update

msmbaldwin · msmbaldwin · commit c438f6e87479 · 2025-07-31T13:53:46.000-07:00
diff --git a/articles/security/fundamentals/key-management-choose.md b/articles/security/fundamentals/key-management-choose.md
@@ -93,8 +93,6 @@ Here is a list of the key management solutions we commonly see being utilized ba
 - [Key management in Azure](key-management.md)
 - [Azure Key Vault](/azure/key-vault/general/overview)
 - [Azure Managed HSM](/azure/key-vault/managed-hsm/overview)
-- [Azure Cloud HSM](/azure/dedicated-hsm/overview)
-- [Azure Payment HSM](/azure/payment-hsm/overview)
-- [What is Zero Trust?](/security/zero-trust/zero-trust-overview)
+- [Azure Cloud HSM](/azure/cloud-hsm/overview)
 - [Azure Payment HSM](/azure/payment-hsm/overview)
 - [What is Zero Trust?](/security/zero-trust/zero-trust-overview)
diff --git a/articles/security/fundamentals/key-management.md b/articles/security/fundamentals/key-management.md
@@ -28,32 +28,31 @@ Customer-managed keys can be stored on-premises or, more commonly, in a cloud ke
 
 ## Azure key management services
 
-Azure offers several options for storing and managing your keys in the cloud, including Azure Key Vault, Azure Managed HSM, Azure Cloud HSM Preview, Azure Dedicated HSM, and Azure Payment HSM. These options differ in terms of their FIPS compliance level, management overhead, and intended applications.
+Azure offers several options for storing and managing your keys in the cloud, including Azure Key Vault, Azure Managed HSM, Azure Cloud HSM Preview, and Azure Payment HSM. These options differ in terms of their FIPS compliance level, management overhead, and intended applications.
 
 For an overview of each key management service and a comprehensive guide to choosing the right key management solution for you, see [How to Choose the Right Key Management Solution](key-management-choose.md).
 
 ### Pricing
 
-The Azure Key Vault Standard and Premium tiers are billed on a transactional basis, with an extra monthly per-key charge for premium hardware-backed keys. Managed HSM, Cloud HSM Preview, Dedicated HSM, and Payments HSM don't charge on a transactional basis; instead they are always-in-use devices that are billed at a fixed hourly rate. For detailed pricing information, see [Key Vault pricing](https://azure.microsoft.com/pricing/details/key-vault), [Dedicated HSM pricing](https://azure.microsoft.com/pricing/details/azure-dedicated-hsm), and [Payment HSM pricing](https://azure.microsoft.com/pricing/details/payment-hsm).
+The Azure Key Vault Standard and Premium tiers are billed on a transactional basis, with an extra monthly per-key charge for premium hardware-backed keys. Managed HSM, Cloud HSM Preview, and Payments HSM don't charge on a transactional basis; instead they are always-in-use devices that are billed at a fixed hourly rate. For detailed pricing information, see [Key Vault pricing](https://azure.microsoft.com/pricing/details/key-vault) and [Payment HSM pricing](https://azure.microsoft.com/pricing/details/payment-hsm).
 
 ### Service Limits
 
-Managed HSM, Cloud HSM Preview, Dedicated HSM, and Payments HSM offer dedicated capacity. Key Vault Standard and Premium are multitenant offerings and have throttling limits. For service limits, see [Key Vault service limits](/azure/key-vault/general/service-limits). 
+Managed HSM, Cloud HSM Preview, and Payments HSM offer dedicated capacity. Key Vault Standard and Premium are multitenant offerings and have throttling limits. For service limits, see [Key Vault service limits](/azure/key-vault/general/service-limits). 
 
 ### Encryption-At-Rest
 
-Azure Key Vault and Azure Key Vault Managed HSM have integrations with Azure Services and Microsoft 365 for Customer Managed Keys, meaning customers may use their own keys in Azure Key Vault and Azure Managed HSM for encryption-at-rest of data stored in these services. Cloud HSM Preview, Dedicated HSM, and Payments HSM are Infrastructure-as-Service offerings and do not offer integrations with Azure Services. For an overview of encryption-at-rest with Azure Key Vault and Managed HSM, see [Azure Data Encryption-at-Rest](encryption-atrest.md).
+Azure Key Vault and Azure Key Vault Managed HSM have integrations with Azure Services and Microsoft 365 for Customer Managed Keys, meaning customers may use their own keys in Azure Key Vault and Azure Managed HSM for encryption-at-rest of data stored in these services. Cloud HSM Preview and Payments HSM are Infrastructure-as-Service offerings and do not offer integrations with Azure Services. For an overview of encryption-at-rest with Azure Key Vault and Managed HSM, see [Azure Data Encryption-at-Rest](encryption-atrest.md).
 
