Merge branch 'MicrosoftDocs:main' into main

Author: GabstaMSFT

.openpublishing.redirection.azure-monitor.json

@@ -6264,6 +6264,11 @@
             "redirect_url": "/azure/azure-monitor/reference/supported-metrics/metrics-index",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/essentials/platform-logs-overview.md",
+            "redirect_url": "/azure/azure-monitor/data-sources",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/essentials/resource-logs-categories.md",
             "redirect_url": "/azure/azure-monitor/reference/supported-logs/logs-index",

.openpublishing.redirection.certification.json

@@ -74,6 +74,21 @@
             "source_path_from_root": "/articles/certification/how-to-indirectly-connected-devices.md",
             "redirect_url": "/azure/certification/overview",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/certification/program-requirements-pnp.md",
+            "redirect_url": "/azure/certification/overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/certification/how-to-troubleshoot-pnp.md",
+            "redirect_url": "/azure/certification/overview",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/certification/how-to-test-pnp.md",
+            "redirect_url": "/azure/certification/overview",
+            "redirect_document_id": false
         }
     ]
 }

articles/ai-services/openai/how-to/use-your-data-securely.md

@@ -14,7 +14,7 @@ recommendations: false
 
 # Securely use Azure OpenAI On Your Data
 
-Use this article to learn how to use Azure OpenAI On Your Data securely by protecting data and resources with Microsoft Entra ID role-based access control, virtual networks and private endpoints.
+Use this article to learn how to use Azure OpenAI On Your Data securely by protecting data and resources with Microsoft Entra ID role-based access control, virtual networks, and private endpoints.
 
 This article is only applicable when using [Azure OpenAI On Your Data with text](/azure/ai-services/openai/concepts/use-your-data). It does not apply to [Azure OpenAI On Your Data with images](/azure/ai-services/openai/concepts/use-your-image-data).
 
@@ -163,6 +163,8 @@ To allow your Azure AI Search to call your Azure OpenAI `preprocessing-jobs` as
 
 Set `networkAcls.bypass` as `AzureServices` from the management API. For more information, see [Virtual networks article](/azure/ai-services/cognitive-services-virtual-networks?tabs=portal#grant-access-to-trusted-azure-services-for-azure-openai).
 
+This step can be skipped only if you have a [shared private link](#create-shared-private-link) for your Azure AI Search resource.
+
 ### Disable public network access
 
 You can disable public network access of your Azure OpenAI resource in the Azure portal. 
@@ -172,7 +174,7 @@ To allow access to your Azure OpenAI service from your client machines, like usi
 
 ## Configure Azure AI Search
 
-You can use basic pricing tier and higher for the configuration below. You don’t have to use S2 pricing tier because the configuration doesn't require [private endpoint support for indexers with a skill set](/azure/search/search-limits-quotas-capacity#shared-private-link-resource-limits). See [step 8](#data-ingestion-architecture) of the data ingestion architecture diagram. The networking for custom skill is *bypass trusted service*, not *private endpoint*.
+You can use basic pricing tier and higher for the configuration below. It's not necessary, but if you use the S2 pricing tier you will see [additional options](#create-shared-private-link) available for selection.
 
 ### Enable managed identity
 
@@ -212,11 +214,28 @@ To allow access to your Azure AI Search resource from your client machines, like
 
 :::image type="content" source="../media/use-your-data/approve-private-endpoint.png" alt-text="A screenshot showing private endpoint approval screen." lightbox="../media/use-your-data/approve-private-endpoint.png":::
 
-The private endpoint resource is provisioned in a Microsoft managed tenant, while the linked resource is in your tenant. You can't access the private endpoint resource by just clicking the **private endpoint** link (in blue font) in the **Private access** tab of the **Networking page**. Instead, click elsewhere on the row, then the **Approve**` button above should be clickable.
+The private endpoint resource is provisioned in a Microsoft managed tenant, while the linked resource is in your tenant. You can't access the private endpoint resource by just clicking the **private endpoint** link (in blue font) in the **Private access** tab of the **Networking page**. Instead, click elsewhere on the row, then the **Approve** button above should be clickable.
 
 Learn more about the [manual approval workflow](/azure/private-link/private-endpoint-overview#access-to-a-private-link-resource-using-approval-workflow).
 
