Update azure-disk-customer-managed-keys.md

andyzhangx · web-flow · commit 0d95a3f62889 · 2023-05-10T10:55:01.000+08:00
this PR also unnecessary `account list` instructions which is for getting subsid
diff --git a/articles/aks/azure-disk-customer-managed-keys.md b/articles/aks/azure-disk-customer-managed-keys.md
@@ -3,7 +3,7 @@ title: Use a customer-managed key to encrypt Azure disks in Azure Kubernetes Ser
 description: Bring your own keys (BYOK) to encrypt AKS OS and Data disks.
 ms.topic: article
 ms.custom: devx-track-azurecli
-ms.date: 07/18/2022
+ms.date: 05/10/2023
 ---
 
 # Bring your own keys (BYOK) with Azure disks in Azure Kubernetes Service (AKS)
@@ -93,39 +93,13 @@ az aks create -n myAKSCluster -g myResourceGroup --node-osdisk-diskencryptionset
 
 When new node pools are added to the cluster created above, the customer-managed key provided during the create process is used to encrypt the OS disk.
 
-## Encrypt your AKS cluster data disk(optional)
+## Encrypt your AKS cluster data disk
 
-OS disk encryption key is used to encrypt the data disk if the key isn't provided for data disk from AKS version 1.17.2. You can also encrypt AKS data disks with your other keys.
+If you have already provided a disk encryption set during cluster creation, encrypting data disks with the same disk encryption set is the default option. Therefore, this step is optional. However, if you want to encrypt data disks with a different disk encryption set, you can follow these steps.
 
 > [!IMPORTANT]
 > Ensure you have the proper AKS credentials. The managed identity needs to have contributor access to the resource group where the diskencryptionset is deployed. Otherwise, you'll get an error suggesting that the managed identity does not have permissions.
 
-```azurecli-interactive
-# Retrieve your Azure Subscription Id from id property as shown below
-az account list
-```
-
-The following example resembles output from the command:
-
-```output
-someuser@Azure:~$ az account list
-[
-  {
-    "cloudName": "AzureCloud",
-    "id": "666e66d8-1e43-4136-be25-f25bb5de5893",
-    "isDefault": true,
-    "name": "MyAzureSubscription",
-    "state": "Enabled",
-    "tenantId": "3ebbdf90-2069-4529-a1ab-7bdcb24df7cd",
-    "user": {
-      "cloudShellID": true,
-      "name": "someuser@azure.com",
-      "type": "user"
-    }
-  }
-]
-```
-
 Create a file called **byok-azure-disk.yaml** that contains the following information.  Replace *myAzureSubscriptionId*, *myResourceGroup*, and *myDiskEncrptionSetName* with your values, and apply the yaml.  Make sure to use the resource group where your DiskEncryptionSet is deployed.  
 
 ```yaml
