Update customer-managed keys section in documentation

staleycyn · web-flow · commit 198bed1998b5 · 2026-03-31T09:31:37.000-07:00
Added information about customer-managed keys storage and compliance.
diff --git a/learn-pr/wwl-azure/configure-storage-security/includes/6-create-customer-managed-keys.md b/learn-pr/wwl-azure/configure-storage-security/includes/6-create-customer-managed-keys.md
@@ -12,6 +12,8 @@ Consider the following characteristics of customer-managed keys.
 
 - Customer-managed keys can be used with Azure Storage encryption. You can use a new key or an existing key vault and key. The Azure storage account and the key vault must be in the same region, but they can be in different subscriptions.
 
+- Customer-managed keys are stored in a customer-owned Azure Key Vault or Azure Key Vault Managed HSM. Managed HSM provides FIPS 140-2 Level 3 validation for organizations with the highest compliance requirements.
+
 ## Configure customer-managed keys
 
 In the Azure portal, you can configure customer-managed encryption keys. You can create your own keys, or you can have the keys managed by Microsoft. Consider how you might use Azure Key Vault to create your own customer-managed encryption keys.
@@ -24,4 +26,4 @@ In the Azure portal, you can configure customer-managed encryption keys. You can
 
 
 > [!TIP]
-> Expand your understanding of storage security in the [*Plan and implement security for storage*](/training/modules/security-storage/) training module.
+> Expand your understanding of storage security in the [*Plan and implement security for storage*](/training/modules/security-storage/) training module.