 
+### Create shared private link
+
+> [!TIP]
+> If you are using a basic or standard pricing tier, or if it is your first time to setup all of your resources securely, you should skip this advanced topic.
+
+This section is only applicable for S2 pricing tier search resource, because it requires [private endpoint support for indexers with a skill set](/azure/search/search-limits-quotas-capacity#shared-private-link-resource-limits).
+
+To create shared private link from your search resource connecting to your Azure OpenAI resource, see the [search documentation](/azure/search/search-indexer-howto-access-private). Select **Resource type** as `Microsoft.CognitiveServices/accounts` and **Group ID** as `openai_account`.
+
+With shared private link, [step eight](#data-ingestion-architecture) of the data ingestion architecture diagram is changed from **bypass trusted service** to **private endpoint**.
+
+:::image type="content" source="../media/use-your-data/ingestion-architecture-s2.png" alt-text="A diagram showing the process of ingesting data with an S2 search resource." lightbox="../media/use-your-data/ingestion-architecture-s2.png":::
+
+The Azure AI Search shared private link you created is also in a Microsoft managed virtual network, not your virtual network. The difference compared to the other managed private endpoint created [earlier](#disable-public-network-access-1) is that the managed private endpoint `[1]` from Azure OpenAI to Azure Search is provisioned through the [form application](#disable-public-network-access-1), while the managed private endpoint `[2]` from Azure Search to Azure OpenAI is provisioned via Azure portal or REST API of Azure Search.
+
+:::image type="content" source="../media/use-your-data/virtual-network-s2.png" alt-text="A diagram showing the virtual network architecture with S2 search resource." lightbox="../media/use-your-data/virtual-network-s2.png":::
+
 ## Configure Storage Account
 
 ### Enable trusted service
@@ -246,7 +265,7 @@ So far you have already setup each resource work independently. Next you need to
 | `Search Service Contributor` | Azure OpenAI | Azure AI Search | Inference service queries the index schema for auto fields mapping. Data ingestion service creates index, data sources, skill set, indexer, and queries the indexer status. |
 | `Storage Blob Data Contributor` | Azure OpenAI | Storage Account | Reads from the input container, and writes the preprocess result to the output container. |
 | `Cognitive Services OpenAI Contributor` | Azure AI Search | Azure OpenAI | Custom skill |
-| `Storage Blob Data Contributor` | Azure AI Search | Storage Account | Reads blob and writes knowledge store |
+| `Storage Blob Data Contributor` | Azure AI Search | Storage Account | Reads blob and writes knowledge store. |
 
 
 In the above table, the `Assignee` means the system assigned managed identity of that resource.

articles/ai-services/openai/media/use-your-data/ingestion-architecture-s2.png

@@ -20,7 +20,7 @@ Our third party partners featured in this article have introduction guides to he
 | Networking         | [Buoyant](#buoyant) <br> [Isovalent](#isovalent) <br> [Tetrate](#tetrate)                      |
 | Observability      | [Buoyant](#buoyant) <br> [Isovalent](#isovalent) <br> [Dynatrace](#dynatrace)                  |
 | Security           | [Buoyant](#buoyant) <br> [Isovalent](#isovalent) <br> [Kong](#kong) <br> [Tetrate](#tetrate)   |
-| Storage            | [Veeam](#veeam)                                                                                |
+| Storage            | [Catalogic](#catalogic) <br> [Veeam](#veeam)                                                   |
 | Config Management  | [Corent](#corent)                                                                              |
 | Migration          | [Catalogic](#catalogic)                                                                        |
 
@@ -223,9 +223,9 @@ Migrate workloads to Azure Linux Container Host on AKS with confidence.
 
 | Solution | Categories |
 |----------|------------|
-| CloudCasa | Migration |
+| CloudCasa by Catalogic | Migration <br> Storage |
 
-CloudCasa is a Kubernetes backup, recovery, and migration solution that is fully compatible with AKS, as well as all other major Kubernetes distributions and managed services.
+CloudCasa by Catalogic is a Kubernetes backup, recovery, and migration solution that is fully compatible with AKS, as well as all other major Kubernetes distributions and managed services.
 
 <details> <summary> See more </summary><br>
 
@@ -237,7 +237,7 @@ CloudCasa can also centrally manage Azure Backup or Velero backup installations
 
 </details>
 
-For more information, see [Catalogic Solutions](https://cloudcasa.io/) and [Catalogic on Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/catalogicsoftware1625626770507.cloudcasa-aks-app).
+For more information, see [CloudCasa by Catalogic Solutions](https://cloudcasa.io/) and [CloudCasa by Catalogic on Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/catalogicsoftware1625626770507.cloudcasa-aks-app).
 
