Update alert type for security considerations

nimakamoosi · web-flow · commit eb96c4d548c5 · 2026-04-14T23:48:54.000-04:00
Replaced 'IMPORTANT' alert with 'CAUTION' alert to emphasize security considerations regarding managed identity authentication.
diff --git a/articles/api-management/authentication-managed-identity-policy.md b/articles/api-management/authentication-managed-identity-policy.md
@@ -20,9 +20,8 @@ Both system-assigned identity and any of the multiple user-assigned identities c
 
 [!INCLUDE [api-management-policy-generic-alert](../../includes/api-management-policy-generic-alert.md)]
 
-> [!IMPORTANT]
+> [!CAUTION]
 > **Security consideration:** Any user with permissions to edit API Management policies (for example, users assigned the [API Management Service Contributor](/azure/role-based-access-control/built-in-roles#api-management-service-contributor) role) can use this policy to authenticate as the service's managed identity. This effectively grants that user access to any resource for which the managed identity has permissions. Ensure that you follow the [principle of least privilege](/entra/identity-platform/secure-least-privileged-access) when assigning permissions to API Management resource. For more information, see [How to use managed identities in Azure API Management](api-management-howto-use-managed-service-identity.md).
-
   
 ## Policy statement  
   
