Merge pull request #211520 from tamram/tamram22-0915

add xtenant CMK feature support + fix tabs

Author: prmerger-automator[bot]

articles/storage/blobs/storage-feature-support-in-storage-accounts.md

@@ -59,7 +59,8 @@ The following table describes whether a feature is supported in a standard gener
 | [Change feed](storage-blob-change-feed.md) | ✅ |  ⬤ |  ⬤ |  ⬤ |
 | [Custom domains](storage-custom-domain-name.md) | ✅ | 🟦 | 🟦 | 🟦 |
 | [Customer-managed account failover](../common/storage-disaster-recovery-guidance.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json) | ✅ |  ⬤ |  ⬤ |  ⬤ |
-| [Customer-managed keys (encryption)](../common/customer-managed-keys-overview.md?toc=/azure/storage/blobs/toc.json) | ✅ | ✅ | ✅ | ✅ |
+| [Customer-managed keys in a single-tenant scenario (encryption)](../common/customer-managed-keys-overview.md?toc=/azure/storage/blobs/toc.json) | ✅ | ✅ | ✅ | ✅ |
+| [Customer-managed keys in a multi-tenant scenario (encryption)](../common/customer-managed-keys-overview.md?toc=/azure/storage/blobs/toc.json) | 🟦 | 🟦 |  ⬤ |  ⬤ |
 | [Customer-provided keys (encryption)](encryption-customer-provided-keys.md) | ✅ |  ⬤ |  ⬤ |  ⬤ |
 | [Data redundancy options](../common/storage-redundancy.md?toc=/azure/storage/blobs/toc.json) | &#x2705; | &#x2705; | &#x2705;<sup>2</sup> | &#x2705; |
 | [Encryption scopes](encryption-scope-overview.md) | &#x2705; | &nbsp;&#x2B24; | &nbsp;&#x2B24; | &nbsp;&#x2B24; |

articles/storage/common/customer-managed-keys-configure-cross-tenant-existing-account.md

@@ -93,7 +93,7 @@ When you configure encryption with customer-managed keys for an existing storage
 >
 > Azure Storage checks the key vault for a new key version only once daily. When you rotate a key in Azure Key Vault, be sure to wait 24 hours before disabling the older version.
 
-### [Azure portal](#tab/portal)
+### [Azure portal](#tab/azure-portal)
 
 To configure cross-tenant customer-managed keys for an existing storage account in the Azure portal, follow these steps:
 
@@ -117,7 +117,7 @@ After you've specified the key from the key vault in the customer's tenant, the
 
 :::image type="content" source="media/customer-managed-keys-configure-cross-tenant-existing-account/portal-cross-tenant-cmk-settings.png" alt-text="Screenshot showing cross-tenant customer-managed key configuration.":::
 
-### [PowerShell](#tab/powershell)
+### [PowerShell](#tab/azure-powershell)
 
 N/A
 

articles/storage/common/customer-managed-keys-configure-cross-tenant-new-account.md

@@ -93,7 +93,7 @@ When you configure encryption with customer-managed keys for an existing storage
 >
 > Azure Storage checks the key vault for a new key version only once daily. When you rotate a key in Azure Key Vault, be sure to wait 24 hours before disabling the older version.
 
-### [Azure portal](#tab/portal)
+### [Azure portal](#tab/azure-portal)
 
 To configure cross-tenant customer-managed keys for a new storage account in the Azure portal, follow these steps:
 
@@ -109,7 +109,7 @@ To configure cross-tenant customer-managed keys for a new storage account in the
 
 1. Select the **Review** button to validate and create the account.
 
-### [PowerShell](#tab/powershell)
+### [PowerShell](#tab/azure-powershell)
 
 N/A
 

includes/storage-customer-managed-keys-change-include.md

@@ -14,15 +14,15 @@ ms.custom: "include file"
 
 You can change the key that you are using for Azure Storage encryption at any time.
 
-# [Azure portal](#tab/portal)
+# [Azure portal](#tab/azure-portal)
 
 To change the key with the Azure portal, follow these steps:
 
 1. Navigate to your storage account and display the **Encryption** settings.
 1. Select the key vault and choose a new key.
 1. Save your changes.
 
