Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr

Author: tomvcassidy

articles/ai-services/language-service/language-detection/language-support.md

@@ -132,7 +132,7 @@ If you have content expressed in a less frequently used language, you can try La
 | Tongan              | `to`          |
 | Turkish             | `tr`          |
 | Turkmen             | `tk`          |
-| Upper Sorbian       | `hsb`          |
+| Upper Sorbian       | `hsb`         |
 | Uyghur              | `ug`          |
 | Ukrainian           | `uk`          |
 | Urdu                | `ur`          |
@@ -164,23 +164,23 @@ If you have content expressed in a less frequently used language, you can try La
 
 ## Script detection
 
-| Language |Script code	| Scripts |
-| --- | ---	| --- |
-| Bengali (Bengali-Assamese) | `as` | `Latn`, `Beng` |
-| Bengali (Bangla) | `bn` | `Latn`, `Beng` |
-| Gujarati | `gu` | `Latn`, `Gujr` |
-| Hindi | `hi` | `Latn`, `Deva` |
-| Kannada | `kn` | `Latn`, `Knda` |
-| Malayalam | `ml` | `Latn`, `Mlym` |
-| Marathi	| `mr` | `Latn`, `Deva` |
-| Oriya | `or` | `Latn`, `Orya` |
-| Gurmukhi | `pa` | `Latn`, `Guru` |
-| Tamil | `ta` | `Latn`, `Taml` |
-| Telugu | `te` | `Latn`, `Telu` |
-| Arabic | `ur` | `Latn`, `Arab` |
-| Cyrillic | `tt` | `Latn`, `Cyrl` |
-| Serbian `sr` | `Latn`, `Cyrl` |
-| Unified Canadian Aboriginal Syllabics	| `iu` | `Latn`, `Cans` |
+| Language                              | Script code | Scripts        |
+| ------------------------------------- | ----------  | -------------- |
+| Bengali (Bengali-Assamese)            | `as`        | `Latn`, `Beng` |
+| Bengali (Bangla)                      | `bn`        | `Latn`, `Beng` |
+| Gujarati                              | `gu`        | `Latn`, `Gujr` |
+| Hindi                                 | `hi`        | `Latn`, `Deva` |
+| Kannada                               | `kn`        | `Latn`, `Knda` |
+| Malayalam                             | `ml`        | `Latn`, `Mlym` |
+| Marathi	                            | `mr`        | `Latn`, `Deva` |
+| Oriya                                 | `or`        | `Latn`, `Orya` |
+| Gurmukhi                              | `pa`        | `Latn`, `Guru` |
+| Tamil                                 | `ta`        | `Latn`, `Taml` |
+| Telugu                                | `te`        | `Latn`, `Telu` |
+| Arabic                                | `ar`        | `Latn`, `Arab` |
+| Cyrillic                              | `tt`        | `Latn`, `Cyrl` |
+| Serbian                               | `sr`        | `Latn`, `Cyrl` |
+| Unified Canadian Aboriginal Syllabics	| `iu`        | `Latn`, `Cans` |
 
 ## Next steps
 

articles/ai-services/language-service/named-entity-recognition/how-to/skill-parameters.md

@@ -24,9 +24,11 @@ The “inclusionList” parameter allows for you to specify which of the NER ent
 
 The “exclusionList” parameter allows for you to specify which of the NER entity tags, listed here [link to Preview API table], you would like excluded in the entity list output in your inference JSON listing out all words and categorizations recognized by the NER service. By default, all recognized entities will be listed.
 
+<!--
 ## Example
 
 To do: work with Bidisha & Mikael to update with a good example
+-->
 
 ## overlapPolicy parameter
 

articles/postgresql/flexible-server/concepts-security.md

@@ -269,6 +269,40 @@ ALTER ROLE demouser PASSWORD 'Password123!';
 ALTER ROLE
 ```
 
+## Azure Policy Support
+
+[Azure Policy](../../governance/policy/overview.md) helps to enforce organizational standards and to assess compliance at-scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to the per-resource, per-policy granularity. It also helps to bring your resources to compliance through bulk remediation for existing resources and automatic remediation for new resources.
+
+
+### Built-in Policy Definitions
+
+Built-in policies are developed and tested by Microsoft, ensuring they meet common standards and best practices, an be deployed quickly without the need for additional configuration, making them ideal for standard compliance requirements. Built-in policies often cover widely recognized standards and compliance frameworks.
+
+
+The section below provides an index of Azure Policy built-in policy definitions for Azure Database for PostgreSQL - Flexible Server. Use the link in the Source column to view the source on the Azure Policy GitHub repo.
+
+|**Name (Azure Portal)**|**Description**|**Effect(s)**|**Version(GitHub)**|
+|-----------------------|---------------|-------------|-------------------|
+|[A Microsoft Entra administrator should be provisioned for PostgreSQL flexible servers](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fce39a96d-bf09-4b60-8c32-e85d52abea0f)|Audit provisioning of a Microsoft Entra administrator for your PostgreSQL flexible server to enable Microsoft Entra authentication. Microsoft Entra authentication enables simplified permission management and centralized identity management of database users and other Microsoft services|AuditIfNotExists, Disabled|[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_ProvisionEntraAdmin_AINE.json)|
+|[Auditing with PgAudit should be enabled for PostgreSQL flexible servers](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F4eb5e667-e871-4292-9c5d-8bbb94e0c908)|This policy helps audit any PostgreSQL flexible servers in your environment, which isn't enabled to use pgaudit.|AuditIfNotExists, Disabled|[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_EnablePgAudit_AINE.json)|
+|[Connection throttling should be enabled for PostgreSQL flexible servers](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fdacf07fa-0eea-4486-80bc-b93fae88ac40)|This policy helps audit any PostgreSQL flexible servers in your environment without Connection throttling enabled. This setting enables temporary connection throttling per IP for too many invalid password login failures|AuditIfNotExists, Disabled|[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_ConnectionThrottling_Enabled_AINE.json)|
+|[Deploy Diagnostic Settings for PostgreSQL flexible servers to Log Analytics workspace](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F78ed47da-513e-41e9-a088-e829b373281d)|Deploys the diagnostic settings for PostgreSQL flexible servers to stream to a regional Log Analytics workspace when any PostgreSQL flexible servers, which is missing this diagnostic setting is created or updated|DeployIfNotExists, Disabled|[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_DiagnosticSettings_LogAnalytics_DINE.json)|
+|[Disconnections should be logged for PostgreSQL flexible servers](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F1d14b021-1bae-4f93-b36b-69695e14984a)|This policy helps audit any PostgreSQL flexible servers in your environment without log_disconnections enabled|AuditIfNotExists, Disabled|[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_EnableLogDisconnections_AINE.json)|
+|[Enforce SSL connection should be enabled for PostgreSQL flexible servers](https://ms.portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fc29c38cb-74a7-4505-9a06-e588ab86620a)|Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL flexible server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database flexible server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your PostgreSQL flexible server|AuditIfNotExists, Disabled|[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_EnableSSL_AINE.json)|
+|[Geo-redundant backup should be enabled for Azure Database for PostgreSQL flexible servers](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fcee2f9fd-3968-44be-a863-bd62c9884423)|Azure Database for PostgreSQL flexible servers allows you to choose the redundancy option for your database server. It can be set to a geo-redundant backup storage in which the data is not only stored within the region in which your server is hosted, but is also replicated to a paired region to provide recovery option in case of a region failure. Configuring geo-redundant storage for backup is only allowed during server create|Audit, Disabled|[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_GeoRedundant_Audit.json)|
