Merge pull request #279697 from HeidiSteen/heidist-june28

[azure search] misc edits

Author: prmerger-automator[bot]

articles/search/search-get-started-portal-image-search.md

@@ -32,15 +32,15 @@ Sample data consists of image files in the [azure-search-sample-data](https://gi
 
 + An Azure subscription. [Create one for free](https://azure.microsoft.com/free/).
 
-+ Azure AI services, a multiservice account, in a region that provides Azure AI Vision multimodal embeddings.
++ [Azure AI services multiservice account](/azure/ai-services/multi-service-resource), in a region that provides Azure AI Vision multimodal embeddings.
 
   Currently, those regions are: SwedenCentral, EastUS, NorthEurope, WestEurope, WestUS, SoutheastAsia, KoreaCentral, FranceCentral, AustraliaEast, WestUS2, SwitzerlandNorth, JapanEast. [Check the documentation](/azure/ai-services/computer-vision/how-to/image-retrieval) for an updated list.
 
 + Azure AI Search, on any tier, but in the same region as Azure AI services. 
 
   Service tier determines how many blobs you can index. We used the free tier to create this walkthrough and limited the content to 10 JPG files.
 
-+ Azure Storage, a standard performance (general-purpose v2) account. Access tiers can be hot, cool, and cold.
++ Azure Blob storage, a standard performance (general-purpose v2) account. Access tiers can be hot, cool, and cold. ADLS Gen2 isn't supported, so if you enabled hierarchical namespace on your account, it won't work with this version of the wizard.
 
 All of the above resources must have public access enabled for the portal nodes to be able to access them. Otherwise, the wizard fails. After the wizard runs, firewalls and private endpoints can be enabled on the different integration components for security.
 

articles/search/search-get-started-portal-import-vectors.md

@@ -44,15 +44,15 @@ For fewer limitations or more data source options, try a code-base approach. See
 
 + An Azure subscription. [Create one for free](https://azure.microsoft.com/free/).
 
-+ For data, use either an [Azure Storage account](/azure/storage/common/storage-account-overview) or a [OneLake lakehouse](search-how-to-index-onelake-files.md). For Azure Storage, use a standard performance (general-purpose v2) account. Access tiers can be hot, cool, and cold.
++ For data, use either an [Azure Storage account](/azure/storage/common/storage-account-overview) or a [OneLake lakehouse](search-how-to-index-onelake-files.md). For Azure Storage, use a standard performance (general-purpose v2) account. Access tiers can be hot, cool, and cold. ADLS Gen2 isn't supported, so if you enabled hierarchical namespace on your account, it won't work with this version of the wizard.
 
-+ For vectorization, have an Azure AI services multiservice account or [Azure OpenAI](https://aka.ms/oai/access) endpoint with deployments.
++ For vectorization, have an [Azure AI services multiservice account](/azure/ai-services/multi-service-resource) or [Azure OpenAI](https://aka.ms/oai/access) endpoint with deployments.
 
   For [multimodal with Azure AI Vision](/azure/ai-services/computer-vision/how-to/image-retrieval), create an Azure AI service in SwedenCentral, EastUS, NorthEurope, WestEurope, WestUS, SoutheastAsia, KoreaCentral, FranceCentral, AustraliaEast, WestUS2, SwitzerlandNorth, JapanEast. [Check the documentation](/azure/ai-services/computer-vision/how-to/image-retrieval?tabs=csharp) for an updated list.
 
   You can also use [Azure AI Studio model catalog](/azure/ai-studio/what-is-ai-studio) (and hub and project) with model deployments.
 
-+ Azure AI Search, in the same region as your Azure AI service. We recommend Basic tier or higher.s
++ Azure AI Search, in the same region as your Azure AI service. We recommend Basic tier or higher.
 
 + Role assignments or API keys are required for connections to embedding models and data sources. Instructions for role-based access are provided in this article.
 

articles/search/search-get-started-portal.md

@@ -28,6 +28,8 @@ The wizard creates multiple objects on your search service - [searchable index](
 
 - An Azure AI Search service for any tier and any region. [Create a service](search-create-service-portal.md) or [find an existing service](https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Search%2FsearchServices) under your current subscription. You can use a free service for this quickstart. 
 
+  For this quickstart, make sure the search service doesn't have [network access controls](service-configure-firewall.md) in place. The portal connects to the hosted sample data over a public endpoint. If search is behind a firewall, the wizard can't create the data source.
+
 ### Check for space
 
 Many customers start with the free service. The free tier is limited to three indexes, three data sources, and three indexers. Make sure you have room for extra items before you begin. This quickstart creates one of each object.
@@ -50,7 +52,7 @@ In this section, create and load an index in four steps.
 
