MicrosoftDocs
diff --git a/‎articles/ai-services/openai/how-to/switching-endpoints.md
Lines changed: 1 addition & 1 deletion b/‎articles/ai-services/openai/how-to/switching-endpoints.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/aks/concepts-clusters-workloads.md
Lines changed: 4 additions & 4 deletions b/‎articles/aks/concepts-clusters-workloads.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎articles/aks/free-standard-pricing-tiers.md
Lines changed: 1 addition & 1 deletion b/‎articles/aks/free-standard-pricing-tiers.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/aks/open-ai-quickstart.md
Lines changed: 1 addition & 1 deletion b/‎articles/aks/open-ai-quickstart.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/aks/upgrade.md
Lines changed: 2 additions & 2 deletions b/‎articles/aks/upgrade.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/api-management/TOC.yml
Lines changed: 3 additions & 3 deletions b/‎articles/api-management/TOC.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/api-management/api-management-howto-disaster-recovery-backup-restore.md
Lines changed: 2 additions & 7 deletions b/‎articles/api-management/api-management-howto-disaster-recovery-backup-restore.md
Lines changed: 2 additions & 7 deletions
diff --git a/‎articles/api-management/api-management-howto-policies.md
Lines changed: 5 additions & 2 deletions b/‎articles/api-management/api-management-howto-policies.md
Lines changed: 5 additions & 2 deletions
diff --git a/‎articles/api-management/api-management-policies.md
Lines changed: 2 additions & 6 deletions b/‎articles/api-management/api-management-policies.md
Lines changed: 2 additions & 6 deletions
diff --git a/‎articles/api-management/api-management-policy-expressions.md
Lines changed: 5 additions & 4 deletions b/‎articles/api-management/api-management-policy-expressions.md
Lines changed: 5 additions & 4 deletions
@@ -52,7 +52,7 @@ client = AzureOpenAI(
     api_key=os.getenv("AZURE_OPENAI_KEY"),  
     api_version="2023-10-01-preview",
     azure_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT")
-    )
+)
 ```
 
 </td>
 
@@ -3,7 +3,7 @@ title: Concepts - Kubernetes basics for Azure Kubernetes Services (AKS)
 description: Learn the basic cluster and workload components of Kubernetes and how they relate to features in Azure Kubernetes Service (AKS)
 ms.topic: conceptual
 ms.custom: build-2023
-ms.date: 10/31/2022
+ms.date: 12/04/2023
 ---
 
 # Kubernetes core concepts for Azure Kubernetes Service (AKS)
@@ -71,7 +71,7 @@ To run your applications and supporting services, you need a Kubernetes *node*.
 | ----------------- | ------------- |  
 | `kubelet` | The Kubernetes agent that processes the orchestration requests from the control plane along with scheduling and running the requested containers. |  
 | *kube-proxy* | Handles virtual networking on each node. The proxy routes network traffic and manages IP addressing for services and pods. |  
-| *container runtime* | Allows containerized applications to run and interact with additional resources, such as the virtual network and storage. AKS clusters using Kubernetes version 1.19+ for Linux node pools use `containerd` as their container runtime. Beginning in Kubernetes version 1.20 for Windows node pools, `containerd` can be used in preview for the container runtime, but Docker is still the default container runtime. AKS clusters using prior versions of Kubernetes for node pools use Docker as their container runtime. |  
+| *container runtime* | Allows containerized applications to run and interact with additional resources, such as the virtual network or storage. AKS clusters using Kubernetes version 1.19+ for Linux node pools use `containerd` as their container runtime. Beginning in Kubernetes version 1.20 for Windows node pools, `containerd` can be used in preview for the container runtime, but Docker is still the default container runtime. AKS clusters using prior versions of Kubernetes for node pools use Docker as their container runtime. |  
 
 ![Azure virtual machine and supporting resources for a Kubernetes node](media/concepts-clusters-workloads/aks-node-resource-interactions.png)
 
@@ -323,7 +323,7 @@ Using the Kubernetes Scheduler, the Deployment Controller runs replicas on any a
 
 Two Kubernetes resources, however, let you manage these types of applications:
 
-- *StatefulSets* maintain the state of applications beyond an individual pod lifecycle, such as storage.
+- *StatefulSets* maintain the state of applications beyond an individual pod lifecycle.
 - *DaemonSets* ensure a running instance on each node, early in the Kubernetes bootstrap process.
 
 ### StatefulSets
@@ -338,7 +338,7 @@ Replicas in a StatefulSet are scheduled and run across any available node in an
 
 ### DaemonSets
 
-For specific log collection or monitoring, you may need to run a pod on all, or selected, nodes. You can use *DaemonSet* deploy on one or more identical pods, but the DaemonSet Controller ensures that each node specified runs an instance of the pod.
+For specific log collection or monitoring, you may need to run a pod on all nodes or a select set of nodes. You can use *DaemonSets* to deploy to one or more identical pods. The DaemonSet Controller ensures that each node specified runs an instance of the pod.
