MicrosoftDocs
diff --git a/‎articles/ai-services/openai/concepts/models.md
Lines changed: 11 additions & 6 deletions b/‎articles/ai-services/openai/concepts/models.md
Lines changed: 11 additions & 6 deletions
diff --git a/‎articles/azure-resource-manager/management/request-limits-and-throttling.md
Lines changed: 2 additions & 2 deletions b/‎articles/azure-resource-manager/management/request-limits-and-throttling.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/batch/automatic-certificate-rotation.md
Lines changed: 87 additions & 15 deletions b/‎articles/batch/automatic-certificate-rotation.md
Lines changed: 87 additions & 15 deletions
diff --git a/‎articles/batch/batch-account-create-portal.md
Lines changed: 3 additions & 13 deletions b/‎articles/batch/batch-account-create-portal.md
Lines changed: 3 additions & 13 deletions
@@ -4,7 +4,7 @@ titleSuffix: Azure OpenAI
 description: Learn about the different model capabilities that are available with Azure OpenAI.
 ms.service: azure-ai-openai
 ms.topic: conceptual
-ms.date: 03/12/2024
+ms.date: 03/14/2024
 ms.custom: references_regions, build-2023, build-2023-dataai, refefences_regions
 manager: nitinme
 author: mrbullwinkle #ChrisHMSFT
@@ -239,13 +239,18 @@ The following Embeddings models are available with [Azure Government](/azure/azu
 
 For Assistants you need a combination of a supported model, and a supported region. Certain tools and capabilities require the latest models. For example [parallel function](../how-to/assistant-functions.md) calling requires the latest 1106 models.
 
+| Region | `gpt-35-turbo (0613)` | `gpt-35-turbo (1106)` | `gpt-4 (0613)` | `gpt-4 (1106)` | `gpt-4 (0125)` | 
+|-----|---|---|---|---|---|
+| Australia East | ✅ | ✅ | ✅ |✅ | |
+| East US 2 | ✅ | | ✅ |✅ | |
+| Sweden Central | ✅ |✅ |✅ |✅| |
 
-| Region | `gpt-35-turbo (0613)` | `gpt-35-turbo (1106)` | `gpt-4 (0613)` | `gpt-4 (1106)` | 
-|-----|---|---|---|---|
-| Australia East | ✅ | ✅ | ✅ |✅ |
-| East US 2 | ✅ | ⬜| ✅ |✅ |
-| Sweden Central | ✅ |✅ |✅ |✅|
+Provisioned Throughput Unit (PTU) availability 
 
+| Region | `gpt-35-turbo (1106)` | `gpt-4 (1106)` | `gpt-4 (0125)` |  
+|-----|---|---|---|
+| East US 2 | | ✅ | ✅ |
+| Sweden Central | ✅ |✅ |✅ |
 
 ## Next steps
 
 
@@ -2,7 +2,7 @@
 title: Request limits and throttling
 description: Describes how to use throttling with Azure Resource Manager requests when subscription limits are reached.
 ms.topic: conceptual
-ms.date: 03/01/2024
+ms.date: 03/15/2024
 ms.custom: devx-track-arm-template
 ---
 
@@ -111,7 +111,7 @@ In addition to those general limits, the following limits apply to DNS operation
 | --------- | ----- |
 | Create or Update | 200 per minute |
 | Delete | 200 per minute |
-| Get | 1000 per minute |
+| Get | 2000 per minute |
 | List By DNS Zone | 60 per minute |
 | List By Type | 60 per minute |
 | Update | 200 per minute |
 
@@ -1,31 +1,32 @@
 ---
 title: Enable automatic certificate rotation in a Batch pool
-description: You can create a Batch pool with a managed identity and a certificate that will automatically be renewed.
+description: You can create a Batch pool with a managed identity and a certificate that can automatically be renewed.
 ms.topic: conceptual
 ms.custom: linux-related-content
 ms.date: 12/05/2023
 ---
+
 # Enable automatic certificate rotation in a Batch pool
 
- You can create a Batch pool with a certificate that will automatically be renewed. To do so, your pool must be created with a [user-assigned managed identity](managed-identity-pools.md) that will have access to the certificate in [Azure Key Vault](../key-vault/general/overview.md).
+You can create a Batch pool with a certificate that can automatically be renewed. To do so, your pool must be created with a [user-assigned managed identity](managed-identity-pools.md) that has access to the certificate in [Azure Key Vault](../key-vault/general/overview.md).
 
 ## Create a user-assigned identity
 
 First, [create your user-assigned managed identity](../active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal.md#create-a-user-assigned-managed-identity) in the same tenant as your Batch account. This managed identity doesn't need to be in the same resource group or even in the same subscription.
 
-Be sure to note the **Client ID** of the user-assigned managed identity. You'll need this value later.
+Be sure to note the **Client ID** of the user-assigned managed identity. You need this value later.
 
