Skip to content

Commit 48663f0

Browse files
committed
Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into updateTitles
2 parents 4e20f42 + 110cc4f commit 48663f0

39 files changed

+1054
-28
lines changed

articles/azure-government/documentation-government-cognitiveservices.md

Lines changed: 13 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -623,9 +623,10 @@ For more information, please see [public documentation](../cognitive-services/Fa
623623
624624
### Variations
625625
* The URI for accessing the Text Translation API in Azure Government is:
626-
- `https://dev.microsofttranslator.us/translate?api-version=3.0`
627-
### Text Translation Method
628-
This sample will use the [Text Translation - Translate method](../cognitive-services/translator/reference/v3-0-translate.md) to translate a string of text from a language into another specified language. There are multiple [language codes](https://api.cognitive.microsofttranslator.com/languages?api-version=3.0&scope=translation,dictionary,transliteration) that can be used with the Text Translation API.
626+
- `https://api.cognitive.microsofttranslator.us`
627+
* There are 2 regions `USGovVirginia` and `USGovArizona`
628+
### Text Translation Method
629+
The below example uses [Text Translation - Translate method](../cognitive-services/translator/reference/v3-0-translate.md) to translate a string of text from a language into another specified language. There are multiple [language codes](https://api.cognitive.microsofttranslator.com/languages?api-version=3.0&scope=translation) that can be used with the Text Translation API.
629630

630631
### Text Translation C# example request
631632

@@ -634,8 +635,9 @@ The sample is written in C#.
634635
1. Create a new Console solution in Visual Studio.
635636
2. Replace Program.cs with the corresponding code below.
636637
3. Replace the `subscriptionKey` value with the key value that you retrieved above.
637-
4. Replace the `text` value with text that you want to translate.
638-
5. Run the program.
638+
4. Replace the `region` value with the region value where you created your translator resource.
639+
5. Replace the `text` value with text that you want to translate.
640+
6. Run the program.
639641

640642
You can also test out different languages and texts by replacing the "text", "from", and "to" variables in Program.cs.
641643

@@ -657,7 +659,7 @@ namespace TextTranslator
657659
{
658660
class Program
659661
{
660-
static string host = "https://dev.microsofttranslator.us";
662+
static string host = "https://api.cognitive.microsofttranslator.us";
661663
static string path = "/translate?api-version=3.0";
662664
// Translate to German.
663665
static string params_ = "&to=de";
@@ -666,7 +668,10 @@ namespace TextTranslator
666668

667669
// NOTE: Replace this example key with a valid subscription key.
668670
static string key = "PASTE KEY HERE";
669-
671+
672+
// NOTE: Replace this example region with a valid region.
673+
static string region = "PASTE REGION HERE";
674+
670675
static string text = "Hello world!";
671676

672677
async static void Translate()
@@ -681,6 +686,7 @@ namespace TextTranslator
681686
request.RequestUri = new Uri(uri);
682687
request.Content = new StringContent(requestBody, Encoding.UTF8, "application/json");
683688
request.Headers.Add("Ocp-Apim-Subscription-Key", key);
689+
request.Headers.Add("Ocp-Apim-Subscription-Region", region);
684690

685691
var response = await client.SendAsync(request);
686692
var responseBody = await response.Content.ReadAsStringAsync();

articles/azure-government/documentation-government-services-aiandcognitiveservices.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,9 @@ See details of supported locales by features in [Language and region support for
113113
Variations in Azure Government:
114114

115115
- Endpoint: https://api.cognitive.microsofttranslator.us
116-
- Auth Token Service: https://virginia.api.cognitive.microsoft.us/sts/v1.0/issueToken
116+
- Auth Token Service:
117+
- https://usgovvirginia.api.cognitive.microsoft.us/sts/v1.0/issueToken
118+
- https://usgovarizona.api.cognitive.microsoft.us/sts/v1.0/issueToken
117119
- Available SKUs: S1
118120
- Custom Translator and Translator Hub are not supported.
119121

