Merge pull request #112719 from JnHs/jh-lh-kv

PRMerger6 · web-flow · commit f6f7e1adaa6c · 2020-04-27T16:04:33.000-07:00
update VM/Key Vault info
diff --git a/articles/lighthouse/concepts/cross-tenant-management-experience.md b/articles/lighthouse/concepts/cross-tenant-management-experience.md
@@ -1,7 +1,7 @@
 ---
 title: Cross-tenant management experiences
 description: Azure delegated resource management enables a cross-tenant management experience.
-ms.date: 04/20/2020
+ms.date: 04/24/2020
 ms.topic: conceptual
 ---
 
@@ -123,7 +123,8 @@ Most tasks and services can be performed on delegated resources across managed t
 - Use virtual machine extensions to provide post-deployment configuration and automation tasks on Azure VMs in customer tenants
 - Use boot diagnostics to troubleshoot Azure VMs in customer tenants
 - Access VMs with serial console in customer tenants
-- Note that you can't use Azure Active Directory for remote login to a VM, and you can't integrate a VM with a Key Vault for passwords, secrets or cryptographic keys for disk encryption
+- Integrate VMs with Azure KeyVault for passwords, secrets, or cryptographic keys for disk encryption by using [managed identity through policy](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/create-keyvault-secret), ensuring that secrets are stored in a Key Vault in customer tenants
+- Note that you can't use Azure Active Directory for remote login to VMs in customer tenants
 
 Support requests:
 
diff --git a/includes/azure-lighthouse-samples-scenarios.md b/includes/azure-lighthouse-samples-scenarios.md
@@ -5,7 +5,7 @@ services: lighthouse
 author: JnHs
 ms.service: lighthouse
 ms.topic: include
-ms.date: 12/19/2019
+ms.date: 04/24/2020
 ms.author: jenhayes
 ms.custom: include file
 ---
@@ -14,6 +14,7 @@ These samples illustrate various tasks that can be performed in cross-tenant man
 
 | **Template** | **Description** |
 |---------|---------|
+| [create-keyvault-secret](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/create-keyvault-secret) | Creates a Key Vault in the customer's tenant and creates access policies.
 | [cross-rg-deployment](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/cross-rg-deployment) | Deploys storage accounts into two different resource groups.|
 | [deploy-azure-mgmt-services](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/deploy-azure-mgmt-services) | Creates Azure management services, links them together, and deploys additional solutions. For an end-to-end deployment, use the **rgWithAzureMgmt.json** template. |
 | [deploy-azure-security-center](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/deploy-azure-security-center) | Enables and configures Azure Security Center within the targeted Azure subscription. |
