bbregman
diff --git a/‎docs-conceptual/azps-1.4.0/authenticate-azureps.md
Lines changed: 43 additions & 4 deletions b/‎docs-conceptual/azps-1.4.0/authenticate-azureps.md
Lines changed: 43 additions & 4 deletions
diff --git a/‎docs-conceptual/azps-1.4.0/create-azure-service-principal-azureps.md
Lines changed: 95 additions & 178 deletions b/‎docs-conceptual/azps-1.4.0/create-azure-service-principal-azureps.md
Lines changed: 95 additions & 178 deletions
diff --git a/‎docs-conceptual/azps-1.4.0/install-az-ps.md
Lines changed: 2 additions & 2 deletions b/‎docs-conceptual/azps-1.4.0/install-az-ps.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs-conceptual/azps-1.4.0/new-azureps-module-az.md
Lines changed: 2 additions & 2 deletions b/‎docs-conceptual/azps-1.4.0/new-azureps-module-az.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs-conceptual/azps-1.4.0/overview.md
Lines changed: 2 additions & 2 deletions b/‎docs-conceptual/azps-1.4.0/overview.md
Lines changed: 2 additions & 2 deletions
@@ -6,7 +6,7 @@ ms.author: sttramer
 manager: carmonm
 ms.devlang: powershell
 ms.topic: conceptual
-ms.date: 10/29/2018
+ms.date: 02/20/2019
 ---
 # Sign in with Azure PowerShell
 
@@ -43,18 +43,57 @@ $creds = Get-Credential
 Connect-AzAccount -Credential $creds
 ```
 
-## Sign in with a service principal
+## Sign in with a service principal <a name="sp-signin"/>
 
 Service principals are non-interactive Azure accounts. Like other user accounts, their permissions are managed with Azure Active Directory. By granting a service principal only the permissions it needs, your automation scripts stay secure.
 
 To learn how to create a service principal for use with Azure PowerShell, see [Create an Azure service principal with Azure PowerShell](create-azure-service-principal-azureps.md).
 
 To sign in with a service principal, use the `-ServicePrincipal` argument with the `Connect-AzAccount` cmdlet. You'll also need the service principal's application ID,
-sign-in credentials, and the tenant ID associate with the service principal. To get the service principal's credentials as the appropriate object, use the [Get-Credential](/powershell/module/microsoft.powershell.security/get-credential) cmdlet. This cmdlet will present a prompt for the service principal user ID and password.
+sign-in credentials, and the tenant ID associate with the service principal. How you sign in with a service principal will depend on whether it's configured for password-based or certificate-based authentication.
+
+### Password-based authentication
+
+To get the service principal's credentials as the appropriate object, use the [Get-Credential](/powershell/module/microsoft.powershell.security/get-credential) cmdlet. This cmdlet will present a prompt for a username and password. Use the service principal ID for the username.
 
 ```azurepowershell-interactive
 $pscredential = Get-Credential
-Connect-AzAccount -ServicePrincipal -ApplicationId  "http://my-app" -Credential $pscredential -TenantId $tenantid
+Connect-AzAccount -ServicePrincipal -Credential $pscredential -TenantId $tenantId
+```
+
+### Certificate-based authentication
+
+Certificate-based authentication requires that Azure PowerShell can retrieve information from a local certificate
+store based on a certificate thumbprint.
+
+```azurepowershell-interactive
+Connect-AzAccount -ServicePrincipal -TenantId $tenantId -CertificateThumbprint <thumbprint>
+```
+
+In PowerShell 5, the certificate store can be managed and inspected with the [PKI](/powershell/module/pkiclient) module. For PowerShell 6, the process is more complicated. The following scripts show you how to import an existing certificate into the certificate store accessible by PowerShell.
+
+#### Import a certificate in PowerShell 5
+
+```azurepowershell-interactive
+# Import a PFX
+$credentials = Get-Credential -Message "Provide PFX private key password"
+Import-PfxCertificate -FilePath <path to certificate> -Password $credentials.Password -CertStoreLocation cert:\CurrentUser\My
+```
+
+#### Import a certificate in PowerShell 6
+
+```azurepowershell-interactive
+# Import a PFX
+$storeName = [System.Security.Cryptography.X509Certificates.StoreName]::My 
+$storeLocation = [System.Security.Cryptography.X509Certificates.StoreLocation]::CurrentUser 
+$store = [System.Security.Cryptography.X509Certificates.X509Store]::new($storeName, $storeLocation) 
+$certPath = <path to certificate>
+$credentials = Get-Credential -Message "Provide PFX private key password"
+$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable 
+$certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($certPath, $credentials.Password, $flag) 
+$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) 
+$store.Add($Certificate) 
+$store.Close()
 ```
 
 ## Sign in using a managed identity 
 
@@ -17,7 +17,7 @@ are supported.
 
 ## Requirements
 
-Azure PowerShell works with PowerShell 5.1 or higher on Windows, or PowerShell 6.x on any platform.
+Azure PowerShell works with PowerShell 5.1 or higher on Windows, or PowerShell 6 on any platform.
 To check your PowerShell version, run the command:
 
 ```powershell-interactive
@@ -27,7 +27,7 @@ $PSVersionTable.PSVersion
 If you have an outdated version or need to install PowerShell, see [Installing various versions of PowerShell](/powershell/scripting/setup/installing-powershell). Install
 information for your platform is linked from that page.
 
-If you are using PowerShell 5.x on Windows, you also need .NET Framework 4.7.2 installed. For instructions
+If you are using PowerShell 5 on Windows, you also need .NET Framework 4.7.2 installed. For instructions
 on updating or installing a new version of .NET Framework, see the [.NET Framework installation guide](/dotnet/framework/install).
 
 ## Install the Azure PowerShell module
 
@@ -14,8 +14,8 @@ Starting in December 2018, the Azure PowerShell Az module is in general release
 PowerShell module for interacting with Azure. Az offers shorter commands, improved stability, and
 cross-platform support. Az also offers feature parity and an easy migration path from AzureRM.
 
-Az uses the .NET Standard library, which means it runs on PowerShell 5.x and PowerShell 6.x.
-Since PowerShell 6.x can run on Linux, macOS, and Windows, Azure PowerShell is now available for all platforms.
+Az uses the .NET Standard library, which means it runs on PowerShell 5 and PowerShell 6.
+Since PowerShell 6 can run on Linux, macOS, and Windows, Azure PowerShell is now available for all platforms.
 Using .NET Standard allows us to unify the code base of Azure PowerShell with minimal impact on users.
 
 Az is a new module, so the version has been reset to 1.0.0.
 
@@ -19,7 +19,7 @@ Azure PowerShell is also available on Azure Cloud Shell.
 ## About the new Az module
 
 This documentation describes the new Az module for Azure PowerShell. This new module is written from the
-ground up in .NET Standard. Using .NET Standard allows Azure PowerShell to run under PowerShell 5.x on Windows
+ground up in .NET Standard. Using .NET Standard allows Azure PowerShell to run under PowerShell 5 on Windows
 or PowerShell 6 on any platform. The Az module is now the intended way to interact with Azure through PowerShell.
 AzureRM will continue to get bug fixes, but no longer receive new features.
 
@@ -38,7 +38,7 @@ The [AzureRM documentation](/powershell/azure/azurerm) is also available.
 
 ## Run or install
 
-You can install Azure PowerShell on any platform which supports PowerShell 5.x or PowerShell 6.x, or run
+You can install Azure PowerShell on PowerShell 5.1 or higher on Windows, PowerShell 6 on any platform, or run
 in Azure Cloud Shell.
 
 * To run in your browser with Azure Cloud Shell, see [Quickstart for PowerShell in Azure Cloud Shell](/azure/cloud-shell/quickstart-powershell).