Modify an Azure Resource Manager template for deploying 100 VMs to securely reference an admin password without storing it in plain text. What service and policy should be used?