Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into us297322-content-curation

Author: asudbring

articles/ai-services/speech-service/includes/language-support/multilingual-voices.md

@@ -36,6 +36,7 @@ ms.author: eur
 |zh-CN-XiaomoNeural|`affectionate`, `angry`, `calm`, `cheerful`, `depressed`, `disgruntled`, `embarrassed`, `envious`, `fearful`, `gentle`, `sad`, `serious`|`Boy`, `Girl`, `OlderAdultFemale`, `OlderAdultMale`, `SeniorFemale`, `SeniorMale`, `YoungAdultFemale`, `YoungAdultMale`|
 |zh-CN-XiaoruiNeural|`angry`, `calm`, `fearful`, `sad`|Not supported|
 |zh-CN-XiaoshuangNeural|`chat`|Not supported|
+|zh-CN-XiaoxiaoMultilingualNeural|`affectionate`, `cheerful`, `empathetic`, `excited`, `poetry-reading`, `sorry`, `story`|Not supported|
 |zh-CN-XiaoxiaoNeural|`affectionate`, `angry`, `assistant`, `calm`, `chat`, `chat-casual`, `cheerful`, `customerservice`, `disgruntled`, `excited`, `fearful`, `friendly`, `gentle`, `lyrical`, `newscast`, `poetry-reading`, `sad`, `serious`, `sorry`, `whispering`|Not supported|
 |zh-CN-XiaoyiNeural|`affectionate`, `angry`, `cheerful`, `disgruntled`, `embarrassed`, `fearful`, `gentle`, `sad`, `serious`|Not supported|
 |zh-CN-XiaozhenNeural|`angry`, `cheerful`, `disgruntled`, `fearful`, `sad`, `serious`|Not supported|

articles/ai-services/speech-service/includes/language-support/tts.md

@@ -0,0 +1,43 @@
+### YamlMime:Landing
+
+title: De-identification service documentation
+summary: Documentation for the Azure Health Data Services de-identification service.
+
+metadata:
+  title: Azure Health Data Services de-identification service
+  description: Documentation for the Azure Health Data Services de-identification service.
+  ms.service: azure-health-data-services
+  ms.subservice: deidentification-service
+  ms.topic: landing-page
+
+  author: msjasteppe
+  ms.author: jasteppe
+  ms.date: 08/08/2024
+
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
+
+landingContent:
+  - title: About the de-identification service
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: What is the de-identification service?
+            url: overview.md
+
+  - title: Get started
+    linkLists:
+      - linkListType: quickstart
+        links:
+          - text: Deploy the de-identification service
+            url: quickstart.md
+          - text: Azure Health De-identification client library for .NET
+            url: quickstart-sdk-net.md
+
+  - title: How-to
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Manage access with Azure role-based access control (RBAC)
+            url: manage-access-rbac.md
+          - text: Use managed identities
+            url: managed-identities.md

articles/ai-services/speech-service/includes/language-support/voice-styles-and-roles.md

@@ -0,0 +1,120 @@
+---
+title: Manage access to the de-identification service (preview) with Azure role-based access control (RBAC) in Azure Health Data Services
+description: Learn how to manage access to the de-identification service (preview) using Azure role-based access control.
+author: jovinson-ms
+ms.author: jovinson
+ms.service: azure-health-data-services
+ms.subservice: deidentification-service
+ms.topic: how-to
+ms.date: 07/16/2024
+---
+
+# Use Azure role-based access control with the de-identification service (preview)
+
+Microsoft Entra ID authorizes access rights to secured resources through Azure role-based access control (RBAC). The de-identification service (preview) defines a set of
+built-in roles that encompass common sets of permissions used to access de-identification functionality.
+
+Microsoft Entra ID uses the concept of a security principal, which can be a user, a group, an application service principal, or a [managed identity for Azure resources](/entra/identity/managed-identities-azure-resources/overview).
+
+When an Azure role is assigned to a Microsoft Entra ID security principal over a specific scope, Azure grants access to that scope for that security principal. For more information about scopes, see
+[Understand scope for Azure RBAC](/azure/role-based-access-control/scope-overview).
+
+## Prerequisites
+
+- A de-identification service (preview) in your Azure subscription. If you don't have a de-identification service, follow the steps in [Quickstart: Deploy the de-identification service](quickstart.md).
+
+## Available built-in roles
+
+The de-identification service (preview) has the following built-in roles available:
+
+|Role |Description |
+|-----|------------|
+|DeID Data Owner |Full access to de-identification functionality. |
+|DeID Real-time Data User |Execute requests against de-identification API endpoints. |
+|DeID Batch Owner |Create and manage de-identification batch jobs. |
+|DeID Batch Reader |Read-only access to de-identification batch jobs. |
+
+## Assign a built-in role
+
+Keep in mind the following points about Azure role assignments with the de-identification service (preview):
+
+- When you create a de-identification service, you aren't automatically assigned permissions to access data via Microsoft Entra ID. You need to explicitly assign yourself an applicable Azure role. You can assign it at the level of your subscription, resource group, or de-identification service.
+- When roles are assigned, it can take up to 10 minutes for changes to take effect.
+- When the de-identification service is locked with an [Azure Resource Manager read-only lock](/azure/azure-resource-manager/management/lock-resources), the lock prevents the assignment of Azure roles that are scoped to the de-identification service.
+- When Azure deny assignments have been applied, your access might be blocked even if you have a role assignment. For more information, see [Understand Azure deny assignments](/azure/role-based-access-control/deny-assignments).
+
+You can use different tools to assign built-in roles.
+
+# [Azure portal](#tab/azure-portal)
+
+To use the de-identification service (preview), with Microsoft Entra ID credentials, a security principal must be assigned one of the built-in roles. To learn how to assign these roles to a security
+principal, follow the steps in [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal).
+
+# [Azure PowerShell](#tab/azure-powershell)
+
+To assign an Azure role to a security principal with PowerShell, call the [New-AzRoleAssignment](/powershell/module/az.resources/new-azroleassignment) command. In order to run the command, you must have a role that includes **Microsoft.Authorization/roleAssignments/write** permissions assigned to you at the corresponding scope or higher.
+
+The format of the command can differ based on the scope of the assignment, but `ObjectId` and `RoleDefinitionName` are required parameters. While the `Scope` parameter is optional, you should set it to retain the principle of least privilege. By limiting roles and scopes, you limit the resources that are at risk if the security principal is ever compromised.
+
+The scope for a de-identification service (preview) is in the form `/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<Deidentification Service Name>`
+
+The example assigns the **DeID Data Owner** built-in role to a user, scoped to a specific de-identification service. Make sure to replace the placeholder values 
+in angle brackets `<>` with your own values:
+
+```azurepowershell
+New-AzRoleAssignment 
+	-SignInName <Email> `
+	-RoleDefinitionName "DeID Data Owner" `
+	-Scope "/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<Deidentification Service Name>"
+```
+
+A successful response should look like:
+
+```
+
+console
+RoleAssignmentId   : /subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<Deidentification Service Name>/providers/Microsoft.Authorization/roleAssignments/<Role Assignment ID>
+Scope              : /subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<Deidentification Service Name>
+DisplayName        : Mark Patrick
+SignInName         : [email protected]
+RoleDefinitionName : DeID Data Owner
+RoleDefinitionId   : <Role Definition ID>
+ObjectId           : <Object ID>
+ObjectType         : User
+CanDelegate        : False
+
+```
+
+For more information, see [Assign Azure roles using Azure PowerShell](/azure/role-based-access-control/role-assignments-powershell).
+
+# [Azure CLI](#tab/azure-pcli)
+
+To assign an Azure role to a security principal with Azure CLI, use the [az role assignment create](/cli/azure/role/assignment) command. In order to run the command, you must have a role that includes
+**Microsoft.Authorization/roleAssignments/write** permissions assigned to you at the corresponding scope or higher.
+
+The format of the command can differ based on the type of security principal, but `role` and `scope` are required parameters.
+
+The scope for a de-identification service (preview) is in the form `/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<Deidentification Service Name>`
+
+The following example assigns the **DeID Data Owner** built-in role to a user, scoped to a specific de-identification service. Make sure to replace the placeholder values 
+in angle brackets `<>` with your own values:
+
+```azurecli
+az role assignment create \
+	--assignee <Email> \
+	--role "DeID Data Owner" \
+	--scope "/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<Deidentification Service Name>"
+```
+
+For more information, see [Assign Azure roles using Azure PowerShell](/azure/role-based-access-control/role-assignments-cli).
+
+# [ARM template](#tab/azure-resource-manager)
+
+To learn how to use an Azure Resource Manager template to assign an Azure role, see [Assign Azure roles using Azure Resource Manager templates](/azure/role-based-access-control/role-assignments-template).
+
+---
+
+## Related content
+
+- [What is Azure role-based access control (Azure RBAC)?](/azure/role-based-access-control/overview)
+- [Best practices for Azure RBAC](/azure/role-based-access-control/best-practices)

articles/healthcare-apis/deidentification/index.yml

@@ -0,0 +1,103 @@
+---
+title: Use managed identities with the de-identification service (preview) in Azure Health Data Services
+description: Learn how to use managed identities with the Azure Health Data Services de-identification service (preview) using the Azure portal and ARM template.
+author: jovinson-ms
+ms.author: jovinson
+ms.service: azure-health-data-services
+ms.subservice: deidentification-service
+ms.topic: how-to
+ms.date: 07/17/2024
+---
+
+# Use managed identities with the de-identification service (preview)
+
+Managed identities provide Azure services with a secure, automatically managed identity in Microsoft Entra ID. Using managed identities eliminates the need for developers having to manage credentials by providing an identity. There are two types of managed identities: system-assigned and user-assigned. The de-identification service supports both.
+
+Managed identities can be used to grant the de-identification service (preview) access to your storage account for batch processing. In this article, you learn how to assign a managed identity to your de-identification service.
+
+## Prerequisites
+
+- Understand the differences between **system-assigned** and **user-assigned** described in [What are managed identities for Azure resources?](/entra/identity/managed-identities-azure-resources/overview)
+- A de-identification service (preview) in your Azure subscription. If you don't have a de-identification service, follow the steps in [Quickstart: Deploy the de-identification service](quickstart.md).
+
+## Create an instance of the de-identification service (preview) in Azure Health Data Services with a system-assigned managed identity
+
+# [Azure portal](#tab/portal)
+
+1. Access the de-identification service (preview) settings in the Azure portal under the **Security** group in the left navigation pane.
+1. Select **Identity**.
+1. Within the **System assigned** tab, switch **Status** to **On** and choose **Save**.
+
+# [ARM template](#tab/azure-resource-manager)
+
+Any resource of type ``Microsoft.HealthDataAIServices/deidServices`` can be created with a system-assigned identity by including the following block in 
+the resource definition:
+
+```json
+"identity": {
+    "type": "SystemAssigned"
+}
+```
+
+---
+
+## Assign a user-assigned managed identity to a service instance
+
+# [Azure portal](#tab/portal)
+
+1. Create a user-assigned managed identity resource according to [these instructions](/entra/identity/managed-identities-azure-resources/how-manage-user-assigned-managed-identities).
+1. In the navigation pane of your de-identification service (preview), scroll to the **Security** group.
+1. Select **Identity**.
+1. Select the **User assigned** tab, and then choose **Add**.
+1. Search for the identity you created, select it, and then choose **Add**.
+
+# [ARM template](#tab/azure-resource-manager)
+
+Any resource of type ``Microsoft.HealthDataAIServices/deidServices`` can be created with a user-assigned identity by including the following block in
+the resource definition, replacing **resource-id** with the Azure Resource Manager (ARM) resource ID of the desired identity:
+
+```json
+"identity": {
+    "type": "UserAssigned",
+    "userAssignedIdentities": {
+        "<resource-id>": {}
+    }
+}
+```
+
+---
+
+## Supported scenarios using managed identities
+
+Managed identities assigned to the de-identification service (preview) can be used to allow access to Azure Blob Storage for batch de-identification jobs. The service acquires a token as
+the managed identity to access Blob Storage and de-identify blobs that match a specified pattern. For more information, including how to grant access to your managed identity,
+see [Quickstart: Azure Health De-identification client library for .NET](quickstart-sdk-net.md).
+
+## Clean-up steps
+
+When you remove a system-assigned identity, you delete it from Microsoft Entra ID. System-assigned identities are also automatically removed from Microsoft Entra ID
+when you delete the de-identification service (preview).
+
+# [Azure portal](#tab/portal)
+
+1. In the navigation pane of your de-identification service (preview), scroll down to the **Security** group.
+1. Select **Identity**, then follow the steps based on the identity type:
+   - **System-assigned identity**: Within the **System assigned** tab, switch **Status** to **Off**, and then choose **Save**.
+   - **User-assigned identity**: Select the **User assigned** tab, select the checkbox for the identity, and select **Remove**. Select **Yes** to confirm.
+
+# [ARM template](#tab/azure-resource-manager)
+
+Any resource of type ``Microsoft.HealthDataAIServices/deidServices`` can have system-assigned identities deleted and user-assigned identities unassigned by 
+including this block in the resource definition:
+
+```json
+"identity": {
+    "type": "None"
+}
+```
+
+---
+
+## Related content
+
+- [What are managed identities for Azure resources?](/azure/active-directory/managed-identities-azure-resources/overview)