MicrosoftDocs
diff --git a/‎articles/postgresql/flexible-server/concepts-azure-ad-authentication.md‎
Lines changed: 11 additions & 11 deletions b/‎articles/postgresql/flexible-server/concepts-azure-ad-authentication.md‎
Lines changed: 11 additions & 11 deletions
diff --git a/‎articles/postgresql/flexible-server/concepts-data-encryption.md‎
Lines changed: 22 additions & 22 deletions b/‎articles/postgresql/flexible-server/concepts-data-encryption.md‎
Lines changed: 22 additions & 22 deletions
@@ -4,7 +4,7 @@ description: Learn about the concepts of Azure Active Directory for authenticati
 author: kabharati
 ms.author: kabharati
 ms.reviewer: maghan
-ms.date: 10/12/2022
+ms.date: 11/03/2022
 ms.service: postgresql
 ms.subservice: flexible-server
 ms.topic: conceptual
@@ -14,7 +14,7 @@ ms.topic: conceptual
 
 [!INCLUDE [applies-to-postgresql-Flexible-server](../includes/applies-to-postgresql-Flexible-server.md)]
 
-> [!NOTE]
+> [!NOTE]  
 > Azure Active Directory Authentication for PostgreSQL Flexible Server is currently in preview.
 
 Microsoft Azure Active Directory (Azure AD) authentication is a mechanism of connecting to Azure Database for PostgreSQL using identities defined in Azure AD.
@@ -36,13 +36,13 @@ Azure Active Directory Authentication for Flexible Server is built using our exp
 The following table provides a list of high-level Azure AD features and capabilities comparisons between Single Server and Flexible Server
 
 | **Feature / Capability** | **Single Server** | **Flexible Server** |
-| ---- | ---- | ---- |
-| Multiple Azure AD Admins | No | Yes|
-| Managed Identities (System & User assigned) | Partial | Full|
+| --- | --- | --- |
+| Multiple Azure AD Admins | No | Yes |
+| Managed Identities (System & User assigned) | Partial | Full |
 | Invited User Support | No | Yes |
-| Disable Password Authentication | Not Available | Available|
-| Service Principal can act as group member| No | Yes  |
-| Audit Azure AD Logins  | No | Yes |
+| Disable Password Authentication | Not Available | Available |
+| Service Principal can act as group member | No | Yes |
+| Audit Azure AD Logins | No | Yes |
 | PG bouncer support | No | Planned for GA |
 
 ## How Azure AD Works In Flexible Server
@@ -55,7 +55,7 @@ The following high-level diagram summarizes how authentication works using Azure
 
 ## Manage PostgreSQL Access For AD Principals
 
-When Azure AD authentication is enabled and Azure AD principal is added as an Azure AD administrator the account gets the same privileges as the original PostgreSQL administrator. Only Azure AD administrator can manage other Azure AD enabled roles on the server using Azure portal or Database API. The Azure AD administrator log in can be an Azure AD user, Azure AD group, Service Principal or Managed Identity. Using a group account as an administrator enhances manageability by allowing you to centrally add and remove group members in Azure AD without changing the users or permissions in the PostgreSQL server. Multiple Azure AD administrators can be configured at any time and you can optionally disable password authentication to an Azure Database for PostgreSQL Flexible Server for better auditing and compliance needs.
+When Azure AD authentication is enabled and Azure AD principal is added as an Azure AD administrator the account gets the same privileges as the original PostgreSQL administrator. Only Azure AD administrator can manage other Azure AD enabled roles on the server using Azure portal or Database API. The Azure AD administrator sign-in can be an Azure AD user, Azure AD group, Service Principal or Managed Identity. Using a group account as an administrator enhances manageability by allowing you to centrally add and remove group members in Azure AD without changing the users or permissions in the PostgreSQL server. Multiple Azure AD administrators can be configured at any time and you can optionally disable password authentication to an Azure Database for PostgreSQL Flexible Server for better auditing and compliance needs.
 
 ![admin structure][2]
 
@@ -79,11 +79,11 @@ Once you've authenticated against the Active Directory, you then retrieve a toke
 > [!NOTE]  
 > Use these steps to configure Azure AD with Azure Database for PostgreSQL Flexible Server [Configure and sign in with Azure AD for Azure Database for PostgreSQL Flexible Server](how-to-configure-sign-in-azure-ad-authentication.md).
 
