Merge pull request #101647 from orspod/2020-1-BYOK-docs

PRMerger15 · web-flow · commit 898ac9fe8640 · 2020-01-20T01:35:10.000-08:00
added message re: follower cluster/BYOK support
diff --git a/articles/data-explorer/customer-managed-keys-csharp.md b/articles/data-explorer/customer-managed-keys-csharp.md
@@ -12,8 +12,8 @@ ms.date: 01/06/2020
 # Configure customer-managed-keys using C#
 
 > [!div class="op_single_selector"]
-> * [C#](create-cluster-database-csharp.md)
-> * [Azure Resource Manager template](create-cluster-database-resource-manager.md)
+> * [C#](customer-managed-keys-csharp.md)
+> * [Azure Resource Manager template](customer-managed-keys-resource-manager.md)
 
 [!INCLUDE [data-explorer-configure-customer-managed-keys](../../includes/data-explorer-configure-customer-managed-keys.md)]
 
diff --git a/articles/data-explorer/customer-managed-keys-resource-manager.md b/articles/data-explorer/customer-managed-keys-resource-manager.md
@@ -12,8 +12,8 @@ ms.date: 01/06/2020
 # Configure customer-managed-keys using the Azure Resource Manager template
 
 > [!div class="op_single_selector"]
-> * [C#](create-cluster-database-csharp.md)
-> * [Azure Resource Manager template](create-cluster-database-resource-manager.md)
+> * [C#](customer-managed-keys-csharp.md)
+> * [Azure Resource Manager template](customer-managed-keys-resource-manager.md)
 
 [!INCLUDE [data-explorer-configure-customer-managed-keys](../../includes/data-explorer-configure-customer-managed-keys.md)]
 
diff --git a/includes/data-explorer-configure-customer-managed-keys.md b/includes/data-explorer-configure-customer-managed-keys.md
@@ -8,8 +8,10 @@ ms.author: orspodek
 
 Azure Data Explorer encrypts all data in a storage account at rest. By default, data is encrypted with Microsoft-managed keys. For additional control over encryption keys, you can supply customer-managed keys to use for data encryption. Customer-managed keys must be stored in an [Azure Key Vault](/azure/key-vault/key-vault-overview). You can create your own keys and store them in a key vault, or you can use an Azure Key Vault API to generate keys. The Azure Data Explorer cluster and the key vault must be in the same region, but they can be in different subscriptions. For a detailed explanation on customer-managed keys, see [customer-managed keys with Azure Key Vault](/azure/storage/common/storage-service-encryption). This article shows you how to configure customer-managed keys.
 
-> [!Note]
-> To configure customer-managed keys with Azure Data Explorer, you must [set two properties on the key vault](/azure/key-vault/key-vault-ovw-soft-delete): **Soft Delete** and **Do Not Purge**. These properties aren't enabled by default. To enable these properties, use [PowerShell](/azure/key-vault/key-vault-soft-delete-powershell) or [Azure CLI](/azure/key-vault/key-vault-soft-delete-cli). Only RSA keys and key size 2048 are supported.
+To configure customer-managed keys with Azure Data Explorer, you must [set two properties on the key vault](/azure/key-vault/key-vault-ovw-soft-delete): **Soft Delete** and **Do Not Purge**. These properties aren't enabled by default. To enable these properties, use [PowerShell](/azure/key-vault/key-vault-soft-delete-powershell) or [Azure CLI](/azure/key-vault/key-vault-soft-delete-cli). Only RSA keys and key size 2048 are supported.
+
+> [!NOTE]
+> Data encryption using customer managed keys is not supported on [leader and follower clusters](/azure/data-explorer/follower). 
 
 ## Assign an identity to the cluster
 
