Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

articles/azure-monitor/cost-usage.md

@@ -152,6 +152,7 @@ In some scenarios, combining this data can result in cost savings. Typically, th
 - [SysmonEvent](/azure/azure-monitor/reference/tables/sysmonevent)
 - [ProtectionStatus](/azure/azure-monitor/reference/tables/protectionstatus)
 - [Update](/azure/azure-monitor/reference/tables/update) and [UpdateSummary](/azure/azure-monitor/reference/tables/updatesummary) when the Update Management solution isn't running in the workspace or solution targeting is enabled.
+- [MDCFileIntegrityMonitoringEvents](/azure/azure-monitor/reference/tables/mdcfileintegritymonitoringevents)
 
 If the workspace is in the legacy Per Node pricing tier, the Defender for Cloud and Log Analytics allocations are combined and applied jointly to all billable ingested data. To learn more on how Microsoft Sentinel customers can benefit, please see the [Microsoft Sentinel Pricing page](https://azure.microsoft.com/pricing/details/microsoft-sentinel/).
 

articles/azure-monitor/logs/cost-logs.md

@@ -3,7 +3,7 @@ title: Generate vector embeddings with Azure OpenAI in Azure Database for Postgr
 description: Use vector indexes and Azure Open AI embeddings in PostgreSQL for retrieval augmented generation (RAG) patterns.
 author: mulander
 ms.author: adamwolk
-ms.date: 01/02/2024
+ms.date: 04/05/2024
 ms.service: postgresql
 ms.subservice: flexible-server
 ms.custom:
@@ -29,7 +29,7 @@ Invoke [Azure OpenAI embeddings](../../ai-services/openai/reference.md#embedding
 In the Azure OpenAI resource, under **Resource Management** > **Keys and Endpoints** you can find the endpoint and the keys for your Azure OpenAI resource. To invoke the model deployment, enable the `azure_ai` extension using the endpoint and one of the keys.
 
 ```postgresql
-select azure_ai.set_setting('azure_openai.endpoint','https://<endpoint>.openai.azure.com'); 
+select azure_ai.set_setting('azure_openai.endpoint', 'https://<endpoint>.openai.azure.com'); 
 select azure_ai.set_setting('azure_openai.subscription_key', '<API Key>'); 
 ```
 
@@ -38,9 +38,9 @@ select azure_ai.set_setting('azure_openai.subscription_key', '<API Key>');
 Invokes the Azure OpenAI API to create embeddings using the provided deployment over the given input.
 
 ```postgresql
-azure_openai.create_embeddings(deployment_name text, input text, timeout_ms integer DEFAULT 3600000, throw_on_error boolean DEFAULT true)
+azure_openai.create_embeddings(deployment_name text, input text, timeout_ms integer DEFAULT 3600000, throw_on_error boolean DEFAULT true, max_attempts integer DEFAULT 1, retry_delay_ms integer DEFAULT 1000)
+azure_openai.create_embeddings(deployment_name text, input text[], batch_size integer DEFAULT 100, timeout_ms integer DEFAULT 3600000, throw_on_error boolean DEFAULT true, max_attempts integer DEFAULT 1, retry_delay_ms integer DEFAULT 1000)
 ```
-
 ### Arguments
 
 #### `deployment_name`
@@ -49,7 +49,11 @@ azure_openai.create_embeddings(deployment_name text, input text, timeout_ms inte
 
 #### `input`
 
-`text` input used to create embeddings.
+`text` or `text[]` single text or array of texts, depending on the overload of the function used, for which embeddings are created.
+
+#### `batch_size`
+
+`integer DEFAULT 100` number of records to process at a time (only available for the overload of the function for which parameter `input` is of type `text[]`).
 
 #### `timeout_ms`
 
@@ -59,9 +63,17 @@ azure_openai.create_embeddings(deployment_name text, input text, timeout_ms inte
 
 `boolean DEFAULT true` on error should the function throw an exception resulting in a rollback of wrapping transactions.
 
