Merge pull request #222027 from HeidiSteen/heidist-privacy

[azure search] Data privacy doc updates

Author: liljack17

articles/search/media/search-security-overview/support-request.png

@@ -9,7 +9,7 @@ ms.author: heidist
 tags: azure-portal
 ms.service: cognitive-search
 ms.topic: conceptual
-ms.date: 05/23/2022
+ms.date: 12/21/2022
 ---
 # Service administration for Azure Cognitive Search in the Azure portal
 
@@ -34,7 +34,7 @@ Each search service is managed as a standalone resource. The following image sho
 
 ## Overview (home) page
 
-The overview page is the "home" page of each service. Below, the areas on the screen enclosed in red boxes indicate tasks, tools, and tiles that you might use often, especially if you are new to the service.
+The overview page is the "home" page of each service. In the following screenshot, the areas on the screen enclosed in red boxes indicate tasks, tools, and tiles that you might use often, especially if you're new to the service.
 
 :::image type="content" source="media/search-manage/search-portal-overview-page.png" alt-text="Portal pages for a search service" border="true":::
 
@@ -43,7 +43,7 @@ The overview page is the "home" page of each service. Below, the areas on the sc
 | 1  | The **Essentials** section lists service properties, such as the service endpoint, service tier, and replica and partition counts. |
 | 2 | A command bar at the top of the page includes [Import data](search-get-started-portal.md) and [Search explorer](search-explorer.md), used for prototyping and exploration. |
 | 3 | Tabbed pages in the center provide quick access to usage statistics, service health metrics, and access to all of the existing indexes, indexers, data sources, and skillsets.|
-| 4 | Navigation links are to the left. |
+| 4 | Navigation links to other pages. |
 
 ### Read-only service properties
 
@@ -55,7 +55,7 @@ Several aspects of a search service are determined when the service is provision
 
 <sup>1</sup> Although there are ARM and bicep templates for service deployment, moving content is a manual job.
 
-<sup>2</sup> Switching tiers requires creating a new service or filing a support ticket to request a tier upgrade.
+<sup>2</sup> Switching a tier requires creating a new service or filing a support ticket to request a tier upgrade.
 
 ## Management tasks
 
@@ -68,7 +68,7 @@ Service administration includes the following tasks:
 * [Configure a private endpoint](service-create-private-endpoint.md) using Azure Private Link and a private virtual network
 * [Monitor service health and operations](monitor-azure-cognitive-search.md): storage, query volumes, and latency
 
-There is feature parity across all modalities and languages except for preview management features. In general, preview management features are released through the Management REST API first. Programmatic support for service administration can be found in the following APIs and modules:
+There's feature parity across all modalities and languages except for preview management features. In general, preview management features are released through the Management REST API first. Programmatic support for service administration can be found in the following APIs and modules:
 
 * [Management REST API reference](/rest/api/searchmanagement/)
 * [Az.Search PowerShell module](search-manage-powershell.md)
@@ -78,15 +78,27 @@ You can also use the management client libraries in the Azure SDKs for .NET, Pyt
 
 ## Data collection and retention
 
-Cognitive Search uses other Azure services for deeper monitoring and management. By itself, the only persistent data stored within the search service are the structures that support indexing, enrichment, and queries. These structures include indexes, indexers, data sources, skillsets, and synonym maps. All other saved data, including debug session state and caching, is placed in Azure Storage.
+Because Azure Cognitive Search is a [monitored resource](/azure/azure-monitor/monitor-reference), you can review the built-in [**activity logs**](/azure/azure-monitor/essentials/activity-log) and [**platform metrics**](/azure/azure-monitor/essentials/data-platform-metrics#types-of-metrics) for insights into service operations. Activity logs and the data used to report on platform metrics are retained for the periods described in the following table.
 
-Metrics reported out to portal pages are pulled from internal logs on a rolling 30-day cycle. For user-controlled log retention and more events, you will need [Azure Monitor](../azure-monitor/index.yml) and a supported approach for retaining log data.  For more information about setting up resource logging for a search service, see [Collect and analyze log data](monitor-azure-cognitive-search.md).
+If you opt in for [**resource logging**](/azure/azure-monitor/essentials/resource-logs), you'll specify durable storage over which you'll have full control over data retention and data access through Kusto queries. For more information on how to set up resource logging in Cognitive Search, see [Collect and analyze log data](monitor-azure-cognitive-search.md).
+
+Internally, Microsoft collects telemetry data about your service and the platform. It's stored internally in Microsoft data centers and made globally available to Microsoft support engineers when you open a support ticket.
+
+| Monitoring data | Retention |
+|-----------------|-----------|
+| Activity logs | 90 days on a rolling schedule |
+| Platform metrics | 93 days on a rolling schedule, except that portal visualization is limited to a 30 day window |
+| Resource logs | User-managed |
+| Telemetry | One and a half years |
+
+> [!NOTE]
+> This section is about monitoring data. For questions about customer data and privacy, see the ["Data residency"](search-security-overview.md#data-residency) section of the security overview article.
 
