Merge branch 'MicrosoftDocs:main' into main

Author: halkazwini

articles/app-service/toc.yml

@@ -373,6 +373,8 @@
       href: deploy-container-github-action.md
     - name: End-to-end tutorials
       items:
+        - name: Configure a sidecar container
+          href: tutorial-custom-container-sidecar.md
         - name: Deploy app with Azure Container Registry
           href: tutorial-custom-container.md
         - name: Deploy with GitHub Actions

articles/cosmos-db/cmk-troubleshooting-guide.md

@@ -60,6 +60,16 @@ You see this error when the Azure Key Vault or specified Key are not found.
 
 Check if the Azure Key Vault or the specified key exist and restore them if accidentally got deleted, then wait for one hour. If the issue isn't resolved after more than 2 hours, contact customer service. 
 
+## Azure key Disabled or expired 
+
+### Reason for error 
+
+You see this error when the Azure Key Vault key has been expired or deleted.
+
+### Troubleshooting 
+
+If your key has been disabled please enable it. If it has been expired please un-expire it, and once the account is not revoked anymore feel free to rotate the key as Azure Cosmos DB will update the key version once the account is online.
+
 ## Invalid Azure Cosmos DB default identity 
 
 ### Reason for error 

articles/cosmos-db/how-to-setup-customer-managed-keys-existing-accounts.md

@@ -10,25 +10,31 @@ ms.author: turao
 ms.devlang: azurecli
 ---
 
-# Configure customer-managed keys for your existing Azure Cosmos DB account with Azure Key Vault (Preview)
+# Configure customer-managed keys for your existing Azure Cosmos DB account with Azure Key Vault
 
 [!INCLUDE[NoSQL, MongoDB, Gremlin, Table](includes/appliesto-nosql-mongodb-cassandra-gremlin-table.md)]
 
 Enabling a second layer of encryption for data at rest using [Customer Managed Keys](./how-to-setup-customer-managed-keys.md) while creating a new Azure Cosmos DB account has been Generally available for some time now. As a natural next step, we now have the capability to enable CMK on existing Azure Cosmos DB accounts.
 
 This feature eliminates the need for data migration to a new account to enable CMK. It helps to improve customers’ security and compliance posture.
 
-> [!NOTE]
-> Currently, enabling customer-managed keys on existing Azure Cosmos DB accounts is in preview. This preview is provided without a service-level agreement. Certain features of this preview may not be supported or may have constrained capabilities. For more information, see [supplemental terms of use for Microsoft Azure previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
-
 Enabling CMK kicks off a background, asynchronous process to encrypt all the existing data in the account, while new incoming data are encrypted before persisting. There's no need to wait for the asynchronous operation to succeed. The enablement process consumes unused/spare RUs so that it doesn't affect your read/write workloads. You can refer to this [link](./how-to-setup-customer-managed-keys.md?tabs=azure-powershell#how-do-customer-managed-keys-influence-capacity-planning) for capacity planning once your account is encrypted. 
 
 ## Get started by enabling CMK on your existing accounts
 
+> [!IMPORTANT]
+> Go through the prerequisites section thoroughly. These are important considerations.
+
 ### Prerequisites
 
 All the prerequisite steps needed while configuring Customer Managed Keys for new accounts is applicable to enable CMK on your existing account. Refer to the steps [here](./how-to-setup-customer-managed-keys.md?tabs=azure-portal#prerequisites)
 
+It is important to note that enabling encryption on your Azure Cosmos DB account will add a small overhead to your document's ID, limiting the maximum size of the document ID to 990 bytes instead of 1024 bytes. If your account has any documents with IDs larger than 990 bytes, the encryption process will fail until those documents are deleted.
+ 
+To verify if your account is compliant, you can use the provided console application [hosted here](https://github.com/AzureCosmosDB/Cosmos-DB-Non-CMK-to-CMK-Migration-Scanner) to scan your account. Make sure that you are using the endpoint from your 'sqlEndpoint' account property, no matter the API selected. 
+
+If you wish to disable server-side validation for this during migration, please contact support.
+
 ### Steps to enable CMK on your existing account
 
 To enable CMK on an existing account, update the account with an ARM template setting a Key Vault key identifier in the keyVaultKeyUri property – just like you would when enabling CMK on a new account. This step can be done by issuing a PATCH call with the following payload:
@@ -141,7 +147,7 @@ The state of the key is checked when CMK encryption is triggered. If the key in
 
 **Can we enable CMK encryption on our existing production account?**
 
-Yes. Since the capability is currently in preview, we recommend testing all scenarios first on nonproduction accounts and once you're comfortable you can consider production accounts.
+Yes. Go through the prerequisite section thoroughly. We recommend testing all scenarios first on nonproduction accounts and once you're comfortable you can consider production accounts.
 
