Improve acrolinx score

Author: Bharathi Selvaraj

articles/energy-data-services/how-to-manage-data-security-and-encryption.md

@@ -12,12 +12,12 @@ ms.custom: template-how-to
 ---
 # Data security and encryption in Azure Data Manager for Energy
 
-This article provides an overview of security features in Azure Data Manager for Energy. It covers the major areas of [encryption at rest](../security/fundamentals/encryption-atrest.md), encryption in transit, TLS, https, microsoft-managed keys, and customer managed key.
+This article provides an overview of security features in Azure Data Manager for Energy. It covers the major areas of [encryption at rest](../security/fundamentals/encryption-atrest.md), encryption in transit, Transport Layer Security (TLS), https, microsoft-managed keys, and customer managed key.
 
 ## Encrypt data at rest
 
-Azure Data Manager for Energy uses several storage resources for storing metadata, user data, in-memory data etc. The platform uses service-side encryption to automatically encrypt all the data when it is persisted to the cloud. Data encryption at rest protects your data to help you to meet your organizational security and compliance commitments. All data in Azure Data Manager for Energy is encrypted with Microsoft-managed keys by default.
-In addition to Microsoft-managed key, you can use your own encryption key stored in [Azure Key Vault](/azure/key-vault/general/overview) or [Azure Key Vault Managed HSM](/azure/key-vault/managed-hsm/overview) to protect the data in Azure Data Manager for Energy. When you specify a customer-managed key, that key is used to protect and control access to the Microsoft-managed key that encrypts your data.
+Azure Data Manager for Energy uses several storage resources for storing metadata, user data, in-memory data, etc. The platform uses service-side encryption to automatically encrypt and persist data in the cloud. Data encryption at rest protects your data to help you to meet your organizational security and compliance commitments. All data in Azure Data Manager for Energy is encrypted with Microsoft-managed keys by default.
+In addition to Microsoft-managed key, you can use your own encryption key stored in [Azure Key Vault](/azure/key-vault/general/overview) or [Azure Key Vault Managed Hardware Security Module (HSM)](/azure/key-vault/managed-hsm/overview) to protect the data in Azure Data Manager for Energy. When you specify a customer-managed key, that key is used to protect and control access to the Microsoft-managed key that encrypts your data.
 
 ## Encrypt data in transit
 
@@ -27,14 +27,14 @@ In addition to TLS, when you interact with Azure Data Manager for Energy, all tr
 
 ## Set up Customer Managed Keys (CMK) for Azure Data Manager for Energy instance
 > [!IMPORTANT]
-> You cannot edit CMK settings once the Azure Data Manager for Energy instance is created.
+> You can't edit CMK settings once the Azure Data Manager for Energy instance is created.
 
 ### Prerequisites
 
 **Step 1: Configure the key vault**
 
 1. You can use a new or existing key vault to store customer-managed keys. To learn more about Azure Key Vault, see [Azure Key Vault Overview](/azure/key-vault/general/overview) and [What is Azure Key Vault](/azure/key-vault/general/basic-concepts)?
-2. Using customer-managed keys with Azure Data Manager for Energy requires that both soft delete and purge protection be enabled for the key vault. Soft delete is enabled by default when you create a new key vault and cannot be disabled. You can enable purge protection either when you create the key vault or after it is created.
+2. Using customer-managed keys with Azure Data Manager for Energy requires that both soft delete and purge protection are enabled for the key vault. Soft delete is enabled by default when you create a new key vault and can't be disabled. You can enable purge protection when you create the key vault or afterwards.
 3. To learn how to create a key vault with the Azure portal, see [Quickstart: Create a key vault using the Azure portal](/azure/key-vault/general/quick-create-portal). When you create the key vault, select Enable purge protection.
 
    [![Screenshot of enabling purge protection and soft delete while creating key vault](media/how-to-manage-data-security-and-encryption/customer-managed-key-1-create-key-vault.png)](media/how-to-manage-data-security-and-encryption/customer-managed-key-1-create-key-vault.png#lightbox)
@@ -45,45 +45,47 @@ In addition to TLS, when you interact with Azure Data Manager for Energy, all tr
       3. In the **purge protection** section, choose **Enable purge protection**.
 
 **Step 2: Add a key**
-1.	Next, add a key to the key vault.
-2.	To learn how to add a key with the Azure portal, see [Quickstart: Set and retrieve a key from Azure Key Vault using the Azure portal](/azure/key-vault/keys/quick-create-portal).
-3.	It is recommended that the RSA key size is 3072, see [Configure customer-managed keys for your Azure Cosmos DB account | Microsoft Learn](/azure/cosmos-db/how-to-setup-customer-managed-keys#generate-a-key-in-azure-key-vault).
+
+1.	To learn how to add a key with the Azure portal, see [Quickstart: Set and retrieve a key from Azure Key Vault using the Azure portal](/azure/key-vault/keys/quick-create-portal).
+1.	The RSA key size is recommended to be 3072, see [Configure customer-managed keys for your Azure Cosmos DB account | Microsoft Learn](/azure/cosmos-db/how-to-setup-customer-managed-keys#generate-a-key-in-azure-key-vault).
 
 **Step 3: Choose a managed identity to authorize access to the key vault**
-1.	When you enable customer-managed keys for an existing Azure Data Manager for Energy instance you must specify a managed identity that will be used to authorize access to the key vault that contains the key. The managed identity must have permissions to access the key in the key vault.
+
+1.	When you enable customer-managed keys for an existing Azure Data Manager for Energy instance, you must specify a managed identity that is used to authorize access to the key vault that contains the key. The managed identity must have permissions to access the key in the key vault.
 2.	You can create a [user-assigned managed identity](../active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md#create-a-user-assigned-managed-identity).
 
 ### Configure customer-managed keys for an existing account
+
 1.	Create a **Azure Data Manager for Energy** instance.
 2.	Select the **Encryption** tab.
 
    [![Screenshot of Encryption tab while creating Azure Data Manager for Energy.](media/how-to-manage-data-security-and-encryption/customer-managed-key-2-encryption-tab.png)](media/how-to-manage-data-security-and-encryption/customer-managed-key-2-encryption-tab.png#lightbox)
 
 3.	In the encryption tab, select **Customer-managed keys (CMK)**. 
 4.	For using CMK, you need to select the key vault where the key is stored. 
-5.	Select Encryption key as “**Select a key vault and key**.” 
-6.	Then, select “**Select a key vault and key**.”
+5.	Select Encryption key as "**Select a key vault and key**" 
+6.	Then, select "**Select a key vault and key**"
 7.	Next, select the **key vault** and **key**.
 
     [![Screenshot showing selection of subscription, key vault, and key in the right pane that opens after choosing 'select a key vault and key'](media/how-to-manage-data-security-and-encryption/customer-managed-key-3aa-enable-cmk.png)](media/how-to-manage-data-security-and-encryption/customer-managed-key-3aa-enable-cmk.png#lightbox)
 
-8.	Next, select the user-assigned managed identity that will be used to authorize access to the key vault that contains the key. 
-9.	Select “**Select a user identity**.” Select the user-assigned managed identity that you created in the pre-requisites. 
+8.	Next, select the user-assigned managed identity that is used to authorize access to the key vault that contains the key. 
+9.	Select "**Select a user identity**" Select the user-assigned managed identity that you created in the prerequisites. 
 
    [![Screenshot of key vault, key, user assigned identity, and CMK on encryption tab](media/how-to-manage-data-security-and-encryption/customer-managed-key-3bb-select-managed-identity.png)](media/how-to-manage-data-security-and-encryption/customer-managed-key-3bb-select-managed-identity.png#lightbox)
 
 10.	This user assigned identity must have _get key_, _list key_, _wrap key_, and _unwrap key_ permissions on the key vault. For more information on assigning Azure Key Vault access policies, see [Assign a Key Vault Access Policy](/azure/key-vault/general/assign-access-policy). 
 
     [![Screenshot of get, list, wrap, and upwrap key access policy](media/how-to-manage-data-security-and-encryption/customer-managed-key-4-access-policy.png)](media/how-to-manage-data-security-and-encryption/customer-managed-key-4-access-policy.png#lightbox)
 
-11.	You can also select Encryption Key as “**Enter key from Uri**” and enter the "**Key URI**" in the format `https://<your-key-vault-name>.vault.azure.net/keys/<your-key-name>` or `https://<your-hsm-key-vault-name>.managedhsm.azure.net/keys/<your-managed-hsm-key-name>`. It is mandatory for the Key to have soft delete and purge protection to be enabled. You will have to confirm that by checking the box shown below.
+11.	You can also select Encryption Key as "**Enter key from Uri**" and enter the "**Key URI**" in the format `https://<your-key-vault-name>.vault.azure.net/keys/<your-key-name>` or `https://<your-hsm-key-vault-name>.managedhsm.azure.net/keys/<your-managed-hsm-key-name>`. It's mandatory for the Key to have soft delete and purge protection to be enabled. You have to confirm that by checking the box as shown.
 
     [![Screenshot of key vault uri for encryption](media/how-to-manage-data-security-and-encryption/customer-managed-key-5-key-vault-url.png)](media/how-to-manage-data-security-and-encryption/customer-managed-key-5-key-vault-url.png#lightbox)
 
-12.	Next, select “**Review+Create**” after completing other tabs. 
+12.	Next, select "**Review+Create**" after completing other tabs. 
 13.	Select the "**Create**" button. 
 14.	An Azure Data Manager for Energy instance is created with customer-managed keys.
-15.	Once CMK is enabled you will see its status on the **Overview** screen.
+15.	Once CMK is enabled, you see its status on the **Overview** screen.
 
     [![Screenshot of CMK enabled on Azure Data Manager for Energy overview page.](media/how-to-manage-data-security-and-encryption/customer-managed-key-6-cmk-enabled-meds-overview.png)](media/how-to-manage-data-security-and-encryption/customer-managed-key-6-cmk-enabled-meds-overview.png#lightbox)