing how to create a user assigned managed identity." lightbox="../../../articles/storage/common/media/create-managed-identity-portal.png" :::
+After the resource is created, select **Go to resource** to view the details of the managed identity.
 
+    :::image type="content" source="../../../articles/storage/common/media/create-managed-identity-portal-small.png" alt-text="A screenshot showing how to create a user assigned managed identity." lightbox="../../../articles/storage/common/media/create-managed-identity-portal.png" :::
+    
 # [Azure CLI](#tab/azure-cli-create)
 
-Use the `az identity create` command to create a managed identity:
+Use the `az identity create` command to create a user-assigned managed identity:
 
 ```azurecli
 az identity create --name MigrationIdentity --resource-group <your-resource-group>
diff --git a/includes/passwordless/migration-guide/service-connector-commands.md b/includes/passwordless/migration-guide/service-connector-commands.md
@@ -1,4 +1,4 @@
-You can use Service Connector to create a connection between an Azure compute hosting environment and a target service using the Azure CLI. The service connector CLI commands automatically assign the proper role to your identity, as explained in the [portal instructions](#create-the-managed-identity-using-the-azure-portal).
+You can use Service Connector to create a connection between an Azure compute hosting environment and a target service using the Azure CLI. The service connector CLI commands automatically assign the proper role to your identity.
 
 1. Retrieve the client-id of the managed identity you created using the `az identity show` command. Copy the value for later use.
 
@@ -8,45 +8,45 @@ You can use Service Connector to create a connection between an Azure compute ho
 
 1. Use the appropriate CLI command to establish the service connection:
 
-# [Azure App Service](#tab/app-service-connector)
-
-If you're using an Azure App Service, use the `az webapp connection` command:
-
-```azurecli
-az webapp connection create storage-blob \
-    --resource-group <resource-group-name> \
-    --name <webapp-name> \
-    --target-resource-group <target-resource-group-name> \
-    --account <target-storage-account-name> \
-    --user-identity "client-id=<your-identity-client-id>" "subs-id=<your-subscription-id>"
-```
-
-# [Azure Spring](#tab/spring-connector)
-
-If you're using Azure Spring Apps, use `the az spring-cloud connection` command:
-
-```azurecli
-az spring-cloud connection create storage-blob \
-    --resource-group <resource-group-name> \
-    --service <service-instance-name> \
-    --app <app-name> \
-    --deployment <deployment-name> \
-    --target-resource-group <target-resource-group> \
-    --account <target-storage-account-name> \
-    --user-identity "client-id=<your-identity-client-id>" "subs-id=<your-subscription-id>"
-```
-
-# [Azure Container Apps](#tab/container-apps-connector)
-
-If you're using Azure Container Apps, use the `az containerapp connection` command:
-
-```azurecli
-az containerapp connection create storage-blob \
-    --resource-group <resource-group-name> \
-    --name <containerapp-name> \
-    --target-resource-group <target-resource-group-name> \
-    --account <target-storage-account-name> \
-    --user-identity "client-id=<your-identity-client-id>" "subs-id=<your-subscription-id>"
-```
+    # [Azure App Service](#tab/app-service-connector)
+    
+    If you're using an Azure App Service, use the `az webapp connection` command:
+    
+    ```azurecli
+    az webapp connection create storage-blob \
+        --resource-group <resource-group-name> \
+        --name <webapp-name> \
+        --target-resource-group <target-resource-group-name> \
+        --account <target-storage-account-name> \
+        --user-identity "client-id=<your-identity-client-id>" "subs-id=<your-subscription-id>"
+    ```
+    
+    # [Azure Spring](#tab/spring-connector)
+    
+    If you're using Azure Spring Apps, use `the az spring-cloud connection` command:
+    
+    ```azurecli
+    az spring-cloud connection create storage-blob \
+        --resource-group <resource-group-name> \
+        --service <service-instance-name> \
+        --app <app-name> \
+        --deployment <deployment-name> \
+        --target-resource-group <target-resource-group> \
+        --account <target-storage-account-name> \
+        --user-identity "client-id=<your-identity-client-id>" "subs-id=<your-subscription-id>"
+    ```
+    
+    # [Azure Container Apps](#tab/container-apps-connector)
+    
+    If you're using Azure Container Apps, use the `az containerapp connection` command:
+    
+    ```azurecli
+    az containerapp connection create storage-blob \
+        --resource-group <resource-group-name> \
+        --name <containerapp-name> \
+        --target-resource-group <target-resource-group-name> \
+        --account <target-storage-account-name> \
+        --user-identity "client-id=<your-identity-client-id>" "subs-id=<your-subscription-id>"
+    ```
 
----
+    ---
