Merge branch 'MicrosoftDocs:main' into cosmos-nosql-mirroring-fabric

Author: seesharprun

.openpublishing.redirection.json

@@ -4195,6 +4195,12 @@
         },
         {
 
+           "source_path_from_root": "/articles/cosmos-db/how-to-move-regions.md",
+           "redirect_url": "/azure/operational-excellence/relocation-cosmos-db",
+           "redirect_document_id": false
+
+        },
+        {
            "source_path_from_root": "/articles/site-recovery/move-vaults-across-regions.md",
             "redirect_url": "/azure/operational-excellence/relocation-site-recovery",
             "redirect_document_id": false

articles/active-directory-b2c/faq.yml

@@ -274,6 +274,12 @@ sections:
 
           * API connectors
           * Conditional Access
+
+      - question: |
+          I am using rolling refresh tokens for my application and I am getting an invalid_grant error on redeeming newly acquired refresh tokens well within their set validity period. Why does this happen? 
+        answer: |
+          While determining validity for rolling refresh tokens, B2C will consider the initial login time of the user in the application also to calculate the token validity skew. If the user haven't logged out of the application for a very long time, this skew value will exceed the validity period of the token and hence for security reasons the tokens will be considered as invalid. Hence the error. Inform the user to perform a proper logout and login back into the application and this should reset the skew. This scenario is not applicable if refresh token rolling is set as infinite rolling.
+             
           
       - question: |
           I've revoked the refresh token using Microsoft Graph invalidateAllRefreshTokens, or Microsoft Graph PowerShell,  Revoke-MgUserSignInSession. Why is Azure AD B2C still accepting the old refresh token?
@@ -286,6 +292,9 @@ sections:
           1. Wait for 10 minutes.
           
           1. Retrieve the `RefreshToken` again.
+
+          > [!TIP]
+          > With Azure AD B2C [custom policy](custom-policy-overview.md), you can reduce the above mentioned skew time of 5 minutes (300000 milliseconds)  by adjusting the value for InputParameter "TreatAsEqualIfWithinMillseconds" under claim transformation Id "AssertRefreshTokenIssuedLaterThanValidFromDate". This claim transformation can be found in the TrustFrameworkBase.xml file under latest custom policy [stater-pack](https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy#get-the-starter-pack). 
           
       - question: |
          I use multiple tabs in a web browser to sign in to multiple applications that I registered in the same Azure AD B2C tenant. When I try to perform a single sign-out, not all of the applications are signed out. Why does this happen? 

articles/active-directory-b2c/javascript-and-page-layout.md

@@ -23,7 +23,7 @@ zone_pivot_groups: b2c-policy-type
 
 [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
 
-With Azure Active Directory B2C (Azure AD B2C) [HTML templates](customize-ui-with-html.md), you can craft your users' identity experiences. Your HTML templates can contain only certain HTML tags and attributes. Basic HTML tags, such as &lt;b&gt;, &lt;i&gt;, &lt;u&gt;, &lt;h1&gt;, and &lt;hr&gt; are allowed. More advanced tags such as &lt;script&gt;, and &lt;iframe&gt; are removed for security reasons but the `<script>` tag should be added in the `<head>` tag.
+With Azure Active Directory B2C (Azure AD B2C) [HTML templates](customize-ui-with-html.md), you can craft your users' identity experiences. Your HTML templates can contain only certain HTML tags and attributes. Basic HTML tags, such as &lt;b&gt;, &lt;i&gt;, &lt;u&gt;, &lt;h1&gt;, and &lt;hr&gt; are allowed. More advanced tags such as &lt;script&gt;, and &lt;iframe&gt; are removed for security reasons but the `<script>` tag should be added in the `<head>` tag. From selfasserted page layout version 2.1.21 / unifiedssp version 2.1.10 / multifactor version 1.2.10 onwards B2C doesn't support adding scripts in `<body>` tag (as this can pose a risk for cross site scripting attack). Migrating existing scripts from `<body>` to `<head>` may at-times require rewriting existing scripts with mutation observers for proper working.
 
 The `<script>` tag should be added in the `<head>` tag in two ways:  
 

articles/ai-services/computer-vision/concept-model-customization.md

@@ -80,8 +80,8 @@ The following table describes the limits on the scale of your custom model proje
 | Max # training images               | 1,000,000                       | 200,000                         |
 | Max # evaluation images             | 100,000                        | 100,000                         |
 | Min # training images per category  | 2                               | 2                               |
-| Max # tags per image                | multiclass: 1                   | NA                              |
-| Max # regions per image             | NA                              | 1,000                           |
+| Max # tags per image                | 1                               | N/A                            |
+| Max # regions per image             | N/A                              | 1,000                           |
 | Max # categories                    | 2,500                           | 1,000                           |
 | Min # categories                    | 2                               | 1                               |
 | Max image size (Training)           | 20 MB                            | 20 MB                            |

articles/ai-services/content-safety/overview.md

@@ -30,6 +30,8 @@ This documentation contains the following article types:
 
 The following are a few scenarios in which a software developer or team would require a content moderation service:
 
+- User prompts submitted to a generative AI service. 
+- Content produced by generative AI models.
 - Online marketplaces that moderate product catalogs and other user-generated content.
 - Gaming companies that moderate user-generated game artifacts and chat rooms.
 - Social messaging platforms that moderate images and text added by their users.

articles/ai-services/openai/how-to/gpt-with-vision.md

@@ -30,7 +30,7 @@ The following command shows the most basic way to use the GPT-4 Turbo with Visio
 
 #### [REST](#tab/rest)
 
-Send a POST request to `https://{RESOURCE_NAME}.openai.azure.com/openai/deployments/{DEPLOYMENT_NAME}/chat/completions?api-version=2023-12-01-preview` where 
+Send a POST request to `https://{RESOURCE_NAME}.openai.azure.com/openai/deployments/{DEPLOYMENT_NAME}/chat/completions?api-version=2024-02-15-preview` where 
 
 - RESOURCE_NAME is the name of your Azure OpenAI resource 
 - DEPLOYMENT_NAME is the name of your GPT-4 Turbo with Vision model deployment 
@@ -88,12 +88,12 @@ The following is a sample request body. The format is the same as the chat compl
     api_base = '<your_azure_openai_endpoint>' # your endpoint should look like the following https://YOUR_RESOURCE_NAME.openai.azure.com/
     api_key="<your_azure_openai_key>"
     deployment_name = '<your_deployment_name>'
-    api_version = '2023-12-01-preview' # this might change in the future
+    api_version = '2024-02-15-preview' # this might change in the future
 
     client = AzureOpenAI(
         api_key=api_key,  
         api_version=api_version,
-        base_url=f"{api_base}openai/deployments/{deployment_name}/extensions",
+        base_url=f"{api_base}openai/deployments/{deployment_name}",
     )
     ```
 
@@ -265,7 +265,7 @@ The **object grounding** integration brings a new layer to data analysis and use
 
 #### [REST](#tab/rest)
 
-Send a POST request to `https://{RESOURCE_NAME}.openai.azure.com/openai/deployments/{DEPLOYMENT_NAME}/extensions/chat/completions?api-version=2023-12-01-preview` where 
+Send a POST request to `https://{RESOURCE_NAME}.openai.azure.com/openai/deployments/{DEPLOYMENT_NAME}/chat/completions?api-version=2024-02-15-preview` where 
 
 - RESOURCE_NAME is the name of your Azure OpenAI resource 
 - DEPLOYMENT_NAME is the name of your GPT-4 Turbo with Vision model deployment 
@@ -577,7 +577,7 @@ To use a User assigned identity on your Azure AI Services resource, follow these
 
 #### [REST](#tab/rest)
 
-1. Prepare a POST request to `https://{RESOURCE_NAME}.openai.azure.com/openai/deployments/{DEPLOYMENT_NAME}/extensions/chat/completions?api-version=2023-12-01-preview` where 
+1. Prepare a POST request to `https://{RESOURCE_NAME}.openai.azure.com/openai/deployments/{DEPLOYMENT_NAME}/chat/completions?api-version=2024-02-15-preview` where 
 
     - RESOURCE_NAME is the name of your Azure OpenAI resource 
     - DEPLOYMENT_NAME is the name of your GPT-4 Vision model deployment 

articles/ai-studio/how-to/deploy-models-timegen-1.md

@@ -47,6 +47,42 @@ You can deploy TimeGEN-1 as a serverless API with pay-as-you-go billing. Nixtla
 - An [Azure AI Studio project](../how-to/create-projects.md).
 - Azure role-based access controls (Azure RBAC) are used to grant access to operations in Azure AI Studio. To perform the steps in this article, your user account must be assigned the __Azure AI Developer role__ on the resource group. For more information on permissions, visit [Role-based access control in Azure AI Studio](../concepts/rbac-ai-studio.md).
 
