remove PSH/CLI samples temporarily

Author: tamram

articles/storage/common/customer-managed-keys-configure-cross-tenant-existing-account.md

@@ -7,7 +7,7 @@ author: tamram
 
 ms.service: storage
 ms.topic: how-to
-ms.date: 08/29/2022
+ms.date: 08/31/2022
 ms.author: tamram
 ms.reviewer: ozgun
 ms.subservice: common 
@@ -93,13 +93,6 @@ When you configure encryption with customer-managed keys for an existing storage
 >
 > Azure Storage checks the key vault for a new key version only once daily. When you rotate a key in Azure Key Vault, be sure to wait 24 hours before disabling the older version.
 
-### Configure encryption for automatic updating of key versions
-
-Azure Storage can automatically update the customer-managed key that is used for encryption to use the latest key version from the key vault. Azure Storage checks the key vault daily for a new version of the key. When a new version becomes available, then Azure Storage automatically begins using the latest version of the key for encryption.
-
-> [!IMPORTANT]
-> Azure Storage checks the key vault for a new key version only once daily. When you rotate a key, be sure to wait 24 hours before disabling the older version.
-
 ### [Azure portal](#tab/portal)
 
 To configure cross-tenant customer-managed keys for an existing storage account in the Azure portal, follow these steps:
@@ -126,106 +119,11 @@ After you've specified the key from the key vault in the customer's tenant, the
 
 ### [PowerShell](#tab/powershell)
 
-To configure cross-tenant customer-managed keys for an existing account with PowerShell, install the [Az.Storage](https://www.powershellgallery.com/packages/Az.Storage/4.4.2-preview) module, version 4.4.2-preview.
-
-Next, call [Set-AzStorageAccount](/powershell/module/az.storage/set-azstorageaccount) to update the storage account's encryption settings, omitting the key version. Include the **-KeyvaultEncryption** option to enable customer-managed keys for the storage account.
-
-```azurepowershell
-Set-AzStorageAccount -ResourceGroupName <resource-group> `
-    -AccountName <storage-account> `
-    -KeyvaultEncryption `
-    -KeyName $key.Name `
-    -KeyVaultUri $keyVault.VaultUri
-```
+N/A
 
 ### [Azure CLI](#tab/azure-cli)
 
-To configure customer-managed keys for an existing account with automatic updating of the key version with Azure CLI, install [Azure CLI version 2.4.0](/cli/azure/release-notes-azure-cli#april-21-2020) or later. For more information, see [Install the Azure CLI](/cli/azure/install-azure-cli).
-
-Next, call [az storage account update](/cli/azure/storage/account#az-storage-account-update) to update the storage account's encryption settings, omitting the key version. Include the `--encryption-key-source` parameter and set it to `Microsoft.Keyvault` to enable customer-managed keys for the account.
-
-```azurecli
-key_vault_uri=$(az keyvault show \
-    --name <key-vault> \
-    --resource-group <resource_group> \
-    --query properties.vaultUri \
-    --output tsv)
-az storage account update
-    --name <storage-account> \
-    --resource-group <resource_group> \
-    --encryption-key-name <key> \
-    --encryption-key-source Microsoft.Keyvault \
-    --encryption-key-vault $key_vault_uri
-```
-
----
-
-### Configure encryption for manual updating of key versions
-
-If you prefer to manually update the key version, then explicitly specify the version at the time that you configure encryption with customer-managed keys. In this case, Azure Storage will not automatically update the key version when a new version is created in the key vault. To use a new key version, you must manually update the version used for Azure Storage encryption.
-
-# [Azure portal](#tab/portal)
-
-To configure customer-managed keys with manual updating of the key version in the Azure portal, specify the key URI, including the version. To specify a key as a URI, follow these steps:
-
-1. To locate the key URI in the Azure portal, navigate to your key vault, and select the **Keys** setting. Select the desired key, then click the key to view its versions. Select a key version to view the settings for that version.
-1. Copy the value of the **Key Identifier** field, which provides the URI.
-
-    :::image type="content" source="media/customer-managed-keys-configure-existing-account/portal-copy-key-identifier.png" alt-text="Screenshot showing key vault key URI in Azure portal.":::
-
-1. In the **Encryption key** settings for your storage account, choose the **Enter key URI** option.
-1. Paste the URI that you copied into the **Key URI** field. Omit the key version from the URI to enable automatic updating of the key version.
-
-    :::image type="content" source="media/customer-managed-keys-configure-existing-account/portal-specify-key-uri.png" alt-text="Screenshot showing how to enter key URI in Azure portal.":::
-
-1. Specify the subscription that contains the key vault.
-1. Specify either a system-assigned or user-assigned managed identity.
-1. Save your changes.
-
-# [PowerShell](#tab/powershell)
-
-To configure customer-managed keys with manual updating of the key version, explicitly provide the key version when you configure encryption for the storage account. Call [Set-AzStorageAccount](/powershell/module/az.storage/set-azstorageaccount) to update the storage account's encryption settings, as shown in the following example, and include the **-KeyvaultEncryption** option to enable customer-managed keys for the storage account.
-
-Remember to replace the placeholder values in brackets with your own values and to use the variables defined in the previous examples.
-
-```azurepowershell
-Set-AzStorageAccount -ResourceGroupName <resource-group> `
-    -AccountName <storage-account> `
-    -KeyvaultEncryption `
-    -KeyName $key.Name `
-    -KeyVersion $key.Version `
-    -KeyVaultUri $keyVault.VaultUri
-```
-
-When you manually update the key version, you will need to update the storage account's encryption settings to use the new version. First, call [Get-AzKeyVaultKey](/powershell/module/az.keyvault/get-azkeyvaultkey) to get the latest version of the key. Then call [Set-AzStorageAccount](/powershell/module/az.storage/set-azstorageaccount) to update the storage account's encryption settings to use the new version of the key, as shown in the previous example.
-
-# [Azure CLI](#tab/azure-cli)
-
-To configure customer-managed keys with manual updating of the key version, explicitly provide the key version when you configure encryption for the storage account. Call [az storage account update](/cli/azure/storage/account#az-storage-account-update) to update the storage account's encryption settings, as shown in the following example. Include the `--encryption-key-source` parameter and set it to `Microsoft.Keyvault` to enable customer-managed keys for the account.
-
-Remember to replace the placeholder values in brackets with your own values.
-
-```azurecli
-key_vault_uri=$(az keyvault show \
-    --name <key-vault> \
-    --resource-group <resource_group> \
-    --query properties.vaultUri \
-    --output tsv)
-key_version=$(az keyvault key list-versions \
-    --name <key> \
-    --vault-name <key-vault> \
-    --query [-1].kid \
-    --output tsv | cut -d '/' -f 6)
-az storage account update
-    --name <storage-account> \
-    --resource-group <resource_group> \
-    --encryption-key-name <key> \
-    --encryption-key-version $key_version \
-    --encryption-key-source Microsoft.Keyvault \
-    --encryption-key-vault $key_vault_uri
-```
-
-When you manually update the key version, you will need to update the storage account's encryption settings to use the new version. First, query for the key vault URI by calling [az keyvault show](/cli/azure/keyvault#az-keyvault-show), and for the key version by calling [az keyvault key list-versions](/cli/azure/keyvault/key#az-keyvault-key-list-versions). Then call [az storage account update](/cli/azure/storage/account#az-storage-account-update) to update the storage account's encryption settings to use the new version of the key, as shown in the previous example.
+N/A
 
