diff --git a/articles/batch/best-practices.md b/articles/batch/best-practices.md
index 8ce2309d2b8e8..f1c8e031ce57c 100644
--- a/articles/batch/best-practices.md
+++ b/articles/batch/best-practices.md
@@ -17,6 +17,14 @@ TODO: Add intro here
 TODO: Add best practices here
 
 ## Compute nodes
+### Authenticate to another service and handle secrets on the node
+The recommended way to authenticate with services is to
+1) Create a certificate
+2) Upload the certificate to Azure Batch
+3) Create a Service Principal in AAD
+4) Add the certificate to the Service Principal
+5) When creating your pool, specify the certificate on the certificates property.
+6) The certificate will then be installed on each of your compute nodes and can be used to authenticate with your Service Principal. This service principal can then access any services it has access to such as KeyVault or EventGrid.
 
 TODO: Add best practices here