Adding ARM and REST to tabs

Author: khdownie

articles/virtual-machines/disks-cross-tenant-customer-managed-keys.md

@@ -82,6 +82,94 @@ In the command below, `myAssignedId` should be the resource ID of the user-assig
 az disk-encryption-set create --resource-group MyResourceGroup --name MyDiskEncryptionSet --key-url MyKey --mi-user-assigned myAssignedId --federated-client-id myFederatedClientId --location westcentralus
 ```
 
+# [ARM](#tab/arm)
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "desname": {
+      "defaultValue": "<Enter ISV disk encryption set name>",
+      "type": "String"
+    },
+    "region": {
+      "defaultValue": "WestCentralUS",
+      "type": "String"
+    },
+    "userassignedmicmk": {
+      "defaultValue": "/subscriptions/<Enter ISV Subscription Id>/resourceGroups/<Enter ISV resource group name>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<Enter ISV User Assigned Identity Name>",
+      "type": "String"
+    },
+    "cmkfederatedclientId": {
+      "defaultValue": "<Enter ISV Multi-Tenant App Id>",
+      "type": "String"
+    },
+    "keyVaultURL": {
+      "defaultValue": "<Enter Client Key URL>",
+      "type": "String"
+    },
+    "encryptionType": {
+      "defaultValue": "EncryptionAtRestWithCustomerKey",
+      "type": "String"
+    }
+  },
+  "variables": {},
+  "resources": [
+    {
+      "type": "Microsoft.Compute/diskEncryptionSets",
+      "apiVersion": "2021-12-01",
+      "name": "[parameters('desname')]",
+      "location": "[parameters('region')]",
+      "identity": {
+        "type": "UserAssigned",
+        "userAssignedIdentities": {
+          "[parameters('userassignedmicmk')]": {}
+        }
+      },
+      "properties": {
+        "activeKey": {
+          "keyUrl": "[parameters('keyVaultURL')]"
+        },
+        "federatedClientId": "[parameters('cmkfederatedclientId')]",
+        "encryptionType": "[parameters('encryptionType')]"
+      }
+    }
+  ]
+}
+```
+
+# [REST API](#tab/rest)
+
+Use bearer token as authorization header and application/JSON as content type in BODY. (Network tab, filter to management.azure while performing any ARM request on portal.)
+
+```rest
+PUT https://management.azure.com/subscriptions/<Enter ISV Subscription Id>/resourceGroups/<Enter ISV Resource Group Name>/providers/Microsoft.Compute/diskEncryptionSets/<Enter ISV Disk Encryption Set Name>?api-version=2021-12-01
+Authorization: Bearer ...
+Content-Type: application/json
+
+{
+  "name": "<Enter ISV disk encryption set name>",
+  "id": "/subscriptions/<Enter ISV Subscription Id>/resourceGroups/<Enter ISV resource group name>/providers/Microsoft.Compute/diskEncryptionSets/<Enter ISV disk encryption set name>/",
+  "type": "Microsoft.Compute/diskEncryptionSets",
+  "location": "westcentralus",
+  "identity": {
+    "type": "UserAssigned",
+    "userAssignedIdentities": {
+"/subscriptions/<Enter ISV Subscription Id>/resourceGroups/<Enter ISV resource group name>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<Enter ISV User Assigned Identity Name>
+": {}
+    }
+  },
+  "properties": {
+    "activeKey": {
+      "keyUrl": "<Enter Client Key URL>"
+    },
+    "encryptionType": "EncryptionAtRestWithCustomerKey",
+    "federatedClientId": "<Enter ISV Multi-Tenant App Id>"
+  }
+}
+```
+
 ---
 
 ### ARM