Reassigned ownership of security control articles

msmbaldwin · msmbaldwin · commit d089beca1bbc · 2019-09-23T14:55:26.000-07:00
diff --git a/articles/event-hubs/event-hubs-security-controls.md b/articles/event-hubs/event-hubs-security-controls.md
@@ -3,13 +3,11 @@ title: Security controls for Azure Event Hubs
 description: A checklist of security controls for evaluating Azure Event Hubs
 services: event-hubs
 ms.service: event-hubs
-documentationcenter: ''
-author: msmbaldwin
-manager: barbkess
+author: spelluru
 
 ms.topic: conceptual
-ms.date: 09/04/2019
-ms.author: mbaldwin
+ms.date: 09/23/2019
+ms.author: spelluru
 
 ---
 # Security controls for Azure Event Hubs
@@ -20,43 +18,43 @@ This article documents the security controls built into Azure Event Hubs.
 
 ## Network
 
-| Security control | Yes/No | Notes |
-|---|---|--|
-| Service endpoint support| Yes |  |
-| VNet injection support| No | |
-| Network isolation and firewalling support| Yes |  |
-| Forced tunneling support| No |  |
+| Security control | Yes/No | Notes | Documentation |
+|---|---|--|--|
+| Service endpoint support| Yes |  |  |
+| VNet injection support| No | |  |
+| Network isolation and firewalling support| Yes |  |  |
+| Forced tunneling support| No |  |  |
 
 ## Monitoring & logging
 
-| Security control | Yes/No | Notes|
-|---|---|--|
-| Azure monitoring support (Log analytics, App insights, etc.)| Yes | |
-| Control and management plane logging and audit| Yes |  |
-| Data plane logging and audit| Yes |   |
+| Security control | Yes/No | Notes| Documentation |
+|---|---|--|--|
+| Azure monitoring support (Log analytics, App insights, etc.)| Yes | |  |
+| Control and management plane logging and audit| Yes |  |  |
+| Data plane logging and audit| Yes |   |  |
 
 ## Identity
 
-| Security control | Yes/No | Notes|
-|---|---|--|
-| Authentication| Yes | |
-| Authorization|  Yes | |
+| Security control | Yes/No | Notes| Documentation |
+|---|---|--|--|
+| Authentication| Yes | | [Authorize access to Azure Event Hubs](authorize-access-event-hubs.md), [Authorize access to Event Hubs resources using Azure Active Directory](authorize-access-azure-active-directory.md), [Authorizing access to Event Hubs resources using Shared Access Signatures](authorize-access-shared-access-signature.md) |
+| Authorization|  Yes | | [Authenticate a managed identity with Azure Active Directory to access Event Hubs Resources](authenticate-managed-identity.md), [Authenticate an application with Azure Active Directory to access Event Hubs resources](authenticate-application.md), [Authenticate access to Event Hubs resources using shared access signatures (SAS)](authenticate-shared-access-signature.md) |
 
 ## Data protection
 
-| Security control | Yes/No | Notes |
-|---|---|--|
-| Server-side encryption at rest: Microsoft-managed keys |  Yes | |
-| Server-side encryption at rest: customer-managed keys (BYOK) | No |  |
-| Column level encryption (Azure Data Services)| N/A | |
-| Encryption in transit (such as ExpressRoute encryption, in VNet encryption, and VNet-VNet encryption)| Yes | |
-| API calls encrypted| Yes |  |
+| Security control | Yes/No | Notes | Documentation |
+|---|---|--|--|
+| Server-side encryption at rest: Microsoft-managed keys |  Yes | |  |
+| Server-side encryption at rest: customer-managed keys (BYOK) | No |  |  |
+| Column level encryption (Azure Data Services)| N/A | |  |
+| Encryption in transit (such as ExpressRoute encryption, in VNet encryption, and VNet-VNet encryption)| Yes | |  |
+| API calls encrypted| Yes |  |  |
 
 ## Configuration management
 
-| Security control | Yes/No | Notes|
-|---|---|--|
-| Configuration management support (versioning of configuration, etc.)| Yes | |
+| Security control | Yes/No | Notes| Documentation |
+|---|---|--|--|
+| Configuration management support (versioning of configuration, etc.)| Yes | |  |
 
 ## Next steps
 
diff --git a/articles/service-bus-messaging/service-bus-messaging-security-controls.md b/articles/service-bus-messaging/service-bus-messaging-security-controls.md
@@ -3,11 +3,11 @@ title: Security controls for Azure Service Bus Messaging
 description: A checklist of security controls for evaluating Azure Service Bus Messaging
 services: service-bus-messaging
 ms.service: service-bus-messaging
-author: axisc
+author: spelluru
 
 ms.topic: conceptual
-ms.date: 09/04/2019
-ms.author: aschhab
+ms.date: 09/23/2019
+ms.author: spelluru
 
