Merge pull request #3257 from MicrosoftDocs/main

2/28/2025 AM Publish

Author: Taojunshen

articles/ai-services/agents/how-to/tools/file-search.md

@@ -87,7 +87,7 @@ The maximum file size is 512 MB. Each file should contain no more than 5,000,000
 
 We highly recommend that you ensure all files in a vector_store are fully processed before you create a run. This ensures that all the data in your vector store is searchable. You can check for vector store readiness by using the polling helpers in the SDKs, or by manually polling the vector store object to ensure the status is completed.
 
-As a fallback, there's a 60-second maximum wait in the run object when the thread's vector store contains files that are still being processed. This is to ensure that any files your users upload in a thread a fully searchable before the run proceeds. This fallback wait does not apply to the agent's vector store.
+As a fallback, there's a 60-second maximum wait in the run object when the thread's vector store contains files that are still being processed. This is to ensure that any files your users upload in a thread are fully searchable before the run proceeds. This fallback wait does not apply to the agent's vector store.
 
 ## Add file search to an agent using the Azure AI Foundry portal
 

articles/ai-services/agents/includes/azure-search/code-examples.md

@@ -85,13 +85,19 @@ Get the connection ID of the Azure AI Search connection in the project. You can
 
 ```python
 # AI Search resource connection ID
-# This code prints out the connection ID of all the Azure AI Search connections in the project
-# If you have more than one AI search connection, make sure to select the correct one that contains the index you want to use.
-conn_list = project_client.connections.list()
+# This code looks for the AI Search Connection ID and saves it as variable conn_id
+
+# If you have more than one AI search connection, try to establish the value in your .env file.
+# Extract the connection list.
+conn_list = project_client.connections._list_connections()["value"]
 conn_id = ""
+
+# Search in the metadata field of each connection in the list for the azure_ai_search type and get the id value to establish the variable
 for conn in conn_list:
-    if conn.connection_type == "AZURE_AI_SEARCH":
-        print(f"Connection ID: {conn.id}")
+    metadata = conn["properties"].get("metadata", {})
+    if metadata.get("type", "").upper() == "AZURE_AI_SEARCH":
+        conn_id = conn["id"]
+        break
 ```
 # [C#](#tab/csharp)
 ```csharp
@@ -429,4 +435,4 @@ curl $AZURE_AI_AGENTS_ENDPOINT/threads/thread_abc123/messages?api-version=2024-1
   -H "Authorization: Bearer $AZURE_AI_AGENTS_TOKEN"
 ```
 
----
+---

articles/ai-services/containers/disconnected-container-faq.yml

@@ -10,7 +10,7 @@ metadata:
   ms.custom:
     - ignite-2023
   ms.topic: faq
-  ms.date: 07/26/2024
+  ms.date: 02/27/2025
   ms.author: aahi
 title: FAQ for Azure AI services disconnected containers
 summary: |
@@ -43,11 +43,11 @@ sections:
           Fill out and submit the [request form](https://aka.ms/csdisconnectedcontainers) to request access to the container. Access is limited to customers that meet the following requirements:
 
             * Your organization must have an enterprise agreement or an equivalent agreement and should be identified as strategic customer or partner with Microsoft.  
-            * Valid business scenario/use case - Disconnected containers are expected to run fully offline hence, your use cases must meet one of below or similar requirements: 
+            * Valid business scenario/use case - Disconnected containers are expected to run fully offline. Your use cases must meet one of below or similar requirements: 
               * Environment or devices with zero connectivity to internet. 
               *	Remote location that occasionally has internet access. 
               *	Organization under strict regulation of not sending any kind of data back to cloud. 
-            * Application completed as instructed - Please pay close attention to guidance provided throughout the application to ensure you provide all the necessary information required for approval. 
+            * Application completed as instructed - pay close attention to guidance provided throughout the application to ensure you provide all the necessary information required for approval. 
       - question: What if my use case can't satisfy the requirements listed above?
         answer: |
           If your use case can't satisfy above requirements but you're interested in running containers on premises, you might be able to use [connected containers](../cognitive-services-container-support.md).   

articles/ai-services/speech-service/fast-transcription-create.md

@@ -7,7 +7,7 @@ author: eric-urban
 ms.author: eur
 ms.service: azure-ai-speech
 ms.topic: how-to
-ms.date: 11/12/2024
+ms.date: 2/28/2025
 # Customer intent: As a user who implements audio transcription, I want create transcriptions as quickly as possible.
 ---
 
@@ -24,7 +24,7 @@ Unlike the batch transcription API, fast transcription API only produces transcr
 
 - An Azure AI Speech resource in one of the regions where the fast transcription API is available. The supported regions are: **Australia East**, **Brazil South**, **Central India**, **East US**, **East US 2**, **French Central**, **Japan East**, **North Central US**, **North Europe**, **South Central US**, **Southeast Asia**, **Sweden Central**, **UK South**, **West Europe**, **West US**, **West US 2**, **West US 3**. For more information about regions supported for other Speech service features, see [Speech service regions](./regions.md).
 