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
---
2+
title: Content Moderator encryption of data at rest
3+
titleSuffix: Azure Cognitive Services
4+
description: Content Moderator encryption of data at rest.
5+
author: erindormier
6+
manager: venkyv
7+
8+
ms.service: cognitive-services
9+
ms.subservice: content-moderator
10+
ms.topic: conceptual
11+
ms.date: 03/13/2020
12+
ms.author: egeaney
13+
#Customer intent: As a user of the Content Moderator service, I want to learn how encryption at rest works.
14+
---
15+
16+
# Content Moderator encryption of data at rest
17+
18+
Content Moderator automatically encrypts your data when it is persisted to the cloud, helping to meet your organizational security and compliance goals.
19+
20+
[!INCLUDE [cognitive-services-about-encryption](../../../includes/cognitive-services-about-encryption.md)]
21+
22+
> [!IMPORTANT]
23+
> Customer-managed keys are only available on the E0 pricing tier. To request the ability to use customer-managed keys, fill out and submit the [Content Moderator Customer-Managed Key Request Form](https://aka.ms/cogsvc-cmk). It will take approximately 3-5 business days to hear back on the status of your request. Depending on demand, you may be placed in a queue and approved as space becomes available. Once approved for using CMK with the Content Moderator service, you will need to create a new Content Moderator resource and select E0 as the Pricing Tier. Once your Content Moderator resource with the E0 pricing tier is created, you can use Azure Key Vault to set up your managed identity.
24+
25+
[!INCLUDE [cognitive-services-cmk](../../../includes/cognitive-services-cmk-regions.md)]
26+
27+
[!INCLUDE [cognitive-services-cmk](../../../includes/cognitive-services-cmk.md)]
28+
29+
## Enable data encryption for your Content Moderator Team
30+
31+
To enable data encryption for your Content Moderator Review Team, see the [Quickstart: Try Content Moderator on the web](quick-start.md#create-a-review-team).
32+
33+
> [!NOTE]
34+
> You'll need to provide a _Resource ID_ with the Content Moderator E0 pricing tier.
35+
36+
37+
## Next steps
38+
39+
* [Content Moderator Customer-Managed Key Request Form](https://aka.ms/cogsvc-cmk)
40+
* [Learn more about Azure Key Vault](https://docs.microsoft.com/azure/key-vault/key-vault-overview)

