MicrosoftDocs
diff --git a/‎articles/key-vault/key-vault-whatis.md
Lines changed: 21 additions & 21 deletions b/‎articles/key-vault/key-vault-whatis.md
Lines changed: 21 additions & 21 deletions
@@ -19,36 +19,36 @@ ms.author: barclayn
 ---
 # What is Azure Key Vault?
 
-Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services. By using Key Vault, you can encrypt keys and secrets (such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords) using keys protected by hardware security modules (HSMs). For added assurance, you can import or generate keys in HSMs. If you choose to do this, Microsoft processes your keys in FIPS 140-2 Level 2 validated HSMs (hardware and firmware).  
+Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services. By using Key Vault, you can encrypt keys and secrets (such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords) by using keys protected by hardware security modules (HSMs). For added assurance, you can import or generate keys in HSMs. If you choose to do this, Microsoft processes your keys in FIPS 140-2 Level 2 validated HSMs (hardware and firmware).  
 
-Key Vault streamlines the key management process and enables you to maintain control of keys that access and encrypt your data. Developers can create keys for development and testing in minutes, and then seamlessly migrate them to production keys. Security administrators can grant (and revoke) permission to keys, as needed.
+Key Vault streamlines the key management process. You maintain control of keys that access and encrypt your data. Developers can create keys for development and testing in minutes, and then seamlessly migrate them to production keys. Security administrators can grant (and revoke) permission to keys, as needed.
 
 ## Basic concepts
 
 Azure Key Vault is a tool for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates.
-Below are some key terms:
-- **Tenant** - A tenant is the organization that owns and manages a specific instance of Microsoft cloud services. It’s most often used in an exact manner to refer to the set of Azure and Office 365 services for an organization
-- **Vault Owner** - can create a Key Vault gaining full access and control over it. The vault owner can also set up auditing to log who accesses secrets & keys. Administrators can control the key lifecycle. They can roll to a new version of the key, back it up, etc.
-- **Resource** - A manageable item that is available through Azure. Some common resources are a virtual machine, storage account, web app, database, and virtual network, but there are many more.
-- **Resource group** - A container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization. See Resource groups.
-- **Vault Consumer** - can perform actions on the assets inside the Key Vault when the vault owner grants him/her access which depend on the permissions granted.
-- **[Azure Active Directory](../active-directory/active-directory-whatis.md)** is the Azure AD service for a given tenant. Each directory has one or more domains. A directory can have many subscriptions associated with it, but only one tenant. 
-- **Azure Tenant ID** - This is a unique way to identify an Azure Active Directory within a Azure Subscription. 
-- **Managed Service Identity** - Azure Key Vault provides a way to securely store credentials and other keys and secrets, but your code needs to authenticate to Key Vault to retrieve them. Managed Service Identity(MSI) makes solving this problem simpler by giving Azure services an automatically managed identity in Azure Active Directory (Azure AD). You can use this identity to authenticate to Key Vault or any service that supports Azure AD authentication, without having any credentials in your code. To read more about MSI refer [here](../active-directory/managed-service-identity/overview.md)
+Here are some key terms:
+- **Tenant**: A tenant is the organization that owns and manages a specific instance of Microsoft cloud services. It’s most often used in an exact manner to refer to the set of Azure and Office 365 services for an organization.
+- **Vault owner**: A vault owner can create a key vault and gain full access and control over it. The vault owner can also set up auditing to log who accesses secrets and keys. Administrators can control the key lifecycle. They can roll to a new version of the key, back it up, and do related tasks.
+- **Resource**: A resource is a manageable item that's available through Azure. Some common resources are a virtual machine, storage account, web app, database, and virtual network, but there are many more.
+- **Resource group**: A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. You decide how you want to allocate resources to resource groups, based on what makes the most sense for your organization.
+- **Vault consumer**: A vault consumer can perform actions on the assets inside the key vault when the vault owner grants the consumer access. The available actions depend on the permissions granted.
+- **[Azure Active Directory (Azure AD)](../active-directory/active-directory-whatis.md)**: Azure AD is the Active Directory service for a tenant. Each directory has one or more domains. A directory can have many subscriptions associated with it, but only one tenant. 
+- **Azure tenant ID**: A tenant ID is a unique way to identify an Azure AD instance within an Azure subscription.
+- **Managed Service Identity**: Azure Key Vault provides a way to securely store credentials and other keys and secrets, but your code needs to authenticate to Key Vault to retrieve them. Managed Service Identity makes solving this problem simpler by giving Azure services an automatically managed identity in Azure AD. You can use this identity to authenticate to Key Vault or any service that supports Azure AD authentication, without having any credentials in your code. For more information, see [Managed Service Identity for Azure resources](../active-directory/managed-service-identity/overview.md).
 
