Merge branch 'main' into release-2025-openai-v1-staggered

Author: v-alje

articles/ai-foundry/agents/concepts/model-region-support.md

@@ -26,6 +26,7 @@ Azure AI Foundry Agent Service supports the following Azure OpenAI models in the
 
 > [!NOTE]
 > * [Hub-based projects](../../what-is-azure-ai-foundry.md#project-types) are limited to the following models: gpt-4o, gpt-4o-mini, gpt-4, gpt-35-turbo
+> * The [spillover feature](../../openai/how-to/spillover-traffic-management.md) for provisioned throughput is compatable with agents
 > * For information on class A subnet support, see the setup guide on [GitHub](https://github.com/azure-ai-foundry/foundry-samples/tree/main/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup).
 > * The [file search tool](../how-to/tools/file-search.md) is currently unavailable in the following regions:
 >     * Italy north

articles/ai-foundry/azure-ai-foundry-status-dashboard-documentation.md

@@ -0,0 +1,70 @@
+---
+title: Azure AI Foundry Status Dashboard (Preview)
+description: Discover the Azure AI Foundry Status Dashboard (Preview) for real-time updates on service health, incident reports, and planned maintenance notifications.
+author: jonburchel
+ms.author: jburchel
+ms.reviewer: nisi
+ms.date: 08/25/2025
+ms.topic: concept-article
+ms.service: azure-ai-foundry
+---
+
+# Azure AI Foundry status dashboard
+
+The Azure AI Foundry Status Dashboard provides visibility into the
+health and availability of key Foundry services. It's intended to help
+customers monitor service status, stay informed about ongoing incidents,
+and plan around scheduled maintenance windows.
+
+This dashboard is currently in **Preview**, which means we're still
+expanding coverage and improving the experience based on customer
+feedback.
+
+## Key Features
+
+- **Live Status Indicators** for core Foundry services
+
+- **Incident Reports** with timelines, resolutions, and root cause
+  summaries
+
+- **Planned Maintenance Notifications** with expected impact and
+  duration
+
+- **Historical Uptime** to help assess service reliability over time
+
+## Frequently Asked Questions
+
+**Q: Is this data real-time?**  
+Yes. The dashboard pulls updates in real time as the engineering and operations teams publish status changes.
+
+**Q: What does it mean that this dashboard is in “Preview”?**  
+During the Preview phase, we're gradually expanding service coverage
+and refining the dashboard UI and update workflows. Some services might
+not yet appear, and update timing might vary slightly. We appreciate your
+patience and feedback.
+
+**Q: Can I subscribe to updates?**  
+Yes, subscription options (email, SMS, webhook) are supported in the
+dashboard.
+
+**Q: Does the dashboard cover all regions and environments?**  
+Currently, the dashboard reflects status for core production services in
+major regions. Expanded coverage, including specific regions, is in
+progress.
+
+**Q: How should I report discrepancies or missing status updates?**  
+If you notice a gap between your experience and what you see on the
+dashboard, contact your Microsoft support representative or file
+a support ticket through Azure Support.
+
+## Feedback & Support
+
+We welcome feedback on this dashboard as we work towards General
+Availability. If you have questions, suggestions, or run into issues,
+please contact your support team or Customer Success representative.
+
+## Related content
+
+- [Azure AI Foundry documentation](/azure/ai-foundry/)
+- [Azure status history](https://status.azure.com/status)
+- [Azure Service Health](https://azure.microsoft.com/status/)

articles/ai-foundry/concepts/rbac-azure-ai-foundry.md

@@ -7,79 +7,80 @@ ms.custom:
   - build-2024
   - hub-only
 ms.topic: concept-article
-ms.date: 04/29/2025
+ms.date: 08/27/2025
 ms.reviewer: deeikele
 ms.author: jburchel 
 author: jonburchel 
+ai-usage: ai-assisted
 ---
 
 # Vulnerability management for Azure AI Foundry
 
 [!INCLUDE [hub-only-alt](../includes/uses-hub-only-alt.md)]
 
-Vulnerability management involves detecting, assessing, mitigating, and reporting on any security vulnerabilities that exist in an organization's systems and software. Vulnerability management is a shared responsibility between you and Microsoft.
+Vulnerability management is the process of detecting, assessing, mitigating, and reporting security vulnerabilities in an organization's systems and software. It's a shared responsibility between you and Microsoft.
 
-This article discusses these responsibilities and outlines the vulnerability management controls that [Azure AI Foundry](https://ai.azure.com/?cid=learnDocs) provides. You learn how to keep your service instance and applications up to date with the latest security updates, and how to minimize the window of opportunity for attackers.
+This article covers your responsibilities and the vulnerability management controls that [Azure AI Foundry](https://ai.azure.com/?cid=learnDocs) provides. Learn how to keep your service instance and apps up to date with the latest security updates and reduce the window of opportunity for attackers.
 
