Merge pull request #292162 from MicrosoftDocs/main

12/18/2024 PM Publish

Author: Taojunshen

.openpublishing.redirection.json

@@ -1,5 +1,29 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/operator-call-protection/deployment-overview.md",
+      "redirect_url": "/previous-versions/azure/operator-call-protection/deployment-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/operator-call-protection/onboarding.md",
+      "redirect_url": "/previous-versions/azure/operator-call-protection/onboarding",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/operator-call-protection/overview.md",
+      "redirect_url": "/previous-versions/azure/operator-call-protection/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/operator-call-protection/responsible-ai-faq.md",
+      "redirect_url": "/previous-versions/azure/operator-call-protection/responsible-ai-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/operator-call-protection/set-up-operator-call-protection.md",
+      "redirect_url": "/previous-versions/azure/operator-call-protection/set-up-operator-call-protection",
+    },
     {
       "source_path": "articles/private-multi-access-edge-compute-mec/overview.md",
       "redirect_url": "/previous-versions/azure/private-multi-access-edge-compute-mec/overview",

articles/azure-cache-for-redis/cache-nodejs-get-started.md

@@ -267,6 +267,8 @@ Microsoft Entra ID access tokens have a limited lifespan, [averaging 75 minutes]
 
 ## [Access Key Authentication](#tab/accesskey)
 
+[!INCLUDE [redis-access-key-alert](includes/redis-access-key-alert.md)]
+
 [!INCLUDE [redis-cache-access-keys](includes/redis-cache-access-keys.md)]
 
 Add environment variables for your **HOST NAME** and **Primary** access key. Use these variables from your code instead of including the sensitive information directly in your code.

articles/azure-cache-for-redis/cache-python-get-started.md

@@ -29,15 +29,17 @@ If you want to skip straight to the code, see the [Python quickstart](https://gi
   - For Windows 11, use the [Windows Store](https://apps.microsoft.com/search/publisher?name=Python+Software+Foundation&hl=en-us&gl=US).
 
 ::: zone pivot="azure-managed-redis"
+
 ## Create an Azure Managed Redis (preview) instance
-[!INCLUDE [managed-redis-create](includes/managed-redis-create.md)]
 
+[!INCLUDE [managed-redis-create](includes/managed-redis-create.md)]
 
 ::: zone-end
 
 ::: zone pivot="azure-cache-redis"
 
 ## Create an Azure Cache for Redis instance
+
 [!INCLUDE [redis-cache-create](~/reusable-content/ce-skilling/azure/includes/azure-cache-for-redis/includes/redis-cache-create.md)]
 
 ::: zone-end
@@ -125,11 +127,11 @@ Create a Python script to that uses either Microsoft Entra ID or access keys to
 
 ### Create a Python script using reauthentication
 
-Microsoft Entra ID access tokens have limited lifespans, [averaging 75 minutes](/entra/identity-platform/configurable-token-lifetimes#token-lifetime-policies-for-access-saml-and-id-tokens). In order to maintain a connection to your cache, you need to refresh the token. This example demonstrates how to do this using Python. 
+Microsoft Entra ID access tokens have limited lifespans, [averaging 75 minutes](/entra/identity-platform/configurable-token-lifetimes#token-lifetime-policies-for-access-saml-and-id-tokens). In order to maintain a connection to your cache, you need to refresh the token. This example demonstrates how to do this using Python.
 
 1. Create a new text file, add the following script. Then, save the file as `PythonApplication2.py`.
 
-1. Replace `<Your Host Name>` with the value from your Azure Managed Redis (preview) instance. Your host name is of the form `<DNS name>.<region>.redis.azure.net`. 
+1. Replace `<Your Host Name>` with the value from your Azure Managed Redis (preview) instance. Your host name is of the form `<DNS name>.<region>.redis.azure.net`.
 
 1. Replace `<Your Username>` with the values from your Microsoft Entra ID user.
 
@@ -332,11 +334,11 @@ Create a Python script to that uses either Microsoft Entra ID or access keys to
 
 ### Create a Python script using reauthentication
 
-Microsoft Entra ID access tokens have limited lifespans, [averaging 75 minutes](/entra/identity-platform/configurable-token-lifetimes#token-lifetime-policies-for-access-saml-and-id-tokens). In order to maintain a connection to your cache, you need to refresh the token. This example demonstrates how to do this using Python. 
+Microsoft Entra ID access tokens have limited lifespans, [averaging 75 minutes](/entra/identity-platform/configurable-token-lifetimes#token-lifetime-policies-for-access-saml-and-id-tokens). In order to maintain a connection to your cache, you need to refresh the token. This example demonstrates how to do this using Python.
 
 1. Create a new text file, add the following script. Then, save the file as `PythonApplication2.py`.
 
-1. Replace `<Your Host Name>` with the value from your Azure Cache for Redis instance. Your host name is of the form `<DNS name>.redis.cache.windows.net`. 
+1. Replace `<Your Host Name>` with the value from your Azure Cache for Redis instance. Your host name is of the form `<DNS name>.redis.cache.windows.net`.
 
 1. Replace `<Your Username>` with the values from your Microsoft Entra ID user.
 
@@ -413,6 +415,8 @@ Microsoft Entra ID access tokens have limited lifespans, [averaging 75 minutes](
 
 ## [Access Key Authentication](#tab/accesskey)
 
+[!INCLUDE [redis-access-key-alert](includes/redis-access-key-alert.md)]
+
 [!INCLUDE [redis-cache-access-keys](includes/redis-cache-access-keys.md)]
 
 ### Read and write to the cache from the command line

articles/azure-cache-for-redis/includes/cache-entra-access.md

@@ -1,28 +1,23 @@
 ---
-ms.date: 08/16/2024
+ms.date: 12/17/2024
 
 ms.topic: include
 ms.custom:
   - ignite-2024
 ---
 
-### Enable Microsoft Entra ID authentication on your cache
+### Use Microsoft Entra ID authentication on your cache
 
-If you have a cache, check to see if Microsoft Entra Authentication has been enabled. If not, then enable it. We recommend using Microsoft Entra ID for your apps.
+Azure Redis caches, except for Enterprise and Enterprise Flash tiers, have Microsoft Entra Authentication enabled by default. Access keys are disabled by default.
 
-1. In the Azure portal, select the Azure Cache for Redis instance where you'd like to use Microsoft Entra token-based authentication.
+   [!INCLUDE [redis-access-key-alert](redis-access-key-alert.md)]
 
-1. Select **Authentication** from the Resource menu.
-
-1. Check in the working pane to see if **Enable Microsoft Entra Authentication** is checked. If so, you can move on.
+1. In the Azure portal, select the cache where you'd like to use Microsoft Entra token-based authentication.
 
-1. Select **Enable Microsoft Entra Authentication**, and enter the name of a valid user. The user you enter is automatically assigned _Data Owner Access Policy_ by default when you select **Save**. You can also enter a managed identity or service principal to connect to your cache instance.
-
-    :::image type="content" source="media/cache-entra-access/cache-enable-microsoft-entra.png" alt-text="Screenshot showing authentication selected in the resource menu and the enable Microsoft Entra authentication checked.":::
+1. Select **Authentication** from the Resource menu.
 
-1. A popup dialog box displays asking if you want to update your configuration, and informing you that it takes several minutes. Select **Yes.**
+1. Select **Select member** and enter the name of a valid user. The user you enter is automatically assigned _Data Owner Access Policy_ by default when you select **Save**. You can also enter a managed identity or service principal to connect to your cache instance.
 
-   > [!IMPORTANT]
-   > Once the enable operation is complete, the nodes in your cache instance reboots to load the new configuration. We recommend performing this operation during your maintenance window or outside your peak business hours. The operation can take up to 30 minutes.
+     :::image type="content" source="media/cache-entra-access/cache-enable-microsoft-entra.png" alt-text="Screenshot showing authentication selected in the resource menu and the enable Microsoft Entra authentication checked.":::
 
-For information on using Microsoft Entra ID with Azure CLI, see the [references pages for identity](/cli/azure/redis/identity).
+For information on using Microsoft Entra ID with Azure CLI, see the [reference pages for identity](/cli/azure/redis/identity).

articles/azure-cache-for-redis/includes/managed-redis-create.md

@@ -1,5 +1,5 @@
 ---
-ms.date: 08/16/2024
+ms.date: 12/17/2024
 
 ms.topic: include
 ms.custom:
@@ -8,10 +8,8 @@ ms.custom:
 
 1. To create an Azure Managed Redis (preview) instance, sign in to the Azure portal and select **Create a resource**.
 
-1. On the **New** page, select **Databases** and then select **Azure Cache for Redis**.
-   <!-- Fran, need screenshot. -->
-   <!-- :::image type="content" source="../media/managed-redis-create/new-cache-menu.png" alt-text="Screenshot showing how to select Azure Managed Redis."::: -->
-
+1. On the **New** page, in the search box type **Azure Cache for Redis**.
+  
 1. On the **New Redis Cache** page, configure the settings for your new cache.
 
    | Setting      |  Choose a value  | Description |
@@ -26,23 +24,31 @@ ms.custom:
 
 1. Select **Next: Networking** and select either a public or private endpoint.
 
-1. Select **Next: Advanced**. 
-   Here, you can configure any [Redis modules](../managed-redis/managed-redis-redis-modules.md) to be added to the instance.
-   
+1. Select **Next: Advanced**.
+
+   Configure any [Redis modules](../managed-redis/managed-redis-redis-modules.md) you wan to add to the instance.
+
+   By default, for a new managed cache:
+     - Microsoft Entra ID is enabled.
+     - **Access Keys Authentication** is disabled for security reasons.
+
+   > [!IMPORTANT]
+   > For optimal security, we recommend that you use Microsoft Entra ID with managed identities to authorize requests against your cache if possible. Authorization by using Microsoft Entra ID and managed identities provides superior security and ease of use over shared access key authorization. For more information about using managed identities with your cache, see [Use Microsoft Entra ID for cache authentication](/azure/azure-cache-for-redis/cache-azure-active-directory-for-authentication).
+
    Set **Clustering policy** to **Enterprise** for a nonclustered cache, or to **OSS** for a clustered cache. For more information on choosing **Clustering policy**, see [Cluster policy](../managed-redis/managed-redis-architecture.md#cluster-policies).
 
    :::image type="content" source="media/managed-redis-create/managed-redis-advanced-settings.png" alt-text="Screenshot that shows the Azure Managed Redis Advanced tab.":::
 
-   If you are using **Active geo-replication**, it must be configured during creation. For instructions on how do to this, see [Configure active geo-replication for Azure Managed Redis instances](../managed-redis/managed-redis-how-to-active-geo-replication.md).
-   
+   If you're using **Active geo-replication**, it must be configured during creation. For more information, see [Configure active geo-replication for Azure Managed Redis instances](../managed-redis/managed-redis-how-to-active-geo-replication.md).
+
    > [!IMPORTANT]
    > You can't change the clustering policy of an Azure Managed Redis (preview) instance after you create it. If you're using [RediSearch](../managed-redis/managed-redis-redis-modules.md#redisearch), the Enterprise cluster policy is required, and `NoEviction` is the only eviction policy supported.
    >
 
    > [!IMPORTANT]
-   >  If you're using this cache instance in a geo-replication group, eviction policies cannot be changed after the instance is created. Be sure to know the eviction policies of your primary nodes before you create the cache. For more information on active geo-replication, see [Active geo-replication prerequisites](../managed-redis/managed-redis-how-to-active-geo-replication.md#active-geo-replication-prerequisites).
+   > If you're using this cache instance in a geo-replication group, eviction policies cannot be changed after the instance is created. Be sure to know the eviction policies of your primary nodes before you create the cache. For more information on active geo-replication, see [Active geo-replication prerequisites](../managed-redis/managed-redis-how-to-active-geo-replication.md#active-geo-replication-prerequisites).
    >
-   
+
    > [!IMPORTANT]
    > You can't change modules after you create a cache instance. Modules must be enabled at the time you create an Azure Cache for Redis instance. There is no option to enable the configuration of a module after you create a cache.
    >
@@ -51,8 +57,6 @@ ms.custom:
 
 1. Select **Next: Review + create**.
 
-   :::image type="content" source="media/managed-redis-create/managed-redis-summary.png" alt-text="Screenshot showing the Azure Managed Redis Review + Create tab.":::
-
 1. Review the settings and select **Create**.
 
-   It will take several minutes for the Redis instance to create. You can monitor progress on the Azure Managed Redis **Overview** page. When **Status** shows as **Running**, the cache is ready to use.
+   It takes several minutes for the Redis instance to create. You can monitor progress on the Azure Managed Redis **Overview** page. When **Status** shows as **Running**, the cache is ready to use.

articles/azure-cache-for-redis/includes/media/cache-entra-access/cache-enable-microsoft-entra.png

@@ -0,0 +1,8 @@
+---
+ms.date: 12/12/2024
+
+ms.topic: include
+---
+
+> [!IMPORTANT]
+> Microsoft recommends using Microsoft Entra ID authentication for the most secure authentication experience instead of using passwords or access keys. The authentication described in this section of the article uses access keys, which require a very high degree of trust in the application and carries risks not present when using Microsoft Entra ID. Use the approach in this document only when Microsoft Entra ID authentication is not viable.

articles/azure-cache-for-redis/includes/media/managed-redis-create/managed-redis-advanced-settings.png

@@ -59,7 +59,7 @@ All traffic from an AV64 host towards a customer network will utilize the IP add
 
 ### AV64 Cluster vSAN fault domain (FD) design and recommendations
 
-The traditional Azure VMware Solution host clusters don't have explicit vSAN FD configuration. The reasoning is the host allocation logic ensures, within clusters, that no two hosts reside in the same physical fault domain within an Azure region. This feature inherently brings resilience and high availability for storage, which the vSAN FD configuration is supposed to bring. More information on vSAN FD can be found in the [VMware documentation](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vsan.doc/GUID-8491C4B0-6F94-4023-8C7A-FD7B40D0368D.html). 
+The traditional Azure VMware Solution host clusters don't have explicit vSAN FD configuration. The reasoning is the host allocation logic ensures, within clusters, that no two hosts reside in the same physical fault domain within an Azure region. This feature inherently brings resilience and high availability for storage, which the vSAN FD configuration is supposed to bring. More information on vSAN FD can be found in the [VMware documentation](https://techdocs.broadcom.com/us/en/vmware-cis/vsan/vsan/8-0/vsan-administration/expanding-and-managing-a-vsan-cluster/managing-fault-domains-in-vsan-clusters.html). 
 
 The Azure VMware Solution AV64 host clusters have an explicit vSAN fault domain (FD) configuration. Azure VMware Solution control plane configures seven vSAN fault domains (FDs) for AV64 clusters. Hosts are balanced evenly across the seven FDs as users scale up the hosts in a cluster from three nodes to 16 nodes. Some Azure regions still support a maximum of five FDs as part of the initial release of the AV64 SKU. Refer to the [Azure Region Availability Zone (AZ) to SKU mapping table](architecture-private-clouds.md#azure-region-availability-zone-az-to-sku-mapping-table) for more information.