Sudheesh suggestions

Author: markingmyname

articles/mysql/flexible-server/concepts-customer-managed-key-mysql-flexible-server.md renamed to articles/mysql/flexible-server/concepts-customer-managed-key.md

@@ -12,10 +12,15 @@ ms.topic: conceptual
 
 # Customer managed keys data encryption – Azure Database for MySQL – Flexible Server Preview
 
+[!INCLUDE[applies-to-mysql-flexible-server](../includes/applies-to-mysql-flexible-server.md)]
+
 With data encryption with customer-managed keys for Azure Database for MySQL - Flexible Server Preview, you can bring your own key (BYOK) for data protection at rest and implement separation of duties for managing keys and data. With customer managed keys (CMKs), the customer is responsible for and in a full control of key lifecycle management (key creation, upload, rotation, deletion), key usage permissions, and auditing operations on keys. 
 
 Data encryption with CMKs is set at the server level. For a given server, a CMK, called the key encryption key (KEK), is used to encrypt the data encryption key (DEK) used by the service. The KEK is an asymmetric key stored in a customer-owned and customer-managed [Azure Key Vault instance](../../key-vault/general/security-features.md). Key Vault is highly available and scalable secure storage for RSA cryptographic keys, optionally backed by FIPS 140-2 Level 2 validated hardware security modules (HSMs). Key Vault does not allow direct access to a stored key, but instead provides encryption/decryption services using the key to the authorized entities. The key can be generated by the key vault, imported, or  [transferred to the key vault from an on-prem HSM device](../../key-vault/keys/hsm-protected-keys.md).
 
+> [!Note]
+> In the Public Preview, we can't enable geo redundancy on a flexible server that has CMK enabled, nor can we enable geo redundancy on a flexible server that has CMK enabled. 
+
 ## Terminology and description
 
 **Data encryption key (DEK)**: A symmetric AES256 key used to encrypt a partition or block of data. Encrypting each block of data with a different key makes crypto analysis attacks more difficult. Access to DEKs is needed by the resource provider or application instance that is encrypting and decrypting a specific block. When you replace a DEK with a new key, only the data in its associated block must be re-encrypted with the new key. 
@@ -44,7 +49,7 @@ To configure the CMK for an Azure Database for MySQL flexible server, you need t
 
 When you configure a flexible server to use a CMK stored in the key vault, the server sends the DEK to the key vault for encryptions. Key Vault returns the encrypted DEK, which is stored in the user database. Similarly, when needed, the flexible server will send the protected DEK to the key vault for decryption.
 
-:::image type="content" source="media/concepts-customer-managed-key-mysql-flexible-server/mysql-customer-managed-key.jpg" alt-text="Diagram of how data encryption with a customer-managed key works.":::
+:::image type="content" source="media/concepts-customer-managed-key/mysql-customer-managed-key.jpg" alt-text="Diagram of how data encryption with a customer-managed key works.":::
 
 After logging is enabled, auditors can use Azure Monitor to review Key Vault audit event logs. To enable logging of [Key Vault auditing events](../../key-vault/key-vault-insights-overview.md), see Monitoring your key vault service with Key Vault insights.
 
@@ -70,7 +75,7 @@ Before you attempt to configure the CMK, be sure to address the following requir
 - If you're [importing an existing key](/rest/api/keyvault/keys/import-key/import-key?tabs=HTTP) into the key vault, make sure to provide it in the supported file formats (.pfx, .byok, .backup).
 
 > [!Note]
-> For detailed, step-by-step instructions about how to configure date encryption for an Azure Database for MySQL flexible server via the Azure portal, see [Configure data encryption for MySQL Flexible server](../single-server/how-to-data-encryption-portal.md).
+> For detailed, step-by-step instructions about how to configure date encryption for an Azure Database for MySQL flexible server via the Azure portal, see [Configure data encryption for MySQL Flexible server](how-to-data-encryption-portal.md).
 
 ## Recommendations for configuring data encryption 
 
@@ -114,16 +119,13 @@ Once Azure Database for MySQL flexible server is encrypted with a customer's man
 
 When attempting to restore an Azure Database for MySQL flexible server, you're given the option to select the User managed identity, and Key to encrypt the restore server.
 
-> [!Note]
-> In the Public Preview, we cannot enable geo redundancy on a flexible server that has CMK enabled, nor can we enable geo redundancy on a flexible server that has CMK enabled. 
-
 To avoid issues while setting up customer-managed data encryption during restore or read replica creation, it's important to follow these steps on the source and restored/replica servers:
 
 - Initiate the restore or read replica creation process from the source Azure Database for MySQL Flexible server.
 - On the restored/replica server, revalidate the customer-managed key in the data encryption settings to ensure that the User managed identity is given _Get, List, Wrap key_ and _Unwrap key_ permissions to the key stored in Key Vault.
 
