port PR 7150

Author: HeidiSteen

articles/search/search-create-service-portal.md

@@ -1,14 +1,14 @@
 ---
 title: 'Create a Search Service in the Azure Portal'
 titleSuffix: Azure AI Search
-description: Learn how to set up an Azure AI Search resource in the Azure portal. Choose resource groups, regions, and a pricing tier.
+description: Learn how to set up an Azure AI Search service in the Azure portal. Choose a resource group, region, and pricing tier.
 manager: nitinme
 author: haileytap
 ms.author: haileytapia
 ms.service: azure-ai-search
 ms.update-cycle: 180-days
 ms.topic: how-to
-ms.date: 08/08/2025
+ms.date: 09/25/2025
 ms.custom:
   - references_regions
   - build-2024
@@ -41,7 +41,7 @@ Some properties are fixed for the lifetime of the search service. Before you cre
 | [Name](#name-your-service) | Becomes part of the URL endpoint. The name must be unique and follow naming rules. |
 | [Region](search-region-support.md) | Determines data residency and availability of certain features. For example, semantic ranker and Azure AI integration have region requirements. Choose a region that supports the features you need. |
 | [Tier](search-sku-tier.md) | Determines infrastructure, service limits, and billing. Some features aren't available on lower or specialized tiers. After you create your service, you can [switch between Basic and Standard (S1, S2, and S3) tiers](search-capacity-planning.md#change-your-pricing-tier). |
-
+| [Compute type](search-security-overview.md#data-in-use) | Determines virtualization and security model. You can choose between standard VMs (recommended) and confidential VMs, which are intended for select workloads requiring data-in-use privacy and isolation. |
 ## Subscribe to Azure
 
 Azure AI Search requires a free or Standard Azure subscription.
@@ -141,6 +141,16 @@ The Basic and Standard tiers are the most common for production workloads, but m
 > [!NOTE]
 > Services created after April 3, 2024 have larger partitions and higher vector quotas at every billable tier.
 
+## Choose a compute type
+
+The compute type determines the virtualization and security model used to deploy your search service. There are two compute types:
+
++ **Default** (base cost) deploys your search service on standard Azure infrastructure, encrypting data at rest and in transit but not in use. Recommended for most search workloads.
+
++ **Confidential** (10% surcharge) uses [Azure confidential computing](/azure/confidential-computing/use-cases-scenarios) to isolate processing in a hardware-based trusted execution environment, protecting unencrypted data in use from unauthorized access. Recommended only if you have advanced privacy, compliance, or regulatory requirements.
+
+Confidential computing has limited regional availability, disables or restricts certain features, and increases the cost of running your search service. For a detailed comparison of both compute types, see [Data in use](search-security-overview.md#data-in-use).
+
 ## Create your service
 
 After providing the necessary inputs, create your search service.

articles/search/search-manage-azure-cli.md

@@ -10,7 +10,7 @@ ms.custom:
   - devx-track-azurecli
   - ignite-2023
 ms.topic: how-to
-ms.date: 08/01/2025
+ms.date: 09/25/2025
 ms.update-cycle: 365-days
 ---
 
