updates

Author: v-albemi

articles/devtest-labs/encrypt-disks-customer-managed-keys.md

@@ -16,10 +16,10 @@ This article shows how a lab owner can set up encryption with a customer-managed
 
 Server-side encryption (SSE) protects your data and helps you meet your organizational security and compliance commitments. SSE automatically encrypts data stored on managed disks in Azure (OS and data disks) at rest by default when it's persisted to the cloud. For more information about disk encryption on Azure, see [Server-side encryption](/azure/virtual-machines/disk-encryption).
 
-In Azure DevTest Labs, all OS disks and data disks created in a lab are encrypted via platform-managed keys. However, as a lab owner, you can choose to manage the encryption of lab virtual machine disks by using your own keys. If you choose to manage encryption by using your own keys, you can specify a *customer-managed key* to use for encrypting data in lab disks. To learn more about SSE with customer-managed keys, and other managed disk encryption types, see [Customer-managed keys](/azure/virtual-machines/disk-encryption#customer-managed-keys). Also, see [restrictions with using customer-managed keys](/azure/virtual-machines/disks-enable-customer-managed-keys-portal#restrictions).
+In Azure DevTest Labs, all OS disks and data disks created in a lab are encrypted via platform-managed keys. However, as a lab owner, you can choose to manage the encryption of lab virtual machine disks by using your own keys. If you choose to manage encryption by using your own keys, you can specify a *customer-managed key* to use for encrypting data in lab disks. To learn more about SSE with customer-managed keys, and other managed disk encryption types, see [Customer-managed keys](/azure/virtual-machines/disk-encryption#customer-managed-keys). Also see [restrictions with using customer-managed keys](/azure/virtual-machines/disks-enable-customer-managed-keys-portal#restrictions).
 
 > [!NOTE]
-> The disk encryption setting applies to newly created disks in the lab. If you change the disk encryption set at some point, older disks in the lab continue to be encrypted with the previous disk encryption set.
+> The disk encryption setting applies to newly created disks in the lab. If you change the disk encryption set, older disks in the lab continue to be encrypted with the previous disk encryption set.
 
 ## Prerequisites
 
@@ -28,7 +28,7 @@ In Azure DevTest Labs, all OS disks and data disks created in a lab are encrypte
   - The disk encryption set needs to be in same region and subscription as your lab.
   - The lab owner needs to have at least reader-level access to the disk encryption set that will be used to encrypt lab disks.
 
-- For labs created before 8/1/2020, the lab owner needs to ensure that lab system-assigned identity is enabled. To do so, the lab owner can go to the lab, select **Configuration and policies**, select **Identity (Preview)** in the left menu, change the system-assigned identity **Status** to **On**, and then select **Save**. For labs created after 8/1/2020, the system-assigned identity is enabled by default.
+- For labs created before August 1, 2020, the lab owner needs to ensure that lab system-assigned identity is enabled. To do so, the lab owner can go to the lab, select **Configuration and policies**, select **Identity (Preview)** in the left menu, change the system-assigned identity **Status** to **On**, and then select **Save**. For labs created after August 1, 2020, the system-assigned identity is enabled by default.
 
     > [!div class="mx-imgBorder"]
     > :::image type="content" source="./media/encrypt-disks-customer-managed-keys/managed-keys.png" alt-text="Screenshot that shows the steps for enabling system-assigned identity." lightbox="./media/encrypt-disks-customer-managed-keys/managed-keys.png":::