 ---
 
@@ -238,4 +136,4 @@ When you manually update the key version, you will need to update the storage ac
 ## See also
 
 - [Customer-managed keys for Azure Storage encryption](customer-managed-keys-overview.md)
-- [Configure cross-tenant customer-managed keys for a new storage account](customer-managed-keys-configure-cross-tenant-new-account.md)
+- [Configure cross-tenant customer-managed keys for a new storage account](customer-managed-keys-configure-cross-tenant-new-account.md)

articles/storage/common/customer-managed-keys-configure-cross-tenant-new-account.md

@@ -111,39 +111,11 @@ To configure cross-tenant customer-managed keys for a new storage account in the
 
 ### [PowerShell](#tab/powershell)
 
-To configure cross-tenant customer-managed keys for a new storage account, install the [Az.Storage](https://www.powershellgallery.com/packages/Az.Storage/4.4.2-preview) module, version 4.4.2-preview. Next, call [New-AzStorageAccount](/powershell/module/az.storage/new-azstorageaccount), as shown in the following example. Use the variable you created previously for the resource ID for the user-assigned managed identity. You will also need the key vault URI and key name:
-
-```azurepowershell
-New-AzStorageAccount -ResourceGroupName <resource-group> `
-    -Name <storage-account> `
-    -Kind StorageV2 `
-    -SkuName Standard_LRS `
-    -Location $location `
-    -IdentityType SystemAssignedUserAssigned `
-    -UserAssignedIdentityId $userIdentity.Id `
-    -KeyVaultUri $keyVault.VaultUri `
-    -KeyName $key.Name `
-    -KeyVaultUserAssignedIdentityId $userIdentity.Id
-```
+N/A
 
 ### [Azure CLI](#tab/azure-cli)
 
-To configure customer-managed keys for a new storage account with automatic updating of the key version, call [az storage account create](/cli/azure/storage/account#az-storage-account-create), as shown in the following example. Use the variable you created previously for the resource ID for the user-assigned managed identity. You will also need the key vault URI and key name:
-
-```azurecli
-az storage account create \
-    --name <storage-account> \
-    --resource-group <resource-group> \
-    --location <location> \
-    --sku Standard_LRS \
-    --kind StorageV2 \
-    --identity-type SystemAssigned,UserAssigned \
-    --user-identity-id <user-assigned-managed-identity> \
-    --encryption-key-vault <key-vault-uri> \
-    --encryption-key-name <key-name> \
-    --encryption-key-source Microsoft.Keyvault \
-    --key-vault-user-identity-id <user-assigned-managed-identity>
-```
+N/A
 
 ---
 

articles/storage/common/customer-managed-keys-configure-existing-account.md

@@ -7,7 +7,7 @@ author: tamram
 
 ms.service: storage
 ms.topic: how-to
-ms.date: 08/24/2022
+ms.date: 08/31/2022
 ms.author: tamram
 ms.reviewer: ozgun
 ms.subservice: common