 
 The DaemonSet Controller can schedule pods on nodes early in the cluster boot process, before the default Kubernetes scheduler has started. This ability ensures that the pods in a DaemonSet are started before traditional pods in a Deployment or StatefulSet are scheduled.
 
 
@@ -43,7 +43,7 @@ In the Standard tier, the Uptime SLA feature is enabled by default per cluster.
 
 ## Before you begin
 
-[Azure CLI](/cli/azure/install-azure-cli) version 2.47.0 or later and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
+Make sure you have installed [Azure CLI](/cli/azure/install-azure-cli) version 2.47.0 or later. Run `az --version` to find your current version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
 
 ## Create a new cluster in the Free tier or Paid tier
 
 
@@ -210,7 +210,7 @@ Now that the application is deployed, you can deploy the Python-based microservi
           nodeSelector:
             "kubernetes.io/os": linux
           containers:
-          - name: order-service
+          - name: ai-service
             image: ghcr.io/azure-samples/aks-store-demo/ai-service:latest
             ports:
             - containerPort: 5001
 
@@ -11,7 +11,7 @@ ms.date: 11/21/2023
 
 An Azure Kubernetes Service (AKS) cluster will periodically need to be updated to ensure security and compatibility with the latest features. There are two components of an AKS cluster that are necessary to maintain:
 
-- *Cluster Kubernetes version*: Part of the AKS cluster lifecycle involves performing upgrades to the latest Kubernetes version. It’s important you upgrade to apply the latest security releases and to get access to the latest Kubernetes features, as well as to stay within the [AKS support window][supported-k8s-versions].
+- *Cluster Kubernetes version*: Part of the AKS cluster lifecycle involves performing upgrades to the latest Kubernetes version. It’s important that you upgrade to apply the latest security releases and to get access to the latest Kubernetes features, as well as to stay within the [AKS support window][supported-k8s-versions].
 - *Node image version*: AKS regularly provides new node images with the latest OS and runtime updates. It's beneficial to upgrade your nodes' images regularly to ensure support for the latest AKS features and to apply essential security patches and hot fixes.
 
 For Linux nodes, node image security patches and hotfixes may be performed without your initiation as *unattended updates*. These updates are automatically applied, but AKS doesn't automatically reboot your Linux nodes to complete the update process. You're required to use a tool like [kured][node-updates-kured] or [node image upgrade][node-image-upgrade] to reboot the nodes and complete the cycle.
@@ -68,4 +68,4 @@ For more information what cluster operations may trigger specific upgrade events
 [ts-quota-exceeded]: /troubleshoot/azure/azure-kubernetes/error-code-quotaexceeded
 [ts-subnet-full]: /troubleshoot/azure/azure-kubernetes/error-code-subnetisfull-upgrade
 [node-security-patches]: ./concepts-vulnerability-management.md#worker-nodes
-[node-updates-kured]: ./node-updates-kured.md
+[node-updates-kured]: ./node-updates-kured.md
@@ -150,7 +150,7 @@
     - name: Security controls by Azure Policy
       href: ./security-controls-policy.md
     - name: Security baseline
-      href: /security/benchmark/azure/baselines/api-management-security-baseline?toc=/azure/api-management/&bc=/azure/api-management/breadcrumb/toc.json
+      href: /security/benchmark/azure/baselines/api-management-security-baseline?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json
 - name: Logs and monitoring
   items:
   - name: Observability
@@ -211,7 +211,7 @@
     - name: Azure OpenAI
       items:
       - name: Protect Azure OpenAI keys
-        href: /semantic-kernel/deploy/use-ai-apis-with-api-management?toc=/azure/api-management/&bc=/azure/api-management/breadcrumb/toc.json
+        href: /semantic-kernel/deploy/use-ai-apis-with-api-management?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json
     - name: Configure API for SSE
       href: how-to-server-sent-events.md
     - name: API import restrictions
@@ -247,7 +247,7 @@
   - name: Set or edit policies
     href: set-edit-policies.md
   - name: Author policies using Microsoft Copilot for Azure
-    href: ../copilot/author-api-management-policies.md?toc=/azure/api-management/&bc=/azure/api-management/breadcrumb/toc.json
+    href: ../copilot/author-api-management-policies.md?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json
   - name: Debug policies in VS Code
     href: api-management-debug-policies.md
   - name: Policy expressions
 
@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: api-management
 ms.topic: how-to
-ms.date: 07/27/2022
+ms.date: 11/30/2023
 ms.author: danlep 
 ms.custom: devx-track-azurepowershell
 ---
@@ -334,13 +334,8 @@ Restore is a long-running operation that may take up to 30 or more minutes to co
 
 ## Storage networking constraints
 
-### Access using storage access key
-
-If the storage account is **[firewall][azure-storage-ip-firewall] enabled** and a storage key is used for access, then the customer must **Allow** the set of [Azure API Management control plane IP addresses][control-plane-ip-address] on their storage account for backup or restore to work. The storage account can be in any Azure region except the one where the API Management service is located. For example, if the API Management service is in West US, then the Azure Storage account can be in West US 2 and the customer needs to open the control plane IP 13.64.39.16 (API Management control plane IP of West US) in the firewall. This is because the requests to Azure Storage aren't SNATed to a public IP from compute (Azure API Management control plane) in the same Azure region. Cross-region storage requests will be SNATed to the public IP address.
