Merge pull request #218039 from TerryLanfear/sec-221110

v-regandowner · web-flow · commit 2eee50eafd59 · 2022-11-11T11:11:40.000-05:00
Update due to freshness review
diff --git a/articles/security/fundamentals/code-integrity.md b/articles/security/fundamentals/code-integrity.md
@@ -2,12 +2,12 @@
 title: Platform code integrity - Azure Security
 description: Learn how Microsoft ensures that only authorized software is running.
 author: yosharm
-ms.service: information-protection
-ms.subservice: aiplabels
+ms.service: security
+ms.subservice: security-fundamentals
 ms.topic: article
 ms.author: terrylan
 manager: rkarlin
-ms.date: 06/10/2021
+ms.date: 11/10/2022
 ---
 
 # Platform code integrity
diff --git a/articles/security/fundamentals/encryption-atrest.md b/articles/security/fundamentals/encryption-atrest.md
@@ -12,7 +12,7 @@ ms.subservice: security-fundamentals
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 08/13/2020
+ms.date: 11/10/2022
 ms.author: mbaldwin
 
 ---
@@ -102,7 +102,7 @@ All Managed Disks, Snapshots, and Images are encrypted using Storage Service Enc
 
 #### Custom encryption at rest
 
-It is recommended that whenever possible, IaaS applications leverage Azure Disk Encryption and Encryption at Rest options provided by any consumed Azure services. In some cases, such as irregular encryption requirements or non-Azure based storage, a developer of an IaaS application may need to implement encryption at rest themselves. Developers of IaaS solutions can better integrate with Azure management and customer expectations by leveraging certain Azure components. Specifically, developers should use the Azure Key Vault service to provide secure key storage as well as provide their customers with consistent key management options with that of most Azure platform services. Additionally, custom solutions should use Azure-Managed Service Identities to enable service accounts to access encryption keys. For developer information on Azure Key Vault and Managed Service Identities, see their respective SDKs.
+It is recommended that whenever possible, IaaS applications leverage Azure Disk Encryption and Encryption at Rest options provided by any consumed Azure services. In some cases, such as irregular encryption requirements or non-Azure based storage, a developer of an IaaS application may need to implement encryption at rest themselves. Developers of IaaS solutions can better integrate with Azure management and customer expectations by leveraging certain Azure components. Specifically, developers should use the Azure Key Vault service to provide secure key storage as well as provide their customers with consistent key management options with that of most Azure platform services. Additionally, custom solutions should use Azure managed service identities to enable service accounts to access encryption keys. For developer information on Azure Key Vault and Managed Service Identities, see their respective SDKs.
 
 ## Azure resource providers encryption model support
 
diff --git a/articles/security/fundamentals/firmware.md b/articles/security/fundamentals/firmware.md
@@ -2,12 +2,12 @@
 title: Firmware security - Azure Security
 description: Learn how Microsoft secures Azure hardware and firmware.
 author: yosharm
-ms.service: information-protection
-ms.subservice: aiplabels
+ms.service: security
+ms.subservice: security-fundamentals
 ms.topic: article
 ms.author: terrylan
 manager: rkarlin
-ms.date: 06/24/2021
+ms.date: 11/10/2022
 ---
 
 # Firmware security
diff --git a/articles/security/fundamentals/hypervisor.md b/articles/security/fundamentals/hypervisor.md
@@ -2,12 +2,12 @@
 title: Hypervisor security on the Azure fleet - Azure Security
 description: Technical overview of hypervisor security on the Azure fleet.
 author: yosharm
-ms.service: information-protection
-ms.subservice: aiplabels
+ms.service: security
+ms.subservice: security-fundamentals
 ms.topic: article
 ms.author: terrylan
 manager: rkarlin
-ms.date: 06/24/2021
+ms.date: 11/10/2022
 ---
 
 # Hypervisor security on the Azure fleet
diff --git a/articles/security/fundamentals/measured-boot-host-attestation.md b/articles/security/fundamentals/measured-boot-host-attestation.md
@@ -2,12 +2,12 @@
 title: Firmware measured boot and host attestation - Azure Security
 description: Technical overview of Azure firmware measured boot and host attestation.
 author: yosharm
-ms.service: information-protection
-ms.subservice: aiplabels
+ms.service: security
+ms.subservice: security-fundamentals
 ms.topic: article
 ms.author: terrylan
 manager: rkarlin
-ms.date: 06/24/2021
+ms.date: 11/10/2022
 ---
 
 # Measured boot and host attestation
diff --git a/articles/security/fundamentals/platform.md b/articles/security/fundamentals/platform.md
@@ -2,12 +2,12 @@
 title: Azure platform integrity and security - Azure Security
 description: Technical overview of Azure platform integrity and security.
 author: yosharm
-ms.service: information-protection
-ms.subservice: aiplabels
+ms.service: security
+ms.subservice: security-fundamentals
 ms.topic: article
 ms.author: terrylan
 manager: rkarlin
-ms.date: 06/24/2021
+ms.date: 11/10/2022
 ---
 
 # Platform integrity and security overview
diff --git a/articles/security/fundamentals/project-cerberus.md b/articles/security/fundamentals/project-cerberus.md
@@ -2,12 +2,12 @@
 title: Firmware integrity - Azure Security
 description: Learn about cryptographic measurements to ensure firmware integrity.
 author: yosharm
-ms.service: information-protection
-ms.subservice: aiplabels
+ms.service: security
+ms.subservice: security-fundamentals
 ms.topic: article
 ms.author: terrylan
 manager: rkarlin
-ms.date: 06/24/2021
+ms.date: 11/10/2022
 ---
 
 # Project Cerberus
diff --git a/articles/security/fundamentals/secure-boot.md b/articles/security/fundamentals/secure-boot.md
@@ -2,12 +2,12 @@
 title: Firmware secure boot - Azure Security
 description: Technical overview of Azure firmware secure boot.
 author: yosharm
-ms.service: information-protection
-ms.subservice: aiplabels
+ms.service: security
+ms.subservice: security-fundamentals
 ms.topic: article
 ms.author: terrylan
 manager: rkarlin
-ms.date: 06/24/2021
+ms.date: 11/10/2022
 ---
 
 # Secure Boot
diff --git a/articles/security/journey/TOC.yml b/articles/security/journey/TOC.yml
@@ -205,6 +205,8 @@
         href: ../fundamentals/customer-lockbox-overview.md?toc=/azure/security/journey/toc.json&bc=/azure/security/breadcrumb/toc.json
       - name: Security baseline for Customer Lockbox
         href: /security/benchmark/azure/baselines/lockbox-security-baseline?toc=/azure/security/journey/toc.json&bc=/azure/security/breadcrumb/toc.json?toc=/azure/security/journey/TOC.json?toc=/azure/security/journey/TOC.json
+    - name: Trusted Hardware Identity Management
+      href: ../fundamentals/trusted-hardware-identity-management.md?toc=/azure/security/journey/toc.json&bc=/azure/security/breadcrumb/toc.json
     - name: Checklist
       href: /azure/architecture/framework/security/design-storage?toc=/azure/security/journey/toc.json&bc=/azure/security/breadcrumb/toc.json
 
