update

msmbaldwin · msmbaldwin · commit 6d8c200a8276 · 2024-03-04T18:06:37.000-08:00
diff --git a/articles/key-vault/certificates/about-certificates.md b/articles/key-vault/certificates/about-certificates.md
@@ -40,7 +40,7 @@ When a Key Vault certificate is created, it can be retrieved from the addressabl
 
 The addressable key becomes more relevant with non-exportable Key Vault certificates. The addressable Key Vault key's operations are mapped from the `keyusage` field of the Key Vault certificate policy that's used to create the Key Vault certificate.  
 
-For the full list of supported key types, see [About keys: Key types and protection methods](../keys/about-keys.md#key-types-and-protection-methods). Exportable keys are allowed only with RSA and EC. HSM keys are non-exportable. 
+For the full list of supported key types, see [About keys: Key types and protection methods](../keys/about-keys.md#key-types-and-protection-methods). Exportable keys are allowed only with RSA and EC. HSM keys are non-exportable.
 
 ## Certificate attributes and tags
 
diff --git a/articles/key-vault/general/overview.md b/articles/key-vault/general/overview.md
@@ -41,7 +41,7 @@ Access to a key vault requires proper authentication and authorization before a
 
 Authentication is done via Microsoft Entra ID. Authorization may be done via Azure role-based access control (Azure RBAC) or Key Vault access policy. Azure RBAC can be used for both management of the vaults and to access data stored in a vault, while key vault access policy can only be used when attempting to access data stored in a vault.
 
-Azure Key Vaults may be either software-protected or, with the Azure Key Vault Premium tier, hardware-protected by hardware security modules (HSMs). Software-protected keys, secrets, and certificates are safeguarded by Azure, using industry-standard algorithms and key lengths.  For situations where you require added assurance, you can import or generate keys in HSMs that never leave the HSM boundary. Azure Key Vault uses nCipher HSMs, which are [Federal Information Processing Standards 140 validated](/azure/key-vault/keys/about-keys#compliance). You can use nCipher tools to move a key from your HSM to Azure Key Vault.
+Azure Key Vaults may be either software-protected or, with the Azure Key Vault Premium tier, hardware-protected by hardware security modules (HSMs). Software-protected keys, secrets, and certificates are safeguarded by Azure, using industry-standard algorithms and key lengths.  For situations where you require added assurance, you can import or generate keys in HSMs that never leave the HSM boundary. Azure Key Vault uses nCipher HSMs, which are [Federal Information Processing Standards 140 validated](/azure/key-vault/keys/about-keys#compliance). You can use HSM vendor provided tools to move a key from your HSM to Azure Key Vault.
 
 Finally, Azure Key Vault is designed so that Microsoft doesn't see or extract your data.
 
diff --git a/articles/key-vault/keys/about-keys.md b/articles/key-vault/keys/about-keys.md
@@ -30,10 +30,10 @@ Azure Key Vault provides two types of resources to store and manage cryptographi
 
 Cryptographic keys in Key Vault are represented as JSON Web Key [JWK] objects. The JavaScript Object Notation (JSON) and JavaScript Object Signing and Encryption (JOSE) specifications are:
 
--   [JSON Web Key (JWK)](https://tools.ietf.org/html/draft-ietf-jose-json-web-key)  
--   [JSON Web Encryption (JWE)](https://datatracker.ietf.org/doc/html/draft-jones-json-web-encryption)  
--   [JSON Web Algorithms (JWA)](https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-algorithms)  
--   [JSON Web Signature (JWS)](https://tools.ietf.org/html/draft-ietf-jose-json-web-signature) 
+- [JSON Web Key (JWK)](https://tools.ietf.org/html/draft-ietf-jose-json-web-key)  
+- [JSON Web Encryption (JWE)](https://datatracker.ietf.org/doc/html/draft-jones-json-web-encryption)  
+- [JSON Web Algorithms (JWA)](https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-algorithms)  
+- [JSON Web Signature (JWS)](https://tools.ietf.org/html/draft-ietf-jose-json-web-signature) 
 
 The base JWK/JWA specifications are also extended to enable key types unique to the Azure Key Vault and Managed HSM implementations. 
 
@@ -71,10 +71,10 @@ Key Vault supports RSA and EC keys. Managed HSM supports RSA, EC, and symmetric
 
 |Key type and destination|Compliance|
 |---|---|
-|Software-protected (hsmPlatform 0) keys in vaults | FIPS 140-2 Level 1|
-|hsmPlatform 1 protected keys in vaults (Premium SKU)| FIPS 140-2 Level 2|
-|hsmPlatform 2 protected keys in vaults (Premium SKU)| FIPS 140-2 Level 3|
-|Keys in Managed HSM are always HSM protected|FIPS 140-2 Level 3|
+|Software-protected (hsmPlatform 0) keys in vaults | FIPS 140-2 Level 1 |
+|hsmPlatform 1 protected keys in vaults (Premium SKU)| FIPS 140-2 Level 2 |
+|hsmPlatform 2 protected keys in vaults (Premium SKU)| FIPS 140-2 Level 3 |
+|Keys in Managed HSM are always HSM protected | FIPS 140-2 Level 3 |
 |||
 
 See [Key types, algorithms, and operations](about-keys-details.md) for details about each key type, algorithms, operations, attributes, and tags.
