Updates

Author: msmbaldwin

articles/service-fabric/how-to-managed-cluster-application-secrets.md

@@ -36,7 +36,7 @@ Alternatively, we also support [KeyVaultReference](service-fabric-keyvault-refer
 To create your own key vault and setup certificates, follow the instructions from Azure Key Vault by using the [Azure CLI, PowerShell, Portal, and more][key-vault-certs].
 
 >[!NOTE]
-> The key vault must be [enabled for template deployment](../key-vault/general/manage-with-cli2.md#bkmk_KVperCLI) to allow the compute resource provider to get certificates from it and install it on cluster nodes.
+> The key vault must be [enabled for template deployment](../key-vault/general/manage-with-cli2.md#setting-key-vault-advanced-access-policies) to allow the compute resource provider to get certificates from it and install it on cluster nodes.
 
 ## Install the certificate in your cluster
 This certificate must be installed on each node in the cluster and Service Fabric managed clusters helps make this easy. The managed cluster service can push version-specific secrets to the nodes to help install secrets that won't change often like installing a private root CA to the nodes. For most production workloads we suggest using [KeyVault extension][key-vault-windows]. The Key Vault VM extension provides automatic refresh of certificates stored in an Azure key vault vs a static version.