Merge pull request #283222 from MicrosoftDocs/main

8/1/2024 AM Publish

Author: Taojunshen

articles/ai-services/openai/concepts/models.md

@@ -296,18 +296,18 @@ These models can only be used with Embedding API requests.
 
 For Assistants you need a combination of a supported model, and a supported region. Certain tools and capabilities require the latest models. The following models are available in the Assistants API, SDK, Azure AI Studio and Azure OpenAI Studio. The following table is for pay-as-you-go. For information on Provisioned Throughput Unit (PTU) availability, see [provisioned throughput](./provisioned-throughput.md). The listed models and regions can be used with both Assistants v1 and v2.
 
-| Region | `gpt-35-turbo (0613)` | `gpt-35-turbo (1106)`| `fine tuned gpt-3.5-turbo-0125` | `gpt-4 (0613)` | `gpt-4 (1106)` | `gpt-4 (0125)` | `gpt-4o (2024-05-13)` |
-|-----|:---:|:---:|:---:|:---:|:---:|:---:|:---:|
-| Australia East | ✅ | ✅ | | ✅ |✅ | | |
-| East US  | ✅ | | | | | ✅ | ✅ |
-| East US 2 | ✅ |  | ✅ | ✅ |✅ | |✅|
-| France Central  | ✅ | ✅ | | ✅ |✅ |  | |
-| Japan East | ✅ |  | | | | | |
-| Norway East | |  | | | ✅ |  | |
-| Sweden Central | ✅ |✅ | ✅ |✅ |✅| |✅|
-| UK South | ✅  | ✅ | | | ✅ | ✅ |  |
-| West US |  | ✅ | | | ✅ | |✅|
-| West US 3 |  |  | | |✅ | |✅|
+| Region | `gpt-35-turbo (0613)` | `gpt-35-turbo (1106)`| `fine tuned gpt-3.5-turbo-0125` | `gpt-4 (0613)` | `gpt-4 (1106)` | `gpt-4 (0125)` | `gpt-4o (2024-05-13)` | `gpt-4o-mini (2024-07-18)` |
+|-----|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|
+| Australia East | ✅ | ✅ | | ✅ |✅ | | | |
+| East US  | ✅ | | | | | ✅ | ✅ |✅|
+| East US 2 | ✅ |  | ✅ | ✅ |✅ | |✅| |
+| France Central  | ✅ | ✅ | | ✅ |✅ |  | | |
+| Japan East | ✅ |  | | | | | | |
+| Norway East | |  | | | ✅ |  | | |
+| Sweden Central | ✅ |✅ | ✅ |✅ |✅| |✅| |
+| UK South | ✅  | ✅ | | | ✅ | ✅ |  | |
+| West US |  | ✅ | | | ✅ | |✅| |
+| West US 3 |  |  | | |✅ | |✅| |
 
 ## Model retirement
 

articles/ai-studio/how-to/monitor-quality-safety.md

@@ -8,7 +8,7 @@ ms.custom:
   - ignite-2023
   - build-2024
 ms.topic: how-to
-ms.date: 5/21/2024
+ms.date: 7/31/2024
 ms.reviewer: alehughes
 reviewer: ahughes-msft
 ms.author: mopeakande
@@ -38,7 +38,7 @@ Integrations for monitoring a prompt flow deployment allow you to:
 
 Before following the steps in this article, make sure you have the following prerequisites:
 
-- An Azure subscription with a valid payment method. Free or trial Azure subscriptions won't work. If you don't have an Azure subscription, create a [paid Azure account](https://azure.microsoft.com/pricing/purchase-options/pay-as-you-go) to begin.
+- An Azure subscription with a valid payment method. Free or trial Azure subscriptions aren't supported for this scenario. If you don't have an Azure subscription, create a [paid Azure account](https://azure.microsoft.com/pricing/purchase-options/pay-as-you-go) to begin.
 
 - An [Azure AI Studio hub](create-azure-ai-resource.md).
 
@@ -152,7 +152,7 @@ In this section, you learn how to configure monitoring for your deployed prompt
 # [Studio](#tab/azure-studio)
 
 1. From the left navigation bar, go to **Components** > **Deployments**.
-1. Select the prompt flow deployment you just created.
+1. Select the prompt flow deployment that you created.
 1. Select **Enable** within the **Enable generation quality monitoring** box. 
 
     :::image type="content" source="../media/deploy-monitor/monitor/deployment-page-highlight-monitoring.png" alt-text="Screenshot of the deployment page highlighting generation quality monitoring." lightbox = "../media/deploy-monitor/monitor/deployment-page-highlight-monitoring.png":::
@@ -204,7 +204,7 @@ credential = DefaultAzureCredential()
 # Update your azure resources details
 subscription_id = "INSERT YOUR SUBSCRIPTION ID"
 resource_group = "INSERT YOUR RESOURCE GROUP NAME"
-workspace_name = "INSERT YOUR WORKSPACE NAME" # This is the same as your AI Studio project name
+project_name = "INSERT YOUR PROJECT NAME" # This is the same as your AI Studio project name
 endpoint_name = "INSERT YOUR ENDPOINT NAME" # This is your deployment name without the suffix (e.g., deployment is "contoso-chatbot-1", endpoint is "contoso-chatbot")
 deployment_name = "INSERT YOUR DEPLOYMENT NAME"
 aoai_deployment_name ="INSERT YOUR AOAI DEPLOYMENT NAME"
@@ -225,7 +225,7 @@ ml_client = MLClient(
     credential=credential,
     subscription_id=subscription_id,
     resource_group_name=resource_group,
-    workspace_name=workspace_name,
+    workspace_name=project_name,
 )
 
 spark_compute = ServerlessSparkCompute(instance_type="standard_e4s_v3", runtime_version="3.3")
@@ -259,7 +259,7 @@ production_data = LlmData(
 )
 
 gsq_signal = GenerationSafetyQualitySignal(
-    connection_id=f"/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.MachineLearningServices/workspaces/{workspace_name}/connections/{aoai_connection_name}",
+    connection_id=f"/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.MachineLearningServices/workspaces/{project_name}/connections/{aoai_connection_name}",
     metric_thresholds=generation_quality_thresholds,
     production_data=[production_data],
     sampling_rate=1.0,
@@ -297,7 +297,7 @@ ml_client.schedules.begin_create_or_update(model_monitor)
 
 ## Consume monitoring results 
 
-After you've created your monitor, it will run daily to compute the token usage and generation quality metrics.
+After you create your monitor, it will run daily to compute the token usage and generation quality metrics.
 
 1. Go to the **Monitoring (preview)** tab from within the deployment to view the monitoring results. Here, you see an overview of monitoring results during the selected time window. You can use the date picker to change the time window of data you're monitoring. The following metrics are available in this overview:
 
@@ -371,8 +371,8 @@ credential = DefaultAzureCredential()
 # Update your azure resources details
 subscription_id = "INSERT YOUR SUBSCRIPTION ID"
 resource_group = "INSERT YOUR RESOURCE GROUP NAME"
-workspace_name = "INSERT YOUR WORKSPACE NAME" # This is the same as your AI Studio project name
-endpoint_name = "INSERT YOUR ENDPOINT NAME" This is your deployment name without the suffix (e.g., deployment is "contoso-chatbot-1", endpoint is "contoso-chatbot")
+project_name = "INSERT YOUR PROJECT NAME" # This is the same as your AI Studio project name
+endpoint_name = "INSERT YOUR ENDPOINT NAME" # This is your deployment name without the suffix (e.g., deployment is "contoso-chatbot-1", endpoint is "contoso-chatbot")
 deployment_name = "INSERT YOUR DEPLOYMENT NAME"
 
 # These variables can be renamed but it is not necessary
@@ -387,7 +387,7 @@ ml_client = MLClient(
     credential=credential,
     subscription_id=subscription_id,
     resource_group_name=resource_group,
-    workspace_name=workspace_name,
+    workspace_name=project_name,
 )
 
 spark_compute = ServerlessSparkCompute(instance_type="standard_e4s_v3", runtime_version="3.3")
@@ -448,7 +448,7 @@ credential = DefaultAzureCredential()
 # Update your azure resources details
 subscription_id = "INSERT YOUR SUBSCRIPTION ID"
 resource_group = "INSERT YOUR RESOURCE GROUP NAME"
-workspace_name = "INSERT YOUR WORKSPACE NAME" # This is the same as your AI Studio project name
+project_name = "INSERT YOUR PROJECT NAME" # This is the same as your AI Studio project name
 endpoint_name = "INSERT YOUR ENDPOINT NAME" # This is your deployment name without the suffix (e.g., deployment is "contoso-chatbot-1", endpoint is "contoso-chatbot")
 deployment_name = "INSERT YOUR DEPLOYMENT NAME"
 aoai_deployment_name ="INSERT YOUR AOAI DEPLOYMENT NAME"
@@ -468,7 +468,7 @@ ml_client = MLClient(
     credential=credential,
     subscription_id=subscription_id,
     resource_group_name=resource_group,
-    workspace_name=workspace_name,
+    workspace_name=project_name,
 )
 
 spark_compute = ServerlessSparkCompute(instance_type="standard_e4s_v3", runtime_version="3.3")
@@ -502,7 +502,7 @@ production_data = LlmData(
 )
 
 gsq_signal = GenerationSafetyQualitySignal(
-    connection_id=f"/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.MachineLearningServices/workspaces/{workspace_name}/connections/{aoai_connection_name}",
+    connection_id=f"/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.MachineLearningServices/workspaces/{project_name}/connections/{aoai_connection_name}",
     metric_thresholds=generation_quality_thresholds,
     production_data=[production_data],
     sampling_rate=1.0,
@@ -533,9 +533,9 @@ model_monitor = MonitorSchedule(
 ml_client.schedules.begin_create_or_update(model_monitor)
 ```
 
-After you've created your monitor from the SDK, you can [consume the monitoring results](#consume-monitoring-results) in AI Studio. 
+After you create your monitor from the SDK, you can [consume the monitoring results](#consume-monitoring-results) in AI Studio. 
 
 ## Related content
 
-- Learn more about what you can do in [Azure AI Studio](../what-is-ai-studio.md)
-- Get answers to frequently asked questions in the [Azure AI FAQ article](../faq.yml)
+- Learn more about what you can do in [Azure AI Studio](../what-is-ai-studio.md).
+- Get answers to frequently asked questions in the [Azure AI FAQ article](../faq.yml).

articles/app-service/overview-tls.md

@@ -3,17 +3,28 @@ title: Transport Layer Security (TLS) overview
 description: Learn about Transport Layer Security (TLS) on App Service.
 keywords: app service, azure app service, tls, transport layer security, support, web app, troubleshooting, 
 ms.topic: article
-ms.date: 11/06/2023
+ms.date: 07/29/2024
 ms.author: msangapu
 author: msangapu-msft
 ms.custom: UpdateFrequency3
+ms.collection: ce-skilling-ai-copilot
 ---
 # Azure App Service TLS overview
 
 ## What does TLS do in App Service?
 
 Transport Layer Security (TLS) is a widely adopted security protocol designed to secure connections and communications between servers and clients. App Service allows customers to use TLS/SSL certificates to secure incoming requests to their web apps. App Service currently supports different set of TLS features for customers to secure their web apps. 
 
+> [!TIP]
+>
+> You can also ask Azure Copilot these questions:
+>
+> - *What versions of TLS are supported in App Service?*
+> - *What are the benefits of using TLS 1.3 over previous versions?*
+> - *How can I change the cipher suite order for my App Service Environment?*
+>
+> To find Azure Copilot, on the [Azure portal](https://portal.azure.com) toolbar, select **Copilot**.
+
 ## Supported TLS Version on App Service?
 
 For incoming requests to your web app, App Service supports TLS versions 1.0, 1.1, 1.2, and 1.3.  
@@ -22,6 +33,11 @@ For incoming requests to your web app, App Service supports TLS versions 1.0, 1.
 
 App Service also allows you to set minimum TLS version for incoming requests to your web app and to SCM site. By default, the minimum TLS version for incoming requests to your web app and to SCM would be set to 1.2 on both portal and API. 
 
+### TLS 1.3
+A [Minimum TLS Cipher Suite](#minimum-tls-cipher-suite-preview) setting is available with TLS 1.3. This includes two cipher suites at the top of the cipher suite order:
+- TLS_AES_256_GCM_SHA384  
+- TLS_AES_128_GCM_SHA256 
+
 ### TLS 1.0 and 1.1 
 
 TLS 1.0 and 1.1 are considered legacy protocols and are no longer considered secure. It's generally recommended for customers to use TLS 1.2 or above as the minimum TLS version. When creating a web app, the default minimum TLS version would be TLS 1.2.
@@ -32,5 +48,37 @@ To ensure backward compatibility for TLS 1.0 and TLS 1.1, App Service will conti
 > Incoming requests to web apps and incoming requests to Azure are treated differently. App Service will continue to support TLS 1.0 and 1.1 for incoming requests to the web apps. For incoming requests directly to Azure, for example through ARM or API, it's not recommended to use TLS 1.0 or 1.1.
