Merge pull request #4506 from MicrosoftDocs/main

Auto Publish – main to live - 2026-03-11 17:10 UTC

Author: learn-build-service-prod[bot]

articles/documentdb/how-to-connect-role-based-access-control.md

@@ -4,7 +4,7 @@ description: Configure Microsoft Entra ID–based role-based access control (rol
 author: seesharprun
 ms.author: sidandrews
 ms.topic: how-to
-ms.date: 02/04/2026
+ms.date: 03/11/2026
 ms.devlang: python
 defaultDevLang: python
 dev_langs:
@@ -57,6 +57,14 @@ Review the following considerations before you use this feature:
 - Microsoft Entra principals are persistent in the cluster metadata. If a principal is deleted from Microsoft Entra ID, the corresponding cluster user remains but can no longer obtain new tokens. Existing tokens remain valid until they expire (typically up to 90 minutes *from the issuance of the token*).
 - To immediately revoke access, remove the principal from the cluster (delete the `users/<principal-id>` resource) and drop any associated database roles; database administrators must handle transfer of ownership or cleanup for deleted principals.
 
+> [!IMPORTANT]
+> Access Token Validity and Security Consideration:
+>
+> The lifetime of an access token issued by Microsoft Entra ID represents the maximum potential attack window if the token is compromised. If a malicious actor obtains a valid access token and establishes a connection, the system may continue to accept requests using that token until it expires, even if the associated refresh token is revoked or the user account is disabled.
+>
+> We recommend following the guidelines as described [Revoke access token within Entra](https://learn.microsoft.com/entra/identity/users/users-revoke-access#on-premises-active-directory-environment)
+>
+
 ## Prerequisites
 
 [!INCLUDE[Prerequisite - Existing cluster](includes/prerequisite-existing-cluster.md)]

articles/postgresql/azure-ai/generative-ai-azure-overview.md

@@ -19,7 +19,7 @@ ms.custom:
 
 # Azure AI extension in Azure Database for PostgreSQL
 
-Azure Database for PostgreSQL extension for Azure AI enables you to use large language models (LLMS) and build rich generative AI applications within the database. The Azure AI extension enables the database to call into various Foundry Tools including [Azure OpenAI](/azure/ai-services/openai/overview) and [Azure Cognitive Services](https://azure.microsoft.com/products/ai-services/cognitive-search/) simplifying the development process allowing seamless integration into those services.
+Azure Database for PostgreSQL extension for Azure AI enables you to use large language models (LLMS) and build rich generative AI applications within the database. The Azure AI extension enables the database to call into various Microsoft Foundry tools including [Azure OpenAI](/azure/ai-services/openai/overview) and [Azure Cognitive Services](https://azure.microsoft.com/products/ai-services/cognitive-search/) simplifying the development process allowing seamless integration into those services.
 
 ## Enable the azure_ai extension
 
@@ -47,7 +47,7 @@ The extension also allows calling Azure OpenAI and Azure Cognitive Services.
 
 ## Configure the azure_ai extension
 
-Configuring the extension requires you to provide the endpoints to connect to the Foundry Tools and the API keys required for authentication. Service settings are stored using following functions:
+Configuring the extension requires you to provide the endpoints to connect to the Foundry tools and the API keys required for authentication. Service settings are stored using following functions:
 
 ### Permissions
 

articles/postgresql/configure-maintain/extended-support.md

@@ -4,7 +4,7 @@ description: Describes the extended support offering for Postgres major versions
 author: andtapia
 ms.author: andreatapia
 ms.reviewer: maghan
-ms.date: 02/25/2026
+ms.date: 03/09/2026
 ms.service: azure-database-postgresql
 ms.subservice: configuration
 ms.topic: concept-article
@@ -69,6 +69,10 @@ A: Your server is automatically enrolled in Extended Support one month after the
 
 A: Yes, but after the grace period, you're automatically enrolled in paid Extended Support unless you upgrade to a supported version. During the grace period, you assume full operational risk, and Microsoft support can't guarantee issue resolution.
 
+**Q: Will I be charged for Extended Support if my server is stopped, failed, or not running??**
+
+A: No. Extended support billing charges apply only to servers that are in a Succeeded (running) state. If a server is stopped, deleted, or in a failed provisioning state, extended support charges will not be applied for that period. Billing automatically resumes once the server returns to a succeeded state and continues running an end‑of‑life engine version under extended support.
+
 **Q: Can my applications break during a major version upgrade?**
 
 A: PostgreSQL major version upgrades can introduce changes that might affect your application - such as deprecated configuration parameters, incompatible extensions, or SQL behavior differences. Validate upgrades in a nonproduction environment before applying them in production. For more details, review the key considerations and limitations in [Major Version Upgrades](./concepts-major-version-upgrade.md) docs.