 ## Next steps
 

articles/ai-services/openai/media/use-your-data/virtual-network-s2.png

@@ -4,7 +4,7 @@ description: Learn how to enable Federal Information Process Standard (FIPS) for
 author: rayoef
 ms.author: rayoflores
 ms.topic: how-to 
-ms.date: 06/28/2023
+ms.date: 02/29/2024
 ms.custom: template-how-to
 ---
 
@@ -22,6 +22,8 @@ The Federal Information Processing Standard (FIPS) 140-2 is a US government stan
   * FIPS-enabled node pools require Kubernetes version 1.19 and greater.
   * To update the underlying packages or modules used for FIPS, you must use [Node Image Upgrade][node-image-upgrade].
   * Container images on the FIPS nodes haven't been assessed for FIPS compliance.
+  * Mounting of a CIFS share fails because FIPS disables some authentication modules. To work around this issue, see [Errors when mounting a file share on a FIPS-enabled node pool][errors-mount-file-share-fips].
+
 
 > [!IMPORTANT]
 > The FIPS-enabled Linux image is a different image than the default Linux image used for Linux-based node pools. To enable FIPS on a node pool, you must create a new Linux-based node pool. You can't enable FIPS on existing node pools.
@@ -137,3 +139,4 @@ To learn more about AKS security, see [Best practices for cluster security and u
 [fips]: /azure/compliance/offerings/offering-fips-140-2
 [install-azure-cli]: /cli/azure/install-azure-cli
 [node-image-upgrade]: node-image-upgrade.md
+[errors-mount-file-share-fips]: /troubleshoot/azure/azure-kubernetes/fail-to-mount-azure-file-share#fipsnodepool

articles/aks/azure-linux-aks-partner-solutions.md

@@ -81,7 +81,7 @@ For a reference of all Azure Monitor Logs / Log Analytics tables, see the [Azure
 
 ## Activity log
 
-The following table lists a few example operations related to AKS that may be created in the [Activity log](../azure-monitor/essentials/activity-log.md). Use the Activity log to track information such as when a cluster is created or had its configuration change. You can view this information [in the portal](../azure-monitor/essentials/activity-log.md#view-the-activity-log) or by using [other methods](../azure-monitor/essentials/activity-log.md#other-methods-to-retrieve-activity-log-events). You can also use it to create an [Activity log alert]() to be proactively notified when an event occurs.
+The following table lists a few example operations related to AKS that may be created in the [Activity log](../azure-monitor/essentials/activity-log-insights.md). Use the Activity log to track information such as when a cluster is created or had its configuration change. You can view this information in the portal or by using [other methods](../azure-monitor/essentials/activity-log.md#other-methods-to-retrieve-activity-log-events). You can also use it to create an [Activity log alert]() to be proactively notified when an event occurs.
 
 | Operation | Description |
 |:---|:---|

articles/aks/enable-fips-nodes.md

@@ -8,7 +8,7 @@ author: msangapu-msft
 ---
 # Get resource events in Azure App Service
 
-Azure App Service provides built-in tools to monitor the status and health of your resources. Resource events help you understand any changes that were made to your underlying web app resources and take action as necessary. Event examples include: scaling of instances, updates to application settings, restarting of the web app, and many more. In this article, you'll learn how to view [Azure Activity Logs](../azure-monitor/essentials/activity-log.md#view-the-activity-log) and enable [Event Grid](../event-grid/index.yml) to monitor App Service resource events.
+Azure App Service provides built-in tools to monitor the status and health of your resources. Resource events help you understand any changes that were made to your underlying web app resources and take action as necessary. Event examples include: scaling of instances, updates to application settings, restarting of the web app, and many more. In this article, you'll learn how to view [Azure Activity Logs](../azure-monitor/essentials/activity-log-insights.md#view-the-activity-log) and enable [Event Grid](../event-grid/index.yml) to monitor App Service resource events.
 
 ## View Azure Activity Logs
 Azure Activity Logs contain resource events emitted by operations taken on the resources in your subscription. Both the user actions in the Azure portal and Azure Resource Manager templates contribute to the events captured by the Activity log. 
@@ -24,7 +24,7 @@ Azure Activity Logs for App Service details such as:
 
 Azure Activity Logs can be queried using the Azure portal, PowerShell, REST API, or CLI. You can send the logs to a storage account, Event Hub, and Log Analytics. You can also analyze them in Power BI or create alerts to stay updated on resource events.
 
-[View and retrieve Azure Activity log events.](../azure-monitor/essentials/activity-log.md#view-the-activity-log)
+[View and retrieve Azure Activity log events.](../azure-monitor/essentials/activity-log-insights.md#view-the-activity-log)
 
 ## Ship Activity Logs to Event Grid