diff --git a/labs/06_cicd_azure_devops/cicd_azure_devops.md b/labs/06_cicd_azure_devops/cicd_azure_devops.md
index 5d65ebd..5ba3e58 100644
--- a/labs/06_cicd_azure_devops/cicd_azure_devops.md
+++ b/labs/06_cicd_azure_devops/cicd_azure_devops.md
@@ -183,7 +183,7 @@ The output of the CI part of CI/CD (like the .war file we just built) should alw
     ![Choose Azure Subscription](./media/chooseAzureSubscription.png)
 
 
-1. Click **Authorize**. Azure DevOps then tries to automatically create a so-called [Service Principle](https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals) that our automation can use to authenticate against the Azure API, so that we can create resources and deploy apps. There are two prerequisites for this:
+1. Click **Authorize**. Azure DevOps then tries to automatically create a so-called [Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals) that our automation can use to authenticate against the Azure API, so that we can create resources and deploy apps. There are two prerequisites for this:
     1. The currently logged on user must have permission to create a service principal.
     1. The currently logged on user must have permission to assign the Contributor role for the whole Azure subscription.
 
@@ -414,4 +414,4 @@ By now, we should a good basic understanding of what Azure Pipelines can achieve
 
 * **Authentication and Encryption**. Typically we would use a custom domain for a real website, for which we would need a certificate safely stored in Azure Key Vault and we would use Azure Active Directory or an other identity provider to provide authentication for our code.
 
-* **Much more...**
\ No newline at end of file
+* **Much more...**