Updated to clarify encryption availability, acrolinx

flang-msft · flang-msft · commit e77e3a8c6055 · 2025-07-09T14:33:28.000-07:00
diff --git a/articles/azure-cache-for-redis/cache-how-to-encryption.md b/articles/azure-cache-for-redis/cache-how-to-encryption.md
@@ -1,15 +1,11 @@
 ---
 title: Configure disk encryption in Azure Cache for Redis
 description: Learn about disk encryption when using Azure Cache for Redis.
-
-
-
 ms.topic: how-to
-ms.date: 02/28/2024
+ms.date: 07/09/2025
 appliesto:
   - ✅ Azure Cache for Redis
 
-
 ---
 
 # Configure disk encryption for Azure Cache for Redis instances using customer managed keys
@@ -20,13 +16,13 @@ Azure Cache for Redis offers platform-managed keys (PMKs), also know as Microsof
 
 ## Scope of availability for CMK disk encryption
 
-| Tier | Basic, Standard, Premium  | Enterprise, Enterprise Flash  |
-|:-:|---------|---------------|
-|Microsoft managed keys (MMK) | Yes   | Yes             |
-|Customer managed keys (CMK) | No     |  Yes            |
+| Tier                          | Basic*, Standard*, Premium                                                                     | Enterprise, Enterprise Flash |
+|:-----------------------------:|------------------------------------------------------------------------------------------------|------------------------------|
+| Microsoft managed keys (MMK) | In most cache sizes. Disk encryption isn't supported for Basic and Standard sizes C0 and C1.      | Yes                          |
+| Customer managed keys (CMK)  | No                                                                                             | Yes                          |
 
 > [!WARNING]
-> By default, all Azure Cache for Redis tiers use Microsoft managed keys to encrypt disks mounted to cache instances. However, in the Basic and Standard tiers, the C0 and C1 SKUs do not support any disk encryption.
+> By default, all Azure Cache for Redis tiers use Microsoft managed keys to encrypt disks mounted to cache instances. However, in the Basic and Standard tiers, the C0 and C1 SKUs don't support any disk encryption.
 >
 
 > [!IMPORTANT]
@@ -47,22 +43,22 @@ MMK is used to encrypt these disks by default, but CMK can also be used.
 
 In the **Enterprise Flash** tier, keys and values are also partially stored on-disk using nonvolatile memory express (NVMe) flash storage. However, this disk isn't the same as the one used for persisted data. Instead, it's ephemeral, and data isn't persisted after the cache is stopped, deallocated, or rebooted. MMK is only supported on this disk because this data is transient and ephemeral.
 
-| Data stored |Disk    |Encryption Options |
-|-------------------|------------------|-------------------|
-|Persistence files | Persistence disk | MMK or CMK |
-|RDB files waiting to be exported | OS disk and Persistence disk | MMK or CMK |
-|Keys & values (Enterprise Flash tier only) | Transient NVMe disk | MMK |
+| Data stored                                    | Disk                          | Encryption Options |
+|------------------------------------------------|-------------------------------|--------------------|
+| Persistence files                              | Persistence disk              | MMK or CMK         |
+| RDB files waiting to be exported               | OS disk and Persistence disk  | MMK or CMK         |
+| Keys & values (Enterprise Flash tier only)    | Transient NVMe disk           | MMK                |
 
 ### Other tiers
 
-In the **Basic, Standard, and Premium** tiers, the OS disk is encrypted by default using MMK. There's no persistence disk mounted and Azure Storage is used instead. The C0 and C1 SKUs do not use disk encryption.
+In the **Basic, Standard, and Premium** tiers, the OS disk is encrypted by default using MMK. There's no persistence disk mounted and Azure Storage is used instead. The C0 and C1 SKUs don't use disk encryption.
 
 ## Prerequisites and limitations
 
 ### General prerequisites and limitations
 
 - Disk encryption isn't available in the Basic and Standard tiers for the C0 or C1 SKUs
-- Only user assigned managed identity is supported to connect to Azure Key Vault. System assigned managed identity is not supported.
+- Only user assigned managed identity is supported to connect to Azure Key Vault. System assigned managed identity isn't supported.
 - Changing between MMK and CMK on an existing cache instance triggers a long-running maintenance operation. We don't recommend this for production use because a service disruption occurs.
 
 ### Azure Key Vault prerequisites and limitations
@@ -100,13 +96,13 @@ In the **Basic, Standard, and Premium** tiers, the OS disk is encrypted by defau
 
 1. If using the **URI** input method, enter the Key Identifier URI for your chosen key from Azure Key Vault.  
 
-1. When you've entered all the information for your cache, select **Review + create**.
+1. When you enter all the information for your cache, select **Review + create**.
 
 ### Add CMK encryption to an existing Enterprise cache
 
 1. Go to the **Encryption** in the Resource menu of your cache instance. If CMK is already set up, you see the key information.
 
-1. If you haven't set up or if you want to change CMK settings, select **Change encryption settings**
+1. If you haven't set up CMK or want to change CMK settings, select **Change encryption settings**.
    :::image type="content" source="media/cache-how-to-encryption/cache-encryption-existing-use.png" alt-text="Screenshot encryption selected in the Resource menu for an Enterprise tier cache.":::
 
 1. Select **Use a customer-managed key** to see your configuration options.
@@ -133,3 +129,4 @@ Learn more about Azure Cache for Redis features:
 
 - [Data persistence](cache-how-to-premium-persistence.md)
 - [Import/Export](cache-how-to-import-export-data.md)
+- [Import/Export](cache-how-to-import-export-data.md)
