initial

Author: josiahvinson

articles/healthcare-apis/deidentification/configure-private-endpoints.md

@@ -10,7 +10,7 @@ ms.subservice: deidentification-service
 # customer intent: As an IT admin, I want to restrict network access to a de-identification service to a private endpoint in a virtual network. 
 ---
 
-# Configure Private Endpoint network access to Azure Health Data Services de-identification service (preview)
+# Configure Private Endpoint network access to Azure Health Data Services de-identification service
 Azure Private Link enables you to access Azure services over a **private endpoint** in your virtual network.
 
 A private endpoint is a network interface that connects you privately and securely to an Azure service which supports Azure Private Link. The private endpoint uses a private IP address from your virtual network, effectively bringing the service into your virtual network. All traffic to the service is routed through the private endpoint, so no gateways, NAT devices, ExpressRoute or VPN connections, or public IP addresses are needed. Traffic between your virtual network and the service traverses the Microsoft backbone network, eliminating exposure from the public Internet. You can restrict connections to specific instances of an Azure service, giving you the highest level of granularity in access control.
@@ -28,7 +28,7 @@ For more information, see [What is Azure Private Link?](../../private-link/priva
 
 Follow the steps at [Quickstart: Create a private endpoint by using the Azure portal](/azure/private-link/create-private-endpoint-portal). 
 
-- Instead of a webapp, create a private endpoint to a de-identification service (preview).
+- Instead of a webapp, create a private endpoint to a de-identification service.
 - When you reach [Create a private endpoint](/azure/private-link/create-private-endpoint-portal?tabs=dynamic-ip#create-a-private-endpoint), step 5, enter resource type **Microsoft.HealthDataAIServices/deidServices**.
 - Your private endpoint and virtual network must be in the same region. When you select a region for the private endpoint using the portal, it automatically filters virtual networks that are in that region. Your de-identification service can be in a different region.
 - When you reach [Test connectivity to the private endpoint](/azure/private-link/create-private-endpoint-portal?tabs=dynamic-ip#test-connectivity-to-the-private-endpoint) steps 8 and 10, use the service URL of your de-identification service plus the `/health` path.
@@ -38,7 +38,7 @@ Follow the steps at [Quickstart: Create a private endpoint by using the Azure po
 > [!IMPORTANT]
 > Creating a private endpoint does **not** restrict public network access automatically.
 
-When creating a de-identification service (preview), you can either allow public only (from all networks) or private only (only via private endpoints) access to the de-identification service.
+When creating a de-identification service, you can either allow public only (from all networks) or private only (only via private endpoints) access to the de-identification service.
 
 If you already have a de-identification service, you can configure network access by going to the service's Azure portal **Networking** page, and under **Public network access**, selecting **Disabled**. 
 

articles/healthcare-apis/deidentification/configure-storage.md

@@ -14,9 +14,9 @@ ms.date: 11/01/2024
 
 # Tutorial: Configure Azure Storage to de-identify documents
 
-The Azure Health Data Services de-identification service (preview) can de-identify documents in Azure Storage via an asynchronous job. If you have many documents that you would like
+The Azure Health Data Services de-identification service can de-identify documents in Azure Storage via an asynchronous job. If you have many documents that you would like
 to de-identify, using a job is a good option. Jobs also provide consistent surrogation, meaning that surrogate values in the de-identified output will match across
-all documents. For more information about de-identification, including consistent surrogation, see [What is the de-identification service (preview)?](overview.md)
+all documents. For more information about de-identification, including consistent surrogation, see [What is the de-identification service?](overview.md)
 
 When you choose to store documents in Azure Blob Storage, you're charged based on Azure Storage pricing. This cost isn't included in the 
  de-identification service pricing. [Explore Azure Blob Storage pricing](https://azure.microsoft.com/pricing/details/storage/blobs).
@@ -32,7 +32,7 @@ In this tutorial, you:
 ## Prerequisites
 
 * An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
-* A de-identification service with system-assigned managed identity. [Deploy the de-identification service (preview)](quickstart.md).
+* A de-identification service with system-assigned managed identity. [Deploy the de-identification service](quickstart.md).
 
