changes based on Tamras feedbackj

Author: jimmart-dev

articles/storage/common/customer-managed-keys-overview.md

@@ -6,7 +6,7 @@ services: storage
 author: tamram
 
 ms.service: storage
-ms.date: 03/08/2023
+ms.date: 03/09/2023
 ms.topic: conceptual
 ms.author: tamram
 ms.reviewer: ozgun
@@ -111,7 +111,7 @@ When you enable or disable customer-managed keys, or when you modify the key or
 > [!NOTE]
 > To rotate a key, create a new version of the key in the key vault or managed HSM, according to your compliance policies. Azure Storage does not handle key rotation, so you will need to manage rotation of the key in the key vault. You can [rotate your keys manually](customer-managed-keys-configure-existing-account.md#configure-encryption-for-manual-updating-of-key-versions) or [configure them to rotate automatically](customer-managed-keys-configure-existing-account.md#configure-encryption-for-automatic-updating-of-key-versions).
 
-## Revoke access with customer-managed keys
+## Revoke access to a storage account that uses customer-managed keys
 
 To revoke access to a storage account that uses customer-managed keys, disable the key that is currently being used. To learn how to disable a key in the Azure key vault, see [The impact of changing customer-managed keys](customer-managed-keys-configure-existing-account.md#the-impact-of-changing-customer-managed-keys). After the key has been disabled, clients can't call operations that read from or write to a blob or its metadata. Attempts to call any of the following operations will fail with error code 403 (Forbidden) for all users:
 

includes/storage-customer-managed-keys-change-include.md

@@ -5,7 +5,7 @@ services: storage
 author: tamram
 ms.service: storage
 ms.topic: "include"
-ms.date: 03/01/2023
+ms.date: 03/09/2023
 ms.author: tamram
 ms.custom: "include file", engagement-fy23
 ---
@@ -14,8 +14,6 @@ ms.custom: "include file", engagement-fy23
 
 You can change the key that you are using for Azure Storage encryption at any time.
 
-If the new key is in a different key vault, you must [grant the managed identity access to the key in the new vault](../articles/storage/common/customer-managed-keys-configure-existing-account.md#choose-a-managed-identity-to-authorize-access-to-the-key-vault). If you choose manual updating of the key version, you will also need to [update the key vault URI](../articles/storage/common/customer-managed-keys-configure-existing-account.md#configure-encryption-for-manual-updating-of-key-versions).
-
 # [Azure portal](#tab/azure-portal)
 
 To change the key with the Azure portal, follow these steps:

includes/storage-customer-managed-keys-revoke-include.md

@@ -5,21 +5,21 @@ services: storage
 author: tamram
 ms.service: storage
 ms.topic: "include"
-ms.date: 03/08/2023
+ms.date: 03/09/2023
 ms.author: tamram
 ms.custom: "include file"
 ---
 
-## Revoke access with customer-managed keys
+## Revoke access to a storage account that uses customer-managed keys
 
 To temporarily revoke access to a storage account that is using customer-managed keys, disable the key currently being used in the key vault. Disabling the key will cause attempts to access data in the storage account to fail with error code 403 (Forbidden). For a list of storage account operations that will be affected, see [Revoke access with customer-managed keys](../articles/storage/common/customer-managed-keys-overview.md#revoke-access-with-customer-managed-keys).
 
 # [Azure portal](#tab/azure-portal)
 
 To disable a customer-managed key with the Azure portal, follow these steps:
 
-1. Navigate to the key vault that contains the CMK.
-1. Under **Objects** select **Keys**.
+1. Navigate to the key vault that contains the key.
+1. Under **Objects**, select **Keys**.
 1. Right-click the key and select **Disable**.
 
     :::image type="content" source="../articles/storage/common/media/customer-managed-keys-configure-common/portal-disable-CMK.png" alt-text="Screenshot showing how to disable a customer-managed key in the key vault.":::