Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into yelevin/ama-cef-fixes

Author: yelevin

articles/ai-services/language-service/whats-new.md

@@ -20,6 +20,14 @@ Azure AI Language is updated on an ongoing basis. To stay up-to-date with recent
 
 * [Native document support](native-document-support/use-native-documents.md) is now available in `2023-11-15-preview` public preview.
 
+## December 2023
+
+* [Text Analytics for health](./text-analytics-for-health/overview.md) new model 2023-12-01 is now available.
+* New Relation Type: `BodySiteOfExamination`
+ * Quality enhancements to support radiology documents
+ * Significant latency improvements
+ * Various bug fixes: Improvements across NER, Entity Linking, Relations and Assertion Detection
+
 ## November 2023
 
 * [Named Entity Recognition Container](./named-entity-recognition/how-to/use-containers.md) is now Generally Available (GA).

articles/aks/media/supported-kubernetes-versions/kubernetes-versions-gantt.png

@@ -129,12 +129,12 @@ spec:
       paths:
       - path: /blog
         backend:
-         service
+         service:
            name: blogservice
            port: 80
       - path: /store
         backend:
-         service
+         service:
            name: storeservice
            port: 80
 ```

articles/aks/operator-best-practices-network.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: api-management
 ms.topic: article
-ms.date: 12/21/2021
+ms.date: 01/29/2024
 ms.author: apimpm
 ms.custom: fasttrack-edit
 ---
@@ -93,11 +93,11 @@ API Management uses a public IP address for a connection outside the VNet or a p
 
 * When a request is sent from API Management to a public (internet-facing) backend, a public IP address will always be visible as the origin of the request.
 
-## IP addresses of Consumption tier API Management service
+## IP addresses of Consumption, Basic v2, and Standard v2 tier API Management service
 
-If your API Management service is a Consumption tier service, it doesn't have a dedicated IP address. Consumption tier service runs on a shared infrastructure and without a deterministic IP address.
+If your API Management instance is created in a service tier that runs on a shared infrastructure, it doesn't have a dedicated IP address. Currently, instances in the following service tiers run on a shared infrastructure and without a deterministic IP address: Consumption, Basic v2 (preview), Standard v2 (preview).
 
-If you need to add the outbound IP addresses used by your Consumption tier instance to an allowlist, you can add the instance's data center (Azure region) to an allowlist. You can [download a JSON file that lists IP addresses for all Azure data centers](https://www.microsoft.com/download/details.aspx?id=56519). Then find the JSON fragment that applies to the region that your instance runs in.
+If you need to add the outbound IP addresses used by your Consumption, Basic v2, or Standard v2 tier instance to an allowlist, you can add the instance's data center (Azure region) to an allowlist. You can [download a JSON file that lists IP addresses for all Azure data centers](https://www.microsoft.com/download/details.aspx?id=56519). Then find the JSON fragment that applies to the region that your instance runs in.
 
 For example, the following JSON fragment is what the allowlist for Western Europe might look like:
 

articles/api-management/api-management-howto-ip-addresses.md

@@ -104,7 +104,7 @@ A subscriber can use an API Management subscription key in one of two ways:
 > **Ocp-Apim-Subscription-Key** is the default name of the subscription key header, and **subscription-key** is the default name of the query parameter. If desired, you may modify these names in the settings for each API. For example, in the portal, update these names on the **Settings** tab of an API.
 
 > [!NOTE]
-> When included in a request header or query parameter, the subscription key by default is passed to the backend and may be exposed in backend monitoring logs or other systems. If this is considered sensitive data, you can configure a policy in the `outbound` section to remove the subscription key header ([`set-header`](set-header-policy.md)) or query parameter ([`set-query-parameter`](set-query-parameter-policy.md)).  
+> When included in a request header or query parameter, the subscription key by default is passed to the backend and may be exposed in backend monitoring logs or other systems. If this is considered sensitive data, you can configure a policy at the end of the `inbound` section to remove the subscription key header ([`set-header`](set-header-policy.md)) or query parameter ([`set-query-parameter`](set-query-parameter-policy.md)).  
 
 ## Enable or disable subscription requirement for API or product access
 

articles/api-management/api-management-subscriptions.md

@@ -6,8 +6,7 @@ services: api-management, azure-ad-b2c, app-service
 author: WillEastbury
 manager: alberts
 ms.service: api-management
-ms.workload: mobile
-ms.topic: article
+ms.topic: how-to
 ms.date: 02/18/2021
 ms.author: wieastbu
 ms.custom: fasttrack-new, fasttrack-update, devx-track-js
@@ -23,7 +22,7 @@ For a conceptual overview of API authorization, see [Authentication and authoriz
 
