Merge branch 'main' of https://github.com/tomvcassidy/azure-docs-pr

Author: tomvcassidy

articles/ai-services/language-service/summarization/overview.md

@@ -155,7 +155,7 @@ For more information, *see* [**Use native documents for language processing**](.
 # [Conversation summarization](#tab/conversation-summarization)
 
 * Conversation summarization takes structured text for analysis. For more information, see [data and service limits](../concepts/data-limits.md).
-* Conversation summarization accepts text in English. For more information, see [language support](language-support.md?tabs=conversation-summarization).
+* Conversation summarization works with various spoken languages. For more information, see [language support](language-support.md?tabs=conversation-summarization).
 
 # [Document summarization](#tab/document-summarization)
 

articles/ai-studio/how-to/deploy-models-phi-3.md

@@ -5,7 +5,7 @@ description: Learn how to deploy Phi-3 family of small language models with Azur
 manager: scottpolly
 ms.service: azure-ai-studio
 ms.topic: how-to
-ms.date: 5/21/2024
+ms.date: 07/01/2024
 ms.reviewer: kritifaujdar
 reviewer: fkriti
 ms.author: mopeakande
@@ -25,20 +25,35 @@ The Phi-3 family of SLMs is a collection of instruction-tuned generative text mo
 
 # [Phi-3-mini](#tab/phi-3-mini)
 
-Phi-3 Mini is a 3.8B parameters, lightweight, state-of-the-art open model built upon datasets used for Phi-2—synthetic data and filtered websites—with a focus on high-quality, reasoning-dense data. The model belongs to the Phi-3 model family, and the Mini version comes in two variants, 4K and 128K, which is the context length (in tokens) that the model can support.
+Phi-3 Mini is a 3.8B parameters, lightweight, state-of-the-art open model. Phi-3-Mini was trained with Phi-3 datasets that include both synthetic data and the filtered, publicly-available websites data, with a focus on high quality and reasoning-dense properties. 
+
+The model belongs to the Phi-3 model family, and the Mini version comes in two variants, 4K and 128K, which denote the context length (in tokens) that each model variant can support.
 
 - [Phi-3-mini-4k-Instruct](https://ai.azure.com/explore/models/Phi-3-mini-4k-instruct/version/4/registry/azureml)
 - [Phi-3-mini-128k-Instruct](https://ai.azure.com/explore/models/Phi-3-mini-128k-instruct/version/4/registry/azureml)
 
-The model underwent a rigorous enhancement process, incorporating both supervised fine-tuning and direct preference optimization to ensure precise instruction adherence and robust safety measures. When assessed against benchmarks that test common sense, language understanding, math, code, long context and logical reasoning, Phi-3 Mini-4K-Instruct and Phi-3 Mini-128K-Instruct showcased a robust and state-of-the-art performance among models with less than 13 billion parameters.
+The model underwent a rigorous enhancement process, incorporating both supervised fine-tuning and direct preference optimization to ensure precise instruction adherence and robust safety measures. When assessed against benchmarks that test common sense, language understanding, math, code, long context and logical reasoning, Phi-3-Mini-4K-Instruct and Phi-3-Mini-128K-Instruct showcased a robust and state-of-the-art performance among models with less than 13 billion parameters.
 
 # [Phi-3-medium](#tab/phi-3-medium)
-Phi-3 Medium is a 14B parameters, lightweight, state-of-the-art open model built upon datasets used for Phi-2—synthetic data and filtered publicly available websites—with a focus on high-quality, reasoning-dense data. The model belongs to the Phi-3 model family, and the Medium version comes in two variants, 4K and 128K, which is the context length (in tokens) that the model can support.
+Phi-3 Medium is a 14B parameters, lightweight, state-of-the-art open model. Phi-3-Medium was trained with Phi-3 datasets that include both synthetic data and the filtered, publicly-available websites data, with a focus on high quality and reasoning-dense properties.
+
+The model belongs to the Phi-3 model family, and the Medium version comes in two variants, 4K and 128K, which denote the context length (in tokens) that each model variant can support.
 
 - Phi-3-medium-4k-Instruct
 - Phi-3-medium-128k-Instruct
 
-The model underwent a rigorous enhancement process, incorporating both supervised fine-tuning and direct preference optimization to ensure precise instruction adherence and robust safety measures. 
+The model underwent a rigorous enhancement process, incorporating both supervised fine-tuning and direct preference optimization to ensure precise instruction adherence and robust safety measures. When assessed against benchmarks that test common sense, language understanding, math, code, long context and logical reasoning, Phi-3-Medium-4k-Instruct and Phi-3-Medium-128k-Instruct showcased a robust and state-of-the-art performance among models with less than 13 billion parameters.
+
+# [Phi-3-small](#tab/phi-3-small)
+
+Phi-3-Small is a 7B parameters, lightweight, state-of-the-art open model. Phi-3-Small was trained with Phi-3 datasets that include both synthetic data and the filtered, publicly-available websites data, with a focus on high quality and reasoning-dense properties.
+
+The model belongs to the Phi-3 model family, and the Small version comes in two variants, 8K and 128K, which denote the context length (in tokens) that each model variant can support.
+
+- Phi-3-small-8k-Instruct
+- Phi-3-small-128k-Instruct
+
+The model underwent a rigorous enhancement process, incorporating both supervised fine-tuning and direct preference optimization to ensure precise instruction adherence and robust safety measures. When assessed against benchmarks that test common sense, language understanding, math, code, long context and logical reasoning, Phi-3-Small-8k-Instruct and Phi-3-Small-128k-Instruct showcased a robust and state-of-the-art performance among models with less than 13 billion parameters.
 
 ---
 
@@ -54,7 +69,8 @@ Certain models in the model catalog can be deployed as a serverless API with pay
     * East US 2
     * Sweden Central
 
-     For a list of  regions that are available for each of the models supporting serverless API endpoint deployments, see [Region availability for models in serverless API endpoints](deploy-models-serverless-availability.md).
+    For a list of  regions that are available for each of the models supporting serverless API endpoint deployments, see [Region availability for models in serverless API endpoints](deploy-models-serverless-availability.md).
+
 - An [Azure AI Studio project](../how-to/create-projects.md).
 - Azure role-based access controls (Azure RBAC) are used to grant access to operations in Azure AI Studio. To perform the steps in this article, your user account must be assigned the __Azure AI Developer role__ on the resource group. For more information on permissions, see [Role-based access control in Azure AI Studio](../concepts/rbac-ai-studio.md).
 
@@ -80,7 +96,7 @@ To create a deployment:
     1. Search for and select **Phi-3-mini-4k-Instruct** to open the model's Details page.
     1. Select **Confirm**, and choose the option **Serverless API** to open a serverless API deployment window for the model. 
 
-1. Select the project in which you want to deploy your model. To deploy the Phi-3 model, your project must be in the *EastUS2* or *Sweden Central* region. 
+1. Select the project in which you want to deploy your model. To deploy the Phi-3 model, your project must belong to one of the regions listed in the [prerequisites](#prerequisites) section.
 
 1. Select the **Pricing and terms** tab to learn about pricing for the selected model.
 

articles/azure-monitor/logs/logs-dedicated-clusters.md

@@ -595,11 +595,6 @@ After you create your cluster resource and it's fully provisioned, you can edit
 >[!IMPORTANT]
 >Cluster update should not include both identity and key identifier details in the same operation. If you need to update both, the update should be in two consecutive operations.
 
-<!--
-> [!NOTE]
-> The *billingType* property isn't supported in CLI.
--->
-
 #### [Portal](#tab/azure-portal)
 
 N/A

articles/defender-for-cloud/TOC.yml

@@ -311,7 +311,9 @@
     - name: Build interactive reports with Azure Monitor workbooks
       displayName: workbooks, Secure Score Over Time, Vulnerability Assessment Findings
       href: custom-dashboards-azure-workbooks.md
-      items: null
+    - name: Assign access to workload owners
+      displayName: assign access, aws, gcp, connector, permissions, identity, security
+      href: assign-access-to-workload.md
     - name: Cloud security posture
       items:
         - name: Review cloud security posture

articles/defender-for-cloud/assign-access-to-workload.md

@@ -0,0 +1,128 @@
+---
+title: Assign access to workload owners
+description: Learn how to assign access to a workload owner of an Amazon Web Service or Google Cloud Project connector.
+ms.author: elkrieger
+author: Elazark
+ms.topic: how-to
+ms.date: 07/01/2024
+#customer intent: As a workload owner, I want to learn how to assign access to my AWS or GCP connector so that I can view the suggested recommendations provided by Defender for Cloud.
+---
+
+# Assign access to workload owners
+
+When you onboard your AWS or GCP environments, Defender for Cloud automatically creates a security connector as an Azure resource inside the connected subscription and resource group. Defender for cloud also creates the identity provider as an IAM role it requires during the onboarding process.
+
+
+Assign permission to users, on specific security connectors, below the parent connector? Yes, you can. You need to determine to which AWS accounts or GCP projects you want users to have access to. Meaning, you need to identify the security connectors that correspond to the AWS account or GCP project to which you want to assign users access.
+
+## Prerequisites
+
+- An Azure account. If you don't already have an Azure account, you can [create your Azure free account today](https://azure.microsoft.com/free/).
+
+- At least one security connector for [Azure](connect-azure-subscription.md), [AWS](quickstart-onboard-aws.md) or [GCP](quickstart-onboard-gcp.md).
+
+## Configure permissions on the security connector
+
+Permissions for security connectors are managed through Azure role-based access control (RBAC). You can assign roles to users, groups, and applications at a subscription, resource group, or resource level. 
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Navigate to **Microsoft Defender for Cloud** > **Environment settings**.
+
+1. Locate the relevant AWS or GCP connector.
+
+1. Assign permissions to the workload owners with All resources or the Azure Resource Graph option in the Azure portal.
+
+    ### [All resources](#tab/all-resources)
+    
+    1. Search for and select **All resources**.
+    
+        :::image type="content" source="media/assign-access-to-workload/all-resources.png" alt-text="Screenshot that shows you how to search for and select all resources." lightbox="media/assign-access-to-workload/all-resources.png":::
+    
+    1. Select **Manage view** > **Show hidden types**.
+    
+        :::image type="content" source="media/assign-access-to-workload/show-hidden-types.png" alt-text="Screenshot that shows you where on the screen to find the show hidden types option." lightbox="media/assign-access-to-workload/show-hidden-types.png":::
+    
+    1. Select the **Types equals all** filter.
+    
+    1. Enter `securityconnector` in the value field and add a check to the `microsoft.security/securityconnectors`.
+    
+        :::image type="content" source="media/assign-access-to-workload/security-connector.png" alt-text="Screenshot that shows where the field is located and where to enter the value on the screen." lightbox="media/assign-access-to-workload/security-connector.png":::
+    
+    1. Select **Apply**.
+    
+    1. Select the relevant resource connector.
+
+
+    ### [Azure Resource Graph](#tab/azure-resource-graph)
+
+    1. Search for and select **Resource Graph Explorer**.
+    
+        :::image type="content" source="media/assign-access-to-workload/resource-graph-explorer.png" alt-text="Screenshot that shows you how to search for and select resource graph explorer." lightbox="media/assign-access-to-workload/resource-graph-explorer.png":::
+    
+    1. Copy and paste the following query to locate the security connector:
+    
+        ### [AWS](#tab/aws)
+        
+        ```bash
+        resources 
+        | where type == "microsoft.security/securityconnectors" 
+        | extend source = tostring(properties.environmentName)  
+        | where source == "AWS" 
+        | project name, subscriptionId, resourceGroup, accountId = properties.hierarchyIdentifier, cloud = properties.environmentName  
+        ```
+        
+        ### [GCP](#tab/gcp)
+        
+        ```bash
+        resources 
+        | where type == "microsoft.security/securityconnectors" 
+        | extend source = tostring(properties.environmentName)  
+        | where source == "GCP" 
+        | project name, subscriptionId, resourceGroup, projectId = properties.hierarchyIdentifier, cloud = properties.environmentName  
+        ```
+        
+        ---
+    
+    1. Select **Run query**.
+    
+    1. Toggle formatted results to **On**.
+    
+        :::image type="content" source="media/assign-access-to-workload/formatted-results.png" alt-text="Screenshot that shows where the formatted results toggle is located on the screen." lightbox="media/assign-access-to-workload/formatted-results.png":::
+    
+    1. Select the relevant subscription and resource group to locate the relevant security connector.
+    
+    ---
+    
+1. Select **Access control (IAM)**.
+    
+    :::image type="content" source="media/assign-access-to-workload/control-i-am.png" alt-text="Screenshot that shows where to select Access control IAM in the resource you selected." lightbox="media/assign-access-to-workload/control-i-am.png":::
+    
+1. Select **+Add** > **Add role assignment**.
+    
+1. Select the desired role.
+    
+1. Select **Next**.
+    
+1. Select **+ Select members**.
+    
+    :::image type="content" source="media/assign-access-to-workload/select-members.png" alt-text="Screenshot that shows where the button is on the screen to select the + select members button.":::
+    
+1. Search for and select the relevant user or group.
+    
+1. Select the **Select** button.
+    
+1. Select **Next**.
+    
+1. Select **Review + assign**.
+
+1. Review the information.
+
+1. Select **Review + assign**.
+
+After setting the permission for the security connector, the workload owners will be able to view recommendations in Defender for Cloud for the AWS and GCP resources that are associated with the security connector.
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [RBAC permissions](permissions.md)

articles/defender-for-cloud/includes/assign-access-amazon-web-service.md

@@ -0,0 +1,15 @@
+---
+author: dcurwin
+ms.author: dacurwin
+ms.service: defender-for-cloud
+ms.topic: include
+ms.date: 02/18/2024
+---
+
+```bash
+resources 
+| where type == "microsoft.security/securityconnectors" 
+| extend source = tostring(properties.environmentName)  
+| where source == "AWS" 
+| project name, subscriptionId, resourceGroup, accountId = properties.hierarchyIdentifier, cloud = properties.environmentName  
+```

articles/defender-for-cloud/includes/assign-access-google-cloud-project.md

@@ -0,0 +1,15 @@
+---
+author: dcurwin
+ms.author: dacurwin
+ms.service: defender-for-cloud
+ms.topic: include
+ms.date: 02/18/2024
+---
+
+```bash
+resources 
+| where type == "microsoft.security/securityconnectors" 
+| extend source = tostring(properties.environmentName)  
+| where source == "GCP" 
+| project name, subscriptionId, resourceGroup, projectId = properties.hierarchyIdentifier, cloud = properties.environmentName  
+```