MicrosoftDocs
diff --git a/‎articles/ai-foundry/agents/how-to/virtual-networks.md
Lines changed: 14 additions & 68 deletions b/‎articles/ai-foundry/agents/how-to/virtual-networks.md
Lines changed: 14 additions & 68 deletions
diff --git a/‎articles/ai-foundry/ai-services/content-safety-overview.md
Lines changed: 16 additions & 16 deletions b/‎articles/ai-foundry/ai-services/content-safety-overview.md
Lines changed: 16 additions & 16 deletions
@@ -34,6 +34,7 @@ For customers without an existing virtual network, the Standard Setup with Priva
 ### Known limitations
 
 - **Subnet IP address limitation**: both subnets must have IP ranges under `172.16.0.0/12` or `192.168.0.0/16`, i.e. class B or C address ranges reserved for private networking.
+- **Agent subnet exclusivity**: The agent subnet cannot be shared by multiple Azure AI Foundry resources. Each AI Foundry must use a dedicated agent subnet.
 - **All Foundry workspace resources must be deployed in the same region as the virtual network (VNet)**. This includes Cosmos DB, Storage Account, AI Search, Foundry Account, Project, and Managed Identity.  
     - **Exception:** You may connect your Foundry Project to models deployed in a different region (on another AI Foundry or Azure OpenAI resource) by configuring an appropriate AI Services connection on the Project's [capability host](/azure/templates/microsoft.cognitiveservices/accounts/projects/capabilityhosts).
 - **Region availability**:
@@ -77,79 +78,24 @@ For customers without an existing virtual network, the Standard Setup with Priva
 
 ## Configure a new network-secured environment 
 
-**Network secured setup**: Agents use customer-owned, single-tenant search and storage resources. With this setup, you have full control and visibility over these resources, but you incur costs based on your usage. The following bicep template provides:
-
-* An account and project are created. 
-* A gpt-4o model is deployed. 
-* Azure resources for storing customer data — Azure Storage, Azure Cosmos DB, and Azure AI Search — are automatically created if existing resources are not provided. 
-* These resources are connected to your project to store files, threads, and vector data. 
-* A Microsoft-managed key vault is used by default. 
-
-
-### Manually deploy the bicep template
-
 > [!NOTE]
-> Using the Bicep template is the only way to deploy a network secured environment for Azure AI Foundry Agent Service.
+> - Programmatic deployment is required to set up a network-secured environment for Azure AI Foundry Agent Service. Deployment through the Azure portal is currently not supported.
+> - If you want to delete your Foundry resource and Standard Agent with secured network set-up, delete your AI Foundry resource and virtual network last. Before deleting the virtual network, ensure to delete and [purge](../../../ai-services/recover-purge-resources.md#purge-a-deleted-resource) your AI Foundry resource.
+> - In the Standard Setup, agents use customer-owned, single-tenant resources. You have full control and visibility over these resources, but you incur costs based on your usage.
 
-1. To deploy and customize the bicep templates, [download the template from GitHub](https://github.com/azure-ai-foundry/foundry-samples/tree/main/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup). Download the following from the `private-network-standard-agent-setup` folder:
-    1. `main-create.bicep`
-    1. `azuredeploy.parameters.json`
-    1. `modules-network-secured folder`
-1. To authenticate to your Azure subscription from the Azure CLI, use the following command: 
+You can deploy and customize the Standard Setup with Private Networking using either Bicep or Terraform. The provided samples allow you to bring your own virtual network and customize the deployment to meet your specific requirements:
 
-    ```console
-    az login
-    ```
-
-1. Create a resource group:
-
-    ```console
-    az group create --name {my_resource_group} --location eastus
-    ```
+* Foundry account and Foundry project are created.
+* A gpt-4o model is deployed.
+* Azure resources for storing customer data — Azure Storage, Azure Cosmos DB, and Azure AI Search — are automatically created if existing resources are not provided. 
+* These resources are connected to your project to store files, threads, and vector data.
+* Microsoft-managed encryption keys for Storage Account and Cognitive Account (AI Foundry) are used by default.
+ 
+Select one of the available deployment methods:
 
