Merge pull request #264136 from MicrosoftDocs/main

1/24/2024 PM Publish

Author: Taojunshen

articles/ai-services/LUIS/includes/sdk-python.md

@@ -118,7 +118,7 @@ Create two sets of variables: the first set you change, the second set leave as
 
 ## Authenticate the client
 
-Create an [CognitiveServicesCredentials](/python/api/msrest/msrest.authentication.cognitiveservicescredentials) object with your key, and use it with your endpoint to create an [LUISAuthoringClient](/python/api/azure-cognitiveservices-language-luis/azure.cognitiveservices.language.luis.authoring.luisauthoringclient) object.
+Create an CognitiveServicesCredentials object with your key, and use it with your endpoint to create an [LUISAuthoringClient](/python/api/azure-cognitiveservices-language-luis/azure.cognitiveservices.language.luis.authoring.luisauthoringclient) object.
 
 [!code-python[Authenticate the client](~/cognitive-services-quickstart-code/python/LUIS/sdk-3x/authoring_and_predict.py?name=AuthoringCreateClient)]
 

articles/ai-services/content-moderator/includes/quickstarts/python-sdk.md

@@ -86,7 +86,7 @@ These code snippets show you how to do the following tasks with the Content Mode
 
 ## Authenticate the client
 
-Instantiate a client with your endpoint and key. Create a [CognitiveServicesCredentials](/python/api/msrest/msrest.authentication.cognitiveservicescredentials) object with your key, and use it with your endpoint to create an [ContentModeratorClient](/python/api/azure-cognitiveservices-vision-contentmoderator/azure.cognitiveservices.vision.contentmoderator.content_moderator_client.contentmoderatorclient) object.
+Instantiate a client with your endpoint and key. Create a CognitiveServicesCredentials](/python/api/msrest/msrest.authentication.cognitiveservicescredentials object with your key, and use it with your endpoint to create an [ContentModeratorClient](/python/api/azure-cognitiveservices-vision-contentmoderator/azure.cognitiveservices.vision.contentmoderator.content_moderator_client.contentmoderatorclient) object.
 
 [!code-python[](~/cognitive-services-quickstart-code/python/ContentModerator/ContentModeratorQuickstart.py?name=snippet_client)]
 

articles/ai-services/immersive-reader/tutorial-ios-picture-immersive-reader.md

@@ -342,7 +342,7 @@ class PictureLaunchViewController: UIViewController, UINavigationControllerDeleg
                         self.cameraButton.isEnabled = true
 
                     }, onFailure: { error in
-                        print("An error occured launching the Immersive Reader: \(error)")
+                        print("An error occurred launching the Immersive Reader: \(error)")
                         self.spinner.stopAnimating()
                         self.activityIndicatorBackground.alpha = 0
                         self.photoButton.isEnabled = true
@@ -357,7 +357,7 @@ class PictureLaunchViewController: UIViewController, UINavigationControllerDeleg
                     self.cameraButton.isEnabled = true
 
                 }
-                print("An error occured retrieving the token: \(error)")
+                print("An error occurred retrieving the token: \(error)")
             })
 
         }, onFailure: { error in
@@ -375,7 +375,7 @@ class PictureLaunchViewController: UIViewController, UINavigationControllerDeleg
     ///     -onSuccess: A closure that gets called when the token is successfully recieved using Azure Active Directory authentication.
     ///     -theToken: The token for the Immersive Reader recieved using Azure Active Directory authentication.
     ///     -onFailure: A closure that gets called when the token fails to be obtained from the Azure Active Directory Authentication.
-    ///     -theError: The error that occured when the token fails to be obtained from the Azure Active Directory Authentication.
+    ///     -theError: The error that occurred when the token fails to be obtained from the Azure Active Directory Authentication.
     func getToken(onSuccess: @escaping (_ theToken: String) -> Void, onFailure: @escaping ( _ theError: String) -> Void) {
 
         let tokenForm = "grant_type=client_credentials&resource=https://cognitiveservices.azure.com/&client_id=" + Constants.clientId + "&client_secret=" + Constants.clientSecret

articles/ai-services/personalizer/concept-rewards.md

@@ -94,7 +94,7 @@ By adding up reward scores, your final reward may be outside the expected score
 
 ## Reward wait time
 
-Personalizer will correlate the information of a Rank call with the rewards sent in Reward calls to train the model, which may come at different times. Personalizer waits for the reward score for a defined limited time, starting when the corresponding Rank call occured. This is done even if the Rank call was made using deferred activation](concept-active-inactive-events.md).
+Personalizer will correlate the information of a Rank call with the rewards sent in Reward calls to train the model, which may come at different times. Personalizer waits for the reward score for a defined limited time, starting when the corresponding Rank call occurred. This is done even if the Rank call was made using deferred activation](concept-active-inactive-events.md).
 
