Merge branch 'MicrosoftDocs:main' into cosmos-gremlin-quickstarts

Author: seesharprun

articles/active-directory/authentication/how-to-mfa-registration-campaign.md

@@ -7,7 +7,7 @@ ms.service: active-directory
 ms.subservice: authentication
 ms.custom: ignite-2022
 ms.topic: conceptual
-ms.date: 09/26/2023
+ms.date: 09/27/2023
 
 ms.author: justinha
 author: mjsantani
@@ -140,7 +140,8 @@ Here are a few sample JSONs you can use to get started!
   {
   "registrationEnforcement": {
           "authenticationMethodsRegistrationCampaign": {
-              "snoozeDurationInDays": 0,
+              "snoozeDurationInDays": 1,
+              "enforceRegistrationAfterAllowedSnoozes": true,
               "state": "enabled",
               "excludeTargets": [],
               "includeTargets": [
@@ -163,7 +164,8 @@ Here are a few sample JSONs you can use to get started!
   {
   "registrationEnforcement": {
         "authenticationMethodsRegistrationCampaign": {
-            "snoozeDurationInDays": 0,
+            "snoozeDurationInDays": 1,
+            "enforceRegistrationAfterAllowedSnoozes": true,
             "state": "enabled",
             "excludeTargets": [],
             "includeTargets": [
@@ -190,7 +192,8 @@ Here are a few sample JSONs you can use to get started!
   {
   "registrationEnforcement": {
           "authenticationMethodsRegistrationCampaign": {
-              "snoozeDurationInDays": 0,
+              "snoozeDurationInDays": 1,
+              "enforceRegistrationAfterAllowedSnoozes": true,
               "state": "enabled",
               "excludeTargets": [
                   {

articles/active-directory/devices/manage-device-identities.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: devices
 ms.topic: how-to
-ms.date: 06/12/2023
+ms.date: 09/27/2023
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -26,7 +26,7 @@ You can access the devices overview by completing these steps:
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Reader](../roles/permissions-reference.md#global-reader).
 1. Go to **Identity** > **Devices** > **Overview**.
 
-In the devices overview, you can view the number of total devices, stale devices, noncompliant devices, and unmanaged devices. You'll also find links to Intune, Conditional Access, BitLocker keys, and basic monitoring. 
+In the devices overview, you can view the number of total devices, stale devices, noncompliant devices, and unmanaged devices. It provides links to Intune, Conditional Access, BitLocker keys, and basic monitoring. 
 
 Device counts on the overview page don't update in real time. Changes should be reflected every few hours.
 
@@ -54,9 +54,7 @@ From there, you can go to **All devices** to:
 
 ## Manage an Intune device
 
-If you have rights to manage devices in Intune, you can manage devices for which mobile device management is listed as **Microsoft Intune**. If the device isn't enrolled with Microsoft Intune, the **Manage** option won't be available.
-
-<a name='enable-or-disable-an-azure-ad-device'></a>
+If you have rights to manage devices in Intune, you can manage devices for which mobile device management is listed as **Microsoft Intune**. If the device isn't enrolled with Microsoft Intune, the **Manage** option isn't available.
 
 ## Enable or disable a Microsoft Entra device
 
@@ -71,8 +69,6 @@ There are two ways to enable or disable devices:
 > - Disabling a device revokes the Primary Refresh Token (PRT) and any refresh tokens on the device.
 > - Printers can't be enabled or disabled in Microsoft Entra ID.
 
-<a name='delete-an-azure-ad-device'></a>
-
 ## Delete a Microsoft Entra device
 
 There are two ways to delete a device:
@@ -88,7 +84,7 @@ There are two ways to delete a device:
 >    - Removes all details attached to the device. For example, BitLocker keys for Windows devices.  
 >    - Is a nonrecoverable activity. We don't recommended it unless it's required.
 
-If a device is managed by another management authority, like Microsoft Intune, be sure it's wiped or retired before you delete it. See [How to manage stale devices](manage-stale-devices.md) before you delete a device.
+If a device is managed in another management authority, like Microsoft Intune, be sure it's wiped or retired before you delete it. See [How to manage stale devices](manage-stale-devices.md) before you delete a device.
 
 ## View or copy a device ID
 
@@ -98,7 +94,7 @@ You can use a device ID to verify the device ID details on the device or to trou
 
 ## View or copy BitLocker keys
 
-You can view and copy BitLocker keys to allow users to recover encrypted drives. These keys are available only for Windows devices that are encrypted and store their keys in Microsoft Entra ID. You can find these keys when you view a device's details by selecting **Show Recovery Key**. Selecting **Show Recovery Key** will generate an audit log, which you can find in the `KeyManagement` category.
+You can view and copy BitLocker keys to allow users to recover encrypted drives. These keys are available only for Windows devices that are encrypted and store their keys in Microsoft Entra ID. You can find these keys when you view a device's details by selecting **Show Recovery Key**. Selecting **Show Recovery Key** generates an audit log entry, which you can find in the `KeyManagement` category.
 