 ## Open Azure CLI
 

articles/healthcare-apis/deidentification/manage-access-rbac.md

@@ -1,6 +1,6 @@
 ---
-title: Manage access to the de-identification service (preview) with Azure role-based access control (RBAC) in Azure Health Data Services
-description: Learn how to manage access to the de-identification service (preview) using Azure role-based access control.
+title: Manage access to the de-identification service with Azure role-based access control (RBAC) in Azure Health Data Services
+description: Learn how to manage access to the de-identification service using Azure role-based access control.
 author: jovinson-ms
 ms.author: jovinson
 ms.service: azure-health-data-services
@@ -9,21 +9,21 @@ ms.topic: how-to
 ms.date: 07/16/2024
 ---
 
-# Use Azure role-based access control with the de-identification service (preview)
+# Use Azure role-based access control with the de-identification service
 
-Microsoft Entra ID authorizes access rights to secured resources through Azure role-based access control (RBAC). The de-identification service (preview) defines a set of built-in roles that encompass common sets of permissions used to access de-identification functionality.
+Microsoft Entra ID authorizes access rights to secured resources through Azure role-based access control (RBAC). The de-identification service defines a set of built-in roles that encompass common sets of permissions used to access de-identification functionality.
 
 Microsoft Entra ID uses the concept of a security principal, which can be a user, a group, an application service principal, or a [managed identity for Azure resources](/entra/identity/managed-identities-azure-resources/overview).
 
 When an Azure role is assigned to a Microsoft Entra ID security principal over a specific scope, Azure grants access to that scope for that security principal. For more information about scopes, see [Understand scope for Azure RBAC](/azure/role-based-access-control/scope-overview).
 
 ## Prerequisites
 
-- A de-identification service (preview) in your Azure subscription. If you don't have a de-identification service, follow the steps in [Quickstart: Deploy the de-identification service](quickstart.md).
+- A de-identification service in your Azure subscription. If you don't have a de-identification service, follow the steps in [Quickstart: Deploy the de-identification service](quickstart.md).
 
 ## Available built-in roles
 
-The de-identification service (preview) has the following built-in roles available:
+The de-identification service has the following built-in roles available:
 
 |Role |Description |
 |-----|------------|
@@ -34,7 +34,7 @@ The de-identification service (preview) has the following built-in roles availab
 
 ## Assign a built-in role
 
-Keep in mind the following points about Azure role assignments with the de-identification service (preview):
+Keep in mind the following points about Azure role assignments with the de-identification service:
 
 - When you create a de-identification service, you aren't automatically assigned permissions to access data via Microsoft Entra ID. You need to explicitly assign yourself an applicable Azure role. You can assign it at the level of your subscription, resource group, or de-identification service.
 - When roles are assigned, it can take up to 10 minutes for changes to take effect.
@@ -45,15 +45,15 @@ You can use different tools to assign built-in roles. Select the tab that applie
 
 # [Azure portal](#tab/azure-portal)
 
-To use the de-identification service (preview), with Microsoft Entra ID credentials, a security principal must be assigned one of the built-in roles. To learn how to assign these roles to a security principal, follow the steps in [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal).
+To use the de-identification service, with Microsoft Entra ID credentials, a security principal must be assigned one of the built-in roles. To learn how to assign these roles to a security principal, follow the steps in [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal).
 
 # [Azure PowerShell](#tab/azure-powershell)
 
 To assign an Azure role to a security principal with PowerShell, call the [New-AzRoleAssignment](/powershell/module/az.resources/new-azroleassignment) command. In order to run the command, you must have a role that includes **Microsoft.Authorization/roleAssignments/write** permissions assigned to you at the corresponding scope or higher.
 
 The format of the command can differ based on the scope of the assignment, but `ObjectId` and `RoleDefinitionName` are required parameters. While the `Scope` parameter is optional, you should set it to retain the principle of least privilege. By limiting roles and scopes, you limit the resources that are at risk if the security principal is ever compromised.
 
