Merge pull request #51152 from wwlpublish/61f0e0552556aebd3cab58c3637f07f7c7ed258660e91a15fd21ec95939cd237-live

 Modules/M01-implement-azure-keyvault

Author: v-dirichards

learn-pr/wwl-azure/implement-azure-key-vault/1-introduction.yml

@@ -1,15 +1,17 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.implement-azure-key-vault.introduction
-title: Introduction
-metadata:
-  title: Introduction
-  description: "Introduction"
-  ms.date: 03/12/2024
-  author: wwlpublish
-  ms.author: jeffko
-  ms.topic: unit
-  ms.custom:
-  - N/A
-durationInMinutes: 3
-content: |
-  [!include[](includes/1-introduction.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.implement-azure-key-vault.introduction
+title: Introduction
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Introduction
+  description: "Introduction"
+  ms.date: 06/27/2025
+  author: wwlpublish
+  ms.author: jeffko
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 3
+content: |
+  [!include[](includes/1-introduction.md)]

learn-pr/wwl-azure/implement-azure-key-vault/2-key-vault-overview.yml

@@ -1,15 +1,17 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.implement-azure-key-vault.explore
-title: Explore Azure Key Vault
-metadata:
-  title: Explore Azure Key Vault
-  description: "Explore Azure Key Vault"
-  ms.date: 03/12/2024
-  author: wwlpublish
-  ms.author: jeffko
-  ms.topic: unit
-  ms.custom:
-  - N/A
-durationInMinutes: 3
-content: |
-  [!include[](includes/2-key-vault-overview.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.implement-azure-key-vault.explore
+title: Explore Azure Key Vault
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Explore Azure Key Vault
+  description: "Explore Azure Key Vault"
+  ms.date: 06/27/2025
+  author: wwlpublish
+  ms.author: jeffko
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 3
+content: |
+  [!include[](includes/2-key-vault-overview.md)]

learn-pr/wwl-azure/implement-azure-key-vault/3-key-vault-concepts.yml

@@ -1,15 +1,17 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.implement-azure-key-vault.discover-best-practices
-title: Discover Azure Key Vault best practices
-metadata:
-  title: Discover Azure Key Vault best practices
-  description: "Discover Azure Key Vault best practices"
-  ms.date: 03/12/2024
-  author: wwlpublish
-  ms.author: jeffko
-  ms.topic: unit
-  ms.custom:
-  - N/A
-durationInMinutes: 3
-content: |
-  [!include[](includes/3-key-vault-concepts.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.implement-azure-key-vault.discover-best-practices
+title: Discover Azure Key Vault best practices
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Discover Azure Key Vault best practices
+  description: "Discover Azure Key Vault best practices"
+  ms.date: 06/27/2025
+  author: wwlpublish
+  ms.author: jeffko
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 3
+content: |
+  [!include[](includes/3-key-vault-concepts.md)]

learn-pr/wwl-azure/implement-azure-key-vault/4-key-vault-authentication.yml

@@ -1,15 +1,17 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.implement-azure-key-vault.authenticate-to
-title: Authenticate to Azure Key Vault
-metadata:
-  title: Authenticate to Azure Key Vault
-  description: "Authenticate to Azure Key Vault"
-  ms.date: 03/12/2024
-  author: wwlpublish
-  ms.author: jeffko
-  ms.topic: unit
-  ms.custom:
-  - N/A
-durationInMinutes: 3
-content: |
-  [!include[](includes/4-key-vault-authentication.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.implement-azure-key-vault.authenticate-to
+title: Authenticate to Azure Key Vault
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Authenticate to Azure Key Vault
+  description: "Authenticate to Azure Key Vault"
+  ms.date: 06/27/2025
+  author: wwlpublish
+  ms.author: jeffko
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 3
+content: |
+  [!include[](includes/4-key-vault-authentication.md)]

learn-pr/wwl-azure/implement-azure-key-vault/5-set-retrieve-secret-azure-key-vault.yml

