Changed CMK intro to explicit 2 encryption layers

Thomas Weiss · Thomas Weiss · commit 5067e6bef456 · 2020-03-19T12:21:04.000-07:00
diff --git a/articles/cosmos-db/how-to-setup-cmk.md b/articles/cosmos-db/how-to-setup-cmk.md
@@ -4,7 +4,7 @@ description: Learn how to configure customer-managed keys for your Azure Cosmos
 author: ThomasWeiss
 ms.service: cosmos-db
 ms.topic: conceptual
-ms.date: 03/12/2020
+ms.date: 03/19/2020
 ms.author: thweiss
 ROBOTS: noindex, nofollow
 ---
@@ -14,11 +14,7 @@ ROBOTS: noindex, nofollow
 > [!NOTE]
 > At this time, you must request access to use this capability. To do so, please contact [azurecosmosdbcmk@service.microsoft.com](mailto:azurecosmosdbcmk@service.microsoft.com).
 
-Data stored in your Azure Cosmos account is automatically and seamlessly encrypted. Azure Cosmos DB offers two options to manage the keys used to encrypt the data at rest:
-
-- **Service-managed keys**: By default, Microsoft manages the keys that are used to encrypt the data in your Azure Cosmos account.
-
-- **Customer-managed keys (CMK)**: You can optionally choose to add a second layer of encryption with your own keys.
+Data stored in your Azure Cosmos account is automatically and seamlessly encrypted with keys managed by Microsoft (**service-managed keys**). Optionally, you can choose to add a second layer of encryption with keys you manage (**customer-managed keys**).
 
 You must store customer-managed keys in [Azure Key Vault](../key-vault/key-vault-overview.md) and provide a key for each Azure Cosmos account that is enabled with customer-managed keys. This key is used to encrypt all the data stored in that account.
 
