Merge pull request #278887 from MicrosoftDocs/main

Publish to live, Friday 4 AM PST, 6/21

Author: ttorble

articles/backup/media/backup-azure-immutable-vault/disable-immutable-vault-settings.png

@@ -1,7 +1,7 @@
 ---
 title: List of built-in policy initiatives
 description: List built-in policy initiatives for Azure Policy. Categories include Regulatory Compliance, Guest Configuration, and more.
-ms.date: 06/17/2024
+ms.date: 06/21/2024
 ms.topic: sample
 ms.custom: generated
 ---

articles/backup/media/backup-azure-immutable-vault/enable-immutable-vault-settings-backup-vault.png

@@ -1,7 +1,7 @@
 ---
 title: List of built-in policy definitions
 description: List built-in policy definitions for Azure Policy. Categories include Tags, Regulatory Compliance, Key Vault, Kubernetes, Guest Configuration, and more.
-ms.date: 06/17/2024
+ms.date: 06/21/2024
 ms.topic: sample
 ms.custom: generated
 ---

articles/governance/policy/samples/built-in-initiatives.md

@@ -371,6 +371,9 @@ environment_variables:
   my_connection: <override_connection_name>
 ```
 
+If you want to override a specific field of the connection, you can override by adding environment variables with naming pattern `<connection_name>_<field_name>`. For example, if your flow uses a connection named `my_connection` with a configuration key called `chat_deployment_name`, the serving backend will attempt to retrieve `chat_deployment_name` from the environment variable 'MY_CONNECTION_CHAT_DEPLOYMENT_NAME' by default. If the environment variable is not set, it will use the original value from the flow definition.
+
+
 **Option 2**: override by referring to asset
 
 ```yaml
@@ -461,7 +464,7 @@ environment_variables:
 While tuning above parameters, you need to monitor the following metrics to ensure optimal performance and stability:
 - Instance CPU/Memory utilization of this deployment
 - Non-200 responses (4xx, 5xx)
-    - If you receive a 429 response, this typically indicates that you need to either re-tune your concurrency settings following the above guide or scale your deployment.
+    - If you receive a 429 response, this typically indicates that you need to either retune your concurrency settings following the above guide or scale your deployment.
 - Azure OpenAI throttle status
 
 ### Monitor endpoints
@@ -497,6 +500,16 @@ request_settings:
   request_timeout_ms: 300000
 ```
 
+> [!NOTE]
+>
+> 300,000 ms timeout only works for maanged online deployments from prompt flow. You need to make sure that you have added properties for your model as below (either inline model specification in the deployment yaml or standalone model specification yaml) to indicate this is a deployment from prompt flow.
+
+```yaml
+properties:
+  # indicate a deployment from prompt flow
+  azureml.promptflow.source_flow_id: <value>
+```
+
 ## Next steps
 
 - Learn more about [managed online endpoint schema](../reference-yaml-endpoint-online.md) and [managed online deployment schema](../reference-yaml-deployment-managed-online.md).

articles/governance/policy/samples/built-in-policies.md

@@ -74,7 +74,7 @@ To learn how to deploy your flow as an online endpoint, see  [Deploy a flow to o
 
 > [!NOTE]
 > 
-> Deploy with Runtime environment version later than version `20230710.v2`.
+> Deploy with Runtime environment version later than version `20230816.v10`.
 
 You can check your runtime version and update runtime in the run time detail page.
 
@@ -258,17 +258,27 @@ If the response code is "424 Model Error", it means that the error is caused by
 
 ### Consume using Python
 
+In this sample usage, we are using the `SSEClient` class. This class is not a built-in Python class and needs to be installed separately. You can install it via pip:
+
+```bash
+pip install sseclient-py
+```
+
 A sample usage would like:
 
 ```python
+import requests
+from sseclient import SSEClient
+from requests.exceptions import HTTPError
+
 try:
     response = requests.post(url, json=body, headers=headers, stream=stream)
     response.raise_for_status()
 
     content_type = response.headers.get('Content-Type')
     if "text/event-stream" in content_type:
-        event_stream = EventStream(response.iter_lines())
-        for event in event_stream:
+        client = SSEClient(response)
+        for event in client.events():
             # Handle event, i.e. print to stdout
     else:
         # Handle json response
@@ -279,15 +289,15 @@ except HTTPError:
 
 ### Consume using JavaScript
 
-There are several libraries to consume server-sent events in JavaScript. For example, this is the [sse.js library](https://www.npmjs.com/package/sse.js?activeTab=code).
+There are several libraries to consume server-sent events in JavaScript. Here is [one of them as an example](https://www.npmjs.com/package/sse.js?activeTab=code).
 
