cleanup for cmk cross tenant release

Author: b-ahibbard

articles/azure-netapp-files/configure-customer-managed-keys.md

@@ -5,8 +5,8 @@ services: azure-netapp-files
 author: b-ahibbard
 ms.service: azure-netapp-files
 ms.topic: how-to
-ms.custom: references_regions, devx-track-azurecli, devx-track-azurepowershell
-ms.date: 04/18/2025
+ms.custom: devx-track-azurecli, devx-track-azurepowershell
+ms.date: 04/23/2025
 ms.author: anfdocs
 ---
 
@@ -26,6 +26,8 @@ The following diagram demonstrates how customer-managed keys work with Azure Net
     Customer-managed keys don't affect performance of Azure NetApp Files. Its only difference from platform-managed keys is how the key is managed.
 1. For read/write operations, Azure NetApp Files sends requests to Azure Key Vault to unwrap the account encryption key to perform encryption and decryption operations.
 
+Cross-tenant customer-managed keys is available in all Azure NetApp Files supported regions.
+
 ## Considerations
 
 * To create a volume using customer-managed keys, you must select the *Standard* network features. You can't use customer-managed key volumes with volume configured using Basic network features. Follow instructions in to [Set the Network Features option](configure-network-features.md#set-the-network-features-option) in the volume creation page.
@@ -38,57 +40,6 @@ The following diagram demonstrates how customer-managed keys work with Azure Net
 * Azure NetApp Files supports customer-managed keys on source and data replication volumes with cross-region replication or cross-zone replication relationships.
 * Applying Azure network security groups (NSG) on the private link subnet to Azure Key Vault is supported for Azure NetApp Files customer-managed keys. NSGs don’t affect connectivity to private links unless a private endpoint network policy is enabled on the subnet.
 
-## Supported regions
-
-Azure NetApp Files customer-managed keys is supported for the following regions:
-
-* Australia Central
-* Australia Central 2
-* Australia East
-* Australia Southeast
-* Brazil South
-* Brazil Southeast
-* Canada Central
-* Canada East
-* Central India
-* Central US
-* East Asia
-* East US
-* East US 2
-* France Central
-* Germany North
-* Germany West Central
-* Israel Central
-* Italy North
-* Japan East
-* Japan West
-* Korea Central
-* Korea South
-* North Central US
-* North Europe
-* Norway East
-* Norway West
-* Qatar Central
-* South Africa North
-* South Central US
-* South India
-* Southeast Asia
-* Spain Central
-* Sweden Central
-* Switzerland North
-* Switzerland West 
-* UAE Central
-* UAE North
-* UK South
-* UK West
-* US Gov Arizona
-* US Gov Texas
-* US Gov Virginia
-* West Europe
-* West US
-* West US 2
-* West US 3
-
 ## Requirements
 
 Before creating your first customer-managed key volume, you must set up:

articles/azure-netapp-files/customer-managed-keys-cross-tenant.md

@@ -5,16 +5,16 @@ services: azure-netapp-files
 author: b-ahibbard
 ms.service: azure-netapp-files
 ms.topic: how-to
-## ms.custom: references_regions
-ms.date: 12/19/2024
+ms.custom: devx-track-azurecli, devx-track-azurepowershell
+ms.date: 04/23/2025
 ms.author: anfdocs
 ---
 
 # Configure cross-tenant customer-managed keys for Azure NetApp Files volume encryption (preview)
 
 Cross-tenant customer-managed keys (CMK) for Azure NetApp Files volume encryption allows service providers based on Azure to offer [customer-managed key encryption](configure-customer-managed-keys.md). In the cross-tenant scenario, the NetApp account resides in a tenant managed by an independent software vendor, while the key used for encryption of volumes in that NetApp account resides in a key vault in a tenant that you manage.
 
-Cross-tenant CMK is supported in all regions where Azure NetApp Files is supported. 
+Cross-tenant customer-managed keys is available in all Azure NetApp Files supported regions.
 
