Merge pull request #275667 from dileepraotv-github/17052024_CMK_Updates

prmerger-automator[bot] · web-flow · commit bbe71083a930 · 2024-06-05T03:39:45.000Z
Updated the document to add more clarity based on customer questions …
diff --git a/articles/cosmos-db/how-to-setup-customer-managed-keys-existing-accounts.md b/articles/cosmos-db/how-to-setup-customer-managed-keys-existing-accounts.md
@@ -58,9 +58,6 @@ The output of this CLI command for enabling CMK waits for the completion of encr
 
 For enabling CMK on existing account that has continuous backup and point in time restore enabled, we need to follow some extra steps. Follow step 1 to step 5 and then follow instructions to enable CMK on existing account.
 
-> [!NOTE]
-> System-assigned identity and continuous backup mode is currently under Public Preview and may change in the future. Currently, only user-assigned managed identity is supported for enabling CMK on continuous backup accounts.
-
 
 
 1. Configure managed identity to your cosmos account [Configure managed identities with Microsoft Entra ID for your Azure Cosmos DB account](./how-to-setup-managed-identity.md)
diff --git a/articles/cosmos-db/how-to-setup-customer-managed-keys.md b/articles/cosmos-db/how-to-setup-customer-managed-keys.md
@@ -640,6 +640,8 @@ Rotating the customer-managed key used by your Azure Cosmos DB account can be do
 
 The previous key or key version can be disabled after the [Azure Key Vault audit logs](../key-vault/general/logging.md) don't show activity from Azure Cosmos DB on that key or key version anymore. No more activity should take place on the previous key or key version after 24 hours of key rotation.
 
+[Key auto-rotation in Azure Key Vault](../key-vault/keys/how-to-configure-key-rotation.md) is supported as long as the previous key is not disabled or deleted. The internal systems need some time to catch up with the new version of the key after validating that the account is not in revoked state or in transition to enable customer-managed keys.  
+
 ## Error handling
 
 If there are any errors with customer-managed keys in Azure Cosmos DB, Azure Cosmos DB returns the error details along with an HTTP substatus code in the response. You can use the HTTP substatus code to debug the root cause of the issue. See the [HTTP Status Codes for Azure Cosmos DB](/rest/api/cosmos-db/http-status-codes-for-cosmosdb) article to get the list of supported HTTP substatus codes.
@@ -676,7 +678,7 @@ All the data stored in your Azure Cosmos DB account is encrypted with the custom
 
 ### Are customer-managed keys supported for existing Azure Cosmos DB accounts?
 
-This feature is currently available only for new accounts.
+Yes. You can refer to [How to setup customer-managed keys for your existing Azure Cosmos DB accounts](./how-to-setup-customer-managed-keys-existing-accounts.md)
 
 ### Is it possible to use customer-managed keys with the Azure Cosmos DB [analytical store](analytical-store-introduction.md)?
 
