Merge pull request #262822 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: Taojunshen

articles/ai-services/authentication.md

@@ -216,11 +216,12 @@ Now that you have a custom subdomain associated with your resource, you're going
    New-AzADServicePrincipal -ApplicationId <APPLICATION_ID>
    ```
 
-   >[!NOTE]
+   > [!NOTE]
    > If you register an application in the Azure portal, this step is completed for you.
 
 3. The last step is to [assign the "Cognitive Services User" role](/powershell/module/az.Resources/New-azRoleAssignment) to the service principal (scoped to the resource). By assigning a role, you're granting service principal access to this resource. You can grant the same service principal access to multiple resources in your subscription.
-   >[!NOTE]
+
+   > [!NOTE]
    > The ObjectId of the service principal is used, not the ObjectId for the application.
    > The ACCOUNT_ID will be the Azure resource Id of the Azure AI services account you created. You can find Azure resource Id from "properties" of the resource in Azure portal.
 
@@ -239,32 +240,31 @@ In this sample, a password is used to authenticate the service principal. The to
    ```
 
 2. Get a token:
-   > [!NOTE]
-   > If you're using Azure Cloud Shell, the `SecureClientSecret` class isn't available. 
-
-   #### [PowerShell](#tab/powershell)
    ```powershell-interactive
-   $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList "https://login.windows.net/<TENANT_ID>"
-   $secureSecretObject = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.SecureClientSecret" -ArgumentList $SecureStringPassword   
-   $clientCredential = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential" -ArgumentList $app.ApplicationId, $secureSecretObject
-   $token=$authContext.AcquireTokenAsync("https://cognitiveservices.azure.com/", $clientCredential).Result
-   $token
-   ```
+   $tenantId = $context.Tenant.Id
+   $clientId = $app.ApplicationId
+   $clientSecret = "<YOUR_PASSWORD>"
+   $resourceUrl = "https://cognitiveservices.azure.com/"
    
-   #### [Azure Cloud Shell](#tab/azure-cloud-shell)
-   ```Azure Cloud Shell
-   $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList "https://login.windows.net/<TENANT_ID>"
-   $clientCredential = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential" -ArgumentList $app.ApplicationId, <YOUR_PASSWORD>
-   $token=$authContext.AcquireTokenAsync("https://cognitiveservices.azure.com/", $clientCredential).Result
-   $token
-   ``` 
-
-   ---
+   $tokenEndpoint = "https://login.microsoftonline.com/$tenantId/oauth2/token"
+   $body = @{
+       grant_type    = "client_credentials"
+       client_id     = $clientId
+       client_secret = $clientSecret
+       resource      = $resourceUrl
+   }
+   
+   $responseToken = Invoke-RestMethod -Uri $tokenEndpoint -Method Post -Body $body
+   $accessToken = $responseToken.access_token
+   ```
 
+   > [!NOTE]
+   > Anytime you use passwords in a script, the most secure option is to use the PowerShell Secrets Management module and integrate with a solution such as Azure KeyVault.
+  
 3. Call the Computer Vision API:
    ```powershell-interactive
    $url = $account.Endpoint+"vision/v1.0/models"
-   $result = Invoke-RestMethod -Uri $url  -Method Get -Headers @{"Authorization"=$token.CreateAuthorizationHeader()} -Verbose
+   $result = Invoke-RestMethod -Uri $url  -Method Get -Headers @{"Authorization"="Bearer $accessToken"} -Verbose
    $result | ConvertTo-Json
    ```
 

articles/ai-services/openai/includes/use-your-data-dotnet.md

@@ -44,7 +44,7 @@ var chatCompletionsOptions = new ChatCompletionsOptions()
             new AzureCognitiveSearchChatExtensionConfiguration()
             {
                 SearchEndpoint = new Uri(searchEndpoint),
-                SearchKey = new AzureKeyCredential(searchKey),
+                Key = searchKey,
                 IndexName = searchIndex,
             },
         }
@@ -153,7 +153,7 @@ var chatCompletionsOptions = new ChatCompletionsOptions()
             new AzureCognitiveSearchChatExtensionConfiguration()
             {
                 SearchEndpoint = new Uri(searchEndpoint),
-                SearchKey = new AzureKeyCredential(searchKey),
+                Key = searchKey,
                 IndexName = searchIndex,
             },
         }

articles/aks/csi-secrets-store-identity-access.md

@@ -179,7 +179,7 @@ In this security model, you can grant access to your cluster's resources to team
 1. Access your key vault using the [`az aks show`][az-aks-show] command and the user-assigned managed identity created by the add-on.
 
