updated grammer and fixed hyperlinks

Author: sjkaursb93

articles/machine-learning/concept-data-encryption.md

@@ -15,7 +15,7 @@ ms.date: 12/20/2022
 
 # Data encryption with Azure Machine Learning
 
-Azure Machine Learning relies on a variety of Azure data storage services and compute resources when training models and performing inferences. In this article, learn about the data encryption for each service both at rest and in transit.
+Azure Machine Learning relies on a various of Azure data storage services and compute resources when training models and performing inferences. In this article, learn about the data encryption for each service both at rest and in transit.
 
 > [!IMPORTANT]
 > For production grade encryption during __training__, Microsoft recommends using Azure Machine Learning compute cluster. For production grade encryption during __inference__, Microsoft recommends using Azure Kubernetes Service.
@@ -24,7 +24,7 @@ Azure Machine Learning relies on a variety of Azure data storage services and co
 
 ## Encryption at rest
 
-Azure Machine Learning end to end projects integrate with services like Azure Blob Storage, Azure Cosmos DB, Azure SQL Database etc. The article describes encryption method of such services.
+Azure Machine Learning end to end projects integrates with services like Azure Blob Storage, Azure Cosmos DB, Azure SQL Database etc. The article describes encryption method of such services.
 
 ### Azure Blob storage
 
@@ -40,7 +40,7 @@ For information on regenerating the access keys, see [Regenerate storage access
 
 ### Azure Data Lake Storage
 
-[!INCLUDE](../../includes/data-lake-storage-gen1-rename-note.md)
+[!INCLUDE [Note](../../includes/data-lake-storage-gen1-rename-note.md)]
 
 **ADLS Gen2**
 Azure Data Lake Storage Gen 2 is built on top of Azure Blob Storage and is designed for enterprise big data analytics. ADLS Gen2 is used as a datastore for Azure Machine Learning. Same as Azure Blob Storage the data at rest is encrypted with Microsoft-managed keys.
@@ -49,17 +49,17 @@ For information on how to use your own keys for data stored in Azure Data Lake S
 
 ### Azure Relational Databases
 
-Azure Machine Learning services supports data from different data sources such as Azure SQL Database, Azure PostgreSQL and Azure MYSQL. 
+Azure Machine Learning services support data from different data sources such as Azure SQL Database, Azure PostgreSQL and Azure MYSQL. 
 
 **Azure SQL Database**
 Transparent Data Encryption protects Azure SQL Database against threat of malicious offline activity by encrypting data at rest. By default, TDE is enabled for all newly deployed SQL Databases with Microsoft managed keys.
 
 For information on how to use customer managed keys for transparent data encryption, see [Azure SQL Database Transparent Data Encryption](/azure/azure-sql/database/transparent-data-encryption-tde-overview) . 
 
 **Azure Database for PostgreSQL**
-Azure PostgreSQL leverages Azure Storage encryption to encrypt data at rest by default using Microsoft managed keys. For Azure PostgreSQL users, it is a very similar to Transparent Data Encryption (TDE) in other databases such as SQL Server.
+Azure PostgreSQL uses Azure Storage encryption to encrypt data at rest by default using Microsoft managed keys. It is similar to Transparent Data Encryption (TDE) in other databases such as SQL Server.
 
-For information on how to use customer managed keys for transparent data encryption, see [Azure Database for PostgreSQL Single server data encryption with a customer-managed key](../postgresql/single-server/concepts-data).
+For information on how to use customer managed keys for transparent data encryption, see [Azure Database for PostgreSQL Single server data encryption with a customer-managed key](../postgresql/single-server/concepts-data-encryption-postgresql.md).
 
 **Azure Database for MySQL**
 Azure Database for MySQL is a relational database service in the Microsoft cloud based on the MySQL Community Edition database engine. The Azure Database for MySQL service uses the FIPS 140-2 validated cryptographic module for storage encryption of data at-rest. 
@@ -77,7 +77,7 @@ When using your own (customer-managed) keys to encrypt the Azure Cosmos DB insta
 
 All container images in your registry (Azure Container Registry) are encrypted at rest. Azure automatically encrypts an image before storing it and decrypts it when Azure Machine Learning pulls the image.
 
-To use your own (customer-managed) keys to encrypt your Azure Container Registry, you need to create your own ACR and attach it while provisioning the workspace or encrypt the default instance that gets created at the time of workspace provisioning.
+To use customer-managed keys to encrypt your Azure Container Registry, you need to create your own ACR and attach it while provisioning the workspace. You can encrypt the default instance that gets created at the time of workspace provisioning.
 
 > [!IMPORTANT]
 > Azure Machine Learning requires the admin account be enabled on your Azure Container Registry. By default, this setting is disabled when you create a container registry. For information on enabling the admin account, see [Admin account](../container-registry/container-registry-authentication.md#admin-account).
@@ -127,7 +127,7 @@ This process allows you to encrypt both the Data and the OS Disk of the deployed
 **Compute cluster**
 The OS disk for each compute node stored in Azure Storage is encrypted with Microsoft-managed keys in Azure Machine Learning storage accounts. This compute target is ephemeral, and clusters are typically scaled down when no jobs are queued. The underlying virtual machine is de-provisioned, and the OS disk is deleted. Azure Disk Encryption isn't supported for the OS disk. 
 
-Each virtual machine also has a local temporary disk for OS operations. If you want, you can use the disk to stage training data. If the workspace was created with the `hbi_workspace` parameter set to `TRUE`, the temporary disk is encrypted. This environment is short-lived (only for the duration of your job,) and encryption support is limited to system-managed keys only.
+Each virtual machine also has a local temporary disk for OS operations. If you want, you can use the disk to stage training data. If the workspace was created with the `hbi_workspace` parameter set to `TRUE`, the temporary disk is encrypted. This environment is short-lived (only during your job,) and encryption support is limited to system-managed keys only.
 
 **Compute instance**
 The OS disk for compute instance is encrypted with Microsoft-managed keys in Azure Machine Learning storage accounts. If the workspace was created with the `hbi_workspace` parameter set to `TRUE`, the local temporary disk on compute instance is encrypted with Microsoft managed keys. Customer managed key encryption is not supported for OS and temp disk.
@@ -138,7 +138,7 @@ For more information, see [Customer-managed keys](concept-customer-managed-keys.
 
 The Azure Data Factory pipeline is used to ingest data for use with Azure Machine Learning. Azure Data Factory encrypts data at rest, including entity definitions and any data cached while runs are in progress. By default, data is encrypted with a randomly generated Microsoft-managed key that is uniquely assigned to your data factory. 
 
-For information on how to use customer managed keys for encryption use [Encrypt Azue Data Factory with customer managed keys](../data-factory/enable-customer-managed-key.md) .
+For information on how to use customer managed keys for encryption use [Encrypt Azure Data Factory with customer managed keys](../data-factory/enable-customer-managed-key.md) .
 
 
 ### Azure Databricks