My idea is to re-word one of the lines in this article: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview
There is a line that says, "Certificate Management - Azure Key Vault is also a service that lets you easily provision, manage, and deploy public and private Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates for use with Azure and your internal connected resources"
But this is incorrect. AKV does NOT provision certificates. "Provision" is a term in PKI that suggests accepting CSRs, signing them, thereby creating a certificate. AKV doe NOT accept CSRs and create certificates. But the article, by using that terminology, suggests that it does. To "deploy" a certificate from AKV, the certificate needs to have been provisioned by a Certification Authority and then stored in the AKV.
Please minimize the confusion about AKV by re-wording this section