@@ -25,6 +25,7 @@ Use the [**az search module**](/cli/azure/search) to perform the following tasks
 > * [Return service information](#get-search-service-information)
 > * [Create or delete a service](#create-or-delete-a-service)
 > * [Create a service with a private endpoint](#create-a-service-with-a-private-endpoint)
+> * [Create a service with confidential computing](#create-a-service-with-confidential-computing)
 > * [Regenerate admin API-keys](#regenerate-admin-keys)
 > * [Create or delete query api-keys](#create-or-delete-query-keys)
 > * [Scale up or down with replicas and partitions](#scale-replicas-and-partitions)
@@ -306,6 +307,23 @@ az search private-endpoint-connection delete \
     --resource-group <search-service-resource-group-name> 
 ```
 
+## Create a service with confidential computing
+
+[Confidential computing](search-security-overview.md#data-in-use) is an optional compute type for data-in-use protection. When configured, your search service is deployed on confidential VMs (DCasv5 or DCesv5) instead of standard VMs. This compute type also incurs a 10% surcharge for billable tiers. For more information, see the [pricing page](https://azure.microsoft.com/pricing/details/search/).
+
+For daily usage, confidential computing isn't necessary. We only recommend this compute type for stringent regulatory, compliance, or security requirements. For more information, see [Confidential computing use cases](/azure/confidential-computing/use-cases-scenarios).
+
+The compute type is fixed for the lifetime of your search service. To permanently configure confidential computing, set the `compute-type` property to `confidential` on a new service.
+
+```azurecli-interactive
+az search service create \
+  --name <search-service-name> \
+  --resource-group <search-service-resource-group-name> \
+  --location <search-service-region> \
+  --sku basic \
+  --compute-type confidential
+```
+
 ## Regenerate admin keys
 
 To roll over admin [API keys](search-security-api-keys.md), use [**az search admin-key renew**](/cli/azure/search/admin-key#az-search-admin-key-renew). Two admin keys are created with each service for authenticated access. Keys are required on every request. Both admin keys are functionally equivalent, granting full write access to a search service with the ability to retrieve any information, or create and delete any object. Two keys exist so that you can use one while replacing the other. 

articles/search/search-manage-rest.md

@@ -8,7 +8,7 @@ ms.service: azure-ai-search
 ms.custom:
   - ignite-2023
 ms.topic: how-to
-ms.date: 08/01/2025
+ms.date: 09/25/2025
 ms.update-cycle: 365-days
 ---
 
@@ -22,6 +22,8 @@ The Management REST API is available in stable and preview versions. Be sure to
 > * [Create or update a service](#create-or-update-a-service)
 > * [Upgrade a service](#upgrade-a-service)
 > * [Change pricing tiers](#change-pricing-tiers)
+> * [Configure role-based access control for data plane](#configure-role-based-access-for-data-plane)
+> * [Configure confidential computing](#configure-confidential-computing)
 > * [Enable Azure role-based access control for data plane](#enable-rbac)
 > * [Enforce a customer-managed key policy](#enforce-cmk)
 > * [Disable semantic ranker](#disable-semantic-ranker)
@@ -239,6 +241,32 @@ PATCH https://management.azure.com/subscriptions/{{subscription-id}}/resourcegro
     }
 ```
 
+## Configure confidential computing
+
+[Confidential computing](search-security-overview.md#data-in-use) is an optional compute type for data-in-use protection. When configured, your search service is deployed on confidential VMs (DCasv5 or DCesv5) instead of standard VMs. This compute type also incurs a 10% surcharge for billable tiers. For more information, see the [pricing page](https://azure.microsoft.com/pricing/details/search/).
+
+For daily usage, confidential computing isn't necessary. We only recommend this compute type for stringent regulatory, compliance, or security requirements. For more information, see [Confidential computing use cases](/azure/confidential-computing/use-cases-scenarios).
+
+The compute type is fixed for the lifetime of your search service. To permanently configure confidential computing, set the `computeType` property to `confidential` on a new service.
+
+```http
+### Configure confidential computing
+@resource-group = PUT-YOUR-RESOURCE-GROUP-NAME-HERE
+@search-service = PUT-YOUR-SEARCH-SERVICE-NAME-HERE
+PUT https://management.azure.com/subscriptions/{{subscription-id}}/resourcegroups/{{resource-group}}/providers/Microsoft.Search/searchServices/{{search-service}}?api-version=2025-05-01  HTTP/1.1
+    Content-type: application/json
+    Authorization: Bearer {{token}}
+    {
+        "location": "{{region}}",
+        "sku": {
+            "name": "basic"
+        },
+        "properties": {
+            "computeType": "confidential"
+        }
+    }
+```
+
 <a name="enforce-cmk"></a>
 