 ## Microsoft-managed VM images
 
-Microsoft manages host OS virtual machine (VM) images for compute instances and serverless compute clusters. The update frequency is monthly and includes the following details:
+Microsoft manages host OS virtual machine (VM) images for compute instances and serverless compute clusters. Updates are monthly and include the following details:
 
-* For each new VM image version, the latest updates are sourced from the original publisher of the OS. Using the latest updates helps ensure that you get all applicable OS-related patches. For Azure AI Foundry, the publisher is Canonical for all the Ubuntu images.
+* For each new VM image version, Microsoft sources the latest OS updates from the original publisher. Using the latest updates helps ensure you get all applicable OS patches. For Azure AI Foundry, Canonical publishes all Ubuntu images.
 
 * VM images are updated monthly.  
 
-* In addition to patches that the original publisher applies, Microsoft updates system packages when updates are available.
+* In addition to the publisher's patches, Microsoft updates system packages as updates become available.
 
 * Microsoft checks and validates any machine learning packages that might require an upgrade. In most circumstances, new VM images contain the latest package versions.  
 
 * All VM images are built on secure subscriptions that run vulnerability scanning regularly. Microsoft flags any unaddressed vulnerabilities and fixes them within the next release.  
 
-* The frequency is a monthly interval for most images. For compute instances, the image release is aligned with the release cadence of the Azure Machine Learning SDK that's preinstalled in the environment.
+* Most images use a monthly release cadence. For compute instances, the image release aligns with the release cadence of the Azure Machine Learning SDK that's preinstalled in the environment.
 
-In addition to the regular release cadence, Microsoft applies hotfixes if vulnerabilities surface. Microsoft rolls out hotfixes within 72 hours for serverless compute clusters and within a week for compute instances.
+Microsoft also applies hotfixes when vulnerabilities surface. Microsoft rolls out hotfixes within 72 hours for serverless compute clusters and within a week for compute instances.
 
 > [!NOTE]
-> The host OS is not the OS version that you might specify for an environment when you're training or deploying a model. Environments run inside Docker. Docker runs on the host OS.
+> The host OS isn't the OS version you specify for an environment when you train or deploy a model. Environments run inside Docker. Docker runs on the host OS.
 
 ## Microsoft-managed container images
 
-[Base docker images](https://github.com/Azure/AzureML-Containers) that Microsoft maintains for Azure AI Foundry get security patches frequently to address newly discovered vulnerabilities.  
+[Base Docker images](https://github.com/Azure/AzureML-Containers) that Microsoft maintains for Azure AI Foundry receive frequent security patches to fix newly discovered vulnerabilities.  
 
-Microsoft releases updates for supported images every two weeks to address vulnerabilities. As a commitment, we aim to have no vulnerabilities older than 30 days in the latest version of supported images.
+Microsoft updates supported images every two weeks to fix vulnerabilities. The goal is zero vulnerabilities older than 30 days in the latest supported images.
 
-Patched images are released under a new immutable tag and an updated `:latest` tag. Using the `:latest` tag or pinning to a particular image version might be a tradeoff between security and environment reproducibility for your machine learning job.
+Microsoft releases patched images with a new immutable tag and an updated `:latest` tag. Using the `:latest` tag or pinning a specific image version is a tradeoff between security and environment reproducibility for your machine learning job.
 
 ## Managing environments and container images  
 
-In Azure AI Foundry portal, Docker images are used to provide a runtime environment for [prompt flow deployments](../how-to/flow-deploy.md). The images are built from a base image that Azure AI Foundry provides.
+In the Azure AI Foundry portal, Docker images provide the runtime environment for [prompt flow deployments](../how-to/flow-deploy.md). These images start from an Azure AI Foundry base image.
 
-Although Microsoft patches base images with each release, whether you use the latest image might be tradeoff between reproducibility and vulnerability management. It's your responsibility to choose the environment version that you use for your jobs or model deployments.  
+Although Microsoft patches base images with each release, using the latest image is a tradeoff between reproducibility and vulnerability management. You choose the environment version for your jobs or model deployments.  
 
-By default, dependencies are layered on top of base images when you're building an image. After you install more dependencies on top of the Microsoft-provided images, vulnerability management becomes your responsibility.  
+By default, dependencies are layered on top of base images when you're building an image. After you install extra dependencies on Microsoft-provided images, you're responsible for vulnerability management.  
 