     ```azurecli-interactive
-    az aks show -g <resource-group> -n <cluster-name> --query addonProfiles.azureKeyvaultSecretsProvider.identity.clientId -o tsv
+    az aks show -g <resource-group> -n <cluster-name> --query addonProfiles.azureKeyvaultSecretsProvider.identity.objectId -o tsv
     ```
 
     Alternatively, you can create a new managed identity and assign it to your virtual machine (VM) scale set or to each VM instance in your availability set using the following commands.
@@ -193,10 +193,10 @@ In this security model, you can grant access to your cluster's resources to team
 2. Create a role assignment that grants the identity permission access to the key vault secrets, access keys, and certificates using the [`az role assignment create`][az-role-assignment-create] command.
 
     ```azurecli-interactive
-    export IDENTITY_CLIENT_ID="$(az identity show -g <resource-group> --name <identity-name> --query 'clientId' -o tsv)"
+    export IDENTITY_OBJECT_ID="$(az identity show -g <resource-group> --name <identity-name> --query 'principalId' -o tsv)"
     export KEYVAULT_SCOPE=$(az keyvault show --name <key-vault-name> --query id -o tsv)
 
-    az role assignment create --role Key Vault Administrator --assignee <identity-client-id> --scope $KEYVAULT_SCOPE
+    az role assignment create --role "Key Vault Administrator" --assignee $IDENTITY_OBJECT_ID --scope $KEYVAULT_SCOPE
     ```
 
 3. Create a `SecretProviderClass` using the following YAML. Make sure to use your own values for `userAssignedIdentityID`, `keyvaultName`, `tenantId`, and the objects to retrieve from your key vault.

articles/aks/csi-secrets-store-nginx-tls.md

@@ -229,7 +229,7 @@ Again, the instructions change slightly depending on your scenario. Follow the i
     spec:
       type: ClusterIP
       ports:
-     - port: 80
+      - port: 80
       selector:
         app: aks-helloworld-one
     ```
@@ -278,7 +278,7 @@ Again, the instructions change slightly depending on your scenario. Follow the i
     spec:
       type: ClusterIP
       ports:
-     - port: 80
+      - port: 80
       selector:
         app: aks-helloworld-two
     ```
@@ -334,7 +334,7 @@ Again, the instructions change slightly depending on your scenario. Follow the i
     spec:
       type: ClusterIP
       ports:
-     - port: 80
+      - port: 80
       selector:
         app: aks-helloworld-one
     ```
@@ -372,7 +372,7 @@ Again, the instructions change slightly depending on your scenario. Follow the i
     spec:
       type: ClusterIP
       ports:
-     - port: 80
+      - port: 80
       selector:
         app: aks-helloworld-two
     ```
@@ -400,11 +400,11 @@ We can now deploy a Kubernetes ingress resource referencing the secret.
     spec:
       ingressClassName: nginx
       tls:
-     - hosts:
+      - hosts:
         - demo.azure.com
         secretName: ingress-tls-csi
       rules:
-     - host: demo.azure.com
+      - host: demo.azure.com
         http:
           paths:
           - path: /hello-world-one(/|$)(.*)

articles/azure-monitor/essentials/azure-monitor-workspace-manage.md

@@ -133,12 +133,12 @@ Create a link between the Azure Monitor workspace and the Grafana workspace by u
 If your cluster is already configured to send data to an Azure Monitor managed service for Prometheus, you must disable it first using the following command:
 
 ```azurecli
-az aks update --disable-azuremonitormetrics -g <cluster-resource-group> -n <cluster-name> 
+az aks update --disable-azure-monitor-metrics -g <cluster-resource-group> -n <cluster-name> 
 ```
 
 Then, either enable or re-enable using the following command:
 ```azurecli
-az aks update --enable-azuremonitormetrics -n <cluster-name> -g <cluster-resource-group> --azure-monitor-workspace-resource-id 
+az aks update --enable-azure-monitor-metrics -n <cluster-name> -g <cluster-resource-group> --azure-monitor-workspace-resource-id 
 <azure-monitor-workspace-name-resource-id> --grafana-resource-id  <grafana-workspace-name-resource-id>
 ```
 

