Merge pull request #272805 from MicrosoftDocs/main

4/19/2024 AM Publish

Author: Taojunshen

.openpublishing.redirection.json

@@ -3851,7 +3851,7 @@
         },
         {
             "source_path_from_root": "/articles/aks/cluster-configuration.md",
-            "redirect_url": "/azure/aks/concepts-clusters-workloads.md",
+            "redirect_url": "/azure/aks/concepts-clusters-workloads",
             "redirect_document_id": false
         },
         {

articles/ai-studio/concepts/rbac-ai-studio.md

@@ -24,7 +24,7 @@ In this article, you learn how to manage access (authorization) to an Azure AI h
 
 ## Azure AI hub resource vs Azure AI project
 
-In the Azure AI Studio, there are two levels of access: the Azure AI hub resource and the Azure AI project. The resource is home to the infrastructure (including virtual network setup, customer-managed keys, managed identities, and policies) as well as where you configure your Azure AI services. Azure AI hub resource access can allow you to modify the infrastructure, create new Azure AI hub resources, and create projects. Azure AI projects are a subset of the Azure AI hub resource that act as workspaces that allow you to build and deploy AI systems. Within a project you can develop flows, deploy models, and manage project assets. Project access lets you develop AI end-to-end while taking advantage of the infrastructure setup on the Azure AI hub resource.
+In the Azure AI Studio, there are two levels of access: the Azure AI hub and the Azure AI project. The AI hub is home to the infrastructure (including virtual network setup, customer-managed keys, managed identities, and policies) as well as where you configure your Azure AI services. Azure AI hub access can allow you to modify the infrastructure, create new Azure AI hub resources, and create projects. Azure AI projects are a subset of the Azure AI hub resource that act as workspaces that allow you to build and deploy AI systems. Within a project you can develop flows, deploy models, and manage project assets. Project access lets you develop AI end-to-end while taking advantage of the infrastructure setup on the Azure AI hub resource.
 
 :::image type="content" source="../media/concepts/azureai-hub-project-relationship.png" alt-text="Diagram of the relationship between AI Studio resources." lightbox="../media/concepts/azureai-hub-project-relationship.png":::
 
@@ -114,7 +114,6 @@ The Azure AI hub resource has dependencies on other Azure services. The followin
 | `Microsoft.Insights/Components/Write` | Write to an application insights component configuration. |
 | `Microsoft.OperationalInsights/workspaces/write` | Create a new workspace or links to an existing workspace by providing the customer ID from the existing workspace. |
 
-
 ## Sample enterprise RBAC setup
 The following is an example of how to set up role-based access control for your Azure AI Studio for an enterprise.
 
@@ -151,6 +150,18 @@ If the built-in roles are insufficient, you can create custom roles. Custom role
 > [!NOTE]
 > You must be an owner of the resource at that level to create custom roles within that resource. 
 
+## Scenario: Use a customer-managed key
+
+When using a customer-managed key (CMK), an Azure Key Vault is used to store the key. The user or service principal used to create the workspace must have owner or contributor access to the key vault.
+
+If your Azure AI hub is configured with a **user-assigned managed identity**, the identity must be granted the following roles. These roles allow the managed identity to create the Azure Storage, Azure Cosmos DB, and Azure Search resources used when using a customer-managed key:
+
+- `Microsoft.Storage/storageAccounts/write`
+- `Microsoft.Search/searchServices/write`
+- `Microsoft.DocumentDB/databaseAccounts/write`
+
+Within the key vault, the user or service principal must have create, get, delete, and purge access to the key through a key vault access policy. For more information, see [Azure Key Vault security](/azure/key-vault/general/security-features#controlling-access-to-key-vault-data).
+
 ## Next steps
 
 - [How to create an Azure AI hub resource](../how-to/create-azure-ai-resource.md)

articles/aks/custom-node-configuration.md

@@ -239,7 +239,7 @@ The settings below can be used to tune the operation of the virtual memory (VM)
 
 ## Next steps
 
-- Learn [how to configure your AKS cluster](cluster-configuration.md).
+- Learn [how to configure your AKS cluster](./concepts-clusters-workloads.md).
 - Learn how [upgrade the node images](node-image-upgrade.md) in your cluster.
 - See [Upgrade an Azure Kubernetes Service (AKS) cluster](upgrade-cluster.md) to learn how to upgrade your cluster to the latest version of Kubernetes.
 - See the list of [Frequently asked questions about AKS](faq.md) to find answers to some common AKS questions.

articles/azure-arc/edge-storage-accelerator/jumpstart.md

@@ -0,0 +1,27 @@
+---
+title: Azure Arc Jumpstart scenario using Edge Storage Accelerator (preview)
+description: Learn about an Azure Arc scenario that uses Edge Storage Accelerator.
+author: sethmanheim
+ms.author: sethm
+ms.topic: overview
+ms.date: 04/18/2024
+
+---
+
+# Azure Arc Jumpstart scenario using Edge Storage Accelerator
+
+Edge Storage Accelerator (ESA) collaborated with the [Arc Jumpstart](https://azurearcjumpstart.com/) team to implement a scenario in which a computer vision AI model detects defects in bolts by analyzing video from a supply line video feed streamed over Real-Time Streaming Protocol (RTSP). The identified defects are then stored in a container within a storage account using Edge Storage Accelerator.
+
+## Scenario description
+
+In this automated setup, ESA is deployed on an [AKS Edge Essentials](/azure/aks/hybrid/aks-edge-overview) single-node instance, running in an Azure virtual machine. An Azure Resource Manager template is provided to create the necessary Azure resources and configure the **LogonScript.ps1** custom script extension. This extension handles AKS Edge Essentials cluster creation, Azure Arc onboarding for the Azure VM and AKS Edge Essentials cluster, and Edge Storage Accelerator deployment. Once AKS Edge Essentials is deployed, ESA is installed as a Kubernetes service that exposes a CSI driven storage class for use by applications in the Edge Essentials Kubernetes cluster.
+
+For more information, see the following articles:
+
+- [Watch the ESA jumpstart scenario on YouTube](https://youtu.be/Qnh2UH1g6Q4)
+- [Visit the ESA jumpstart documentation](https://aka.ms/esajumpstart)
+
+## Next steps
+
+- [Edge Storage Accelerator overview](overview.md)
+- [AKS Edge Essentials overview](/azure/aks/hybrid/aks-edge-overview)

articles/azure-arc/edge-storage-accelerator/toc.yml

@@ -3,6 +3,8 @@ items:
   href: index.yml
 - name: Overview
   href: overview.md
+- name: Edge Storage Accelerator Jumpstart
+  href: jumpstart.md
 - name: Install Edge Storage Accelerator on a single-node cluster
   href: how-to-single-node-k3s.md
 - name: How-to

articles/azure-arc/servers/private-link-security.md

@@ -1,5 +1,5 @@
 ---
-title: Use Azure Private Link to securely connect servers to Azure Arc
+title: Use Azure Private Link to connect servers to Azure Arc using a private endpoint
 description: Learn how to use Azure Private Link to securely connect networks to Azure Arc.
 ms.topic: conceptual
 ms.custom:

articles/azure-monitor/agents/agents-overview.md

@@ -116,7 +116,7 @@ The tables below provide a comparison of Azure Monitor Agent with the legacy the
 |		|	IIS logs	|	✓ 	| ✓ |
 |	**Data sent to**	|		|		|		|
 |		|	Azure Monitor Logs	| ✓ | ✓ |
-|	**Services and features supported**	|		|		|		|		|
+|	**Services and features supported**	|		|		|		|
 |		|	Microsoft Sentinel 	|	✓ ([View scope](./azure-monitor-agent-migration.md#migrate-additional-services-and-features))	| ✓ |
 |		|	VM Insights	|	✓ | ✓ |
 |		|	Microsoft Defender for Cloud - Only uses MDE agent	|		|  |
@@ -140,7 +140,7 @@ The tables below provide a comparison of Azure Monitor Agent with the legacy the
 |		|	File based logs	| ✓ |		|
 |	**Data sent to**	|		|		|		|
 |		|	Azure Monitor Logs	| ✓ | ✓ |
-|	**Services and features supported**	|		|		|		|		|		|
+|	**Services and features supported**	|		|		|		|
 |		|	Microsoft Sentinel 	|	✓ ([View scope](./azure-monitor-agent-migration.md#migrate-additional-services-and-features))	| ✓ |
 |		|	VM Insights	| ✓ |	✓ |
 |		|	Microsoft Defender for Cloud - Only use MDE agent	| | |
@@ -156,7 +156,7 @@ View [supported operating systems for Azure Arc Connected Machine agent](../../a
 ### Windows
 
 | Operating system | Azure Monitor agent | Legacy agent|
-|:---|:---:|:---:|:---:|
+|:---|:---:|:---:
 | Windows Server 2022                                      | ✓ | ✓ |
 | Windows Server 2022 Core                                 | ✓ |   |
 | Windows Server 2019                                      | ✓ | ✓ |
@@ -181,7 +181,7 @@ View [supported operating systems for Azure Arc Connected Machine agent](../../a
 > This article references CentOS, a Linux distribution that is nearing End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md).
 
 | Operating system | Azure Monitor agent <sup>1</sup> | Legacy Agent <sup>1</sup> |
-|:---|:---:|:---:|:---:|
+|:---|:---:|:---:|
 | AlmaLinux 9                                                 | ✓<sup>2</sup> | ✓ |
 | AlmaLinux 8                                                 | ✓<sup>2</sup> | ✓ |
 | Amazon Linux 2017.09                                        |  | ✓ |
@@ -215,8 +215,8 @@ View [supported operating systems for Azure Arc Connected Machine agent](../../a
 | Ubuntu 22.04 LTS                                            | ✓ | ✓ |
 | Ubuntu 20.04 LTS                                            | ✓<sup>2</sup> | ✓ |
 | Ubuntu 18.04 LTS                                            | ✓<sup>2</sup> | ✓ |
-| Ubuntu 16.04 LTS                                            | ✓ | ✓ | ✓ |
-| Ubuntu 14.04 LTS                                            |   | ✓ | ✓ |
+| Ubuntu 16.04 LTS                                            | ✓ | ✓ |
+| Ubuntu 14.04 LTS                                            |   | ✓ |
 
 <sup>1</sup> Requires Python (2 or 3) to be installed on the machine.<br>
 <sup>2</sup> Also supported on Arm64-based machines.<br>

articles/azure-monitor/toc.yml

@@ -611,7 +611,7 @@ items:
       items:
       - name: Overview
         href: ../network-watcher/network-insights-overview.md?toc=/azure/azure-monitor/toc.json&bc=/azure/azure-monitor/breadcrumb/toc.json
-      - name: View network topology
+      - name: Topology
         href: ../network-watcher/network-insights-topology.md?toc=/azure/azure-monitor/toc.json&bc=/azure/azure-monitor/breadcrumb/toc.json
       - name: Troubleshoot
         href: ../network-watcher/network-insights-troubleshooting.md?toc=/azure/azure-monitor/toc.json&bc=/azure/azure-monitor/breadcrumb/toc.json

articles/azure-netapp-files/understand-guidelines-active-directory-domain-service-site.md

@@ -72,7 +72,7 @@ Ensure that you meet the following requirements about the DNS configurations:
     * Ensure that DNS servers have network connectivity to the Azure NetApp Files delegated subnet hosting the Azure NetApp Files volumes.
     * Ensure that network ports UDP 53 and TCP 53 are not blocked by firewalls or NSGs.
 * Ensure that [the SRV records registered by the AD DS Net Logon service](https://social.technet.microsoft.com/wiki/contents/articles/7608.srv-records-registered-by-net-logon.aspx) have been created on the DNS servers.
-* Ensure that the PTR records for the AD DS domain controllers used by Azure NetApp Files have been created on the DNS servers.
+* Ensure the PTR records for the AD DS domain controllers used by Azure NetApp Files have been created on the DNS servers in the same domain as your Azure NetApp Files configuration.
 * Azure NetApp Files doesn’t automatically delete pointer records (PTR) associated with DNS entries when a volume is deleted. PTR records are used for reverse DNS lookups, which map IP addresses to hostnames. They are typically managed by the DNS server's administrator.
 When you create a volume in Azure NetApp Files, you can associate it with a DNS name. However, the management of DNS records, including PTR records, is outside the scope of Azure NetApp Files. Azure NetApp Files provides the option to associate a volume with a DNS name for easier access, but it doesn't manage the DNS records associated with that name. 
 If you delete a volume in Azure NetApp Files, the associated DNS records (such as the A records for forwarding DNS lookups) need to be managed and deleted from the DNS server or the DNS service you are using.

articles/cloud-shell/features.md

@@ -196,6 +196,6 @@ Programming languages
 [27]: https://kubernetes.io/docs/reference/kubectl/
 [28]: https://pnp.github.io/office365-cli/
 [29]: https://puppet.com/docs/bolt/latest/bolt.html
-[30]: https://www.ansible.com/microsoft-azure
+[30]: /azure/developer/ansible/overview
 [31]: https://www.terraform.io/docs/providers/azurerm/
 [32]: persisting-shell-storage.md