 ---
 # Security controls for Azure Service Bus Messaging
@@ -18,43 +18,43 @@ This article documents the security controls built into Azure Service Bus Messag
 
 ## Network
 
-| Security control | Yes/No | Notes |
-|---|---|--|
-| Service endpoint support| Yes (Premium tier only) | VNet service endpoints are supported for [Service Bus Premium tier](service-bus-premium-messaging.md) only. |
-| VNet injection support| No | |
-| Network isolation and firewalling support| Yes (Premium tier only) |  |
-| Forced tunneling support| No |  |
+| Security control | Yes/No | Notes | Documentation |
+|---|---|--|--|
+| Service endpoint support| Yes (Premium tier only) | VNet service endpoints are supported for [Service Bus Premium tier](service-bus-premium-messaging.md) only. |  |
+| VNet injection support| No | |  |
+| Network isolation and firewalling support| Yes (Premium tier only) |  |  |
+| Forced tunneling support| No |  |  |
 
 ## Monitoring & logging
 
-| Security control | Yes/No | Notes|
-|---|---|--|
-| Azure monitoring support (Log analytics, App insights, etc.)| Yes | Supported via [Azure Monitor and Alerts](service-bus-metrics-azure-monitor.md). |
-| Control and management plane logging and audit| Yes | Operations logs are available; see [Service Bus diagnostic logs](service-bus-diagnostic-logs.md).  |
+| Security control | Yes/No | Notes| Documentation |
+|---|---|--|--|
+| Azure monitoring support (Log analytics, App insights, etc.)| Yes | Supported via [Azure Monitor and Alerts](service-bus-metrics-azure-monitor.md). |  |
+| Control and management plane logging and audit| Yes | Operations logs are available.  | [Service Bus diagnostic logs](service-bus-diagnostic-logs.md) |
 | Data plane logging and audit| No |  |
 
 ## Identity
 
-| Security control | Yes/No | Notes|
-|---|---|--|
-| Authentication| Yes | Managed through [Azure Active Directory Managed Service Identity](service-bus-managed-service-identity.md); see [Service Bus authentication and authorization](service-bus-authentication-and-authorization.md).|
-| Authorization| Yes | Supports authorization via [RBAC](authenticate-application.md) and SAS token; see [Service Bus authentication and authorization](service-bus-authentication-and-authorization.md). |
+| Security control | Yes/No | Notes| Documentation |
+|---|---|--|--|
+| Authentication| Yes | Managed through [Azure Active Directory Managed Service Identity](service-bus-managed-service-identity.md).| [Service Bus authentication and authorization](service-bus-authentication-and-authorization.md). |
+| Authorization| Yes | Supports authorization via [RBAC](authenticate-application.md) and SAS token. | [Service Bus authentication and authorization](service-bus-authentication-and-authorization.md). |
 
 ## Data protection
 
-| Security control | Yes/No | Notes |
-|---|---|--|
+| Security control | Yes/No | Notes | Documentation |
+|---|---|--|--|
 | Server-side encryption at rest: Microsoft-managed keys |  Yes for server-side encryption-at-rest by default. | Customer managed keys and BYOK are not yet supported. Client side encryption is the client's responsibility |
-| Server-side encryption at rest: customer-managed keys (BYOK) | No |   |
-| Column level encryption (Azure Data Services)| N/A | |
-| Encryption in transit (such as ExpressRoute encryption, in VNet encryption, and VNet-VNet encryption)| Yes | Supports standard HTTPS/TLS mechanism. |
-| API calls encrypted| Yes | API calls are made through [Azure Resource Manager](../azure-resource-manager/index.yml) and HTTPS. |
+| Server-side encryption at rest: customer-managed keys (BYOK) | No |   |   |
+| Column level encryption (Azure Data Services)| N/A | |   |
+| Encryption in transit (such as ExpressRoute encryption, in VNet encryption, and VNet-VNet encryption)| Yes | Supports standard HTTPS/TLS mechanism. |   |
+| API calls encrypted| Yes | API calls are made through [Azure Resource Manager](../azure-resource-manager/index.yml) and HTTPS. |   |
 
 ## Configuration management
 
-| Security control | Yes/No | Notes|
-|---|---|--|
-| Configuration management support (versioning of configuration, etc.)| Yes | Supports resource provider versioning through the [Azure Resource Manager API](/rest/api/resources/).|
+| Security control | Yes/No | Notes| Documentation |
+|---|---|--|--|
+| Configuration management support (versioning of configuration, etc.)| Yes | Supports resource provider versioning through the [Azure Resource Manager API](/rest/api/resources/).|   |
 