+#### `max_attempts`
+
+`integer DEFAULT 1` number of times the extension will retry calling the Azure OpenAI endpoint for embedding creation if it fails with any retryable error.
+
+#### `retry_delay_ms`
+
+`integer DEFAULT 1000` amount of time (milliseconds) that the extension will wait, before calling again the Azure OpenAI endpoint for embedding creation, when it fails with any retryable error.
+
 ### Return type
 
-`real[]` a vector representation of the input text when processed by the selected deployment.
+`real[]` or `TABLE(embedding real[])` a single element or a single-column table, depending on the overload of the function used, with vector representations of the input text, when processed by the selected deployment.
 
 ## Use OpenAI to create embeddings and store them in a vector data type
 

articles/postgresql/flexible-server/concepts-extensions.md

@@ -7,7 +7,7 @@ ms.topic: overview
 ms.author: sunila
 author: sunilagarwal
 ms.custom: mvc
-ms.date: 12/20/2023
+ms.date: 04/07/2024
 adobe-target: true
 ---
 
@@ -44,9 +44,9 @@ Azure Database for PostgreSQL flexible server powered by the PostgreSQL communit
 
 ### Azure Database for PostgreSQL flexible server
 
-Azure Database for PostgreSQL flexible server is a fully managed database service designed to provide more granular control and flexibility over database management functions and configuration settings. In general, the service provides more flexibility and customizations based on the user requirements. The flexible server architecture allows users to opt for high availability within single availability zone and across multiple availability zones. Azure Database for PostgreSQL flexible server provides better cost optimization controls with the ability to stop/start server and burstable compute tier, ideal for workloads that don’t need full-compute capacity continuously. Azure Database for PostgreSQL flexible server currently supports community version of PostgreSQL 11, 12, 13 and 14, with plans to add newer versions soon. Azure Database for PostgreSQL flexible server is generally available today in a wide variety of [Azure regions](overview.md#azure-regions).
+Azure Database for PostgreSQL flexible server is a fully managed database service designed to provide more granular control and flexibility over database management functions and configuration settings. In general, the service provides more flexibility and customizations based on the user requirements. The flexible server architecture allows users to opt for high availability within single availability zone and across multiple availability zones. Azure Database for PostgreSQL flexible server provides better cost optimization controls with the ability to stop/start server and burstable compute tier, ideal for workloads that don’t need full-compute capacity continuously. Azure Database for PostgreSQL flexible server currently supports community version of PostgreSQL 11, 12, 13, 14, 15, and 16 with plans to add newer versions as they become available. Azure Database for PostgreSQL flexible server is generally available today in a wide variety of [Azure regions](overview.md#azure-regions).
 
-Azure Database for PostgreSQL flexible server instances are best suited for
+Azure Database for PostgreSQL flexible server instances are best suited for:
 
 - Application developments requiring better control and customizations
 - Cost optimization controls with ability to stop/start server

articles/postgresql/flexible-server/generative-ai-azure-cognitive.md

@@ -10,6 +10,10 @@
     items:
     - name: Signing Integrations with Trusted Signing
       href: how-to-signing-integrations.md
+  - name: How-To
+    items:
+    - name: Sign CI Policies with Trusted Signing
+      href: how-to-sign-ci-policy.md
   - name: Quickstart
     items:
     - name: Quickstart onboarding

articles/postgresql/flexible-server/generative-ai-azure-openai.md

@@ -17,7 +17,7 @@ summary: |
 sections:
   - name: Onboarding
     questions:
-      - question: What Windows versions does Trusted Signing support? # Question.
+      - question: What Windows versions do Trusted Signing support? # Question.
         answer: | 
           Refer to the [Trusted Signing Program Windows Support](https://support.microsoft.com/topic/kb5022661-windows-support-for-the-azure-code-signing-program-4b505a31-fa1e-4ea6-85dd-6630229e8ef4) page for details about Windows support for Trusted Signing.
           The service is supported on all currently supported versions of:
@@ -47,6 +47,12 @@ sections:
       - question: What if I fail identity validation?
         answer: | 
           If more documentation is required for identity validation, you're asked to provide those documents on the Azure portal. Otherwise, we recommend checking for an email sent to the listed address for email validation. However, if your organization fails identity validation we can't onboard you to Trusted Signing. We recommend you delete your Trusted Signing account so you don't get billed for unused resources.
+      - question: What is the cost of using Trusted Signing?
+        answer: | 
+          For the beginning of Public Preview until June 2024 Trusted Signing is free. You'll still be prompted to select a Basic or Premium SKU when you create your account and we throttle signing requests.
+      - question: What are my support options when onboarding to Trusted Signing?
+        answer: | 
+          If you're a managed customer on Azure, and have a support plan you can create a support ticket with the service on the Azure portal and be assisted by Azure customer support. Otherwise, we recommend you go to Microsoft Q&A or StackOverflow under the tag Trusted-Signing to ask questions.  
   - name: Certificate Profiles
     questions:
       - question: What if my Trusted Signing subject name is different than my old cert and my MSIX's package name is now different? 