 ## Understand cross-tenant customer-managed keys
 
@@ -32,60 +32,8 @@ Following these steps, you install the service provider's application in your te
 
 With these three parameters, the service provider provisions Azure resources in tenant 1 that can be encrypted with the customer-managed key in tenant 2. 
 
-
-<!--
-## Supported regions 
-
-Azure NetApp Files cross-tenant customer-managed keys for volume encryption is supported for the following regions:
-
-- Australia Central 
-- Australia Central 2 
-- Australia East 
-- Australia Southeast 
-- Brazil South 
-- Brazil Southeast 
-- Canada Central 
-- Canada East 
-- Central India 
-- Central US 
-- East Asia 
-- East US 
-- East US 2 
-- France Central 
-- Germany North 
-- Germany West Central 
-- Israel Central 
-- Italy North 
-- Japan East 
-- Japan West 
-- Korea Central 
-- Korea South 
-- North Central US 
-- North Europe 
-- Norway East 
-- Norway West 
-- Qatar Central 
-- South Africa North 
-- South Central US 
-- South India 
-- Southeast Asia 
-- Spain Central 
-- Sweden Central 
-- Switzerland North 
-- Switzerland West 
-- UAE Central 
-- UAE North 
-- UK South 
-- UK West 
-- West Europe 
-- West US 
-- West US 2 
-- West US 3 
--->
-
 ## Register the feature 
 
-
 This feature is currently in preview. You need to register the feature before using it for the first time. After registration, the feature is enabled and works in the background. No UI control is required. 
 
 1. Register the feature: 
@@ -106,9 +54,9 @@ You can also use [Azure CLI commands](/cli/azure/feature) `az feature register`
 
 ## Configure cross-tenant customer-managed keys for Azure NetApp Files 
 
-Cross-tenant CMK is currently only supported for the REST API. 
+The configuration process for cross-tenant customer-managed keys has portions that can only be completed using the REST API and Azure CLI. 
 
-##  Configure a NetApp account to use a key from a vault in another tenant.
+##  Configure a NetApp account to use a key from a vault in another tenant
 
 1. Create the application registration. 
     1. Navigate to Microsoft Entra ID in the Azure portal
@@ -133,7 +81,7 @@ Cross-tenant CMK is currently only supported for the REST API.
     1. Choose **Select a managed identity**. From the pane, select the subscription. Under **Managed identity**, select **User-assigned managed identity**. In the Select box, search for the managed identity you created earlier, then choose **Select** at the bottom of the pane.
     1. Under Credential details, provide a name and optional description for the credential. Select **Add**.
 1. Create a private endpoint to your key vault:
-    1. Have the customer share the full Azure ResourceId of their Key Vault. <!-- huh? -->
+    1. Share the full Azure ResourceId of their Key Vault. <!-- huh? -->
     1. Navigate to **Private Endpoints**.
     1. Select **+ Create**.
     1. Choose your subscription and resource group, and enter a name for the Private Endpoint, then select **Next > Resource**.
@@ -147,9 +95,9 @@ Cross-tenant CMK is currently only supported for the REST API.
 ### Authorize access to the key vault 
 
 1. Install the service provider application in the customer tenant
-    1. Get the Admin Consent URL from the provider for their cross-tenant application. In our example the URL would look like: `https://login.microsoftonline.com/<tenant1 tenantId>/adminconsent/client_id=<client/application ID for the cross tenant-application>`. This opens a login page where you enter your credentials. Once you enter your credentials, you may see an error stating there's no redirect URL configured. This is OK.
+    1. Get the Admin Consent URL from the provider for their cross-tenant application. In our example the URL would look like: `https://login.microsoftonline.com/<tenant1-tenantId>/adminconsent/client_id=<client/application ID for the cross tenant-application>`. This opens a login page where you enter your credentials. Once you enter your credentials, you may see an error stating there's no redirect URL configured; this is OK.
 1. Grant the service provider application access to the key vault. 
-    1. Navigate to your key vault. Select Access Control (IAM) from the left pane.  
+    1. Navigate to your key vault. Select **Access Control (IAM)** from the left pane.  
     1. Under Grant access to this resource, select **Add role assignment**. 
     1. Search for then select **Key Vault Crypto User**. 
     1. Under Members, select **User, group, or service principal**. 
@@ -162,10 +110,13 @@ Cross-tenant CMK is currently only supported for the REST API.
 
