diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json
index dc57703889..043cae89a6 100644
--- a/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json
+++ b/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json
@@ -137,7 +137,7 @@
                     "EncryptionOperation": "EnableEncryption",
                     "KeyVaultURL": "https://adp-sxx-az-kv-x-001.vault.azure.net/",
                     "KeyVaultResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001",
-                    "KeyEncryptionKeyURL": "https://adp-sxx-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/1dcaf3e93b44433bba0232e9eec54cc7",
+                    "KeyEncryptionKeyURL": "https://adp-sxx-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/1dcaf3e93b44433bba0232e9eec54cc7", // ID must be updated for new keys
                     "KekVaultResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001",
                     "KeyEncryptionAlgorithm": "RSA-OAEP",
                     "VolumeType": "All",
diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json
index 8cffb9255f..9567c9d797 100644
--- a/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json
+++ b/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json
@@ -154,7 +154,7 @@
                     "EncryptionOperation": "EnableEncryption",
                     "KeyVaultURL": "https://adp-sxx-az-kv-x-001.vault.azure.net/",
                     "KeyVaultResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001",
-                    "KeyEncryptionKeyURL": "https://adp-sxx-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/1dcaf3e93b44433bba0232e9eec54cc7",
+                    "KeyEncryptionKeyURL": "https://adp-sxx-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/1dcaf3e93b44433bba0232e9eec54cc7", // ID must be updated for new keys
                     "KekVaultResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001",
                     "KeyEncryptionAlgorithm": "RSA-OAEP",
                     "VolumeType": "All",
diff --git a/docs/wiki/TestingDesign.md b/docs/wiki/TestingDesign.md
index a64209ab7e..4dd6a84ef1 100644
--- a/docs/wiki/TestingDesign.md
+++ b/docs/wiki/TestingDesign.md
@@ -113,7 +113,8 @@ Since also dependency resources are in turn subject to dependencies with each ot
 
 **Second level resources**: This group of resources has a dependency only on the resource group which will host them. Resources in this group can be deployed in parallel.
 
-  1. User assigned identity: This resource is leveraged as a test identity by all resources supporting RBAC.
+  1. User assigned identity: This resource is leveraged by all dependency resources
+      > **Note**: The object ID of the [user assigned identity] must be set in several dependency parameter files. However, when you first run the pipeline, this object ID will be unknown. It is hence recommended to either manually create the MSI beforehand - or - run the pipeline without the ID once (which will cause the pipeline to fail during the ID's usage, but **after** the MSI was deployed), then update the value in the parameter files and finally re-run the pipeline.
   1. Policy assignment: This resource is leveraged by the [policy exemption] resource.
   1. Log analytics workspace: This resource is leveraged by all resources supporting diagnostic settings on LAW.
   1. Storage account: This resource is leveraged by all resources supporting diagnostic settings on a storage account.
diff --git a/utilities/pipelines/dependencies/Microsoft.Authorization/roleAssignments/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.Authorization/roleAssignments/parameters/parameters.json
index 29cb3cb7a4..4a63cc7d1e 100644
--- a/utilities/pipelines/dependencies/Microsoft.Authorization/roleAssignments/parameters/parameters.json
+++ b/utilities/pipelines/dependencies/Microsoft.Authorization/roleAssignments/parameters/parameters.json
@@ -6,7 +6,7 @@
       "value": "Contributor"
     },
     "principalId": {
-      "value": "cf33fea8-b30f-424f-ab73-c48d99e0b222"
+      "value": "cf33fea8-b30f-424f-ab73-c48d99e0b222" // The object ID of the deployed MSI
     },
     "subscriptionId": {
       "value": "<<subscriptionId>>"
diff --git a/utilities/pipelines/dependencies/Microsoft.RecoveryServices/vaults/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.RecoveryServices/vaults/parameters/parameters.json
index cd637787d4..7a84003ad2 100644
--- a/utilities/pipelines/dependencies/Microsoft.RecoveryServices/vaults/parameters/parameters.json
+++ b/utilities/pipelines/dependencies/Microsoft.RecoveryServices/vaults/parameters/parameters.json
@@ -254,7 +254,7 @@
                 {
                     "roleDefinitionIdOrName": "Reader",
                     "principalIds": [
-                        "cf33fea8-b30f-424f-ab73-c48d99e0b222"
+                        "cf33fea8-b30f-424f-ab73-c48d99e0b222" // The object ID of the deployed MSI
                     ]
                 }
             ]