 ## Next steps
 

articles/cosmos-db/how-to-setup-customer-managed-keys.md

@@ -22,7 +22,7 @@ Data stored in your Azure Cosmos DB account is automatically and seamlessly encr
 You must store customer-managed keys in [Azure Key Vault](../key-vault/general/overview.md) and provide a key for each Azure Cosmos DB account that is enabled with customer-managed keys. This key is used to encrypt all the data stored in that account.
 
 > [!NOTE]
-> Currently, customer-managed keys are available only for new Azure Cosmos DB accounts. You should configure them during account creation. Enabling customer-managed keys on your existing accounts is available for preview. You can refer to the link [here](how-to-setup-customer-managed-keys-existing-accounts.md) for more details
+> If you wish to enable customer-managed keys on your existing Azure Cosmos DB accounts then you can refer to the link [here](how-to-setup-customer-managed-keys-existing-accounts.md) for more details
 
 > [!WARNING]
 > The following field names are reserved on Cassandra API tables in accounts using Customer-managed Keys:

articles/machine-learning/concept-endpoints-batch.md

@@ -5,27 +5,25 @@ description: Learn how Azure Machine Learning uses batch endpoints to simplify m
 services: machine-learning
 ms.service: machine-learning
 ms.subservice: inferencing
-ms.topic: conceptual
+ms.topic: concept-article
 author: santiagxf
 ms.author: fasantia
 ms.reviewer: mopeakande
 ms.custom:
   - devplatv2
   - ignite-2023
-ms.date: 04/01/2023
+ms.date: 04/04/2024
 #Customer intent: As an MLOps administrator, I want to understand what a managed endpoint is and why I need it.
 ---
 
 # Batch endpoints
 
-After you train a machine learning model, you need to deploy it so that others can consume its predictions. Such execution mode of a model is called *inference*. Azure Machine Learning uses the concept of [endpoints and deployments](concept-endpoints.md) for machine learning models inference.
+Azure Machine Learning allows you to implement *batch endpoints and deployments* to perform long-running, asynchronous inferencing with machine learning models and pipelines. When you train a machine learning model or pipeline, you need to deploy it so that others can use it with new input data to generate predictions. This process of generating predictions with the model or pipeline is called _inferencing_.
 
-**Batch endpoints** are endpoints that are used to do batch inferencing on large volumes of data over in asynchronous way.  Batch endpoints receive pointers to data and run jobs asynchronously to process the data in parallel on compute clusters. Batch endpoints store outputs to a data store for further analysis.
-
-We recommend using them when:
+Batch endpoints receive pointers to data and run jobs asynchronously to process the data in parallel on compute clusters. Batch endpoints store outputs to a data store for further analysis. Use batch endpoints when:
 
 > [!div class="checklist"]
-> * You have expensive models or pipelines that requires a longer time to run.
+> * You have expensive models or pipelines that require a longer time to run.
 > * You want to operationalize machine learning pipelines and reuse components.
 > * You need to perform inference over large amounts of data, distributed in multiple files.
 > * You don't have low latency requirements.
@@ -34,28 +32,28 @@ We recommend using them when:
 
 ## Batch deployments
 
-A deployment is a set of resources and computes required to implement the functionality the endpoint provides. Each endpoint can host multiple deployments with different configurations, which helps *decouple the interface* indicated by the endpoint, from *the implementation details* indicated by the deployment. Batch endpoints automatically route the client to the default deployment which can be configured and changed at any time.
+A deployment is a set of resources and computes required to implement the functionality that the endpoint provides. Each endpoint can host several deployments with different configurations, and this functionality helps to *decouple the endpoint's interface* from *the implementation details* that are defined by the deployment. When a batch endpoint is invoked, it automatically routes the client to its default deployment. This default deployment can be configured and changed at any time.
 
-:::image type="content" source="./media/concept-endpoints/batch-endpoint.png" alt-text="Diagram showing the relationship between endpoints and deployments in batch endpoints.":::
+:::image type="content" source="./media/concept-endpoints/batch-endpoint.png" alt-text="Diagram showing the relationship between a batch endpoint and its deployments." lightbox="media/concept-endpoints/batch-endpoint.png":::
 
-There are two types of deployments in batch endpoints: 
+Two types of deployments are possible in Azure Machine Learning batch endpoints:
 
-* [Model deployments](#model-deployments)
+* [Model deployment](#model-deployment)
 * [Pipeline component deployment](#pipeline-component-deployment)
 
-### Model deployments
+### Model deployment
 
-Model deployment allows operationalizing model inference at scale, processing big amounts of data in a low latency and asynchronous way. Scalability is automatically instrumented by Azure Machine Learning by providing parallelization of the inferencing processes across multiple nodes in a compute cluster. 
+Model deployment enables the operationalization of model inferencing at scale, allowing you to process large amounts of data in a low latency and asynchronous way. Azure Machine Learning automatically instruments scalability by providing parallelization of the inferencing processes across multiple nodes in a compute cluster.
 
-Use __Model deployments__ when:
+Use __Model deployment__ when:
 
 > [!div class="checklist"]
-> * You have expensive models that requires a longer time to run inference.
+> * You have expensive models that require a longer time to run inference.
 > * You need to perform inference over large amounts of data, distributed in multiple files.
 > * You don't have low latency requirements.
 > * You can take advantage of parallelization.
 
-The main benefit of this kind of deployments is that you can use the very same assets deployed in the online world (Online Endpoints) but now to run at scale in batch. If your model requires simple pre or pos processing, you can [author an scoring script](how-to-batch-scoring-script.md) that performs the data transformations required. 
+The main benefit of model deployments is that you can use the same assets that are deployed for real-time inferencing to online endpoints, but now, you get to run them at scale in batch. If your model requires simple preprocessing or post-processing, you can [author an scoring script](how-to-batch-scoring-script.md) that performs the data transformations required.
 
 To create a model deployment in a batch endpoint, you need to specify the following elements:
 
@@ -69,16 +67,16 @@ To create a model deployment in a batch endpoint, you need to specify the follow
 
 ### Pipeline component deployment
 
-Pipeline component deployment allows operationalizing entire processing graphs (pipelines) to perform batch inference in a low latency and asynchronous way.
+Pipeline component deployment enables the operationalization of entire processing graphs (or pipelines) to perform batch inference in a low latency and asynchronous way.
 
-Use __Pipeline component deployments__ when:
+Use __Pipeline component deployment__ when:
 
 > [!div class="checklist"]
-> * You need to operationalize complete compute graphs that can be decomposed in multiple steps.
+> * You need to operationalize complete compute graphs that can be decomposed into multiple steps.
 > * You need to reuse components from training pipelines in your inference pipeline.
 > * You don't have low latency requirements.
 
-The main benefit of this kind of deployments is reusability of components already existing in your platform and the capability to operationalize complex inference routines. 
+The main benefit of pipeline component deployments is the reusability of components that already exist in your platform and the capability to operationalize complex inference routines.
 
 To create a pipeline component deployment in a batch endpoint, you need to specify the following elements:
 
@@ -88,18 +86,18 @@ To create a pipeline component deployment in a batch endpoint, you need to speci
 > [!div class="nextstepaction"]
 > [Create your first pipeline component deployment](how-to-use-batch-pipeline-deployments.md)
 
-Batch endpoints also allow you to [create Pipeline component deployments from an existing pipeline job](how-to-use-batch-pipeline-from-job.md). When doing that, Azure Machine Learning automatically creates a Pipeline component out of the job. This simplifies the use of these kinds of deployments. However, it is a best practice to always [create pipeline components explicitly to streamline your MLOps practice](how-to-use-batch-pipeline-deployments.md).
+Batch endpoints also allow you to [Create pipeline component deployments from an existing pipeline job](how-to-use-batch-pipeline-from-job.md). When doing that, Azure Machine Learning automatically creates a pipeline component out of the job. This simplifies the use of these kinds of deployments. However, it's a best practice to always [create pipeline components explicitly to streamline your MLOps practice](how-to-use-batch-pipeline-deployments.md).
 
 ## Cost management
 
-Invoking a batch endpoint triggers an asynchronous batch inference job. Compute resources are automatically provisioned when the job starts, and automatically de-allocated as the job completes. So you only pay for compute when you use it.
+Invoking a batch endpoint triggers an asynchronous batch inference job. Azure Machine Learning automatically provisions compute resources when the job starts, and automatically deallocates them as the job completes. This way, you only pay for compute when you use it.
 
