Merge pull request #267611 from flang-msft/fxl---Remove-(Preview)-tags-from-CMK-article-and-add-a-what's-new-section

Fxl   remove (preview) tags from cmk article and add a what's new section

Author: American-Dipper

articles/azure-cache-for-redis/cache-how-to-encryption.md

@@ -5,7 +5,7 @@ author: flang-msft
 
 ms.service: cache
 ms.topic: how-to
-ms.date: 03/28/2023
+ms.date: 02/28/2024
 ms.author: franlanglois
 
 ---
@@ -16,7 +16,6 @@ Data in a Redis server is stored in memory by default. This data isn't encrypted
 
 Azure Cache for Redis offers platform-managed keys (PMKs), also know as Microsoft-managed keys (MMKs), by default to encrypt data on-disk in all tiers. The Enterprise and Enterprise Flash tiers of Azure Cache for Redis additionally offer the ability to encrypt the OS and data persistence disks with a customer-managed key (CMK). Customer managed keys can be used to wrap the MMKs to control access to these keys. This makes the CMK a _key encryption key_ or KEK. For more information, see [key management in Azure](/azure/security/fundamentals/key-management).
 
-
 ## Scope of availability for CMK disk encryption
 
 | Tier | Basic, Standard, Premium  | Enterprise, Enterprise Flash  |
@@ -25,7 +24,7 @@ Azure Cache for Redis offers platform-managed keys (PMKs), also know as Microsof
 |Customer managed keys (CMK) | No     |  Yes            |
 
 > [!WARNING]
-> By default, all Azure Cache for Redis tiers use Microsoft managed keys to encrypt disks mounted to cache instances. However, in the Basic and Standard tiers, the C0 and C1 SKUs do not support any disk encryption. 
+> By default, all Azure Cache for Redis tiers use Microsoft managed keys to encrypt disks mounted to cache instances. However, in the Basic and Standard tiers, the C0 and C1 SKUs do not support any disk encryption.
 >
 
 > [!IMPORTANT]
@@ -38,13 +37,13 @@ Azure Cache for Redis offers platform-managed keys (PMKs), also know as Microsof
 
 In the **Enterprise** tier, disk encryption is used to encrypt the persistence disk, temporary files, and the OS disk:
 
-- persistence disk: holds persisted RDB or AOF files as part of [data persistence](cache-how-to-premium-persistence.md) 
+- persistence disk: holds persisted RDB or AOF files as part of [data persistence](cache-how-to-premium-persistence.md)
 - temporary files used in _export_: temporary data used exported is encrypted. When you [export](cache-how-to-import-export-data.md) data, the encryption of the final exported data is controlled by settings in the storage account.
-- the OS disk 
+- the OS disk
 
 MMK is used to encrypt these disks by default, but CMK can also be used.
 
-In the **Enterprise Flash** tier, keys and values are also partially stored on-disk using nonvolatile memory express (NVMe) flash storage. However, this disk isn't the same as the one used for persisted data. Instead, it's ephemeral, and data isn't persisted after the cache is stopped, deallocated, or rebooted. only MMK is only supported on this disk because this data is transient and ephemeral.
+In the **Enterprise Flash** tier, keys and values are also partially stored on-disk using nonvolatile memory express (NVMe) flash storage. However, this disk isn't the same as the one used for persisted data. Instead, it's ephemeral, and data isn't persisted after the cache is stopped, deallocated, or rebooted. MMK is only supported on this disk because this data is transient and ephemeral.
 
 | Data stored |Disk    |Encryption Options |
 |-------------------|------------------|-------------------|
@@ -62,7 +61,7 @@ In the **Basic, Standard, and Premium** tiers, the OS disk is encrypted by defau
 
 - Disk encryption isn't available in the Basic and Standard tiers for the C0 or C1 SKUs
 - Only user assigned managed identity is supported to connect to Azure Key Vault. System assigned managed identity is not supported.
-- Changing between MMK and CMK on an existing cache instance triggers a long-running maintenance operation. We don't recommend this for production use because a service disruption occurs. 
+- Changing between MMK and CMK on an existing cache instance triggers a long-running maintenance operation. We don't recommend this for production use because a service disruption occurs.
 
 ### Azure Key Vault prerequisites and limitations
 
@@ -78,17 +77,17 @@ In the **Basic, Standard, and Premium** tiers, the OS disk is encrypted by defau
 
 1. Sign in to the [Azure portal](https://portal.azure.com) and start the [Create a Redis Enterprise cache](quickstart-create-redis-enterprise.md) quickstart guide.
 
-1. On the **Advanced** page, go to the section titled **Customer-managed key encryption at rest** and enable the **Use a customer-managed key** option. 
+1. On the **Advanced** page, go to the section titled **Customer-managed key encryption at rest** and enable the **Use a customer-managed key** option.
 
    :::image type="content" source="media/cache-how-to-encryption/cache-use-key-encryption.png" alt-text="Screenshot of the advanced settings with customer-managed key encryption checked and in a red box.":::
 
 1. Select **Add** to assign a [user assigned managed identity](../active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md) to the resource. This managed identity is used to connect to the [Azure Key Vault](../key-vault/general/overview.md) instance that holds the customer managed key.
 
     :::image type="content" source="media/cache-how-to-encryption/cache-managed-identity-user-assigned.png" alt-text="Screenshot showing user managed identity in the working pane.":::
 
-1. Select your chosen user assigned managed identity, and then choose the key input method to use. 
+1. Select your chosen user assigned managed identity, and then choose the key input method to use.
 
-1. If using the **Select Azure key vault and key** input method, choose the Key Vault instance that holds your customer managed key. This instance must be in the same region as your cache. 
+1. If using the **Select Azure key vault and key** input method, choose the Key Vault instance that holds your customer managed key. This instance must be in the same region as your cache.
 
     > [!NOTE]
     > For instructions on how to set up an Azure Key Vault instance, see the [Azure Key Vault quickstart guide](../key-vault/secrets/quick-create-portal.md). You can also select the _Create a key vault_ link beneath the Key Vault selection to create a new Key Vault instance. Remember that both purge protection and soft delete must be enabled in your Key Vault instance.
@@ -103,25 +102,25 @@ In the **Basic, Standard, and Premium** tiers, the OS disk is encrypted by defau
 
 ### Add CMK encryption to an existing Enterprise cache
 
-1. Go to the **Encryption** in the Resource menu of your cache instance. If CMK is already set up, you see the key information. 
+1. Go to the **Encryption** in the Resource menu of your cache instance. If CMK is already set up, you see the key information.
 
-1. If you haven't set up or if you want to change CMK settings, select **Change encryption settings** 
+1. If you haven't set up or if you want to change CMK settings, select **Change encryption settings**
    :::image type="content" source="media/cache-how-to-encryption/cache-encryption-existing-use.png" alt-text="Screenshot encryption selected in the Resource menu for an Enterprise tier cache.":::
 
-1. Select **Use a customer-managed key** to see your configuration options. 
+1. Select **Use a customer-managed key** to see your configuration options.
 
 1. Select **Add** to assign a [user assigned managed identity](../active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md) to the resource. This managed identity is used to connect to the [Azure Key Vault](../key-vault/general/overview.md) instance that holds the customer managed key.
 
-1. Select your chosen user assigned managed identity, and then choose which key input method to use. 
+1. Select your chosen user assigned managed identity, and then choose which key input method to use.
 
-1. If using the **Select Azure key vault and key** input method, choose the Key Vault instance that holds your customer managed key. This instance must be in the same region as your cache. 
+1. If using the **Select Azure key vault and key** input method, choose the Key Vault instance that holds your customer managed key. This instance must be in the same region as your cache.
 
     > [!NOTE]
     > For instructions on how to set up an Azure Key Vault instance, see the [Azure Key Vault quickstart guide](../key-vault/secrets/quick-create-portal.md). You can also select the _Create a key vault_ link beneath the Key Vault selection to create a new Key Vault instance.  
 
 1. Choose the specific key using the **Customer-managed key (RSA)** drop-down. If there are multiple versions of the key to choose from, use the **Version** drop-down.
    :::image type="content" source="media/cache-how-to-encryption/cache-encryption-existing-key.png" alt-text="Screenshot showing the select identity and key fields completed for Encryption.":::
-   
+
 1. If using the **URI** input method, enter the Key Identifier URI for your chosen key from Azure Key Vault.  
 
 1. Select **Save**

articles/azure-cache-for-redis/cache-whats-new.md

@@ -7,15 +7,21 @@ ms.custom: references_regions
 ms.author: franlanglois
 ms.service: cache
 ms.topic: conceptual
-ms.date: 01/23/2024
+ms.date: 02/28/2024
 
 ---
 
 # What's New in Azure Cache for Redis
 
+## February 2024
+
+Support for using customer managed keys for disk (CMK) encryption has now reached General Availability (GA).
+
+For more information, see [How to configure CMK encryption on Enterprise caches](cache-how-to-encryption.md#how-to-configure-cmk-encryption-on-enterprise-caches).
+
 ## January 2024
 
-All tiers of Azure Cache for Redis now support TLS 1.3. 
+All tiers of Azure Cache for Redis now support TLS 1.3.
 
 For more information, see [What are the configuration settings for the TLS protocol?](cache-tls-configuration.md).
 
@@ -54,7 +60,7 @@ Microsoft Entra ID for authentication and role-based access control is available
 
 ### Microsoft Entra ID authentication and authorization (preview)
 
-Microsoft Entra ID based [authentication and authorization](cache-azure-active-directory-for-authentication.md) is now available for public preview with Azure Cache for Redis. With this Microsft Entra ID integration, users can connect to their cache instance without an access key and use [role-based access control](cache-configure-role-based-access-control.md) to connect to their cache instance.
+Microsoft Entra ID based [authentication and authorization](cache-azure-active-directory-for-authentication.md) is now available for public preview with Azure Cache for Redis. With this Microsoft Entra ID integration, users can connect to their cache instance without an access key and use [role-based access control](cache-configure-role-based-access-control.md) to connect to their cache instance.
 
 This feature is available for Azure Cache for Redis Basic, Standard, and Premium SKUs. With this update, customers can look forward to increased security and a simplified authentication process when using Azure Cache for Redis.