+|[Log checkpoints should be enabled for PostgreSQL flexible servers](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F70be9e12-c935-49ac-9bd8-fd64b85c1f87)|This policy helps audit any PostgreSQL flexible servers in your environment without log_checkpoints setting enabled|AuditIfNotExists, Disabled|[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_EnableLogCheckpoint_AINE.json)|
+|[Log connections should be enabled for PostgreSQL flexible servers](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F086709ac-11b5-478d-a893-9567a16d2ae3)|This policy helps audit any PostgreSQL flexible servers in your environment without log_connections setting enabled|AuditIfNotExists, Disabled|[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_EnableLogConnections_AINE.json)|
+|[PostgreSQL FlexIble servers should use customer-managed keys to encrypt data at rest](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F12c74c95-0efd-48da-b8d9-2a7d68470c92)|Use customer-managed keys to manage the encryption at rest of your PostgreSQL flexible servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys are commonly required to meet regulatory compliance standards. Customer-managed keys enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management|Audit, Deny, Disabled|[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_EnableCMK_AINE.json)|
+|[PostgreSQL flexible servers should be running TLS version 1.2 or newer](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fa43d5475-c569-45ce-a268-28fa79f4e87a)|This policy helps audit any PostgreSQL flexible servers in your environment, which is running with TLS version less than 1.2|AuditIfNotExists, Disabled|[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_MinTLS_AINE.json)|
+|[Private endpoint should be enabled for PostgreSQL flexible servers](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F5375a5bb-22c6-46d7-8a43-83417cfb4460)|Private endpoint connections enforce secure communication by enabling private connectivity to Azure Database for PostgreSQL. Configure a private endpoint connection to enable access to traffic coming only from known networks and prevent access from all other IP addresses, including within Azure|AuditIfNotExists, Disabled|[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/PostgreSQL/FlexibleServers_EnablePrivateEndPoint_AINE.json)|
+
+
+### Custom Policy Definitions
+
+Custom policies can be precisely tailored to match the specific requirements of your organization, including unique security policies or compliance mandates. With custom policies you have complete control over the policy logic and parameters, allowing for sophisticated and fine-grained policy definitions.
+
+
+
 ## Related content
 
 - [Firewall rules for IP addresses](concepts-firewall-rules.md)

articles/search/search-get-started-portal-image-search.md

@@ -32,15 +32,15 @@ Sample data consists of image files in the [azure-search-sample-data](https://gi
 
 + An Azure subscription. [Create one for free](https://azure.microsoft.com/free/).
 
-+ Azure AI services, a multiservice account, in a region that provides Azure AI Vision multimodal embeddings.
++ [Azure AI services multiservice account](/azure/ai-services/multi-service-resource), in a region that provides Azure AI Vision multimodal embeddings.
 
   Currently, those regions are: SwedenCentral, EastUS, NorthEurope, WestEurope, WestUS, SoutheastAsia, KoreaCentral, FranceCentral, AustraliaEast, WestUS2, SwitzerlandNorth, JapanEast. [Check the documentation](/azure/ai-services/computer-vision/how-to/image-retrieval) for an updated list.
 
 + Azure AI Search, on any tier, but in the same region as Azure AI services. 
 
   Service tier determines how many blobs you can index. We used the free tier to create this walkthrough and limited the content to 10 JPG files.
 
-+ Azure Storage, a standard performance (general-purpose v2) account. Access tiers can be hot, cool, and cold.
++ Azure Blob storage, a standard performance (general-purpose v2) account. Access tiers can be hot, cool, and cold. ADLS Gen2 isn't supported, so if you enabled hierarchical namespace on your account, it won't work with this version of the wizard.
 
 All of the above resources must have public access enabled for the portal nodes to be able to access them. Otherwise, the wizard fails. After the wizard runs, firewalls and private endpoints can be enabled on the different integration components for security.
 

articles/search/search-get-started-portal-import-vectors.md

@@ -44,15 +44,15 @@ For fewer limitations or more data source options, try a code-base approach. See
 
 + An Azure subscription. [Create one for free](https://azure.microsoft.com/free/).
 
