clarity edits for jenkins RA (MicrosoftDocs#420)

* rewording for clarity
lgmxiii · Feb 26, 2018 · cc5d1fd · cc5d1fd
1 parent ec65f11
commit cc5d1fd
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/docs/reference-architectures/jenkins/index.md b/docs/reference-architectures/jenkins/index.md
@@ -40,7 +40,7 @@ The architecture consists of the following components:
 
 -   **Azure Blob Storage**. The [Windows Azure Storage plugin][configure-storage] uses Azure Blob  Storage to store the build artifacts that are created and shared with other Jenkins builds.
 
--   **Azure Active Directory (Azure AD)**. [Azure AD][azure-ad] supports user authentication, allowing you to set up SSO. Azure AD [service principals][service-principal] define the policy and permissions for each role authorization in the workflow via [role-based access control][rbac] (RBAC). Each service principal is associated with a Jenkins job.
+-   **Azure Active Directory (Azure AD)**. [Azure AD][azure-ad] supports user authentication, allowing you to set up SSO. Azure AD [service principals][service-principal] define the policy and permissions for each role authorization in the workflow, using [role-based access control][rbac] (RBAC). Each service principal is associated with a Jenkins job.
 
 -   **Azure Key Vault.** To manage secrets and cryptographic keys used to provision Azure resources when secrets are required, this architecture uses [Key Vault][key-vault]. For added help storing secrets associated with the application in the pipeline, see also the [Azure Credentials][configure-credential] plugin for Jenkins.
 
@@ -136,7 +136,7 @@ Use the following approaches to help lock down security on a basic Jenkins serve
 
 -   Install the [Azure Credentials][configure-credential] plugin to use Key Vault to handle secrets for the Azure assets, the agents in the pipeline, and third-party components.
 
--   Create a security profile that defines the resources required by users, services, and pipeline agents to do their jobs—but no more. This step becomes critical when considering your security settings.
+-   Use RBAC to restrict the access of the service principal to the minimum required to run the jobs. This helps limit the scope of damage from a rogue job.
 
 Jenkins jobs often require secrets to access Azure services that require authorization, such as Azure Container Service. Use [Key Vault][key-vault] along with the [Azure Credential plugin][configure-credential] to manage these secrets securely. Use Key Vault to store service principal credentials, passwords, tokens, and other secrets.