Merge pull request #109945 from j-patrick/justipat/AddWarningToKeyVault

adding langauge to guide users to managed ids and cert based key management solutions

Author: v-shils

articles/cosmos-db/TOC.yml

@@ -1012,13 +1012,13 @@
         href: ../private-link/create-private-endpoint-cosmosdb-portal.md?toc=/azure/cosmos-db/toc.json&bc=/azure/cosmos-db/breadcrumb/toc.json
       - name: Configure Cross Origin Resource Sharing(CORS)
         href: how-to-configure-cross-origin-resource-sharing.md
-      - name: Secure keys using Key Vault
-        href: access-secrets-from-keyvault.md
       - name: Secure keys using a managed identity
         href: managed-identity-based-authentication.md
         displayName: msi, managed service identity, aad, azure active directory, identity 
       - name: Certificate-based authentication with Azure AD
         href: certificate-based-authentication.md
+      - name: Secure keys using Key Vault
+        href: access-secrets-from-keyvault.md
       - name: Restrict user access to data operations only
         href: how-to-restrict-user-data.md
       - name: Configure customer-managed keys

articles/cosmos-db/access-secrets-from-keyvault.md

@@ -13,7 +13,10 @@ ms.reviewer: sngun
 
 # Secure Azure Cosmos keys using Azure Key Vault 
 
-When using Azure Cosmos DB for your applications, you can access the database, collections, documents by using the endpoint and the key within the app’s configuration file.  However, it’s not safe to put keys and URL directly in the application code because they are available in clear text format to all the users. You want to make sure that the endpoint and keys are available but through a secured mechanism. This is where Azure Key Vault can help you to securely store and manage application secrets.
+>[!IMPORTANT]
+> The recommended solution to access Azure Cosmos DB keys is to use a [system-assigned managed identity](managed-identity-based-authentication.md). If your service cannot take advantage of managed identities then use the [cert based solution](certificate-based-authentication.md). If both the managed identity solution and cert based solution do not meet your needs, please use the key vault solution below.
+
+When using Azure Cosmos DB for your applications, you can access the database, collections, documents by using the endpoint and the key within the app's configuration file.  However, it's not safe to put keys and URL directly in the application code because they are available in clear text format to all the users. You want to make sure that the endpoint and keys are available but through a secured mechanism. This is where Azure Key Vault can help you to securely store and manage application secrets.
 
 The following steps are required to store and read Azure Cosmos DB access keys from Key Vault:
 
@@ -25,7 +28,7 @@ The following steps are required to store and read Azure Cosmos DB access keys f
 
 ## Create a Key Vault
 
-1. Sign in to [Azure Portal](https://portal.azure.com/).  
+1. Sign in to [Azure portal](https://portal.azure.com/).  
 2. Select **Create a resource > Security > Key Vault**.  
 3. On the **Create key vault** section provide the following information:  
    * **Name:** Provide a unique name for your Key Vault.