 ## Enforce a customer-managed key policy

articles/search/search-region-support.md

@@ -5,7 +5,7 @@ description: Shows supported regions and feature availability across regions for
 author: haileytap
 ms.author: haileytapia
 manager: nitinme
-ms.date: 08/08/2025
+ms.date: 09/25/2025
 ms.service: azure-ai-search
 ms.topic: conceptual
 ms.custom:
@@ -26,6 +26,7 @@ When you create an Azure AI Search service, your region selection might depend o
 | [AI enrichment](cognitive-search-concept-intro.md) | Refers to [built-in skills](cognitive-search-predefined-skills.md) that make internal calls to Azure AI for enrichment and transformation during indexing. Integration requires that Azure AI Search coexists with an [Azure AI services multi-service account](/azure/ai-services/multi-service-resource#azure-ai-services-resource-for-azure-ai-search-skills) in the same physical region. You can bypass region requirements by using [identity-based connections](cognitive-search-attach-cognitive-services.md#bill-through-a-keyless-connection), currently in public preview. | Regional support is noted in this article. |
 | [Availability zones](/azure/reliability/reliability-ai-search#availability-zone-support) | Divides a region's data centers into distinct physical location groups, providing high availability within the same geo. | Regional support is noted in this article. |
 | [Agentic retrieval](search-agentic-retrieval-concept.md) | Takes a dependency on semantic ranker, which is another premium feature. | Regional support is noted in this article. |
+| [Confidential computing](search-security-overview.md#data-in-use) | Deploys your search service on confidential VMs to process data in a hardware-based trusted execution environment.<p>Confidential computing disables or restricts certain features, including agentic retrieval, semantic ranker, query rewrite, and skillset execution. | Regional support is noted in this article. |
 | [Semantic ranker](semantic-search-overview.md) | Takes a dependency on Microsoft-hosted models in specific regions. | Regional support is noted in this article. |
 | [Query rewrite](semantic-how-to-query-rewrite.md) | Takes a dependency on Microsoft-hosted models in specific regions. | Regional support is noted in this article. |
 | [Extra capacity](search-limits-quotas-capacity.md#service-limits) | Higher-capacity partitions became available in select regions starting in April 2024, with a second wave following in May 2024. Currently, there are just a few regions that *don't* offer higher-capacity partitions.<p>If you have an older search service in a supported region, check if you can [upgrade your service](search-how-to-upgrade.md). Otherwise, create a new search service to benefit from more capacity at the same billing rate. | Regional support is noted in the footnotes of this article. |
@@ -38,96 +39,96 @@ You can create an Azure AI Search service in any of the following Azure public r
 
 ### Americas
 
-| Region | AI enrichment | Availability zones | Agentic retrieval | Semantic ranker | Query rewrite |
-|--|--|--|--|--|--|
-| Brazil South​​ ​| ✅ |  | ✅ | ✅ | ✅ |
-| Canada Central​​ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| Canada East​​ ​|  |  | ✅ | ✅ |  |
-| ​Central US​​ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| East US​ | ✅ | ✅ | ✅ | ✅ |  |
-| East US 2 | ✅ | ✅ | ✅ | ✅ | ✅ |
-| Mexico Central |  | ✅ |  |  |  |
-| North Central US​ ​| ✅ |  | ✅ | ✅ | ✅ |
-| South Central US​ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| West US​​ | ✅ |  | ✅ | ✅ | ✅ |
-| West US 2​ ​| ✅ | ✅ | ✅ | ✅ | ✅ |
-| West US 3​ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| West Central US​ ​ | ✅ |  | ✅ | ✅ |  |
+| Region | AI enrichment | Availability zones | Agentic retrieval | Confidential computing | Semantic ranker | Query rewrite |
+|--|--|--|--|--|--|--|
+| Brazil South​​ ​| ✅ |  | ✅ | ✅ | ✅ | ✅ |
+| Canada Central​​ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| Canada East​​ ​|  |  | ✅ |  | ✅ |  |
+| ​Central US​​ | ✅ | ✅ | ✅ |  | ✅ | ✅ |
+| East US​ | ✅ | ✅ | ✅ |  | ✅ |  |
+| East US 2 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| Mexico Central |  | ✅ |  | ✅ |  |  |
+| North Central US​ ​| ✅ |  | ✅ |  | ✅ | ✅ |
+| South Central US​ | ✅ | ✅ | ✅ |  | ✅ | ✅ |
+| West US​​ | ✅ |  | ✅ |  | ✅ | ✅ |
+| West US 2​ ​| ✅ | ✅ | ✅ |  | ✅ | ✅ |
+| West US 3​ | ✅ | ✅ | ✅ |  | ✅ | ✅ |
+| West Central US​ ​ | ✅ |  | ✅ |  | ✅ |  |
 