@@ -1,15 +1,17 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.implement-azure-key-vault.exercise-set-retrieve-secret-from-by-using-azure-cli
-title: 'Exercise: Set and retrieve a secret from Azure Key Vault by using Azure CLI'
-metadata:
-  title: 'Exercise: Set and retrieve a secret from Azure Key Vault by using Azure CLI'
-  description: "Exercise: Set and retrieve a secret from Azure Key Vault by using Azure CLI"
-  ms.date: 03/12/2024
-  author: wwlpublish
-  ms.author: jeffko
-  ms.topic: unit
-  ms.custom: N/A, devx-track-azurecli
-durationInMinutes: 3
-content: |
-  [!include[](includes/5-set-retrieve-secret-azure-key-vault.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.wwl.implement-azure-key-vault.exercise-set-retrieve-secret-from-by-using-azure-cli
+title: Exercise - Create and retrieve secrets from Azure Key Vault
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Exercise - Create and retrieve secrets from Azure Key Vault
+  description: "Exercise - Create and retrieve secrets from Azure Key Vault"
+  ms.date: 06/27/2025
+  author: wwlpublish
+  ms.author: jeffko
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 30
+content: |
+  [!include[](includes/5-set-retrieve-secret-azure-key-vault.md)]

learn-pr/wwl-azure/implement-azure-key-vault/6-knowledge-check.yml

@@ -1,39 +1,40 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.implement-azure-key-vault.knowledge-check
-title: Module assessment
-metadata:
-  title: Module assessment
-  description: "Knowledge check"
-  ms.date: 03/12/2024
-  author: wwlpublish
-  ms.author: jeffko
-  ms.topic: unit
-  ms.custom:
-  - N/A
-  module_assessment: true
-durationInMinutes: 3
-quiz:
-  title: "Check your knowledge"
-  questions:
-  - content: "Which of the below methods of authenticating to Azure Key Vault is recommended for most scenarios?"
-    choices:
-    - content: "Service principal and certificate"
-      isCorrect: false
-      explanation: "Incorrect. This method is not recommended because it is difficult to automatically rotate the bootstrap secret that's used to authenticate to Key Vault."
-    - content: "Service principal and secret"
-      isCorrect: false
-      explanation: "Incorrect. This method is not recommended because the application owner or developer must rotate the certificate."
-    - content: "Managed identities"
-      isCorrect: true
-      explanation: "Correct. The benefit of this approach is that Azure automatically rotates the identity."
-  - content: "Azure Key Vault protects data when it's traveling between Azure Key Vault and clients. What protocol does it use for encryption?"
-    choices:
-    - content: "Secure Sockets Layer"
-      isCorrect: false
-      explanation: "Incorrect. The Secure Sockets Layer protocol has been replaced with the Transport Layer Security protocol."
-    - content: "Transport Layer Security"
-      isCorrect: true
-      explanation: "Correct. Azure Key Vault enforces Transport Layer Security protocol to protect data when it’s traveling between Azure Key Vault and clients."
-    - content: "Presentation Layer"
-      isCorrect: false
-      explanation: "Incorrect. Presentation Layer is part of the Open Systems Interconnection model and is not a security protocol."
+### YamlMime:ModuleUnit
+uid: learn.wwl.implement-azure-key-vault.knowledge-check
+title: Module assessment
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Module assessment
+  description: "Knowledge check"
+  ms.date: 06/27/2025
+  author: wwlpublish
+  ms.author: jeffko
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 3
+quiz:
+  title: "Check your knowledge"
+  questions:
+  - content: "Which of the below methods of authenticating to Azure Key Vault is recommended for most scenarios?"
+    choices:
+    - content: "Service principal and certificate"
+      isCorrect: false
+      explanation: "Incorrect. This method is not recommended because it is difficult to automatically rotate the bootstrap secret that's used to authenticate to Key Vault."
+    - content: "Service principal and secret"
+      isCorrect: false
+      explanation: "Incorrect. This method is not recommended because the application owner or developer must rotate the certificate."
+    - content: "Managed identities"
+      isCorrect: true
+      explanation: "Correct. The benefit of this approach is that Azure automatically rotates the identity."
+  - content: "Azure Key Vault protects data when it's traveling between Azure Key Vault and clients. What protocol does it use for encryption?"
+    choices:
+    - content: "Secure Sockets Layer"
+      isCorrect: false
+      explanation: "Incorrect. The Secure Sockets Layer protocol has been replaced with the Transport Layer Security protocol."
+    - content: "Transport Layer Security"
+      isCorrect: true
+      explanation: "Correct. Azure Key Vault enforces Transport Layer Security protocol to protect data when it’s traveling between Azure Key Vault and clients."
+    - content: "Presentation Layer"
+      isCorrect: false
+      explanation: "Incorrect. Presentation Layer is part of the Open Systems Interconnection model and is not a security protocol."

