edits

tejaswikolli-web · tejaswikolli-web · commit 3b243f5be9f9 · 2022-09-12T15:16:20.000-07:00
diff --git a/articles/container-registry/tutorial-customer-managed-keys.md b/articles/container-registry/tutorial-customer-managed-keys.md
@@ -1,26 +1,26 @@
 ---
-title: Customer managed key - Overview
-description: Learn about the customer managed keys, an overview on its key features and considerations before you encrypt your Premium registry with a customer-managed key stored in Azure Key Vault.
+title: About customer-managed keys - Overview
+description: Learn about the customer-managed keys, an overview on its key features and considerations before you encrypt your Premium registry with a customer-managed key stored in Azure Key Vault.
 ms.topic: tutorial
 ms.date: 08/5/2022
 ms.custom: subject-rbac-steps, devx-track-azurecli
 ms.author: tejaswikolli
 ---
 
-# Tutorial: An overview of a Customer managed key encryption for your Azure Container Registry
+# Tutorial: An overview of a customer-managed key encryption for your Azure Container Registry
 
-Azure container registry, automatically encrypts the images and other artifacts you store. By default, Azure automatically encrypts the registry content at rest with [service-managed keys](../security/fundamentals/encryption-models.md). You can supplement default encryption with an additional encryption layer using a Customer managed key.
+Azure Container Registry, automatically encrypts the images and other artifacts you store. By default, Azure automatically encrypts the registry content at rest with [service-managed keys](../security/fundamentals/encryption-models.md). You can supplement default encryption with an additional encryption layer using a customer-managed key.
 
   
 In this tutorial, part one in a four-part series:
 
 > [!div class="checklist"]
-> * Customer managed key - Overview
-> * Enable a Customer managed key - CLI, portal, Resource Manager Template
-> * Rotate and revoke a Customer managed key
-> * Troubleshoot a Customer managed key
+> * customer-managed key - Overview
+> * Enable a customer-managed key - CLI, Portal, and Resource Manager Template
+> * Rotate and revoke a customer-managed key
+> * Troubleshoot a customer-managed key
 
-## Customer managed key - Overview
+## About customer-managed key 
 
 A customer-managed key gives you the ownership to bring your own key in the [Azure Key Vault](../key-vault/general/overview.md). The customer-managed key also allows you to manage key rotations, controls the access and permissions to use the key, and audit the usage of the key.
 
@@ -32,19 +32,19 @@ The key features include:
 
 >* **Key life cycle management**: Integrating customer-managed keys with [Azure Key Vault](../key-vault/general/overview.md), will give you full control and responsibility for the key lifecycle, including rotation and management.
 
-## Before you enable a Customer managed key  
+## Before you enable a customer-managed key  
 
-Configure Azure Container Registry (ACR) with a Customer managed key consider knowing:
+Configure Azure Container Registry (ACR) with a customer-managed key consider knowing:
 
 >* This feature is available in the **Premium** container registry service tier. For more information, see [ACR service tiers.](container-registry-skus.md)
 >* You can currently enable a customer-managed key only while creating a registry.
 >* You can't disable the encryption after enabling a customer-managed key on a registry.
 >* You have to configure a *user-assigned* managed identity to access the key vault. Later, if required you can enable the registry's *system-assigned* managed identity for key vault access.
 >* Azure Container Registry supports only RSA or RSA-HSM keys. Elliptic curve keys aren't currently supported.
->* In a registry encrypted with a Customer managed key, you can retain logs for [ACR Tasks](container-registry-tasks-overview.md) only for 24 hours. To retain logs for a longer period, see guidance to [export and store task run logs.](container-registry-tasks-logs.md#alternative-log-storage)
->* [Content trust](container-registry-content-trust.md) is currently not supported in a registry encrypted with a Customer managed key.
+>* In a registry encrypted with a customer-managed key, you can retain logs for [ACR Tasks](container-registry-tasks-overview.md) only for 24 hours. To retain logs for a longer period, see guidance to [export and store task run logs.](container-registry-tasks-logs.md#alternative-log-storage)
+>* [Content trust](container-registry-content-trust.md) is currently not supported in a registry encrypted with a customer-managed key.
 
-## Update the Customer managed key version
+## Update the customer-managed key version
 
 Azure Container Registry supports both automatic and manual rotation  of registry encryption keys when a new key version is available in Azure Key Vault.
 
