MicrosoftDocs
diff --git a/‎articles/event-hubs/event-hubs-quickstart-kafka-enabled-event-hubs.md
Lines changed: 61 additions & 76 deletions b/‎articles/event-hubs/event-hubs-quickstart-kafka-enabled-event-hubs.md
Lines changed: 61 additions & 76 deletions
diff --git a/‎articles/event-hubs/media/event-hubs-quickstart-kafka-enabled-event-hubs/add-role-assignment-menu.png
87 KB b/‎articles/event-hubs/media/event-hubs-quickstart-kafka-enabled-event-hubs/add-role-assignment-menu.png
87 KB
diff --git a/‎articles/event-hubs/media/event-hubs-quickstart-kafka-enabled-event-hubs/add-vm-identity.png
49.4 KB b/‎articles/event-hubs/media/event-hubs-quickstart-kafka-enabled-event-hubs/add-vm-identity.png
49.4 KB
diff --git a/‎articles/event-hubs/media/event-hubs-quickstart-kafka-enabled-event-hubs/enable-identity-vm.png
77.8 KB b/‎articles/event-hubs/media/event-hubs-quickstart-kafka-enabled-event-hubs/enable-identity-vm.png
77.8 KB
diff --git a/‎articles/event-hubs/media/event-hubs-quickstart-kafka-enabled-event-hubs/producer-consumer-output.png
282 KB b/‎articles/event-hubs/media/event-hubs-quickstart-kafka-enabled-event-hubs/producer-consumer-output.png
282 KB
diff --git a/‎articles/event-hubs/media/event-hubs-quickstart-kafka-enabled-event-hubs/review-assign.png
32.6 KB b/‎articles/event-hubs/media/event-hubs-quickstart-kafka-enabled-event-hubs/review-assign.png
32.6 KB
diff --git a/‎articles/event-hubs/media/event-hubs-quickstart-kafka-enabled-event-hubs/select-event-hubs-owner-role.png
79.6 KB b/‎articles/event-hubs/media/event-hubs-quickstart-kafka-enabled-event-hubs/select-event-hubs-owner-role.png
79.6 KB
@@ -19,10 +19,10 @@ To complete this quickstart, make sure you have the following prerequisites:
 
 * Read through the [Event Hubs for Apache Kafka](event-hubs-for-kafka-ecosystem-overview.md) article.
 * An Azure subscription. If you don't have one, create a [free account](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio) before you begin.
-* [Java Development Kit (JDK) 1.7+](/azure/developer/java/fundamentals/java-support-on-azure).
-* [Download](https://maven.apache.org/download.cgi) and [install](https://maven.apache.org/install.html) a Maven binary archive.
-* [Git](https://www.git-scm.com/)
-* To run this quickstart using managed identity, you need to run it on an Azure virtual machine.
+* Create a Windows virtual machine and install the following components: 
+    * [Java Development Kit (JDK) 1.7+](/azure/developer/java/fundamentals/java-support-on-azure).
+    * [Download](https://maven.apache.org/download.cgi) and [install](https://maven.apache.org/install.html) a Maven binary archive.
+    * [Git](https://www.git-scm.com/)
 
 ## Create an Event Hubs namespace
 
@@ -34,78 +34,63 @@ When you create an Event Hubs namespace, the Kafka endpoint for the namespace is
 ## Send and receive messages with Kafka in Event Hubs
 
 ### [Passwordless (Recommended)](#tab/passwordless)
-
-1. Managed identities for Azure resources provide Azure services with an automatically managed identity in Azure Active Directory. You can use this identity to authenticate to any service that supports Azure AD authentication, without having credentials in your code.
-
-   Azure Event Hubs supports using Azure Active Directory (Azure AD) to authorize requests to Event Hubs resources. With Azure AD, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which may be a user, or an application service principal.
-
-   To use Managed Identity, you can create or configure a virtual machine using a system-assigned managed identity. For more information about configuring managed identity on a VM, see [Configure managed identities for Azure resources on a VM using the Azure portal](../active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md#system-assigned-managed-identity).
-
-1. In the virtual machine that you configure managed identity, clone the [Azure Event Hubs for Kafka repository](https://github.com/Azure/azure-event-hubs-for-kafka).
-
-1. Navigate to *azure-event-hubs-for-kafka/quickstart/java/producer*.
-
-1. Update the configuration details for the producer in *src/main/resources/producer.config* as follows:
-
-   After you configure the virtual machine with managed identity, you need to add managed identity to Event Hubs namespace. For that you need to follow these steps.
-
-   * In the Azure portal, navigate to your Event Hubs namespace. Go to **Access Control (IAM)** in the left navigation.
-
-   * Select **Add** and select `Add role assignment`.
-
-   * In the **Role** tab, select **Azure Event Hubs Data Owner**, then select **Next**=.
-
-   * In the **Members** tab, select the **Managed Identity** radio button for the type to assign access to.
-
-   * Select the **Select members** link. In the **Managed Identity** dropdown, select **Virtual Machine**, then select your virtual machine's managed identity.
-
-   * Select **Review + Assign**.
-
-1. After you configure managed identity, you can update *src/main/resources/producer.config* as shown below.
-
-   ```xml
-   bootstrap.servers=NAMESPACENAME.servicebus.windows.net:9093
-   security.protocol=SASL_SSL
-   sasl.mechanism=OAUTHBEARER
-   sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required;
-   sasl.login.callback.handler.class=CustomAuthenticateCallbackHandler;
-   ```
-
-   You can find the source code for the sample handler class CustomAuthenticateCallbackHandler on GitHub [here](https://github.com/Azure/azure-event-hubs-for-kafka/tree/master/tutorials/oauth/java/appsecret/producer/src/main/java).
-
-1. Run the producer code and stream events into Event Hubs:
-
-   ```shell
-   mvn clean package
-   mvn exec:java -Dexec.mainClass="TestProducer"
-   ```
-
-1. Navigate to *azure-event-hubs-for-kafka/quickstart/java/consumer*.
-
-1. Update the configuration details for the consumer in *src/main/resources/consumer.config* as follows:
-
-1. Make sure you configure managed identity as mentioned in step 3 and use the following consumer configuration.
-
-   ```xml
-   bootstrap.servers=NAMESPACENAME.servicebus.windows.net:9093
-   security.protocol=SASL_SSL
-   sasl.mechanism=OAUTHBEARER
-   sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required;
-   sasl.login.callback.handler.class=CustomAuthenticateCallbackHandler;
-   ```
-
-   You can find the source code for the sample handler class CustomAuthenticateCallbackHandler on GitHub [here](https://github.com/Azure/azure-event-hubs-for-kafka/tree/master/tutorials/oauth/java/appsecret/consumer/src/main/java).
-
-   You can find all the OAuth samples for Event Hubs for Kafka [here](https://github.com/Azure/azure-event-hubs-for-kafka/tree/master/tutorials/oauth).
-
-1. Run the consumer code and process events from event hub using your Kafka clients:
-
-   ```java
-   mvn clean package
-   mvn exec:java -Dexec.mainClass="TestConsumer"
-   ```
-
-   If your Event Hubs Kafka cluster has events, you now start receiving them from the consumer.
+1. Enable a system-assigned managed identity for the virtual machine. For more information about configuring managed identity on a VM, see [Configure managed identities for Azure resources on a VM using the Azure portal](../active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md#system-assigned-managed-identity). Managed identities for Azure resources provide Azure services with an automatically managed identity in Azure Active Directory. You can use this identity to authenticate to any service that supports Azure AD authentication, without having credentials in your code.
+
+    :::image type="content" source="./media/event-hubs-quickstart-kafka-enabled-event-hubs/enable-identity-vm.png" alt-text="Screenshot of the Identity tab of a virtual machine page in the Azure portal.":::
+1. Using the **Access control** page of the Event Hubs namespace you created, assign **Azure Event Hubs Data Owner** role to the VM's managed identity. 
+Azure Event Hubs supports using Azure Active Directory (Azure AD) to authorize requests to Event Hubs resources. With Azure AD, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which may be a user, or an application service principal.    
+    1. In the Azure portal, navigate to your Event Hubs namespace. Go to "Access Control (IAM)" in the left navigation.    
+    2. Select + Add and select `Add role assignment`.    
+    
+        :::image type="content" source="./media/event-hubs-quickstart-kafka-enabled-event-hubs/add-role-assignment-menu.png" alt-text="Screenshot of the Access Control page of an Event Hubs namespace.":::        
+    1. In the Role tab, select **Azure Event Hubs Data Owner**, and select the **Next** button.    
+    
+        :::image type="content" source="./media/event-hubs-quickstart-kafka-enabled-event-hubs/select-event-hubs-owner-role.png" alt-text="Screenshot showing the selection of the Azure Event Hubs Data Owner role.":::        
+    1. In the **Members** tab, select the **Managed Identity** in the **Assign access to** section.    
+    1. Select the **+Select members** link. 
+    1. On the **Select managed identities** page, follow these steps:
+        1. Select the **Azure subscription** that has the VM.
+        1. For **Managed identity**, select **Virtual machine**
+        1. Select your virtual machine's managed identity. 
+        1. Click **Select** at the bottom of the page.
+        
+            :::image type="content" source="./media/event-hubs-quickstart-kafka-enabled-event-hubs/add-vm-identity.png" alt-text="Screenshot showing the Add role assignment -> Select managed identities page.":::      
+    1. Select **Review + Assign**.
+
+        :::image type="content" source="./media/event-hubs-quickstart-kafka-enabled-event-hubs/review-assign.png" alt-text="Screenshot showing the Add role assignment page with role assigned to VM's managed identity.":::
+1. Restart the VM and log in back to the VM for which you configured the managed identity. 
+1. Clone the [Azure Event Hubs for Kafka repository](https://github.com/Azure/azure-event-hubs-for-kafka).
+1. Navigate to `azure-event-hubs-for-kafka/tutorials/oauth/java/managedidentity/consumer`.
+1. Switch to the `src/main/resources/` folder, and open `consumer.config`. Replace `namespacename` with the name of your Event Hubs namespace. 
+
+    ```xml
+    bootstrap.servers=NAMESPACENAME.servicebus.windows.net:9093
+    security.protocol=SASL_SSL
+    sasl.mechanism=OAUTHBEARER
+    sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required;
+    sasl.login.callback.handler.class=CustomAuthenticateCallbackHandler;
+    ```    
+
+    > [!NOTE]
+    > You can find all the OAuth samples for Event Hubs for Kafka [here](https://github.com/Azure/azure-event-hubs-for-kafka/tree/master/tutorials/oauth).
+7. Switch back to the **Consumer** folder where the pom.xml file is and, and run the consumer code and process events from event hub using your Kafka clients:
+
+    ```java
+    mvn clean package
+    mvn exec:java -Dexec.mainClass="TestConsumer"                                    
+    ```
+1. Launch another command prompt window, and navigate to `azure-event-hubs-for-kafka/tutorials/oauth/java/managedidentity/producer`.
+1. Switch to the `src/main/resources/` folder, and open `producer.config`. Replace `mynamespace` with the name of your Event Hubs namespace.       
+4. Switch back to the **Producer** folder where the `pom.xml` file is and, run the producer code and stream events into Event Hubs:
+   
+    ```shell
+    mvn clean package
+    mvn exec:java -Dexec.mainClass="TestProducer"                                    
+    ```    
+
+    You should see messages about events sent in the producer window. Now, check the consumer app window to see the messages that it receives from the event hub.
+
+      :::image type="content" source="./media/event-hubs-quickstart-kafka-enabled-event-hubs/producer-consumer-output.png" alt-text="Screenshot showing the Producer and Consumer app windows showing the events.":::
 
 ### [Connection string](#tab/connection-string)