Merge pull request #4426 from aliceku/patch-2

GitHubber17 · web-flow · commit 0432d4a6699e · 2018-01-03T12:21:01.000-08:00
Update transparent-data-encryption-azure-sql.md
diff --git a/docs/relational-databases/security/encryption/transparent-data-encryption-azure-sql.md b/docs/relational-databases/security/encryption/transparent-data-encryption-azure-sql.md
@@ -41,9 +41,9 @@ Microsoft also seamlessly moves and manages the keys as needed for Geo-replicati
 > All newly created SQL databases are encrypted by default using service-managed TDE. Existing databases before May 2017 and databases created through restore, geo-replication, and database copy are not encrypted by default.
 >
 
-## Bring Your Own Key
+## Bring Your Own Key (Preview)
 
-Bring Your Own Key (BYOK) support allows the user to take control over their TDE encryption keys and control who can access them and when. Azure Key Vault (AKV), which is Azure’s cloud-based external key management system, is the first key management service that TDE has integrated with for BYOK support. With BYOK, the database encryption key is protected by an asymmetric key stored in AKV. The asymmetric key never leaves Key Vault; once the server has permissions to a key vault, the server sends basic key operation requests to it through the Key Vault service. The asymmetric key is set at the server level and inherited by all databases under that server. 
+Bring Your Own Key (BYOK) (in preview) support allows the user to take control over their TDE encryption keys and control who can access them and when. Azure Key Vault (AKV), which is Azure’s cloud-based external key management system, is the first key management service that TDE has integrated with for BYOK support. With BYOK, the database encryption key is protected by an asymmetric key stored in AKV. The asymmetric key never leaves Key Vault; once the server has permissions to a key vault, the server sends basic key operation requests to it through the Key Vault service. The asymmetric key is set at the server level and inherited by all databases under that server. 
 With BYOK support, users can now control key management tasks including key rotations, key vault permissions, deleting keys, and enable auditing/reporting on all encryption keys. Key Vault provides central key management, leverages tightly monitored hardware security modules (HSMs), and promotes separation of management of keys and data to help meet regulatory compliances. To learn more about Key Vault, visit the [Key Vault documentation page](https://docs.microsoft.com/azure/key-vault/key-vault-secure-your-key-vault).
 
 To learn more about TDE with BYOK support for Azure SQL Database and Data Warehouse, see [Transparent Data Encryption with Bring Your Own Key support](transparent-data-encryption-byok-azure-sql.md).

Original file line number	Diff line number	Diff line change
`@@ -41,9 +41,9 @@ Microsoft also seamlessly moves and manages the keys as needed for Geo-replicati`
`41`	`41`	`> All newly created SQL databases are encrypted by default using service-managed TDE. Existing databases before May 2017 and databases created through restore, geo-replication, and database copy are not encrypted by default.`
`42`	`42`	`>`
`43`	`43`
`44`		`-## Bring Your Own Key`
	`44`	`+## Bring Your Own Key (Preview)`
`45`	`45`
`46`		-Bring Your Own Key (BYOK) support allows the user to take control over their TDE encryption keys and control who can access them and when. Azure Key Vault (AKV), which is Azure’s cloud-based external key management system, is the first key management service that TDE has integrated with for BYOK support. With BYOK, the database encryption key is protected by an asymmetric key stored in AKV. The asymmetric key never leaves Key Vault; once the server has permissions to a key vault, the server sends basic key operation requests to it through the Key Vault service. The asymmetric key is set at the server level and inherited by all databases under that server.
	`46`	+Bring Your Own Key (BYOK) (in preview) support allows the user to take control over their TDE encryption keys and control who can access them and when. Azure Key Vault (AKV), which is Azure’s cloud-based external key management system, is the first key management service that TDE has integrated with for BYOK support. With BYOK, the database encryption key is protected by an asymmetric key stored in AKV. The asymmetric key never leaves Key Vault; once the server has permissions to a key vault, the server sends basic key operation requests to it through the Key Vault service. The asymmetric key is set at the server level and inherited by all databases under that server.
`47`	`47`	With BYOK support, users can now control key management tasks including key rotations, key vault permissions, deleting keys, and enable auditing/reporting on all encryption keys. Key Vault provides central key management, leverages tightly monitored hardware security modules (HSMs), and promotes separation of management of keys and data to help meet regulatory compliances. To learn more about Key Vault, visit the [Key Vault documentation page](https://docs.microsoft.com/azure/key-vault/key-vault-secure-your-key-vault).
`48`	`48`
`49`	`49`	`To learn more about TDE with BYOK support for Azure SQL Database and Data Warehouse, see [Transparent Data Encryption with Bring Your Own Key support](transparent-data-encryption-byok-azure-sql.md).`