add paragraph back in that talks about changing the key if ity is in a diff vault

Author: jimmart-dev

articles/storage/common/customer-managed-keys-configure-existing-account.md

@@ -7,7 +7,7 @@ author: tamram
 
 ms.service: storage
 ms.topic: how-to
-ms.date: 03/01/2023
+ms.date: 03/09/2023
 ms.author: tamram
 ms.reviewer: ozgun
 ms.subservice: common 
@@ -277,8 +277,12 @@ When customer-managed keys are enabled or disabled, or the key or key version is
 
 [!INCLUDE [storage-customer-managed-keys-change-include](../../../includes/storage-customer-managed-keys-change-include.md)]
 
+If the new key is in a different key vault, you must [grant the managed identity access to the key in the new vault](#choose-a-managed-identity-to-authorize-access-to-the-key-vault). If you choose manual updating of the key version, you will also need to [update the key vault URI](#configure-encryption-for-manual-updating-of-key-versions).
+
 [!INCLUDE [storage-customer-managed-keys-revoke-include](../../../includes/storage-customer-managed-keys-revoke-include.md)]
 
+Disabling the key will cause attempts to access data in the storage account to fail with error code 403 (Forbidden). For a list of operations that will be affected by disabling the key, see [Revoke access to a storage account that uses customer-managed keys](customer-managed-keys-overview.md#revoke-access-to-a-storage-account-that-uses-customer-managed-keys).
+
 [!INCLUDE [storage-customer-managed-keys-disable-include](../../../includes/storage-customer-managed-keys-disable-include.md)]
 
 ## Next steps

articles/storage/common/customer-managed-keys-configure-new-account.md

@@ -7,7 +7,7 @@ author: tamram
 
 ms.service: storage
 ms.topic: how-to
-ms.date: 09/29/2022
+ms.date: 03/09/2023
 ms.author: tamram
 ms.reviewer: ozgun
 ms.subservice: common 
@@ -195,8 +195,12 @@ When you manually update the key version, you'll need to update the storage acco
 
 [!INCLUDE [storage-customer-managed-keys-change-include](../../../includes/storage-customer-managed-keys-change-include.md)]
 
+If the new key is in a different key vault, you must [grant the managed identity access to the key in the new vault](#use-a-user-assigned-managed-identity-to-authorize-access-to-the-key-vault). If you choose manual updating of the key version, you will also need to [update the key vault URI](#configure-encryption-for-manual-updating-of-key-versions).
+
 [!INCLUDE [storage-customer-managed-keys-revoke-include](../../../includes/storage-customer-managed-keys-revoke-include.md)]
 
+Disabling the key will cause attempts to access data in the storage account to fail with error code 403 (Forbidden). For a list of operations that will be affected by disabling the key, see [Revoke access to a storage account that uses customer-managed keys](customer-managed-keys-overview.md#revoke-access-to-a-storage-account-that-uses-customer-managed-keys).
+
 [!INCLUDE [storage-customer-managed-keys-disable-include](../../../includes/storage-customer-managed-keys-disable-include.md)]
 
 ## Next steps

includes/storage-customer-managed-keys-revoke-include.md

@@ -12,7 +12,7 @@ ms.custom: "include file"
 
 ## Revoke access to a storage account that uses customer-managed keys
 
-To temporarily revoke access to a storage account that is using customer-managed keys, disable the key currently being used in the key vault. Disabling the key will cause attempts to access data in the storage account to fail with error code 403 (Forbidden).
+To temporarily revoke access to a storage account that is using customer-managed keys, disable the key currently being used in the key vault.
 
 # [Azure portal](#tab/azure-portal)