Edit to raise acrolinx score above minimum

Author: cwatson-cat

articles/sentinel/customer-managed-keys.md

@@ -26,7 +26,7 @@ This article provides background information and steps to configure a [customer-
 
 - The Microsoft Sentinel CMK capability is provided only to *workspaces in Log Analytics dedicated clusters* that have *not already been onboarded to Microsoft Sentinel*.
 
-- The following CMK-related changes *are not supported* because they will be ineffective (Microsoft Sentinel data will continue to be encrypted only by the Microsoft-managed key, and not by the CMK):
+- The following CMK-related changes *are not supported* because they are ineffective (Microsoft Sentinel data continues to be encrypted only by the Microsoft-managed key, and not by the CMK):
 
   - Enabling CMK on a workspace that's *already onboarded* to Microsoft Sentinel.
   - Enabling CMK on a cluster that contains Sentinel-onboarded workspaces.
@@ -47,15 +47,15 @@ This article provides background information and steps to configure a [customer-
 
 ## How CMK works 
 
-The Microsoft Sentinel solution uses several storage resources for log collection and features, including a Log Analytics dedicated cluster. As part of the Microsoft Sentinel CMK configuration, you will have to configure the CMK settings on the related Log Analytics dedicated cluster. Data saved by Microsoft Sentinel in storage resources other than Log Analytics will also be encrypted using the customer-managed key configured for the dedicated Log Analytics cluster.
+The Microsoft Sentinel solution uses several storage resources for log collection and features, including a Log Analytics dedicated cluster. As part of the Microsoft Sentinel CMK configuration, you must configure the CMK settings on the related Log Analytics dedicated cluster. Data saved by Microsoft Sentinel in storage resources other than Log Analytics is also encrypted using the customer-managed key configured for the dedicated Log Analytics cluster.
 
-See the following additional relevant documentation:
+For more information, see:
 - [Azure Monitor customer-managed keys (CMK)](../azure-monitor/logs/customer-managed-keys.md).
 - [Azure Key Vault](../key-vault/general/overview.md).
 - [Log Analytics dedicated clusters](../azure-monitor/logs/logs-dedicated-clusters.md).
 
 > [!NOTE]
-> If you enable CMK on Microsoft Sentinel, any Public Preview feature that does not support CMK will not be enabled.
+> If you enable CMK on Microsoft Sentinel, any Public Preview feature that does not support CMK aren't enabled.
 
 ## Enable CMK 
 
@@ -86,7 +86,7 @@ To provision CMK, follow these steps: 
 
 ### STEP 2: Enable CMK on your Log Analytics workspace
 
-Follow the instructions in [Azure Monitor customer-managed key configuration](../azure-monitor/logs/customer-managed-keys.md) in order to create a CMK workspace that will be used as the Microsoft Sentinel workspace in the following steps.
+Follow the instructions in [Azure Monitor customer-managed key configuration](../azure-monitor/logs/customer-managed-keys.md) in order to create a CMK workspace that is used as the Microsoft Sentinel workspace in the following steps.
 
 ### STEP 3: Register to the Azure Cosmos DB Resource Provider
 
@@ -108,13 +108,13 @@ Onboard the workspace to Microsoft Sentinel via the [Onboarding API](https://git
 
 ## Key Encryption Key revocation or deletion
 
-In the event that a user revokes the key encryption key (the CMK), either by deleting it or removing access for the dedicated cluster and Azure Cosmos DB Resource Provider, Microsoft Sentinel will honor the change and behave as if the data is no longer available, within one hour. At this point, any operation that uses persistent storage resources such as data ingestion, persistent configuration changes, and incident creation, will be prevented. Previously stored data will not be deleted but will remain inaccessible. Inaccessible data is governed by the data-retention policy and will be purged in accordance with that policy.
+If a user revokes the key encryption key (the CMK), either by deleting it or removing access for the dedicated cluster and Azure Cosmos DB Resource Provider, Microsoft Sentinel honors the change and behave as if the data is no longer available, within one hour. At this point, any operation that uses persistent storage resources such as data ingestion, persistent configuration changes, and incident creation, is prevented. Previously stored data isn't deleted but remains inaccessible. Inaccessible data is governed by the data-retention policy and is purged in accordance with that policy.
 
 The only operation possible after the encryption key is revoked or deleted is account deletion.
 
-If access is restored after revocation, Microsoft Sentinel will restore access to the data within an hour.
+If access is restored after revocation, Microsoft Sentinel restores access to the data within an hour.
 
-Access to the data can be revoked by disabling the customer-managed key in the key vault, or deleting the access policy to the key, for both the dedicated Log Analytics cluster and Azure Cosmos DB. Revoking access by removing the key from the dedicated Log Analytics cluster, or by removing the identity associated with the dedicated Log Analytics cluster is not supported.
+Access to the data can be revoked by disabling the customer-managed key in the key vault, or deleting the access policy to the key, for both the dedicated Log Analytics cluster and Azure Cosmos DB. Revoking access by removing the key from the dedicated Log Analytics cluster, or by removing the identity associated with the dedicated Log Analytics cluster isn't supported.
 
 To understand more about how this works in Azure Monitor, see [Azure Monitor CMK revocation](../azure-monitor/logs/customer-managed-keys.md#key-revocation).
 
@@ -132,7 +132,7 @@ After rotating a key, you must explicitly update the dedicated Log Analytics clu
 
 ## Replacing a customer-managed key
 
-Microsoft Sentinel does not support replacing a customer-managed key. You should use the [key rotation capability](#customer-managed-key-rotation) instead.
+Microsoft Sentinel doesn't support replacing a customer-managed key. You should use the [key rotation capability](#customer-managed-key-rotation) instead.
 
 ## Next steps
 In this document, you learned how to set up a customer-managed key in Microsoft Sentinel. To learn more about Microsoft Sentinel, see the following articles: