MicrosoftDocs
diff --git a/‎articles/virtual-machines/disks-enable-customer-managed-keys-portal.md
Lines changed: 16 additions & 17 deletions b/‎articles/virtual-machines/disks-enable-customer-managed-keys-portal.md
Lines changed: 16 additions & 17 deletions
diff --git a/‎articles/virtual-machines/disks-enable-double-encryption-at-rest-portal.md
Lines changed: 11 additions & 20 deletions b/‎articles/virtual-machines/disks-enable-double-encryption-at-rest-portal.md
Lines changed: 11 additions & 20 deletions
@@ -3,7 +3,7 @@ title: Azure portal - Enable customer-managed keys with SSE - managed disks
 description: Enable customer-managed keys on your managed disks through the Azure portal.
 author: roygara
 
-ms.date: 06/16/2022
+ms.date: 01/19/2023
 ms.topic: how-to
 ms.author: rogarana
 ms.service: storage
@@ -14,13 +14,13 @@ ms.subservice: disks
 
 **Applies to:** :heavy_check_mark: Linux VMs :heavy_check_mark: Windows VMs :heavy_check_mark: 
 
-Azure Disk Storage allows you to manage your own keys when using server-side encryption (SSE) for managed disks, if you choose. For conceptual information on SSE with customer managed keys, as well as other managed disk encryption types, see the **Customer-managed keys** section of our disk encryption article: [Customer-managed keys](disk-encryption.md#customer-managed-keys)
+Azure Disk Storage allows you to manage your own keys when using server-side encryption (SSE) for managed disks, if you choose. For conceptual information on SSE with customer managed keys, and other managed disk encryption types, see the **Customer-managed keys** section of our disk encryption article: [Customer-managed keys](disk-encryption.md#customer-managed-keys)
 
 ## Restrictions
 
 For now, customer-managed keys have the following restrictions:
 
-- If this feature is enabled for your disk, you cannot disable it.
+- If this feature is enabled for your disk, you can't disable it.
     If you need to work around this, you must copy all the data to an entirely different managed disk that isn't using customer-managed keys:
 
     - For Linux: [Copy a managed disk](./linux/disks-upload-vhd-to-managed-disk-cli.md#copy-a-managed-disk)
@@ -38,39 +38,38 @@ The following sections cover how to enable and use customer-managed keys for man
 Now that you've created and set up your key vault and the disk encryption set, you can deploy a VM using the encryption.
 The VM deployment process is similar to the standard deployment process, the only differences are that you need to deploy the VM in the same region as your other resources and you opt to use a customer managed key.
 
-1. Search for **Virtual Machines** and select **+ Add** to create a VM.
-1. On the **Basic** blade, select the same region as your disk encryption set and Azure Key Vault.
-1. Fill in the other values on the **Basic** blade as you like.
+1. Search for **Virtual Machines** and select **+ Create** to create a VM.
+1. On the **Basic** pane, select the same region as your disk encryption set and Azure Key Vault.
+1. Fill in the other values on the **Basic** pane as you like.
 
-    ![Screenshot of the VM creation experience, with the region value highlighted.](media/virtual-machines-disk-encryption-portal/server-side-encryption-create-a-vm-region.png)
+    :::image type="content" source="media/virtual-machines-disk-encryption-portal/server-side-encryption-create-a-vm-region.png" alt-text="Screenshot of the VM creation experience, with the region value highlighted." lightbox="media/virtual-machines-disk-encryption-portal/server-side-encryption-create-a-vm-region.png":::
 
-1. On the **Disks** blade, select **Encryption at rest with a customer-managed key**.
-1. Select your disk encryption set in the **Disk encryption set** drop-down.
+1. On the **Disks** pane, for **Key management** select your disk encryption set, key vault, and key in the drop-down.
 1. Make the remaining selections as you like.
 
-    ![Screenshot of the VM creation experience, the disks blade. With the disk encryption set drop-down highlighted.](media/virtual-machines-disk-encryption-portal/server-side-encryption-create-vm-select-customer-managed-key-disk-encryption-set.png)
+    :::image type="content" source="media/virtual-machines-disk-encryption-portal/server-side-encryption-create-vm-customer-managed-key-disk-encryption-set.png" alt-text="Screenshot of the VM creation experience, the disks pane, customer-managed key selected." lightbox="media/virtual-machines-disk-encryption-portal/server-side-encryption-create-vm-customer-managed-key-disk-encryption-set.png":::
 
 ## Enable on an existing disk
 
 > [!CAUTION]
-> Enabling disk encryption on any disks attached to a VM will require that you stop the VM.
+> Enabling disk encryption on any disks attached to a VM requires you to stop the VM.
     
 1. Navigate to a VM that is in the same region as one of your disk encryption sets.
 1. Open the VM and select **Stop**.
 
-    ![Screenshot of the main overlay for your example VM, with the Stop button highlighted.](media/virtual-machines-disk-encryption-portal/server-side-encryption-stop-vm-to-encrypt-disk-fix.png)
+    :::image type="content" source="media/virtual-machines-disk-encryption-portal/server-side-encryption-stop-vm-to-encrypt-disk-fix.png" alt-text="Screenshot of the main overlay for your example VM, with the Stop button highlighted." lightbox="media/virtual-machines-disk-encryption-portal/server-side-encryption-stop-vm-to-encrypt-disk-fix.png":::
 
-1. After the VM has finished stopping, select **Disks** and then select the disk you want to encrypt.
+1. After the VM has finished stopping, select **Disks**, and then select the disk you want to encrypt.
 
-    ![Screenshot of your example VM, with the Disks blade open. The OS disk is highlighted, as an example disk for you to select.](media/virtual-machines-disk-encryption-portal/server-side-encryption-existing-disk-select.png)
+    :::image type="content" source="media/virtual-machines-disk-encryption-portal/server-side-encryption-existing-disk-select.png" alt-text="Screenshot of your example VM, with the Disks pane open, the OS disk is highlighted, as an example disk for you to select." lightbox="media/virtual-machines-disk-encryption-portal/server-side-encryption-existing-disk-select.png":::
 
-1. Select **Encryption** and select **Encryption at rest with a customer-managed key** and then select your disk encryption set in the drop-down list.
+1. Select **Encryption** and under **Key management** select your key vault and key in the drop-down list, under **Customer-managed key**.
 1. Select **Save**.
 
-    ![Screenshot of your example OS disk. The encryption blade is open, encryption at rest with a customer-managed key is selected, as well as your example Azure Key Vault. After making those selections, the save button is selected.](media/virtual-machines-disk-encryption-portal/server-side-encryption-encrypt-existing-disk-customer-managed-key.png)
+    :::image type="content" source="media/virtual-machines-disk-encryption-portal/server-side-encryption-encrypt-existing-disk-customer-managed-key.png" alt-text="Screenshot of your example OS disk, the encryption pane is open, encryption at rest with a customer-managed key is selected, as well as your example Azure Key Vault." lightbox="media/virtual-machines-disk-encryption-portal/server-side-encryption-encrypt-existing-disk-customer-managed-key.png":::
 
 1. Repeat this process for any other disks attached to the VM you'd like to encrypt.
-1. When your disks finish switching over to customer-managed keys, if there are no there no other attached disks you'd like to encrypt, you may start your VM.
+1. When your disks finish switching over to customer-managed keys, if there are no there no other attached disks you'd like to encrypt, start your VM.
 
 > [!IMPORTANT]
 > Customer-managed keys rely on managed identities for Azure resources, a feature of Azure Active Directory (Azure AD). When you configure customer-managed keys, a managed identity is automatically assigned to your resources under the covers. If you subsequently move the subscription, resource group, or managed disk from one Azure AD directory to another, the managed identity associated with the managed disks is not transferred to the new tenant, so customer-managed keys may no longer work. For more information, see [Transferring a subscription between Azure AD directories](../active-directory/managed-identities-azure-resources/known-issues.md#transferring-a-subscription-between-azure-ad-directories).
 
@@ -3,7 +3,7 @@ title: Enable double encryption at rest - Azure portal - managed disks
 description: Enable double encryption at rest for your managed disk data using the Azure portal.
 author: roygara
 
-ms.date: 06/29/2021
+ms.date: 01/19/2023
 ms.topic: how-to
 ms.author: rogarana
 ms.service: storage
@@ -15,23 +15,16 @@ ms.custom: references_regions
 
 **Applies to:** :heavy_check_mark: Linux VMs :heavy_check_mark: Windows VMs :heavy_check_mark:
 
-Azure Disk Storage supports double encryption at rest for managed disks. For conceptual information on double encryption at rest, as well as other managed disk encryption types, see the [Double encryption at rest](disk-encryption.md#double-encryption-at-rest) section of our disk encryption article.
+Azure Disk Storage supports double encryption at rest for managed disks. For conceptual information on double encryption at rest, and other managed disk encryption types, see the [Double encryption at rest](disk-encryption.md#double-encryption-at-rest) section of our disk encryption article.
 