-    Make sure you have the Azure AI Developer role for the resource group you created. 
-
-1. Using the resource group you created in the previous step and one of the template files (`private-network-standard-agent-setup`), run one of the following commands: 
-
-    1. To use default resource names, run:
-
-        ```console
-        az deployment group create --resource-group {my_resource_group} --template-file main-create.bicep
-        ```
-
-1. Run the CheckCapabilityHostReadiness.ps1 and edit the command to add your subscription ID, resource group name, and your newly deployed AI Services account resource name.
-   
-   ```
-   .\CheckCapabilityHostReadiness.ps1 -subscriptionId "<your-sub-id>" -resourcegroup "<new-rg-name>" -accountname "<your-aiservices-name>"
-   ```
-   
-   If you don't want to run the PowerShell script, you can run a bash script instead, from the file CheckCapabilityHostReadiness.sh. Run the following two commands:
-   
-      ```
-      chmod +x CheckCapabilityHostReadiness.sh
-      ./CheckCapabilityHostReadiness.sh "<your-sub-id>" "<new-rg-name>" "<your-aiservices-name>"
-      ```
-      
-1. Deploy the main-project-caphost-create.bicep
-   
-   ```
-   az deployment group create --resource-group <new-rg-name> --template-file main-project-caphost-create.bicep
-   ```
-   
-   After running this script, you're required to input the following values:
-   
-   ```
-   Please provide string value for 'accountName' (? for help): <your-account-name>
-   Please provide string value for 'projectName' (? for help): <your-project-name>
-   Please provide string value for 'aiSearchName' (? for help): <your-search-name>
-   Please provide string value for 'azureStorageName' (? for help): <your-storage-name>
-   Please provide string value for 'cosmosDBName' (? for help): <your-cosmosdb-name>
-   ```
-
-For more details, see the [README](https://github.com/azure-ai-foundry/foundry-samples/tree/main/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup).
+- **Bicep templates**: follow instructions in [this sample from GitHub](https://github.com/azure-ai-foundry/foundry-samples/tree/main/samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup).
 
-> [!NOTE]
-> If you want to delete your Foundry resource and Standard Agent with secured network set-up, delete your AI Foundry resource and virtual network last. Before deleting the virutal network, ensure to delete and purge your AI Foundry resource. Navigate to __Manage deleted resources__, then select your subscription and the Foundry resource you would like to purge. 
+- **Terraform configuration**: follow instructions in [this sample from GitHub](https://github.com/azure-ai-foundry/foundry-samples/tree/main/samples/microsoft/infrastructure-setup-terraform/15b-private-network-standard-agent-setup-byovnet).
 
 ## Deep Dive Standard Setup with Private Networking Template
 When you use the Standard Setup with Private Networking Agent Template, the following will automatically be provisioned, unless you bring your own: 
 
@@ -7,41 +7,41 @@ ms.service: azure-ai-foundry
 ms.custom:
   - ignite-2024
 ms.topic: overview
-ms.date: 05/31/2025
+ms.date: 07/28/2025
 ms.author: pafarley
 author: PatrickFarley
 ---
 
 # Content Safety in the Azure AI Foundry portal
 
-Azure AI Content Safety is an AI service that detects harmful user-generated and AI-generated content in applications and services. Azure AI Content Safety includes APIs that allow you to detect and prevent the output of harmful content. The interactive Content Safety **try it out** page in [Azure AI Foundry portal](https://ai.azure.com/?cid=learnDocs) allows you to view, explore, and try out sample code for detecting harmful content across different modalities. 
+Azure AI Content Safety is an AI service that detects harmful user-generated and AI-generated content in applications and services. Azure AI Content Safety includes APIs that help you detect and prevent the output of harmful content. The interactive Content Safety **try it out** page in the [Azure AI Foundry portal](https://ai.azure.com/?cid=learnDocs) lets you view, explore, and try out sample code for detecting harmful content across different modalities. 
 
 ## Features
 
-You can use Azure AI Content Safety for the following scenarios: 
+Use Azure AI Content Safety for the following scenarios: 
 
-**Text content**: 
-- Moderate text content: This feature scans and moderates text content, identifying and categorizing it based on different levels of severity to ensure appropriate responses. 
-- Groundedness detection: This filter determines if the AI's responses are based on trusted, user-provided sources, ensuring that the answers are "grounded" in the intended material. Groundedness detection is helpful for improving the reliability and factual accuracy of responses. 
-- Protected material detection for text: This feature identifies protected text material, such as known song lyrics, articles, or other content, ensuring that the AI doesn't output this content without permission. 
-- Protected material detection for code: Detects code segments in the model's output that match known code from public repositories, helping to prevent uncredited or unauthorized reproduction of source code. 
-- Prompt shields: This feature provides a unified API to address "Jailbreak" and "Indirect Attacks": 
+### Text content
+- Moderate text content: Scans and moderates text content. It identifies and categorizes text based on different levels of severity to ensure appropriate responses. 
+- Groundedness detection: Determines if the AI's responses are based on trusted, user-provided sources. This feature ensures that the answers are "grounded" in the intended material. Groundedness detection helps improve the reliability and factual accuracy of responses. 
+- Protected material detection for text: Identifies protected text material, such as known song lyrics, articles, or other content. This feature ensures that the AI doesn't output this content without permission. 
+- Protected material detection for code: Detects code segments in the model's output that match known code from public repositories. This feature helps prevent uncredited or unauthorized reproduction of source code. 
+- Prompt shields: Provides a unified API to address "Jailbreak" and "Indirect Attacks": 
     - Jailbreak Attacks: Attempts by users to manipulate the AI into bypassing its safety protocols or ethical guidelines. Examples include prompts designed to trick the AI into giving inappropriate responses or performing tasks it was programmed to avoid. 
-    - Indirect Attacks: Also known as Cross-Domain Prompt Injection Attacks, indirect attacks involve embedding malicious prompts within documents that the AI might process. For example, if a document contains hidden instructions, the AI might inadvertently follow them, leading to unintended or unsafe outputs. 
+    - Indirect Attacks: Also known as Cross-Domain Prompt Injection Attacks. Indirect attacks involve embedding malicious prompts within documents that the AI might process. For example, if a document contains hidden instructions, the AI might inadvertently follow them, leading to unintended or unsafe outputs. 
 
-**Image content**: 
+### Image content
 - Moderate image content: Similar to text moderation, this feature filters and assesses image content to detect inappropriate or harmful visuals. 
-- Moderate multimodal content: This is designed to handle a combination of text and images, assessing the overall context and any potential risks across multiple types of content. 
+- Moderate multimodal content: Designed to handle a combination of text and images. It assesses the overall context and any potential risks across multiple types of content. 
 
-**Customize your own categories**: 
-- Custom categories: Allows users to define specific categories for moderating and filtering content, tailoring safety protocols to unique needs. 
-- Safety system message: Provides a method for setting up a "System Message" to instruct the AI on desired behavior and limitations, reinforcing safety boundaries and helping prevent unwanted outputs. 
+### Custom filtering
+- Custom categories: Allows users to define specific categories for moderating and filtering content. Tailors safety protocols to unique needs. 
+- Safety system message: Provides a method for setting up a "System Message" to instruct the AI on desired behavior and limitations. It reinforces safety boundaries and helps prevent unwanted outputs. 
 
 [!INCLUDE [content-safety-harm-categories](../includes/content-safety-harm-categories.md)]
 
 ## Limitations
 
-Refer to the [Content Safety overview](/azure/ai-services/content-safety/overview) for supported regions, rate limits, and input requirements for all features. Refer to the [Language support](/azure/ai-services/content-safety/language-support) page for supported languages. 
+For supported regions, rate limits, and input requirements for all features, see the [Content Safety overview](/azure/ai-services/content-safety/overview). For supported languages, see the [Language support](/azure/ai-services/content-safety/language-support) page. 
 
 
 ## Next step