Update formatting for Key Vault firewall configuration

yutanglin16 · web-flow · commit 7d6718b9903e · 2025-10-13T09:21:47.000-07:00
Making it a Note that's visible regardless of the RBAC or Access Policy tab.
diff --git a/articles/app-service/configure-ssl-certificate.md b/articles/app-service/configure-ssl-certificate.md
@@ -153,10 +153,11 @@ The service principal app ID or assignee value is the ID for the App Service res
 
 Don't delete these access policy permissions from the key vault. If you do, App Service can't sync your web app with the latest Key Vault certificate version.
 
-If Key Vault is configured to disable public access, select the **Allow trusted Microsoft services to bypass this firewall** checkbox to ensure that Microsoft services are allowed access. For more information, see [Key Vault firewall-enabled trusted services only](/azure/key-vault/general/network-security?WT.mc_id=Portal-Microsoft_Azure_KeyVault#key-vault-firewall-enabled-trusted-services-only).
->
 ---
 
+> [!NOTE]
+> If Key Vault is configured to disable public access, select the **Allow trusted Microsoft services to bypass this firewall** checkbox to ensure that Microsoft services are allowed access. For more information, see [Key Vault firewall-enabled trusted services only](/azure/key-vault/general/network-security?WT.mc_id=Portal-Microsoft_Azure_KeyVault#key-vault-firewall-enabled-trusted-services-only).
+
 #### [Azure CLI](#tab/azure-cli/rbac)
 
 ```azurecli-interactive
