vivek edits

Author: markingmyname

articles/mysql/flexible-server/concepts-customer-managed-key-mysql-flexible-server.md

@@ -14,7 +14,7 @@ ms.topic: conceptual
 
 With data encryption with customer-managed keys for Azure Database for MySQL - Flexible Server, you can bring your own key (BYOK) for data protection at rest and implement separation of duties for managing keys and data. With customer managed keys (CMKs), the customer is responsible for and in a full control of key lifecycle management (key creation, upload, rotation, deletion), key usage permissions, and auditing operations on keys. 
 
-Data encryption with CMKs is set at the server level. For a given server, a CMK, called the key encryption key (KEK), is used to encrypt the data encryption key (DEK) used by the service. The KEK is an asymmetric key stored in a customer-owned and customer-managed [Azure Key Vault](/azure/key-vault/general/security-features) instance. Key Vault is highly available and scalable secure storage for RSA cryptographic keys, optionally backed by FIPS 140-2 Level 2 validated hardware security modules (HSMs). Key Vault does not allow direct access to a stored key, but instead provides encryption/decryption services using the key to the authorized entities. The key can be generated by the key vault, imported, or [transferred to the key vault from an on-prem HSM device].
+Data encryption with CMKs is set at the server level. For a given server, a CMK, called the key encryption key (KEK), is used to encrypt the data encryption key (DEK) used by the service. The KEK is an asymmetric key stored in a customer-owned and customer-managed [Azure Key Vault](/azure/key-vault/general/security-features.md) instance. Key Vault is highly available and scalable secure storage for RSA cryptographic keys, optionally backed by FIPS 140-2 Level 2 validated hardware security modules (HSMs). Key Vault does not allow direct access to a stored key, but instead provides encryption/decryption services using the key to the authorized entities. The key can be generated by the key vault, imported, or [transferred to the key vault from an on-prem HSM device](/azure/key-vault/keys/hsm-protected-keys.md).
 
 ## Terminology and description
 
@@ -70,7 +70,7 @@ Before you attempt to configure the CMK, be sure to address the following requir
 - If you're [importing an existing key](/rest/api/keyvault/keys/import-key/import-key.md) into the key vault, make sure to provide it in the supported file formats (.pfx, .byok, .backup) 
 
 > [!Note]
-> For detailed, step-by-step instructions about how to configure date encryption for an Azure Database for MySQL flexible server via the Azure portal, see Configure data encryption for MySQL Flexible server.
+> For detailed, step-by-step instructions about how to configure date encryption for an Azure Database for MySQL flexible server via the Azure portal, see [Configure data encryption for MySQL Flexible server](/azure/mysql/single-server/how-to-data-encryption-portal.md).
 
 ## Recommendations for configuring data encryption