-
-### Access using managed identity
 
-If an API Management system-assigned managed identity is used to access a firewall-enabled storage account, ensure that the storage account [grants access to trusted Azure services](../storage/common/storage-network-security.md?tabs=azure-portal#grant-access-to-trusted-azure-services).
+If the storage account is **[firewall][azure-storage-ip-firewall] enabled**, it's recommended to use the API Management instance's system-assigned managed identity for access to the account. Ensure that the storage account [grants access to trusted Azure services](../storage/common/storage-network-security.md?tabs=azure-portal#grant-access-to-trusted-azure-services).
 
 ## What is not backed up
 -   **Usage data** used for creating analytics reports **isn't included** in the backup. Use [Azure API Management REST API][azure api management rest api] to periodically retrieve analytics reports for safekeeping.
 
@@ -13,13 +13,14 @@ ms.author: danlep
 ---
 # Policies in Azure API Management
 
-In Azure API Management, API publishers can change API behavior through configuration using *policies*. Policies are a collection of statements that are run sequentially on the request or response of an API. Popular statements include:
+In Azure API Management, API publishers can change API behavior through configuration using *policies*. Policies are a collection of statements that are run sequentially on the request or response of an API. API Management provides more than 50 policies out of the box that you can configure to address common API scenarios such as authentication, rate limiting, caching, and transformation of requests or responses. For a complete list, see [API Management policy reference](api-management-policies.md).
+
+Popular policies include:
 
 * Format conversion from XML to JSON
 * Call rate limiting to restrict the number of incoming calls from a developer 
 * Filtering requests that come from certain IP addresses
 
-Many more policies are available out of the box. For a complete list, see [API Management policy reference](api-management-policies.md).
 
 Policies are applied inside the gateway between the API consumer and the managed API. While the gateway receives requests and forwards them, unaltered, to the underlying API, a policy can apply changes to both the inbound request and outbound response.
 
@@ -116,6 +117,8 @@ In API Management, a [GraphQL resolver](configure-graphql-resolver.md) is config
 
 For more information, see [Configure a GraphQL resolver](configure-graphql-resolver.md).
 
+[!INCLUDE [api-management-policies-azure-copilot](../../includes/api-management-policies-azure-copilot.md)]
+
 ## Examples
 
 ### Apply policies specified at different scopes
 
@@ -17,6 +17,7 @@ More information about policies:
 + [Policy overview](api-management-howto-policies.md)
 + [Set or edit policies](set-edit-policies.md)
 + [Policy expressions](api-management-policy-expressions.md)
++ [Author policies using Microsoft Copilot for Azure](../copilot/author-api-management-policies.md?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json)
 
 > [!IMPORTANT]
 >  [Limit call rate by subscription](rate-limit-policy.md) and [Set usage quota by subscription](quota-policy.md) have a dependency on the subscription key. A subscription key isn't required when other policies are applied.
@@ -100,10 +101,5 @@ More information about policies:
 - [Validate parameters](validate-parameters-policy.md) - Validates the request header, query, or path parameters against the API schema.
 - [Validate headers](validate-headers-policy.md) - Validates the response headers against the API schema.
 - [Validate status code](validate-status-code-policy.md) - Validates the HTTP status codes in responses against the API schema.
-## Next steps
 
-For more information about working with policies, see:
-
-+ [Tutorial: Transform and protect your API](transform-api.md)
-+ [Set or edit policies](set-edit-policies.md)
-+ [Policy snippets repo](https://github.com/Azure/api-management-policy-snippets)	
+[!INCLUDE [api-management-policy-ref-next-steps](../../includes/api-management-policy-ref-next-steps.md)]	
@@ -241,14 +241,15 @@ The `context` variable is implicitly available in every policy [expression](api-
 |`bool VerifyNoRevocation(input: this System.Security.Cryptography.X509Certificates.X509Certificate2)`|Performs an X.509 chain validation without checking certificate revocation status.<br /><br />`input` - certificate object<br /><br />Returns `true` if the validation succeeds; `false` if the validation fails.|
 
 
-## Next steps
+## Related content
 
 For more information working with policies, see:
 
 + [Policies in API Management](api-management-howto-policies.md)
-+ [Transform APIs](transform-api.md)
-+ [Policy Reference](./api-management-policies.md) for a full list of policy statements and their settings
-+ [Policy samples](./policy-reference.md)
++ [Tutorial: Transform and protect APIs](transform-api.md)
++ [Policy reference](./api-management-policies.md) for a full list of policy statements and their settings
++ [Policy snippets repo](https://github.com/Azure/api-management-policy-snippets)	
++ [Author policies using Microsoft Copilot for Azure](../copilot/author-api-management-policies.md?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json)
 
 For more information: