chagne new feature behavior

yanancai · yanancai · commit 02f3bc5ed953 · 2020-01-10T10:27:39.000-08:00
diff --git a/articles/hdinsight/hdinsight-release-notes.md b/articles/hdinsight/hdinsight-release-notes.md
@@ -28,7 +28,7 @@ This release applies both for HDInsight 3.6 and 4.0. HDInsight release is made a
 ### TLS 1.2 enforcement
 Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are cryptographic protocols that provide communications security over a computer network. Learn more about [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0.2C_2.0_and_3.0). HDInsight uses TLS 1.2 on public HTTPs endpoints but TLS 1.1 is still supported for backward compatibility. 
 
-From this release, HDInsight will enforce all connections through TLS 1.2. A new property **minSupportedTlsVersion** is introduced via resource manager template for cluster creation. The value for this property is by-default "1.2", which means that the cluster only supports TLS 1.2 and above. Customers can set this property to "1.1" specifically for backward compatibility.
+From this release, cusotmers can opt-in TLS 1.2 enformence for all connections through TLS 1.2. A new property **minSupportedTlsVersion** is introduced via resource manager template for cluster creation. If the property is not set, the cluster still supports 1.0, 1.1 and 1.2, same as today's behavior. Customers can set the value for this property to "1.2", which means that the cluster only supports TLS 1.2 and above. 
 
 ### Bring your own key for disk encryption
 All managed disks in HDInsight are protected with Azure Storage Service Encryption (SSE). Data on those disks is encrypted by Microsoft-managed keys by default. Starting from this release, you can Bring Your Own Key (BYOK) for disk encryption and manage it using Azure Key Vault. BYOK encryption is a one-step configuration during cluster creation with no additional cost. Just register HDInsight as a managed identity with Azure Key Vault and add the encryption key when you create your cluster. 
@@ -37,10 +37,7 @@ All managed disks in HDInsight are protected with Azure Storage Service Encrypti
 No deprecations for this release. To get ready for upcoming deprecations, see [Upcoming changes](#upcoming-changes).
 
 ## Behavior changes
-### TLS 1.2 enforcement
-Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are cryptographic protocols that provide communications security over a computer network. Learn more about [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0.2C_2.0_and_3.0). HDInsight uses TLS 1.2 on public HTTPs endpoints but TLS 1.1 is still supported for backward compatibility. 
-
-From this release, HDInsight will enforce all connection through TLS 1.2. A new property **minSupportedTlsVersion** is introduced via ARM template for cluster creation. The property is by-default "1.2", which means the cluster only supports TLS 1.2 and above. Customers can set this property to "1.1" specifically for backward compatibility.
+No behavior changes for this release. To get ready for upcoming changes, see [Upcoming changes](#upcoming-changes).
 
 ## Upcoming changes
 The following changes will happen in upcoming releases. 