 ### Europe
 
-| Region | AI enrichment | Availability zones | Agentic retrieval | Semantic ranker | Query rewrite |
-|--|--|--|--|--|--|
-| France Central​​ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| Germany West Central​ ​| ✅ | ✅ | ✅ | ✅ |  |
-| Italy North​​ |  | ✅ | ✅ | ✅ |  |
-| Norway East​​ | ✅ | ✅ |  |  |  |
-| North Europe​​ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| Poland Central​​ |  |  | ✅ | ✅ |  |
-| Spain Central <sup>1</sup> |  | ✅ |  |  |  |
-| Sweden Central​​ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| Switzerland North​ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| Switzerland West​ | ✅ | ✅ | ✅ | ✅ |  |
-| UK South​ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| UK West​ ​|  |  | ✅ | ✅ |  |
-| West Europe​​ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| Region | AI enrichment | Availability zones | Agentic retrieval | Confidential computing | Semantic ranker | Query rewrite |
+|--|--|--|--|--|--|--|
+| France Central​​ | ✅ | ✅ | ✅ |  | ✅ | ✅ |
+| Germany West Central​ ​| ✅ | ✅ | ✅ |  | ✅ |  |
+| Italy North​​ |  | ✅ | ✅ | ✅ | ✅ |  |
+| Norway East​​ | ✅ | ✅ |  | ✅ |  |  |
+| North Europe​​ | ✅ | ✅ | ✅ |  | ✅ | ✅ |
+| Poland Central​​ |  |  | ✅ |  | ✅ |  |
+| Spain Central <sup>1</sup> |  | ✅ |  | ✅ |  |  |
+| Sweden Central​​ | ✅ | ✅ | ✅ |  | ✅ | ✅ |
+| Switzerland North​ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| Switzerland West​ | ✅ | ✅ | ✅ |  | ✅ |  |
+| UK South​ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| UK West​ ​|  |  | ✅ |  | ✅ |  |
+| West Europe​​ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
 
 <sup>1</sup> [Higher storage limits](search-limits-quotas-capacity.md#service-limits) aren't available in this region. If you want higher limits, choose a different region.
 
 ### Middle East
 
-| Region | AI enrichment | Availability zones | Agentic retrieval | Semantic ranker | Query rewrite |
-|--|--|--|--|--|--|
-| Israel Central​ <sup>1</sup> |  | ✅ |  |  |  |
-| Qatar Central​ <sup>1</sup> |  | ✅ | ✅ | ✅ |  |
-| UAE North​​ | ✅ | ✅ | ✅ | ✅ |  |
+| Region | AI enrichment | Availability zones | Agentic retrieval | Confidential computing | Semantic ranker | Query rewrite |
+|--|--|--|--|--|--|--|
+| Israel Central​ <sup>1</sup> |  | ✅ |  |  |  |  |
+| Qatar Central​ <sup>1</sup> |  | ✅ | ✅ |  | ✅ |  |
+| UAE North​​ | ✅ | ✅ | ✅ | ✅ | ✅ |  |
 
 <sup>1</sup> [Higher storage limits](search-limits-quotas-capacity.md#service-limits) aren't available in this region. If you want higher limits, choose a different region.
 
 ### Africa
 
-| Region | AI enrichment | Availability zones | Agentic retrieval | Semantic ranker | Query rewrite |
-|--|--|--|--|--|--|
-| South Africa North​ | ✅ | ✅ | ✅ | ✅ |  |
+| Region | AI enrichment | Availability zones | Agentic retrieval | Confidential computing | Semantic ranker | Query rewrite |
+|--|--|--|--|--|--|--|
+| South Africa North​ | ✅ | ✅ | ✅ | ✅ | ✅ |  |
 