@@ -59,9 +59,9 @@ For details, see [Choose key ID with version](tutorial-enable-customer-managed-k
 
 ## Next steps
 
-In this tutorial, you have an overview on a Customer managed keys, their key features, and a brief of the considerations to enable a Customer managed keys to your registry and types of updating key versions.
+In this tutorial, you have an overview on a customer-managed keys, their key features, and a brief of the considerations to enable a customer-managed key to your registry and types of updating key versions.
 
-Advance to the next [tutorial](tutorial-enable-customer-managed-keys.md) to enable your container registry with a Customer managed keys using Azure CLI, Azure portal, and Azure Resource Manager template.
+Advance to the next [tutorial](tutorial-enable-customer-managed-keys.md) to enable your container registry with a customer-managed keys using Azure CLI, Azure portal, and Azure Resource Manager template.
 * Learn more about [encryption at rest in Azure](../security/fundamentals/encryption-atrest.md).
 * Learn more about access policies and how to [secure access to a key vault](../key-vault/general/security-features.md).
 
diff --git a/articles/container-registry/tutorial-enable-customer-managed-keys.md b/articles/container-registry/tutorial-enable-customer-managed-keys.md
@@ -1,27 +1,27 @@
 ---
-title: Enable a Customer managed key on Azure Container Registry
+title: Enable a customer-managed key on Azure Container Registry
 description: In this tutorial, learn to encrypt your Premium registry with a customer-managed key stored in Azure Key Vault using Azure CLI.
 ms.topic: tutorial
 ms.date: 08/5/2022
 ms.custom: subject-rbac-steps, devx-track-azurecli
 ---
 
-# Tutorial: Encrypt Azure Container Registry with a Customer managed key 
+# Tutorial: Encrypt Azure Container Registry with a customer-managed key 
 
-This article is part two in a four-part tutorial series. In [part one](tutorial-customer-managed-keys.md), you have an overview about a Customer managed key, key features, and the considerations before you enable a Customer managed key on your registry. This article walks you through the steps using the Azure CLI, Azure portal, or a Resource Manager template.
+This article is part two in a four-part tutorial series. In [part one](tutorial-customer-managed-keys.md), you have an overview about a customer-managed key, key features, and the considerations before you enable a customer-managed key on your registry. This article walks you through the steps using the Azure CLI, Azure portal, or a Resource Manager template.
 
 In this article 
 
->* Enable a Customer managed key - Azure CLI
->* Enable a Customer managed key - Azure Portal
->* Enable a Customer managed key - Azure Resource Manager template
+>* Enable a customer-managed key - Azure CLI
+>* Enable a customer-managed key - Azure Portal
+>* Enable a customer-managed key - Azure Resource Manager template
 
 ## Prerequisites
 
 >* See [Install Azure CLI][azure-cli] or run in [Azure Cloud Shell.](../cloud-shell/quickstart.md).
 >* Sign into [Azure Portal](https://ms.portal.azure.com/) 
 
-## Enable a Customer managed key - Azure CLI
+## Enable a customer-managed key - Azure CLI
 
 ### Create a resource group
 
@@ -192,7 +192,7 @@ keyID=$(az keyvault key show \
 keyID=$(echo $keyID | sed -e "s/\/[^/]*$//")
 ```
 
-### Create a registry with a Customer managed key
+### Create a registry with a customer-managed key
 
 1. Run the [az acr create][az-acr-create](/cli/azure/acr#az-acr-create) command to create a registry in the *Premium* service tier and enable the customer-managed key. 
 
@@ -230,7 +230,7 @@ az acr encryption show --name <container-registry-name>
 }
 ```
 
-## Enable a Customer managed key - Azure portal
+## Enable a customer-managed key - Azure Portal
 
 ### Create a user-assigned managed identity
 
@@ -288,7 +288,7 @@ Create a key in the key vault and use it to encrypt the registry. Follow these s
 1. Accept the remaining default values and select **Create**.
 1. After creation, select the key and then select the current version. Copy the **Key identifier** for the key version.
 
-### Create Azure container registry
+### Create Azure Container Registry
 
 1. Select **Create a resource** > **Containers** > **Container Registry**.
 1. In the **Basics** tab, select or create a resource group, and enter a registry name. In **SKU**, select **Premium**.
@@ -306,9 +306,9 @@ Create a key in the key vault and use it to encrypt the registry. Follow these s
 
 To see the encryption status of your registry in the portal, navigate to your registry. Under **Settings**, select  **Encryption**.
 
