etherscan-io
diff --git a/‎articles/active-directory/develop/access-tokens.md
+20-18 b/‎articles/active-directory/develop/access-tokens.md
+20-18
diff --git a/‎articles/active-directory/develop/active-directory-optional-claims.md
+1-2 b/‎articles/active-directory/develop/active-directory-optional-claims.md
+1-2
diff --git a/‎articles/aks/configure-kubenet.md
+1-1 b/‎articles/aks/configure-kubenet.md
+1-1
diff --git a/‎articles/aks/operator-best-practices-identity.md
+3-2 b/‎articles/aks/operator-best-practices-identity.md
+3-2
diff --git a/‎articles/api-management/api-management-security-attributes.md
+8 b/‎articles/api-management/api-management-security-attributes.md
+8
@@ -53,7 +53,7 @@ The set of optional claims available by default for applications to use are list
 | `auth_time`                | Time when the user last authenticated. See OpenID Connect spec.| JWT        |           |  |
 | `tenant_region_scope`      | Region of the resource tenant | JWT        |           | |
 | `home_oid`                 | For guest users, the object ID of the user in the user’s home tenant.| JWT        |           | |
-| `sid`                      | Session ID, used for per-session user sign out. | JWT        |           |         |
+| `sid`                      | Session ID, used for per-session user sign out. | JWT        |  Personal and Azure AD accounts.   |         |
 | `platf`                    | Device platform    | JWT        |           | Restricted to managed devices that can verify device type.|
 | `verified_primary_email`   | Sourced from the user’s PrimaryAuthoritativeEmail      | JWT        |           |         |
 | `verified_secondary_email` | Sourced from the user’s SecondaryAuthoritativeEmail   | JWT        |           |        |
@@ -87,7 +87,6 @@ These claims are always included in v1.0 Azure AD tokens, but not included in v2
 | `family_name` | Last Name                       | Provides the last name, surname, or family name of the user as defined in the user object. <br>"family_name":"Miller" | Supported in MSA and AAD   |
 | `given_name`  | First name                      | Provides the first or "given" name of the user, as set on the user object.<br>"given_name": "Frank"                   | Supported in MSA and AAD  |
 | `upn`         | User Principal Name | An identifer for the user that can be used with the username_hint parameter.  Not a durable identifier for the user and should not be used to key data. | See [additional properties](#additional-properties-of-optional-claims) below for configuration of the claim. |
-| `sid`         | Session ID                      | GUID session identifier, used for tracking authentication session with MSA. | MSA only.  Will not be included for Azure AD accounts. | 
 
 
 ### Additional properties of optional claims
 
@@ -161,7 +161,7 @@ az aks create \
     --client-secret <password>
 ```
 
-When you create an AKS cluster, a network security group and route table are created. These network resources are managed by the AKS control plane and automatically associated with your virtual network subnet, and are updated as you create and expose services.
+When you create an AKS cluster, a network security group and route table are created. These network resources are managed by the AKS control plane. The network security group is automatically associated with the virtual NICs on your nodes. The route table is automatically associated with the virtual network subnet. Network security group rules and route tables and are automatically updated as you create and expose services.
 
 ## Next steps
 
 
@@ -6,7 +6,7 @@ author: iainfoulds
 
 ms.service: container-service
 ms.topic: conceptual
-ms.date: 11/26/2018
+ms.date: 04/24/2019
 ms.author: iainfou
 ---
 
@@ -104,7 +104,8 @@ In the following example, a developer creates a pod that uses a managed identity
 1. A developer deploys a pod with a managed identity that requests an access token through the NMI server.
 1. The token is returned to the pod and used to access an Azure SQL Server instance.
 
-Managed pod identities is an AKS open source project, and is not supported by Azure technical support. It is provided to gather feedback and bugs from our community. The project is not recommended for production use.
+> [!NOTE]
+> Managed pod identities is an open source project, and is not supported by Azure technical support.
 
 To use pod identities, see [Azure Active Directory identities for Kubernetes applications][aad-pod-identity].
 
 
@@ -64,3 +64,11 @@ Security is integrated into every aspect of an Azure service. This article docum
 | Security Attribute | Yes/No | Notes|
 |---|---|--|
 | Configuration management support (versioning of configuration, etc.)| Yes | Using the [Azure API Management DevOps Resource Kit](https://aka.ms/apimdevops) |
+
+## Vulnerability scans false positives
+
+This section documents common vulnerabilities, which do not affect Azure API Management.
+
+| Vulnerability               | Description                                                                                                                                                                                                                                                                                                               |
+|-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Ticketbleed (CVE-2016-9244) | Ticketbleed is vulnerability in the implementation of the TLS SessionTicket extension found in some F5 products. It allows the leakage ("bleeding") of up to 31 bytes of data from uninitialized memory. This is caused by the TLS stack padding a Session ID, passed from the client, with data to make it 32-bits long. |