 ![Screenshot that shows how to view BitLocker keys.](./media/manage-device-identities/show-bitlocker-key.png)
 
@@ -141,7 +137,7 @@ You can now experience the enhanced **All devices** view.
 
 ## Download devices
 
-Global readers, Cloud Device Administrators, Intune Administrators, and Global Administrators can use the **Download devices** option to export a CSV file that lists devices. You can apply filters to determine which devices to list. If you don't apply any filters, all devices will be listed. An export task might run for as long as an hour, depending on your selections. If the export task exceeds 1 hour, it fails, and no file is output.
+Global readers, Cloud Device Administrators, Intune Administrators, and Global Administrators can use the **Download devices** option to export a CSV file that lists devices. You can apply filters to determine which devices to list. If you don't apply any filters, all devices are listed. An export task might run for as long as an hour, depending on your selections. If the export task exceeds 1 hour, it fails, and no file is output.
 
 The exported list includes these device identity attributes:
 
@@ -180,7 +176,7 @@ You must be assigned one of the following roles to manage device settings:
    > [!NOTE]
    > The **Require multifactor authentication to register or join devices with Microsoft Entra ID** setting applies to devices that are either Microsoft Entra joined (with some exceptions) or Microsoft Entra registered. This setting doesn't apply to Microsoft Entra hybrid joined devices, [Microsoft Entra joined VMs in Azure](./howto-vm-sign-in-azure-ad-windows.md#enable-azure-ad-login-for-a-windows-vm-in-azure), or Microsoft Entra joined devices that use [Windows Autopilot self-deployment mode](/mem/autopilot/self-deploying).
 
-- **Maximum number of devices**: This setting enables you to select the maximum number of Microsoft Entra joined or Microsoft Entra registered devices that a user can have in Microsoft Entra ID. If users reach this limit, they can't add more devices until one or more of the existing devices are removed. The default value is **50**. You can increase the value up to 100. If you enter a value above 100, Microsoft Entra ID will set it to 100. You can also use **Unlimited** to enforce no limit other than existing quota limits.
+- **Maximum number of devices**: This setting enables you to select the maximum number of Microsoft Entra joined or Microsoft Entra registered devices that a user can have in Microsoft Entra ID. If users reach this limit, they can't add more devices until one or more of the existing devices are removed. The default value is **50**. You can increase the value up to 100. If you enter a value above 100, Microsoft Entra ID sets it to 100. You can also use **Unlimited** to enforce no limit other than existing quota limits.
 
    > [!NOTE]
    > The **Maximum number of devices** setting applies to devices that are either Microsoft Entra joined or Microsoft Entra registered. This setting doesn't apply to Microsoft Entra hybrid joined devices.
@@ -189,7 +185,7 @@ You must be assigned one of the following roles to manage device settings:
 This option is a premium edition capability available through products like Microsoft Entra ID P1 or P2 and Enterprise Mobility + Security.
 - **Enable Microsoft Entra Local Administrator Password Solution (LAPS) (preview)**: LAPS is the management of local account passwords on Windows devices. LAPS provides a solution to securely manage and retrieve the built-in local admin password. With cloud version of LAPS, customers can enable storing and rotation of local admin passwords for both Microsoft Entra ID and Microsoft Entra hybrid join devices. To learn how to manage LAPS in Microsoft Entra ID, see [the overview article](howto-manage-local-admin-passwords.md).
 
-- **Restrict non-admin users from recovering the BitLocker key(s) for their owned devices**: Admins can block self-service BitLocker key access to the registered owner of the device. Default users without the BitLocker read permission will be unable to view or copy their BitLocker key(s) for their owned devices. You must be a Global Administrator or Privileged Role Administrator to update this setting. 
+- **Restrict non-admin users from recovering the BitLocker key(s) for their owned devices**: Admins can block self-service BitLocker key access to the registered owner of the device. Default users without the BitLocker read permission are unable to view or copy their BitLocker key(s) for their owned devices. You must be a Global Administrator or Privileged Role Administrator to update this setting. 
 