 ## Getting started
 
-1. Sign in to the [Azure portal](https://aka.ms/diskencryptionupdates).
-
-    > [!IMPORTANT]
-    > You must use the [provided link](https://aka.ms/diskencryptionupdates) to access the Azure portal. Double encryption at rest is not currently visible in the public Azure portal without using the link.
-
+1. Sign in to the [Azure portal](https://portal.azure.com).
 1. Search for and select **Disk Encryption Sets**.
 
-    :::image type="content" source="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-disk-encryption-sets-search.png" alt-text="Screenshot of the main Azure portal, disk encryption sets is highlighted in the search bar.":::
-
-1. Select **+ Add**.
-
-    :::image type="content" source="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-add-disk-encryption-set.png" alt-text="Screenshot of the disk encryption set blade, + Add is highlighted.":::
+    :::image type="content" source="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-disk-encryption-sets-search.png" alt-text="Screenshot of the main Azure portal, disk encryption sets is highlighted in the search bar." lightbox="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-disk-encryption-sets-search.png":::
 
+1. Select **+ Create**.
 1. Select one of the supported regions.
 1. For **Encryption type**, select **Double encryption with platform-managed and customer-managed keys**.
 
@@ -40,35 +33,33 @@ Azure Disk Storage supports double encryption at rest for managed disks. For con
 
 1. Fill in the remaining info.
 
-    :::image type="content" source="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-create-disk-encryption-set-blade.png" alt-text="Screenshot of the disk encryption set creation blade, regions and double encryption with platform-managed and customer-managed keys are highlighted.":::
+    :::image type="content" source="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-create-disk-encryption-set-blade.png" alt-text="Screenshot of the disk encryption set creation blade, regions and double encryption with platform-managed and customer-managed keys are highlighted." lightbox="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-create-disk-encryption-set-blade.png":::
 
 1. Select an Azure Key Vault and key, or create a new one if necessary.
 
     > [!NOTE]
     > If you create a Key Vault instance, you must enable soft delete and purge protection. These settings are mandatory when using a Key Vault for encrypting managed disks, and protect you from losing data due to accidental deletion.
 
-    :::image type="content" source="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-select-key-vault.png" alt-text="Screenshot of the Key Vault creation blade.":::
+    :::image type="content" source="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-select-key-vault.png" alt-text="Screenshot of the Key Vault creation blade." lightbox="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-select-key-vault.png":::
 
 1. Select **Create**.
 1. Navigate to the disk encryption set you created, and select the error that is displayed. This will configure your disk encryption set to work.
 
-    :::image type="content" source="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-disk-set-error.png" alt-text="Screenshot of the disk encryption set displayed error, the error text is: To associate a disk, image, or snapshot with this disk encryption set, you must grant permissions to the key vault.":::
+    :::image type="content" source="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-disk-set-error.png" alt-text="Screenshot of the disk encryption set displayed error, the error text is: To associate a disk, image, or snapshot with this disk encryption set, you must grant permissions to the key vault." lightbox="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-disk-set-error.png":::
 
     A notification should pop up and succeed. Doing this will allow you to use the disk encryption set with your key vault.
 
-    ![Screenshot of successful permission and role assignment for your key vault.](media/virtual-machines-disks-double-encryption-at-rest-portal/disk-encryption-notification-success.png)
+    :::image type="content" source="media/virtual-machines-disks-double-encryption-at-rest-portal/disk-encryption-notification-success.png" alt-text="Screenshot of successful permission and role assignment for your key vault." lightbox="media/virtual-machines-disks-double-encryption-at-rest-portal/disk-encryption-notification-success.png":::
 
 1. Navigate to your disk.
 1. Select **Encryption**.
-1. For **Encryption type**, select **Double encryption with platform-managed and customer-managed keys**.
-1. Select your disk encryption set.
+1. For **Key management**, select one of the keys under **Platform-managed and customer-managed keys**.
 1. select **Save**.
 
-    :::image type="content" source="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-enable-disk-blade.png" alt-text="Screenshot of the encryption blade for your managed disk, the aforementioned encryption type is highlighted.":::
+    :::image type="content" source="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-enable-disk-blade.png" alt-text="Screenshot of the encryption blade for your managed disk, the aforementioned encryption type is highlighted." lightbox="media/virtual-machines-disks-double-encryption-at-rest-portal/double-encryption-enable-disk-blade.png":::
 
 You have now enabled double encryption at rest on your managed disk.
 
-
 ## Next steps
 
 - [Azure PowerShell - Enable customer-managed keys with server-side encryption - managed disks](./windows/disks-enable-customer-managed-keys-powershell.md)