 ## Aims
 
-We're going to see how API Management can be used in a simplified scenario with Azure Functions and Azure AD B2C. You'll create a JavaScript (JS) app calling an API, that signs in users with Azure AD B2C. Then you'll use API Management's validate-jwt, CORS, and Rate Limit By Key policy features to protect the Backend API.
+We're going to see how API Management can be used in a simplified scenario with Azure Functions and Azure AD B2C. You'll create a JavaScript (JS) app calling an API that signs in users with Azure AD B2C. Then you'll use API Management's validate-jwt, CORS, and Rate Limit By Key policy features to protect the Backend API.
 
 For defense in depth, we then use EasyAuth to validate the token again inside the back-end API and ensure that API management is the only service that can call the Azure Functions backend.
 
@@ -59,13 +58,13 @@ Here's a quick overview of the steps:
 1. Create the sign-up and sign-in policies to allow users to sign in with Azure AD B2C
 1. Configure API Management with the new Azure AD B2C Client IDs and keys to Enable OAuth2 user authorization in the Developer Console
 1. Build the Function API
-1. Configure the Function API to enable EasyAuth with the new Azure AD B2C Client ID’s and Keys and lock down to APIM VIP
+1. Configure the Function API to enable EasyAuth with the new Azure AD B2C Client IDs and Keys and lock down to APIM VIP
 1. Build the API Definition in API Management
 1. Set up Oauth2 for the API Management API configuration
 1. Set up the **CORS** policy and add the **validate-jwt** policy to validate the OAuth token for every incoming request
 1. Build the calling application to consume the API
 1. Upload the JS SPA Sample
-1. Configure the Sample JS Client App with the new Azure AD B2C Client ID’s and keys
+1. Configure the Sample JS Client App with the new Azure AD B2C Client IDs and keys
 1. Test the Client Application
 
    > [!TIP]
@@ -198,7 +197,7 @@ Open the Azure AD B2C blade in the portal and do the following steps.
    >
    > We still have no IP security applied, if you have a valid key and OAuth2 token, anyone can call this from anywhere - ideally we want to force all requests to come via API Management.
    >
-   > If you're using APIM Consumption tier then [there isn't a dedicated Azure API Management Virtual IP](./api-management-howto-ip-addresses.md#ip-addresses-of-consumption-tier-api-management-service) to allow-list with the functions access-restrictions. In the Azure API Management Standard SKU and above [the VIP is single tenant and for the lifetime of the resource](./api-management-howto-ip-addresses.md#changes-to-the-ip-addresses). For the Azure API Management Consumption tier, you can lock down your API calls via the shared secret function key in the portion of the URI you copied above. Also, for the Consumption tier - steps 12-17 below do not apply.
+   > If you're using the API Management Consumption, Basic v2, and Standard v2 tiers then [there isn't a dedicated Azure API Management Virtual IP](./api-management-howto-ip-addresses.md#ip-addresses-of-consumption-basic-v2-and-standard-v2-tier-api-management-service) to allow-list with the functions access-restrictions. In the Azure API Management dedicated tiers [the VIP is single tenant and for the lifetime of the resource](./api-management-howto-ip-addresses.md#changes-to-the-ip-addresses). For the tiers that run on shared infrastructure, you can lock down your API calls via the shared secret function key in the portion of the URI you copied above. Also, for these tiers - steps 12-17 below do not apply.
 
 1. Close the 'Authentication' blade from the App Service / Functions portal.
 1. Open the *API Management blade of the portal*, then open *your instance*.

articles/api-management/howto-protect-backend-frontend-azure-ad-b2c.md

@@ -52,8 +52,8 @@ The easiest way to add an App Configuration store to your application is through
 | ASP.NET Core                      | App Configuration [provider](/dotnet/api/Microsoft.Extensions.Configuration.AzureAppConfiguration) for .NET Core | ASP.NET Core [quickstart](./quickstart-aspnet-core-app.md) |
 | .NET Framework and ASP.NET        | App Configuration [builder](https://go.microsoft.com/fwlink/?linkid=2074663) for .NET                            | .NET Framework [quickstart](./quickstart-dotnet-app.md)    |
 | Java Spring                       | App Configuration [provider](https://go.microsoft.com/fwlink/?linkid=2180917) for Spring Cloud                   | Java Spring [quickstart](./quickstart-java-spring-app.md)  |
-| JavaScript/Node.js                | App Configuration [client](https://go.microsoft.com/fwlink/?linkid=2103664) for JavaScript                       | Javascript/Node.js [quickstart](./quickstart-javascript.md)|
-| Python                            | App Configuration [client](https://go.microsoft.com/fwlink/?linkid=2103727) for Python                           | Python [quickstart](./quickstart-python.md)                |
+| JavaScript/Node.js                | App Configuration [provider](https://github.com/Azure/AppConfiguration-JavaScriptProvider) for JavaScript                       | Javascript/Node.js [quickstart](./quickstart-javascript-provider.md)|
+| Python                            | App Configuration [provider](https://pypi.org/project/azure-appconfiguration-provider/) for Python                           | Python [quickstart](./quickstart-python-provider.md))                |
 | Other                             | App Configuration [REST API](/rest/api/appconfiguration/)                                                        | None                                                       |
 
 ## Next steps

articles/azure-app-configuration/overview.md

@@ -8,16 +8,16 @@ ms.topic: include
 ms.date: 12/12/2023
 ---
 
-At this time, a test or preview build is not available for the next release.
- 
 <!--
+At this time, a test or preview build is not available for the next release.
+ -->
 
-Dec 2023 preview release is now available.
+February, 2024 test release is now available.
 
 |Component|Value|
 |-----------|-----------|
-|Container images registry/repository |`mcr.microsoft.com/arcdata/preview`|
-|Container images tag |`v1.26.0_2023-12-12`|
+|Container images registry/repository |`mcr.microsoft.com/arcdata/test`|
+|Container images tag |`v1.27.0_2023-02-13`|
 |**CRD names and version:**| |
 |`activedirectoryconnectors.arcdata.microsoft.com`| v1beta1, v1beta2, v1, v2|
 |`datacontrollers.arcdata.microsoft.com`| v1beta1, v1 through v5|
@@ -34,17 +34,25 @@ Dec 2023 preview release is now available.
 |`telemetrycollectors.arcdata.microsoft.com`| v1beta1 through v1beta5|
 |`telemetryrouters.arcdata.microsoft.com`| v1beta1 through v1beta5|
 |Azure Resource Manager (ARM) API version|2023-11-01-preview|
-|`arcdata` Azure CLI extension version|1.5.8 ([Download](https://aka.ms/az-cli-arcdata-ext))|
-|Arc-enabled Kubernetes helm chart extension version|1.26.0|
+|`arcdata` Azure CLI extension version|1.6.0 ([Download](https://aka.ms/az-cli-arcdata-ext))|
+|Arc-enabled Kubernetes helm chart extension version|1.27.0|
 |Azure Arc Extension for Azure Data Studio<br/>`arc`<br/>`azcli`|<br/>1.8.0 ([Download](https://aka.ms/ads-arcdata-ext))</br>1.8.0 ([Download](https://aka.ms/ads-azcli-ext))|
 |SQL Database version | 957 |
 
 ### Release notes
 
 #### Arc-enabled SQL Server
 
-Arc SQL Server | Show the Data Processing Service (DPS) connectivity status in the Azure portal | GA
+Arc SQL Server & Arc Data Services | Available in Sweden Central Region | GA
+
+Arc SQL Server & Arc Data Services | Available in Norway East Region | GA
+
+Arc SQL Server & Arc Data Services | Available in UK West Region | GA
+
+Arc SQL Server | Support for TLS 1.3
+
+Arc SQL Server | Improved prompt for feedback in Azure portal | GA
+
+Arc SQL Server | Monitoring | Show monitoring upload status on Arc SQL Server Overview UX | GA
 
-Arc SQL Server | Monitoring | Add IOPS, Queue Latency Storage IO charts in Performance Dashboard in Azure portal
 
--->

articles/azure-arc/data/includes/azure-arc-data-preview-release.md

@@ -24,7 +24,9 @@ Before upgrading an Arc resource bridge, the following prerequisites must be met
 
 - The appliance VM must be online, its status is "Running" and the [credentials in the appliance VM](maintenance.md#update-credentials-in-the-appliance-vm) must be valid.
 
-- There must be sufficient space on the management machine (~3.5 GB) and appliance VM (35 GB) to download required images. For VMware, a new template is created.
+- There must be sufficient space on the management machine (~3.5 GB) and appliance VM (35 GB) to download required images.
+  
+- For Arc-enabled VMware, upgrading the resource bridge requires 200GB of free space on the datastore. A new template is also created.
 
 - The outbound connection from the Appliance VM IPs (`k8snodeippoolstart/end`, VM IP 1/2) to `msk8s.sb.tlu.dl.delivery.mp.microsoft.com`, port 443 must be enabled. Be sure the full list of [required endpoints for Arc resource bridge](network-requirements.md) are also enabled.
 

articles/azure-arc/resource-bridge/upgrade.md

@@ -118,6 +118,9 @@ To enroll Azure Arc-enabled servers eligible for ESUs at no additional cost, fol
 
 This linking will not trigger a compliance violation or enforcement block, allowing you to extend the application of a license beyond its provisioned cores. The expectation is that the license only includes cores for production and billed servers. Any additional cores will be charged and result in over-billing.
 
+> [!IMPORTANT]
+> Adding these tags to your license will NOT make the license free or reduce the number of license cores that are chargeable. These tags allow you to link your Azure machines to existing licenses that are already configured with payable cores without needing to create any new licenses or add additional cores to your free machines.
+
 **Example:**
 
 You have 8 Windows Server 2012 R2 Standard instances, each with 8 physical cores. 6 of these Windows Server 2012 R2 Standard machines are for production, and 2 of these Windows Server 2012 R2 Standard machines are eligible for free ESUs through the Visual Studio Dev Test subscription. You should first provision and activate a regular ESU License for Windows Server 2012/R2 that's Standard edition and has 48 physical cores. You should link this regular, production ESU license to your 6 production servers. Next, you should use this existing license, not add any more cores or provision a separate license, and link this license to your 2 non-production Windows Server 2012 R2 standard machines. You should tag the license and the 2 non-production Windows Server 2012 R2 Standard machines with Name: “ESU Usage” and Value: “WS2012 VISUAL STUDIO DEV TEST”.