Azure MSI for cloud auto-join (#7000)

* Azure MSI documentation

Adding in note about support for Azure MSI authentication method for Cloud auto-join

* fixing text formatting

fixing text formatting

* missing word

missing word - variable

* Update website/source/docs/agent/cloud-auto-join.html.md

Language change to be specific about where the security risk mitigation is concerned

Co-Authored-By: Jack Pearkes <jackpearkes@gmail.com>

Co-authored-by: Jack Pearkes <jackpearkes@gmail.com>

website/source/docs/agent/cloud-auto-join.html.md

@@ -123,6 +123,8 @@ When using tags the only permission needed is `Microsoft.Network/networkInterfac
 
 When using Virtual Machine Scale Sets the only role action needed is `Microsoft.Compute/virtualMachineScaleSets/*/read`.
 
+~> **Note:** If the Consul cluster is hosted on Azure, Consul can use Managed Service Identities (MSI) to access Azure instead of an environment variable and shared client id and secret. MSI must be enabled on the VMs hosting Consul, and it is the preferred configuration since MSI prevents your Azure credentials from being stored in Consul configuration. This feature is supported from Consul 1.7 and above.
+
 ### Google Compute Engine
 
 This returns the first private IP address of all servers in the given
@@ -402,4 +404,4 @@ $ consul agent -retry-join "provider=k8s label_selector=\"app=consul,component=s
 - `field_selector` (optional) - the field selector for matching pods.
 
 The Kubernetes token used by the provider needs to have permissions to list pods
-in the desired namespace.
+in the desired namespace.