Merge pull request #289730 from MicrosoftDocs/main

Publish to live, Sunday 4 AM PST, 11/3

Author: ttorble

articles/azure-netapp-files/configure-network-features.md

@@ -5,7 +5,7 @@ services: azure-netapp-files
 author: b-hchen
 ms.service: azure-netapp-files
 ms.topic: how-to
-ms.date: 10/24/2024
+ms.date: 11/01/2024
 ms.custom: references_regions
 ms.author: anfdocs
 ---
@@ -81,7 +81,7 @@ You can edit the network features option of existing volumes from *Basic* to *St
 
 * You should only use the edit network features option for an [application volume group for SAP HANA](application-volume-group-introduction.md) if you have enrolled in the [extension one preview](application-volume-group-introduction.md#extension-1-features), which adds support for Standard network features. 
 * If you enabled both the `ANFStdToBasicNetworkFeaturesRevert` and `ANFBasicToStdNetworkFeaturesUpgrade` AFECs and are using 1 or 2-TiB capacity pools, see [Resize a capacity pool or a volume](azure-netapp-files-resize-capacity-pools-or-volumes.md) for information about sizing your capacity pools. 
-* <a name="no-downtime"></a> Azure NetApp Files supports a non-disruptive upgrade to Standard network features and a revert to Basic network features. This operation is expected to take at least 25 minutes. You can't create a regular or data protection volume or application volume group while the edit network feature operation is underway. This feature is currently in **preview** in the Australia East, Central India, North Central US, and Switzerland North regions. In all other regions, updating network features can cause a network disruption on the volumes for up to 5 minutes. 
+* <a name="no-downtime"></a> Azure NetApp Files supports a non-disruptive upgrade to Standard network features and a revert to Basic network features. This operation is expected to take at least 25 minutes. You can't create a regular or data protection volume or application volume group while the edit network feature operation is underway. This feature is currently in **preview** in the Australia East, Central India, East Asia, North Central US, and Switzerland North regions. In all other regions, updating network features can cause a network disruption on the volumes for up to 5 minutes. 
 
 > [!NOTE]
 > You need to submit a waitlist request for accessing the feature through the **[Azure NetApp Files standard networking features (edit volumes) Request Form](https://aka.ms/anfeditnetworkfeaturespreview)**. The feature can take approximately one week to be enabled after you submit the waitlist request. You can check the status of feature registration by using the following command: 

articles/azure-netapp-files/whats-new.md

@@ -20,7 +20,7 @@ Azure NetApp Files is updated regularly. This article provides a summary about t
 
     Azure NetApp Files now supports the ability to edit network features (that is, upgrade from Basic to Standard network features) with no downtime for Azure NetApp Files volumes. Standard Network Features provide you with an enhanced virtual networking experience for a seamless and consistent experience along with security posture for Azure NetApp Files. 
 
-    This feature is currently in preview in the Australia East, Central India, North Central US, and Switzerland North regions. 
+    This feature is currently in preview in the Australia East, Central India, East Asia, North Central US, and Switzerland North regions. 
 
 ## September 2024 
 

articles/frontdoor/index.yml

@@ -1,11 +1,11 @@
 ### YamlMime:Landing
 
 title: Azure Front Door and CDN documentation
-summary: Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.
+summary: Azure Front Door is a modern cloud content delivery network (CDN) service that delivers high performance, scalability, and secure user experiences for your content and applications.
 
 metadata:
   title: Azure Front Door and CDN Documentation
-  description: Azure Front Door provides a scalable and secure entry point for fast delivery of your global web applications. Learn how to use Front Door with our quickstarts, tutorials, and samples.
+  description: Azure Front Door is a modern cloud content delivery network (CDN) service that delivers high performance, scalability, and secure user experiences for your content and applications. Learn how to use Front Door with our quickstarts, tutorials, and samples.
   ms.service: azure-frontdoor
   ms.topic: landing-page
   author: duongau