-## Enable a Customer managed key - Azure Resource Manager template
+## Enable a customer-managed key - Azure Resource Manager template
 
-You can use a Resource Manager template to create a registry and enable encryption with a Customer managed key. 
+You can use a Resource Manager template to create a registry and enable encryption with a customer-managed key. 
 
 The following Resource Manager template creates a new container registry and a *user-assigned* managed identity.
 
@@ -443,7 +443,7 @@ az acr encryption show --name <registry-name>
 
 ## Next steps
 
-In this tutorial, you've learned to enable a customer-managed key on your Azure container registry using Azure CLI, portal, and Resource Manager template. This article also explains how to create resources for the encryption and verify the encryption status of your registry.
+In this tutorial, you've learned to enable a customer-managed key on your Azure Container Registry using Azure CLI, portal, and Resource Manager template. This article also explains how to create resources for the encryption and verify the encryption status of your registry.
 
 Advance to the next [tutorial](tutorial-rotate-revoke-customer-managed-keys.md), to have a walk-through of performing the customer-managed key rotation, update key versions, and revoke a customer-managed key. 
 
diff --git a/articles/container-registry/tutorial-rotate-revoke-customer-managed-keys.md b/articles/container-registry/tutorial-rotate-revoke-customer-managed-keys.md
@@ -1,18 +1,18 @@
 ---
-title: Rotate and Revoke a Customer managed key 
-description: Learn how to rotate, update, revoke a Customer managed key.
+title: Rotate and Revoke a customer-managed key 
+description: Learn how to rotate, update, revoke a customer-managed key.
 ms.topic: tutorial
 ms.date: 08/5/2022
 ms.custom: subject-rbac-steps, devx-track-azurecli
 ms.author: tejaswikolli
 ---
 
 
-# Rotate and Revoke a Customer managed key 
+# Rotate and Revoke a customer-managed key 
 
-This article is part three in a four-part tutorial series. In [part one](tutorial-customer-managed-keys.md), you have an overview of the customer-managed key, their key features, and the considerations before you enable a Customer managed key on your registry. In [part two](tutorial-enable-customer-managed-keys.md), you've learned to enable a Customer managed key using the Azure CLI, Azure portal, or a Resource Manager template. In this article walks you to rotate a Customer managed key, update key version and revoke the key.
+This article is part three in a four-part tutorial series. In [part one](tutorial-customer-managed-keys.md), you have an overview of the customer-managed key, their key features, and the considerations before you enable a customer-managed key on your registry. In [part two](tutorial-enable-customer-managed-keys.md), you've learned to enable a customer-managed key using the Azure CLI, Azure portal, or a Resource Manager template. In this article walks you to rotate a customer-managed key, update key version and revoke the key.
 
-## Rotate a Customer managed key
+## Rotate a customer-managed key
 
 >* To rotate a key, you can either update the key version in Azure Key Vault or create a new key.
 >* While rotating the key, you can specify the same identity you have used to create the registry.
@@ -40,7 +40,7 @@ az keyvault key create \
 > [!TIP]
 > When you run `az-acr-encryption-rotate-key`, you can pass either a versioned key ID or a non-versioned key ID. If you use a non-versioned key ID, the registry is then configured to automatically detect later key version updates.
 
-Update a Customer managed key version manually:
+Update a customer-managed key version manually:
 
  1. Rotate key and use user-assigned identity
 
@@ -66,7 +66,7 @@ az acr encryption rotate-key \
 
 ### Create or update key version - Portal
 
-Use the registry's **Encryption** settings to update the key vault, key, or identity settings used for a Customer managed key.
+Use the registry's **Encryption** settings to update the key vault, key, or identity settings used for a customer-managed key.
 
 For example, to configure a new key:
 
@@ -79,9 +79,9 @@ For example, to configure a new key:
     * Select **Enter key URI**, and provide a key identifier directly. You can provide either a versioned key URI (for a key that must be rotated manually) or a non-versioned key URI (which enables automatic key rotation).
 1. Complete the key selection and select **Save**.
 
