Update articles/api-management/api-management-howto-use-managed-service-identity.md

Co-authored-by: Dan Lepow <[email protected]>

Author: nimakamoosi

articles/api-management/api-management-howto-use-managed-service-identity.md

@@ -26,7 +26,7 @@ You can grant two types of identities to an API Management instance:
 - A *system-assigned identity* is tied to your service and is deleted if your service is deleted. The service can have only one system-assigned identity.
 - A *user-assigned identity* is a standalone Azure resource that you can assign to your service. The service can have multiple user-assigned identities.
 
-> [!IMPORTANT]
+> [!CAUTION]
 > **Security consideration:** Users with permissions to edit API Management policies (for example, users assigned the [API Management Service Contributor](/azure/role-based-access-control/built-in-roles#api-management-service-contributor) role) can use the [`authentication-managed-identity`](authentication-managed-identity-policy.md) policy to authenticate as the service's managed identity. When you assign roles or permissions to the API Management resouce, be aware that any user who can edit policies may be able to access those same resources through the managed identity. To mitigate risk:
 > - Follow the [principle of least privilege](/entra/identity-platform/secure-least-privileged-access) when assigning roles to managed identities.
 > - Only grant the API Management Contributor role or policy editing permissions to trusted users.