Merge pull request #127216 from iheanacho-chukwu/update-secure-output-guidance

Update Bicep best practices to reflect support for secure outputs using @secure()

Author: v-regandowner

articles/azure-resource-manager/bicep/best-practices.md

@@ -105,7 +105,7 @@ For more information about Bicep variables, see [Variables in Bicep](variables.m
 
 ## Outputs
 
-* Make sure you don't create outputs for sensitive data. Output values can be accessed by anyone who has access to the deployment history. They're not appropriate for handling secrets.
+* Mark sensitive data in outputs by using the [@secure() decorator](outputs.md#secure-outputs), which prevents sensitive outputs from being logged or displayed. Otherwise, output values can be accessed by anyone who has access to the deployment history.
 
 * Instead of passing property values around through outputs, use the [existing keyword](existing-resource.md) to look up properties of resources that already exist. It's a best practice to look up keys from other resources in this way instead of passing them around through outputs. You'll always get the most up-to-date data.