Merge pull request #282094 from markingmyname/tam

[MySQL] Replace image

Author: v-shils

articles/mysql/flexible-server/how-to-data-encryption-portal.md

@@ -3,16 +3,16 @@ title: Set up data encryption by using the Azure portal
 description: Learn how to set up and manage data encryption for Azure Database for MySQL - Flexible Server by using the Azure portal.
 author: SudheeshGH
 ms.author: sunaray
-ms.reviewer: maghan
-ms.date: 06/18/2024
+ms.reviewer: maghan, talawren
+ms.date: 07/29/2024
 ms.service: mysql
 ms.subservice: flexible-server
 ms.topic: how-to
 ---
 
 # Data encryption for Azure Database for MySQL - Flexible Server by using the Azure portal
 
-[!INCLUDE[applies-to-mysql-flexible-server](../includes/applies-to-mysql-flexible-server.md)]
+[!INCLUDE [applies-to-mysql-flexible-server](../includes/applies-to-mysql-flexible-server.md)]
 
 This tutorial shows you how to set up and manage data encryption for Azure Database for MySQL flexible server.
 
@@ -25,8 +25,6 @@ In this tutorial, you learn how to:
   > [!NOTE]  
   > Azure key vault access configuration now supports two types of permission models - [Azure role-based access control](../../role-based-access-control/overview.md) and [Vault access policy](../../key-vault/general/assign-access-policy.md). The tutorial describes configuring data encryption for Azure Database for MySQL flexible server using Vault access policy. However, you can choose to use Azure RBAC as permission model to grant access to Azure Key Vault. To do so, you need any built-in or custom role that has below three permissions and assign it through "role assignments" using Access control (IAM) tab in the keyvault: a) KeyVault/vaults/keys/wrap/action b) KeyVault/vaults/keys/unwrap/action c) KeyVault/vaults/keys/read. For Azure key vault managed HSM, you will also need to assign the "Managed HSM Crypto Service Encryption User" role assignment in RBAC.
 
-
-
 ## Prerequisites
 
 - An Azure account with an active subscription.
@@ -39,13 +37,13 @@ In this tutorial, you learn how to:
 
 1. In Key Vault, select **Access policies**, and then select **Create**.
 
-    :::image type="content" source="media/how-to-data-encryption-portal/1-mysql-key-vault-access-policy.jpeg" alt-text="Screenshot of Key Vault Access Policy in the Azure portal.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/1-mysql-key-vault-access-policy.jpeg" alt-text="Screenshot of Key Vault Access Policy in the Azure portal." lightbox="media/how-to-data-encryption-portal/1-mysql-key-vault-access-policy.jpeg":::
 
 1. On the **Permissions** tab, select the following **Key permissions - Get** , **List** , **Wrap Key** , **Unwrap Key**.
 
 1. On the **Principal** tab, select the User-assigned Managed Identity.
 
-    :::image type="content" source="media/how-to-data-encryption-portal/2-mysql-principal-tab.jpeg" alt-text="Screenshot of the principal tab in the Azure portal.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/2-mysql-principal-tab.jpeg" alt-text="Screenshot of the principal tab in the Azure portal." lightbox="media/how-to-data-encryption-portal/2-mysql-principal-tab.jpeg":::
 
 1. Select **Create**.
 
@@ -55,17 +53,17 @@ To set up the customer managed key, perform the following steps.
 
 1. In the portal, navigate to your Azure Database for MySQL flexible server instance, and then, under **Security** , select **Data encryption**.
 
-    :::image type="content" source="media/how-to-data-encryption-portal/3-mysql-data-encryption.jpeg" alt-text="Screenshot of the data encryption page.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/3-mysql-data-encryption.jpeg" alt-text="Screenshot of the data encryption page." lightbox="media/how-to-data-encryption-portal/3-mysql-data-encryption.jpeg":::
 
 1. On the **Data encryption** page, under **No identity assigned** , select **Change identity** ,
 
 1. In the **Select user assigned**** managed identity **dialog box, select the** demo-umi **identity, and then select** Add**.
 