articles/postgresql/flexible-server/service-overview.md

@@ -0,0 +1,69 @@
+---
+title: Signing CI Policies #Required; page title is displayed in search results. Include the brand.
+description: Learn how to sign new CI policies with Trusted Signing. #Required; article description that is displayed in search results. 
+author: microsoftshawarma #Required; your GitHub user alias, with correct capitalization.
+ms.author: rakiasegev #Required; microsoft alias of author; optional team alias.
+ms.service: azure-code-signing #Required; service per approved list. slug assigned by ACOM.
+ms.topic: how-to #Required; leave this attribute/value as-is.
+ms.date: 04/04/2024 #Required; mm/dd/yyyy format.
+ms.custom: template-how-to-pattern #Required; leave this attribute/value as-is.
+---
+
+# Sign CI Policies with Trusted Signing
+
+To sign new CI policies with the service first install several prerequisites. 
+
+
+Prerequisites: 
+* A Trusted Signing account, Identity Validation, and Certificate Profile.
+* Ensure there are proper individual or group role assignments for signing (“Trusted Signing Certificate Profile Signer” role).
+* [Azure PowerShell on Windows](https://learn.microsoft.com/powershell/azure/install-azps-windows) installed 
+* [Az.CodeSigning](https://learn.microsoft.com/powershell/module/az.codesigning/) module downloaded
+
+Overview of steps:
+1. ⁠Unzip the Az.CodeSigning module to a folder
+2. ⁠Open Windows PowerShell [PowerShell 7](https://github.com/PowerShell/PowerShell/releases/latest)
+3. In the Az.CodeSigning folder, run 
+```
+Import-Module .\Az.CodeSigning.psd1
+``` 
+4. Optionally you can create a `metadata.json` file:
+```
+Endpoint "https://scus.codesigning.azure.net/" 
+CodeSigningAccountName "youracsaccount" 
+CertificateProfileName "youracscertprofile" 
+```
+5. [Get the root certificate](https://learn.microsoft.com/powershell/module/az.codesigning/get-azcodesigningrootcert) to be added to the trust store
+```
+Get-AzCodeSigningRootCert -AccountName TestAccount -ProfileName TestCertProfile -EndpointUrl https://xxx.codesigning.azure.net/ -Destination c:\temp\root.cer
+```
+Or using a metadata.json
+```
+Get-AzCodeSigningRootCert -MetadataFilePath C:\temp\metadata.sample.scus.privateci.json https://xxx.codesigning.azure.net/ -Destination c:\temp\root.cer 
+```
+6. To get the EKU (Extended Key Usage) to insert into your policy:
+```
+Get-AzCodeSigningCustomerEku -AccountName acstestcanary -ProfileName acstestcanaryCert1 -EndpointUrl https://xxx.codesigning.azure.net/ 
+```
+Or
+
+```
+Get-AzCodeSigningCustomerEku -MetadataFilePath C:\temp\metadata.sample.scus.privateci.json 
+```
+7. To sign your policy, you run the invoke command:
+``` 
+Invoke-AzCodeSigningCIPolicySigning -accountName acstestcanary -profileName acstestcanaryCert1 -endpointurl "https://xxx.codesigning.azure.net/" -Path C:\Temp\defaultpolicy.bin -Destination C:\Temp\defaultpolicy_signed.bin -TimeStamperUrl: http://timestamp.acs.microsoft.com 
+```
+ 
+Or use a `metadata.json` file and the following command: 
+
+```
+Invoke-AzCodeSigningCIPolicySigning -MetadataFilePath C:\temp\metadata.sample.scus.privateci.json -Path C:\Temp\defaultpolicy.bin -Destination C:\Temp\defaultpolicy_signed.bin -TimeStamperUrl: http://timestamp.acs.microsoft.com 
+```
+
+## Creating and Deploying a CI Policy
+
+For steps on creating and deploying your CI policy refer to:
+* [Use signed policies to protect Windows Defender Application Control against tampering](https://learn.microsoft.com/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering)
+* [Windows Defender Application Control design guide](https://learn.microsoft.com/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide)
+