-## Revoke a Customer managed key
+## Revoke a customer-managed key
 
->* You can revoke a Customer managed encryption key by changing the access policy, or changing the permissions on the key vault, or by deleting the key.
+>* You can revoke a customer-managed encryption key by changing the access policy, or changing the permissions on the key vault, or by deleting the key.
 
 1. Run the [az-keyvault-delete-policy](/cli/azure/keyvault#az-keyvault-delete-policy) command to change the access policy of the managed identity used by your registry:
 
@@ -101,12 +101,12 @@ az keyvault key delete  \
   --object-id $identityPrincipalID \                     
 ```
 
->* Revoking a Customer managed key will block access to all registry data. 
+>* Revoking a customer-managed key will block access to all registry data. 
 >* If you enable access to the key or restore a deleted key, the registry will pick the key, and you can gain back control on access to the encrypted registry data. 
 
 ## Next steps
 
-In this tutorial, you've learned to perform key rotations, update key versions using CLI and Portal, and revoking a Customer managed key on your Azure container registry.
+In this tutorial, you've learned to perform key rotations, update key versions using CLI and Portal, and revoking a customer-managed key on your Azure Container Registry.
 
 Advance to the next tutorial to [troubleshoot](tutorial-troubleshoot-customer-managed-keys.md) most common issues like removing a managed identity, 403 errors, and restoring accidental key deletes.
 
diff --git a/articles/container-registry/tutorial-troubleshoot-customer-managed-keys.md b/articles/container-registry/tutorial-troubleshoot-customer-managed-keys.md
@@ -1,18 +1,18 @@
 ---
-title: Troubleshoot a Customer managed key 
-description: Tutorial to troubleshoot the most common issues from a registry enabled with a Customer managed key.
+title: Troubleshoot a customer-managed key 
+description: Tutorial to troubleshoot the most common issues from a registry enabled with a customer-managed key.
 author: tejaswikolli-web
 ms.topic: tutorial
 ms.date: 08/5/2022
 ms.custom: subject-rbac-steps, devx-track-azurecli
 ms.author: tejaswikolli
 ---
 
-# Troubleshoot a Customer managed key 
+# Troubleshoot a customer-managed key 
 
-This article is part four in a four-part tutorial series. In [part one](tutorial-customer-managed-keys.md), you have an overview of the customer-managed key, their key features, and the considerations before you enable a customer-managed key on your registry. In [part two](tutorial-enable-customer-managed-keys.md), you've learned to enable customer-managed keys using the Azure CLI, Azure portal, or a Resource Manager template. In [part three](tutorial-rotate-revoke-customer-managed-keys.md), you'll learn to rotate, update, revoke a Customer managed key. In this article, learn to troubleshoot any issues with customer-managed keys.
+This article is part four in a four-part tutorial series. In [part one](tutorial-customer-managed-keys.md), you have an overview of the customer-managed keys, their key features, and the considerations before you enable a customer-managed key on your registry. In [part two](tutorial-enable-customer-managed-keys.md), you've learned to enable customer-managed keys using the Azure CLI, Azure portal, or a Resource Manager template. In [part three](tutorial-rotate-revoke-customer-managed-keys.md), you'll learn to rotate, update, revoke a customer-managed key. In this article, learn to troubleshoot any issues with customer-managed keys.
 
-## Troubleshoot a Customer managed key
+## Troubleshoot a customer-managed key
 
 This article helps you to troubleshoot and resolve most common issues such as authentication issues, accidental deletions of keys, etc.
 ## Removing managed identity
@@ -48,7 +48,7 @@ If issue occurs while you try to remove a system-assigned identity, please [crea
 
 ## Enabling the key vault firewall
 
-If you enable a key vault firewall or virtual network after creating an encrypted registry, you might see HTTP 403 or other errors with image import or automated key rotation. To correct this problem, reconfigure the managed identity and key you used initially for encryption. See steps in [Rotate a customer managed key.](tutorial-rotate-revoke-customer-managed-keys.md#rotate-a-customer-managed-key)
+If you enable a key vault firewall or virtual network after creating an encrypted registry, you might see HTTP 403 or other errors with image import or automated key rotation. To correct this problem, reconfigure the managed identity and key you used initially for encryption. See steps in [Rotate a customer-managed key.](tutorial-rotate-revoke-customer-managed-keys.md#rotate-a-customer-managed-key)
 
 If the problem persists, please contact Azure Support.
 