+### Pricing information
+
+#### Estimate the number of tokens needed
+
+Before you create a deployment, it's useful to estimate the number of tokens that you plan to use and be billed for.
+One token corresponds to one data point in your input dataset or output dataset.
+
+Suppose you have the following input time series dataset:
+
+| Unique_id | Timestamp           | Target Variable | Exogenous Variable 1 | Exogenous Variable 2 |
+|:---------:|:-------------------:|:---------------:|:--------------------:|:--------------------:|
+| BE        | 2016-10-22 00:00:00 | 70.00           | 49593.0              | 57253.0              |
+| BE        | 2016-10-22 01:00:00 | 37.10           | 46073.0              | 51887.0              |
+
+To determine the number of tokens, multiply the number of rows (in this example, two) and the number of columns used for forecasting—not counting the unique_id and timestamp columns (in this example, three) to get a total of six tokens.
+
+Given the following output dataset:
+
+| Unique_id | Timestamp           | Forecasted Target Variable |
+|:---------:|:-------------------:|:--------------------------:|
+| BE        | 2016-10-22 02:00:00 | 46.57                      |
+| BE        | 2016-10-22 03:00:00 | 48.57                      |
+
+You can also determine the number of tokens by counting the number of data points returned after data forecasting. In this example, the number of tokens is two.
+
+#### Estimate the pricing
+
+There are four pricing meters, as described in the following table:
+
+| Pricing Meter                                 | Description                                                                             |
+|-----------------------------------------------|-----------------------------------------------------------------------------------------|
+| paygo-inference-input-tokens                  | Costs associated with the tokens used as input for inference when *finetune_steps* = 0  |
+| paygo-inference-output-tokens                 | Costs associated with the tokens used as output for inference when *finetune_steps* = 0 |
+| paygo-finetuned-model-inference-input-tokens  | Costs associated with the tokens used as input for inference when *finetune_steps* > 0  |
+| paygo-finetuned-model-inference-output-tokens | Costs associated with the tokens used as output for inference when *finetune_steps* > 0 |
+
 ### Create a new deployment
 
 These steps demonstrate the deployment of TimeGEN-1. To create a deployment:

articles/aks/create-node-pools.md

@@ -31,7 +31,7 @@ This article shows you how to create one or more node pools in an AKS cluster.
 The following limitations apply when you create AKS clusters that support multiple node pools:
 
 * See [Quotas, virtual machine size restrictions, and region availability in Azure Kubernetes Service (AKS)](quotas-skus-regions.md).
-* You can delete system node pools if you have another system node pool to take its place in the AKS cluster. Otherwise, you cannot delete the system node pool.
+* You can delete the system node pool if you have another system node pool to take its place in the AKS cluster. Otherwise, you cannot delete the system node pool.
 * System pools must contain at least one node, and user node pools may contain zero or more nodes.
 * The AKS cluster must use the Standard SKU load balancer to use multiple node pools. This feature isn't supported with Basic SKU load balancers.
 * The AKS cluster must use Virtual Machine Scale Sets for the nodes.
@@ -60,7 +60,7 @@ The following limitations apply when you create AKS clusters that support multip
         --name $CLUSTER_NAME \
         --vm-set-type VirtualMachineScaleSets \
         --node-count 2 \
-        --generate-ssh-keys \
+        --location $LOCATION \
         --load-balancer-sku standard \
         --generate-ssh-keys
     ```

articles/aks/istio-deploy-ingress.md

@@ -40,6 +40,10 @@ NAME                                TYPE           CLUSTER-IP    EXTERNAL-IP
 aks-istio-ingressgateway-external   LoadBalancer   10.0.10.249   <EXTERNAL_IP>   15021:30705/TCP,80:32444/TCP,443:31728/TCP   4m21s
 ```
 
+> [!NOTE]
+> Customizations to IP address on internal and external gateways aren't supported yet. IP address customizations on the ingress are reverted back by the Istio add-on. 
+It's planned to allow these customizations in Gateway API Istio implementation as part of the Istio add-on in future.
+
 Applications aren't accessible from outside the cluster by default after enabling the ingress gateway. To make an application accessible, map the sample deployment's ingress to the Istio ingress gateway using the following manifest:
 
 ```bash

articles/aks/istio-plugin-ca.md

@@ -35,7 +35,7 @@ The add-on requires Azure CLI version 2.57.0 or later installed. You can run `az
     az keyvault secret set --vault-name $AKV_NAME --name root-cert --file <path-to-folder/root-cert.pem>
     az keyvault secret set --vault-name $AKV_NAME --name ca-cert --file <path-to-folder/ca-cert.pem>
     az keyvault secret set --vault-name $AKV_NAME --name ca-key --file <path-to-folder/ca-key.pem>
-    az keyvault secret set --vault-name $AKV_NAME --name cert-chain --file <path/cert-chain.pem>
+    az keyvault secret set --vault-name $AKV_NAME --name cert-chain --file <path-to-folder/cert-chain.pem>
     ```
 
 1. Enable [Azure Key Vault provider for Secret Store CSI Driver for your cluster][akv-addon]: