Merge pull request #3121 from MicrosoftDocs/main

Publish to live, Sunday 4 AM PST, 2/23

Author: ttorble

articles/ai-services/computer-vision/how-to/image-retrieval.md

@@ -8,7 +8,7 @@ manager: nitinme
 
 ms.service: azure-ai-vision
 ms.topic: how-to
-ms.date: 10/16/2024
+ms.date: 02/22/2025
 ms.collection: "ce-skilling-fresh-tier2, ce-skilling-ai-copilot"
 ms.author: pafarley
 
@@ -19,7 +19,7 @@ ms.author: pafarley
 
 The Multimodal embeddings APIs enable the _vectorization_ of images and text queries. They convert images to coordinates in a multi-dimensional vector space. Then, incoming text queries can also be converted to vectors, and images can be matched to the text based on semantic closeness. This allows the user to search a set of images using text, without the need to use image tags or other metadata. Semantic closeness often produces better results in search.
 
-The `2024-02-01` API includes a multi-lingual model that supports text search in 102 languages. The original English-only model is still available, but it cannot be combined with the new model in the same search index. If you vectorized text and images using the English-only model, these vectors won’t be compatible with multi-lingual text and image vectors.
+The `2024-02-01` API includes a multi-lingual model (model version `2023-04-15`) that supports text search in 102 languages. The original English-only model (version `2022-04-11`) is still available, but it cannot be combined with the new model in the same search index. If you vectorized text and images using the English-only model, these vectors won’t be compatible with multi-lingual text and image vectors.
 
 > [!IMPORTANT]
 > These APIs are only available in certain geographic regions. See [Region availability](../overview-image-analysis.md#region-availability).
@@ -87,7 +87,7 @@ The API call returns a **vector** JSON object, which defines the text string's c
 
 ```json
 { 
-  "modelVersion": "2022-04-11", 
+  "modelVersion": "2023-04-15", 
   "vector": [ -0.09442752, -0.00067171326, -0.010985051, ... ] 
 }
 ```

articles/ai-services/computer-vision/identity-encrypt-data-at-rest.md

@@ -26,5 +26,5 @@ The Face service automatically encrypts your data when it's persisted to the clo
 ## Related content
 
 * For a full list of services that support CMK, see [Customer-Managed Keys for Azure AI services](../encryption/cognitive-services-encryption-keys-portal.md)
-* [What is Azure Key Vault?](/azure/key-vault/general/overview)?
+* [What is Azure Key Vault?](/azure/key-vault/general/overview)
 

articles/ai-services/computer-vision/overview-identity.md

@@ -88,7 +88,7 @@ The goal of liveness detection is to ensure that the system is interacting with
 
 The liveness detection solution successfully defends against a variety of spoof types ranging from paper printouts, 2d/3d masks, and spoof presentations on phones and laptops. Liveness detection is an active area of research, with continuous improvements being made to counteract increasingly sophisticated spoofing attacks over time. Continuous improvements will be rolled out to the client and the service components over time as the overall solution gets more robust to new types of attacks.
 
-Our liveness detection solution meets [iBeta Level 1 and 2 ISO/IEC 30107-3](https://www.ibeta.com/iso-30107-3-presentation-attack-detection-confirmation-letters/#letters) compliance.
+Our liveness detection solution meets [iBeta Level 1 and 2 ISO/IEC 30107-3](https://www.ibeta.com/wp-content/uploads/2023/11/230622-Microsoft-PAD-Level-2-Confirmation-Letter.pdf) compliance.
 
 Tutorials
 - [Face liveness Tutorial](Tutorials/liveness.md)

articles/ai-services/content-safety/how-to/encrypt-data-at-rest.md

@@ -16,132 +16,13 @@ ms.author: pafarley
 
 Azure AI Content Safety automatically encrypts your data when it's persisted to the cloud. The encryption protects your data and helps you meet your organizational security and compliance commitments. This article covers how Azure AI Content Safety handles encryption of data at rest. 
 
-## About Azure AI services encryption
+[!INCLUDE [cognitive-services-about-encryption](../../includes/cognitive-services-about-encryption.md)]
 
-Azure AI Content Safety is part of Azure AI services. Azure AI services data is encrypted and decrypted using [FIPS 140-2](https://en.wikipedia.org/wiki/FIPS_140-2) compliant [256-bit AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) encryption. Encryption and decryption are transparent, meaning encryption and access are managed for you. Your data is secure by default and you don't need to modify your code or applications to take advantage of encryption.
-
-## About encryption key management
-
-By default, your subscription uses Microsoft-managed encryption keys. There's also the option to manage your subscription with your own keys called customer-managed keys (CMK). CMK offers greater flexibility to create, rotate, disable, and revoke access controls. You can also audit the encryption keys used to protect your data.
-
-## Customer-managed keys with Azure Key Vault
-
-Customer-managed keys (CMK), also known as Bring your own key (BYOK), offer greater flexibility to create, rotate, disable, and revoke access controls. You can also audit the encryption keys used to protect your data.
-
-You must use Azure Key Vault to store your customer-managed keys. You can either create your own keys and store them in a key vault, or you can use the Azure Key Vault APIs to generate keys. The Azure AI services resource and the key vault must be in the same region and in the same Microsoft Entra tenant, but they can be in different subscriptions. For more information about Azure Key Vault, see [What is Azure Key Vault?](/azure/key-vault/general/overview).
-
-To enable customer-managed keys, you must also enable both the **Soft Delete** and **Do Not Purge** properties on the key vault.
-
-Only RSA keys of size 2048 are supported with Azure AI services encryption. For more information about keys, see **Key Vault keys** in [About Azure Key Vault keys, secrets and certificates](/azure/key-vault/general/about-keys-secrets-certificates).
-
-
-## Enable customer-managed keys for your resource
-
-To enable customer-managed keys in the Azure portal, follow these steps:
-
-1. Go to your Azure AI services resource.
-2. On the left, select **Encryption**.
-3. Under **Encryption type**, select **Customer Managed Keys**, as shown in the following screenshot.
-
-:::image type="content" source="../media/encryption.png" alt-text="Screenshot of encryption tab in Azure portal.":::
-
-
-## Specify a key
-
-After you enable customer-managed keys, you can specify a key to associate with the Azure AI services resource.
-
-#### [Specify a key as a URI](#tab/uri)
-
-To specify a key as a URI, follow these steps:
-
-1. In the Azure portal, go to your key vault.
-
-2. Under **Settings**, select **Keys**.
-
-3. Select the desired key, and then select the key to view its versions. Select a key version to view the settings for that version.
-
-4. Copy the **Key Identifier** value, which provides the URI.
-
-   ![Screenshot of the Azure portal page for a key version. The Key Identifier box contains a placeholder for a key URI.](../../media/cognitive-services-encryption/key-uri-portal.png)
-
-5. Go back to your Azure AI services resource, and then select **Encryption**.
-
-6. Under **Encryption key**, select **Enter key URI**.
-
-7. Paste the URI that you copied into the **Key URI** box.
-
-   ![Screenshot of the Encryption page for an Azure AI services resource. The Enter key URI option is selected, and the Key URI box contains a value.](../../media/cognitive-services-encryption/ssecmk2.png)
-
-8. Under **Subscription**, select the subscription that contains the key vault.
-
-9. Save your changes.
-
-
-
-#### [Specify a key from a key vault](#tab/vault)
-
-To specify a key from a key vault, first make sure that you have a key vault that contains a key. Then follow these steps:
-
-1. Go to your Azure AI services resource, and then select **Encryption**.
-
-2. Under **Encryption key**, select **Select from Key Vault**.
-
-3. Select the key vault that contains the key that you want to use.
-
-4. Select the key that you want to use.
-
-   ![Screenshot of the Select key from Azure Key Vault page in the Azure portal. The Subscription, Key vault, Key, and Version boxes contain values.](../../media/cognitive-services-encryption/ssecmk3.png)
-
-5. Save your changes.
-
----
-
-## Update the key version
-
-When you create a new version of a key, update the Azure AI services resource to use the new version. Follow these steps:
-
-1. Go to your Azure AI services resource, and then select **Encryption**.
-1. Enter the URI for the new key version. Alternately, you can select the key vault and then select the key again to update the version.
-1. Save your changes.
-
-
-## Use a different key
-
-To change the key that you use for encryption, follow these steps:
-
-1. Go to your Azure AI services resource, and then select **Encryption**.
-1. Enter the URI for the new key. Alternately, you can select the key vault and then select a new key.
-1. Save your changes.
-
-
-## Rotate customer-managed keys
-
-You can rotate a customer-managed key in Key Vault according to your compliance policies. When the key is rotated, you must update the Azure AI services resource to use the new key URI. To learn how to update the resource to use a new version of the key in the Azure portal, see [Update the key version](../../openai/encrypt-data-at-rest.md#update-the-key-version).
-
-Rotating the key doesn't trigger re-encryption of data in the resource. No further action is required from the user.
-
-
-## Revoke a customer-managed key
-
-To revoke access to customer-managed keys, use PowerShell or Azure CLI. For more information, see [Azure Key Vault PowerShell](/powershell/module/az.keyvault//) or [Azure Key Vault CLI](/cli/azure/keyvault). Revoking access effectively blocks access to all data in the Azure AI services resource, because the encryption key is inaccessible by Azure AI services.
-
-
-## Disable customer-managed keys
-
-When you disable customer-managed keys, your Azure AI services resource is then encrypted with Microsoft-managed keys. To disable customer-managed keys, follow these steps:
-
-1. Go to your Azure AI services resource, and then select **Encryption**.
-1. Select **Microsoft Managed Keys** > **Save**.
+[!INCLUDE [cognitive-services-cmk](../../includes/configure-customer-managed-keys.md)]
 
 When you previously enabled customer managed keys this also enabled a system assigned managed identity, a feature of Microsoft Entra ID. Once the system assigned managed identity is enabled, this resource is registered with Microsoft Entra ID. After being registered, the managed identity will be given access to the Key Vault selected during customer managed key setup. You can learn more about [Managed Identities](/azure/active-directory/managed-identities-azure-resources/overview).
 
-> [!IMPORTANT]
-> If you disable system assigned managed identities, access to the key vault will be removed and any data encrypted with the customer keys will no longer be accessible. Any features depended on this data will stop working.
-
-> [!IMPORTANT]
-> Managed identities do not currently support cross-directory scenarios. When you configure customer-managed keys in the Azure portal, a managed identity is automatically assigned under the covers. If you later move the subscription, resource group, or resource from one Microsoft Entra directory to another, the managed identity associated with the resource is not transferred to the new tenant, so customer-managed keys may no longer work. For more information, see **Transferring a subscription between Microsoft Entra directories** in [FAQs and known issues with managed identities for Azure resources](/azure/active-directory/managed-identities-azure-resources/known-issues#transferring-a-subscription-between-azure-ad-directories).
-
 ## Next step
 
 > [!div class="nextstepaction"]
-> [Content Safety overview](../overview.md)
+> [Content Safety overview](../overview.md)

articles/ai-services/content-safety/how-to/use-blocklist.md

@@ -249,10 +249,10 @@ Copy the cURL command below to a text editor and make the following changes:
 curl --location --request POST '<endpoint>/contentsafety/text/blocklists/<your_list_name>:addOrUpdateBlocklistItems?api-version=2024-09-01' \
 --header 'Ocp-Apim-Subscription-Key: <enter_your_key_here>' \
 --header 'Content-Type: application/json' \
---data-raw '"blocklistItems": [{
+--data-raw '{"blocklistItems": [{
     "description": "string",
     "text": "bleed"
-}]'
+}]}'
 ```
 
 > [!TIP]
@@ -379,7 +379,7 @@ blocklist_item_text_2 = "<block_item_text_2>"
 blocklist_items = [TextBlocklistItem(text=blocklist_item_text_1), TextBlocklistItem(text=blocklist_item_text_2)]
 try:
     result = client.add_or_update_blocklist_items(
-        blocklist_name=blocklist_name, options=AddOrUpdateTextBlocklistItemsOptions(blocklist_items=blocklist_items)
+        blocklist_name=blocklist_name, options=AddOrUpdateTextBlocklistItemsOptions(blocklist_items=blocklist_items))
     for blocklist_item in result.blocklist_items:
         print(
             f"BlocklistItemId: {blocklist_item.blocklist_item_id}, Text: {blocklist_item.text}, Description: {blocklist_item.description}"
@@ -1391,9 +1391,9 @@ Copy the cURL command below to a text editor and make the following changes:
 curl --location --request POST '<endpoint>/contentsafety/text/blocklists/<your_list_name>:removeBlocklistItems?api-version=2024-09-01' \
 --header 'Ocp-Apim-Subscription-Key: <enter_your_key_here>' \
 --header 'Content-Type: application/json'
---data-raw '"blocklistItemIds":[
+--data-raw '{"blocklistItemIds":[
     "<item_id>"
-]'
+]}'
 ```
 
 > [!TIP]