Adding new content for data encryption

kummanish · kummanish · commit 1826e6d70fbf · 2020-01-13T04:59:49.000-08:00
diff --git a/articles/mysql/howto-data-encryption-portal.md b/articles/mysql/howto-data-encryption-portal.md
@@ -12,10 +12,9 @@ ms.date: 01/10/2020
 
 In this article, you will learn how to set up and manage to use the Azure portal to setup Data Encryption for your Azure Database for MySQL.
 
-## Prerequisites for PowerShell
+## Prerequisites for Cli
 
 * You must have an Azure subscription and be an administrator on that subscription.
-* You must have Azure PowerShell installed and running.
 * Create an Azure Key Vault and Key to use for customer-managed key.
 * The Key Vault must have the following property to use as a customer-managed key
     * [Soft Delete](https://docs.microsoft.com/azure/key-vault/key-vault-ovw-soft-delete)
@@ -40,7 +39,7 @@ In this article, you will learn how to set up and manage to use the Azure portal
 
    ![Access policy overview](media/concepts-data-access-and-security-data-encryption/show-access-policy-overview.png)
 
-2. Select the **Key Permissions** select **Get**, **Wrap**, **Unwrap** and the **Principal** which is the name of the MySQL server.
+2. Select the **Key Permissions** select **Get**, **Wrap**, **Unwrap** and the **Principal** which is the name of the MySQL server. If your server principal can't be found in the list of existing principals, you will need to register it by attempting to setup Data Encryption for the first time which will fail.
 
    ![Access policy overview](media/concepts-data-access-and-security-data-encryption/access-policy-warp-unwrap.png)
 
@@ -58,7 +57,7 @@ In this article, you will learn how to set up and manage to use the Azure portal
 
 3. **Save** the settings.
 
-4. To ensure all files (including temp files) are full encrypted, a server restart is required.
+4. To ensure all files (including **temp files**) are full encrypted, a server **restart** is **required**.
 
 ## Restoring or creating replica of the server which has Data Encryption enabled
 
@@ -76,17 +75,19 @@ Once an Azure Database for MySQL is encrypted with customer's managed key stored
 
    ![Mark server inaccessible](media/concepts-data-access-and-security-data-encryption/show-restore-data-encryption.png)
 
-3. To fix Inaccessible state, you need to revalidate the key on the restored server.
+3. To fix Inaccessible state, you need to revalidate the key on the restored server. Click on the **Data Encryption** blade and then the **Revalidate key** button.
+
+   > [!NOTE]
+   > The first attempt to revalidate will fail since the new server's service principal needs to be given access to the key vault. To generate the service principal click on **Revalidate key** which will give error but generates the service principal. Thereafter, refer to steps [in section 2](https://docs.microsoft.com/azure/mysql/howto-data-encryption-portal#setting-the-right-permissions-for-key-operations) above.
 
    ![revalidate server](media/concepts-data-access-and-security-data-encryption/show-revalidate-data-encryption.png)
 
    You will have to give access to the new server to the Key Vault. 
 
-4. Once you revalidate the key, the server resumes its normal functionality.
+4. After registering the service principal, you will need to revalidate the key again and the server resumes its normal functionality.
 
    ![Normal server restored](media/concepts-data-access-and-security-data-encryption/restore-successful.png)
 
-
 ## Next steps
 
  To learn more about Data Encryption, see [what is Azure data encryption](concepts-data-encryption-mysql.md).
diff --git a/articles/postgresql/howto-data-encryption-portal.md b/articles/postgresql/howto-data-encryption-portal.md
@@ -12,10 +12,9 @@ ms.date: 01/10/2020
 
 In this article, you will learn how to set up and manage to use the Azure portal to set up Data Encryption for your Azure Database for PostgreSQL Single server.
 
-## Prerequisites for PowerShell
+## Prerequisites for Cli
 
 * You must have an Azure subscription and be an administrator on that subscription.
-* You must have Azure PowerShell installed and running.
 * Create an Azure Key Vault and Key to use for customer-managed key.
 * The Key vault must have the following property to use as a customer-managed key
     * [Soft Delete](https://docs.microsoft.com/azure/key-vault/key-vault-ovw-soft-delete)
@@ -41,7 +40,7 @@ In this article, you will learn how to set up and manage to use the Azure portal
 
    ![Access policy overview](media/concepts-data-access-and-security-data-encryption/show-access-policy-overview.png)
 
-2. Under the **Key Permissions** select **Get**, **Wrap**, **Unwrap** and the **Principal** which is the name of the PostgreSQL server.
+2. Under the **Key Permissions** select **Get**, **Wrap**, **Unwrap** and the **Principal** which is the name of the PostgreSQL server. If your server principal can't be found in the list of existing principals, you will need to register it by attempting to setup Data Encryption for the first time which will fail.  
 
    ![Access policy overview](media/concepts-data-access-and-security-data-encryption/access-policy-warp-unwrap.png)
 
@@ -59,7 +58,7 @@ In this article, you will learn how to set up and manage to use the Azure portal
 
 3. **Save** the settings.
 
-4. To ensure all files (including temp files) are full encrypted, a server restart is required.
+4. To ensure all files (including **temp files**) are full encrypted, a server **restart** is **required**.
 
 ## Restoring or creating replica of the server which has data encryption enabled
 
@@ -78,17 +77,19 @@ Once an Azure Database for PostgreSQL Single server is encrypted with customer's
    ![Mark server inaccessible](media/concepts-data-access-and-security-data-encryption/show-restore-data-encryption.png)
 
 
-3. To fix Inaccessible state, you need to revalidate the key on the restored server.
+3. To fix Inaccessible state, you need to revalidate the key on the restored server. Click on the **Data Encryption** blade and then the **Revalidate key** button.
+
+   > [!NOTE]
+   > The first attempt to revalidate will fail since the new server's service principal needs to be given access to the key vault. To generate the service principal click on **Revalidate key** which will give error but generates the service principal. Thereafter, refer to steps [in section 2](https://docs.microsoft.com/azure/postgresql/howto-data-encryption-portal#setting-the-right-permissions-for-key-operations) above.
 
    ![revalidate server](media/concepts-data-access-and-security-data-encryption/show-revalidate-data-encryption.png)
 
    You will have to give access to the new server to the Key Vault. 
 
-4. Once you revalidate the key, the server resumes its normal functionality.
+4. After registering the service principal, you will need to revalidate the key again and the server resumes its normal functionality.
 
    ![Normal server restored](media/concepts-data-access-and-security-data-encryption/restore-successful.png)
 
-
 ## Next steps
 
  To learn more about Data Encryption, see [what is Azure data encryption](concepts-data-encryption-postgresql.md).