 >
 
+## Minimum TLS cipher suite (preview)
+
+> [!NOTE]
+> Minimum TLS Cipher Suite is supported on Premium SKUs and higher on multi-tenant App Service.
+
+The minimum TLS cipher suite includes a fixed list of cipher suites with an optimal priority order that you cannot change. Reordering or reprioritizing the cipher suites is not recommended as it could expose your web apps to weaker encryption. You also cannot add new or different cipher suites to this list. When you select a minimum cipher suite, the system automatically disables all less secure cipher suites for your web app, without allowing you to selectively disable only some weaker cipher suites.
+
+Follow these steps to change the Minimum TLS cipher suite:
+1. Browse to your app in the [Azure portal](https://portal.azure.com/)
+1. In the left menu, select **configuration** and then select the **General settings** tab.
+1. Under __Minimum Inbound TLS Cipher Suite__, select **change**, and then select the **Minimum TLS Cipher Suite**.
+1. Select **Ok**.
+1. Select **Save** to save the changes.
+
+### What are cipher suites and how do they work on App Service? 
+
+A cipher suite is a set of instructions that contains algorithms and protocols to help secure network connections between clients and servers. By default, the front-end's OS would pick the most secure cipher suite that is supported by both App Service and the client. However, if the client only supports weak cipher suites, then the front-end's OS would end up picking a weak cipher suite that is supported by them both. If your organization has restrictions on what cipher suites should not be allowed, you may update your web app’s minimum TLS cipher suite property to ensure that the weak cipher suites would be disabled for your web app. 
+
+### App Service Environment (ASE) V3 with cluster setting `FrontEndSSLCipherSuiteOrder`
+
+For App Service Environments with `FrontEndSSLCipherSuiteOrder` cluster setting, you need to update your settings to include two TLS 1.3 cipher suites (TLS_AES_256_GCM_SHA384 and TLS_AES_128_GCM_SHA256). Once updated, restart your front-end for the change to take effect. You must still include the two required cipher suites as mentioned in the docs. 
+
+## End-to-end TLS Encryption (preview)
+
+End-to-end (E2E) TLS encryption is available in Standard App Service plans and higher. Front-end intra-cluster traffic between App Service front-ends and the workers running application workloads can now be encrypted. Below is a simple diagram to help you understand how it works. 
+
+Follow these steps to enable end-to-end TLS encryption:
+1. Browse to your app in the [Azure portal](https://portal.azure.com/)
+1. In the left menu, select **configuration** and then select the **General settings** tab.
+1. Under __End-to-end TLS encryption__, select **on**.
+1. Save the changes.
+
 ## Next steps
 * [Secure a custom DNS name with a TLS/SSL binding](configure-ssl-bindings.md)

articles/azure-government/compare-azure-government-global-azure.md

@@ -189,7 +189,7 @@ The following features of Azure OpenAI are available in Azure Government:
 
 |Feature|Azure OpenAI|
 |--------|--------|
-|Models available|US Gov Arizona:<br>&nbsp;&nbsp;&nbsp;GPT-4 (1106-Preview)<br>&nbsp;&nbsp;&nbsp;GPT-3.5-Turbo (1106)<br>&nbsp;&nbsp;&nbsp;GPT-3.5-Turbo (0125)<br>&nbsp;&nbsp;&nbsp;text-embedding-ada-002 (version 2)<br><br>US Gov Virginia:<br>&nbsp;&nbsp;&nbsp;GPT-4 (1106-Preview)<br>&nbsp;&nbsp;&nbsp;GPT-3.5-Turbo (0125)<br>&nbsp;&nbsp;&nbsp;text-embedding-ada-002 (version 2)<br><br>Learn more in [Azure OpenAI Service models](../ai-services/openai/concepts/models.md)|