-- An audio file (less than 2 hours long and less than 200 MB in size) in one of the formats and codecs supported by the batch transcription API. For more information about supported audio formats, see [supported audio formats](./batch-transcription-audio-data.md#supported-audio-formats-and-codecs).
+- An audio file (less than 2 hours long and less than 200 MB in size) in one of the formats and codecs supported by the batch transcription API: WAV, MP3, OPUS/OGG, FLAC, WMA, AAC, ALAW in WAV container, MULAW in WAV container, AMR, WebM, M4A, and SPEEX. For more information about supported audio formats, see [supported audio formats](./batch-transcription-audio-data.md#supported-audio-formats-and-codecs).
 
 ## Use the fast transcription API
 

articles/ai-services/use-key-vault.md

@@ -6,7 +6,7 @@ ms.author: aahi
 ms.service: azure-ai-services
 ms.custom: devx-track-extended-java, devx-track-js, devx-track-python
 ms.topic: how-to
-ms.date: 8/11/2024
+ms.date: 02/27/2025
 zone_pivot_groups: programming-languages-set-twenty-eight
 ---
 
@@ -89,7 +89,7 @@ Repeat these steps to generate a secret for each required resource credential. F
 
     |Name  | Value  |
     |---------|---------|
-    |Upload options     | Manual         |
+    |Upload options     | Generate         |
     |Name     | A secret name for your key or endpoint. For example: "CognitiveServicesKey" or "CognitiveServicesEndpoint"        |
     |Value     | Your Azure AI services resource key or endpoint.         |
 

articles/ai-studio/how-to/access-on-premises-resources.md

@@ -5,14 +5,14 @@ description: Learn how to configure an Azure AI Foundry managed network to secur
 manager: scottpolly
 ms.service: azure-ai-foundry
 ms.topic: how-to
-ms.date: 02/20/2025
+ms.date: 02/27/2025
 ms.reviewer: meerakurup 
 ms.author: larryfr
 author: Blackmist
 # Customer intent: As an admin, I want to allow my developers to securely access on-premises resources from Azure AI Foundry.
 ---
 
-# Access on-premises resources from your Azure AI Foundry's managed network (preview)
+# Access on-premises resources from your Azure AI Foundry's managed network
 
 To access your non-Azure resources located in a different virtual network or located entirely on-premises from your [Azure AI Foundry](https://ai.azure.com)'s managed virtual network, an Application Gateway must be configured. Through this Application Gateway, full end to end access can be configured to your resources.
 
@@ -80,10 +80,10 @@ Follow the [Quickstart: Direct web traffic using the portal](/azure/application-
     - FQDNs: These FQDNs are the aliases that you want to use inside the Azure AI Foundry portal. They're resolved to the managed private endpoint's private IP address targeting Application Gateway. You might include multiple FQDNs depending on how many resources you would like to connect to with the Application Gateway.
 
     > [!NOTE]
-    > - If you are using HTTPS listener with certificate uploaded, make sure the FQDN alias matches with the certificate's CN (Common Name) or SAN (Subject Alternative Name) otherwise HTTPS call will fail with SNI (Server Name Indication).
-    > - The provided FQDNs must have at least three labels in the name to properly create the private DNS zone of thee private endpoint for Application Gateway.
-    > - The FQDNs field is editable after the private endpoint creation through SDK or CLI. The field is not editable in the Azure portal.
-    > - Dynamic sub-resource naming is not supported for the private Frontend IP configuration. The Frontend IP name must be `appGwPrivateFrontendIpIPv4`.
+    > - If you're using HTTPS listener with certificate uploaded, make sure the FQDN alias matches with the certificate's CN (Common Name) or SAN (Subject Alternative Name) otherwise HTTPS call fails with SNI (Server Name Indication).
+    > - The provided FQDNs must have at least three labels in the name to properly create the private DNS zone of the private endpoint for Application Gateway.
+    > - The FQDNs field is editable after the private endpoint creation through SDK or CLI. The field isn't editable in the Azure portal.
+    > - Dynamic sub-resource naming isn't supported for the private Frontend IP configuration. The Frontend IP name must be `appGwPrivateFrontendIpIPv4`.
 
