Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

CODEOWNERS

@@ -54,6 +54,10 @@ articles/governance/ @DCtheGeek
 articles/**/*security-baseline.md @msmbaldwin @mgblythe
 articles/security/benchmarks/ @msmbaldwin @mgblythe
 
+# Azure Security Center
+articles/security-center/ @memildin
+includes/*security-controls*.md @memildin
+
 # DDOS Protection
 
 articles/ddos-protection @aletheatoh @anupamvi

articles/active-directory/fundamentals/service-accounts-introduction-azure.md

@@ -21,7 +21,7 @@ There are three types of service accounts native to Azure Active Directory: Mana
 
 ## Types of Azure Active Directory service accounts
 
-For services hosted in Azure, we recommend using a managed identity if possible, and a service principal if not. Managed identities can’t be used for services hosted outside of Azure. In that case, we recommend a service principal. If you can use a managed identity or a service principal, do so. We recommend that you not use an Azure Active Directory user account as a service principal. See the following table for a summary.
+For services hosted in Azure, we recommend using a managed identity if possible, and a service principal if not. Managed identities can’t be used for services hosted outside of Azure. In that case, we recommend a service principal. If you can use a managed identity or a service principal, do so. We recommend that you not use an Azure Active Directory user account as a service account. See the following table for a summary.
 
 
 | Service hosting| Managed identity| Service principal| Azure user account |
@@ -49,7 +49,7 @@ A service principal is the local representation of an application object in a si
 
 There are two mechanisms for authentication using service principals—client certificates and client secrets. Certificates are more secure: use client certificates if possible. Unlike client secrets, client certificates cannot accidentally be embedded in code.
 
-For information on securing service principals, see Securing service principals.
+For information on securing service principals, see [Securing service principals](service-accounts-principal.md).
 
 
 ## Next steps
@@ -61,4 +61,4 @@ For more information on securing Azure service accounts, see:
 
 [Securing service principals](service-accounts-principal.md)
 
-[Governing Azure service accounts](service-accounts-governing-azure.md)
+[Governing Azure service accounts](service-accounts-governing-azure.md)

articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-nonaad.md

@@ -13,7 +13,7 @@ ms.devlang: na
 ms.topic: tutorial
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 12/10/2020
+ms.date: 12/16/2020
 ms.author: barclayn
 ms.collection: M365-identity-device-management
 #Customer intent: As a developer or administrator I want to configure a Linux virtual machine to retrieve a secret from key vault using a managed identity and have a simple way to validate my configuration before using it for development
@@ -91,7 +91,15 @@ The managed identity used by the virtual machine needs to be granted access to r
 ## Access data
 
 To complete these steps, you need an SSH client.  If you are using Windows, you can use the SSH client in the [Windows Subsystem for Linux](/windows/wsl/about). If you need assistance configuring your SSH client's keys, see [How to Use SSH keys with Windows on Azure](../../virtual-machines/linux/ssh-from-windows.md), or [How to create and use an SSH public and private key pair for Linux VMs in Azure](../../virtual-machines/linux/mac-create-ssh-keys.md).
- 
+
+>[!IMPORTANT]
+> All Azure SDKs support the Azure.Identity library that makes it easy to acquire Azure AD tokens to access target services. Learn more about [Azure SDKs](https://azure.microsoft.com/downloads/) and leverage the Azure.Identity library.
+> - [.NET](https://docs.microsoft.com/dotnet/api/overview/azure/identity-readme?view=azure-dotnet)
+> - [JAVA](https://docs.microsoft.com/java/api/overview/azure/identity-readme?view=azure-java-stable)
+> - [Javascript](https://docs.microsoft.com/javascript/api/overview/azure/identity-readme?view=azure-node-latest)
+> - [Python](https://docs.microsoft.com/python/api/overview/azure/identity-readme?view=azure-python)
+
+
 1. In the portal, navigate to your Linux VM and in the **Overview**, click **Connect**. 
 2. **Connect** to the VM with the SSH client of your choice. 
 3. In the terminal window, using CURL, make a request to the local managed identities for Azure resources endpoint to get an access token for Azure Key Vault.  

articles/aks/aks-migration.md

@@ -4,29 +4,41 @@ description: Learn about self-diagnosing clusters in Azure Kubernetes Service.
 services: container-service
 author: yunjchoi
 ms.topic: conceptual
-ms.date: 11/04/2019
+ms.date: 03/29/2021
 ms.author: yunjchoi
 ---
 
 # Azure Kubernetes Service Diagnostics (preview) overview
 
-Troubleshooting Azure Kubernetes Service (AKS) cluster issues is an important part of maintaining your cluster, especially if your cluster is running mission-critical workloads. AKS Diagnostics is an intelligent, self-diagnostic experience that helps you identify and resolve problems in your cluster. AKS Diagnostics is cloud-native, and you can use it with no extra configuration or billing cost.
+Troubleshooting Azure Kubernetes Service (AKS) cluster issues plays an important role in maintaining your cluster, especially if your cluster is running mission-critical workloads. AKS Diagnostics is an intelligent, self-diagnostic experience that:
+* Helps you identify and resolve problems in your cluster. 
+* Is cloud-native.
+* Requires no extra configuration or billing cost.
 
-This feature is now in public preview.
+This feature is now in public preview. 
 
 ## Open AKS Diagnostics
 
 To access AKS Diagnostics:
 
-- Navigate to your Kubernetes cluster in the [Azure portal](https://portal.azure.com).
-- Click on **Diagnose and solve problems** in the left navigation, which opens AKS Diagnostics.
-- Choose a category that best describes the issue of your cluster by using the keywords in the homepage tile, or type a keyword that best describes your issue in the search bar, for example _Cluster Node Issues_.
+1. Navigate to your Kubernetes cluster in the [Azure portal](https://portal.azure.com).
+1. Click on **Diagnose and solve problems** in the left navigation, which opens AKS Diagnostics.
+1. Choose a category that best describes the issue of your cluster, like _Cluster Node Issues_, by:
+    * Using the keywords in the homepage tile.
+    * Typing a keyword that best describes your issue in the search bar.
 
 ![Homepage](./media/concepts-diagnostics/aks-diagnostics-homepage.png)
 
 ## View a diagnostic report
 
-After you click on a category, you can view a diagnostic report specific to your cluster. Diagnostic report intelligently calls out if there is any issue in your cluster with status icons. You can drill down on each topic by clicking on **More Info** to see detailed description of the issue, recommended actions, links to helpful docs, related-metrics, and logging data. Diagnostic reports are intelligently generated based on the current state of your cluster after running a variety of checks. Diagnostic reports can be a useful tool for pinpointing the problem of your cluster and finding the next steps to resolve the issue.
+After you click on a category, you can view a diagnostic report specific to your cluster. Diagnostic reports intelligently call out any issues in your cluster with status icons. You can drill down on each topic by clicking **More Info** to see a detailed description of:
+* Issues
+* Recommended actions
+* Links to helpful docs
+* Related-metrics
+* Logging data 
+
+Diagnostic reports generate based on the current state of your cluster after running various checks. They can be useful for pinpointing the problem of your cluster and understanding next steps to resolve the issue.
 
 ![Diagnostic Report](./media/concepts-diagnostics/diagnostic-report.png)
 
@@ -38,7 +50,7 @@ The following diagnostic checks are available in **Cluster Insights**.
 
 ### Cluster Node Issues
 
-Cluster Node Issues checks for node-related issues that may cause your cluster to behave unexpectedly.
+Cluster Node Issues checks for node-related issues that cause your cluster to behave unexpectedly.
 
 - Node readiness issues
 - Node failures
@@ -50,9 +62,9 @@ Cluster Node Issues checks for node-related issues that may cause your cluster t
 - Node authentication failure
 - Node kube-proxy stale
 
-### Create, read, update & delete operations
+### Create, read, update & delete (CRUD) operations
 
-CRUD Operations checks for any CRUD operations that may cause issues in your cluster.
+CRUD Operations checks for any CRUD operations that cause issues in your cluster.
 
 - In-use subnet delete operation error
 - Network security group delete operation error
@@ -68,16 +80,16 @@ CRUD Operations checks for any CRUD operations that may cause issues in your clu
 
 ### Identity and security management
 
-Identity and Security Management detects authentication and authorization errors that may prevent communication to your cluster.
+Identity and Security Management detects authentication and authorization errors that prevent communication to your cluster.
 
 - Node authorization failures
 - 401 errors
 - 403 errors
 
 ## Next steps
 
-Collect logs to help you further troubleshoot your cluster issues by using [AKS Periscope](https://aka.ms/aksperiscope).
+* Collect logs to help you further troubleshoot your cluster issues by using [AKS Periscope](https://aka.ms/aksperiscope).
 
-Read the [triage practices section](/azure/architecture/operator-guides/aks/aks-triage-practices) of the AKS day-2 operations guide.
+* Read the [triage practices section](/azure/architecture/operator-guides/aks/aks-triage-practices) of the AKS day-2 operations guide.
 
-Post your questions or feedback at [UserVoice](https://feedback.azure.com/forums/914020-azure-kubernetes-service-aks) by adding "[Diag]" in the title.
+* Post your questions or feedback at [UserVoice](https://feedback.azure.com/forums/914020-azure-kubernetes-service-aks) by adding "[Diag]" in the title.