Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-rbac-roles-azure-container-storage

Author: rolyon

articles/ai-studio/how-to/model-benchmarks.md

@@ -0,0 +1,66 @@
+---
+title: Explore model benchmarks in Azure AI Studio
+titleSuffix: Azure AI Studio
+description: This article introduces benchmarking capabilities and the model benchmarks experience in Azure AI Studio.
+manager: scottpolly
+ms.service: azure-ai-studio
+ms.custom:
+ms.topic: how-to
+ms.date: 5/6/2024
+ms.reviewer: jcioffi
+ms.author: jcioffi
+author: jesscioffi
+---
+
+# Model benchmarks
+
+[!INCLUDE [Azure AI Studio preview](../includes/preview-ai-studio.md)]
+
+In Azure AI Studio, you can compare benchmarks across models and datasets available in the industry to assess which one meets your business scenario. You can find Model benchmarks under **Get started** in the left side menu in Azure AI Studio.
+
+:::image type="content" source="../media/explore/model-benchmarks-dashboard-view.png" alt-text="Screenshot of dashboard view graph of model accuracy." lightbox="../media/explore/model-benchmarks-dashboard-view.png":::
+
+Model benchmarks help you make informed decisions about the sustainability of models and datasets prior to initiating any job. The benchmarks are a curated list of the best performing models for a given task, based on a comprehensive comparison of benchmarking metrics. Currently, Azure AI Studio provides benchmarks based on quality, via the metrics listed below.
+
+| Metric       | Description |
+|--------------|-------|
+| Accuracy     |Accuracy scores are available at the dataset and the model levels. At the dataset level, the score is the average value of an accuracy metric computed over all examples in the dataset. The accuracy metric used is exact-match in all cases except for the *HumanEval* dataset that uses a `pass@1` metric. Exact match simply compares model generated text with the correct answer according to the dataset, reporting one if the generated text matches the answer exactly and zero otherwise. `Pass@1` measures the proportion of model solutions that pass a set of unit tests in a code generation task. At the model level, the accuracy score is the average of the dataset-level accuracies for each model.|
+| Coherence    |Coherence evaluates how well the language model can produce output that flows smoothly, reads naturally, and resembles human-like language.|
+| Fluency      |Fluency evaluates the language proficiency of a generative AI's predicted answer. It assesses how well the generated text adheres to grammatical rules, syntactic structures, and appropriate usage of vocabulary, resulting in linguistically correct and natural-sounding responses.|
+| GPTSimilarity|GPTSimilarity is a measure that quantifies the similarity between a ground truth sentence (or document) and the prediction sentence generated by an AI model. It is calculated by first computing sentence-level embeddings using the embeddings API for both the ground truth and the model's prediction. These embeddings represent high-dimensional vector representations of the sentences, capturing their semantic meaning and context.|
+
+The benchmarks are updated regularly as new metrics and datasets are added to existing models, and as new models are added to the model catalog.
+
+### How the scores are calculated
+
+The benchmark results originate from public datasets that are commonly used for language model evaluation. In most cases, the data is hosted in GitHub repositories maintained by the creators or curators of the data. Azure AI evaluation pipelines download data from their original sources, extract prompts from each example row, generate model responses, and then compute relevant accuracy metrics.
+
+Prompt construction follows best practice for each dataset, set forth by the paper introducing the dataset and industry standard. In most cases, each prompt contains several examples of complete questions and answers, or "shots," to prime the model for the task. The evaluation pipelines create shots by sampling questions and answers from a portion of the data that is held out from evaluation.
+
+### View options in the model benchmarks
+
+These benchmarks encompass both a dashboard view and a list view of the data for ease of comparison, and helpful information that explains what the calculated metrics mean.
+
+Dashboard view allows you to compare the scores of multiple models across datasets and tasks. You can view models side by side (horizontally along the x-axis) and compare their scores (vertically along the y-axis) for each metric.
+
+You can filter the dashboard view by task, model collection, model name, dataset, and metric.
+
+You can switch from dashboard view to list view by following these quick steps:
+1. Select the models you want to compare.
+2. Select **List** on the right side of the page.
+
+:::image type="content" source="../media/explore/model-benchmarks-dashboard-filtered.png" alt-text="Screenshot of dashboard view graph with question answering filter applied and 'List' button identified." lightbox="../media/explore/model-benchmarks-dashboard-filtered.png":::
+
+In list view you can find the following information:
+- Model name, description, version, and aggregate scores.
+- Benchmark datasets (such as AGIEval) and tasks (such as question answering) that were used to evaluate the model.
+- Model scores per dataset.
+
+You can also filter the list view by task, model collection, model name, dataset, and metric.
+
+:::image type="content" source="../media/explore/model-benchmarks-list-view.png" alt-text="Screenshot of list view table displaying accuracy metrics in an ordered list." lightbox="../media/explore/model-benchmarks-list-view.png":::
+
+## Next steps
+
+- [Explore Azure AI foundation models in Azure AI Studio](models-foundation-azure-ai.md)
+- [View and compare benchmarks in AI Studio](https://ai.azure.com/explore/benchmarks)

articles/ai-studio/media/explore/model-benchmarks-dashboard-filtered.png

@@ -41,6 +41,8 @@ items:
     items:
     - name: Model catalog
       href: how-to/model-catalog.md
+    - name: Model benchmarks
+      href: how-to/model-benchmarks.md
     - name: Cohere models
       items:
       - name: Deploy Cohere Command models

articles/ai-studio/media/explore/model-benchmarks-dashboard-view.png

@@ -29,6 +29,14 @@ There are two backup modes:
 
 For Azure Synapse Link enabled accounts, analytical store data isn't included in the backups and restores. When Azure Synapse Link is enabled, Azure Cosmos DB will continue to automatically take backups of your data in the transactional store at a scheduled backup interval. Within an analytical store, automatic backup and restore of your data isn't supported at this time.
 
+## Immutability of Cosmos DB backups
+Cosmos DB backups are completely managed by the platform. Actions like restore, update backup retention or redundancy change are controlled via permission model managed by database account administrator. Cosmos DB backups are not exposed to any human actors, customers or any other module for listing, deletion, or disabling of backups. The backups are encrypted and stored in storage accounts secured by rotating certificate-based access. These backups are only accessed by restore module to restore specific backup nondestructively when a customer initiates a restore. These actions are logged and audited regularly. Backups kept under retention policy are:  
+* Not alterable (no modifications are permitted to the backups). 
+* Not allowed to be re-encrypted. 
+* Not allowed to be deleted.   
+* Not allowed to be disabled 
+Customers who chose [CMK (customer managed key)](how-to-setup-customer-managed-keys.md), their data and backup have protection through envelope encryption."  
+
 ## Frequently asked questions
 
 ### Can I restore from an account A in subscription S1 to account B in a subscription S2?

articles/ai-studio/media/explore/model-benchmarks-list-view.png

@@ -3,14 +3,16 @@ title: Configure Azure IoT Edge device settings
 description: This article shows you how to configure Azure IoT Edge device settings and options using the config.toml file.
 author: PatAltimore
 ms.author: patricka
-ms.date: 02/06/2024
+ms.date: 05/06/2024
 ms.topic: how-to
 ms.service: iot-edge
 services: iot-edge
 ---
 
 # Configure IoT Edge device settings
 
+[!INCLUDE [iot-edge-version-all-supported](includes/iot-edge-version-all-supported.md)]
+
 This article shows settings and options for configuring the IoT Edge */etc/aziot/config.toml* file of an IoT Edge device. IoT Edge uses the *config.toml* file to initialize settings for the device. Each of the sections of the *config.toml* file has several options. Not all options are mandatory, as they apply to specific scenarios.
 
 A template containing all options can be found in the *config.toml.edge.template* file within the */etc/aziot* directory on an IoT Edge device. You can copy the contents of the whole template or sections of the template into your *config.toml* file. Uncomment the sections you need. Be aware not to copy over parameters you have already defined.
@@ -19,7 +21,7 @@ If you change a device's configuration, use `sudo iotedge config apply` to apply
 
 ## Global parameters
 
-The **hostname**, **parent_hostname**, **trust_bundle_cert**, **allow_elevated_docker_permissions**, and **auto_reprovisioning_mode** parameters must be at the beginning of the configuration file before any other sections. Adding parameters before a collection of settings ensures they're applied correctly. For more information on valid syntax, see [toml.io ](https://toml.io/).
+The **hostname**, **parent_hostname**, **trust_bundle_cert**, **allow_elevated_docker_permissions**, and **auto_reprovisioning_mode** parameters must be at the beginning of the configuration file before any other sections. Adding parameters before a collection of settings ensures they're applied correctly. For more information on valid syntax, see [toml.io](https://toml.io/).
 
 ### Hostname
 

articles/ai-studio/toc.yml

@@ -1,15 +1,17 @@
 ---
-title: Manage virtual network flow logs using Azure Policy 
+title: Audit and deploy virtual network flow logs using Azure Policy 
 titleSuffix: Azure Network Watcher
 description: Learn how to use Azure Policy built-in policies to audit virtual networks and deploy Azure Network Watcher virtual network flow logs.
 author: halkazwini
 ms.author: halkazwini
 ms.service: network-watcher
 ms.topic: how-to
-ms.date: 05/03/2024
+ms.date: 05/07/2024
+
+#CustomerIntent: As an Azure administrator, I want to use Azure Policy to audit and deploy virtual network flow logs.
 ---
 
-# Manage virtual network flow logs using Azure Policy
+# Audit and deploy virtual network flow logs using Azure Policy
 
 Azure Policy helps you enforce organizational standards and assess compliance at scale. Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. To learn more about Azure policy, see [What is Azure Policy?](../governance/policy/overview.md) and [Quickstart: Create a policy assignment to identify noncompliant resources](../governance/policy/assign-policy-portal.md).
 
@@ -125,15 +127,19 @@ To assign the *deployIfNotExists* policy, follow these steps:
 
     :::image type="content" source="./media/vnet-flow-logs-policy/deploy-policy-compliance-details.png" alt-text="Screenshot that shows the noncompliant virtual networks based on the deploy policy." lightbox="./media/vnet-flow-logs-policy/deploy-policy-compliance-details.png":::
 
-    The policy takes some time to evaluate and deploy flow logs for all noncompliant virtual networks in the specified scope. 
+    > [!NOTE]
+    > The policy takes some time to evaluate virtual networks in the specified scope and deploy flow logs for the noncompliant virtual networks. 
 
-1. Verify that there are no noncompliant virtual networks in the policy compliance page.
+1. Go to **Flow logs** under **Logs** in **Network Watcher** to see the flow logs that were deployed by the policy.
 
-    :::image type="content" source="./media/vnet-flow-logs-policy/deploy-policy-compliance-details-compliant.png" alt-text="Screenshot that shows there aren't any noncompliant virtual networks after the deployment policy deployed flow logs in the defined scope." lightbox="./media/vnet-flow-logs-policy/deploy-policy-compliance-details-compliant.png":::
+    :::image type="content" source="./media/vnet-flow-logs-policy/flow-logs.png" alt-text="Screenshot that shows the flow logs list in Network Watcher." lightbox="./media/vnet-flow-logs-policy/flow-logs.png":::
 
-    You can view the deployed virtual network flow logs by going to **Flow logs** under **Logs** in **Network Watcher**.
+1. In the policy compliance page, verify that all virtual networks in the specified scope are compliant.
 
-    :::image type="content" source="./media/vnet-flow-logs-policy/flow-logs.png" alt-text="Screenshot that shows the flow logs list in Network Watcher." lightbox="./media/vnet-flow-logs-policy/flow-logs.png":::
+    :::image type="content" source="./media/vnet-flow-logs-policy/deploy-policy-compliance-details-compliant.png" alt-text="Screenshot that shows there aren't any noncompliant virtual networks after the deployment policy deployed flow logs in the defined scope." lightbox="./media/vnet-flow-logs-policy/deploy-policy-compliance-details-compliant.png":::
+
+    > [!NOTE]
+    > It can take up to 24 hours to update resource compliance status in Azure Policy compliance page. For more information, see [Understand evaluation outcomes](../governance/policy/overview.md?toc=/azure/network-watcher/toc.json#understand-evaluation-outcomes).
 
  ## Related content
 

articles/cosmos-db/online-backup-and-restore.md

@@ -4,7 +4,7 @@ description: Learn about the available PostgreSQL extensions in Azure Database f
 author: varun-dhawan
 ms.author: varundhawan
 ms.reviewer: maghan
-ms.date: 04/27/2024
+ms.date: 05/7/2024
 ms.service: postgresql
 ms.subservice: flexible-server
 ms.topic: conceptual
@@ -101,6 +101,39 @@ The following extensions are available in Azure Database for PostgreSQL flexible
 
 [!INCLUDE [extensions-table](./includes/extensions-table.md)]
 
+## Upgrading PostgreSQL extensions
+In-place upgrades of database extensions are allowed through a simple command. This feature enables customers to automatically update their third-party extensions to the latest versions, maintaining current and secure systems without manual effort.
+
+### Updating Extensions
+To update an installed extension to the latest available version supported by Azure, use the following SQL command:
+
+```sql
+ALTER EXTENSION <extension-name> UPDATE;
+```
+
+This command simplifies the management of database extensions by allowing users to manually upgrade to the latest version approved by Azure, enhancing both compatibility and security.
+
+### Limitations
+While updating extensions is straightforward, there are certain limitations:
+- **Specific Version Selection**: The command does not support updating to intermediate versions of an extension. It will always update to the [latest available version](#extension-versions).
+- **Downgrading**: Azure does not currently support downgrading an extension to a previous version through a similar command. If a downgrade is necessary, it might require manual intervention or support assistance.
+
+#### Viewing Installed Extensions
+To list the extensions currently installed on your database, use the following SQL command:
+
+```sql
+SELECT * FROM pg_extension;
+```
+
+#### Available Extension Versions
+To check which versions of an extension are available for your current database installation, execute:
+
+```sql
+SELECT * FROM pg_available_extensions WHERE name = 'azure_ai';
+```
+
+These commands provide necessary insights into the extension configurations of your database, helping maintain your systems efficiently and securely. By enabling easy updates to the latest extension versions, Azure Database for PostgreSQL continues to support the robust, secure, and efficient management of your database applications.
+
 ## dblink and postgres_fdw
 
 [dblink](https://www.postgresql.org/docs/current/contrib-dblink-function.html) and [postgres_fdw](https://www.postgresql.org/docs/current/postgres-fdw.html) allow you to connect from one Azure Database for PostgreSQL flexible server instance to another, or to another database in the same server. Azure Database for PostgreSQL flexible server supports both incoming and outgoing connections to any PostgreSQL server. The sending server needs to allow outbound connections to the receiving server. Similarly, the receiving server needs to allow connections from the sending server.