Merge pull request #153535 from MicrosoftDocs/master

4/07 AM Publish

Author: huypub

CODEOWNERS

@@ -54,6 +54,10 @@ articles/governance/ @DCtheGeek
 articles/**/*security-baseline.md @msmbaldwin @mgblythe
 articles/security/benchmarks/ @msmbaldwin @mgblythe
 
+# Azure Security Center
+articles/security-center/ @memildin
+includes/*security-controls*.md @memildin
+
 # DDOS Protection
 
 articles/ddos-protection @aletheatoh @anupamvi

articles/active-directory/authentication/howto-password-ban-bad-on-premises-deploy.md

@@ -85,7 +85,7 @@ The following core requirements apply:
 * The Key Distribution Service must be enabled on all domain controllers in the domain that run Windows Server 2012 and later versions. By default, this service is enabled via manual trigger start.
 
 * Network connectivity must exist between at least one domain controller in each domain and at least one server that hosts the proxy service for Azure AD Password Protection. This connectivity must allow the domain controller to access RPC endpoint mapper port 135 and the RPC server port on the proxy service.
-    * By default, the RPC server port is a dynamic RPC port, but it can be configured to [use a static port](#static).
+    * By default, the RPC server port is a dynamic RPC port from the range (49152 - 65535), but it can be configured to [use a static port](#static).
 * All machines where the Azure AD Password Protection Proxy service will be installed must have network access to the following endpoints:
 
     |**Endpoint**|**Purpose**|

articles/active-directory/fundamentals/service-accounts-introduction-azure.md

@@ -21,7 +21,7 @@ There are three types of service accounts native to Azure Active Directory: Mana
 
 ## Types of Azure Active Directory service accounts
 
-For services hosted in Azure, we recommend using a managed identity if possible, and a service principal if not. Managed identities can’t be used for services hosted outside of Azure. In that case, we recommend a service principal. If you can use a managed identity or a service principal, do so. We recommend that you not use an Azure Active Directory user account as a service principal. See the following table for a summary.
+For services hosted in Azure, we recommend using a managed identity if possible, and a service principal if not. Managed identities can’t be used for services hosted outside of Azure. In that case, we recommend a service principal. If you can use a managed identity or a service principal, do so. We recommend that you not use an Azure Active Directory user account as a service account. See the following table for a summary.
 
 
 | Service hosting| Managed identity| Service principal| Azure user account |
@@ -49,7 +49,7 @@ A service principal is the local representation of an application object in a si
 
 There are two mechanisms for authentication using service principals—client certificates and client secrets. Certificates are more secure: use client certificates if possible. Unlike client secrets, client certificates cannot accidentally be embedded in code.
 
-For information on securing service principals, see Securing service principals.
+For information on securing service principals, see [Securing service principals](service-accounts-principal.md).
 
 
 ## Next steps
@@ -61,4 +61,4 @@ For more information on securing Azure service accounts, see:
 
 [Securing service principals](service-accounts-principal.md)
 
-[Governing Azure service accounts](service-accounts-governing-azure.md)
+[Governing Azure service accounts](service-accounts-governing-azure.md)

articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-nonaad.md

@@ -13,7 +13,7 @@ ms.devlang: na
 ms.topic: tutorial
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 12/10/2020
+ms.date: 12/16/2020
 ms.author: barclayn
 ms.collection: M365-identity-device-management
 #Customer intent: As a developer or administrator I want to configure a Linux virtual machine to retrieve a secret from key vault using a managed identity and have a simple way to validate my configuration before using it for development
@@ -91,7 +91,15 @@ The managed identity used by the virtual machine needs to be granted access to r
 ## Access data
 
 To complete these steps, you need an SSH client.  If you are using Windows, you can use the SSH client in the [Windows Subsystem for Linux](/windows/wsl/about). If you need assistance configuring your SSH client's keys, see [How to Use SSH keys with Windows on Azure](../../virtual-machines/linux/ssh-from-windows.md), or [How to create and use an SSH public and private key pair for Linux VMs in Azure](../../virtual-machines/linux/mac-create-ssh-keys.md).
- 
+
+>[!IMPORTANT]
+> All Azure SDKs support the Azure.Identity library that makes it easy to acquire Azure AD tokens to access target services. Learn more about [Azure SDKs](https://azure.microsoft.com/downloads/) and leverage the Azure.Identity library.
+> - [.NET](https://docs.microsoft.com/dotnet/api/overview/azure/identity-readme?view=azure-dotnet)
+> - [JAVA](https://docs.microsoft.com/java/api/overview/azure/identity-readme?view=azure-java-stable)
+> - [Javascript](https://docs.microsoft.com/javascript/api/overview/azure/identity-readme?view=azure-node-latest)
+> - [Python](https://docs.microsoft.com/python/api/overview/azure/identity-readme?view=azure-python)
+
+
 1. In the portal, navigate to your Linux VM and in the **Overview**, click **Connect**. 
 2. **Connect** to the VM with the SSH client of your choice. 
 3. In the terminal window, using CURL, make a request to the local managed identities for Azure resources endpoint to get an access token for Azure Key Vault.