Merge pull request #1237 from MicrosoftDocs/main

ttorble · web-flow · commit 54f48240b0e6 · 2024-11-04T12:05:22.000Z
Publish to live, Monday 4 AM PST, 11/4
diff --git a/articles/ai-services/speech-service/regions.md b/articles/ai-services/speech-service/regions.md
@@ -54,7 +54,7 @@ The following regions are supported for Speech service features such as speech t
 | Qatar         | Qatar Central        | `qatarcentral`<sup>3,8</sup>            |
 | US            | Central US           | `centralus`                             |
 | US            | East US              | `eastus` <sup>1,2,4,5,7,9,11,12</sup>   |
-| US            | East US 2            | `eastus2` <sup>1,2,4,5,12</sup>         |
+| US            | East US 2            | `eastus2` <sup>1,2,4,5,10,12</sup>         |
 | US            | North Central US     | `northcentralus` <sup>4,6,12</sup>      |
 | US            | South Central US     | `southcentralus` <sup>1,2,4,5,6,7,10,12</sup> |
 | US            | West Central US      | `westcentralus` <sup>3,5</sup>          |
diff --git a/articles/ai-services/speech-service/text-to-speech-avatar/what-is-text-to-speech-avatar.md b/articles/ai-services/speech-service/text-to-speech-avatar/what-is-text-to-speech-avatar.md
@@ -69,11 +69,11 @@ Sample code for text to speech avatar is available on [GitHub](https://github.co
 
 - Throughout an avatar real-time session or batch content creation, the text-to-speech, speech-to-text, Azure OpenAI, or other Azure services are charged separately.
 - Refer to [text to speech avatar pricing note](../text-to-speech.md#text-to-speech-avatar) to learn how billing works for the text-to-speech avatar feature.
-- For the detailed pricing, see [Speech service pricing](https://azure.microsoft.com/pricing/details/cognitive-services/speech-services/). Note that avatar pricing will only be visible for service regions where the feature is available, including Southeast Asia, North Europe, West Europe, Sweden Central, South Central US, and West US 2.
+- For the detailed pricing, see [Speech service pricing](https://azure.microsoft.com/pricing/details/cognitive-services/speech-services/). Note that avatar pricing will only be visible for service regions where the feature is available, including Southeast Asia, North Europe, West Europe, Sweden Central, South Central US, East US 2, and West US 2.
 
 ## Available locations
 
-The text to speech avatar feature is only available in the following service regions: Southeast Asia, North Europe, West Europe, Sweden Central, South Central US, and West US 2.
+The text to speech avatar feature is only available in the following service regions: Southeast Asia, North Europe, West Europe, Sweden Central, South Central US, East US 2, and West US 2.
 
 ### Responsible AI
 
diff --git a/articles/search/keyless-connections.md b/articles/search/keyless-connections.md
@@ -1,11 +1,10 @@
 ---
 title: Use keyless connections with Azure AI Search
-description: Use keyless connections with an Azure Identity library for authentication and authorization with Azure AI Search.
+description: Use keyless connections with an Azure Identity library for Microsoft Entra ID authentication and authorization with Azure AI Search.
 ms.topic: how-to
-ms.date: 06/05/2024
+ms.date: 10/30/2024
 author: HeidiSteen
 ms.author: heidist
-ms.reviewer: scaddie
 ms.custom: devx-track-dotnet, devx-track-extended-java, devx-track-js, devx-track-python, Keyless-dotnet, Keyless-java, Keyless-js, Keyless-python, build-2024-intelligent-apps
 #customer intent: As a developer, I want to use keyless connections so that I don't leak secrets.
 ---
@@ -34,7 +33,7 @@ Before continuing with this article, you need an Azure AI Search resource to wor
 
 ### Install Azure Identity client library
 
-Before working locally without keyless, update your AI Search enabled code with the Azure Identity client library.
+To use a keyless approach, update your AI Search enabled code with the Azure Identity client library.
 
 #### [.NET](#tab/csharp)
 
@@ -211,22 +210,21 @@ search_index_client = SearchIndexClient(
 
 ---
 
-
 ## Local development
 
-Local development without keyless includes these steps:
+Local development using roles includes these steps:
 
-- Assign your personal identity with RBAC roles on the specific resource.
-- Use a tool to authenticate with Azure.
+- Assign your personal identity to RBAC roles on the specific resource.
+- Use a tool like the Azure CLI or Azure PowerShell to authenticate with Azure.
 - Establish environment variables for your resource.
 
 ### Roles for local development
 
-As a local developer, your Azure identity needs full control of your service. This control is provided with RBAC roles. To manage your resource during development, these are the suggested roles:
+As a local developer, your Azure identity needs full control over data plane operations. These are the suggested roles:
 
-- Search Service Contributor
-- Search Index Data Contributor
-- Search Index Data Reader
+- Search Service Contributor, create and manage objects
+- Search Index Data Contributor, load an index
+- Search Index Data Reader, query an index
 
 Find your personal identity with one of the following tools. Use that identity as the `<identity-id>` value.
 
