Merge pull request #112112 from yossi-y/patch-75

PRMerger20 · web-flow · commit 2616f7c344a4 · 2020-04-20T23:57:53.000-07:00
Updated per APIs changes.
diff --git a/articles/azure-monitor/platform/customer-managed-keys.md b/articles/azure-monitor/platform/customer-managed-keys.md
@@ -306,7 +306,7 @@ details.
 
 **Update**
 
-This Resource Manager request is asynchronous operation.
+This Resource Manager request is asynchronous operation when updating Key identifier details, while it is synchronous when updating Capacity value.
 
 > [!Warning]
 > You must provide a full body in *Cluster* resource update that includes *identity*, *sku*, *KeyVaultProperties* and *location*. Missing the *KeyVaultProperties* details will remove the key identifier from the *Cluster* resource and cause [key revocation](#cmk-kek-revocation).
@@ -339,7 +339,7 @@ Content-type: application/json
 **Response**
 
 200 OK and header.
-It takes the propagation of the Key identifier a few minutes to complete. You can check the provisioning state in two ways:
+It takes the propagation of the Key identifier a few minutes to complete. You can check the update state in two ways:
 1. Copy the Azure-AsyncOperation URL value from the response and follow the [asynchronous operations status check](#asynchronous-operations-and-status-check).
 2. Send a GET request on the *Cluster* resource and look at the *KeyVaultProperties* properties. Your recently updated Key identifier details should return in the response.
 
@@ -464,20 +464,16 @@ All your data is accessible after the key rotation operation including data inge
 
 - The max number of *Cluster* resources per subscription is limited to 2
 
-- *Cluster* resource association to workspace should be carried ONLY after you have verified that the ADX cluster provisioning was fulfilled. Data that is sent prior to this provisioning will be dropped and won't be recoverable.
+- *Cluster* resource association to workspace should be carried ONLY after you have verified that the ADX cluster provisioning was completed. Data sent to your workspace prior to the completion of the provisioning will be dropped and won't be recoverable.
 
 - CMK encryption applies to newly ingested data after the CMK
     configuration. Data that was ingested prior to the CMK
     configuration, remains encrypted with Microsoft key. You can query
     data ingested before and after the CMK configuration seamlessly.
 
-- Once workspace is associated to a *Cluster* resource, it cannot be
-    de-associated from the *Cluster* resource, since data is encrypted
-    with your key and isn't accessible without your KEK in Azure Key
-    Vault.
+- You can de-associate a workspace from a *Cluster* resource when deciding that CMK isn’t required for particular workspace. New ingested data after the de-association operation is stored in shared Log Analytics storage as it was before it was associated to the *Cluster* resource. You can query data ingested before and after the de-association seamlessly if your *Cluster* resource is provisioned and configured with valid Key Vault key.
 
-- The Azure Key Vault must be configured as recoverable. These
-    properties aren't enabled by default and should be configured using CLI and PowerShell:
+- The Azure Key Vault must be configured as recoverable. These properties aren't enabled by default and should be configured using CLI or PowerShell:
 
   - [Soft Delete](https://docs.microsoft.com/azure/key-vault/key-vault-ovw-soft-delete)
     must be turned on
@@ -509,6 +505,8 @@ All your data is accessible after the key rotation operation including data inge
 
 - If you try to delete a *Cluster* resource that is associated to a workspace, the delete operation will fail.
 
+- If you get conflict error when creating a *Cluster* resource – It may be that you have deleted your *Cluster* resource in the last 14 days and it’s in a soft-delete period. The *Cluster* resource name remains reserved during the soft-delete period and you can't create a new cluster with that name. The name is released after the soft-delete period when the *Cluster* resource is permanently deleted.
+
 - Get all *Cluster* resources for a resource group:
 
   ```rst
@@ -527,6 +525,11 @@ All your data is accessible after the key rotation operation including data inge
           "tenantId": "tenant-id",
           "principalId": "principal-Id"
         },
+        "sku": {
+          "name": "capacityReservation",
+          "capacity": 1000,
+          "lastSkuUpdate": "Sun, 22 Mar 2020 15:39:29 GMT"
+          },
         "properties": {
            "KeyVaultProperties": {
               KeyVaultUri: "https://key-vault-name.vault.azure.net",
@@ -556,9 +559,10 @@ All your data is accessible after the key rotation operation including data inge
   **Response**
     
   The same response as for '*Cluster* resources for a resource group', but in subscription scope.
-    
-- Delete your *Cluster* resource -- a soft-delete operation is performed to allow the recovery of your Cluster resource, your data and associated workspaces within 14 days, whether the deletion was accidental or intentional. The *Cluster* resource name remains reserved during the soft-delete period and you can't create a new cluster with that name. 
-After the soft-delete period, your *Cluster* resource and data are non-recoverable. Associated workspaces are de-associated from the *Cluster* resource and new data is ingested to shared Storage and encrypted with Microsoft key.
+
+- Update *capacity reservation* in *Cluster* resource -- when the data volume to your associated workspaces change and you want to update the capacity reservation level for billing considerations, follow the [update *Cluster* resource](#update-cluster-resource-with-key-identifier-details) and provide your new capacity value. The capacity reservation level can be in the range of 1,000 to 2,000 GB per day and in steps of 100. For level higher than 2,000 GB per day, reach your Microsoft contact to enable it.
+
+- Delete your *Cluster* resource -- a soft-delete operation is performed to allow the recovery of your *Cluster* resource including its data within 14 days, whether the deletion was accidental or intentional. The *Cluster* resource name remains reserved during the soft-delete period and you can't create a new cluster with that name. After the soft-delete period, The *Cluster* resource name is released, your *Cluster* resource and data are permanently deleted and are non-recoverable. Any associated workspace gets de-associated from the *Cluster* resource on delete operation. New ingested data is stored in shared Log Analytics storage and encrypted with Microsoft key. The workspaces de-associated operation is asynchronous.
 
   ```rst
   DELETE https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.OperationalInsights/clusters/<cluster-name>?api-version=2020-03-01-preview
@@ -569,8 +573,7 @@ After the soft-delete period, your *Cluster* resource and data are non-recoverab
 
   200 OK
 
-- Recover your *Cluster* resource and your data -- during the soft-delete period, create a *Cluster* resource with the same name and in the same subscription, resource group and region. Follow the **Create *Cluster* resource** step to recover your *Cluster* resource.
-
+- Recover your *Cluster* resource and your data -- during the soft-delete period, create a *Cluster* resource with the same name and in the same subscription, resource group and region. Follow the [Create Cluster resource](#create-cluster-resource) step to recover your *Cluster* resource. Previously associated workspaces were de-associated from the *Cluster* resource at delete time and you need to [associate your workspaces](#workspace-association-to-cluster-resource) after the recovery.
 
 ## Appendix
 