 ## Next steps
 
diff --git a/articles/service-bus-relay/TOC.yml b/articles/service-bus-relay/TOC.yml
@@ -32,12 +32,14 @@
     href: https://github.com/Azure/azure-relay/tree/master/samples/wcf-relay
 - name: Concepts
   items:
-  - name: Authentication and authorization
-    href: relay-authentication-and-authorization.md
+  - name: Security
+    items:
+    - name: Authentication and authorization
+      href: relay-authentication-and-authorization.md
+    - name: Built-in security controls
+      href: service-bus-relay-security-controls.md
   - name: Hybrid Connections protocol
     href: relay-hybrid-connections-protocol.md
-  - name: Built-in security controls
-    href: service-bus-relay-security-controls.md
 - name: How To
   items:
   - name: Plan and design
diff --git a/articles/service-bus-relay/service-bus-relay-security-controls.md b/articles/service-bus-relay/service-bus-relay-security-controls.md
@@ -3,13 +3,11 @@ title: Security controls for Azure Service Bus Relay
 description: A checklist of security controls for evaluating Azure Service Bus Relay
 services: service-bus-relay
 ms.service: service-bus-relay
-documentationcenter: ''
-author: msmbaldwin
-manager: barbkess
+author: spelluru
 
 ms.topic: conceptual
-ms.date: 09/04/2019
-ms.author: mbaldwin
+ms.date: 09/23/2019
+ms.author: spelluru
 
 ---
 # Security controls for Azure Service Bus Relay
@@ -20,43 +18,43 @@ This article documents the security controls built into Azure Service Bus Relay.
 
 ## Network
 
-| Security control | Yes/No | Notes |
-|---|---|--|
-| Service endpoint support| No |  |
-| Network isolation and firewalling support| No |  |
-| Forced tunneling support| N/A | Relay is the TLS tunnel  |
+| Security control | Yes/No | Notes | Documentation |
+|---|---|--|--|
+| Service endpoint support| No |  |   |
+| Network isolation and firewalling support| No |  |   |
+| Forced tunneling support| N/A | Relay is the TLS tunnel  |   |
 
 ## Monitoring & logging
 
-| Security control | Yes/No | Notes|
-|---|---|--|
-| Azure monitoring support (Log analytics, App insights, etc.)| Yes | |
-| Control and management plane logging and audit| Yes | Through [Azure Resource Manager](../azure-resource-manager/index.yml). |
-| Data plane logging and audit| Yes | Connection success / failure and errors and logged.  |
+| Security control | Yes/No | Notes| Documentation |
+|---|---|--|--|
+| Azure monitoring support (Log analytics, App insights, etc.)| Yes | |   |
+| Control and management plane logging and audit| Yes | Through [Azure Resource Manager](../azure-resource-manager/index.yml). |   |
+| Data plane logging and audit| Yes | Connection success / failure and errors and logged.  |   |
 
 ## Identity
 
-| Security control | Yes/No | Notes|
-|---|---|--|
-| Authentication| Yes | Via SAS. |
-| Authorization|  Yes | Via SAS. |
+| Security control | Yes/No | Notes| Documentation |
+|---|---|--|--|
+| Authentication| Yes | Via SAS. | [Azure Relay authentication and authorization](relay-authentication-and-authorization.md) |
+| Authorization|  Yes | Via SAS. | [Azure Relay authentication and authorization](relay-authentication-and-authorization.md) |
 
 ## Data protection
 
-| Security control | Yes/No | Notes |
-|---|---|--|
-| Server-side encryption at rest: Microsoft-managed keys |  N/A | Relay is a web socket and does not persist data. |
-| Server-side encryption at rest: customer-managed keys (BYOK) | No | Uses Microsoft TLS certs only.  |
-| Column level encryption (Azure Data Services)| N/A | |
-| Encryption in transit (such as ExpressRoute encryption, in VNet encryption, and VNet-VNet encryption)| Yes | Service requires TLS. |
+| Security control | Yes/No | Notes | Documentation |
+|---|---|--|--|
+| Server-side encryption at rest: Microsoft-managed keys |  N/A | Relay is a web socket and does not persist data. |   |
+| Server-side encryption at rest: customer-managed keys (BYOK) | No | Uses Microsoft TLS certs only.  |   |
+| Column level encryption (Azure Data Services)| N/A | |   |
+| Encryption in transit (such as ExpressRoute encryption, in VNet encryption, and VNet-VNet encryption)| Yes | Service requires TLS. |   |
 | API calls encrypted| Yes | HTTPS. |
 
 
 ## Configuration management
 
-| Security control | Yes/No | Notes|
-|---|---|--|
-| Configuration management support (versioning of configuration, etc.)| Yes | Through [Azure Resource Manager](../azure-resource-manager/index.yml).|
+| Security control | Yes/No | Notes| Documentation |
+|---|---|--|--|
+| Configuration management support (versioning of configuration, etc.)| Yes | Through [Azure Resource Manager](../azure-resource-manager/index.yml).|   |
 
 ## Next steps
 