 ### Configure using Python SDK and Azure CLI
 
@@ -96,6 +96,7 @@ To create a private endpoint to Application Gateway with the Azure CLI, use the
 - Application Gateway supports only HTTP(s) endpoints in the Backend pool. There's no support for non-HTTP(s) network traffic. Ensure your resources support HTTP(S) protocol.
 - To connect to Snowflake using the Application Gateway, you should add your own FQDN outbound rules to enable package/driver download and OCSP validation.
   - The Snowflake JDBC driver uses HTTPS calls, but different drivers might have different implementations. Check if your resource uses HTTP(S) protocol or not.
+- Application Gateway isn't supported for Spark scenarios, such as Spark compute or serverless Spark compute. DNS resolution (for example, nslookup) fails when trying to resolve an FQDN from the Spark compute.
 - For more information on limitations, see [Frequently asked questions about Application Gateway](/azure/application-gateway/application-gateway-faq).
 
 ## Application Gateway Errors

articles/ai-studio/how-to/configure-managed-network.md

@@ -6,7 +6,7 @@ manager: scottpolly
 ms.service: azure-ai-foundry
 ms.custom: ignite-2023, build-2024, devx-track-azurecli, ignite-2024
 ms.topic: how-to
-ms.date: 02/24/2025
+ms.date: 02/27/2025
 ms.reviewer: meerakurup
 ms.author: larryfr
 author: Blackmist
@@ -155,7 +155,7 @@ Before following the steps in this article, make sure you have the following pre
 ## Configure a managed virtual network to allow internet outbound
 
 > [!TIP]
-> The creation of the managed virtual network is deferred until a compute resource is created or provisioning is manually started. When allowing automatic creation, it can take around __30 minutes__ to create the first compute resource as it is also provisioning the network.
+> The creation of the managed VNet is deferred until a compute resource is created or provisioning is manually started. When you allow automatic creation, it can take around __30 minutes__ to create the first compute resource as it is also provisioning the network.
 
 # [Azure portal](#tab/portal)
 
@@ -338,7 +338,7 @@ To configure a managed virtual network that allows internet outbound communicati
 ## Configure a managed virtual network to allow only approved outbound
 
 > [!TIP]
-> The managed virtual network is automatically provisioned when you create a compute resource. When allowing automatic creation, it can take around __30 minutes__ to create the first compute resource as it is also provisioning the network. If you configured FQDN outbound rules, the first FQDN rule adds around __10 minutes__ to the provisioning time.
+> The managed VNet is automatically provisioned when you create a compute resource. When you allow automatic creation, it can take around __30 minutes__ to create the first compute resource as it is also provisioning the network. If you configured FQDN outbound rules, the first FQDN rule adds around __10 minutes__ to the provisioning time.
 
 # [Azure portal](#tab/portal)
 
@@ -627,18 +627,18 @@ The managed virtual network is automatically provisioned when you create a compu
 
 To reduce the wait time and avoid potential timeout errors, we recommend manually provisioning the managed network. Then wait until the provisioning completes before you create a compute instance.
 
-Alternatively, you can use the `provision_network_now` flag to provision the managed network as part of hub creation. This flag is in preview.
+Alternatively, you can use the `provision_network_now` flag to provision the managed network as part of hub creation.
 
 > [!NOTE]
 > To create an online deployment, you must manually provision the managed network, or create a compute instance first. Creating a compute instance automatically provision it. 
 
 # [Azure portal](#tab/portal)
 
-During hub creation, select __Provision managed network proactively at creation__ to provision the managed network. Charges are incurred from network resources, such as private endpoints, once the virtual network is provisioned. This configuration option is only available during workspace creation, and is in preview.
+During hub creation, select __Provision managed network proactively at creation__ to provision the managed network. Charges are incurred from network resources, such as private endpoints, once the virtual network is provisioned. This configuration option is only available during workspace creation.
 