 ### Configure the NetApp account to use your keys 
 
-1. You must use the `az rest` command to configure your NetApp account to use CMK in a different tenant. Issue the following command: 
+>[!NOTE]
+>Using the `az rest` command is the only supported way to to configure your NetApp account to use CMK in a different tenant.
+
+1. With the `az rest` command, configure the NetApp account to use CMK in a different tenant:  
 
     ```azurecli
-    az rest --method put --uri "/subscriptions/<subscription Id>/resourceGroups/<resource group name>/providers/Microsoft.NetApp/netAppAccounts/<NetApp Account name>?api-version=2024-01-01-preview" --body 
+    az rest --method put --uri "/subscriptions/<subscription Id>/resourceGroups/<resourceGroupName>/providers/Microsoft.NetApp/netAppAccounts/<NetAppAccountName>?api-version=2024-01-01-preview" --body 
     '{  \"properties\":
         {    \"encryption\":
             {      \"keySource\": \"Microsoft.KeyVault\",   \"keyVaultProperties\":    
@@ -186,10 +137,12 @@ Cross-tenant CMK is currently only supported for the REST API.
     ```
     Once you have sent the `az rest` command, your NetApp Account has been successfully configured with cross-tenant CMK. 
 
-
 ### Create a volume 
 
-1. To create a volume using cross-tenant CMK, you must use the Azure CLI. Issue the following command: 
+>[!NOTE]
+>To create a volume using cross-tenant CMK, you must use the Azure CLI.
+
+1. Create the volume using the CLI: 
 
 ```azurecli
 az netappfiles volume create -g <resource group name> --account-name <NetApp account name> --pool-name <pool name> --name <volume name> -l southcentralus --service-level premium --usage-threshold 100 --file-path "<file path>" --vnet <virtual network name> --subnet default --network-features Standard --encryption-key-source Microsoft.KeyVault --kv-private-endpoint-id <full resource ID to the private endpoint to the customer's vault> --debug 

articles/azure-netapp-files/whats-new.md

@@ -6,22 +6,20 @@ author: b-hchen
 ms.service: azure-netapp-files
 ms.custom: linux-related-content
 ms.topic: overview
-ms.date: 04/16/2025
+ms.date: 04/23/2025
 ms.author: anfdocs
 ---
 
 # What's new in Azure NetApp Files
 
 Azure NetApp Files is updated regularly. This article provides a summary about the latest new features and enhancements.
 
-* [Cross-tenant customer-managed keys for Azure NetApp Files volume encryption](customer-managed-keys-cross-tenant.md) (preview)
-
+## April 2025
 
-    Cross-tenant customer-managed keys enables you to manage you own keys across different tenancies. In scenarios such as ISP/user configurations, it ensures that the end user retains full control of their keys, rather than the ISP. This capability grants SaaS providers with flexibility to offer customizable key management options.
+* [Cross-tenant customer-managed keys for Azure NetApp Files volume encryption](customer-managed-keys-cross-tenant.md) (preview)
 
-    <!-- It is available in all CMK regions. This feature is currently in preview. -->
 
-## April 2025
+    Cross-tenant customer-managed keys for Azure NetApp Files volume encryption enables you to manage your own keys across different tenancies. In scenarios such as SaaS provider/user configurations, this feature ensures the end user retains full control of their keys rather than the SaaS provider. This capability provides SaaS providers with the flexibility to offer customers customizable key management options. This feature is available in all Azure NetApp Files supported regions. This feature is currently in preview. 
 
 * [New volume usage metrics:](azure-netapp-files-metrics.md#volumes) Volume Inodes Quota, Volume Inodes Total, Volume Inodes Used