Update "Use Azure Key Vault secrets in customization files"

articles/dev-box/how-to-use-secrets-customization-files.md

@@ -28,7 +28,9 @@ To use a secret, like a PAT, in your customization files, store your PAT as a ke
 
 Both team and user customizations support fetching secrets from a key vault. Team customizations, also known as image definition files, define the base image for the dev box with the `image` parameter, and list the tasks that run when a dev box is created. User customizations list the tasks that run when a dev box is created. The following examples show how to use a key vault secret in both types of customizations.
 
-To configure key vault secrets for use in your YAML customizations:
+To configure key vault secrets for use in your team or user customizations, ensure that your dev center project's managed identity has the Key Vault Secrets User role on your key vault.
+
+To configure key vault secrets for use in user customizations, you need to additionally:
 
 1. Ensure that your dev center project's managed identity has the Key Vault Reader role and the Key Vault Secrets User role on your key vault.
 2. Grant the Key Vault Secrets User role for the key vault secret to each user or user group that should be able to consume the secret during the customization of a dev box. The user or group granted the role must include the managed identity for the dev center, the admin's user account, and any user or group that needs the secret during dev box customization.
@@ -88,4 +90,4 @@ To learn how to let trusted Microsoft services bypass the firewall, see [Configu
 
 - [Microsoft Dev Box team customizations](concept-what-are-team-customizations.md)
 - [Configure imaging for Dev Box team customizations](how-to-configure-customization-imaging.md)
-- Learn how to [add and configure a catalog from GitHub or Azure Repos](../deployment-environments/how-to-configure-catalog.md).
+- Learn how to [add and configure a catalog from GitHub or Azure Repos](../deployment-environments/how-to-configure-catalog.md).