MicrosoftDocs
diff --git a/‎.github/policies/disallow-edits.yml
Lines changed: 7 additions & 4 deletions b/‎.github/policies/disallow-edits.yml
Lines changed: 7 additions & 4 deletions
diff --git a/‎.openpublishing.redirection.json
Lines changed: 5 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 5 additions & 0 deletions
diff --git a/‎articles/api-management/TOC.yml
Lines changed: 2 additions & 0 deletions b/‎articles/api-management/TOC.yml
Lines changed: 2 additions & 0 deletions
diff --git a/‎articles/api-management/api-management-policies.md
Lines changed: 1 addition & 0 deletions b/‎articles/api-management/api-management-policies.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/api-management/llm-content-safety-policy.md
Lines changed: 118 additions & 0 deletions b/‎articles/api-management/llm-content-safety-policy.md
Lines changed: 118 additions & 0 deletions
diff --git a/‎articles/application-gateway/configuration-infrastructure.md
Lines changed: 5 additions & 7 deletions b/‎articles/application-gateway/configuration-infrastructure.md
Lines changed: 5 additions & 7 deletions
diff --git a/‎articles/azure-cache-for-redis/cache-best-practices-client-libraries.md
Lines changed: 3 additions & 4 deletions b/‎articles/azure-cache-for-redis/cache-best-practices-client-libraries.md
Lines changed: 3 additions & 4 deletions
diff --git a/‎articles/azure-cache-for-redis/cache-redis-samples.md
Lines changed: 3 additions & 3 deletions b/‎articles/azure-cache-for-redis/cache-redis-samples.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/azure-cache-for-redis/managed-redis/managed-redis-architecture.md
Lines changed: 2 additions & 0 deletions b/‎articles/azure-cache-for-redis/managed-redis/managed-redis-architecture.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎articles/azure-cache-for-redis/managed-redis/managed-redis-best-practices-client-libraries.md
Lines changed: 5 additions & 6 deletions b/‎articles/azure-cache-for-redis/managed-redis/managed-redis-best-practices-client-libraries.md
Lines changed: 5 additions & 6 deletions
@@ -155,13 +155,16 @@ configuration:
         if:
           # If a 'sign-off' comment is added to a PR in the articles/reliability folder , and the PR author isn't Anastasia or John...
           - payloadType: Issue_Comment
-          - isPullRequest
           - filesMatchPattern:
               matchAny: true
               pattern: articles/reliability/*
-          - commentContains:
-              pattern: '\#sign-off'
-              isRegex: true
+          - or:
+              - commentContains:
+                  pattern: ^(#sign-off)$
+                  isRegex: True
+              - commentContains:
+                  pattern: ^(\#sign-off)$
+                  isRegex: True
           - not:
               or:
                 - isActivitySender:
 
@@ -200,6 +200,11 @@
       "redirect_url": "https://azuremarketplace.microsoft.com/marketplace/apps?page=1",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/partner-solutions/logzio/index.yml",
+      "redirect_url": "/previous-versions/azure/partner-solutions/logzio/index",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/partner-solutions/logzio/create.md",
       "redirect_url": "/previous-versions/azure/partner-solutions/logzio/create",
 
@@ -544,6 +544,8 @@
       href: json-to-xml-policy.md
     - name: limit-concurrency
       href: limit-concurrency-policy.md
+    - name: llm-content-safety
+      href: llm-content-safety-policy.md
     - name: llm-emit-token-metric
       href: llm-emit-token-metric-policy.md
     - name: llm-semantic-cache-lookup
 
@@ -59,6 +59,7 @@ More information about policies:
 
 |Policy  |Description  | Classic | V2  | Consumption |Self-hosted  |Workspace |
 |---------|---------|---------|---------|---------|--------|------|
+| [Enforce content safety checks on LLM requests](llm-content-safety-policy.md) | Enforces content safety checks on LLM requests (prompts) by transmitting them to the [Azure AI Content Safety](/azure/ai-services/content-safety/overview) service before sending to the backend LLM. | Yes | Yes | Yes | Yes | Yes |
 | [Validate content](validate-content-policy.md) | Validates the size or content of a request or response body against one or more API schemas. The supported schema formats are JSON and XML. | Yes | Yes | Yes | Yes | Yes |
 | [Validate GraphQL request](validate-graphql-request-policy.md) | Validates and authorizes a request to a GraphQL API. | Yes | Yes | Yes | Yes | No |
 | [Validate OData request](validate-odata-request-policy.md) | Validates a request to an OData API to ensure conformance with the OData specification. | Yes | Yes | Yes | Yes | Yes |
 
