diff --git a/rbac.tf b/rbac.tf
index 975337b..66bd4a1 100644
--- a/rbac.tf
+++ b/rbac.tf
@@ -6,6 +6,10 @@ data "azuread_users" "admins" {
   user_principal_names = var.avd_admins_upns
 }
 
+# This is the service principal for the Microsoft-managed AVD application
+# It will vary depending on when your tenant first registered for AVD,
+# But its application ID will always be the one below, see:
+# https://learn.microsoft.com/en-us/azure/virtual-desktop/start-virtual-machine-connect?tabs=azure-portal
 data "azuread_service_principal" "avd" {
   application_id = "9cdead84-a844-4324-93f2-b2e6bb768d07"
 }