clarify disk encryption

tamram · tamram · commit d9a7ce9d3e30 · 2024-02-01T14:22:34.000-06:00
diff --git a/articles/aks/TOC.yml b/articles/aks/TOC.yml
@@ -363,11 +363,11 @@
           items:
             - name: Cluster autoscaler overview
               href: cluster-autoscaler-overview.md
-            - name: Use the Cluster autoscaler on AKS
+            - name: Use the cluster autoscaler on AKS
               href: cluster-autoscaler.md
         - name: Node autoprovision
           href: node-autoprovision.md
-        - name: Availability Zones
+        - name: Availability zones
           href: availability-zones.md
     - name: Cluster management
       items:
@@ -421,7 +421,7 @@
               href: use-kms-etcd-encryption.md
         - name: Node security
           items:
-            - name: BYOK for disks
+            - name: BYOK for Azure managed disks
               href: azure-disk-customer-managed-keys.md
             - name: Enable host-based encryption
               href: enable-host-encryption.md
diff --git a/articles/aks/azure-disk-customer-managed-keys.md b/articles/aks/azure-disk-customer-managed-keys.md
@@ -1,14 +1,14 @@
 ---
-title: Use a customer-managed key to encrypt Azure disks in Azure Kubernetes Service (AKS)
-description: Bring your own keys (BYOK) to encrypt AKS OS and Data disks.
+title: Use a customer-managed key to encrypt Azure managed disks in Azure Kubernetes Service (AKS)
+description: Bring your own keys (BYOK) to encrypt managed OS and data disks in AKS.
 ms.topic: article
 ms.custom: devx-track-azurecli, linux-related-content
-ms.date: 11/24/2023
+ms.date: 02/01/2024
 ---
 
-# Bring your own keys (BYOK) with Azure disks in Azure Kubernetes Service (AKS)
+# Bring your own keys (BYOK) with Azure managed disks in Azure Kubernetes Service (AKS)
 
-Azure Storage encrypts all data in a storage account at rest. By default, data is encrypted with Microsoft-managed keys. For more control over encryption keys, you can supply customer-managed keys to use for encryption at rest for both the OS and data disks for your AKS clusters.
+Azure encrypts all data in a managed disk at rest. By default, data is encrypted with Microsoft-managed keys. For more control over encryption keys, you can supply customer-managed keys to use for encryption at rest for both the OS and data disks for your AKS clusters.
 
 Learn more about customer-managed keys on [Linux][customer-managed-keys-linux] and [Windows][customer-managed-keys-windows].
 
@@ -21,9 +21,9 @@ Learn more about customer-managed keys on [Linux][customer-managed-keys-linux] a
 
 ## Limitations
 
-* Encryption of OS disk with customer-managed keys can only be enabled when creating an AKS cluster.
+* Encryption of an OS disk with customer-managed keys can only be enabled when creating an AKS cluster.
 * Virtual nodes are not supported.
-* When encrypting ephemeral OS disk-enabled node pool with customer-managed keys, if you want to rotate the key in Azure Key Vault, you need to:
+* When encrypting an ephemeral OS disk-enabled node pool with customer-managed keys, if you want to rotate the key in Azure Key Vault, you need to:
 
    * Scale down the node pool count to 0
    * Rotate the key
