Merge pull request #104571 from orspod/ongoing-changes

GitHubber17 · web-flow · commit b39a873e1849 · 2020-02-16T16:04:20.000-08:00
Ongoing changes - CMK docs
diff --git a/articles/data-explorer/ingest-data-event-grid.md b/articles/data-explorer/ingest-data-event-grid.md
@@ -1,9 +1,9 @@
 ---
 title: 'Ingest Azure Blobs into Azure Data Explorer'
 description: In this article, you learn how to send storage account data to Azure Data Explorer using an Event Grid subscription.
-author: radennis
-ms.author: radennis
-ms.reviewer: orspodek
+author: orspod
+ms.author: orspodek
+ms.reviewer: tzgitlin
 ms.service: data-explorer
 ms.topic: conceptual
 ms.date: 06/03/2019
diff --git a/articles/data-explorer/managed-identities.md b/articles/data-explorer/managed-identities.md
@@ -11,7 +11,7 @@ ms.date: 01/06/2020
 
 # Configure managed identities for your Azure Data Explorer cluster
 
-A [managed identity from Azure Active Directory](/azure/active-directory/managed-identities-azure-resources/overview) allows your cluster to easily access other AAD-protected resources such as Azure Key Vault. The identity is managed by the Azure platform and doesn't require you to provision or rotate any secrets. This article shows you how to create a managed identity for Azure Data Explorer clusters. 
+A [managed identity from Azure Active Directory](/azure/active-directory/managed-identities-azure-resources/overview) allows your cluster to easily access other AAD-protected resources such as Azure Key Vault. The identity is managed by the Azure platform and doesn't require you to provision or rotate any secrets. This article shows you how to create a managed identity for Azure Data Explorer clusters. Managed identity configuration is currently supported only to [enable customer-managed keys for your cluster](/azure/data-explorer/security#customer-managed-keys-with-azure-key-vault).
 
 > [!Note]
 > Managed identities for Azure Data Explorer won't behave as expected if your app is migrated across subscriptions or tenants. The app will need to obtain a new identity, which can be done by disabling and re-enabling the feature using [remove an identity](#remove-an-identity). Access policies of downstream resources will also need to be updated to use the new identity.
diff --git a/articles/data-explorer/media/ingest-data-iot-hub/iot-hub-connection.png b/articles/data-explorer/media/ingest-data-iot-hub/iot-hub-connection.png
diff --git a/articles/data-explorer/security.md b/articles/data-explorer/security.md
@@ -29,10 +29,10 @@ The Azure Active Directory (Azure AD) managed identities for Azure resources fea
 
 By default, data is encrypted with Microsoft-managed keys. For additional control over encryption keys, you can supply customer-managed keys to use for data encryption. You can manage encryption of your data at the storage level with your own keys. A customer-managed key is used to protect and control access to the root encryption key, which is used to encrypt and decrypt all data. Customer-managed keys offer greater flexibility to create, rotate, disable, and revoke access controls. You can also audit the encryption keys used to protect your data.
 
-Use Azure Key Vault to store your customer-managed keys. You can create your own keys and store them in a key vault, or you can use an Azure Key Vault API to generate keys. The Azure Data Explorer cluster and the Azure Key Vault must be in the same region, but they can be in different subscriptions. For more information about Azure Key Vault, see [What is Azure Key Vault?](/azure/key-vault/key-vault-overview). For a detailed explanation on customer-managed keys, see [Customer-managed keys with Azure Key Vault](/azure/storage/common/storage-service-encryption)
+Use Azure Key Vault to store your customer-managed keys. You can create your own keys and store them in a key vault, or you can use an Azure Key Vault API to generate keys. The Azure Data Explorer cluster and the Azure Key Vault must be in the same region, but they can be in different subscriptions. For more information about Azure Key Vault, see [What is Azure Key Vault?](/azure/key-vault/key-vault-overview). For a detailed explanation on customer-managed keys, see [Customer-managed keys with Azure Key Vault](/azure/storage/common/storage-service-encryption). Configure customer-managed keys in your Azure Data Explorer cluster using [C#](/azure/data-explorer/customer-managed-keys-csharp) or the [Azure Resource Manager template](/azure/data-explorer/customer-managed-keys-resource-manager)
 
 > [!Note]
-> Customer-managed keys rely on managed identities for Azure resources, a feature of Azure Active Directory (Azure AD). To configure customer-managed keys in the Azure portal, you need to configure a **SystemAssigned** managed identity to your cluster.
+> Customer-managed keys rely on managed identities for Azure resources, a feature of Azure Active Directory (Azure AD). To configure customer-managed keys in the Azure portal, you need to configure a **SystemAssigned** managed identity to your cluster as detailed in [Configure managed identities for your Azure Data Explorer cluster](/azure/data-explorer/managed-identities).
 
 #### Store customer-managed keys in Azure Key Vault
 
@@ -55,8 +55,8 @@ Using [role-based access control (RBAC)](/azure/role-based-access-control/overvi
 
 ## Next steps
 
-* [Configure managed identities for your Azure Data Explorer cluster](managed-identities.md)
 * [Secure your cluster in Azure Data Explorer - Portal](manage-cluster-security.md) by enabling encryption at rest.
+* [Configure managed identities for your Azure Data Explorer cluster](managed-identities.md)
 * [Configure customer-managed-keys using the Azure Resource Manager template](customer-managed-keys-resource-manager.md)
 * [Configure customer-managed-keys using C#](customer-managed-keys-csharp.md)
 
