Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into patricka-mqtt-m2-updates

Author: PatAltimore

articles/frontdoor/index.yml

@@ -1,11 +1,11 @@
 ### YamlMime:Landing
 
 title: Azure Front Door and CDN documentation
-summary: Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.
+summary: Azure Front Door is a modern cloud content delivery network (CDN) service that delivers high performance, scalability, and secure user experiences for your content and applications.
 
 metadata:
   title: Azure Front Door and CDN Documentation
-  description: Azure Front Door provides a scalable and secure entry point for fast delivery of your global web applications. Learn how to use Front Door with our quickstarts, tutorials, and samples.
+  description: Azure Front Door is a modern cloud content delivery network (CDN) service that delivers high performance, scalability, and secure user experiences for your content and applications. Learn how to use Front Door with our quickstarts, tutorials, and samples.
   ms.service: azure-frontdoor
   ms.topic: landing-page
   author: duongau

articles/healthcare-apis/deidentification/configure-storage.md

@@ -0,0 +1,101 @@
+---
+title: Learn how to configure Azure Storage to de-identify documents with the de-identification service
+description: "Learn how to configure Azure Storage to de-identify documents with the de-identification service."
+author: jovinson-ms
+ms.author: jovinson
+ms.service: azure-health-data-services
+ms.subservice: deidentification-service
+ms.topic: tutorial
+ms.date: 11/01/2024
+
+#customer intent: As an IT admin, I want to know how to configure an Azure Storage account to allow access to the de-identification service to de-identify documents.
+
+---
+
+# Tutorial: Configure Azure Storage to de-identify documents
+
+The Azure Health Data Services de-identification service (preview) can de-identify documents in Azure Storage via an asynchronous job. If you have many documents that you would like
+to de-identify, using a job is a good option. Jobs also provide consistent surrogation, meaning that surrogate values in the de-identified output will match across
+all documents. For more information about de-identification, including consistent surrogation, see [What is the de-identification service (preview)?](overview.md)
+
+When you choose to store documents in Azure Blob Storage, you're charged based on Azure Storage pricing. This cost isn't included in the 
+ de-identification service pricing. [Explore Azure Blob Storage pricing](https://azure.microsoft.com/pricing/details/storage/blobs).
+
+In this tutorial, you:
+
+> [!div class="checklist"]
+> * Create a storage account and container
+> * Upload a sample document
+> * Grant the de-identification service access
+> * Configure network isolation
+
+## Prerequisites
+
+* An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+* A de-identification service with system-assigned managed identity. [Deploy the de-identification service (preview)](quickstart.md).
+
+## Open Azure CLI
+
+Install [Azure CLI](/cli/azure/install-azure-cli) and open your terminal of choice. In this tutorial, we're using PowerShell.
+
+## Create a storage account and container
+1. Set your context, substituting the subscription name containing your de-identification service for the `<subscription_name>` placeholder:
+   ```powershell
+   az account set --subscription "<subscription_name>"
+   ```
+1. Save a variable for the resource group, substituting the resource group containing your de-identification service for the `<resource_group>` placeholder:
+   ```powershell
+   $ResourceGroup = "<resource_group>"
+   ```
+1. Create a storage account, providing a value for the `<storage_account_name>` placeholder:
+   ```powershell
+   $StorageAccountName = "<storage_account_name>"
+   $StorageAccountId = $(az storage account create --name $StorageAccountName --resource-group $ResourceGroup --sku Standard_LRS --kind StorageV2 --min-tls-version TLS1_2 --allow-blob-public-access false --query id --output tsv)
+   ```
+1. Assign yourself a role to perform data operations on the storage account:
+   ```powershell
+   $UserId = $(az ad signed-in-user show --query id -o tsv)
+   az role assignment create --role "Storage Blob Data Contributor" --assignee $UserId --scope $StorageAccountId
+   ```
+1. Create a container to hold your sample document:
+   ```powershell
+   az storage container create --account-name $StorageAccountName --name deidtest --auth-mode login
+   ```
+## Upload a sample document
+Next, you upload a document that contains synthetic PHI:
+```powershell
+$DocumentContent = "The patient came in for a visit on 10/12/2023 and was seen again November 4th at Contoso Hospital."
+az storage blob upload --data $DocumentContent --account-name $StorageAccountName --container-name deidtest --name deidsample.txt --auth-mode login
+```
+
+## Grant the de-identification service access to the storage account
+
+In this step, you grant the de-identification service's system-assigned managed identity role-based access to the container. You grant the **Storage Blob
+Data Contributor** role because the de-identification service will both read the original document and write de-identified output documents. Substitute the name of
+your de-identification service for the `<deid_service_name>` placeholder:
+```powershell
+$DeidServicePrincipalId=$(az resource show -n <deid_service_name> -g $ResourceGroup --resource-type microsoft.healthdataaiservices/deidservices --query identity.principalId --output tsv)
+az role assignment create --assignee $DeidServicePrincipalId --role "Storage Blob Data Contributor" --scope $StorageAccountId
+```
+
+## Configure network isolation on the storage account
+Next, you update the storage account to disable public network access and only allow access from trusted Azure services such as the de-identification service.
+After running this command, you won't be able to view the storage container contents without setting a network exception. 
+Learn more at [Configure Azure Storage firewalls and virtual networks](/azure/storage/common/storage-network-security).
+
+```powershell
+az storage account update --name $StorageAccountName --public-network-access Disabled --bypass AzureServices
+```
+
+## Clean up resources
+Once you're done with the storage account, you can delete the storage account and role assignments: 
+```powershell
+az role assignment delete --assignee $DeidServicePrincipalId --role "Storage Blob Data Contributor" --scope $StorageAccountId
+az role assignment delete --assignee $UserId --role "Storage Blob Data Contributor" --scope $StorageAccountId
+az storage account delete --ids $StorageAccountId --yes
+```
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Quickstart: Azure Health De-identification client library for .NET](quickstart-sdk-net.md)

articles/healthcare-apis/deidentification/quickstart.md

@@ -69,4 +69,5 @@ If you no longer need them, delete the resource group and de-identification serv
 
 ## Related content
 
-[De-identification service overview](overview.md)
+> [!div class="nextstepaction"]
+> [Tutorial: Configure Azure Storage to de-identify documents](configure-storage.md)

articles/healthcare-apis/deidentification/toc.yml

@@ -15,6 +15,11 @@ items:
         href: quickstart.md
       - name: Azure Health De-identification client library for .NET
         href: quickstart-sdk-net.md
+  - name: Tutorials
+    expanded: true
+    items:
+      - name: Configure Azure Storage to de-identify documents
+        href: configure-storage.md
   - name: How-to
     expanded: true
     items:

articles/operator-nexus/TOC.yml

@@ -284,6 +284,8 @@
           href: troubleshoot-control-plane-quorum.md
         - name: Troubleshoot Accepted Cluster Resource
           href: troubleshoot-accepted-cluster-hydration.md
+        - name: Troubleshoot Out of Memory Pods
+          href: troubleshoot-memory-limits.md
         - name: BareMetal Actions
           expanded: false
           items:

articles/operator-nexus/troubleshoot-accepted-cluster-hydration.md

@@ -49,3 +49,6 @@ If the Cluster resource maintains the state after a period of time, more than 5
 ## Further information
 
  Learn more about how resources are hydrated with [Azure Arc-enabled Kubernetes](/azure/azure-arc/kubernetes/overview).
+
+If you still have questions, [contact support](https://portal.azure.com/?#blade/Microsoft_Azure_Support/HelpAndSupportBlade).
+For more information about Support plans, see [Azure Support plans](https://azure.microsoft.com/support/plans/response/).

articles/operator-nexus/troubleshoot-control-plane-quorum.md

@@ -68,4 +68,7 @@ testuser@<servername> [ ~ ]$ sudo crictl ps -a |grep -i ironic-conductor
 
    :::image type="content" source="media\troubleshoot-control-plane-quorum\graceful-power-on.png" alt-text="Screenshot of an iDRAC GUI and the button to perform power on command." lightbox="media\troubleshoot-control-plane-quorum\graceful-power-on.png":::
 
-5. The servers should now be restored. If not, engage Microsoft support.
+5. The servers should now be restored.
+
+If you still have questions, [contact support](https://portal.azure.com/?#blade/Microsoft_Azure_Support/HelpAndSupportBlade).
+For more information about Support plans, see [Azure Support plans](https://azure.microsoft.com/support/plans/response/).

articles/operator-nexus/troubleshoot-csn-storage-pod-container-stuck-in-creating.md

@@ -60,4 +60,7 @@ for podname in $pods; do
     kubectl cordon $nodename -n nc-system;kubectl delete po -n nc-system $podname
 done
 ```
-The command retrieves the pvc from the pod and then deletes the `volumeattachment` object. It then deletes the pod. The pod  later gets recreated on another node along with a successful volume attachment object.
+The command retrieves the pvc from the pod and then deletes the `volumeattachment` object. It then deletes the pod. The pod  later gets recreated on another node along with a successful volume attachment object.
+
+If you still have questions, [contact support](https://portal.azure.com/?#blade/Microsoft_Azure_Support/HelpAndSupportBlade).
+For more information about Support plans, see [Azure Support plans](https://azure.microsoft.com/support/plans/response/).

articles/operator-nexus/troubleshoot-hardware-validation-failure.md

@@ -694,5 +694,5 @@ Expanding `result_detail` for a given category shows detailed results.
 
 After Hardware is fixed, run BMM Replace following instructions from the following page [BMM actions](howto-baremetal-functions.md).
 
-
-
+If you still have questions, [contact support](https://portal.azure.com/?#blade/Microsoft_Azure_Support/HelpAndSupportBlade).
+For more information about Support plans, see [Azure Support plans](https://azure.microsoft.com/support/plans/response/).

articles/operator-nexus/troubleshoot-kubernetes-cluster-dual-stack-configuration.md

@@ -106,3 +106,5 @@ Scrutinize logs and error messages for indicators of configuration issues.
 
 ## Conclusion
 Setting up a dual-stack configuration involves enabling both IPv4 and IPv6 on your network, and ensuring services can communicate over both. By following the steps outlined in this guide, you should be able to identify and resolve common configuration issues related to setting up a dual stack cluster. If you continue to experience difficulties, consider seeking further assistance from your network administrator or consulting platform-specific support resources.
+If you still have questions, [contact support](https://portal.azure.com/?#blade/Microsoft_Azure_Support/HelpAndSupportBlade).
+For more information about Support plans, see [Azure Support plans](https://azure.microsoft.com/support/plans/response/).