@@ -253,7 +251,7 @@ Find your personal identity with one of the following tools. Use that identity a
         --assignee "<identity-id>" \
         --scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>"
     ```
-    
+
 #### [Azure PowerShell](#tab/azure-powershell)
 
 1. Sign in with PowerShell.
@@ -277,13 +275,12 @@ Find your personal identity with one of the following tools. Use that identity a
 #### [Azure portal](#tab/portal)
 
 1. Use the steps found here: [find the user object ID](/partner-center/find-ids-and-domain-names#find-the-user-object-id) in the Azure portal.
-    
-2. Use the steps found at [open the Add role assignment page](search-security-rbac.md) in the Azure portal.
-    
+
+1. Use the steps found at [open the Add role assignment page](search-security-rbac.md) in the Azure portal.
+
 ---
-    
-Where applicable, replace `<identity-id>`, `<subscription-id>`, and `<resource-group-name>` with your actual values. 
 
+Where applicable, replace `<identity-id>`, `<subscription-id>`, and `<resource-group-name>` with your actual values. 
 
 ### Authentication for local development
 
diff --git a/articles/search/media/search-security-rbac/portal-access-control.png b/articles/search/media/search-security-rbac/portal-access-control.png
diff --git a/articles/search/search-security-api-keys.md b/articles/search/search-security-api-keys.md
@@ -10,7 +10,7 @@ ms.service: azure-ai-search
 ms.custom:
   - ignite-2023
 ms.topic: how-to
-ms.date: 06/28/2024
+ms.date: 10/30/2024
 ---
 
 # Connect to Azure AI Search using keys
@@ -245,7 +245,7 @@ It's not possible to use [customer-managed key encryption](search-security-manag
 
 + Always check code, samples, and training material before publishing to make sure you didn't leave valid API keys behind.
 
-+ For production workloads, switch to [Microsoft Entra ID and role-based access](search-security-rbac.md). Or, if you want to continue using API keys, be sure to always monitor [who has access to your API keys](#secure-api-keys) and [regenerate API keys](#regenerate-admin-keys) on a regular cadence.
++ For production workloads, switch to [Microsoft Entra ID and role-based access](keyless-connections.md). Or, if you want to continue using API keys, be sure to always monitor [who has access to your API keys](#secure-api-keys) and [regenerate API keys](#regenerate-admin-keys) on a regular cadence.
 
 ## See also
 
diff --git a/articles/search/search-security-enable-roles.md b/articles/search/search-security-enable-roles.md
@@ -8,20 +8,18 @@ author: HeidiSteen
 ms.author: heidist
 ms.service: azure-ai-search
 ms.topic: how-to
-ms.date: 06/18/2024
+ms.date: 10/30/2024
 
 ---
 
 # Enable or disable role-based access control in Azure AI Search
 
-Before you can assign roles for authorized access to Azure AI Search, enable role-based access control on your search service.
+Azure AI Search uses [key-based authentication](search-security-api-keys.md) by default, but it fully supports Microsoft Entra ID authentication and authorization for all control plane and data plane operations through Azure role-based access control (RBAC).
 
-Role-based access for data plane operations is optional, but recommended as the more secure option. The alternative is [key-based authentication](search-security-api-keys.md), which is the default. 
-
-Roles for service administration (control plane) are built in and can't be enabled or disabled. 
+Before you can assign roles for authorized data plane access to Azure AI Search, you must enable role-based access control on your search service. Roles for service administration (control plane) are built in and can't be enabled or disabled. 
 
 > [!NOTE]
-> *Data plane* refers to operations against the search service endpoint, such as indexing or queries, or any other operation specified in the [Search REST API](/rest/api/searchservice/) or equivalent Azure SDK client libraries.
+> *Data plane* refers to operations against the search service endpoint, such as indexing or queries, or any other operation specified in the [Search Service REST APIs](/rest/api/searchservice/) or equivalent Azure SDK client libraries. *Control plane* refers to Azure resource management, such as creating or configuring a search service.
 
 ## Prerequisites
 
@@ -223,13 +221,11 @@ To re-enable key authentication, set "disableLocalAuth" to false. The search ser
 
 ---
 
-## Limitations
-
-+ Role-based access control can increase the latency of some requests. Each unique combination of service resource (index, indexer, etc.) and service principal triggers an authorization check. These authorization checks can add up to 200 milliseconds of latency per request. 
+## Effects of role-based access control
 
-+ In rare cases where requests originate from a high number of different service principals, all targeting different service resources (indexes, indexers, etc.), it's possible for the authorization checks to result in throttling. Throttling would only happen if hundreds of unique combinations of search service resource and service principal were used within a second.
++ Role-based access control can increase the latency of some requests. Each unique combination of service resource (index, indexer, skillsets and so forth) and service principal triggers an authorization check. These authorization checks can add up to 200 milliseconds of latency per request. 
 
----
++ In rare cases where requests originate from a high number of different service principals, all targeting different service resources (indexes, indexers, and so forth), it's possible for the authorization checks to result in throttling. Throttling would only happen if hundreds of unique combinations of search service resource and service principal were used within a second.
 
 ## Next steps
 
diff --git a/articles/search/search-security-get-encryption-keys.md b/articles/search/search-security-get-encryption-keys.md
@@ -10,7 +10,7 @@ ms.service: azure-ai-search
 ms.custom:
   - ignite-2023
 ms.topic: conceptual
-ms.date: 02/16/2024
+ms.date: 10/30/2024
 ---
 
 # Find encrypted objects and information
diff --git a/articles/search/search-security-rbac.md b/articles/search/search-security-rbac.md