 If the **Reward Wait Time** expires and there has been no reward information, a default reward is applied to that event for training. You can select a reward wait time of 10 minutes, 4 hours, 12 hours, or 24 hours. If your scenario requires longer reward wait times (e.g., for marketing email campaigns) we are offering a private preview of longer wait times. Open a support ticket in the Azure portal to get in contact with team and see if you qualify and it can be offered to you.
 

articles/ai-services/translator/includes/text-translation-sdk/javascript.md

@@ -114,7 +114,7 @@ async function main() {
 }
 
 main().catch((err) => {
-    console.error("An error occured:", err);
+    console.error("An error occurred:", err);
     process.exit(1);
   });
 

articles/ai-studio/how-to/configure-private-link.md

@@ -277,3 +277,4 @@ See [this documentation](../../machine-learning/how-to-custom-dns.md#find-the-ip
 - [Create a project](create-projects.md)
 - [Learn more about Azure AI Studio](../what-is-ai-studio.md)
 - [Learn more about Azure AI resources](../concepts/ai-resources.md)
+- [Troubleshoot secure connectivity to a project](troubleshoot-secure-connection-project.md)

articles/ai-studio/how-to/index-add.md

@@ -119,12 +119,12 @@ If the Azure AI resource the project uses was created through Azure portal:
 1. In Flows, create a new Flow or open an existing flow 
 1. On the top menu of the flow designer, select **More tools**, and then select ***Index Lookup***
 
-    :::image type="content" source="../media/index-retrieve/vector-index-lookup.png" alt-text="Screenshot of Vector index Lookup from More Tools." lightbox="../media/index-retrieve/vector-index-lookup.png":::
+    :::image type="content" source="../media/index-retrieve/index-lookup-tool.png" alt-text="Screenshot of Vector index Lookup from More Tools." lightbox="../media/index-retrieve/index-lookup-tool.png":::
 
 1. Provide a name for your Index Lookup Tool and select **Add**.
 1. Select the **mlindex_content** value box, and select your index. After completing this step, enter the queries and **query_types** to be performed against the index.
 
-    :::image type="content" source="../media/index-retrieve/configure-index-lookup.png" alt-text="Screenshot of Configure Vector index Lookup." lightbox="../media/index-retrieve/configure-index-lookup.png":::
+    :::image type="content" source="../media/index-retrieve/configure-index-lookup-tool.png" alt-text="Screenshot of Configure Index Lookup." lightbox="../media/index-retrieve/configure-index-lookup-tool.png":::
 
 ## Next steps
 

articles/ai-studio/how-to/prompt-flow-tools/index-lookup-tool.md

@@ -21,7 +21,7 @@ The prompt flow *Index Lookup* tool enables the usage of common vector indices (
 1. Create or open a flow in Azure AI Studio. For more information, see [Create a flow](../flow-develop.md).
 1. Select **+ More tools** > **Index Lookup** to add the Index Lookup tool to your flow.
 
-    :::image type="content" source="../../media/prompt-flow/index-lookup-tool.png" alt-text="Screenshot of the Index Lookup tool added to a flow in Azure AI Studio." lightbox="../../media/prompt-flow/index-lookup-tool.png":::
+    :::image type="content" source="../../media/prompt-flow/configure-index-lookup-tool.png" alt-text="Screenshot of the Index Lookup tool added to a flow in Azure AI Studio." lightbox="../../media/prompt-flow/configure-index-lookup-tool.png":::
 
 1. Enter values for the Index Lookup tool [input parameters](#inputs). The [LLM tool](llm-tool.md) can generate the vector input.
 1. Add more tools to your flow as needed, or select **Run** to run the flow.

articles/ai-studio/how-to/troubleshoot-secure-connection-project.md

@@ -0,0 +1,123 @@
+---
+title: Troubleshoot private endpoint connection
+titleSuffix: Azure AI Studio
+description: 'Learn how to troubleshoot connectivity problems to a project that is configured with a private endpoint.'
+ms.service: azure-ai-studio
+ms.topic: how-to
+ms.author: larryfr 
+author: Blackmist 
+ms.reviewer: meerakurup
+manager: scottpolly
+ms.date: 01/19/2024
+---
+
+# Troubleshoot connection to a project with a private endpoint
+
+[!INCLUDE [Azure AI Studio preview](../includes/preview-ai-studio.md)]
+When connecting to a project that has been configured with a private endpoint, you may encounter a 403 or a messaging saying that access is forbidden. Use the information in this article to check for common configuration problems that can cause this error.
+
+## Securely connect to your project
+
+To connect to a project that's secured behind a VNet, use one of the following methods:
+
+* [Azure VPN gateway](/azure/vpn-gateway/vpn-gateway-about-vpngateways) - Connects on-premises networks to the VNet over a private connection. Connection is made over the public internet. There are two types of VPN gateways that you might use:
+
+    * [Point-to-site](/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal): Each client computer uses a VPN client to connect to the VNet.
+    * [Site-to-site](/azure/vpn-gateway/tutorial-site-to-site-portal): A VPN device connects the VNet to your on-premises network.
+
+* [ExpressRoute](https://azure.microsoft.com/services/expressroute/) - Connects on-premises networks into the cloud over a private connection. Connection is made using a connectivity provider.
+* [Azure Bastion](/azure/bastion/bastion-overview) - In this scenario, you create an Azure Virtual Machine (sometimes called a jump box) inside the VNet. You then connect to the VM using Azure Bastion. Bastion allows you to connect to the VM using either an RDP or SSH session from your local web browser. You then use the jump box as your development environment. Since it is inside the VNet, it can directly access the workspace.
+
+## DNS configuration
+
+The troubleshooting steps for DNS configuration differ based on whether you're using Azure DNS or a custom DNS. Use the following steps to determine which one you're using:
+
+1. In the [Azure portal](https://portal.azure.com), select the private endpoint resource for your Azure AI Studio. If you don't remember the name, select your Azure AI Studio resource, __Networking__, __Private endpoint connections__, and then select the __Private endpoint__ link.
+
+    :::image type="content" source="../media/how-to/troubleshoot-secure-connection-project/private-endpoint-connections.png" alt-text="Screenshot of the private endpoint connections for the resource." lightbox="../media/how-to/troubleshoot-secure-connection-project/private-endpoint-connections.png":::
+
+1. From the __Overview__ page, select the __Network Interface__ link.
+
+    :::image type="content" source="../media/how-to/troubleshoot-secure-connection-project/private-endpoint-overview.png" alt-text="Screenshot of the private endpoint overview with network interface link highlighted." lightbox="../media/how-to/troubleshoot-secure-connection-project/private-endpoint-overview.png":::
+
+1. Under __Settings__, select __IP Configurations__ and then select the __Virtual network__ link.
+
+    :::image type="content" source="../media/how-to/troubleshoot-secure-connection-project/network-interface-ip-configurations.png" alt-text="Screenshot of the IP configuration with virtual network link highlighted." lightbox="../media/how-to/troubleshoot-secure-connection-project/network-interface-ip-configurations.png":::
+
+1. From the __Settings__ section on the left of the page, select the __DNS servers__ entry.
+
+    :::image type="content" source="../media/how-to/troubleshoot-secure-connection-project/dns-servers.png" alt-text="Screenshot of the DNS servers configuration." lightbox="../media/how-to/troubleshoot-secure-connection-project/dns-servers.png":::
+
+    * If this value is __Default (Azure-provided)__, then the VNet is using Azure DNS. Skip to the [Azure DNS troubleshooting](#azure-dns-troubleshooting) section.
+    * If there's a different IP address listed, then the VNet is using a custom DNS solution. Skip to the [Custom DNS troubleshooting](#custom-dns-troubleshooting) section.
+
+### Custom DNS troubleshooting
+
+Use the following steps to verify if your custom DNS solution is correctly resolving names to IP addresses:
+
+1. From a virtual machine, laptop, desktop, or other compute resource that has a working connection to the private endpoint, open a web browser. In the browser, use the URL for your Azure region:
+
+    | Azure region | URL |
+    | ----- | ----- |
+    | Azure Government | https://portal.azure.us/?feature.privateendpointmanagedns=false |
+    | Microsoft Azure operated by 21Vianet | https://portal.azure.cn/?feature.privateendpointmanagedns=false |
+    | All other regions | https://portal.azure.com/?feature.privateendpointmanagedns=false |
+
+1. In the portal, select the private endpoint for the project. From the __DNS configuration__ section, make a list of FQDNs listed for the private endpoint.
+
+    :::image type="content" source="../media/how-to/troubleshoot-secure-connection-project/custom-dns-settings.png" alt-text="Screenshot of the private endpoint with custom DNS settings highlighted." lightbox="../media/how-to/troubleshoot-secure-connection-project/custom-dns-settings.png":::
+
+1. Open a command prompt, PowerShell, or other command line and run the following command for each FQDN returned from the previous step. Each time you run the command, verify that the IP address returned matches the IP address listed in the portal for the FQDN: 
+
+    `nslookup <fqdn>`
+
+    For example, running the command `nslookup df33e049-7c88-4953-8939-aae374adbef9.workspace.eastus2.api.azureml.ms` would return a value similar to the following text:
+
+    ```
+    Server: yourdnsserver
+    Address: yourdnsserver-IP-address
+
+    Name:   df33e049-7c88-4953-8939-aae374adbef9.workspace.eastus2.api.azureml.ms
+    Address: 10.0.0.4
+    ```
+
+1. If the `nslookup` command returns an error, or returns a different IP address than displayed in the portal, then your custom DNS solution isn't configured correctly.
+
+### Azure DNS troubleshooting
+
+When using Azure DNS for name resolution, use the following steps to verify that the Private DNS integration is configured correctly:
+
+1. On the Private Endpoint, select __DNS configuration__. For each entry in the __Private DNS zone__ column, there should also be an entry in the __DNS zone group__ column. 
+
+    :::image type="content" source="../media/how-to/troubleshoot-secure-connection-project/dns-zone-group.png" alt-text="Screenshot of the DNS configuration with Private DNS zone and group highlighted." lightbox="../media/how-to/troubleshoot-secure-connection-project/dns-zone-group.png":::
+
+    * If there's a Private DNS zone entry, but __no DNS zone group entry__, delete and recreate the Private Endpoint. When recreating the private endpoint, __enable Private DNS zone integration__.
+    * If __DNS zone group__ isn't empty, select the link for the __Private DNS zone__ entry.
+    
+        From the Private DNS zone, select __Virtual network links__. There should be a link to the VNet. If there isn't one, then delete and recreate the private endpoint. When recreating it, select a Private DNS Zone linked to the VNet or create a new one that is linked to it.
+
+        :::image type="content" source="../media/how-to/troubleshoot-secure-connection-project/virtual-network-links.png" alt-text="Screenshot of the virtual network links for the Private DNS zone." lightbox="../media/how-to/troubleshoot-secure-connection-project/virtual-network-links.png":::
+
+1. Repeat the previous steps for the rest of the Private DNS zone entries.
+
+## Browser configuration (DNS over HTTPS)
+
+Check if DNS over HTTP is enabled in your web browser. DNS over HTTP can prevent Azure DNS from responding with the IP address of the Private Endpoint.
+
+* Mozilla Firefox: For more information, see [Disable DNS over HTTPS in Firefox](https://support.mozilla.org/en-US/kb/firefox-dns-over-https).
+* Microsoft Edge:
+    1. In Edge, select __...__ and then select __Settings__.
+    1. From settings, search for `DNS` and then disable __Use secure DNS to specify how to look up the network address for websites__.
+    
+        :::image type="content" source="../media/how-to/troubleshoot-secure-connection-project/disable-dns-over-http.png" alt-text="Screenshot of the use secure DNS setting in Microsoft Edge." lightbox="../media/how-to/troubleshoot-secure-connection-project/disable-dns-over-http.png":::
+
+## Proxy configuration
+
+If you use a proxy, it may prevent communication with a secured project. To test, use one of the following options:
+
+* Temporarily disable the proxy setting and see if you can connect.
+* Create a [Proxy auto-config (PAC)](https://wikipedia.org/wiki/Proxy_auto-config) file that allows direct access to the FQDNs listed on the private endpoint. It should also allow direct access to the FQDN for any compute instances.
+* Configure your proxy server to forward DNS requests to Azure DNS.
+
+
+