 ## Next steps
-- [Data encryption with Azure CLI (Preview)](tutorial-data-encryption-mysql-flexible-server-cli.md)
-- [Data encryption with Azure portal (Preview)](tutorial-data-encryption-mysql-flexible-server-portal.md)
+- [Data encryption with Azure CLI (Preview)](how-to-data-encryption-cli.md)
+- [Data encryption with Azure portal (Preview)](how-to-data-encryption-portal.md)
 - [Azure Key Vault instance](../../key-vault/general/security-features.md)
 - [Security in encryption rest](../../security/fundamentals/encryption-atrest.md)

articles/mysql/flexible-server/tutorial-data-encryption-mysql-flexible-server-cli.md renamed to articles/mysql/flexible-server/how-to-data-encryption-cli.md

@@ -7,10 +7,12 @@ ms.reviewer: maghan
 ms.date: 09/15/2022
 ms.service: mysql
 ms.subservice: flexible-server
-ms.topic: conceptual
+ms.topic: how-to
 ---
 
-# Tutorial: Data encryption for Azure Database for MySQL - Flexible Server with Azure CLI Preview
+# Data encryption for Azure Database for MySQL - Flexible Server with Azure CLI Preview
+
+[!INCLUDE[applies-to](../includes/applies-to.md)]
 
 This tutorial shows you how to set up and manage data encryption for your Azure Database for MySQL - Flexible Server using Azure CLI preview.
 