 :::image type="content" source="media/automatic-certificate-rotation/client-id.png" alt-text="Screenshot showing the client ID of a user-assigned managed identity in the Azure portal.":::
 
 ## Create your certificate
 
-Next, you'll need to create a certificate and add it to Azure Key Vault. If you haven't already created a key vault, you'll need to do that first. For instructions, see [Quickstart: Set and retrieve a certificate from Azure Key Vault using the Azure portal](../key-vault/certificates/quick-create-portal.md).
+Next, you need to create a certificate and add it to Azure Key Vault. If you haven't already created a key vault, you need to do that first. For instructions, see [Quickstart: Set and retrieve a certificate from Azure Key Vault using the Azure portal](../key-vault/certificates/quick-create-portal.md).
 
 When creating your certificate, be sure to set **Lifetime Action Type** to automatically renew, and specify the number of days after which the certificate should renew.
 
 :::image type="content" source="media/automatic-certificate-rotation/certificate.png" alt-text="Screenshot of the certificate creation screen in the Azure portal.":::
 
-After your certificate has been created, make note of its **Secret Identifier**. You'll need this value later.
+After your certificate has been created, make note of its **Secret Identifier**. You need this value later.
 
 :::image type="content" source="media/automatic-certificate-rotation/secret-identifier.png" alt-text="Screenshot showing the Secret Identifier of a certificate.":::
 
@@ -48,7 +49,68 @@ REST API URI
 PUT https://management.azure.com/subscriptions/<subscriptionid>/resourceGroups/<resourcegroupName>/providers/Microsoft.Batch/batchAccounts/<batchaccountname>/pools/<poolname>?api-version=2021-01-01
 ```
 
-Request Body
+Request Body for Linux node
+
+```json
+{
+  "name": "test2",
+  "type": "Microsoft.Batch/batchAccounts/pools",
+  "properties": {
+    "vmSize": "STANDARD_DS2_V2",
+    "taskSchedulingPolicy": {
+      "nodeFillType": "Pack"
+    },
+    "deploymentConfiguration": {
+      "virtualMachineConfiguration": {
+        "imageReference": {
+          "publisher": "canonical",
+          "offer": "ubuntuserver",
+          "sku": "20.04-lts",
+          "version": "latest"
+        },
+        "nodeAgentSkuId": "batch.node.ubuntu 20.04",
+        "extensions": [
+          {
+            "name": "KVExtensions",
+            "type": "KeyVaultForLinux",
+            "publisher": "Microsoft.Azure.KeyVault",
+            "typeHandlerVersion": "3.0",
+            "autoUpgradeMinorVersion": true,
+            "settings": {
+              "secretsManagementSettings": {
+                "pollingIntervalInS": "300",
+                "certificateStoreLocation": "/var/lib/waagent/Microsoft.Azure.KeyVault",
+                "requireInitialSync": true,
+                "observedCertificates": [
+                  "https://testkvwestus2s.vault.azure.net/secrets/authcertforumatesting/8f5f3f491afd48cb99286ba2aacd39af"
+                ]
+              },
+              "authenticationSettings": {
+                "msiEndpoint": "http://169.254.169.254/metadata/identity",
+                "msiClientId": "b9f6dd56-d2d6-4967-99d7-8062d56fd84c"
+              }
+            }
+          }
+        ]
+      }
+    },
+    "scaleSettings": {
+      "fixedScale": {
+        "targetDedicatedNodes": 1,
+        "resizeTimeout": "PT15M"
+      }
+    }
+  },
+  "identity": {
+    "type": "UserAssigned",
+    "userAssignedIdentities": {
+      "/subscriptions/042998e4-36dc-4b7d-8ce3-a7a2c4877d33/resourceGroups/ACR/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumaforpools": {}
+    }
+  }
+}
+```
+
+Request Body for Windows node
 
 ```json
 {
@@ -62,26 +124,29 @@ Request Body
         "deploymentConfiguration": {
             "virtualMachineConfiguration": {
                 "imageReference": {
-                    "publisher": "canonical",
-                    "offer": "ubuntuserver",
-                    "sku": "20.04-lts",
+                    "publisher": "microsoftwindowsserver",
+                    "offer": "windowsserver",
+                    "sku": "2022-datacenter",
                     "version": "latest"
                 },
-                "nodeAgentSkuId": "batch.node.ubuntu 20.04",
+                "nodeAgentSkuId": "batch.node.windows amd64",
                 "extensions": [
                     {
                         "name": "KVExtensions",
-                        "type": "KeyVaultForLinux",
+                        "type": "KeyVaultForWindows",
                         "publisher": "Microsoft.Azure.KeyVault",
-                        "typeHandlerVersion": "1.0",
+                        "typeHandlerVersion": "3.0",
                         "autoUpgradeMinorVersion": true,
                         "settings": {
                             "secretsManagementSettings": {
                                 "pollingIntervalInS": "300",
-                                "certificateStoreLocation": "/var/lib/waagent/Microsoft.Azure.KeyVault",
                                 "requireInitialSync": true,
                                 "observedCertificates": [
-                                    "https://testkvwestus2s.vault.azure.net/secrets/authcertforumatesting/8f5f3f491afd48cb99286ba2aacd39af"
+                                    {
+                                        "https://testkvwestus2s.vault.azure.net/secrets/authcertforumatesting/8f5f3f491afd48cb99286ba2aacd39af",
+                                        "certificateStoreLocation": "LocalMachine",
+                                        "keyExportable": true
+                                    }
                                 ]
                             },
                             "authenticationSettings": {
@@ -112,13 +177,20 @@ Request Body
 