 > [!TIP]
-> When deploying models, you can [override compute resource settings](how-to-use-batch-endpoint.md#overwrite-deployment-configuration-per-each-job) (like instance count) and advanced settings (like mini batch size, error threshold, and so on) for each individual batch inference job to speed up execution and reduce cost if you know that you can take advantage of specific configurations.
+> When deploying models, you can [override compute resource settings](how-to-use-batch-endpoint.md#overwrite-deployment-configuration-per-each-job) (like instance count) and advanced settings (like mini batch size, error threshold, and so on) for each individual batch inference job. By taking advantage of these specific configurations, you might be able to speed up execution and reduce cost.
 
-Batch endpoints also can run on low-priority VMs. Batch endpoints can automatically recover from deallocated VMs and resume the work from where it was left when deploying models for inference. See [Use low-priority VMs in batch endpoints](how-to-use-low-priority-batch.md).
+Batch endpoints can also run on low-priority VMs. Batch endpoints can automatically recover from deallocated VMs and resume the work from where it was left when deploying models for inference. For more information on how to use low priority VMs to reduce the cost of batch inference workloads, see [Use low-priority VMs in batch endpoints](how-to-use-low-priority-batch.md).
 
-Finally, Azure Machine Learning doesn't charge for batch endpoints or batch deployments themselves, so you can organize your endpoints and deployments as best suits your scenario. Endpoints and deployment can use independent or shared clusters, so you can achieve fine grained control over which compute the produced jobs consume. Use __scale-to-zero__ in clusters to ensure no resources are consumed when they are idle. 
+Finally, Azure Machine Learning doesn't charge you for batch endpoints or batch deployments themselves, so you can organize your endpoints and deployments as best suits your scenario. Endpoints and deployments can use independent or shared clusters, so you can achieve fine-grained control over which compute the jobs consume. Use __scale-to-zero__ in clusters to ensure no resources are consumed when they're idle. 
 
 ## Streamline the MLOps practice
 
@@ -111,16 +109,16 @@ You can add, remove, and update deployments without affecting the endpoint itsel
 
 ## Flexible data sources and storage
 
-Batch endpoints reads and write data directly from storage. You can indicate Azure Machine Learning datastores, Azure Machine Learning data asset, or Storage Accounts as inputs. For more information on supported input options and how to indicate them, see [Create jobs and input data to batch endpoints](how-to-access-data-batch-endpoints-jobs.md).
+Batch endpoints read and write data directly from storage. You can specify Azure Machine Learning datastores, Azure Machine Learning data assets, or Storage Accounts as inputs. For more information on the supported input options and how to specify them, see [Create jobs and input data to batch endpoints](how-to-access-data-batch-endpoints-jobs.md).
 
 ## Security
 
-Batch endpoints provide all the capabilities required to operate production level workloads in an enterprise setting. They support [private networking](how-to-secure-batch-endpoint.md) on secured workspaces and [Microsoft Entra authentication](how-to-authenticate-batch-endpoint.md), either using a user principal (like a user account) or a service principal (like a managed or unmanaged identity). Jobs generated by a batch endpoint run under the identity of the invoker which gives you flexibility to implement any scenario. See [How to authenticate to batch endpoints](how-to-authenticate-batch-endpoint.md) for details.
+Batch endpoints provide all the capabilities required to operate production level workloads in an enterprise setting. They support [private networking](how-to-secure-batch-endpoint.md) on secured workspaces and [Microsoft Entra authentication](how-to-authenticate-batch-endpoint.md), either using a user principal (like a user account) or a service principal (like a managed or unmanaged identity). Jobs generated by a batch endpoint run under the identity of the invoker, which gives you the flexibility to implement any scenario. For more information on authorization while using batch endpoints, see [How to authenticate on batch endpoints](how-to-authenticate-batch-endpoint.md).
 
 > [!div class="nextstepaction"]
 > [Configure network isolation in Batch Endpoints](how-to-secure-batch-endpoint.md)
 
-## Next steps
+## Related content
 
 - [Deploy models with batch endpoints](how-to-use-batch-model-deployments.md)
 - [Deploy pipelines with batch endpoints](how-to-use-batch-pipeline-deployments.md)