@@ -77,6 +79,9 @@ You can verify the above attributes of the key by using the following command:
 az keyvault key show --vault-name \<key\_vault\_name\> -n \<key\_name\>
 ```
 
+> [!Note]
+> In the Public Preview, we can't enable geo redundancy on a flexible server that has CMK enabled, nor can we enable geo redundancy on a flexible server that has CMK enabled. 
+
 ## Update an existing MySQL flexible server with data encryption
 
 Set or change key and identity for data encryption:
@@ -243,5 +248,6 @@ The params **identityUri** and **primaryKeyUri** are the resource ID of the user
 
 ## Next steps
 
-- [Customer managed keys data encryption (Preview)](concepts-customer-managed-key-mysql-flexible-server.md)
-- [Data encryption with Azure portal (Preview)](tutorial-data-encryption-mysql-flexible-server-portal.md)
+- [Customer managed keys data encryption (Preview)](concepts-customer-managed-key.md)
+- [Data encryption with Azure portal (Preview)](how-to-data-encryption-portal.md)
+

articles/mysql/flexible-server/tutorial-data-encryption-mysql-flexible-server-portal.md renamed to articles/mysql/flexible-server/how-to-data-encryption-portal.md

@@ -7,10 +7,12 @@ ms.reviewer: maghan
 ms.date: 09/15/2022
 ms.service: mysql
 ms.subservice: flexible-server
-ms.topic: conceptual
+ms.topic: how-to
 ---
 
-# Tutorial: Data encryption for Azure Database for MySQL - Flexible Server by using the Azure portal Preview
+# Data encryption for Azure Database for MySQL - Flexible Server by using the Azure portal Preview
+
+[!INCLUDE[applies-to](../includes/applies-to.md)]
 
 This tutorial shows you how to set up and manage data encryption for your Azure Database for MySQL flexible server.
 
@@ -32,33 +34,36 @@ In this tutorial, you learn how to:
 
 1. In Key Vault, select **Access policies**, and then select **Create**.
 
-    :::image type="content" source="media/tutorial-set-data-encryption-portal-mysql-flexible-server/1-mysql-key-vault-access-policy.jpeg" alt-text="Screenshot of Key Vault Access Policy in the Azure portal.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/1-mysql-key-vault-access-policy.jpeg" alt-text="Screenshot of Key Vault Access Policy in the Azure portal.":::
 
 2. On the **Permissions** tab, select the following **Key permissions - Get** , **List** , **Wrap Key** , **Unwrap Key**.
 
 3. On the **Principal** tab, select the User-assigned Managed Identity.
 
-    :::image type="content" source="media/tutorial-set-data-encryption-portal-mysql-flexible-server/2-mysql-principal-tab.jpeg" alt-text="Screenshot of the principal tab in the Azure portal.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/2-mysql-principal-tab.jpeg" alt-text="Screenshot of the principal tab in the Azure portal.":::
 
 4. Select **Create**.
 
+> [!Note]
+> In the Public Preview, we can't enable geo redundancy on a flexible server that has CMK enabled, nor can we enable geo redundancy on a flexible server that has CMK enabled. 
+
 ## Configure customer managed key
 
 To set up the customer managed key, perform the following steps.
 
 1. In the portal, navigate to your Azure Database for MySQL flexible server, and then, under **Security** , select **Data encryption**.
 
-    :::image type="content" source="media/tutorial-set-data-encryption-portal-mysql-flexible-server/3-mysql-data-encryption.jpeg" alt-text="Screenshot of the data encryption page.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/3-mysql-data-encryption.jpeg" alt-text="Screenshot of the data encryption page.":::
 
 2. On the **Data encryption** page, under **No identity assigned** , select **Change identity** ,
 
 3. In the **Select user assigned**** managed identity **dialog box, select the** demo-umi **identity, and then select** Add**.
 
-    :::image type="content" source="media/tutorial-set-data-encryption-portal-mysql-flexible-server/4-mysql-assigned-managed-identity-demo-uni.jpeg" alt-text="Screenshot of selecting the demo-umi from the assigned managed identity page.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/4-mysql-assigned-managed-identity-demo-uni.jpeg" alt-text="Screenshot of selecting the demo-umi from the assigned managed identity page.":::
 
 4. To the right of **Key selection method** , either **Select a key** and specify a key vault and key pair, or select **Enter a key identifier**.
 
-    :::image type="content" source="media/tutorial-set-data-encryption-portal-mysql-flexible-server/5-mysql-select-key.jpeg" alt-text="Screenshot of the Select Key page in the Azure portal.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/5-mysql-select-key.jpeg" alt-text="Screenshot of the Select Key page in the Azure portal.":::
 
 5. Select **Save**.
 
@@ -69,29 +74,29 @@ To use data encryption as part of a restore operation, perform the following ste
 1. In the Azure portal, on the navigate Overview page for your server, select **Restore**.
     1. On the **Security** tab, you specify the identity and the key.
 
-        :::image type="content" source="media/tutorial-set-data-encryption-portal-mysql-flexible-server/6-mysql-navigate-overview-page.jpeg" alt-text="Screenshot of overview page.":::
+        :::image type="content" source="media/how-to-data-encryption-portal/6-mysql-navigate-overview-page.jpeg" alt-text="Screenshot of overview page.":::
 
 2. Select **Change identity** and select the **User assigned managed identity** and select on **Add**
 **To select the Key** , you can either select a **key vault** and **key pair** or enter a **key identifier**
 
-    :::image type="content" source="media/tutorial-set-data-encryption-portal-mysql-flexible-server/7-mysql-change-identity.jpeg" alt-text="SCreenshot of the change identity page.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/7-mysql-change-identity.jpeg" alt-text="SCreenshot of the change identity page.":::
 
 ## Using Data encryption for replica servers
 
 After your Azure Database for MySQL flexible server is encrypted with a customer's managed key stored in Key Vault, any newly created copy of the server will also be encrypted.
 
 1. To configuration replication, under **Settings** , select **Replication** , and then select **Add replica**.
 
-    :::image type="content" source="media/tutorial-set-data-encryption-portal-mysql-flexible-server/8-mysql-replication.jpeg" alt-text="Screenshot of the Replication page.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/8-mysql-replication.jpeg" alt-text="Screenshot of the Replication page.":::
 
 2. In the Add Replica server to Azure Database for MySQL dialog box, select the appropriate **Compute + storage** option, and then select **OK**.
 
-    :::image type="content" source="media/tutorial-set-data-encryption-portal-mysql-flexible-server/9-mysql-compute-storage.jpeg" alt-text="Screenshot of the Compute + Storage page.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/9-mysql-compute-storage.jpeg" alt-text="Screenshot of the Compute + Storage page.":::
 
-    > [!Important}
+    > [!Important]
     > When trying to encrypt Azure Database for MySQL flexible server with a customer managed key that already has a replica(s), we recommend configuring the replica(s) as well by adding the managed identity and key.
 
 ## Next steps
 
-- [Customer managed keys data encryption (Preview)](concepts-customer-managed-key-mysql-flexible-server.md)
-- [Data encryption with Azure CLI (Preview)](tutorial-data-encryption-mysql-flexible-server-cli.md)
+- [Customer managed keys data encryption (Preview)](concepts-customer-managed-key.md)
+- [Data encryption with Azure CLI (Preview)](how-to-data-encryption-cli.md)