-## Additional considerations
+## Other considerations
 
 - Multiple Azure AD principals (a user, group, service principal or managed identity) can be configured as Azure AD Administrator for an Azure Database for PostgreSQL server at any time.
 - Azure AD groups must be a mail enabled security group for authentication to work.
-- In  preview , `Azure Active Directory Authentication only`  is supported post server creation, this option is currently disabled during server creation experience 
+- In preview, `Azure Active Directory Authentication only`  is supported post server creation, this option is currently disabled during server creation experience
 - Only an Azure AD administrator for PostgreSQL can initially connect to the Azure Database for PostgreSQL using an Azure Active Directory account. The Active Directory administrator can configure subsequent Azure AD database users.
 -  If an Azure AD principal is deleted from Azure AD, it still remains as PostgreSQL role, but it will no longer be able to acquire new access token. In this case, although the matching role still exists in the database it won't be able to authenticate to the server. Database administrators need to transfer ownership and drop roles manually.
 
 
@@ -1,13 +1,13 @@
 ---
 title: Data encryption with customer-managed key - Azure Database for PostgreSQL - Flexible server
 description: Azure Database for PostgreSQL Flexible server data encryption with a customer-managed key enables you to Bring Your Own Key (BYOK) for data protection at rest. It also allows organizations to implement separation of duties in the management of keys and data.
+author: gennadNY
+ms.author: gennadyk
+ms.reviewer: maghan
+ms.date: 11/03/2022
 ms.service: postgresql
 ms.subservice: flexible-server
 ms.topic: conceptual
-ms.author: gennadyk
-author: gennadNY
-ms.reviewer: maghan
-ms.date: 10/12/2022
 ---
 
 # Azure Database for PostgreSQL - Flexible Server Data Encryption with a Customer-managed Key Preview
@@ -40,17 +40,17 @@ Data encryption with customer-managed keys for Azure Database for PostgreSQL - F
 
 **Key encryption key (KEK)**: An encryption key used to encrypt the DEKs. A KEK that never leaves Key Vault allows the DEKs themselves to be encrypted and controlled. The entity that has access to the KEK might be different than the entity that requires the DEK. Since the KEK is required to decrypt the DEKs, the KEK is effectively a single point by which DEKs can be effectively deleted by deleting the KEK.
 
-The DEKs, encrypted with the KEKs, are stored separately. Only an entity with access to the KEK can decrypt these DEKs. For more information, see [Security in encryption at rest](../../security/fundamentals/encryption-atrest.md). 
+The DEKs, encrypted with the KEKs, are stored separately. Only an entity with access to the KEK can decrypt these DEKs. For more information, see [Security in encryption at rest](../../security/fundamentals/encryption-atrest.md).
 
 ## How data encryption with a customer-managed key work
 
 :::image type="content" source="./media/concepts-data-encryption/postgresql-data-encryption-overview.png" alt-text ="Diagram that shows an overview of Bring Your Own Key." :::
 
 For a PostgreSQL server to use customer-managed keys stored in Key Vault for encryption of the DEK, a Key Vault administrator gives the following access rights to the server:
 
-- **get**: For retrieving the public part and properties of the key in the key Vault.
+- **get**: For retrieving, the public part and properties of the key in the key Vault.
 
-- **list**: For listing\iterating through keys in the key Vault.
+- **list**: For listing\iterating through keys in, the key Vault.
 
 - **wrapKey**: To be able to encrypt the DEK. The encrypted DEK is stored in the Azure Database for PostgreSQL.
 
@@ -102,7 +102,7 @@ Here are recommendations for configuring a customer-managed key:
 
 - Keep a copy of the customer-managed key in a secure place, or escrow it to the escrow service.
 
-- If Key Vault generates the key, create a key backup before using the key for the first time. You can only restore the backup to Key Vault. 
+- If Key Vault generates the key, create a key backup before using the key for the first time. You can only restore the backup to Key Vault.
 