 ## Administrator permissions
 
 When you open the search service overview page, the Azure role assigned to your account determines what portal content is available to you. The overview page at the beginning of the article shows the portal content available to an Owner or Contributor.
 
-Control plane roles include the following:
+Control plane roles include the following items:
 
 * Owner
 * Contributor (same as Owner, minus the ability to assign roles)

articles/search/search-manage.md

@@ -9,7 +9,7 @@ ms.author: heidist
 ms.service: cognitive-search
 ms.custom: ignite-2022
 ms.topic: conceptual
-ms.date: 12/12/2022
+ms.date: 12/21/2022
 ---
 
 # Security overview for Azure Cognitive Search
@@ -58,6 +58,10 @@ Outbound connections can be made using a resource's full access connection strin
 
 If your Azure resource is behind a firewall, you'll need to [create rules that admit search service requests](search-indexer-howto-access-ip-restricted.md). For resources protected by Azure Private Link, you can [create a shared private link](search-indexer-howto-access-private.md) that an indexer uses to make its connection.
 
+#### Exception for same-region search and storage services
+
+If Storage and Search are in the same region, network traffic is routed through a private IP address and occurs over the Microsoft backbone network. Because private IP addresses are used, you can't configure IP firewalls or a private endpoint for network security. Instead, use the [trusted service exception](search-indexer-howto-access-trusted-service-exception.md) as an alternative when both services are in the same region. 
+
 ### Internal traffic
 
 Internal requests are secured and managed by Microsoft. You can't configure or control these connections. If you're locking down network access, no action on your part is required because internal traffic isn't customer-configurable.
@@ -156,11 +160,35 @@ In Azure Cognitive Search, Resource Manager is used to create or delete the serv
 
 ## Data residency
 
-When you set up a search service, you choose a location or region that determines where data is stored and processed. Azure Cognitive Search won't store data outside of your specified region unless you configure a feature that has a dependency on another Azure resource, and that resource is provisioned in a different region.
+When you set up a search service, you choose a location or region that determines where customer data is stored and processed. Azure Cognitive Search won't store customer data outside of your specified region unless you configure a feature that has a dependency on another Azure resource, and that resource is provisioned in a different region.
+
+Currently, the only external resource that a search service writes customer data to is Azure Storage. The storage account is one that you provide, and it could be in any region. A search service will write to Azure Storage if you use any of the following features: [enrichment cache](cognitive-search-incremental-indexing-conceptual.md), [debug session](cognitive-search-debug-session.md), [knowledge store](knowledge-store-concept-intro.md). 
+
+### Exceptions to data residency commitments
+
+Although customer data isn't stored outside of your region, object names will appear in the telemetry logs used by Microsoft Support to troubleshoot your service issues. Object names are considered customer data. Names in telemetry logs include those of indexes, indexers, data sources, skillsets, containers, and key vault store.
+
+Object names aren't obfuscated in the telemetry logs. If possible, avoid using names that convey sensitive information.
+
+Telemetry logs are retained for one and a half years. During that period, support engineers might access and reference object names under these conditions:
+
++ Diagnose an issue, improve a feature, or fix a bug. In this scenario, data access is internal only, with no third-party access.
+
++ Proactively suggest to the original customer a workaround or alternative. For example, "Based on your usage of the product, consider using `<feature name>` since it would perform better." In this scenario, Microsoft might expose an object name through dashboards visible to the customer.
+
+Upon request, Microsoft can shorten the retention interval or remove references to specific objects in the telemetry logs. Remember that if you request data removal, the trade off is reduced ability to troubleshoot any issues related to the object in question.
+
+To remove references to specific objects, or to change the data retention period, [file a support ticket](/azure/azure-portal/supportability/how-to-create-azure-support-request) for your search service.
+
+1. In **Problem details**, tag your request using the following selections:
+
+   + **Issue type**: Technical
+   + **Problem type**: Setup and configuration
+   + **Problem subtype**: Issue with security configuration of the service
 
-The only external resource that a search service writes to is Azure Storage. The storage account is one that you provide, and it could be in any region. A search service will write to Azure Storage if you use any of the following features: [enrichment cache](cognitive-search-incremental-indexing-conceptual.md), [debug session](cognitive-search-debug-session.md), [knowledge store](knowledge-store-concept-intro.md). 
+1. When you get to **Additional details** (the third tab), describe the object names you would like removed, or specify the retention period that you require.
 
-If both the storage account and the search service are in the same region, network traffic between search and storage uses a private IP address and occurs over the Microsoft backbone network. Because private IP addresses are used, you can't configure IP firewalls or a private endpoint for network security. Instead, use the [trusted service exception](search-indexer-howto-access-trusted-service-exception.md) as an alternative when both services are in the same region. 
+   :::image type="content" source="media/search-security-overview/support-request.png" alt-text="Screenshot of the first page of the support ticket with issue and problem types selected." border="true":::
 
 <a name="encryption"></a>