 ### Connect to a data source
 
-The wizard creates a data source connection to sample data hosted by Microsoft on Azure Cosmos DB. This sample data is retrieved accessed over an internal connection. You don't need your own Azure Cosmos DB account or source files to run this quickstart.
+The wizard creates a data source connection to sample data hosted by Microsoft on Azure Cosmos DB. This sample data is retrieved accessed over a public endpoint. You don't need your own Azure Cosmos DB account or source files to run this quickstart.
 
 1. On **Connect to your data**, expand the **Data Source** dropdown list and select **Samples**.
 

articles/search/search-security-api-keys.md

@@ -17,7 +17,7 @@ ms.date: 06/28/2024
 
 Azure AI Search offers key-based authentication that you can use on connections to your search service. An API key is a unique string composed of 52 randomly generated numbers and letters. A request made to a search service endpoint is accepted if both the request and the API key are valid.
 
-Key-based authentication is the default. You can disable it if you opt in for [role-based authentication](search-security-enable-roles.md).
+Key-based authentication is the default. You can replace it with [role-based access](search-security-enable-roles.md), which eliminates the need for hardcoded keys in your code.
 
 ## Types of API keys
 

articles/search/search-security-enable-roles.md

@@ -14,7 +14,7 @@ ms.date: 06/18/2024
 
 # Enable or disable role-based access control in Azure AI Search
 
-If you want to use Azure role assignments for authorized access to Azure AI Search, this article explains how to enable role-based access for your search service.
+If you want to use roles for authorized access to Azure AI Search, this article explains how to enable role-based access control for your search service.
 
 Role-based access for data plane operations is optional, but recommended as the more secure option. The alternative is [key-based authentication](search-security-api-keys.md), which is the default. 
 

articles/search/search-security-rbac.md

@@ -14,7 +14,7 @@ ms.custom: subject-rbac-steps, references_regions, devx-track-azurepowershell
 
 # Connect to Azure AI Search using role-based access controls
 
-Azure provides a global [role-based access control authorization system](../role-based-access-control/role-assignments-portal.yml) for all services running on the platform. In Azure AI Search, you can assign Azure roles for:
+Azure provides a global authentication and [role-based authorization system](../role-based-access-control/role-assignments-portal.yml) for all services running on the platform. In Azure AI Search, you can assign Azure roles for:
 
 > [!div class="checklist"]
 > + [Service administration](#assign-roles-for-service-administration)

articles/search/service-configure-firewall.md

@@ -42,7 +42,7 @@ There are a few drawbacks to locking down the public endpoint.
 
 + It takes time to fully identify IP ranges and set up firewalls, and if you're in early stages of proof-of-concept testing and investigation and using sample data, you might want to defer network access controls until you actually need them.
 
-+ Some workflows require access to a public endpoint. Specifically, the [Import and vectorize data wizard](search-get-started-portal-import-vectors.md) in the Azure portal currently connects to embedding models over the public endpoint, and the response from the embedding model is returned over the public endpoint. You can switch to code or script to complete the same tasks, but if you want to try the wizard, the public endpoint must be available.
++ Some workflows require access to a public endpoint. Specifically, the import wizards in the Azure portal, such as the [Import data wizard](search-get-started-portal.md) and [Import and vectorize data wizard](search-get-started-portal-import-vectors.md), connect to built-in (hosted) sample data and embedding models over the public endpoint. You can switch to code or script to complete the same tasks with firewall rules in place, but if you want to run the wizards, the public endpoint must be available.
 
 <a id="configure-ip-policy"></a> 
 
@@ -147,9 +147,17 @@ Once your Azure resource has a managed identity, [assign roles on Azure AI Searc
 
 The trusted services are used for vectorization workloads: generating vectors from text and image content, and sending payloads back to the search service for query execution or indexing. Connections from a trusted service are used to deliver payloads to Azure AI search.
 
