Update use-kms-etcd-encryption.md

Author: CocoWang-wql

articles/aks/use-kms-etcd-encryption.md

@@ -30,11 +30,11 @@ For more information on using the KMS plugin, see [Encrypting Secret Data at Res
 
 The following limitations apply when you integrate KMS etcd encryption with AKS:
 
-* Deletion of the key, Key Vault, or the associated identity is not allowed.
+* Deletion of the key, Key Vault, or the associated identity isn't supported.
 * KMS etcd encryption doesn't work with system-assigned managed identity. The key vault access policy is required to be set before the feature is enabled. In addition, system-assigned managed identity isn't available until cluster creation, thus there's a cycle dependency.
-* There is a hard limit that you cannot use more than 2000 secrets in a cluster enabled with KMS.
-* Bring your own (BYO) Azure Key Vault from another tenant is not supported.
-* With KMS enabled, you cannot change associated Azure Key Vault model (public, private). For [changing associated key vault mode][changing-associated-key-vault-mode], you need to disable and enable KMS again.
+* The maximum number of secrets that a cluster enabled with KMS supports is 2,000.
+* Bring your own (BYO) Azure Key Vault from another tenant isn't supported.
+* With KMS enabled, you can't  change associated Azure Key Vault model (public, private). To [change associated key vault mode][changing-associated-key-vault-mode], you need to disable and enable KMS again.
 * If a cluster is enabled KMS with private key vault and not using `VNet integration` tunnel, then stop/start cluster is not allowed.
 
 KMS supports [public key vault][Enable-KMS-with-public-key-vault] and [private key vault][Enable-KMS-with-private-key-vault].