-# [PowerShell](#tab/powershell)
+# [PowerShell](#tab/azure-powershell)
 
 To change the key with PowerShell, call [Set-AzStorageAccount](/powershell/module/az.storage/set-azstorageaccount) and provide the new key name and version. If the new key is in a different key vault, then you must also update the key vault URI.
 

includes/storage-customer-managed-keys-disable-include.md

@@ -14,14 +14,14 @@ ms.custom: "include file"
 
 When you disable customer-managed keys, your storage account is once again encrypted with Microsoft-managed keys.
 
-# [Azure portal](#tab/portal)
+# [Azure portal](#tab/azure-portal)
 
 To disable customer-managed keys in the Azure portal, follow these steps:
 
 1. Navigate to your storage account and display the **Encryption** settings.
 1. Deselect the checkbox next to the **Use your own key** setting.
 
-# [PowerShell](#tab/powershell)
+# [PowerShell](#tab/azure-powershell)
 
 To disable customer-managed keys with PowerShell, call [Set-AzStorageAccount](/powershell/module/az.storage/set-azstorageaccount) with the `-StorageEncryption` option, as shown in the following example. Remember to replace the placeholder values in brackets with your own values and to use the variables defined in the previous examples.
 

includes/storage-customer-managed-keys-key-vault-add-key-include.md

@@ -16,11 +16,11 @@ Next, add a key to the key vault.
 
 Azure Storage encryption supports RSA and RSA-HSM keys of sizes 2048, 3072 and 4096. For more information about supported key types, see [About keys](../articles/key-vault/keys/about-keys.md).
 
-# [Azure portal](#tab/portal)
+# [Azure portal](#tab/azure-portal)
 
 To learn how to add a key with the Azure portal, see [Quickstart: Set and retrieve a key from Azure Key Vault using the Azure portal](../articles/key-vault/keys/quick-create-portal.md).
 
-# [PowerShell](#tab/powershell)
+# [PowerShell](#tab/azure-powershell)
 
 To add a key with PowerShell, call [Add-AzKeyVaultKey](/powershell/module/az.keyvault/add-azkeyvaultkey). Remember to replace the placeholder values in brackets with your own values and to use the variables defined in the previous examples.
 

includes/storage-customer-managed-keys-key-vault-configure-include.md

@@ -16,7 +16,7 @@ You can use a new or existing key vault to store customer-managed keys. The stor
 
 Using customer-managed keys with Azure Storage encryption requires that both soft delete and purge protection be enabled for the key vault. Soft delete is enabled by default when you create a new key vault and cannot be disabled. You can enable purge protection either when you create the key vault or after it is created.
 
-# [Azure portal](#tab/portal)
+# [Azure portal](#tab/azure-portal)
 
 To learn how to create a key vault with the Azure portal, see [Quickstart: Create a key vault using the Azure portal](../articles/key-vault/general/quick-create-portal.md). When you create the key vault, select **Enable purge protection**, as shown in the following image.
 
@@ -28,7 +28,7 @@ To enable purge protection on an existing key vault, follow these steps:
 1. Under **Settings**, choose **Properties**.
 1. In the **Purge protection** section, choose **Enable purge protection**.
 
-# [PowerShell](#tab/powershell)
+# [PowerShell](#tab/azure-powershell)
 
 To create a new key vault with PowerShell, install version 2.0.0 or later of the [Az.KeyVault](https://www.powershellgallery.com/packages/Az.KeyVault/2.0.0) PowerShell module. Then call [New-AzKeyVault](/powershell/module/az.keyvault/new-azkeyvault) to create a new key vault. With version 2.0.0 and later of the Az.KeyVault module, soft delete is enabled by default when you create a new key vault.
 

includes/storage-customer-managed-keys-revoke-include.md

@@ -14,11 +14,11 @@ ms.custom: "include file"
 
 Revoking a customer-managed key removes the association between the storage account and the key vault.
 
-# [Azure portal](#tab/portal)
+# [Azure portal](#tab/azure-portal)
 
 To revoke customer-managed keys with the Azure portal, disable the key as described in [Disable customer-managed keys](#disable-customer-managed-keys).
 
-# [PowerShell](#tab/powershell)
+# [PowerShell](#tab/azure-powershell)
 
 You can revoke customer-managed keys by removing the key vault access policy. To revoke a customer-managed key with PowerShell, call the [Remove-AzKeyVaultAccessPolicy](/powershell/module/az.keyvault/remove-azkeyvaultaccesspolicy) command, as shown in the following example. Remember to replace the placeholder values in brackets with your own values and to use the variables defined in the previous examples.