articles/iot-operations/connect-to-cloud/howto-configure-data-lake.md

@@ -270,7 +270,7 @@ The specification field of a DataLakeConnectorTopicMap resource contains the fol
     - `mqttSourceTopic`: The name of the MQTT topic(s) to subscribe to. Supports [MQTT topic wildcard notation](https://chat.openai.com/share/c6f86407-af73-4c18-88e5-f6053b03bc02).
     - `qos`: The quality of service level for subscribing to the MQTT topic. It can be one of 0 or 1.
     - `table`: The table field specifies the configuration and properties of the Delta table in the Data Lake Storage account. It has the following subfields:
-        - `tableName`: The name of the Delta table to create or append to in the Data Lake Storage account. This field is also known as the container name when used with Azure Data Lake Storage Gen2. It can contain any English letter, upper or lower case, and underbar `_`, with length up to 256 characters. No dashes `-` or space characters are allowed.
+        - `tableName`: The name of the Delta table to create or append to in the Data Lake Storage account. This field is also known as the container name when used with Azure Data Lake Storage Gen2. It can contain any **lower case** English letter, and underbar `_`, with length up to 256 characters. No dashes `-` or space characters are allowed.
         - `schema`: The schema of the Delta table, which should match the format and fields of the message payload. It's an array of objects, each with the following subfields:
             - `name`: The name of the column in the Delta table.
             - `format`: The data type of the column in the Delta table. It can be one of `boolean`, `int8`, `int16`, `int32`, `int64`, `uInt8`, `uInt16`, `uInt32`, `uInt64`, `float16`, `float32`, `float64`, `date32`, `timestamp`, `binary`, or `utf8`. Unsigned types, like `uInt8`, aren't fully supported, and are treated as signed types if specified here.
@@ -295,7 +295,7 @@ spec:
     mqttSourceTopic: "orders"
     qos: 1
     table:
-      tableName: "ordersTable"
+      tableName: "orders"
       schema:
       - name: "orderId"
         format: int32

articles/machine-learning/how-to-use-automated-ml-for-ml-models.md

@@ -123,15 +123,26 @@ Otherwise, you see a list of your recent automated  ML experiments, including th
     Additional configurations|Description
     ------|------
     Primary metric| Main metric used for scoring your model. [Learn more about model metrics](how-to-configure-auto-train.md#primary-metric).
-   Debug model via the Responsible AI dashboard | Generate a Responsible AI dashboard to do a holistic assessment and debugging of the recommended best model. This includes insights such as model explanations, fairness and performance explorer, data explorer, model error analysis. [Learn more about how you can generate a Responsible AI dashboard.](./how-to-responsible-ai-insights-ui.md). RAI Dashboard can only be run if 'Serverless' compute (preview) is specified in the experiment set-up step.
+    Enable ensemble stacking | Ensemble learning improves machine learning results and predictive performance by combining multiple models as opposed to using single models. [Learn more about ensemble models](concept-automated-ml.md#ensemble).
     Blocked algorithm| Select algorithms you want to exclude from the training job. <br><br> Allowing algorithms is only available for [SDK experiments](how-to-configure-auto-train.md#supported-algorithms). <br> See the [supported algorithms for each task type](/python/api/azureml-automl-core/azureml.automl.core.shared.constants.supportedmodels).
-    Exit criterion| When any of these criteria are met, the training job is stopped. <br> *Training job time (hours)*: How long to allow the training job to run. <br> *Metric score threshold*:  Minimum metric score for all pipelines. This ensures that if you have a defined target metric you want to reach, you don't spend more time on the training job than necessary.
-    Concurrency| *Max concurrent iterations*: Maximum number of pipelines (iterations) to test in the training job. The job won't run more than the specified number of iterations. Learn more about how automated ML performs [multiple child jobs on clusters](how-to-configure-auto-train.md#multiple-child-runs-on-clusters).
+    Explain best model| Automatically shows explainability on the best model created by Automated ML.
+ 
 
 1. (Optional) View featurization settings: if you choose to enable **Automatic featurization** in the **Additional configuration settings** form, default featurization techniques are applied. In the **View featurization settings**, you can change these defaults and customize accordingly. Learn how to [customize featurizations](#customize-featurization). 
 
     ![Screenshot shows the Select task type dialog box with View featurization settings called out.](media/how-to-use-automated-ml-for-ml-models/view-featurization-settings.png)
 
+1. The **[Optional] Limits** form allows you to do the following.
+
+   | Option | Description |
+   |---|-----|
+   |**Max trials**| Maximum number of trials, each with different combination of algorithm and hyperparameters to try during the AutoML job. Must be an integer between 1 and 1000.
+   |**Max concurrent trials**| Maximum number of trial jobs that can be executed in parallel. Must be an integer between 1 and 1000.
+   |**Max nodes**| Maximum number of nodes this job can use from selected compute target.
+   |**Metric score threshold**| When this threshold value will be reached for an iteration metric the training job will terminate. Keep in mind that meaningful models have correlation > 0, otherwise they are as good as guessing the average Metric threshold should be between bounds [0, 10].
+   |**Experiment timeout (minutes)**| Maximum time in minutes the entire experiment is allowed to run. Once this limit is reached the system will cancel the AutoML job, including all its trials (children jobs).
+   |**Iteration timeout (minutes)**| Maximum time in minutes each trial job is allowed to run. Once this limit is reached the system will cancel the trial.
+   |**Enable early termination**| Select to end the job if the score is not improving in the short term.
 
 1. The **[Optional] Validate and test** form allows you to do the following. 
 

articles/sap/workloads/dbms-guide-maxdb.md

@@ -342,6 +342,9 @@ When deploying SAP MaxDB into Azure, you must review your backup methodology. Ev
 
 Backing up and restoring a database in Azure works the same way as it does for on-premises systems, so you can use standard SAP MaxDB backup/restore tools, which are described in one of the SAP MaxDB documentation documents listed in SAP Note [767598]. 
 
+#### <a name="01885ad6-88cf-4d5a-bdb5-6d43a6eed53e"></a>Backup and Restore with Azure Backup
+You can also integrate MaxDB backup with **Azure Backup** using the third-party backup tool **Maxback** (https://maxback.io). MaxBack allows you to backup and restore MaxDB on Windows with VSS integration, which is also used by Azure Backup. The advantage of using Azure Backup is that backup and restore is done at the storage level. MaxBack ensures that the database is in the right state for backup and restore, and automatically handles log volume backups. 
+
 #### <a name="77cd2fbb-307e-4cbf-a65f-745553f72d2c"></a>Performance Considerations for Backup and Restore
 As in bare-metal deployments, backup and restore performance are dependent on how many volumes can be read in parallel and the throughput of those volumes. Therefore, one can assume:
 

articles/synapse-analytics/sql-data-warehouse/design-guidance-for-replicated-tables.md

@@ -3,7 +3,7 @@ title: Design guidance for replicated tables
 description: Recommendations for designing replicated tables in Synapse SQL pool
 author: WilliamDAssafMSFT
 ms.author: wiassaf
-ms.date: 09/27/2022
+ms.date: 01/09/2024
 ms.service: synapse-analytics
 ms.subservice: sql-dw
 ms.topic: conceptual
@@ -163,6 +163,8 @@ For example, this load pattern loads data from four sources, but only invokes on
 
 To ensure consistent query execution times, consider forcing the build of the replicated tables after a batch load. Otherwise, the first query will still use data movement to complete the query.
 
+The 'Build Replicated Table Cache' operation can execute up to two operations simultaneously. For example, if you attempt to rebuild the cache for five tables, the system will utilize a staticrc20 (which cannot be modified) to concurrently build two tables at the time. Therefore, it is recommended to avoid using large replicated tables exceeding 2 GB, as this may slow down the cache rebuild across the nodes and increase the overall time.
+
 This query uses the [sys.pdw_replicated_table_cache_state](/sql/relational-databases/system-catalog-views/sys-pdw-replicated-table-cache-state-transact-sql?toc=/azure/synapse-analytics/sql-data-warehouse/toc.json&bc=/azure/synapse-analytics/sql-data-warehouse/breadcrumb/toc.json&view=azure-sqldw-latest&preserve-view=true) DMV to list the replicated tables that have been modified, but not rebuilt.
 
 ```sql
@@ -184,6 +186,18 @@ To trigger a rebuild, run the following statement on each table in the preceding
 SELECT TOP 1 * FROM [ReplicatedTable]
 ```
 
+To monitor the rebuild process, you can use [sys.dm_pdw_exec_requests](/sql/relational-databases/system-dynamic-management-views/sys-dm-pdw-exec-requests-transact-sql?view=azure-sqldw-latest&preserve-view=true), where the `command` will start with 'BuildReplicatedTableCache'. For example:
+
+```sql
+-- Monitor Build Replicated Cache
+SELECT *
+FROM sys.dm_pdw_exec_requests
+WHERE command like 'BuildReplicatedTableCache%'
+```
+
+> [!TIP]
+> [Table size queries](/azure/synapse-analytics/sql-data-warehouse/sql-data-warehouse-tables-overview#table-size-queries) can be used to verify which table(s) have a replicated distribution policy and which are larger than 2 GB.
+
 ## Next steps
 
 To create a replicated table, use one of these statements:

articles/virtual-machines/automatic-extension-upgrade.md

@@ -73,7 +73,7 @@ Automatic Extension Upgrade supports the following extensions (and more are adde
 - [Azure Monitor Agent](../azure-monitor/agents/azure-monitor-agent-overview.md)
 - [Log Analytics Agent for Linux](../azure-monitor/agents/log-analytics-agent.md)
 - [Azure Diagnostics extension for Linux](../azure-monitor/agents/diagnostics-extension-overview.md)
-
+- Service Fabric – [Linux](../service-fabric/service-fabric-tutorial-create-vnet-and-linux-cluster.md#service-fabric-extension)
 
 ## Enabling Automatic Extension Upgrade