 ## Validate the certificate
 
-To confirm that the certificate has been successfully deployed, log in to the compute node. You should see output similar to the following:
+To confirm that the certificate is successfully deployed, log in to the compute node. You should see output similar to the following:
 
 ```
 root@74773db5fe1b42ab9a4b6cf679d929da000000:/var/lib/waagent/Microsoft.Azure.KeyVault.KeyVaultForLinux-1.0.1363.13/status# cat 1.status
 [{"status":{"code":0,"formattedMessage":{"lang":"en","message":"Successfully started Key Vault extension service. 2021-03-03T23:12:23Z"},"operation":"Service start.","status":"success"},"timestampUTC":"2021-03-03T23:12:23Z","version":"1.0"}]root@74773db5fe1b42ab9a4b6cf679d929da000000:/var/lib/waagent/Microsoft.Azure.KeyVault.KeyVaultForLinux-1.0.1363.13/status#
 ```
 
+## Troubleshooting Key Vault Extension
+
+If Key Vault extension is configured incorrectly, the compute node might be in usuable state. To troubleshoot Key Vault extension failure, you can temporarily set requireInitialSync to false and redeploy your pool, then the compute node is in idle state, you can log in to the compute node to check KeyVault extension logs for errors and fix the configuration issues. Visit following Key Vault extension doc link for more information.
+
+- [Azure Key Vault extension for Linux](../virtual-machines/extensions/key-vault-linux.md)
+- [Azure Key Vault extension for Windows](../virtual-machines/extensions/key-vault-windows.md)
+
 ## Next steps
 
 - Learn more about [Managed identities for Azure resources](../active-directory/managed-identities-azure-resources/overview.md).
 
@@ -120,13 +120,13 @@ For detailed steps, see [Assign Azure roles by using the Azure portal](../role-b
 
 ### Create a key vault
 
-User subscription mode requires [Azure Key Vault](/azure/key-vault/general/overview). The key vault must be in the same subscription and region as the Batch account.
+User subscription mode requires [Azure Key Vault](/azure/key-vault/general/overview). The key vault must be in the same subscription and region as the Batch account and use a [Vault Access Policy](/azure/key-vault/general/assign-access-policy).
 
 To create a new key vault:
 
 1. Search for and select **key vaults** from the Azure Search box, and then select **Create** on the **Key vaults** page.
 1. On the **Create a key vault** page, enter a name for the key vault, and choose an existing resource group or create a new one in the same region as your Batch account.
-1. On the **Access configuration** tab, select either **Azure role-based access control** or **Vault access policy** under **Permission model**, and under **Resource access**, check all 3 checkboxes for **Azure Virtual Machine for deployment**, **Azure Resource Manager for template deployment** and **Azure Disk Encryption for volume encryption**.
+1. On the **Access configuration** tab, select **Vault access policy** under **Permission model**.
 1. Leave the remaining settings at default values, select **Review + create**, and then select **Create**.
 
 ### Create a Batch account in user subscription mode
@@ -140,18 +140,8 @@ To create a Batch account in user subscription mode:
 
 ### Grant access to the key vault manually
 
-You can also grant access to the key vault manually in [Azure portal](https://portal.azure.com).
+You can also grant access to the key vault manually.
 
-#### If the Key Vault permission model is **Azure role-based access control**:
-1. Select **Access control (IAM)** from the left navigation of the key vault page.
-1. At the top of the **Access control (IAM)** page, select **Add** > **Add role assignment**.
-1. On the **Add role assignment** screen, under **Role** tab, under **Job function roles** sub tab, select either **Key Vault Secrets Officer** or **Key Vault Administrator** role for the Batch account, and then select **Next**.
-1. On the **Members** tab, select **Select members**. On the **Select members** screen, search for and select **Microsoft Azure Batch**, and then select **Select**.
-1. Click the **Review + create** button on the bottom to go to **Review + assign** tab, and click the **Review + create** button on the bottom again.
-
-For detailed steps, see [Assign Azure roles by using the Azure portal](../role-based-access-control/role-assignments-portal.md).
-
-#### If the Key Vault permission model is **Vault access policy**:
 1. Select **Access policies** from the left navigation of the key vault page.
 1. On the **Access policies** page, select **Create**.
 1. On the **Create an access policy** screen, select a minimum of **Get**, **List**, **Set**, and **Delete** permissions under **Secret permissions**. For [key vaults with soft-delete enabled](/azure/key-vault/general/soft-delete-overview), also select **Recover**.