-The scope for a de-identification service (preview) is in the form `/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>`
+The scope for a de-identification service is in the form `/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>`
 
 The example assigns the **DeID Data Owner** built-in role to a user, scoped to a specific de-identification service. Make sure to replace the placeholder values 
 in angle brackets `<>` with your own values:
@@ -88,7 +88,7 @@ To assign an Azure role to a security principal with Azure CLI, use the [az role
 
 The format of the command can differ based on the type of security principal, but `role` and `scope` are required parameters.
 
-The scope for a de-identification service (preview) is in the form `/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>`
+The scope for a de-identification service is in the form `/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>`
 
 The following example assigns the **DeID Data Owner** built-in role to a user, scoped to a specific de-identification service. Make sure to replace the placeholder values in angle brackets `<>` with your own values:
 

articles/healthcare-apis/deidentification/managed-identities.md

@@ -1,6 +1,6 @@
 ---
-title: Use managed identities with the de-identification service (preview) in Azure Health Data Services
-description: Learn how to use managed identities with the Azure Health Data Services de-identification service (preview) using the Azure portal and ARM template.
+title: Use managed identities with the de-identification service in Azure Health Data Services
+description: Learn how to use managed identities with the Azure Health Data Services de-identification service using the Azure portal and ARM template.
 author: jovinson-ms
 ms.author: jovinson
 ms.service: azure-health-data-services
@@ -9,22 +9,22 @@ ms.topic: how-to
 ms.date: 07/17/2024
 ---
 
-# Use managed identities with the de-identification service (preview)
+# Use managed identities with the de-identification service
 
 Managed identities provide Azure services with a secure, automatically managed identity in Microsoft Entra ID. Using managed identities eliminates the need for developers to manage credentials by providing an identity. There are two types of managed identities: system-assigned and user-assigned. The de-identification service supports both.
 
-Managed identities can be used to grant the de-identification service (preview) access to your storage account for batch processing. In this article, you learn how to assign a managed identity to your de-identification service.
+Managed identities can be used to grant the de-identification service access to your storage account for batch processing. In this article, you learn how to assign a managed identity to your de-identification service.
 
 ## Prerequisites
 
 - Understand the differences between **system-assigned** and **user-assigned** managed identities, described in [What are managed identities for Azure resources?](/entra/identity/managed-identities-azure-resources/overview)
-- A de-identification service (preview) in your Azure subscription. If you don't have a de-identification service, follow the steps in [Quickstart: Deploy the de-identification service](quickstart.md).
+- A de-identification service in your Azure subscription. If you don't have a de-identification service, follow the steps in [Quickstart: Deploy the de-identification service](quickstart.md).
 
-## Create an instance of the de-identification service (preview) in Azure Health Data Services with a system-assigned managed identity
+## Create an instance of the de-identification service in Azure Health Data Services with a system-assigned managed identity
 
 # [Azure portal](#tab/portal)
 
-1. Access the de-identification service (preview) settings in the Azure portal under the **Security** group in the left navigation pane.
+1. Access the de-identification service settings in the Azure portal under the **Security** group in the left navigation pane.
 1. Select **Identity**.
 1. Within the **System assigned** tab, switch **Status** to **On** and choose **Save**.
 
@@ -46,7 +46,7 @@ the resource definition:
 # [Azure portal](#tab/portal)
 
 1. Create a user-assigned managed identity resource according to [these instructions](/entra/identity/managed-identities-azure-resources/how-manage-user-assigned-managed-identities).
-1. In the navigation pane of your de-identification service (preview), scroll to the **Security** group.
+1. In the navigation pane of your de-identification service, scroll to the **Security** group.
 1. Select **Identity**.
 1. Select the **User assigned** tab, and then choose **Add**.
 1. Search for the identity you created, select it, and then choose **Add**.
@@ -69,16 +69,16 @@ the resource definition, replacing **resource-id** with the Azure Resource Manag
 