-+ For data, use either an [Azure Storage account](/azure/storage/common/storage-account-overview) or a [OneLake lakehouse](search-how-to-index-onelake-files.md). For Azure Storage, use a standard performance (general-purpose v2) account. Access tiers can be hot, cool, and cold.
++ For data, use either an [Azure Storage account](/azure/storage/common/storage-account-overview) or a [OneLake lakehouse](search-how-to-index-onelake-files.md). For Azure Storage, use a standard performance (general-purpose v2) account. Access tiers can be hot, cool, and cold. ADLS Gen2 isn't supported, so if you enabled hierarchical namespace on your account, it won't work with this version of the wizard.
 
-+ For vectorization, have an Azure AI services multiservice account or [Azure OpenAI](https://aka.ms/oai/access) endpoint with deployments.
++ For vectorization, have an [Azure AI services multiservice account](/azure/ai-services/multi-service-resource) or [Azure OpenAI](https://aka.ms/oai/access) endpoint with deployments.
 
   For [multimodal with Azure AI Vision](/azure/ai-services/computer-vision/how-to/image-retrieval), create an Azure AI service in SwedenCentral, EastUS, NorthEurope, WestEurope, WestUS, SoutheastAsia, KoreaCentral, FranceCentral, AustraliaEast, WestUS2, SwitzerlandNorth, JapanEast. [Check the documentation](/azure/ai-services/computer-vision/how-to/image-retrieval?tabs=csharp) for an updated list.
 
   You can also use [Azure AI Studio model catalog](/azure/ai-studio/what-is-ai-studio) (and hub and project) with model deployments.
 
-+ Azure AI Search, in the same region as your Azure AI service. We recommend Basic tier or higher.s
++ Azure AI Search, in the same region as your Azure AI service. We recommend Basic tier or higher.
 
 + Role assignments or API keys are required for connections to embedding models and data sources. Instructions for role-based access are provided in this article.
 

articles/search/search-get-started-portal.md

@@ -28,6 +28,8 @@ The wizard creates multiple objects on your search service - [searchable index](
 
 - An Azure AI Search service for any tier and any region. [Create a service](search-create-service-portal.md) or [find an existing service](https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Search%2FsearchServices) under your current subscription. You can use a free service for this quickstart. 
 
+  For this quickstart, make sure the search service doesn't have [network access controls](service-configure-firewall.md) in place. The portal connects to the hosted sample data over a public endpoint. If search is behind a firewall, the wizard can't create the data source.
+
 ### Check for space
 
 Many customers start with the free service. The free tier is limited to three indexes, three data sources, and three indexers. Make sure you have room for extra items before you begin. This quickstart creates one of each object.
@@ -50,7 +52,7 @@ In this section, create and load an index in four steps.
 
 ### Connect to a data source
 
-The wizard creates a data source connection to sample data hosted by Microsoft on Azure Cosmos DB. This sample data is retrieved accessed over an internal connection. You don't need your own Azure Cosmos DB account or source files to run this quickstart.
+The wizard creates a data source connection to sample data hosted by Microsoft on Azure Cosmos DB. This sample data is retrieved accessed over a public endpoint. You don't need your own Azure Cosmos DB account or source files to run this quickstart.
 
 1. On **Connect to your data**, expand the **Data Source** dropdown list and select **Samples**.
 

articles/search/search-security-api-keys.md

@@ -17,7 +17,7 @@ ms.date: 06/28/2024
 
 Azure AI Search offers key-based authentication that you can use on connections to your search service. An API key is a unique string composed of 52 randomly generated numbers and letters. A request made to a search service endpoint is accepted if both the request and the API key are valid.
 
-Key-based authentication is the default. You can disable it if you opt in for [role-based authentication](search-security-enable-roles.md).
+Key-based authentication is the default. You can replace it with [role-based access](search-security-enable-roles.md), which eliminates the need for hardcoded keys in your code.
 
 ## Types of API keys
 

articles/search/search-security-enable-roles.md

@@ -14,7 +14,7 @@ ms.date: 06/18/2024
 
 # Enable or disable role-based access control in Azure AI Search
 
-If you want to use Azure role assignments for authorized access to Azure AI Search, this article explains how to enable role-based access for your search service.
+If you want to use roles for authorized access to Azure AI Search, this article explains how to enable role-based access control for your search service.
 
 Role-based access for data plane operations is optional, but recommended as the more secure option. The alternative is [key-based authentication](search-security-api-keys.md), which is the default.