MicrosoftDocs
diff --git a/‎articles/virtual-machines/linux/disk-encryption-faq.yml
Lines changed: 16 additions & 22 deletions b/‎articles/virtual-machines/linux/disk-encryption-faq.yml
Lines changed: 16 additions & 22 deletions
@@ -8,7 +8,7 @@ metadata:
   ms.subservice: security
   ms.topic: faq
   ms.author: mbaldwin
-  ms.date: 02/20/2024
+  ms.date: 08/06/2024
 title: Azure Disk Encryption for Linux virtual machines FAQ
 summary: |
   This article provides answers to frequently asked questions (FAQ) about Azure Disk Encryption for Linux virtual machines (VMs). For more information about this service, see [Azure Disk Encryption overview](disk-encryption-overview.md).
@@ -18,21 +18,21 @@ sections:
   - name: Ignored
     questions:
       - question: |
-          What is Azure Disk Encryption for Linux VMs?
+          What is Azure Disk Encryption for Linux virtual machines?
         answer: |
-          Azure Disk Encryption for Linux VMs uses the dm-crypt feature of Linux to provide full disk encryption of the OS disk* and data disks. Additionally, it provides encryption of the temporary disk when using the [EncryptFormatAll feature](disk-encryption-linux.md#use-encryptformatall-feature-for-data-disks-on-linux-vms). The content flows encrypted from the VM to the Storage backend. Thereby, providing end-to-end encryption with a customer-managed key.
+          Azure Disk Encryption for Linux virtual machines uses the dm-crypt feature of Linux to provide full disk encryption of the OS disk* and data disks. Additionally, it provides encryption of the temporary disk when using the [EncryptFormatAll feature](disk-encryption-linux.md#use-encryptformatall-feature-for-data-disks-on-linux-vms). The content flows encrypted from the VM to the Storage backend with a customer-managed key.
            
-          See [Supported VMs and operating systems](disk-encryption-overview.md#supported-vms-and-operating-systems).
+          See [Supported virtual machines and operating systems](disk-encryption-overview.md#supported-vms-and-operating-systems).
           
       - question: |
           Where is Azure Disk Encryption in general availability (GA)?
         answer: |
-          Azure Disk Encryption for Linux VMs is in general availability in all Azure public regions.
+          Azure Disk Encryption for Linux virtual machines is in general availability in all Azure public regions.
 
       - question: |
           What user experiences are available with Azure Disk Encryption?
         answer: |
-          Azure Disk Encryption GA supports Azure Resource Manager templates, Azure PowerShell, and Azure CLI. The different user experiences give you flexibility. You have three different options for enabling disk encryption for your VMs. For more information on the user experience and step-by-step guidance available in Azure Disk Encryption, see [Azure Disk Encryption scenarios for Linux](disk-encryption-linux.md).
+          Azure Disk Encryption GA supports Azure Resource Manager templates, Azure PowerShell, and Azure CLI. The different user experiences give you flexibility. You have three different options for enabling disk encryption for your virtual machines. For more information on the user experience and step-by-step guidance available in Azure Disk Encryption, see [Azure Disk Encryption scenarios for Linux](disk-encryption-linux.md).
           
       - question: |
           How much does Azure Disk Encryption cost?
@@ -54,7 +54,7 @@ sections:
         answer: |
           Yes, you can encrypt both boot and data volumes, or you can encrypt the data volume without having to encrypt the OS volume first. 
           
-          After you've encrypted the OS volume, disabling encryption on the OS volume isn't supported. For Linux VMs in a scale set, only the data volume can be encrypted.
+          After you've encrypted the OS volume, disabling encryption on the OS volume isn't supported. For Linux virtual machines in a scale set, only the data volume can be encrypted.
           
       - question: |
           Can I encrypt an unmounted volume with Azure Disk Encryption?
@@ -67,23 +67,17 @@ sections:
           Storage server-side encryption encrypts Azure managed disks in Azure Storage. Managed disks are encrypted by default with Server-side encryption with a platform-managed key (as of June 10, 2017). You can manage encryption of managed disks with your own keys by specifying a customer-managed key. For more information see: [Server-side encryption of Azure managed disks](../disk-encryption.md).
            
       - question: |
-          How is Azure Disk Encryption different from Storage server-side encryption with customer-managed key and when should I use each solution?
+          How is Azure Disk Encryption different from other disk encryption solutions and when should I use each solution?
         answer: |
-          Azure Disk Encryption provides end-to-end encryption for the OS disk, data disks, and the temporary disk, using a customer-managed key.
-          - If your requirements include encrypting all of the above and end-to-end encryption, use Azure Disk Encryption. 
-          - If your requirements include encrypting only data at rest with customer-managed key, then use [Server-side encryption with customer-managed keys](../disk-encryption.md). You cannot encrypt a disk with both Azure Disk Encryption and Storage server-side encryption with customer-managed keys. 
-          - If your Linux distro is not listed under [supported operating systems for Azure Disk Encryption](disk-encryption-overview.md#supported-operating-systems) or you are using a scenario called out in the [restrictions](disk-encryption-linux.md#restrictions), consider [Server-side encryption with customer-managed keys](../disk-encryption.md).
-          - If your organization's policy allows you to encrypt content at rest with an Azure-managed key, then no action is needed - the content is encrypted by default. For managed disks, the content inside storage is encrypted by default with Server-side encryption with platform-managed key. The key is managed by the Azure Storage service. 
-          
-          
+          See [Overview of managed disk encryption options](../disk-encryption-overview.md). 
           