articles/trusted-signing/TOC.yml

@@ -5,7 +5,7 @@ author: microsoftshawarma #Required; your GitHub user alias, with correct capita
 ms.author: rakiasegev #Required; microsoft alias of author; optional team alias.
 ms.service: azure-code-signing #Required; service per approved list. slug assigned by ACOM.
 ms.topic: how-to #Required; leave this attribute/value as-is.
-ms.date: 03/21/2024 #Required; mm/dd/yyyy format.
+ms.date: 04/04/2024 #Required; mm/dd/yyyy format.
 ms.custom: template-how-to-pattern #Required; leave this attribute/value as-is.
 ---
 
@@ -17,7 +17,8 @@ Trusted Signing currently supports the following signing integrations:
 * ADO Task
 * PowerShell for Authenticode
 * Azure PowerShell - App Control for Business CI Policy
-We constantly work to support more signing integrations and will update the above list if/when more are available. 
+
+We constantly work to support more signing integrations and update the above when more become available. 
 
 This article explains how to set up each of the above Trusted Signing signing integrations.
 
@@ -66,7 +67,7 @@ The components that SignTool.exe uses to interface with Trusted Signing require
 
 ### Download and install Trusted Signing Dlib package
 Complete these steps to download and install the Trusted Signing Dlib package (.ZIP):
-1.	Download the [Trusted Signing Dlib package](https://www.nuget.org/packages/Azure.CodeSigning.Client). 
+1.	Download the [Trusted Signing Dlib package](https://www.nuget.org/packages/Microsoft.Trusted.Signing.Client). 
 
 2.	Extract the Trusted Signing Dlib zip content and install it onto your signing node in a directory of your choice. You’re required to install it onto the node you’ll be signing files from with SignTool.exe.
 
@@ -113,12 +114,12 @@ Trusted Signing certificates have a 3-day validity, so timestamping is critical
 ## Use other signing integrations with Trusted Signing 
 This section explains how to set up other not [SignTool](#set-up-signtool-with-trusted-signing) signing integrations with Trusting Signing.
 
-* GitHub Action – To use the GitHub action for Trusted Signing, visit [Azure Code Signing · Actions · GitHub Marketplace](https://github.com/marketplace/actions/azure-code-signing) and follow the instructions to set up and use GitHub action.
+* GitHub Action – To use the GitHub action for Trusted Signing, visit [Trusted Signing · Actions · GitHub Marketplace](https://github.com/azure/trusted-signing-action) and follow the instructions to set up and use GitHub action.
 
-* ADO Task – To use the Trusted Signing AzureDevOps task, visit [Azure Code Signing - Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=VisualStudioClient.AzureCodeSigning) and follow the instructions for setup.
+* ADO Task – To use the Trusted Signing AzureDevOps task, visit [Trusted Signing - Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=VisualStudioClient.TrustedSigning&ssr=false#overview) and follow the instructions for setup.
 
-* PowerShell for Authenticode – To use PowerShell for Trusted Signing, visit [PowerShell Gallery | AzureCodeSigning 0.2.15](https://www.powershellgallery.com/packages/AzureCodeSigning/0.2.15) to install the PowerShell module. 
+* PowerShell for Authenticode – To use PowerShell for Trusted Signing, visit [PowerShell Gallery | Trusted Signing 0.3.8](https://www.powershellgallery.com/packages/TrustedSigning/0.3.8) to install the PowerShell module. 
 
-* Azure PowerShell – App Control for Business CI Policy - App Control for Windows [link to CI policy signing tutorial].
+* Azure PowerShell: App Control for Business CI Policy – To use Trusted Signing for CI policy signing follow the instructions at [Signing a New CI policy](./how-to-sign-ci-policy.md) and visit the [Az.CodeSigning PowerShell Module](https://learn.microsoft.com/powershell/azure/install-azps-windows).
 
 * Trusted Signing SDK – To create your own signing integration our [Trusted Signing SDK](https://www.nuget.org/packages/Azure.CodeSigning.Sdk) is publicly available.