 - **Enterprise State Roaming**: For information about this setting, see [the overview article](./enterprise-state-roaming-enable.md).
 

articles/active-directory/privileged-identity-management/pim-roles.md

@@ -37,8 +37,7 @@ For more information about the classic subscription administrator roles, see [Az
 We support all Microsoft 365 roles in the Microsoft Entra roles and Administrators portal experience, such as Exchange Administrator and SharePoint Administrator, but we don't support specific roles within Exchange RBAC or SharePoint RBAC. For more information about these Microsoft 365 services, see [Microsoft 365 admin roles](/office365/admin/add-users/about-admin-roles).
 
 > [!NOTE]
-> - Eligible users for the SharePoint administrator role, the Device administrator role, and any roles trying to access the Microsoft Security & Compliance Center might experience delays of up to a few hours after activating their role. We are working with those teams to fix the issues.
-> - For information about delays activating the Azure AD Joined Device Local Administrator role, see [How to manage the local administrators group on Microsoft Entra joined devices](../devices/assign-local-admin.md#manage-the-azure-ad-joined-device-local-administrator-role).
+> For information about delays activating the Azure AD Joined Device Local Administrator role, see [How to manage the local administrators group on Microsoft Entra joined devices](../devices/assign-local-admin.md#manage-the-azure-ad-joined-device-local-administrator-role).
 
 ## Next steps
 

articles/ai-services/computer-vision/includes/how-to-guides/analyze-image-40-python.md

@@ -42,6 +42,14 @@ In your script, create a new [VisionSource](/python/api/azure-ai-vision/azure.ai
 