       - question: |
           How do I rotate secrets or encryption keys?
         answer: |
           To rotate secrets, just call the same command you used originally to enable disk encryption, specifying a different Key Vault. To rotate the key encryption key, call the same command you used originally to enable disk encryption, specifying the new key encryption. 
           
           >[!WARNING]
-          > - If you have previously used [Azure Disk Encryption with Microsoft Entra app](disk-encryption-linux-aad.md) by specifying Microsoft Entra credentials to encrypt this VM, you will have to continue use this option to encrypt your VM. You can't use Azure Disk Encryption on this encrypted VM as this isn't a supported scenario, meaning switching away from Microsoft Entra application for this encrypted VM isn't supported yet.
+          > - If you previously used [Azure Disk Encryption with Microsoft Entra app](disk-encryption-linux-aad.md) by specifying Microsoft Entra credentials to encrypt this VM, you must continue to use this option to encrypt your VM. You can't use Azure Disk Encryption on this encrypted VM as this isn't a supported scenario, meaning switching away from Microsoft Entra application for this encrypted VM isn't supported yet.
           
       - question: |
           How do I add or remove a key encryption key if I didn't originally use one?
@@ -118,10 +112,10 @@ sections:
       - question: |
           Is Azure Disk Encryption using a Microsoft Entra app (previous release) still supported?
         answer: |
-          Yes. Disk encryption using a Microsoft Entra app is still supported. However, when encrypting new VMs it's recommended that you use the new method rather than encrypting with a Microsoft Entra app. 
+          Yes. Disk encryption using a Microsoft Entra app is still supported. However, when encrypting new virtual machines it's recommended that you use the new method rather than encrypting with a Microsoft Entra app. 
 
       - question: |
-          Can I migrate VMs that were encrypted with a Microsoft Entra app to encryption without a Microsoft Entra app?
+          Can I migrate virtual machines that were encrypted with a Microsoft Entra app to encryption without a Microsoft Entra app?
         answer:   Currently, there isn't a direct migration path for machines that were encrypted with a Microsoft Entra app to encryption without a Microsoft Entra app. Additionally, there isn't a direct path from encryption without a Microsoft Entra app to encryption with an AD app. 
 
       - question: |
@@ -149,7 +143,7 @@ sections:
         answer: |
           The following workflow is recommended to have the best results on Linux:
           * Start from the unmodified stock gallery image corresponding to the needed OS distro and version
-          * Back up any mounted drives that will be encrypted.  This back up allows for recovery if there's a failure, for example if the VM is rebooted before encryption has completed.
+          * Back up any mounted drives you want encrypted.  This back up allows for recovery if there's a failure, for example if the VM is rebooted before encryption has completed.
           * Encrypt (can take several hours or even days depending on VM characteristics and size of any attached data disks)
           * Customize, and add software to the image as needed.
           
@@ -158,7 +152,7 @@ sections:
       - question: |
           What is the disk "Bek Volume" or "/mnt/azure_bek_disk"?
         answer: |
-          The "Bek volume" is a local data volume that securely stores the encryption keys for Encrypted Azure VMs.
+          The "Bek volume" is a local data volume that securely stores the encryption keys for Encrypted Azure virtual machines.
           > [!NOTE]
           > Do not delete or edit any contents in this disk. Do not unmount the disk since the encryption key presence is needed for any encryption operations on the IaaS VM.
           
@@ -178,12 +172,12 @@ sections:
         answer: |
           Encryption of XFS OS disks is supported.
           
-          Encryption of XFS data disks is supported only when the EncryptFormatAll parameter is used. This will reformat the volume, erasing any data previously there. For more information, see the [EncryptFormatAll criteria](disk-encryption-linux.md#use-encryptformatall-feature-for-data-disks-on-linux-vms).
+          Encryption of XFS data disks is supported only when the EncryptFormatAll parameter is used. This option reformats the volume, erasing any data previously there. For more information, see the [EncryptFormatAll criteria](disk-encryption-linux.md#use-encryptformatall-feature-for-data-disks-on-linux-vms).
 
       - question: |
           Is resizing the OS partition supported?
         answer: |
-          Resize of an ADE encrypted OS disk is currently not supported.
+          Resize of an Azure Disk Encryption encrypted OS disk isn't supported.
                     
       - question: |
           Can I backup and restore an encrypted VM?