+|Models available|US Gov Arizona:<br>&nbsp;&nbsp;&nbsp;GPT-4o (2024-05-13)&nbsp;&nbsp;&nbsp;GPT-4 (1106-Preview)<br>&nbsp;&nbsp;&nbsp;GPT-3.5-Turbo (1106)<br>&nbsp;&nbsp;&nbsp;GPT-3.5-Turbo (0125)<br>&nbsp;&nbsp;&nbsp;text-embedding-ada-002 (version 2)<br><br>US Gov Virginia:<br>&nbsp;&nbsp;&nbsp;GPT-4 (1106-Preview)<br>&nbsp;&nbsp;&nbsp;GPT-3.5-Turbo (0125)<br>&nbsp;&nbsp;&nbsp;text-embedding-ada-002 (version 2)<br><br>Learn more about the different capabilities of each model in [Azure OpenAI Service models](../ai-services/openai/concepts/models.md)|
 |Virtual network support & private link support| Yes. |
 | Connect your data | Available in US Gov Virginia and Arizona. Virtual network and private links are supported. Deployment to a web app or a copilot in Copilot Studio is not supported. |
 |Managed Identity|Yes, via Microsoft Entra ID|

articles/container-apps/quickstart-portal.md

@@ -3,7 +3,7 @@ title: 'Quickstart: Deploy your first container app using the Azure portal'
 description: Deploy your first application to Azure Container Apps using the Azure portal.
 services: container-apps
 author: craigshoemaker
-ms.service: container-apps
+ms.service: azure-container-apps
 ms.topic: quickstart
 ms.date: 07/23/2024
 ms.author: cshoe
@@ -24,12 +24,41 @@ In this quickstart, you create a secure Container Apps environment and deploy yo
 
 ## Setup
 
-<!-- Create -->
-[!INCLUDE [container-apps-create-portal-steps.md](../../includes/container-apps-create-portal-steps.md)]
+Begin by signing in to the [Azure portal](https://portal.azure.com).
 
-3. Select the **Container** tab.
+## Create a container app
 
-4. Select *Use quickstart image*.
+To create your container app, start at the Azure portal home page.
+
+1. Search for **Container Apps** in the top search bar.
+
+1. Select **Container Apps** in the search results.
+
+1. Select the **Create** button.
+
+### Basics tab
+
+In the *Basics* tab, do the following actions.
+
+1. Enter the following values in the *Project details* section.
+
+    | Setting | Action |
+    |---|---|
+    | Subscription | Select your Azure subscription. |
+    | Resource group | Select **Create new** and enter **my-container-apps**. |
+    | Container app name |  Enter **my-container-app**. |
+    | Deployment source | Select **Container image**. |
+
+1. Enter the following values in the "Container Apps Environment" section.
+
+    | Setting | Action |
+    |---|---|
+    | Region | Select a region near you. |
+    | Container Apps Environment | Use the default value. |
+
+1. Select the **Container** tab.
+
+1. Select *Use quickstart image*.
 
 <!-- Deploy the container app -->
 [!INCLUDE [container-apps-create-portal-deploy.md](../../includes/container-apps-create-portal-deploy.md)]

articles/container-apps/tutorial-java-quarkus-connect-managed-identity-postgresql-database.md

@@ -5,7 +5,7 @@ ms.devlang: java
 author: KarlErickson
 ms.topic: tutorial
 ms.author: karler
-ms.service: container-apps
+ms.service: azure-container-apps
 ms.date: 06/04/2024
 ms.custom: devx-track-azurecli, devx-track-extended-java, devx-track-java, devx-track-javaee, devx-track-javaee-quarkus, passwordless-java, service-connector, devx-track-javaee-quarkus-aca
 ---

articles/container-registry/container-registry-java-quickstart.md

@@ -5,7 +5,7 @@ author: KarlErickson
 ms.author: karler
 ms.date: 10/31/2023
 ms.topic: quickstart
-ms.service: container-registry
+ms.service: azure-container-registry
 ms.custom: devx-track-java, devx-track-azurecli, mode-api, devx-track-extended-java
 ---
 

articles/cosmos-db/nosql/media/quickstart/dev-web-application.png

@@ -1158,6 +1158,12 @@
           href: episode-forty-six.md
         - name: Vulnerability management in Defender CSPM
           href: episode-forty-seven.md
+        - name: Microsoft CNAPP solution 
+          displayName: CNAPP
+          href: episode-forty-eight.md
+        - name: Microsoft Copilot for Security integration
+          displayName: Copilot, security
+          href: episode-forty-nine.md
     - name: Manage user data
       href: privacy.md
     - name: Microsoft Defender for IoT documentation