@@ -0,0 +1,118 @@
+---
+title: Azure API Management policy reference - llm-content-safety
+description: Reference for the llm-content-safety policy available for use in Azure API Management. Provides policy usage, settings, and examples.
+services: api-management
+author: dlepow
+
+ms.service: azure-api-management
+ms.collection: ce-skilling-ai-copilot
+ms.custom:
+ms.topic: article
+ms.date: 03/04/2025
+ms.author: danlep
+---
+
+# Enforce content safety checks on LLM requests
+
+[!INCLUDE [api-management-availability-premium-dev-standard-basic-premiumv2-standardv2-basicv2](../../includes/api-management-availability-premium-dev-standard-basic-premiumv2-standardv2-basicv2.md)]
+
+The `llm-content-safety` policy enforces content safety checks on large language model (LLM) requests (prompts) by transmitting them to the [Azure AI Content Safety](/azure/ai-services/content-safety/overview) service before sending to the backend LLM API. When the policy is enabled and Azure AI Content Safety detects malicious content, API Management blocks the request and returns a `403` error code. 
+
+Use the policy in scenarios such as the following:
+
+* Block requests that contain predefined categories of harmful content or hate speech
+* Apply custom blocklists to prevent specific content from being sent
+* Shield against prompts that match attack patterns
+
+[!INCLUDE [api-management-policy-generic-alert](../../includes/api-management-policy-generic-alert.md)]
+
+## Prerequisites
+
+* An [Azure AI Content Safety](/azure/ai-services/content-safety/) resource. 
+* An API Management [backend](backends.md) configured to route content safety API calls and authenticate to the Azure AI Content Safety service, in the form `https://<content-safety-service-name>.cognitiveservices.azure.com`. Managed identity with Cognitive Services User role is recommended for authentication.
+
+
+## Policy statement
+
+```xml
+<llm-content-safety backend-id="name of backend entity" shield-prompt="true | false" >
+    <categories output-type="FourSeverityLevels | EightSeverityLevels">
+        <category name="Hate | SelfHarm | Sexual | Violence" threshold="integer" />
+        <!-- If there are multiple categories, add more category elements -->
+        [...]
+    </categories>
+    <blocklists>
+        <id>blocklist-identifier</id>
+        <!-- If there are multiple blocklists, add more id elements -->
+        [...]
+    </blocklists>
+</llm-content-safety>
+```
+
+## Attributes
+
+| Attribute           | Description                                                                                           | Required | Default |
+| -------------- | ----------------------------------------------------------------------------------------------------- | -------- | ------- |
+| backend-id	| Identifier (name) of the Azure AI Content Safety backend to route content-safety API calls to. Policy expressions are allowed.	|  Yes	| N/A |
+| shield-prompt	| If set to `true`, content is checked for user attacks. Otherwise, skip this check. Policy expressions are allowed.	| No	| `false` |
+
+
+## Elements
+
+| Element	| Description	| Required |
+| -------------- | -----| -------- |
+| categories	| A list of `category` elements that specify settings for blocking requests when the category is detected. | 	No |
+| blocklists	| A list of [blocklist](/azure/ai-services/content-safety/how-to/use-blocklist) `id` elements from the Azure AI Content Safety instance for which detection causes the request to be blocked. Policy expressions are allowed.	| No |
+
+### categories attributes
+
+| Attribute           | Description                                                                                           | Required | Default |
+| -------------- | ----------------------------------------------------------------------------------------------------- | -------- | ------- |
+| output-type	| Specifies how severity levels are returned by Azure AI Content Safety. The attribute must have one of the following values.<br /><br />- `FourSeverityLevels`: Output severities in four levels: 0,2,4,6.<br/>- `EightSeverityLevels`: Output severities in eight levels: 0,1,2,3,4,5,6,7.<br/><br/>Policy expressions are allowed.	| No	| `FourSeverityLevels` |
+
+
+### category attributes
+
+| Attribute           | Description                                                                                           | Required | Default |
+| -------------- | ----------------------------------------------------------------------------------------------------- | -------- | ------- |
+| name	| Specifies the name of this category. The attribute must have one of the following values: `Hate`, `SelfHarm`, `Sexual`, `Violence`. Policy expressions are allowed.	| Yes	| N/A |
+| threshold	| Specifies the threshold value for this category at which request are blocked. Requests with content severities less than the threshold aren't blocked. The value must be between 0 and 7. Policy expressions are allowed.	| Yes	| N/A |
+
+
+## Usage
+
+- [**Policy sections:**](./api-management-howto-policies.md#sections) inbound
+- [**Policy scopes:**](./api-management-howto-policies.md#scopes) global, workspace, product, API
+- [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption, self-hosted, workspace
+
+### Usage notes
+
+* The policy runs on a concatenation of all text content in a completion or chat completion request.
+* If the request exceeds the character limit of Azure AI Content Safety, a `403` error is returned.
+* This policy can be used multiple times per policy definition.
+
+## Example
+
+The following example enforces content safety checks on LLM requests using the Azure AI Content Safety service. The policy blocks requests that contain speech in the `Hate` or `Violence` category with a severity level of 4 or higher. The `shield-prompt` attribute is set to `true` to check for adversarial attacks.
+
+```xml
+<policies>
+    <inbound>
+        <llm-content-safety backend-id="content-safety-backend" shield-prompt="true">
+            <categories output-type="EightSeverityLevels">
+                <category name="Hate" threshold="4" />
+                <category name="Violence" threshold="4" />
+            </categories>
+        </llm-content-safety>
+    </inbound>
+</policies>
+
+```
+
+## Related policies
+
+* [Content validation](api-management-policies.md#content-validation)
+* [llm-token-limit](llm-token-limit-policy.md) policy
+* [llm-emit-token-metric](llm-emit-token-metric-policy.md) policy
+
+[!INCLUDE [api-management-policy-ref-next-steps](../../includes/api-management-policy-ref-next-steps.md)]
@@ -83,13 +83,11 @@ Depending on whether you're creating new resources or using existing ones, add t
 
 |Resource | Resource status | Required Azure permissions |
 |---|---|---|
-| Subnet | Create new| Microsoft.Network/virtualNetworks/subnets/write<br>Microsoft.Network/virtualNetworks/subnets/join/action |
-| Subnet | Use existing| Microsoft.Network/virtualNetworks/subnets/read<br>Microsoft.Network/virtualNetworks/subnets/join/action |
-| IP addresses| Create new| Microsoft.Network/publicIPAddresses/write<br>Microsoft.Network/publicIPAddresses/join/action |
-| IP addresses  | Use existing| Microsoft.Network/publicIPAddresses/read<br>Microsoft.Network/publicIPAddresses/join/action |
-| ApplicationGatewayWebApplicationFirewallPolicies | Create new / Update existing | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/write 
-Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/read 
-Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/join/action |
+| Subnet | Create new| `Microsoft.Network/virtualNetworks/subnets/write' <br> 'Microsoft.Network/virtualNetworks/subnets/join/action` |
+| Subnet | Use existing| `Microsoft.Network/virtualNetworks/subnets/read` <br> `Microsoft.Network/virtualNetworks/subnets/join/action` |
+| IP addresses| Create new| `Microsoft.Network/publicIPAddresses/write` <br> `Microsoft.Network/publicIPAddresses/join/action` |
+| IP addresses  | Use existing| `Microsoft.Network/publicIPAddresses/read` <br> `Microsoft.Network/publicIPAddresses/join/action` |
+| ApplicationGatewayWebApplicationFirewallPolicies | Create new / Update existing | `Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/write` <br> `Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/read` <br> `Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/join/action` |
 
 For more information, see [Azure permissions for Networking](../role-based-access-control/permissions/networking.md) and [Virtual network permissions](../virtual-network/virtual-network-manage-subnet.md#permissions).
 ## Roles scope
 
@@ -34,12 +34,11 @@ For information on client library-specific guidance best practices, see the foll
 
 - [StackExchange.Redis (.NET)](cache-best-practices-connection.md#using-forcereconnect-with-stackexchangeredis)
 - [Lettuce (Java)](https://github.com/Azure/AzureCacheForRedis/blob/main/Lettuce%20Best%20Practices.md)
-- [Jedis (Java)](https://gist.github.com/JonCole/925630df72be1351b21440625ff2671f#file-redis-bestpractices-java-jedis-md)
+- [Jedis (Java)](https://github.com/Azure/AzureCacheForRedis/blob/main/Redis-BestPractices-Java-Jedis.md)
 - [Redisson (Java)](cache-best-practices-client-libraries.md#redisson-java)
-- [Node.js](https://gist.github.com/JonCole/925630df72be1351b21440625ff2671f#file-redis-bestpractices-node-js-md)
-- [PHP](https://gist.github.com/JonCole/925630df72be1351b21440625ff2671f#file-redis-bestpractices-php-md)
+- [Node.js](https://github.com/Azure/AzureCacheForRedis/blob/main/Redis-BestPractices-Node-js.md)
+- [PHP](https://github.com/Azure/AzureCacheForRedis/blob/main/Redis-BestPractices-PHP.md)
 - [HiRedisCluster](https://github.com/Azure/AzureCacheForRedis/blob/main/HiRedisCluster%20Best%20Practices.md)
-- [ASP.NET Session State Provider](https://gist.github.com/JonCole/925630df72be1351b21440625ff2671f#file-redis-bestpractices-session-state-provider-md)
 
 ## Redisson (Java)
 
 
@@ -6,18 +6,18 @@ description: 'Learn how to use Azure Cache for Redis with these code samples: co
 
 ms.custom:
 ms.topic: sample
-ms.date: 05/11/2021
+ms.date: 03/04/2025
 ---
 # Azure Cache for Redis samples
 
-You'll find a list of Azure Cache for Redis samples in this article.
+You'll find a list of Azure Redis samples in this article.
 The samples cover scenarios such as:
 
 * Connecting to a cache
 * Reading and writing data to and from a cache
 * And using the ASP.NET Azure Cache for Redis providers.
 