 # [Azure CLI](#tab/azure-cli)
 
-The following example shows how to provision a managed virtual network during hub creation. The `--provision-network-now` flag is in preview.
+The following example shows how to provision a managed virtual network during hub creation. 
 
 ```azurecli
 az ml workspace create -n myworkspace -g my_resource_group --kind hub --managed-network AllowInternetOutbound --provision-network-now true
@@ -658,7 +658,7 @@ az ml workspace show -n my_ai_hub_name -g my_resource_group --query managed_netw
 
 # [Python SDK](#tab/python)
 
-The following example shows how to provision a managed virtual network during hub creation. The `--provision-network-now` flag is in preview.
+The following example shows how to provision a managed virtual network during hub creation.
 
 ```azurecli
 az ml workspace create -n myworkspace -g my_resource_group --managed-network AllowInternetOutbound --provision-network-now true
@@ -853,9 +853,9 @@ When you create a private endpoint for hub dependency resources, such as Azure S
 A private endpoint is automatically created for a connection if the target resource is an Azure resource listed previously. A valid target ID is expected for the private endpoint. A valid target ID for the connection can be the Azure Resource Manager ID of a parent resource. The target ID is also expected in the target of the connection or in `metadata.resourceid`. For more on connections, see [How to add a new connection in Azure AI Foundry portal](connections-add.md).
 
 > [!IMPORTANT]
-> As of March 31st 2025, the Azure AI Enterprise Network Connection Approver role must be assigned to the Azure AI Foundry hub's managed identity to approve private endpoints to securely access your Azure resources from the managed virtual network. This doesn't impact existing resources with approved private endpoints as the role is correctly assigned by the service. For new resources, please ensure the role is assigned to the hub's managed identity. For Azure Data Factory, Azure Databricks, and Azure Function Apps, the Contributor role should instead be assigned to your hub's managed identity. This role assignment is applicable to both User-assigned identity and System-assigned identity workspaces. 
+> As of March 31st 2025, the Azure AI Enterprise Network Connection Approver role must be assigned to the Azure AI Foundry hub's managed identity to approve private endpoints to securely access your Azure resources from the managed virtual network. This doesn't impact existing resources with approved private endpoints as the role is correctly assigned by the service. For new resources, ensure the role is assigned to the hub's managed identity. For Azure Data Factory, Azure Databricks, and Azure Function Apps, the Contributor role should instead be assigned to your hub's managed identity. This role assignment is applicable to both User-assigned identity and System-assigned identity workspaces. 
 
-## Select an Azure Firewall version for allowed only approved outbound (Preview)
+## Select an Azure Firewall version for allowed only approved outbound
 
 An Azure Firewall is deployed if an FQDN outbound rule is created while in the _allow only approved outbound_ mode. Charges for the Azure Firewall are included in your billing. By default, a __Standard__ version of AzureFirewall is created. Optionally, you can select to use a __Basic__ version. You can change the firewall version used as needed. To figure out which version is best for you, visit [Choose the right Azure Firewall version](/azure/firewall/choose-firewall-sku).
 
@@ -902,11 +902,12 @@ network = ManagedNetwork(isolation_mode=IsolationMode.ALLOW_INTERNET_OUTBOUND,
 The hub managed virtual network feature is free. However, you're charged for the following resources that are used by the managed virtual network:
 
 * Azure Private Link - Private endpoints used to secure communications between the managed virtual network and Azure resources relies on Azure Private Link. For more information on pricing, see [Azure Private Link pricing](https://azure.microsoft.com/pricing/details/private-link/).
-* FQDN outbound rules - FQDN outbound rules are implemented using Azure Firewall. If you use outbound FQDN rules, charges for Azure Firewall are included in your billing. A standard version of Azure Firewall is used by default. For information on selecting the basic version, see [Select an Azure Firewall version](#select-an-azure-firewall-version-for-allowed-only-approved-outbound-preview). Azure Firewall is provisioned per hub.
+* FQDN outbound rules - FQDN outbound rules are implemented using Azure Firewall. If you use outbound FQDN rules, charges for Azure Firewall are included in your billing. A standard version of Azure Firewall is used by default. For information on selecting the basic version, see [Select an Azure Firewall version](#select-an-azure-firewall-version-for-allowed-only-approved-outbound). Azure Firewall is provisioned per hub.
 
     > [!IMPORTANT]
     > The firewall isn't created until you add an outbound FQDN rule. If you don't use FQDN rules, you won't be charged for Azure Firewall. For more information on pricing, see [Azure Firewall pricing](https://azure.microsoft.com/pricing/details/azure-firewall/).
 
 ## Related content
 
 - [Create Azure AI Foundry hub and project using the SDK](./develop/create-hub-project-sdk.md)
+- [Access on-premises resources from Azure AI Foundry](access-on-premises-resources.md)