Merge pull request #6942 from aliceku/master

PRMerger14 · web-flow · commit 1c746e4dc851 · 2018-08-24T11:30:42.000-07:00
removed list permissions from key requirements
diff --git a/docs/relational-databases/security/encryption/setup-steps-for-extensible-key-management-using-the-azure-key-vault.md b/docs/relational-databases/security/encryption/setup-steps-for-extensible-key-management-using-the-azure-key-vault.md
@@ -1,7 +1,7 @@
 ---
 title: "SQL Server TDE Extensible Key Management Using Azure Key Vault - Setup Steps | Microsoft Docs"
 ms.custom: ""
-ms.date: "06/11/2018"
+ms.date: "08/24/2018"
 ms.prod: sql
 ms.reviewer: ""
 ms.suite: "sql"
@@ -147,14 +147,14 @@ SQL Server Version  |Redistributable Install Link
     In this case, let’s use the Azure Active Directory service principal created in Part I to authorize the [!INCLUDE[ssNoVersion](../../../includes/ssnoversion-md.md)] instance.  
   
     > [!IMPORTANT]  
-    >  The Azure Active Directory service principal must have at least the `get`, `list`, `wrapKey`, and `unwrapKey` permissions for the key vault.  
+    >  The Azure Active Directory service principal must have at least the `get`, `wrapKey`, and `unwrapKey` permissions for the key vault.  
   
      As shown below, use the **Client ID** from Part I for the `ServicePrincipalName` parameter. The `Set-AzureRmKeyVaultAccessPolicy` runs silently with no output if it runs successfully.  
   
     ```powershell  
     Set-AzureRmKeyVaultAccessPolicy -VaultName 'ContosoDevKeyVault'`  
       -ServicePrincipalName EF5C8E09-4D2A-4A76-9998-D93440D8115D `  
-      -PermissionsToKeys get, list, wrapKey, unwrapKey  
+      -PermissionsToKeys get, wrapKey, unwrapKey  
     ```  
   
      Call the `Get-AzureRmKeyVault` cmdlet to confirm the permissions. In the statement output under ‘Access Policies,’ you should see your AAD application name listed as another tenant that has access to this key vault.  
