formatting

v-dirichards · web-flow · commit 6c8bbe80d3e3 · 2023-04-10T11:42:27.000-05:00
diff --git a/articles/cosmos-db/postgresql/how-to-customer-managed-keys.md b/articles/cosmos-db/postgresql/how-to-customer-managed-keys.md
@@ -36,69 +36,69 @@ ms.date: 04/06/2023
 
 ### User Assigned Managed Identity
 
-   1. Search for Managed Identities in the global search bar.
+1. Search for Managed Identities in the global search bar.
 
-      ![Screenshot of Managed Identities in Azure portal.](media/how-to-customer-managed-keys/user-assigned-managed-identity.png)
+   ![Screenshot of Managed Identities in Azure portal.](media/how-to-customer-managed-keys/user-assigned-managed-identity.png)
 
 
-   1. Create a new User assigned managed Identity in the same region as your Azure Cosmos DB for PostgreSQL cluster.
+1. Create a new User assigned managed Identity in the same region as your Azure Cosmos DB for PostgreSQL cluster.
 
-      ![Screenshot of User assigned managed Identity page in Azure portal.](media/how-to-customer-managed-keys/user-assigned-managed-identity-provisioning.png)
+   ![Screenshot of User assigned managed Identity page in Azure portal.](media/how-to-customer-managed-keys/user-assigned-managed-identity-provisioning.png)
 
 
-   Learn more about [User Assigned Managed Identity.](../../active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md?pivots=identity-mi-methods-azp#create-a-user-assigned-managed-identity).
+Learn more about [User Assigned Managed Identity.](../../active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md?pivots=identity-mi-methods-azp#create-a-user-assigned-managed-identity).
 
 ### Key Vault
 
-   Using customer-managed keys with Azure Cosmos DB for PostgreSQL requires you to set two properties on the Azure Key Vault instance that you plan to use to host your encryption keys: Soft Delete and Purge Protection.
+Using customer-managed keys with Azure Cosmos DB for PostgreSQL requires you to set two properties on the Azure Key Vault instance that you plan to use to host your encryption keys: Soft Delete and Purge Protection.
 
-   1. If you create a new Azure Key Vault instance, enable these properties during creation:
+1. If you create a new Azure Key Vault instance, enable these properties during creation:
 
    [ ![Screenshot of Key Vault's properties.](media/how-to-customer-managed-keys/key-vault-soft-delete.png) ](media/how-to-customer-managed-keys/key-vault-soft-delete.png#lightbox)
  
-   1. If you're using an existing Azure Key Vault instance, you can verify that these properties are enabled by looking at the Properties section on the Azure portal. If any of these properties aren’t enabled, see the "Enabling soft delete" and "Enabling Purge Protection" sections in one of the following articles.
+1. If you're using an existing Azure Key Vault instance, you can verify that these properties are enabled by looking at the Properties section on the Azure portal. If any of these properties aren’t enabled, see the "Enabling soft delete" and "Enabling Purge Protection" sections in one of the following articles.
 
-      * How to use [soft-delete with PowerShell.](../../key-vault/general/key-vault-recovery.md)
-      * How to use [soft-delete with Azure CLI.](../../key-vault/general/key-vault-recovery.md)
+   * How to use [soft-delete with PowerShell.](../../key-vault/general/key-vault-recovery.md)
+   * How to use [soft-delete with Azure CLI.](../../key-vault/general/key-vault-recovery.md)
 
-   1. The key Vault must be set with 90 days for 'Days to retain deleted vaults'. If the existing key Vault has been configured with a lower number, you'll need to create a new key vault as it can't be modified after creation.
+1. The key Vault must be set with 90 days for 'Days to retain deleted vaults'. If the existing key Vault has been configured with a lower number, you'll need to create a new key vault as it can't be modified after creation.
 
    > [!IMPORTANT]
    > Your Azure Key Vault instance must be allow public access from all the networks.
 
 ### Add an Access Policy to the Key Vault
 
-   1. From the Azure portal, go to the Azure Key Vault instance that you plan to use to host your encryption keys. Select Access configuration from the left menu and then select Go to access policies.
+1. From the Azure portal, go to the Azure Key Vault instance that you plan to use to host your encryption keys. Select Access configuration from the left menu and then select Go to access policies.
 
    [ ![Screenshot of Key Vault's access configuration.](media/how-to-customer-managed-keys/access-policy.png) ](media/how-to-customer-managed-keys/access-policy.png#lightbox)
 
-   1. Select + Create.
+1. Select + Create.
 
-   1. In the Permissions Tab under the Key permissions drop-down menu, select Get, Unwrap Key, and Wrap Key permissions.
+1. In the Permissions Tab under the Key permissions drop-down menu, select Get, Unwrap Key, and Wrap Key permissions.
 
-   [ ![Screenshot of Key Vault's permissions settings.](media/how-to-customer-managed-keys/access-policy-permissions.png) ] (media/how-to-customer-managed-keys/access-policy-permissions.png#lightbox)
+   [ ![Screenshot of Key Vault's permissions settings.](media/how-to-customer-managed-keys/access-policy-permissions.png ](media/how-to-customer-managed-keys/access-policy-permissions.png#lightbox)
 
-   1. In the Principal Tab, select the User Assigned Managed Identity you had created in prerequisite step.
+1. In the Principal Tab, select the User Assigned Managed Identity you had created in prerequisite step.
 
-   1. Navigate to Review + create select Create.
+1. Navigate to Review + create select Create.
 
 ### Create / Import Key
 
-   1. From the Azure portal, go to the Azure Key Vault instance that you plan to use to host your encryption keys.
+1. From the Azure portal, go to the Azure Key Vault instance that you plan to use to host your encryption keys.
 
-   1. Select Keys from the left menu and then select +Generate/Import.
+1. Select Keys from the left menu and then select +Generate/Import.
 
    [ ![Screenshot of Key generation page.](media/how-to-customer-managed-keys/create-key.png) ](media/how-to-customer-managed-keys/create-key.png#lightbox)
 
-   1. The customer-managed key to be used for encrypting the DEK can only be asymmetric RSA Key type. All RSA Key sizes 2048, 3072 and 4096 are supported.
+1. The customer-managed key to be used for encrypting the DEK can only be asymmetric RSA Key type. All RSA Key sizes 2048, 3072 and 4096 are supported.
 
-   1. The key activation date (if set) must be a date and time in the past. The expiration date (if set) must be a future date and time.
+1. The key activation date (if set) must be a date and time in the past. The expiration date (if set) must be a future date and time.
 
-   1. The key must be in the Enabled state.
+1. The key must be in the Enabled state.
 
-   1. If you're importing an existing key into the key vault, make sure to provide it in the supported file formats (`.pfx`, `.byok`, `.backup`).
+1. If you're importing an existing key into the key vault, make sure to provide it in the supported file formats (`.pfx`, `.byok`, `.backup`).
 
-   1. If you're manually rotating the key, the old key version shouldn't  be deleted for at least 24 hours.
+1. If you're manually rotating the key, the old key version shouldn't  be deleted for at least 24 hours.
 
 ### Enable CMK encryption during the provisioning for a new cluster
 