articles/healthcare-apis/deidentification/configure-storage.md

@@ -0,0 +1,101 @@
+---
+title: Learn how to configure Azure Storage to de-identify documents with the de-identification service
+description: "Learn how to configure Azure Storage to de-identify documents with the de-identification service."
+author: jovinson-ms
+ms.author: jovinson
+ms.service: azure-health-data-services
+ms.subservice: deidentification-service
+ms.topic: tutorial
+ms.date: 11/01/2024
+
+#customer intent: As an IT admin, I want to know how to configure an Azure Storage account to allow access to the de-identification service to de-identify documents.
+
+---
+
+# Tutorial: Configure Azure Storage to de-identify documents
+
+The Azure Health Data Services de-identification service (preview) can de-identify documents in Azure Storage via an asynchronous job. If you have many documents that you would like
+to de-identify, using a job is a good option. Jobs also provide consistent surrogation, meaning that surrogate values in the de-identified output will match across
+all documents. For more information about de-identification, including consistent surrogation, see [What is the de-identification service (preview)?](overview.md)
+
+When you choose to store documents in Azure Blob Storage, you're charged based on Azure Storage pricing. This cost isn't included in the 
+ de-identification service pricing. [Explore Azure Blob Storage pricing](https://azure.microsoft.com/pricing/details/storage/blobs).
+
+In this tutorial, you:
+
+> [!div class="checklist"]
+> * Create a storage account and container
+> * Upload a sample document
+> * Grant the de-identification service access
+> * Configure network isolation
+
+## Prerequisites
+
+* An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+* A de-identification service with system-assigned managed identity. [Deploy the de-identification service (preview)](quickstart.md).
+
+## Open Azure CLI
+
+Install [Azure CLI](/cli/azure/install-azure-cli) and open your terminal of choice. In this tutorial, we're using PowerShell.
+
+## Create a storage account and container
+1. Set your context, substituting the subscription name containing your de-identification service for the `<subscription_name>` placeholder:
+   ```powershell
+   az account set --subscription "<subscription_name>"
+   ```
+1. Save a variable for the resource group, substituting the resource group containing your de-identification service for the `<resource_group>` placeholder:
+   ```powershell
+   $ResourceGroup = "<resource_group>"
+   ```
+1. Create a storage account, providing a value for the `<storage_account_name>` placeholder:
+   ```powershell
+   $StorageAccountName = "<storage_account_name>"
+   $StorageAccountId = $(az storage account create --name $StorageAccountName --resource-group $ResourceGroup --sku Standard_LRS --kind StorageV2 --min-tls-version TLS1_2 --allow-blob-public-access false --query id --output tsv)
+   ```
+1. Assign yourself a role to perform data operations on the storage account:
+   ```powershell
+   $UserId = $(az ad signed-in-user show --query id -o tsv)
+   az role assignment create --role "Storage Blob Data Contributor" --assignee $UserId --scope $StorageAccountId
+   ```
+1. Create a container to hold your sample document:
+   ```powershell
+   az storage container create --account-name $StorageAccountName --name deidtest --auth-mode login
+   ```
+## Upload a sample document
+Next, you upload a document that contains synthetic PHI:
+```powershell
+$DocumentContent = "The patient came in for a visit on 10/12/2023 and was seen again November 4th at Contoso Hospital."
+az storage blob upload --data $DocumentContent --account-name $StorageAccountName --container-name deidtest --name deidsample.txt --auth-mode login
+```
+
+## Grant the de-identification service access to the storage account
+
+In this step, you grant the de-identification service's system-assigned managed identity role-based access to the container. You grant the **Storage Blob
+Data Contributor** role because the de-identification service will both read the original document and write de-identified output documents. Substitute the name of
+your de-identification service for the `<deid_service_name>` placeholder:
+```powershell
+$DeidServicePrincipalId=$(az resource show -n <deid_service_name> -g $ResourceGroup --resource-type microsoft.healthdataaiservices/deidservices --query identity.principalId --output tsv)
+az role assignment create --assignee $DeidServicePrincipalId --role "Storage Blob Data Contributor" --scope $StorageAccountId
+```
+
+## Configure network isolation on the storage account
+Next, you update the storage account to disable public network access and only allow access from trusted Azure services such as the de-identification service.
+After running this command, you won't be able to view the storage container contents without setting a network exception. 
+Learn more at [Configure Azure Storage firewalls and virtual networks](/azure/storage/common/storage-network-security).
+
+```powershell
+az storage account update --name $StorageAccountName --public-network-access Disabled --bypass AzureServices
+```
+
+## Clean up resources
+Once you're done with the storage account, you can delete the storage account and role assignments: 
+```powershell
+az role assignment delete --assignee $DeidServicePrincipalId --role "Storage Blob Data Contributor" --scope $StorageAccountId
+az role assignment delete --assignee $UserId --role "Storage Blob Data Contributor" --scope $StorageAccountId
+az storage account delete --ids $StorageAccountId --yes
+```
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Quickstart: Azure Health De-identification client library for .NET](quickstart-sdk-net.md)

articles/healthcare-apis/deidentification/quickstart.md

@@ -69,4 +69,5 @@ If you no longer need them, delete the resource group and de-identification serv
 
 ## Related content
 
-[De-identification service overview](overview.md)
+> [!div class="nextstepaction"]
+> [Tutorial: Configure Azure Storage to de-identify documents](configure-storage.md)

articles/healthcare-apis/deidentification/toc.yml

@@ -15,6 +15,11 @@ items:
         href: quickstart.md
       - name: Azure Health De-identification client library for .NET
         href: quickstart-sdk-net.md
+  - name: Tutorials
+    expanded: true
+    items:
+      - name: Configure Azure Storage to de-identify documents
+        href: configure-storage.md
   - name: How-to
     expanded: true
     items:

articles/iot-operations/.openpublishing.redirection.iot-operations.json

@@ -202,13 +202,23 @@
         },
         {
             "source_path_from_root": "/articles/iot-operations/manage-mqtt-connectivity/howto-configure-tls-manual.md",
-            "redirect_url": "/azure/iot-operations/manage-mqtt-broker/howto-configure-tls-manual",
-            "redirect_document_id": true
+            "redirect_url": "/azure/iot-operations/manage-mqtt-broker/howto-configure-brokerlistener",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/iot-operations/manage-mqtt-broker/howto-configure-tls-manual.md",
+            "redirect_url": "/azure/iot-operations/manage-mqtt-broker/howto-configure-brokerlistener",
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/iot-operations/manage-mqtt-connectivity/howto-configure-tls-auto.md",
-            "redirect_url": "/azure/iot-operations/manage-mqtt-broker/howto-configure-tls-auto",
-            "redirect_document_id": true
+            "redirect_url": "/azure/iot-operations/manage-mqtt-broker/howto-configure-brokerlistener",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/iot-operations/manage-mqtt-broker/howto-configure-tls-auto.md",
+            "redirect_url": "/azure/iot-operations/manage-mqtt-broker/howto-configure-brokerlistener",
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/iot-operations/manage-mqtt-connectivity/howto-configure-brokerlistener.md",