 ### Accidental key access revocation from Key Vault
 
@@ -128,9 +128,9 @@ To monitor the database state, and to enable alerting for the loss of transparen
 
 ## Restore and replicate with a customer's managed key in Key Vault
 
-After Azure Database for PostgreSQL - Flexible Server is encrypted with a customer's managed key stored in Key Vault, any newly created server copy is also encrypted. You can make this new copy through a [PITR restore](concepts-backup-restore.md) operation or read replicas. 
+After Azure Database for PostgreSQL - Flexible Server is encrypted with a customer's managed key stored in Key Vault, any newly created server copy is also encrypted. You can make this new copy through a [PITR restore](concepts-backup-restore.md) operation or read replicas.
 
-> [!NOTE]
+> [!NOTE]  
 > At this time we don't support revoking the original encryption key after restoring CMK enabled server to another server
 
 Avoid issues while setting up customer-managed data encryption during restore or read replica creation by following these steps on the primary and restored/replica servers:
@@ -155,33 +155,33 @@ Prerequisites:
 
 Follow the steps below to enable CMK while creating Postgres Flexible Server.
 
-1. Navigate to Azure Database for PostgreSQL - Flexible Server create blade via Azure portal
+1. Navigate to Azure Database for PostgreSQL - Flexible Server create pane via Azure portal
 
-2. Provide required information on Basics and Networking tabs
+1. Provide required information on Basics and Networking tabs
 
-3. Navigate to Security(preview) tab. On the screen, provide Azure Active Directory (Azure AD)  identity that has access to the Key Vault and Key in Key Vault in the same region where you're creating this server
+1. Navigate to Security(preview) tab. On the screen, provide Azure Active Directory (Azure AD)  identity that has access to the Key Vault and Key in Key Vault in the same region where you're creating this server
 
-4. On Review Summary tab, make sure that you provided correct information in Security section and press Create button
+1. On Review Summary tab, make sure that you provided correct information in Security section and press Create button
 
-5. Once it's finished, you should be able to navigate to Data Encryption (preview) screen for the server and update identity or key if necessary
+1. Once it's finished, you should be able to navigate to Data Encryption (preview) screen for the server and update identity or key if necessary
 
 ## Update Customer Managed Key on the CMK enabled Flexible Server
 
 Prerequisites:
 
 - Azure Active Directory (Azure AD) user-managed identity in region where Postgres Flex Server will be created. Follow this [tutorial](../../active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md) to create identity.
 
-- Key Vault with key in region where Postgres Flex Server will be created. Follow this [tutorial](../../key-vault/general/quick-create-portal.md) to create Key Vault and generate key. 
+- Key Vault with key in region where Postgres Flex Server will be created. Follow this [tutorial](../../key-vault/general/quick-create-portal.md) to create Key Vault and generate key.
 
 Follow the steps below to update CMK on CMK enabled Flexible Server:
 
 1. Navigate to Azure Database for PostgreSQL - Flexible Server create a page via the Azure portal.
 
-2. Navigate to Data Encryption (preview) screen under Security tab
+1. Navigate to Data Encryption (preview) screen under Security tab
 
-3. Select different identity to connect to Azure Key Vault, remembering that this identity needs to have proper access rights to the Key Vault
+1. Select different identity to connect to Azure Key Vault, remembering that this identity needs to have proper access rights to the Key Vault
 
-4. Select different key by choosing subscription, Key Vault and key from dropdowns provided.
+1. Select different key by choosing subscription, Key Vault and key from dropdowns provided.
 
 ## Limitations
 
@@ -195,14 +195,14 @@ The following are limitations for configuring the customer-managed key in Flexib
 
 The following are other limitations for the public preview of configuring the customer-managed key that we expect to remove at the General Availability of this feature:
 
-- No support for Geo backup enabled servers 
+- No support for Geo backup enabled servers
 
 - **No support for revoking key after restoring CMK enabled server to another server**
 
-- No support for Azure HSM Key Vault 
+- No support for Azure HSM Key Vault
 
 - No CLI or PowerShell support
 
 ## Next steps
 
-- [Azure Active Directory](../../active-directory-domain-services/overview.md)
+- [Azure Active Directory](../../active-directory-domain-services/overview.md)