-Associated with your Azure AI Foundry hub is an Azure Container Registry instance that functions as a cache for container images. Any image that materializes is pushed to the container registry. The workspace uses it when deployment is triggered for the corresponding environment.
+Your Azure AI Foundry hub includes an Azure Container Registry instance that caches container images. When an image is built, it's pushed to the container registry. The workspace uses the cached image when you deploy the corresponding environment.
 
-The hub doesn't delete any image from your container registry. You're responsible for evaluating the need for an image over time. To monitor and maintain environment hygiene, you can use [Microsoft Defender for Container Registry](/azure/defender-for-cloud/defender-for-container-registries-usage) to help scan your images for vulnerabilities. To automate your processes based on triggers from Microsoft Defender, see [Automate remediation responses](/azure/defender-for-cloud/workflow-automation).
+The hub doesn't delete any image from your container registry. Review the need for each image over time. To monitor and maintain environment hygiene, use [Microsoft Defender for Container Registry](/azure/defender-for-cloud/defender-for-container-registries-usage) to scan your images for vulnerabilities. To automate processes based on Microsoft Defender triggers, see [Automate remediation responses](/azure/defender-for-cloud/workflow-automation).
 
 
 ## Vulnerability management on compute hosts
 
-Managed compute nodes in Azure AI Foundry portal use Microsoft-managed OS VM images. When you provision a node, it pulls the latest updated VM image. This behavior applies to compute instance, serverless compute cluster, and managed inference compute options.
+Managed compute nodes in Azure AI Foundry portal use Microsoft-managed OS VM images. When you provision a node, it pulls the latest VM image. This behavior applies to compute instances, serverless compute clusters, and managed inference compute.
 
-Although OS VM images are regularly patched, Microsoft doesn't actively scan compute nodes for vulnerabilities while they're in use. For an extra layer of protection, consider network isolation of your computes.
+Although OS VM images are regularly patched, Microsoft doesn't actively scan compute nodes for vulnerabilities while they're in use. For an extra layer of protection, consider network isolation for your compute nodes.
 
-Ensuring that your environment is up to date and that compute nodes use the latest OS version is a shared responsibility between you and Microsoft. Nodes that aren't idle can't be updated to the latest VM image. Considerations are slightly different for each compute type, as listed in the following sections.
+Ensuring that your environment is up to date and that compute nodes use the latest OS version is a shared responsibility between you and Microsoft. The service doesn't update busy nodes to the latest VM image. Considerations are slightly different for each compute type, as listed in the following sections.
 
 ### Compute instance
 
-Compute instances get the latest VM images at the time of provisioning. Microsoft releases new VM images on a monthly basis. After you deploy a compute instance, it isn't actively updated. To keep current with the latest software updates and security patches, you can use one of these methods:
+Compute instances get the latest VM image at provisioning. Microsoft releases new VM images monthly. After you deploy a compute instance, it doesn't receive ongoing image updates. To stay current with the latest software updates and security patches, use one of these methods:
 
 * Re-create a compute instance to get the latest OS image (recommended).
 
-  If you use this method, you'll lose data and customizations (such as installed packages) that are stored on the instance's OS and temporary disks.
+  If you use this method, you'll lose data and customizations (such as installed packages) stored on the instance's OS disk and temporary disk.
 
-  For more information about image releases, see the [Azure Machine Learning compute instance image release notes](/azure/machine-learning/azure-machine-learning-ci-image-release-notes).
+  Learn more about image releases in the [Azure Machine Learning compute instance image release notes](/azure/machine-learning/azure-machine-learning-ci-image-release-notes).
 
 * Regularly update OS and Python packages.
 
@@ -101,18 +102,18 @@ Compute instances get the latest VM images at the time of provisioning. Microsof
     pip list --outdated
     ```
 
-You can install and run additional scanning software on the compute instance to scan for security issues:
+Install and run additional scanning software on the compute instance to scan for security issues:
 
 * Use [Trivy](https://github.com/aquasecurity/trivy) to discover OS and Python package-level vulnerabilities.
 * Use [ClamAV](https://www.clamav.net/) to discover malware. It comes preinstalled on compute instances.
 
-Microsoft Defender for Servers agent installation is currently not supported.
+Installing the Microsoft Defender for Servers agent isn't supported.
 
 ### Endpoints
 
-Endpoints automatically receive OS host image updates that include vulnerability fixes. The update frequency of images is at least once a month.
+Endpoints automatically receive OS host image updates with vulnerability fixes. Microsoft updates images at least once a month.
 
-Compute nodes are automatically upgraded to the latest VM image version when that version is released. You don't need to take any action.  
+Compute nodes automatically upgrade to the latest VM image version when it's released. You don't need to do anything.  
 
 ## Next steps