-    :::image type="content" source="media/how-to-data-encryption-portal/4-mysql-assigned-managed-identity-demo-uni.jpeg" alt-text="Screenshot of selecting the demo-umi from the assigned managed identity page.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/4-mysql-assigned-managed-identity-demo-uni.jpeg" alt-text="Screenshot of selecting the demo-umi from the assigned managed identity page." lightbox="media/how-to-data-encryption-portal/4-mysql-assigned-managed-identity-demo-uni.jpeg":::
 
 1. To the right of **Key selection method** , either **Select a key** and specify a key vault and key pair, or select **Enter a key identifier**.
 
-    :::image type="content" source="media/how-to-data-encryption-portal/5-mysql-select-key.jpeg" alt-text="Screenshot of the Select Key page in the Azure portal.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/5-mysql-configure-encryption-marked.png" alt-text="Screenshot of key selection method to show user." lightbox="media/how-to-data-encryption-portal/5-mysql-configure-encryption-marked.png":::
 
 1. Select **Save**.
 
@@ -76,32 +74,29 @@ To use data encryption as part of a restore operation, perform the following ste
 1. In the Azure portal, on the navigate Overview page for your server, select **Restore**.
     1. On the **Security** tab, you specify the identity and the key.
 
-        :::image type="content" source="media/how-to-data-encryption-portal/6-mysql-navigate-overview-page.jpeg" alt-text="Screenshot of overview page.":::
+        :::image type="content" source="media/how-to-data-encryption-portal/6-mysql-navigate-overview-page.jpeg" alt-text="Screenshot of overview page." lightbox="media/how-to-data-encryption-portal/6-mysql-navigate-overview-page.jpeg":::
 
 1. Select **Change identity** and select the **User assigned managed identity** and select on **Add**
 **To select the Key** , you can either select a **key vault** and **key pair** or enter a **key identifier**
 
-    :::image type="content" source="media/how-to-data-encryption-portal/7-mysql-change-identity.jpeg" alt-text="SCreenshot of the change identity page.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/7-mysql-change-identity.jpeg" alt-text="SCreenshot of the change identity page." lightbox="media/how-to-data-encryption-portal/7-mysql-change-identity.jpeg":::
 
 ## Use Data encryption for replica servers
 
 After your Azure Database for MySQL flexible server instance is encrypted with a customer's managed key stored in Key Vault, any newly created copy of the server is also encrypted.
 
 1. To configuration replication, under **Settings** , select **Replication** , and then select **Add replica**.
 
-    :::image type="content" source="media/how-to-data-encryption-portal/8-mysql-replication.jpeg" alt-text="Screenshot of the Replication page.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/8-mysql-replication.jpeg" alt-text="Screenshot of the Replication page." lightbox="media/how-to-data-encryption-portal/8-mysql-replication.jpeg":::
 
 1. In the Add Replica server to Azure Database for MySQL dialog box, select the appropriate **Compute + storage** option, and then select **OK**.
 
-    :::image type="content" source="media/how-to-data-encryption-portal/9-mysql-compute-storage.jpeg" alt-text="Screenshot of the Compute + Storage page.":::
+    :::image type="content" source="media/how-to-data-encryption-portal/9-mysql-compute-storage.jpeg" alt-text="Screenshot of the Compute + Storage page." lightbox="media/how-to-data-encryption-portal/9-mysql-compute-storage.jpeg":::
 
     > [!IMPORTANT]  
     > When trying to encrypt Azure Database for MySQL flexible server with a customer managed key that already has a replica(s), we recommend configuring the replica(s) as well by adding the managed identity and key.
 
-## Next steps
+## Related content
 
 - [Customer managed keys data encryption](concepts-customer-managed-key.md)
-
 - [Data encryption with Azure CLI](how-to-data-encryption-cli.md)
-
-