Phrasing updates

roygara · roygara · commit 8404fb51cf3f · 2020-03-12T13:38:05.000-07:00
diff --git a/articles/virtual-machines/linux/disk-encryption.md b/articles/virtual-machines/linux/disk-encryption.md
@@ -32,9 +32,9 @@ By default, managed disks use platform-managed encryption keys. As of June 10, 2
 
 You can choose to manage encryption at the level of each managed disk, with your own keys. Server-side encryption for managed disks with customer-managed keys offers an integrated experience with Azure Key Vault. You can either import [your RSA keys](../../key-vault/key-vault-hsm-protected-keys.md) to your Key Vault or generate new RSA keys in Azure Key Vault. Azure managed disks handles the encryption and decryption in a fully transparent fashion using [envelope encryption](../../storage/common/storage-client-side-encryption.md#encryption-and-decryption-via-the-envelope-technique). It encrypts data using an [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) 256 based data encryption key (DEK), which is, in turn, protected using your keys. You have to grant access to managed disks in your Key Vault to use your keys for encrypting and decrypting the DEK. This allows you full control of your data and keys. You can disable your keys or revoke access to managed disks at any time. You can also audit the encryption key usage with Azure Key Vault monitoring to ensure that only managed disks or other trusted Azure services are accessing your keys.
 
-For premium SSDs, standard SSDs, and standard HDDs: When you disable or rotate your key, any VMs using that key will automatically shut down. After this, the VMs will not be usable unless the key was rotated or you assign a new key.
+For premium SSDs, standard SSDs, and standard HDDs: When you disable or delete your key, any VMs with disks using that key will automatically shut down. After this, the VMs will not be usable unless the key is enabled again or you assign a new key.
 
-For ultra disks: When you disable or rotate your key, you must shut down any VMs using that key yourself, they will not automatically shut down. After this, you must either rotate the key or assign a new key for the VMs to be usable again.
+For ultra disks, when you disable or delete a key, any VMs with ultra disks using the key won't automatically shut down. Once you deallocate and restart the VMs then the disks will stop using the key and then VMs won't come back online. To bring the VMs back online, you must assign a new key or enable the existing key.
 
 The following diagram shows how managed disks use Azure Active Directory and Azure Key Vault to make requests using the customer-managed key:
 
diff --git a/articles/virtual-machines/windows/disk-encryption.md b/articles/virtual-machines/windows/disk-encryption.md
@@ -32,9 +32,9 @@ By default, managed disks use platform-managed encryption keys. As of June 10, 2
 
 You can choose to manage encryption at the level of each managed disk, with your own keys. Server-side encryption for managed disks with customer-managed keys offers an integrated experience with Azure Key Vault. You can either import [your RSA keys](../../key-vault/key-vault-hsm-protected-keys.md) to your Key Vault or generate new RSA keys in Azure Key Vault. Azure managed disks handles the encryption and decryption in a fully transparent fashion using [envelope encryption](../../storage/common/storage-client-side-encryption.md#encryption-and-decryption-via-the-envelope-technique). It encrypts data using an [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) 256 based data encryption key (DEK), which is, in turn, protected using your keys. You have to grant access to managed disks in your Key Vault to use your keys for encrypting and decrypting the DEK. This allows you full control of your data and keys. You can disable your keys or revoke access to managed disks at any time. You can also audit the encryption key usage with Azure Key Vault monitoring to ensure that only managed disks or other trusted Azure services are accessing your keys.
 
-For premium SSDs, standard SSDs, and standard HDDs: When you disable or rotate your key, any VMs using that key will automatically shut down. After this, the VMs will not be usable unless the key was rotated or you assign a new key.
+For premium SSDs, standard SSDs, and standard HDDs: When you disable or delete your key, any VMs with disks using that key will automatically shut down. After this, the VMs will not be usable unless the key is enabled again or you assign a new key.
 
-For ultra disks: When you disable or rotate your key, you must shut down any VMs using that key yourself, they will not automatically shut down. After this, you must either rotate the key or assign a new key for the VMs to be usable again.
+For ultra disks, when you disable or delete a key, any VMs with ultra disks using the key won't automatically shut down. Once you deallocate and restart the VMs then the disks will stop using the key and then VMs won't come back online. To bring the VMs back online, you must assign a new key or enable the existing key.
 
 The following diagram shows how managed disks use Azure Active Directory and Azure Key Vault to make requests using the customer-managed key:
 
