MicrosoftDocs
diff --git a/‎articles/data-explorer/customer-managed-keys-portal.md
Lines changed: 17 additions & 36 deletions b/‎articles/data-explorer/customer-managed-keys-portal.md
Lines changed: 17 additions & 36 deletions
diff --git a/‎articles/data-explorer/media/customer-managed-keys-portal/cmk-before-save.png
18.8 KB b/‎articles/data-explorer/media/customer-managed-keys-portal/cmk-before-save.png
18.8 KB
diff --git a/‎articles/data-explorer/media/customer-managed-keys-portal/cmk-encryption setting.png
-84.2 KB b/‎articles/data-explorer/media/customer-managed-keys-portal/cmk-encryption setting.png
-84.2 KB
diff --git a/‎articles/data-explorer/media/customer-managed-keys-portal/cmk-encryption-setting.png
123 KB b/‎articles/data-explorer/media/customer-managed-keys-portal/cmk-encryption-setting.png
123 KB
diff --git a/‎articles/data-explorer/media/customer-managed-keys-portal/cmk-key-vault.png
-27.2 KB b/‎articles/data-explorer/media/customer-managed-keys-portal/cmk-key-vault.png
-27.2 KB
diff --git a/‎articles/data-explorer/media/customer-managed-keys-portal/cmk-new-cluster.png
-55.6 KB b/‎articles/data-explorer/media/customer-managed-keys-portal/cmk-new-cluster.png
-55.6 KB
@@ -6,7 +6,7 @@ ms.author: orspodek
 ms.reviewer: itsagui
 ms.service: data-explorer
 ms.topic: conceptual
-ms.date: 03/25/2020
+ms.date: 03/26/2020
 ---
 
 # Configure customer-managed-keys using the Azure Portal
@@ -18,52 +18,33 @@ ms.date: 03/25/2020
 
 [!INCLUDE [data-explorer-configure-customer-managed-keys](../../includes/data-explorer-configure-customer-managed-keys.md)]
 
-## Enable customer-managed keys in the Azure Portal
+## Enable encryption with customer-managed keys in the Azure Portal
 
-This section shows you how to enable customer-managed keys encryption using the Azure portal. 
+This article shows you how to enable customer-managed keys encryption using the Azure portal. By default, Azure Data Explorer encryption uses Microsoft-managed keys. Configure your Azure Data Explorer cluster to use customer-managed keys and specify the key to associate with the cluster.
 
-### Prerequisites
+1. In the [Azure portal](https://portal.azure.com/), go to your [Azure Data Explorer cluster](create-cluster-database-portal.md#create-a-cluster) resource. 
+1. Select **Settings** > **Encryption** in left pane of portal.
+1. In the **Encryption** pane, select **On** for the **Customer-managed key** setting.
+1. Click **Select Key**
 
-* An Azure subscription. Create a [free Azure account](https://azure.microsoft.com/free/).
-* [A cluster and database](create-cluster-database-portal.md).
-* [Configure managed identities for your Azure Data Explorer cluster](managed-identities.md)
+    ![Configure customer managed keys](media/customer-managed-key-portal/cmk-encryption-setting.png)
 
-### Configure cluster
+1. In the **Select key from Azure Key Vault** window, select an existing **Key vault** from the dropdown list. If you select **Create new** to [create a new Key Vault](/azure/key-vault/quick-create-portal#create-a-vault), you'll be routed to the **Create Key Vault** screen.
 
-By default, Azure Data Explorer encryption uses Microsoft-managed keys. Configure your Azure Data Explorer cluster to use customer-managed keys and specify the key to associate with the cluster.
-
-Configure encryption with customer-managed keys
-
-You can configure customer-managed keys for your Azure Data Explorer cluster.
-1. In the Azure portal, go to your Azure Data Explorer cluster resource. Under the Settings heading, select Encryption.
-2. In the Encryption window, select **On** for the Customer-managed key setting.
-3. Click Select Key
-
-![Show databases command](media/customer-managed-key-portal/.png)
-
-4. In the **Select key from Azure Key Vault** screen you can either create a new Key Vault or select an existing one.
-    1. If you choose to create a new Key Vault you'll be routed to the **Create Key Vault** screen where you can create a new Key Vault resource following these instructions. (link to create a key vault)
-    2. If you choose an existing Key Vault you need to either create a new key select an existing key.
-    3. Once you have a key you need to select a version.
-5. Either select **Key** or **create new** ?from Azure Key Vault screen.
-1. Select **Version**.
+1. Select **Key** 
+1. Select **Version**
 1. Click **Select**
-6. Select Save.
-
-## screenshot
 
-By enabling customer-managed key for your Azure Data Explorer cluster behind the scenes you'll be creating a system assigned identity for the cluster if it does not have one.
-In addition you'll be providing the required view permissions to Azure Data Explorer cluster on the selected Key Vault and get the Key Vault properties. (see c# doc)
-(3 steps done as part of process)
+    ![Select key from Azure Key Vault](media/customer-managed-key-portal/cmk-key-vault.png)
 
-when CMK creation succeeds, get success message in notification.
+1. In the **Encrytion** pane that now contains your key, select **Save**. When CMK creation succeeds, you will see a success message in **Notifications**.
 
-Note
-Select **Off** to remove the customer managed key after it has been created.
+    ![Save customer managed key](media/customer-managed-key-portal/cmk-encryption-setting.png)
 
-## Update the key version
+By enabling customer-managed keys for your Azure Data Explorer cluster, you'll be creating a system assigned identity for the cluster if one doesn't exist. In addition, you'll be providing the required view permissions to your Azure Data Explorer cluster on the selected Key Vault and get the Key Vault properties. 
 
-When you create a new version of a key, you'll need to update the cluster to use the new version. First, call `Get-AzKeyVaultKey` to get the latest version of the key. Then update the cluster's key vault properties to use the new version of the key, as shown in [Configure cluster](#configure-cluster).
+> [!NOTE]
+> Select **Off** to remove the customer managed key after it has been created.
 
 ## Next steps