-+ To load a search index with vectors generated by an embedding model, assign **Search Index Data Contributor**.
+1. [Find your search service](https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Search%2FsearchServices).
+1. On the leftmost pane, under **Access control (IAM)**, select **Identity**.
+1. Select **Add** and then select **Add role assignment**.
+1. On the **Roles** page:
 
-+ To provide queries with a vector generated by an embedding model, assign **Search Index Data Reader**. The embedding used in a query isn't written to an index, so no write permissions are required.
+   + Select **Search Index Data Contributor** to load a search index with vectors generated by an embedding model. Choose this role if you intend to use integrated vectorization during indexing.
+   + Or, select **Search Index Data Reader** to provide queries with a vector generated by an embedding model. The embedding used in a query isn't written to an index, so no write permissions are required.
+
+1. Select **Next**.
+1. On the **Members** page, select **Managed identity** and **Select members**.
+1. Filter by system-managed identity and then select the managed identity of your Azure AI multiservice account.
 
 > [!NOTE]
 > This article covers the trusted exception for admitting requests to your search service, but Azure AI Search is itself on the trusted services list of other Azure resources. Specifically, you can use the trusted service exception for [connections from Azure AI Search to Azure Storage](search-indexer-howto-access-trusted-service-exception.md).

articles/search/vector-search-how-to-configure-compression-storage.md

@@ -7,13 +7,13 @@ author: heidisteen
 ms.author: heidist
 ms.service: cognitive-search
 ms.topic: how-to
-ms.date: 06/19/2024
+ms.date: 06/28/2024
 ---
 
 # Configure vector quantization and reduced storage for smaller vectors in Azure AI Search
 
 > [!IMPORTANT]
-> These features are in public preview under [Supplemental Terms of Use](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). The [2024-03-01-Preview REST API](/rest/api/searchservice/operation-groups?view=rest-searchservice-2024-03-01-preview&preserve-view=true) and later preview APIs provide the new data types, vector compression properties, and the `stored` property.
+> These features are in public preview under [Supplemental Terms of Use](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). The [2024-03-01-preview REST API](/rest/api/searchservice/operation-groups?view=rest-searchservice-2024-03-01-preview&preserve-view=true) and later preview APIs provide the new data types, vector compression properties, and the `stored` property. We recommend using the lates preview APIs.
 
 This article describes vector quantization and other techniques for compressing vector indexes in Azure AI Search.
 
@@ -161,14 +161,16 @@ Using preview APIs, you can assign narrow primitive data types to reduce the sto
 
 ## Option 3: Set the `stored` property to remove retrievable storage
 
-The `stored` property is a new boolean on a vector field definition that determines whether storage is allocated for retrievable vector field content. If you don't need vector content in a query response, you can save up to 50 percent storage per field by setting `stored` to false.
+The `stored` property is a new boolean on a vector field definition that determines whether storage is allocated for retrievable vector field content. The `stored` property is set to true by default. If you don't need vector content in a query response, you can save up to 50 percent storage per field by setting `stored` to false.
 
-Because vectors aren't human readable, they're typically omitted in a query response that's rendered on a search page. However, if you're using vectors in downstream processing, such as passing query results to a model or process that consumes vector content, you should keep `stored` set to true and choose a different technique for minimizing vector size.
+When considering whether to set this property, consider whether you need vectors in the response. Because vectors aren't human readable, they're typically omitted in a query response that's rendered on a search page. However, if you're using vectors in downstream processing, such as passing query results to a model or process that consumes vector content, you should keep `stored` set to true and choose a different technique for minimizing vector size.
+
+Another consideration is that `stored` settings are irreversible. It's set during index creation on vector fields when physical data structures are created. If you want retrievable content later, you must drop and rebuild the index, or create and load a new field that has the new attribution.
 
 The following example shows the fields collection of a search index. Set `stored` to false to permanently remove retrievable storage for the vector field.
 
    ```http
-   PUT https://[service-name].search.windows.net/indexes/[index-name]?api-version=2024-03-01-preview  
+   PUT https://[service-name].search.windows.net/indexes/[index-name]?api-version=2024-05-01-preview  
       Content-Type: application/json  
       api-key: [admin key]  
     
@@ -389,7 +391,7 @@ On the query, you can override the oversampling default value. For example, if `
 You can set the oversampling parameter even if the index doesn't explicitly have a `rerankWithOriginalVectors` or `defaultOversampling` definition. Providing `oversampling` at query time overrides the index settings for that query and executes the query with an effective `rerankWithOriginalVectors` as true.
 
 ```http
-POST https://[service-name].search.windows.net/indexes/[index-name]/docs/search?api-version=2024-03-01-Preview   
+POST https://[service-name].search.windows.net/indexes/[index-name]/docs/search?api-version=2024-05-01-Preview   
   Content-Type: application/json   
   api-key: [admin key]