Update configure-customer-managed-key.md

EldertGrootenboer · web-flow · commit f6a5bd87715c · 2025-01-31T13:18:01.000-08:00
diff --git a/articles/service-bus-messaging/configure-customer-managed-key.md b/articles/service-bus-messaging/configure-customer-managed-key.md
@@ -33,10 +33,20 @@ To enable customer-managed keys in the Azure portal, follow these steps:
 
 After you enable customer-managed keys, you need to associate the customer managed key with your Azure Service Bus namespace. Service Bus supports only Azure Key Vault. If you enable the **Encryption with customer-managed key** option in the previous section, you need to have the key imported into Azure Key Vault. Also, the keys must have **Soft Delete** and **Do Not Purge** configured for the key. These settings can be configured using [PowerShell](/azure/key-vault/general/key-vault-recovery) or [CLI](/azure/key-vault/general/key-vault-recovery).
 
-1. To create a new key vault, follow the Azure Key Vault [Quickstart](/azure/key-vault/general/overview). For more information about importing existing keys, see [About keys, secrets, and certificates](/azure/key-vault/general/about-keys-secrets-certificates).
+# [Key Vault](#tab/Key-Vault)
+        
+1. To create a new Key Vault, follow the Azure Key Vault [Quickstart](/azure/key-vault/general/quick-create-cli).
+        
+# [Key Vault Managed HSM](#tab/Key-Vault-Managed-HSM)
 
-    > [!IMPORTANT]
-    > Using customer-managed keys with Azure Service Bus requires that the key vault have two required properties configured. They are:  **Soft Delete** and **Do Not Purge**. The Soft Delete property is enabled by default when you create a new key vault in the Azure portal whereas the Purge Protection is optional so make sure to select it when creating the Key Vault. Also, if you need to enable these properties on an existing key vault, you must use either PowerShell or Azure CLI.
+1. To create a new Managed HSM, follow the Managed HSM [Quickstart](/azure/key-vault/managed-hsm/quick-create-cli).
+
+---
+
+For more information about importing existing keys, see [About keys, secrets, and certificates](/azure/key-vault/general/about-keys-secrets-certificates).
+
+> [!IMPORTANT]
+> Using customer-managed keys with Azure Service Bus requires that the vault have two required properties configured. They are:  **Soft Delete** and **Do Not Purge**. The Soft Delete property is enabled by default when you create a new vault in the Azure portal whereas the Purge Protection is optional so make sure to select it when creating the vault. Also, if you need to enable these properties on an existing key vault, you must use either PowerShell or Azure CLI.
 
 # [Key Vault](#tab/Key-Vault)
         