 ### Asia Pacific
 
-| Region | AI enrichment | Availability zones | Agentic retrieval | Semantic ranker | Query rewrite |
-|--|--|--|--|--|--|
-| Australia East​ ​| ✅ | ✅ | ✅ | ✅ | ✅ |
-| Australia Southeast​​​ |  |  | ✅ | ✅ |  |
-| Central India | ✅ | ✅ | ✅ | ✅ | ✅ |
-| East Asia​ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| Indonesia Central |  | ✅ |  |  |  |
-| Jio India West​​ | ✅ |  | ✅ | ✅ | ✅ |
-| Jio India Central​​ |  |  |  |  |  |
-| Japan East | ✅ | ✅ | ✅ | ✅ | ✅ |
-| Japan West​ | ✅ |  | ✅ | ✅ |  |
-| Korea Central | ✅ | ✅ | ✅ | ✅ | ✅ |
-| Korea South​​ |  |  | ✅ | ✅ |  |
-| Malaysia West |  | ✅ |  |  |  |  
-| New Zealand North |  | ✅ |  |  |  |
-| South India |  | ✅ |  |  |  |
-| Southeast Asia​​ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| Region | AI enrichment | Availability zones | Agentic retrieval | Confidential computing | Semantic ranker | Query rewrite |
+|--|--|--|--|--|--|--|
+| Australia East​ ​| ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| Australia Southeast​​​ |  |  | ✅ |  | ✅ |  |
+| Central India | ✅ | ✅ | ✅ |  | ✅ | ✅ |
+| East Asia​ | ✅ | ✅ | ✅ |  | ✅ | ✅ |
+| Indonesia Central |  | ✅ |  |  |  |  |
+| Jio India West​​ | ✅ |  | ✅ |  | ✅ | ✅ |
+| Jio India Central​​ |  |  |  |  |  |  |
+| Japan East | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| Japan West​ | ✅ |  | ✅ |  | ✅ |  |
+| Korea Central | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| Korea South​​ |  |  | ✅ |  | ✅ |  |
+| Malaysia West |  | ✅ |  |  |  |  |
+| New Zealand North |  | ✅ |  |  |  |  |
+| South India |  | ✅ |  |  |  |  |
+| Southeast Asia​​ | ✅ | ✅ | ✅ |  | ✅ | ✅ |
 
 ## Azure Government regions
 
-| Region | AI enrichment | Availability zones | Agentic retrieval | Semantic ranker | Query rewrite |
-|--|--|--|--|--|--|
-| Arizona | ✅ |  | ✅ | ✅ | ✅ |
-| Texas |  |  |  |  |  |
-| Virginia | ✅ | ✅ | ✅ | ✅ | ✅ |
+| Region | AI enrichment | Availability zones | Agentic retrieval | Confidential computing | Semantic ranker | Query rewrite |
+|--|--|--|--|--|--|--|
+| Arizona | ✅ |  | ✅ |  | ✅ | ✅ |
+| Texas |  |  |  |  |  |  |
+| Virginia | ✅ | ✅ | ✅ |  | ✅ | ✅ |
 
 ## Azure operated by 21Vianet
 
-| Region | AI enrichment | Availability zones | Agentic retrieval | Semantic ranker | Query rewrite |
-|--|--|--|--|--|--|
-| China East |  |  |  |  |  |
-| China East 2 <sup>1</sup> | ✅ |  |  |  |
-| China East 3 |  |  |  |  |  |
-| China North |  |  |  |  |  |
-| China North 2 <sup>1</sup> |  |  |  |  |  |
-| China North 3 |  | ✅ | ✅ | ✅ | ✅ |
+| Region | AI enrichment | Availability zones | Agentic retrieval | Confidential computing | Semantic ranker | Query rewrite |
+|--|--|--|--|--|--|--|
+| China East |  |  |  |  |  |  |
+| China East 2 <sup>1</sup> | ✅ |  |  |  |  |  |
+| China East 3 |  |  |  |  |  |  |
+| China North |  |  |  |  |  |  |
+| China North 2 <sup>1</sup> |  |  |  |  |  |  |
+| China North 3 |  | ✅ | ✅ |  | ✅ | ✅ |
 
 <sup>1</sup> [Higher storage limits](search-limits-quotas-capacity.md#service-limits) aren't available in this region. If you want higher limits, choose a different region.