Merge branch 'main' into release-scommi

Author: v-alje

articles/active-directory-b2c/identity-provider-generic-saml-options.md

@@ -422,7 +422,7 @@ Upon an application sign-out request, Azure AD B2C attempts to sign out from you
 
 ## Debug SAML protocol
 
-To help configure and debug federation with a SAML identity provider, you can use a browser extension for the SAML protocol, such as [SAML DevTools extension](https://chrome.google.com/webstore/detail/saml-devtools-extension/jndllhgbinhiiddokbeoeepbppdnhhio) for Chrome, [SAML-tracer](https://addons.mozilla.org/es/firefox/addon/saml-tracer/) for FireFox, or [Microsoft Edge or IE Developer tools](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/gathering-a-saml-token-using-edge-or-ie-developer-tools/ba-p/320957).
+To help configure and debug federation with a SAML identity provider, you can use a browser extension for the SAML protocol, such as [SAML DevTools extension](https://chrome.google.com/webstore/detail/saml-devtools-extension/jndllhgbinhiiddokbeoeepbppdnhhio) for Chrome, [SAML-tracer](https://addons.mozilla.org/es/firefox/addon/saml-tracer/) for FireFox, or [Microsoft Edge or Internet Explorer developer tools](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/gathering-a-saml-token-using-edge-or-ie-developer-tools/ba-p/320957).
 
 Using these tools, you can check the integration between Azure AD B2C and your SAML identity provider. For example:
 

articles/active-directory-b2c/page-layout.md

@@ -179,7 +179,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 - Added support for [display controls](display-controls.md) in custom policies.
 
 **1.2.0**
-- The username/email and password fields now use the `form` HTML element to allow Microsoft Edge and Internet Explorer (IE) to properly save this information.
+- The username/email and password fields now use the `form` HTML element to allow Microsoft Edge and Internet Explorer to properly save this information.
 - Added a configurable user input validation delay for improved user experience.
 - Accessibility fixes
 - Fix  an accessibility issue so that error messages are read by Narrator. 
@@ -273,7 +273,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 - When the [sign-in option](sign-in-options.md) is set to Email, the sign-in header presents "Sign in with your sign-in name". The username field presents "Sign in name". For more information, see [localization](localization-string-ids.md#sign-up-or-sign-in-page-elements).
 
 **1.2.0**
-- The username/email and password fields now use the `form` HTML element to allow Microsoft Edge and Internet Explorer (IE) to properly save this information.
+- The username/email and password fields now use the `form` HTML element to allow Microsoft Edge and Internet Explorer to properly save this information.
 - Accessibility fixes
 - You can now add the `data-preload="true"` attribute [in your HTML tags](customize-ui-with-html.md#guidelines-for-using-custom-page-content) to control the load order for CSS and JavaScript.
   - Load linked CSS files at the same time as your HTML template so it doesn't 'flicker' between loading the files.
@@ -313,7 +313,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 **1.2.7**
 - Fixed accessibility issue on label for retries code.
-- Fixed issue caused by incompatibility of default parameter on IE 11.
+- Fixed issue caused by incompatibility of default parameter on Internet Explorer 11.
 - Set up `H1` heading and enable by default.
 - Updated HandlebarJS version to 4.7.7.
 

articles/active-directory-b2c/troubleshoot.md

@@ -165,7 +165,7 @@ Use **Run now** and `https://jwt.ms` to test your policies independently of your
 
 ## Troubleshoot SAML protocol
 
-To help configure and debug the integration with your service provider, you can use a browser extension for the SAML protocol, for example, [SAML DevTools extension](https://chrome.google.com/webstore/detail/saml-devtools-extension/jndllhgbinhiiddokbeoeepbppdnhhio) for Chrome, [SAML-tracer](https://addons.mozilla.org/es/firefox/addon/saml-tracer/) for FireFox, or [Edge or IE Developer tools](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/gathering-a-saml-token-using-edge-or-ie-developer-tools/ba-p/320957).
+To help configure and debug the integration with your service provider, you can use a browser extension for the SAML protocol, for example, [SAML DevTools extension](https://chrome.google.com/webstore/detail/saml-devtools-extension/jndllhgbinhiiddokbeoeepbppdnhhio) for Chrome, [SAML-tracer](https://addons.mozilla.org/es/firefox/addon/saml-tracer/) for FireFox, or [Edge or Internet Explorer developer tools](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/gathering-a-saml-token-using-edge-or-ie-developer-tools/ba-p/320957).
 
 The following screenshot demonstrates how the SAML DevTools extension presents the SAML request Azure AD B2C sends to the identity provider, and the SAML response.
 

articles/ai-services/content-safety/overview.md

@@ -116,7 +116,7 @@ To use the Content Safety APIs, you must create your Azure AI Content Safety res
 |---|---|---|---|---|---|---|
 | East US | ✅ | ✅| ✅ |✅ |✅ |✅ |
 | East US 2 | ✅ | | | ✅ | | ✅|
-| West US | | | | | ✅ | ✅|
+| West US | | | | | ✅ | |
 | West US 2 | ✅ | | | | |✅ |
 | Central US | ✅ | | | | |✅ |
 | North Central US | ✅ | | | | | ✅|

articles/ai-services/openai/how-to/file-search.md

@@ -80,7 +80,7 @@ client = AzureOpenAI(
 
 assistant = client.beta.assistants.create(
   name="Financial Analyst Assistant",
-  instructions="You are an expert financial analyst. Use you knowledge base to answer questions about audited financial statements.",
+  instructions="You are an expert financial analyst. Use your knowledge base to answer questions about audited financial statements.",
   model="gpt-4-turbo",
   tools=[{"type": "file_search"}],
 )

articles/aks/concepts-clusters-workloads.md

@@ -363,9 +363,7 @@ Two Kubernetes resources, however, let you manage these types of applications: *
 
 Modern application development often aims for stateless applications. For stateful applications, like those that include database components, you can use *StatefulSets*. Like deployments, a StatefulSet creates and manages at least one identical pod. Replicas in a StatefulSet follow a graceful, sequential approach to deployment, scale, upgrade, and termination operations. The naming convention, network names, and storage persist as replicas are rescheduled with a StatefulSet.
 
-You can define the application in YAML format using `kind: StatefulSet`. From there, the StatefulSet Controller handles the deployment and management of the required replicas. Data writes to persistent storage, provided by Azure Managed Disks or Azure Files. With StatefulSets, the underlying persistent storage remains, even when the StatefulSet is deleted.
-
-For more information, see [Kubernetes StatefulSets][kubernetes-statefulsets].
+You can define the application in YAML format using `kind: StatefulSet`. From there, the StatefulSet Controller handles the deployment and management of the required replicas. Data writes to persistent storage, provided by Azure Managed Disks or Azure Files. The underlying persistent storage remains even when the StatefulSet is deleted, unless the `spec.persistentVolumeClaimRetentionPolicy` is set to `Delete`. For more information, see [Kubernetes StatefulSets][kubernetes-statefulsets].
 
 > [!IMPORTANT]
 > Replicas in a StatefulSet are scheduled and run across any available node in an AKS cluster. To ensure at least one pod in your set runs on a node, you should use a DaemonSet instead.

articles/aks/node-autoprovision.md

@@ -4,7 +4,8 @@ description: Learn about Azure Kubernetes Service (AKS) node autoprovisioning (p
 ms.topic: article
 ms.custom: devx-track-azurecli
 ms.date: 01/18/2024
-ms.author: juda
+ms.author: schaffererin
+author: schaffererin
 #Customer intent: As a cluster operator or developer, how to scale my cluster based on workload requirements and right size my nodes automatically
 ---
 
@@ -68,7 +69,7 @@ NAP is based on the Open Source [Karpenter](https://karpenter.sh) project, and t
 - The only network configuration allowed is Cilium + Overlay + Azure
 - You can't enable in a cluster where node pools have cluster autoscaler enabled
 
-### Unsupported features:
+### Unsupported features
 
 - Windows node pools
 - Applying custom configuration to the node kubelet
@@ -84,69 +85,82 @@ NAP is based on the Open Source [Karpenter](https://karpenter.sh) project, and t
 
 ## Enable node autoprovisioning
 
-To enable node autoprovisioning, create a new cluster using the az aks create command and set --node-provisioning-mode to "Auto". You'll also need to use overlay networking and the cilium network policy.  
+### Enable node autoprovisioning on a new cluster
 
 ### [Azure CLI](#tab/azure-cli)
 
-```azurecli-interactive
-az aks create --name karpuktest --resource-group karpuk --node-provisioning-mode Auto --network-plugin azure --network-plugin-mode overlay --network-dataplane cilium
+- Enable node autoprovisioning on a new cluster using the `az aks create` command and set `--node-provisioning-mode` to `Auto`. You also need to set the `--network-plugin` to `azure`, `--network-plugin-mode` to `overlay`, and `--network-dataplane` to `cilium`.
 
-```
+    ```azurecli-interactive
+    az aks create --name $CLUSTER_NAME --resource-group $RESOURCE_GROUP_NAME --node-provisioning-mode Auto --network-plugin azure --network-plugin-mode overlay --network-dataplane cilium
+    ```
 
-### [Azure ARM](#tab/azure-arm)
+### [ARM template](#tab/arm)
 
-```azurecli-interactive
-az deployment group create --resource-group napcluster --template-file ./nap.json  
-```
+- Enable node autoprovisioning on a new cluster using the `az deployment group create` command and specify the `--template-file` parameter with the path to the ARM template file.
+
+    ```azurecli-interactive
+    az deployment group create --resource-group $RESOURCE_GROUP_NAME --template-file ./nap.json  
+    ```
 
-```arm
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-  "contentVersion": "1.0.0.0",
-  "metadata": {},
-  "parameters": {},
-  "resources": [
+    The `nap.json` file should contain the following ARM template:
+
+    ```JSON
     {
-      "type": "Microsoft.ContainerService/managedClusters",
-      "apiVersion": "2023-09-02-preview",
-      "sku": {
-        "name": "Base",
-        "tier": "Standard"
-      },
-      "name": "napcluster",
-      "location": "uksouth",
-      "identity": {
-        "type": "SystemAssigned"
-      },
-      "properties": {
-        "networkProfile": {
-            "networkPlugin": "azure",
-            "networkPluginMode": "overlay",
-            "networkPolicy": "cilium",
-            "networkDataplane":"cilium",
-            "loadBalancerSku": "Standard"
-        },
-        "dnsPrefix": "napcluster",
-        "agentPoolProfiles": [
-          {
-            "name": "agentpool",
-            "count": 3,
-            "vmSize": "standard_d2s_v3",
-            "osType": "Linux",
-            "mode": "System"
+      "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+      "contentVersion": "1.0.0.0",
+      "metadata": {},
+      "parameters": {},
+      "resources": [
+        {
+          "type": "Microsoft.ContainerService/managedClusters",
+          "apiVersion": "2023-09-02-preview",
+          "sku": {
+            "name": "Base",
+            "tier": "Standard"
+          },
+          "name": "napcluster",
+          "location": "uksouth",
+          "identity": {
+            "type": "SystemAssigned"
+          },
+          "properties": {
+            "networkProfile": {
+                "networkPlugin": "azure",
+                "networkPluginMode": "overlay",
+                "networkPolicy": "cilium",
+                "networkDataplane":"cilium",
+                "loadBalancerSku": "Standard"
+            },
+            "dnsPrefix": "napcluster",
+            "agentPoolProfiles": [
+              {
+                "name": "agentpool",
+                "count": 3,
+                "vmSize": "standard_d2s_v3",
+                "osType": "Linux",
+                "mode": "System"
+              }
+            ],
+            "nodeProvisioningProfile": {
+              "mode": "Auto"
+            },
           }
-        ],
-        "nodeProvisioningProfile": {
-          "mode": "Auto"
-        },
-      }
+        }
+      ]
     }
-  ]
-}
-```
+    ```
 
 ---
 
+### Enable node autoprovisioning on an existing cluster
+
+- Enable node autoprovisioning on an existing cluster using the `az aks update` command and set `--node-provisioning-mode` to `Auto`. You also need to set the `--network-plugin` to `azure`, `--network-plugin-mode` to `overlay`, and `--network-dataplane` to `cilium`.
+
+    ```azurecli-interactive
+    az aks update --name $CLUSTER_NAME --resource-group $RESOURCE_GROUP_NAME --node-provisioning-mode Auto --network-plugin azure --network-plugin-mode overlay --network-dataplane cilium
+    ```
+
 ## Node pools
 
 Node autoprovision uses a list of VM SKUs as a starting point to decide which is best suited for the workloads that are in a pending state.  Having control over what SKU you want in the initial pool allows you to specify specific SKU families, or VM types and the maximum amount of resources a provisioner uses.

articles/aks/static-ip.md

@@ -7,7 +7,7 @@ ms.author: allensu
 ms.subservice: aks-networking
 ms.custom: devx-track-azurecli
 ms.topic: how-to
-ms.date: 09/22/2023
+ms.date: 06/03/2024
 #Customer intent: As a cluster operator or developer, I want to create and manage static IP address resources in Azure that I can use beyond the lifecycle of an individual Kubernetes service deployed in an AKS cluster.
 ---
 
@@ -65,11 +65,53 @@ This article shows you how to create a static public IP address and assign it to
 
 ## Create a service using the static IP address
 
-1. Ensure the cluster identity used by the AKS cluster has delegated permissions to the public IP's resource group using the [`az role assignment create`][az-role-assignment-create] command.
+1. First, determine which type of managed identity your AKS cluster is using, system-assigned or user-assigned. If you're not certain, call the [az aks show][az-aks-show] command and query for the identity's *type* property.
+
+    ```azurecli
+    az aks show \
+        --name myAKSCluster \
+        --resource-group myResourceGroup \
+        --query identity.type \
+        --output tsv       
+    ```
+
+    If the cluster is using a managed identity, the value of the *type* property will be either **SystemAssigned** or **UserAssigned**.
+
+    If the cluster is using a service principal, the value of the *type* property will be null. Consider upgrading your cluster to use a managed identity.
+
+1. If your AKS cluster uses a system-assigned managed identity, then query for the managed identity's principal ID as follows:
+
+    ```azurecli-interactive
+    # Get the principal ID for a system-assigned managed identity.
+    CLIENT_ID=$(az aks show \
+        --name myAKSCluster \
+        --resource-group myNetworkResourceGroup \
+        --query identity.principalId \
+        --output tsv)
+    ```
+
+    If your AKS cluster uses a user-assigned managed identity, then the principal ID will be null. Query for the user-assigned managed identity's client ID instead:
+
+    ```azurecli-interactive
+    # Get the client ID for a user-assigned managed identity.
+    CLIENT_ID=$(az aks show \
+        --name myAKSCluster \
+        --resource-group myNetworkResourceGroup \
+        --query identity.userAssignedIdentities.*.clientId \
+        --output tsv    
+    ```
+
+1. Assign delegated permissions for the managed identity used by the AKS cluster for the public IP's resource group by calling the [`az role assignment create`][az-role-assignment-create] command.
 
     ```azurecli-interactive
-    CLIENT_ID=$(az aks show --name myAKSCluster --resource-group myNetworkResourceGroup --query identity.principalId -o tsv)
-    RG_SCOPE=$(az group show --name <node resource group> --query id -o tsv)
+    # Get the resource ID for the node resource group.
+    RG_SCOPE=$(az group show \
+        --name <node resource group> \
+        --query id \
+        --output tsv)
+
+    # Assign the Network Contributor role to the managed identity,
+    # scoped to the node resource group.
     az role assignment create \
         --assignee ${CLIENT_ID} \
         --role "Network Contributor" \
@@ -79,7 +121,7 @@ This article shows you how to create a static public IP address and assign it to
     > [!IMPORTANT]
     > If you customized your outbound IP, make sure your cluster identity has permissions to both the outbound public IP and the inbound public IP.
 
-2. Create a file named `load-balancer-service.yaml` and copy in the contents of the following YAML file, providing your own public IP address created in the previous step and the node resource group name.
+1. Create a file named `load-balancer-service.yaml` and copy in the contents of the following YAML file, providing your own public IP address created in the previous step and the node resource group name.
 
     > [!IMPORTANT]
     > Adding the `loadBalancerIP` property to the load balancer YAML manifest is deprecating following [upstream Kubernetes](https://github.com/kubernetes/kubernetes/pull/107235). While current usage remains the same and existing services are expected to work without modification, we **highly recommend setting service annotations** instead. To set service annotations, you can either use `service.beta.kubernetes.io/azure-pip-name` for public IP name, or use `service.beta.kubernetes.io/azure-load-balancer-ipv4` for an IPv4 address and `service.beta.kubernetes.io/azure-load-balancer-ipv6` for an IPv6 address, as shown in the example YAML.
@@ -103,7 +145,7 @@ This article shows you how to create a static public IP address and assign it to
     > [!NOTE]
     > Adding the `service.beta.kubernetes.io/azure-pip-name` annotation ensures the most efficient LoadBalancer creation and is highly recommended to avoid potential throttling. 
 
-3. Set a public-facing DNS label to the service using the `service.beta.kubernetes.io/azure-dns-label-name` service annotation. This publishes a fully qualified domain name (FQDN) for your service using Azure's public DNS servers and top-level domain. The annotation value must be unique within the Azure location, so we recommend you use a sufficiently qualified label. Azure automatically appends a default suffix in the location you selected, such as `<location>.cloudapp.azure.com`, to the name you provide, creating the FQDN.
+1. Set a public-facing DNS label to the service using the `service.beta.kubernetes.io/azure-dns-label-name` service annotation. This publishes a fully qualified domain name (FQDN) for your service using Azure's public DNS servers and top-level domain. The annotation value must be unique within the Azure location, so we recommend you use a sufficiently qualified label. Azure automatically appends a default suffix in the location you selected, such as `<location>.cloudapp.azure.com`, to the name you provide, creating the FQDN.
 
     > [!NOTE]
     > If you want to publish the service on your own domain, see [Azure DNS][azure-dns-zone] and the [external-dns][external-dns] project.
@@ -125,13 +167,13 @@ This article shows you how to create a static public IP address and assign it to
         app: azure-load-balancer
     ```
 
-4. Create the service and deployment using the `kubectl apply` command.
+1. Create the service and deployment using the `kubectl apply` command.
 
     ```console
     kubectl apply -f load-balancer-service.yaml
     ```
 
-5. To see the DNS label for your load balancer, use the `kubectl describe service` command.
+1. To see the DNS label for your load balancer, use the `kubectl describe service` command.
 
     ```console
     kubectl describe service azure-load-balancer