learn-pr/wwl-azure/implement-azure-key-vault/7-summary.yml

@@ -1,15 +1,17 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.implement-azure-key-vault.summary
-title: Summary
-metadata:
-  title: Summary
-  description: "Summary"
-  ms.date: 03/12/2024
-  author: wwlpublish
-  ms.author: jeffko
-  ms.topic: unit
-  ms.custom:
-  - N/A
-durationInMinutes: 3
-content: |
-  [!include[](includes/7-summary.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.implement-azure-key-vault.summary
+title: Summary
+metadata:
+  adobe-target: true
+  prefetch-feature-rollout: true
+  title: Summary
+  description: "Summary"
+  ms.date: 06/27/2025
+  author: wwlpublish
+  ms.author: jeffko
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 3
+content: |
+  [!include[](includes/7-summary.md)]

learn-pr/wwl-azure/implement-azure-key-vault/includes/1-introduction.md

@@ -4,4 +4,4 @@ After completing this module, you'll be able to:
 
 * Describe the benefits of using Azure Key Vault
 * Explain how to authenticate to Azure Key Vault
-* Set and retrieve a secret from Azure Key Vault by using the Azure CLI
+* Create and retrieve secrets from Azure Key Vault

learn-pr/wwl-azure/implement-azure-key-vault/includes/2-key-vault-overview.md

@@ -15,9 +15,9 @@ Azure Key Vault has two service tiers: Standard, which encrypts with a software
 
 * **Centralized application secrets:** Centralizing storage of application secrets in Azure Key Vault allows you to control their distribution. For example, instead of storing the connection string in the app's code you can store it securely in Key Vault. Your applications can securely access the information they need by using URIs. These URIs allow the applications to retrieve specific versions of a secret. 
 
-* **Securely store secrets and keys:** Access to a key vault requires proper authentication and authorization before a caller (user or application) can get access. Authentication is done via Microsoft Entra ID. Authorization may be done via Azure role-based access control (Azure RBAC) or Key Vault access policy. Azure RBAC can be used for both management of the vaults and to access data stored in a vault, while key vault access policy can only be used when attempting to access data stored in a vault. Azure Key Vaults may be either software-protected or, with the Azure Key Vault Premium tier, hardware-protected by hardware security modules (HSMs).
+* **Securely store secrets and keys:** Access to a key vault requires proper authentication and authorization before a caller (user or application) can get access. Authentication is done via Microsoft Entra ID. Authorization might be done via Azure role-based access control (Azure RBAC) or Key Vault access policy. Azure RBAC can be used for both management of the vaults, and to access data stored in a vault. A key vault access policy can only be used when attempting to access data stored in a vault. Azure Key Vaults might be either software-protected or, with the Azure Key Vault Premium tier, hardware-protected by hardware security modules (HSMs).
 
-* **Monitor access and use:** You can monitor activity by enabling logging for your vaults. You have control over your logs and you may secure them by restricting access and you may also delete logs that you no longer need. Azure Key Vault can be configured to:
+* **Monitor access and use:** You can monitor activity by enabling logging for your vaults. You have control over your logs and you might secure them by restricting access and you might also delete logs that you no longer need. Azure Key Vault can be configured to:
 
     * Archive to a storage account.
     * Stream to an event hub.
@@ -30,3 +30,4 @@ Azure Key Vault has two service tiers: Standard, which encrypts with a software
     * Replicating the contents of your Key Vault within a region and to a secondary region. Data replication ensures high availability and takes away the need of any action from the administrator to trigger the failover.
     * Providing standard Azure administration options via the portal, Azure CLI and PowerShell.
     * Automating certain tasks on certificates that you purchase from Public CAs, such as enrollment and renewal.
+

learn-pr/wwl-azure/implement-azure-key-vault/includes/3-key-vault-concepts.md

@@ -27,3 +27,4 @@ Perfect Forward Secrecy (PFS) protects connections between customers’ client s
 * **Logging:** Be sure to turn on logging and alerts.
 
 * **Recovery options:** Turn on [soft-delete](/azure/key-vault/general/soft-delete-overview) and purge protection if you want to guard against force deletion of the secret.
+