-    ![MSI graphic](./media/key-vault-whatis/msi.png)
+    ![Diagram of how Managed Service Identity works](./media/key-vault-whatis/msi.png)
 
-## Key vault roles
+## Key Vault roles
 
 Use the following table to better understand how Key Vault can help to meet the needs of developers and security administrators.
 
 | Role | Problem statement | Solved by Azure Key Vault |
 | --- | --- | --- |
-| Developer for an Azure application |“I want to write an application for Azure that uses keys for signing and encryption, but I want these keys to be external from my application so that the solution is suitable for an application that is geographically distributed. <br/><br/>I also want these keys and secrets to be protected, without having to write the code myself. I also want these keys and secrets to be easy for me to use from my applications, with optimal performance.” |√ Keys are stored in a vault and invoked by URI when needed.<br/><br/> √ Keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and hardware security modules (HSMs).<br/><br/> √ Keys are processed in HSMs that reside in the same Azure datacenters as the applications. This provides better reliability and reduced latency than if the keys reside in a separate location, such as on-premises. |
-| Developer for Software as a Service (SaaS) |“I don’t want the responsibility or potential liability for my customers’ tenant keys and secrets. <br/><br/>I want the customers to own and manage their keys so that I can concentrate on doing what I do best, which is providing the core software features.” |√ Customers can import their own keys into Azure, and manage them. When a SaaS application needs to perform cryptographic operations by using their customers’ keys, Key Vault does these operations on behalf of the application. The application does not see the customers’ keys. |
-| Chief security officer (CSO) |“I want to know that our applications comply with FIPS 140-2 Level 2 HSMs for secure key management. <br/><br/>I want to make sure that my organization is in control of the key life cycle and can monitor key usage. <br/><br/>And although we use multiple Azure services and resources, I want to manage the keys from a single location in Azure.” |√ HSMs are FIPS 140-2 Level 2 validated.<br/><br/>√ Key Vault is designed so that Microsoft does not see or extract your keys.<br/><br/>√ Near real-time logging of key usage.<br/><br/>√ The vault provides a single interface, regardless of how many vaults you have in Azure, which regions they support, and which applications use them. |
+| Developer for an Azure application |“I want to write an application for Azure that uses keys for signing and encryption, but I want these keys to be external from my application so that the solution is suitable for an application that is geographically distributed. <br/><br/>I want these keys and secrets to be protected, without having to write the code myself. I also want these keys and secrets to be easy for me to use from my applications, with optimal performance.” |√ Keys are stored in a vault and invoked by URI when needed.<br/><br/> √ Keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and hardware security modules.<br/><br/> √ Keys are processed in HSMs that reside in the same Azure datacenters as the applications. This method provides better reliability and reduced latency than keys that reside in a separate location, such as on-premises. |
+| Developer for software as a service (SaaS) |“I don’t want the responsibility or potential liability for my customers’ tenant keys and secrets. <br/><br/>I want customers to own and manage their keys so that I can concentrate on doing what I do best, which is providing the core software features.” |√ Customers can import their own keys into Azure, and manage them. When a SaaS application needs to perform cryptographic operations by using their customers’ keys, Key Vault does these operations on behalf of the application. The application does not see the customers’ keys. |
+| Chief security officer (CSO) |“I want to know that our applications comply with FIPS 140-2 Level 2 HSMs for secure key management. <br/><br/>I want to make sure that my organization is in control of the key lifecycle and can monitor key usage. <br/><br/>And although we use multiple Azure services and resources, I want to manage the keys from a single location in Azure.” |√ HSMs are FIPS 140-2 Level 2 validated.<br/><br/>√ Key Vault is designed so that Microsoft does not see or extract your keys.<br/><br/>√ Key usage is logged in near real time.<br/><br/>√ The vault provides a single interface, regardless of how many vaults you have in Azure, which regions they support, and which applications use them. |
 
-Anybody with an Azure subscription can create and use key vaults. Although Key Vault benefits developers and security administrators, it could be implemented and managed by an organization’s administrator who manages other Azure services for an organization. For example, this administrator would sign in with an Azure subscription, create a vault for the organization in which to store keys, and then be responsible for operational tasks, such as:
+Anybody with an Azure subscription can create and use key vaults. Although Key Vault benefits developers and security administrators, it can be implemented and managed by an organization’s administrator who manages other Azure services for an organization. For example, this administrator can sign in with an Azure subscription, create a vault for the organization in which to store keys, and then be responsible for operational tasks, such as:
 
 * Create or import a key or secret
 * Revoke or delete a key or secret
@@ -58,17 +58,17 @@ Anybody with an Azure subscription can create and use key vaults. Although Key V
 
 This administrator would then provide developers with URIs to call from their applications, and provide their security administrator with key usage logging information. 
 
-   ![Overview of Azure Key Vault][1]
+![Overview of Azure Key Vault][1]
 
 Developers can also manage the keys directly, by using APIs. For more information, see [the Key Vault developer's guide](key-vault-developers-guide.md).
 
 ## Next steps
 
-For a getting started tutorial for an administrator, see [Get Started with Azure Key Vault](key-vault-get-started.md).
+For a getting-started tutorial for an administrator, see [Get started with Azure Key Vault](key-vault-get-started.md).
 
-For more information about usage logging for Key Vault, see [Azure Key Vault Logging](key-vault-logging.md).
+For more information about usage logging for Key Vault, see [Azure Key Vault logging](key-vault-logging.md).
 
-For more information about using keys and secrets with Azure Key Vault, see [About Keys, Secrets, and Certificates](https://msdn.microsoft.com/library/azure/dn903623\(v=azure.1\).aspx).
+For more information about using keys and secrets with Azure Key Vault, see [About keys, secrets, and certificates](https://msdn.microsoft.com/library/azure/dn903623\(v=azure.1\).aspx).
 
 <!--Image references-->
 [1]: ./media/key-vault-whatis/AzureKeyVault_overview.png