-Some samples are downloadable projects. Other samples provide step-by-step guidance that includes code snippets but don't link to a downloadable project.
+Some samples are downloadable projects. Other samples provide step-by-step guidance that includes code snippets, but don't link to a downloadable project.
 
 ## Hello world samples
 
 
@@ -49,6 +49,8 @@ Azure Managed Redis offers two choices for clustering policy: _OSS_ and _Enterpr
 
 The **OSS clustering policy** implements the same [Redis Cluster API](https://redis.io/docs/reference/cluster-spec/) as community edition Redis. The Redis Cluster API allows the Redis client to connect directly to shards on each Redis node, minimizing latency and optimizing network throughput, allowing throughput to scale near-linearly as the number of shards and vCPUs increases. The OSS clustering policy generally provides the best latency and throughput performance. The OSS cluster policy, however, requires your client library to support the Redis Cluster API. Today, almost all Redis clients support the Redis Cluster API, but compatibility might be an issue for older client versions or specialized libraries. OSS clustering policy also can't be used with the [RediSearch module](../cache-redis-modules.md).
 
+The OSS clustering protocol requires the client to make the correct shard connections. The initial connection is through port 10000. Connecting to individual nodes is done using ports in the 85XX range. The 85xx ports will change over time and shouldn't be hardcoded into your application. Redis clients that support clustering use the [CLUSTER NODES](https://redis.io/commands/cluster-nodes/) command to determine the exact ports used for the primary and replica shards and make the shard connections for you. 
+
 The **Enterprise clustering policy** is a simpler configuration that utilizes a single endpoint for all client connections. Using the Enterprise clustering policy routes all requests to a single Redis node that is then used as a proxy, internally routing requests to the correct node in the cluster. The advantage of this approach is that it makes Azure Managed Redis look nonclustered to users. That means that Redis client libraries don’t need to support Redis Clustering to gain some of the performance advantages of Redis Enterprise, boosting backwards compatibility and making the connection simpler. The downside is that the single node proxy can be a bottleneck, in either compute utilization or network throughput. The Enterprise clustering policy is the only one that can be used with the [RediSearch module](../cache-redis-modules.md). While the Enterprise cluster policy makes an Azure Managed Redis instance appear to be nonclustered to users, it still has some limitations with [Multi-key commands](#multi-key-commands).
 
 ### Scaling out or adding nodes
 
@@ -63,14 +63,13 @@ In Active-Active databases, multi-key write commands (`DEL`, `MSET`, `UNLINK`) c
 
 For information on client library-specific guidance best practices, see the following links:
 
-- [StackExchange.Redis (.NET)](../cache-best-practices-connection.md#using-forcereconnect-with-stackexchangeredis)
+- [StackExchange.Redis (.NET)](managed-redis-best-practices-connection.md#using-forcereconnect-with-stackexchangeredis)
 - [Lettuce (Java)](https://github.com/Azure/AzureCacheForRedis/blob/main/Lettuce%20Best%20Practices.md)
-- [Jedis (Java)](https://gist.github.com/JonCole/925630df72be1351b21440625ff2671f#file-redis-bestpractices-java-jedis-md)
-- [Redisson (Java)](../cache-best-practices-client-libraries.md#redisson-java)
-- [Node.js](https://gist.github.com/JonCole/925630df72be1351b21440625ff2671f#file-redis-bestpractices-node-js-md)
-- [PHP](https://gist.github.com/JonCole/925630df72be1351b21440625ff2671f#file-redis-bestpractices-php-md)
+- [Jedis (Java)](https://github.com/Azure/AzureCacheForRedis/blob/main/Redis-BestPractices-Java-Jedis.md)
+- [Redisson (Java)](managed-redis-best-practices-client-libraries.md#redisson-java)
+- [Node.js](https://github.com/Azure/AzureCacheForRedis/blob/main/Redis-BestPractices-Node-js.md)
+- [PHP](https://github.com/Azure/AzureCacheForRedis/blob/main/Redis-BestPractices-PHP.md)
 - [HiRedisCluster](https://github.com/Azure/AzureCacheForRedis/blob/main/HiRedisCluster%20Best%20Practices.md)
-- [ASP.NET Session State Provider](https://gist.github.com/JonCole/925630df72be1351b21440625ff2671f#file-redis-bestpractices-session-state-provider-md)
 
 ## Redisson (Java)