articles/cognitive-services/Content-Moderator/toc.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -134,3 +134,5 @@
134134
href: https://azure.microsoft.com/global-infrastructure/services/?products=cognitive-services
135135
- name: Compliance
136136
href: https://azure.microsoft.com/support/legal/cognitive-services-compliance-and-privacy/
137+
- name: Encryption
138+
href: content-moderator-encryption-of-data-at-rest.md
Lines changed: 107 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,107 @@
1+
---
2+
title: Use the Azure portal to configure customer-managed keys
3+
titleSuffix: Cognitive Services
4+
description: Learn how to use the Azure portal to configure customer-managed keys with Azure Key Vault. Customer-managed keys enable you to create, rotate, disable, and revoke access controls.
5+
services: cognitive-services
6+
author: erindormier
7+
8+
ms.service: cognitive-services
9+
ms.topic: include
10+
ms.date: 03/11/2020
11+
ms.author: egeaney
12+
---
13+
14+
# Configure customer-managed keys with Azure Key Vault by using the Azure portal
15+
16+
You must use Azure Key Vault to store your customer-managed keys. You can either create your own keys and store them in a key vault, or you can use the Azure Key Vault APIs to generate keys. The Cognitive Services resource and the key vault must be in the same region and in the same Azure Active Directory (Azure AD) tenant, but they can be in different subscriptions. For more information about Azure Key Vault, see [What is Azure Key Vault?](https://docs.microsoft.com/azure/key-vault/key-vault-overview).
17+
18+
This article shows how to configure an Azure Key Vault with customer-managed keys using the [Azure portal](https://portal.azure.com/). To learn how to create a key vault using the Azure portal, see [Quickstart: Set and retrieve a secret from Azure Key Vault using the Azure portal](../../key-vault/quick-create-portal.md).
19+
20+
## Configure Azure Key Vault
21+
22+
Using customer-managed keys requires that two properties be set on the key vault, **Soft Delete** and **Do Not Purge**. These properties are not enabled by default, but can be enabled using either PowerShell or Azure CLI on a new or existing key vault.
23+
24+
> [!IMPORTANT]
25+
> If you do not have the **Soft Delete** and **Do Not Purge** properties enabled and you delete your key, you won't be able to recover the data in your Cognitive Service resource.
26+
27+
To learn how to enable these properties on an existing key vault, see the sections titled **Enabling soft-delete** and **Enabling Purge Protection** in one of the following articles:
28+
29+
- [How to use soft-delete with PowerShell](https://docs.microsoft.com/azure/key-vault/key-vault-soft-delete-powershell).
30+
- [How to use soft-delete with CLI](https://docs.microsoft.com/azure/key-vault/key-vault-soft-delete-cli).
31+
32+
Only RSA keys of size 2048 are supported with Azure Storage encryption. For more information about keys, see **Key Vault keys** in [About Azure Key Vault keys, secrets and certificates](https://docs.microsoft.com/azure/key-vault/about-keys-secrets-and-certificates#key-vault-keys).
33+
34+
## Enable customer-managed keys
35+
36+
To enable customer-managed keys in the Azure portal, follow these steps:
37+
38+
1. Navigate to your Cognitive Services resource.
39+
1. On the **Settings** blade for your Cognitive Services resource, click **Encryption**. Select the **Customer Managed Keys** option, as shown in the following figure.
40+
41+
![Screenshot showing how to select Customer Managed Keys](../media/cognitive-services-encryption/selectcmk.png)
42+
43+
## Specify a key
44+
45+
After you enable customer-managed keys, you'll have the opportunity to specify a key to associate with the Cognitive Services resource.
46+
47+
### Specify a key as a URI
48+
49+
To specify a key as a URI, follow these steps:
50+
51+
1. To locate the key URI in the Azure portal, navigate to your key vault, and select the **Keys** setting. Select the desired key, then click the key to view its versions. Select a key version to view the settings for that version.
52+
1. Copy the value of the **Key Identifier** field, which provides the URI.
53+
54+
![Screenshot showing key vault key URI](../media/cognitive-services-encryption/key-uri-portal.png)
55+
56+
1. In the **Encryption** settings for your storage account, choose the **Enter key URI** option.
57+
1. Paste the URI that you copied into the **Key URI** field.
58+
59+
![Screenshot showing how to enter key URI](../media/cognitive-services-encryption/ssecmk2.png)
60+
61+
1. Specify the subscription that contains the key vault.
62+
1. Save your changes.
63+
64+
### Specify a key from a key vault
65+
66+
To specify a key from a key vault, first make sure that you have a key vault that contains a key. To specify a key from a key vault, follow these steps:
67+
68+
1. Choose the **Select from Key Vault** option.
69+
1. Select the key vault containing the key you want to use.
70+
1. Select the key from the key vault.
71+
72+
![Screenshot showing customer-managed key option](../media/cognitive-services-encryption/ssecmk3.png)
73+
74+
1. Save your changes.
75+
76+
## Update the key version
77+
78+
When you create a new version of a key, update the Cognitive Services resource to use the new version. Follow these steps:
79+
80+
1. Navigate to your Cognitive Services resource and display the **Encryption** settings.
81+
1. Enter the URI for the new key version. Alternately, you can select the key vault and the key again to update the version.
82+
1. Save your changes.
83+
84+
## Use a different key
85+
86+
To change the key used for encryption, follow these steps:
87+
88+
1. Navigate to your Cognitive Services resource and display the **Encryption** settings.
89+
1. Enter the URI for the new key. Alternately, you can select the key vault and choose a new key.
90+
1. Save your changes.
91+
92+
## Disable customer-managed keys
93+
94+
When you disable customer-managed keys, your Cognitive Services resource is then encrypted with Microsoft-managed keys. To disable customer-managed keys, follow these steps:
95+
96+
1. Navigate to your Cognitive Services resource and display the **Encryption** settings.
97+
1. Deselect the checkbox next to the **Use your own key** setting.
98+
99+
## Next steps
100+
101+
* [What is Azure Key Vault](https://docs.microsoft.com/azure/key-vault/key-vault-overview)?
102+
* [Cognitive Services Customer-Managed Key Request Form](https://aka.ms/cogsvc-cmk)
103+
* [Face Services encryption of data at rest](../Face/face-encryption-of-data-at-rest.md)
104+
* [QnA Maker encryption of data at rest](../QnAMaker/qna-maker-encryption-of-data-at-rest.md)
105+
* [Language Understanding service encryption of data at rest](../LUIS/luis-encryption-of-data-at-rest.md)
106+
* [Content Moderator encryption of data at rest](../Content-Moderator/content-moderator-encryption-of-data-at-rest.md)
107+
* [Translator encryption of data at rest](../translator/translator-encryption-of-data-at-rest.md)
Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
---
2+
title: Face service encryption of data at rest
3+
titleSuffix: Azure Cognitive Services
4+
description: Face service encryption of data at rest.
5+
author: erindormier
6+
manager: venkyv
7+
8+
ms.service: cognitive-services
9+
ms.subservice: face-api
10+
ms.topic: conceptual
11+
ms.date: 03/11/2020
12+
ms.author: egeaney
13+
#Customer intent: As a user of the Face service, I want to learn how encryption at rest works.
14+
---
15+
16+
# Face service encryption of data at rest
17+
18+
The Face service automatically encrypts your data when persisted it to the cloud. The Face service encryption protects your data and to help you to meet your organizational security and compliance commitments.
19+
20+
[!INCLUDE [cognitive-services-about-encryption](../../../includes/cognitive-services-about-encryption.md)]
21+
22+
> [!IMPORTANT]
23+
> Customer-managed keys are only available on the E0 pricing tier. To request the ability to use customer-managed keys, fill out and submit the [Face Service Customer-Managed Key Request Form](https://aka.ms/cogsvc-cmk). It will take approximately 3-5 business days to hear back on the status of your request. Depending on demand, you may be placed in a queue and approved as space becomes available. Once approved for using CMK with the Face service, you will need to create a new Face resource and select E0 as the Pricing Tier. Once your Face resource with the E0 pricing tier is created, you can use Azure Key Vault to set up your managed identity.
24+
25+
[!INCLUDE [cognitive-services-cmk](../../../includes/cognitive-services-cmk-regions.md)]
26+
27+
[!INCLUDE [cognitive-services-cmk](../../../includes/cognitive-services-cmk.md)]
28+
29+
## Next steps
30+
31+
* [Face Service Customer-Managed Key Request Form](https://aka.ms/cogsvc-cmk)
32+
* [Learn more about Azure Key Vault](https://docs.microsoft.com/azure/key-vault/key-vault-overview)
33+
34+

articles/cognitive-services/Face/toc.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -114,6 +114,8 @@
114114
- name: Regional availability
115115
href: https://azure.microsoft.com/global-infrastructure/services/?products=cognitive-services
116116
- name: Compliance
117-
href: https://azure.microsoft.com/support/legal/cognitive-services-compliance-and-privacy/
117+
href: https://azure.microsoft.com/support/legal/cognitive-services-compliance-and-privacy/
118+
- name: Encryption
119+
href: face-encryption-of-data-at-rest.md
118120
- name: Release notes
119121
href: ReleaseNotes.md

0 commit comments

Comments
 (0)