 ### APIs
 
-Cloud HSM Preview, Dedicated HSM, and Payments HSM support the PKCS#11, JCE/JCA, and KSP/CNG APIs, but Azure Key Vault and Managed HSM do not. Azure Key Vault and Managed HSM use the Azure Key Vault REST API and offer SDK support. For more information on the Azure Key Vault API, see [Azure Key Vault REST API Reference](/rest/api/keyvault/).
+Cloud HSM Preview and Payments HSM support the PKCS#11, JCE/JCA, and KSP/CNG APIs, but Azure Key Vault and Managed HSM do not. Azure Key Vault and Managed HSM use the Azure Key Vault REST API and offer SDK support. For more information on the Azure Key Vault API, see [Azure Key Vault REST API Reference](/rest/api/keyvault/).
 
 ## What's next
 
 - [How to Choose the Right Key Management Solution](key-management-choose.md)
 - [Azure Key Vault](/azure/key-vault/general/overview)
 - [Azure Managed HSM](/azure/key-vault/managed-hsm/overview)
 - [Azure Cloud HSM Preview](/azure/cloud-hsm/overview)
-- [Azure Dedicated HSM](/azure/dedicated-hsm/overview)
 - [Azure Payment HSM](/azure/payment-hsm/overview)
 - [What is Zero Trust?](/security/zero-trust/zero-trust-overview)
diff --git a/articles/security/fundamentals/zero-trust.md b/articles/security/fundamentals/zero-trust.md
@@ -6,21 +6,20 @@ ms.service: security
 ms.subservice: security-fundamentals
 ms.topic: article
 ms.author: mbaldwin
-manager: rkarlin
-ms.date: 04/23/2025
+ms.date: 07/31/2025
 ---
 
 # Zero Trust security
 
-Zero Trust is a new security model that assumes breach and verifies each request as though it originated from an uncontrolled network. In this article, you'll learn about the guiding principles of Zero Trust and find resources to help you implement Zero Trust.
+Zero Trust is a security model that assumes breach and verifies each request as though it originated from an uncontrolled network. In this article, you'll learn about the guiding principles of Zero Trust and find resources to help you implement Zero Trust.
 
 ## Guiding principles of Zero Trust
 
 Today, organizations need a new security model that effectively adapts to the complexity of the modern environment, embraces the mobile workforce, and protects people, devices, applications, and data wherever they are located.
 
 To address this new world of computing, Microsoft highly recommends the Zero Trust security model, which is based on these guiding principles:
 
-- **Verify explicitly** - Always authenticate and authorize based on all available data points.
+- **Verify explicitly** - Always authenticate and authorize based on all available data points, including user identity, location, device health, and service or workload.
 - **Use least privilege access** - Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.
 - **Assume breach** - Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.
 
@@ -63,6 +62,7 @@ The Microsoft approach to Zero Trust includes [Conditional Access](../../active-
 To learn more about creating an access model based on Conditional Access that's aligned with the guiding principles of Zero Trust, see [Conditional Access for Zero Trust](/azure/architecture/guide/security/conditional-access-design).
 
 ## Develop apps using Zero Trust principles
+
 Zero Trust is a security framework that does not rely on the implicit trust afforded to interactions behind a secure network perimeter. Instead, it uses the principles of explicit verification, least privileged access, and assuming breach to keep users and data secure while allowing for common scenarios like access to applications from outside the network perimeter.
 
 As a developer, it is essential that you use Zero Trust principles to keep users safe and data secure. App developers can improve app security, minimize the impact of breaches, and ensure that their applications meet their customers' security requirements by adopting Zero Trust principles.
@@ -73,6 +73,7 @@ For more information on best practices key to keeping your apps secure, see:
 - [Build Zero Trust-ready apps using Microsoft identity platform features and tools](../../active-directory/develop/zero-trust-for-developers.md)
 
 ## Zero Trust and Microsoft 365
+
 Microsoft 365 is built with many security and information protection capabilities to help you build Zero Trust into your environment. Many of the capabilities can be extended to protect access to other SaaS apps your organization uses and the data within these apps. See [deploying Zero Trust for Microsoft 365](/microsoft-365/security/microsoft-365-zero-trust#deploying-zero-trust-for-microsoft-365) to learn more.
 
 To learn about recommendations and core concepts for deploying secure email, docs, and apps policies and configurations for Zero Trust access to Microsoft 365, see [Zero Trust identity and device access configurations](/microsoft-365/security/office-365-security/microsoft-365-policies-configurations).
diff --git a/articles/security/index.yml b/articles/security/index.yml
@@ -190,8 +190,6 @@ additionalContent:
               text: Azure Key Vault
             - url: /azure/key-vault/managed-hsm/
               text: Azure Managed HSM
-            - url: /azure/dedicated-hsm/
-              text: Azure Dedicated HSM
             - url: /azure/payment-hsm/
               text: Azure Payment-HSM
 