 ## Supported scenarios using managed identities
 
-Managed identities assigned to the de-identification service (preview) can be used to allow access to Azure Blob Storage for batch de-identification jobs. The service acquires a token as the managed identity to access Blob Storage, and de-identify blobs that match a specified pattern. For more information, including how to grant access to your managed identity, see [Quickstart: Azure Health De-identification client library for .NET](quickstart-sdk-net.md).
+Managed identities assigned to the de-identification service can be used to allow access to Azure Blob Storage for batch de-identification jobs. The service acquires a token as the managed identity to access Blob Storage, and de-identify blobs that match a specified pattern. For more information, including how to grant access to your managed identity, see [Quickstart: Azure Health De-identification client library for .NET](quickstart-sdk-net.md).
 
 ## Clean-up steps
 
 When you remove a system-assigned identity, you delete it from Microsoft Entra ID. System-assigned identities are also automatically removed from Microsoft Entra ID
-when you delete the de-identification service (preview), described as follows.
+when you delete the de-identification service, described as follows.
 
 # [Azure portal](#tab/portal)
 
-1. In the navigation pane of your de-identification service (preview), scroll down to the **Security** group.
+1. In the navigation pane of your de-identification service, scroll down to the **Security** group.
 1. Select **Identity**, then follow the steps based on the identity type:
    - **System-assigned identity**: Within the **System assigned** tab, switch **Status** to **Off**, and then choose **Save**.
    - **User-assigned identity**: Select the **User assigned** tab, select the checkbox for the identity, and select **Remove**. Select **Yes** to confirm.

articles/healthcare-apis/deidentification/monitor-deidentification-service-reference.md

@@ -1,6 +1,6 @@
 ---
-title: Monitoring data reference for the De-identification service (preview) in Azure Health Data Services
-description: This article contains important reference material you need when you monitor the De-identification service (preview) in Azure Health Data Services.
+title: Monitoring data reference for the De-identification service in Azure Health Data Services
+description: This article contains important reference material you need when you monitor the De-identification service in Azure Health Data Services.
 ms.date: 09/05/2024
 ms.custom: horz-monitor
 ms.topic: reference
@@ -10,10 +10,10 @@ ms.service: azure-health-data-services
 ms.subservice: deidentification-service
 ---
 
-# Azure Health Data Services de-identification service (preview) monitoring data reference
+# Azure Health Data Services de-identification service monitoring data reference
 [!INCLUDE [horz-monitor-ref-intro](~/reusable-content/ce-skilling/azure/includes/azure-monitor/horizontals/horz-monitor-ref-intro.md)]
 
-See [Monitor the de-identification service (preview)](monitor-deidentification-service.md) for details on the data you can collect for the de-identification service and how to use it.
+See [Monitor the de-identification service](monitor-deidentification-service.md) for details on the data you can collect for the de-identification service and how to use it.
 
 [!INCLUDE [horz-monitor-ref-resource-logs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/horizontals/horz-monitor-ref-resource-logs.md)]
 
@@ -22,7 +22,7 @@ See [Monitor the de-identification service (preview)](monitor-deidentification-s
 
 [!INCLUDE [horz-monitor-ref-logs-tables](~/reusable-content/ce-skilling/azure/includes/azure-monitor/horizontals/horz-monitor-ref-logs-tables.md)]
 
-### Azure Health Data Services de-identification service (preview)
+### Azure Health Data Services de-identification service
 Microsoft.HealthDataAIServices/deidServices
 - [AHDSDeidAuditLogs](/azure/azure-monitor/reference/tables/ahdsdeidauditlogs#columns)
 
@@ -31,5 +31,5 @@ Microsoft.HealthDataAIServices/deidServices
 
 ## Related content
 
-- See [Monitor the Azure Health Data Services de-identification service](monitor-deidentification-service.md) for a description of monitoring the Azure Health Data Services de-identification service (preview).
+- See [Monitor the Azure Health Data Services de-identification service](monitor-deidentification-service.md) for a description of monitoring the Azure Health Data Services de-identification service.
 - See [Monitor Azure resources with Azure Monitor](/azure/azure-monitor/essentials/monitor-azure-resource) for details on monitoring Azure resources.