Add DOE cert management and clarifications

Author: dominicbetts

articles/iot-operations/deploy-iot-ops/concept-production-guidelines.md

@@ -14,7 +14,7 @@ ms.service: azure-iot-operations
 
 Security and scalability are a priority for deploying Azure IoT Operations. This article outlines guidelines that you should take into consideration when setting up Azure IoT Operations for production.
 
-Decide whether you're deploying Azure IoT Operations to a single-node or multi-node cluster before considering the appropriate configuration. Many of the guidelines in this article apply regardless of the cluster type, but when there is a difference it's called out specifically.
+Decide whether you're deploying Azure IoT Operations to a single-node or multi-node cluster before considering the appropriate configuration. Many of the guidelines in this article apply regardless of the cluster type, but when there's a difference it's called out specifically.
 
 ## Platform
 
@@ -30,9 +30,9 @@ Create an Arc-enabled K3s cluster that meets the system requirements.
 
 * Use a [supported environment for Azure IoT Operations](../overview-iot-operations.md#supported-environments).
 * [Configure the cluster](./howto-prepare-cluster.md) according to documentation.
-* If you expect intermittent connectivity for your cluster, ensure that you've allocated enough disk space to the cluster cache data and messages while the [cluster is offline](../overview-iot-operations.md#offline-support).
+* If you expect intermittent connectivity for your cluster, ensure that you allocate enough disk space to the cluster cache data and messages while the [cluster is offline](../overview-iot-operations.md#offline-support).
 * If possible, have a second cluster as a staging area for testing new changes before deploying to the primary production cluster.
-* [Turn off auto-upgrade for Azure Arc](/azure/azure-arc/kubernetes/agent-upgrade#toggle-automatic-upgrade-on-or-off-when-connecting-a-cluster-to-azure-arc) to have complete control over when new updates are applied to your cluster. Instead, [manually upgrade agents](/azure/azure-arc/kubernetes/agent-upgrade#manually-upgrade-agents) as needed.
+* [Turn off autoupgrade for Azure Arc](/azure/azure-arc/kubernetes/agent-upgrade#toggle-automatic-upgrade-on-or-off-when-connecting-a-cluster-to-azure-arc) to have complete control over when new updates are applied to your cluster. Instead, [manually upgrade agents](/azure/azure-arc/kubernetes/agent-upgrade#manually-upgrade-agents) as needed.
 * *For multi-node clusters*: [Configure clusters with Edge Volumes](./howto-prepare-cluster.md#configure-multi-node-clusters-for-azure-container-storage) to prepare for enabling fault tolerance during deployment.
 
 ### Security
@@ -127,7 +127,7 @@ When you create a new resource, manage its authorization:
 For connecting to assets at production, [configure OPC UA authentication](../discover-manage-assets/overview-opcua-broker-certificates-management.md):
 
 * Don't use no-auth. Connectivity to OPC UA servers isn't supported without authentication.
-* Set up a secure connection to OPC UA server. Use a production PKI and [configure application certificates](../discover-manage-assets/howto-configure-opcua-certificates-infrastructure.md#configure-a-self-signed-application-instance-certificate) and [trust list](../discover-manage-assets/howto-configure-opcua-certificates-infrastructure.md#configure-the-trusted-certificates-list).
+* Set up a secure connection to OPC UA server. Use a production PKI and [configure application certificates](../discover-manage-assets/howto-configure-opcua-certificates-infrastructure.md#configure-a-self-signed-application-instance-certificate-for-the-connector-for-opc-ua) and [trust list](../discover-manage-assets/howto-configure-opcua-certificates-infrastructure.md#configure-the-trusted-certificates-list).
 
 ### Data flows
 

articles/iot-operations/discover-manage-assets/concept-assets-asset-endpoints.md

@@ -1,11 +1,11 @@
 ---
 title: Understand assets and asset endpoint profiles
 description: Understand the Azure Device Registry resources that define assets and asset endpoint profiles.
-author: SoniaLopezBravo
-ms.author: sonialopez
+author: dominicbetts
+ms.author: dobett
 #ms.subservice:
 ms.topic: conceptual
-ms.date: 10/22/2024
+ms.date: 05/12/2025
 
 # CustomerIntent: As an industrial edge IT or operations user, I want to understand the types of Azure resources that are created by Azure Device Registry to manage assets.
 ---
@@ -43,6 +43,8 @@ The following table highlights some important properties that are included in an
 | **Target address** | The local IP address of the OPC UA server or IP camera. |
 | **User authentication** | Can be anonymous authentication or username/password authentication. For username/password authentication, provide pointers to where both values are stored as secrets in Azure Key Vault. |
 
+To learn more about how Azure IoT Operations uses Azure Key Vault to store secrets such as usernames and passwords, see [Manage secrets for your Azure IoT Operations deployment](../secure-iot-ops/howto-manage-secrets.md).
+
 ## Assets
 
 An *asset* is a logical entity that represents a device or component in the cloud as an Azure Resource Manager resource and at the edge as a Kubernetes custom resource. When you create an asset, you can define its metadata and the datapoints (also called tags) and events that it emits.

articles/iot-operations/discover-manage-assets/howto-configure-opcua-authentication-options.md

@@ -53,3 +53,5 @@ To configure the secrets for the *username* and *password* values in the [operat
     > You have the option to create new secrets in Azure Key Vault if you haven't already added them.
 
 1. Select **Apply**.
+
+To learn more about how Azure IoT Operations uses Azure Key Vault to store secrets such as usernames and passwords, see [Manage secrets for your Azure IoT Operations deployment](../secure-iot-ops/howto-manage-secrets.md).