 ### Image file
 
+In your script, create a new [VisionSource](/python/api/azure-ai-vision/azure.ai.vision.visionsource) object from the local image file you want to analyze.
+
+```python
+vision_source = sdk.VisionSource(filename="sample.jpg")
+```
+
+### Image buffer
+
 In your script, first create an **image_source_buffer**. Get its **image_writer** and call the **write** method to copy the image data into the writer. Then create a new [vision_source](/python/api/azure-ai-vision/azure.ai.vision.visionsource) object from your **image_source_buffer**. In the following code example, `image_buffer` is a variable of type `bytes` containing the image data.
 
 ```python

articles/ai-services/openai/concepts/models.md

@@ -38,14 +38,15 @@ The `gpt-4` model supports 8192 max input tokens and the `gpt-4-32k` model suppo
 
 ## GPT-3.5
 
-GPT-3.5 models can understand and generate natural language or code. The most capable and cost effective model in the GPT-3.5 family is GPT-3.5 Turbo, which has been optimized for chat and works well for traditional completions tasks as well.  We recommend using GPT-3.5 Turbo over [legacy GPT-3.5 and GPT-3 models](./legacy-models.md).
+GPT-3.5 models can understand and generate natural language or code. The most capable and cost effective model in the GPT-3.5 family is GPT-3.5 Turbo, which has been optimized for chat and works well for traditional completions tasks as well. GPT-3.5 Turbo is available for use with the Chat Completions API. GPT-3.5 Turbo Instruct has similar capabilities to `text-davinci-003` using the Completions API instead of the Chat Completions API.  We recommend using GPT-3.5 Turbo and GPT-3.5 Turbo Instruct over [legacy GPT-3.5 and GPT-3 models](./legacy-models.md).
 
 - `gpt-35-turbo`
 - `gpt-35-turbo-16k`
+- `gpt-35-turbo-instruct`
 
-The `gpt-35-turbo` model supports 4096 max input tokens and the `gpt-35-turbo-16k` model supports up to 16,384 tokens.
+The `gpt-35-turbo` model supports 4096 max input tokens and the `gpt-35-turbo-16k` model supports up to 16,384 tokens.  `gpt-35-turbo-instruct` supports 4097 max input tokens.
 
-Like GPT-4, use the Chat Completions API to use GPT-3.5 Turbo. To learn more about how to interact with GPT-3.5 Turbo and the Chat Completions API check out our [in-depth how-to](../how-to/chatgpt.md).
+To learn more about how to interact with GPT-3.5 Turbo and the Chat Completions API check out our [in-depth how-to](../how-to/chatgpt.md).
 
 ## Embeddings models
 
@@ -97,6 +98,7 @@ GPT-3.5 Turbo is used with the Chat Completion API. GPT-3.5 Turbo (0301) can als
 | `gpt-35-turbo`<sup>1</sup> (0301) | East US, France Central, South Central US, UK South, West Europe | N/A | 4,096 | Sep 2021 |
 | `gpt-35-turbo` (0613) | Australia East, Canada East, East US, East US 2, France Central, Japan East, North Central US, Sweden Central, Switzerland North, UK South | N/A | 4,096 | Sep 2021 |
 | `gpt-35-turbo-16k` (0613) | Australia East, Canada East, East US, East US 2, France Central, Japan East, North Central US, Sweden Central, Switzerland North, UK South | N/A | 16,384 | Sep 2021 |
+| `gpt-35-turbo-instruct` (0914) | East US, Sweden Central | N/A | 4,097 | Sep 2021 |
 
 <sup>1</sup> Version `0301` of gpt-35-turbo will be retired no earlier than July 5, 2024.  See [model updates](#model-updates) for model upgrade behavior.
 

articles/ai-services/openai/concepts/use-your-data.md

@@ -293,6 +293,7 @@ While Power Virtual Agents has features that leverage Azure OpenAI such as [gene
 
 > [!NOTE]
 > Deploying to Power Virtual Agents from Azure OpenAI is only available to US regions.
+> Power Virtual Agents supports Azure Cognitive Search indexes with keyword or semantic search only. Other data sources and advanced features may not be supported.
 
 #### Using the web app
 

articles/ai-services/openai/whats-new.md

@@ -16,6 +16,10 @@ keywords:
 
 ## September 2023
 
+### GPT-3.5 Turbo Instruct
+
+Azure OpenAI Service now supports the GPT-3.5 Turbo Instruct model. This model has performance comparable to `text-davinci-003` and is available to use with the Completions API. Check the [models page](concepts/models.md), for the latest information on model availability in each region.
+
 ### Whisper public preview
 
 Azure OpenAI Service now supports speech to text APIs powered by OpenAI's Whisper model. Get AI-generated text based on the speech audio you provide. To learn more, check out the [quickstart](./whisper-quickstart.md).

articles/aks/app-routing.md

@@ -1,5 +1,5 @@
 ---
-title: Azure Kubernetes Service (AKS) ingress with the application routing add-on (preview)
+title: Azure Kubernetes Service (AKS) managed nginx ingress with the application routing add-on (preview)
 description: Use the application routing add-on to securely access applications deployed on Azure Kubernetes Service (AKS).
 ms.subservice: aks-networking
 ms.custom: devx-track-azurecli
@@ -9,13 +9,13 @@ ms.date: 08/07/2023
 ms.author: allensu
 ---
 
-# Azure Kubernetes Service (AKS) ingress with the application routing add-on (preview)
+# Managed nginx ingress with the application routing add-on (preview)
 
-The application routing add-on configures an [ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) in your Azure Kubernetes Service (AKS) cluster with SSL termination through certificates stored in Azure Key Vault. It can optionally integrate with Open Service Mesh (OSM) for end-to-end encryption of inter-cluster communication using mutual TLS (mTLS). When you deploy ingresses, the add-on creates publicly accessible DNS names for endpoints on an Azure DNS zone.
+The application routing add-on configures an [ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) in your Azure Kubernetes Service (AKS) cluster with SSL termination through certificates stored in Azure Key Vault. When you deploy ingresses, the add-on creates publicly accessible DNS names for endpoints on an Azure DNS zone.
 
 [!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
 
-## Application routing add-on overview
+## Application routing add-on with nginx overview
 
 The application routing add-on deploys the following components:
 

articles/aks/http-application-routing.md

@@ -1,6 +1,6 @@
 ---
-title: HTTP application routing add-on for Azure Kubernetes Service (AKS)
-description: Use the HTTP application routing add-on to access applications deployed on Azure Kubernetes Service (AKS).
+title: HTTP application routing add-on for Azure Kubernetes Service (AKS) (retired)
+description: Use the HTTP application routing add-on to access applications deployed on Azure Kubernetes Service (AKS) (retired).
 ms.subservice: aks-networking
 ms.custom: devx-track-azurecli, devx-track-linux
 author: asudbring
@@ -9,10 +9,10 @@ ms.date: 04/05/2023
 ms.author: allensu
 ---
 
-# HTTP application routing add-on for Azure Kubernetes Service (AKS)
+# HTTP application routing add-on for Azure Kubernetes Service (AKS) (retired)
 
 > [!CAUTION]
-> The HTTP application routing add-on is in the process of being retired and isn't recommended for production use. We recommend migrating to the [Application Routing add-on](./app-routing-migration.md) instead.
+> HTTP application routing add-on (preview) for Azure Kubernetes Service (AKS) will be [retired](https://azure.microsoft.com/updates/retirement-http-application-routing-addon-preview-for-aks-will-retire-03032025) on 03 March 2025. We recommend migrating to the [Application Routing add-on](./app-routing-migration.md) by that date.
 
 The HTTP application routing add-on makes it easy to access applications that are deployed to your Azure Kubernetes Service (AKS) cluster by: