Skip to content

Commit b39a873

Browse files
authored
Merge pull request #104571 from orspod/ongoing-changes
Ongoing changes - CMK docs
2 parents 9a9d200 + 11f4fcc commit b39a873

File tree

4 files changed

+7
-7
lines changed

4 files changed

+7
-7
lines changed

articles/data-explorer/ingest-data-event-grid.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
---
22
title: 'Ingest Azure Blobs into Azure Data Explorer'
33
description: In this article, you learn how to send storage account data to Azure Data Explorer using an Event Grid subscription.
4-
author: radennis
5-
ms.author: radennis
6-
ms.reviewer: orspodek
4+
author: orspod
5+
ms.author: orspodek
6+
ms.reviewer: tzgitlin
77
ms.service: data-explorer
88
ms.topic: conceptual
99
ms.date: 06/03/2019

articles/data-explorer/managed-identities.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ ms.date: 01/06/2020
1111

1212
# Configure managed identities for your Azure Data Explorer cluster
1313

14-
A [managed identity from Azure Active Directory](/azure/active-directory/managed-identities-azure-resources/overview) allows your cluster to easily access other AAD-protected resources such as Azure Key Vault. The identity is managed by the Azure platform and doesn't require you to provision or rotate any secrets. This article shows you how to create a managed identity for Azure Data Explorer clusters.
14+
A [managed identity from Azure Active Directory](/azure/active-directory/managed-identities-azure-resources/overview) allows your cluster to easily access other AAD-protected resources such as Azure Key Vault. The identity is managed by the Azure platform and doesn't require you to provision or rotate any secrets. This article shows you how to create a managed identity for Azure Data Explorer clusters. Managed identity configuration is currently supported only to [enable customer-managed keys for your cluster](/azure/data-explorer/security#customer-managed-keys-with-azure-key-vault).
1515

1616
> [!Note]
1717
> Managed identities for Azure Data Explorer won't behave as expected if your app is migrated across subscriptions or tenants. The app will need to obtain a new identity, which can be done by disabling and re-enabling the feature using [remove an identity](#remove-an-identity). Access policies of downstream resources will also need to be updated to use the new identity.
-1.13 KB
Loading

articles/data-explorer/security.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -29,10 +29,10 @@ The Azure Active Directory (Azure AD) managed identities for Azure resources fea
2929

3030
By default, data is encrypted with Microsoft-managed keys. For additional control over encryption keys, you can supply customer-managed keys to use for data encryption. You can manage encryption of your data at the storage level with your own keys. A customer-managed key is used to protect and control access to the root encryption key, which is used to encrypt and decrypt all data. Customer-managed keys offer greater flexibility to create, rotate, disable, and revoke access controls. You can also audit the encryption keys used to protect your data.
3131

32-
Use Azure Key Vault to store your customer-managed keys. You can create your own keys and store them in a key vault, or you can use an Azure Key Vault API to generate keys. The Azure Data Explorer cluster and the Azure Key Vault must be in the same region, but they can be in different subscriptions. For more information about Azure Key Vault, see [What is Azure Key Vault?](/azure/key-vault/key-vault-overview). For a detailed explanation on customer-managed keys, see [Customer-managed keys with Azure Key Vault](/azure/storage/common/storage-service-encryption)
32+
Use Azure Key Vault to store your customer-managed keys. You can create your own keys and store them in a key vault, or you can use an Azure Key Vault API to generate keys. The Azure Data Explorer cluster and the Azure Key Vault must be in the same region, but they can be in different subscriptions. For more information about Azure Key Vault, see [What is Azure Key Vault?](/azure/key-vault/key-vault-overview). For a detailed explanation on customer-managed keys, see [Customer-managed keys with Azure Key Vault](/azure/storage/common/storage-service-encryption). Configure customer-managed keys in your Azure Data Explorer cluster using [C#](/azure/data-explorer/customer-managed-keys-csharp) or the [Azure Resource Manager template](/azure/data-explorer/customer-managed-keys-resource-manager)
3333

3434
> [!Note]
35-
> Customer-managed keys rely on managed identities for Azure resources, a feature of Azure Active Directory (Azure AD). To configure customer-managed keys in the Azure portal, you need to configure a **SystemAssigned** managed identity to your cluster.
35+
> Customer-managed keys rely on managed identities for Azure resources, a feature of Azure Active Directory (Azure AD). To configure customer-managed keys in the Azure portal, you need to configure a **SystemAssigned** managed identity to your cluster as detailed in [Configure managed identities for your Azure Data Explorer cluster](/azure/data-explorer/managed-identities).
3636
3737
#### Store customer-managed keys in Azure Key Vault
3838

@@ -55,8 +55,8 @@ Using [role-based access control (RBAC)](/azure/role-based-access-control/overvi
5555

5656
## Next steps
5757

58-
* [Configure managed identities for your Azure Data Explorer cluster](managed-identities.md)
5958
* [Secure your cluster in Azure Data Explorer - Portal](manage-cluster-security.md) by enabling encryption at rest.
59+
* [Configure managed identities for your Azure Data Explorer cluster](managed-identities.md)
6060
* [Configure customer-managed-keys using the Azure Resource Manager template](customer-managed-keys-resource-manager.md)
6161
* [Configure customer-managed-keys using C#](customer-managed-keys-csharp.md)
6262

0 commit comments

Comments
 (0)