 ## A sample chat app using Python
 
-Here's a sample chat app written in Python.
+[Here's a sample chat app written in Python](https://github.com/microsoft/promptflow/blob/main/docs/media/how-to-guides/how-to-enable-streaming-mode/scripts/chat_app.py).
 
 :::image type="content" source="./media/how-to-enable-streaming-mode/chat-app.gif" alt-text="Gif a sample chat app using Python."lightbox ="./media/how-to-enable-streaming-mode/chat-app.gif":::
 
-## Advance usage - hybrid stream and non-stream flow output
+## Advanced usage - hybrid stream and non-stream flow output
 
 Sometimes, you might want to get both stream and non-stream results from a flow output. For example, in the “Chat with Wikipedia” flow, you might want to get not only LLM’s answer, but also the list of URLs that the flow searched. To do this, you need to modify the flow to output a combination of stream LLM’s answer and non-stream URL list.
 
@@ -297,7 +307,7 @@ In the sample "Chat With Wikipedia" flow, the output is connected to the LLM nod
 
 The output of the flow will be a non-stream field as the base and a stream field as the delta. Here's an example of request and response.
 
-### Advance usage - 0. The client sends a message to the server
+### Advanced usage - 0. The client sends a message to the server
 
 ```JSON
 POST https://<your-endpoint>.inference.ml.azure.com/score

articles/machine-learning/prompt-flow/how-to-deploy-to-code.md

@@ -111,8 +111,11 @@ This section shows how to get an access token using the VM's user-assigned manag
 
 ## Connect using Managed Identity in Python
 
-For a Python code example, please refer to the [Quickstart: Use Python to connect and query data in Azure Database for PostgreSQL - Flexible Server
-](./connect-python.md)
+For a Python code example, please refer to the [Quickstart: Use Python to connect and query data in Azure Database for PostgreSQL - Flexible Server](./connect-python.md)
+
+## Connect using Managed Identity in Java
+
+For a Java code example, please refer to the [Quickstart: Use Java and JDBC with Azure Database for PostgreSQL - Flexible Server](./connect-java.md)
 
 ## Connect using Managed Identity in C#
 
@@ -202,7 +205,7 @@ Opening connection using access token...
 
 Connected!
 
-Postgres version: PostgreSQL 11.11, compiled by Visual C++ build 1800, 64-bit
+Postgres version: PostgreSQL 11.11, compiled by Visual C++ build 1800, 64-bit 
 ```
 
 ## Next steps

articles/machine-learning/prompt-flow/how-to-enable-streaming-mode.md

@@ -1,6 +1,6 @@
 ---
 title: Vector search on Azure Database for PostgreSQL
-description: Enable semantic simiolarity search for Retrieval Augemented Generation (RAG) on Azure Database for PostgreSQL with pgvector database extension.
+description: Enable semantic similarity search for Retrieval Augmented Generation (RAG) on Azure Database for PostgreSQL with pgvector database extension.
 author: AvijitkGupta
 ms.author: avijitgupta
 ms.reviewer: kabharati, maghan
@@ -13,7 +13,7 @@ ms.custom:
   - ignite-2023
 ---
 
-# How to enable and use `pgvector` on Azure Database for PostgreSQL - Flexible Server
+# How to enable and use pgvector on Azure Database for PostgreSQL - Flexible Server
 
 [!INCLUDE [applies-to-postgresql-flexible-server](~/reusable-content/ce-skilling/azure/includes/postgresql/includes/applies-to-postgresql-flexible-server.md)]
 
@@ -23,6 +23,9 @@ ms.custom:
 
 Before you can enable `pgvector` on your Azure Database for PostgreSQL flexible server instance, you need to add it to your allowlist as described in [how to use PostgreSQL extensions](./concepts-extensions.md#how-to-use-postgresql-extensions) and check if correctly added by running `SHOW azure.extensions;`.
 
