diff --git a/src/KeyVault/KeyVault/Commands/NewAzureKeyVaultCertificatePolicy.cs b/src/KeyVault/KeyVault/Commands/NewAzureKeyVaultCertificatePolicy.cs
index 4fc2eb255fe2..d6f6cee4b3c3 100644
--- a/src/KeyVault/KeyVault/Commands/NewAzureKeyVaultCertificatePolicy.cs
+++ b/src/KeyVault/KeyVault/Commands/NewAzureKeyVaultCertificatePolicy.cs
@@ -68,7 +68,7 @@ public class NewAzureKeyVaultCertificatePolicy : KeyVaultCmdletBase
                    Position = 1,
                    ParameterSetName = DNSNamesParameterSet,
                    ValueFromPipelineByPropertyName = true,
-                   HelpMessage = "Specifies the DNS names in the certificate.")]
+                   HelpMessage = "Specifies the DNS names in the certificate. Subject Alternative Names (SANs) can be specified as DNS names.")]
         [Alias("DnsNames")]
         public List<string> DnsName { get; set; }
 
diff --git a/src/KeyVault/KeyVault/help/New-AzKeyVaultCertificatePolicy.md b/src/KeyVault/KeyVault/help/New-AzKeyVaultCertificatePolicy.md
index 25fd2dd20d03..a19bda731457 100644
--- a/src/KeyVault/KeyVault/help/New-AzKeyVaultCertificatePolicy.md
+++ b/src/KeyVault/KeyVault/help/New-AzKeyVaultCertificatePolicy.md
@@ -80,6 +80,36 @@ Creates an in-memory certificate policy object. (autogenerated)
 New-AzKeyVaultCertificatePolicy -IssuerName 'Self' -KeyType RSA -RenewAtNumberOfDaysBeforeExpiry <Int32> -SecretContentType application/x-pkcs12 -SubjectName 'CN=contoso.com' -ValidityInMonths 6
 ```
 
+### Example 3: Create a Subject Alternate Name (or SAN) certificate
+
+```powershell
+PS C:\> New-AzKeyVaultCertificatePolicy -SecretContentType "application/x-pkcs12" -SubjectName "CN=contoso.com" -DnsName "contoso.com","support.contoso.com","docs.contoso.com" -IssuerName "Self"
+
+SecretContentType               : application/x-pkcs12
+Kty                             : RSA
+KeySize                         : 2048
+Curve                           :
+Exportable                      :
+ReuseKeyOnRenewal               : False
+SubjectName                     : CN=contoso.com
+DnsNames                        : {contoso.com, support.contoso.com, docs.contoso.com}
+KeyUsage                        :
+Ekus                            :
+ValidityInMonths                :
+IssuerName                      : Self
+CertificateType                 :
+RenewAtNumberOfDaysBeforeExpiry :
+RenewAtPercentageLifetime       :
+EmailAtNumberOfDaysBeforeExpiry :
+EmailAtPercentageLifetime       :
+CertificateTransparency         :
+Enabled                         : True
+Created                         :
+Updated                         :
+```
+
+This example creates a SAN certificate with 3 DNS names.
+
 ## PARAMETERS
 
 ### -CertificateTransparency
@@ -165,7 +195,7 @@ Accept wildcard characters: False
 ```
 
 ### -DnsName
-Specifies the DNS names in the certificate.
+Specifies the DNS names in the certificate. Subject Alternative Names (SANs) can be specified as DNS names.
 
 ```yaml
 Type: System.Collections.Generic.List`1[System.String]