MicrosoftDocs
diff --git a/‎articles/mysql/flexible-server/how-to-data-encryption-portal.md
Lines changed: 2 additions & 1 deletion b/‎articles/mysql/flexible-server/how-to-data-encryption-portal.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎articles/mysql/flexible-server/media/how-to-data-encryption-portal/mysql-flexible-server-configure-encryption-marked.png
80.5 KB b/‎articles/mysql/flexible-server/media/how-to-data-encryption-portal/mysql-flexible-server-configure-encryption-marked.png
80.5 KB
@@ -23,7 +23,7 @@ In this tutorial, you learn how to:
 - Configure data encryption for replica servers.
 
   > [!NOTE]  
-> Azure key vault access configuration now supports two types of permission models - [Azure role-based access control](../../role-based-access-control/overview.md) and [Vault access policy](../../key-vault/general/assign-access-policy.md). The tutorial describes configuring data encryption for Azure Database for MySQL flexible server using Vault access policy. However, you can choose to use Azure RBAC as permission model to grant access to Azure Key Vault. To do so, you need any built-in or custom role that has below three permissions and assign it through "role assignments" using Access control (IAM) tab in the keyvault: a) KeyVault/vaults/keys/wrap/action b) KeyVault/vaults/keys/unwrap/action c) KeyVault/vaults/keys/read
+  > Azure key vault access configuration now supports two types of permission models - [Azure role-based access control](../../role-based-access-control/overview.md) and [Vault access policy](../../key-vault/general/assign-access-policy.md). The tutorial describes configuring data encryption for Azure Database for MySQL flexible server using Vault access policy. However, you can choose to use Azure RBAC as permission model to grant access to Azure Key Vault. To do so, you need any built-in or custom role that has below three permissions and assign it through "role assignments" using Access control (IAM) tab in the keyvault: a) KeyVault/vaults/keys/wrap/action b) KeyVault/vaults/keys/unwrap/action c) KeyVault/vaults/keys/read. For Azure key vault managed HSM, you will also need to assign the "Managed HSM Crypto Service Encryption User" role assignment in RBAC.
 
 
 
@@ -101,6 +101,7 @@ After your Azure Database for MySQL flexible server instance is encrypted with a
 ## Next steps
 
 - [Customer managed keys data encryption](concepts-customer-managed-key.md)
+
 - [Data encryption with Azure CLI](how-to-data-encryption-cli.md)