+> [!IMPORTANT]
+> Notice that although all PostgreSQL community tends to refer to this extension as pgvector, the name of the binary and the extension itself is simply `vector`. Take that into consideration, because that is the name you must use to allowlist it or to create it on any database via the CREATE EXTENSION command.
+
 Then you can install the extension, by connecting to your target database and running the [CREATE EXTENSION](https://www.postgresql.org/docs/current/static/sql-createextension.html) command. You need to repeat the command separately for every database you want the extension to be available in.
 
 ```sql

articles/postgresql/flexible-server/how-to-connect-with-managed-identity.md

@@ -58,7 +58,7 @@ Here are the limitations of this feature:
 
 + Renaming a SharePoint folder doesn't trigger incremental indexing. A renamed folder is treated as new content.
 
-+ SharePoint supports a granular authorization model that determines per-user access at the document level. The indexer doesn't pull these permissions into the index, and Azure AI Search doesn't support document-level authorization. When a document is indexed from SharePoint into a search service, the content is available to anyone who has read access to the index. If you require document-level permissions, you should consider [security filters to trim results](search-security-trimming-for-azure-search-with-aad.md) and automate copying the permissions at a file level to a field in the index.
++ SharePoint supports a granular authorization model that determines per-user access at the document level. The indexer doesn't pull these permissions into the index, and Azure AI Search doesn't support document-level authorization. When a document is indexed from SharePoint into a search service, the content is available to anyone who has read access to the index. If you require document-level permissions, you should consider [security filters to trim results](search-security-trimming-for-azure-search.md) and automate copying the permissions at a file level to a field in the index.
 
 + Indexing user-encrypted files, Information Rights Management (IRM) protected files, ZIP files with passwords or similar encrypted content isn't supported. For encrypted content to be processed, the user with proper permissions to the specific file must remove the encryption so the item can be indexed accordingly when the indexer runs the next scheduled iteration.
 
@@ -287,7 +287,7 @@ There are a few steps to creating the indexer:
     }
     ```
 
-If you're using application permissions, it's necessary to wait until the initial run is complete before starting to query your index. The following instructions provided in this step pertain specifically to delegated permissions, and are not applicable to application permissions.
+   If you're using application permissions, it's necessary to wait until the initial run is complete before starting to query your index. The following instructions provided in this step pertain specifically to delegated permissions, and are not applicable to application permissions.
 
 1. When you create the indexer for the first time, the [Create Indexer (preview)](/rest/api/searchservice/indexers/create-or-update?view=rest-searchservice-2023-10-01-preview&tabs=HTTP&preserve-view=true) request waits until you complete the next step. You must call [Get Indexer Status](/rest/api/searchservice/indexers/get-status?view=rest-searchservice-2023-10-01-preview&tabs=HTTP&preserve-view=true) to get the link and enter your new device code. 
 
@@ -299,7 +299,7 @@ If you're using application permissions, it's necessary to wait until the initia
 
     If you don’t run the [Get Indexer Status](/rest/api/searchservice/indexers/get-status?view=rest-searchservice-2023-10-01-preview&tabs=HTTP&preserve-view=true) within 10 minutes, the code expires and you’ll need to recreate the [data source](#create-data-source).
 
- 1. Copy the device login code from the [Get Indexer Status](/rest/api/searchservice/indexers/get-status?view=rest-searchservice-2023-10-01-preview&tabs=HTTP&preserve-view=true) response. The device login can be found in the "errorMessage".
+1. Copy the device login code from the [Get Indexer Status](/rest/api/searchservice/indexers/get-status?view=rest-searchservice-2023-10-01-preview&tabs=HTTP&preserve-view=true) response. The device login can be found in the "errorMessage".
 
     ```http
     {
@@ -309,6 +309,7 @@ If you're using application permissions, it's necessary to wait until the initia
         }
     }
     ```
+
 1. Provide the code that was included in the error message.
 
     :::image type="content" source="media/search-howto-index-sharepoint-online/enter-device-code.png" alt-text="Screenshot showing how to enter a device code.":::

articles/postgresql/flexible-server/how-to-use-pgvector.md

@@ -156,12 +156,7 @@ For multitenancy solutions requiring security boundaries at the index level, it'
 
 User permissions at the document level, also known as *row-level security*, isn't natively supported in Azure AI Search. If you import data from an external system that provides row-level security, such as Azure Cosmos DB, those permissions won't transfer with the data as its being indexed by Azure AI Search.
 
-If you require permissioned access over content in search results, there's a technique for applying filters that include or exclude documents based on user identity. This workaround adds a string field in the data source that represents a group or user identity, which you can make filterable in your index. The following table describes two approaches for trimming search results of unauthorized content.
-
-| Approach | Description |
-|----------|-------------|
-|[Security trimming based on identity filters](search-security-trimming-for-azure-search.md)  | Documents the basic workflow for implementing user identity access control. It covers adding security identifiers to an index, and then explains filtering against that field to trim results of prohibited content. |
-|[Security trimming based on Microsoft Entra identities](search-security-trimming-for-azure-search-with-aad.md)  | This article expands on the previous article, providing steps for retrieving identities from Microsoft Entra ID, one of the [free services](https://azure.microsoft.com/free/) in the Azure cloud platform. |
+If you require permissioned access over content in search results, there's a technique for applying filters that include or exclude documents based on user identity. This workaround adds a string field in the data source that represents a group or user identity, which you can make filterable in your index. For more information about this pattern, see [Security trimming based on identity filters](search-security-trimming-for-azure-search.md).
 
 ## Data residency