Merge pull request #14575 from jmart1428/update-components-94

[SCOPED] Quality check: AI-readiness: Component spec alignment - add missing descriptions and purpose [16 solution idea articles]

Author: v-ccolin

docs/solution-ideas/articles/ai-search-skillsets-content.md

@@ -30,33 +30,19 @@ The following dataflow corresponds to the preceding diagram. The dataflow descri
 
 ### Components
 
-This solution uses the following Azure components.
+- [AI Search](/azure/search/search-what-is-azure-search) is a search service that enables indexing, querying, and enrichment of content by using built-in and custom AI skills. You can use AI Search to apply [prebuilt AI skills](/azure/search/cognitive-search-predefined-skills) to content. In this architecture, it indexes the content and powers the search user experience. This architecture also uses the service's extensibility mechanism to add [custom skills](/azure/search/cognitive-search-custom-skill-interface), which provide specific enrichment transformations.
 
-#### AI Search
+- [Azure AI Vision](/azure/ai-services/computer-vision/overview) is a service that extracts text and visual information from images. In this architecture, it uses [text recognition](/azure/ai-services/computer-vision/overview-ocr) to extract and recognize text information from images. The [Read API](/azure/ai-services/computer-vision/overview-ocr#ocr-read-editions) uses OCR recognition models and is optimized for large, text-heavy documents and noisy images.
 
-[AI Search](/azure/search/search-what-is-azure-search) indexes the content and powers the user experience in this solution. You can use AI Search to apply [prebuilt AI skills](/azure/search/cognitive-search-predefined-skills) to content. And you can use the extensibility mechanism to add [custom skills](/azure/search/cognitive-search-custom-skill-interface), which provide specific enrichment transformations.
+- [Azure AI Language](/azure/ai-services/language-service/overview) is a text analytics service that extracts structured information from unstructured text by using capabilities like [named entity recognition](/azure/synapse-analytics/machine-learning/overview-cognitive-services) and [key phrase extraction](/azure/search/cognitive-search-skill-keyphrases). In this architecture, Language enriches the JFK Files by identifying named entities and key phrases to support semantic search and filtering.
 
-#### Azure AI Vision
+- [Blob Storage](/azure/well-architected/service-guides/azure-blob-storage) is a REST-based object storage solution optimized for large volumes of unstructured data. You can use Blob Storage to expose data publicly or to store application data privately. In this architecture, Blob Storage stores the original JFK Files dataset, including scanned documents and images, which are ingested into the AI enrichment pipeline.
 
-[Vision](https://azure.microsoft.com/products/ai-services/ai-vision) uses [text recognition](/azure/ai-services/computer-vision/overview-ocr) to extract and recognize text information from images. The [Read API](/azure/ai-services/computer-vision/overview-ocr#ocr-read-editions) uses the latest OCR recognition models and is optimized for large, text-heavy documents and noisy images.
+- [Table Storage](/azure/storage/tables/table-storage-overview) is a NoSQL storage service for structured and semi-structured data. In this architecture, Table Storage supports the knowledge store, which enables downstream applications to access enriched and indexed data.
 
-#### Language
+- [Azure Functions](/azure/well-architected/service-guides/azure-functions) is a serverless compute service that runs small pieces of event-triggered code without having to explicitly provision or manage infrastructure. In this architecture, a Functions method applies the Central Intelligence Agency (CIA) cryptonyms list to the JFK Files as a custom skill.
 
-[Language](/azure/ai-services/language-service/overview) uses [text analytics](/azure/ai-services/language-service/overview#available-features) capabilities like [named entity recognition](/azure/synapse-analytics/machine-learning/overview-cognitive-services) and [key phrase extraction](/azure/search/cognitive-search-skill-keyphrases) to extract text information from unstructured documents.
-
-#### Azure Storage
-
-[Blob Storage](/azure/well-architected/service-guides/azure-blob-storage) is REST-based object storage for data that you can access from anywhere in the world through HTTPS. You can use Blob Storage to expose data publicly to the world or to store application data privately. Blob Storage is ideal for large amounts of unstructured data like text or graphics.
-
-[Table Storage](/azure/storage/tables/table-storage-overview) stores highly available, scalable, structured, and semi-structured NoSQL data in the cloud.
-
-#### Azure Functions
-
-[Functions](/azure/well-architected/service-guides/azure-functions) is a serverless compute service that you can use to run small pieces of event-triggered code without having to explicitly provision or manage infrastructure. This solution uses a Functions method to apply the Central Intelligence Agency (CIA) cryptonyms list to the JFK Files as a custom skill.
-
-#### Azure App Service
-
-This solution builds a standalone web app in [Azure App Service](/azure/well-architected/service-guides/app-service-web-apps) to test, demonstrate, and search the index and to explore connections in the enriched and indexed documents.
+- [Azure App Service](/azure/well-architected/service-guides/app-service-web-apps) is a managed platform for building and hosting web applications. In this architecture, it hosts a standalone web app that demonstrates the enriched search experience and allows users to explore connections within the indexed JFK documents.
 
 ## Scenario details
 

docs/solution-ideas/articles/ai-search-skillsets.yml

@@ -14,6 +14,7 @@ metadata:
     - internal-intro
     - ai-machine-learning
     - aml-project-improvement
+  ai-usage: ai-assisted
 name: Use AI enrichment with image and text processing
 azureCategories:
   - ai-machine-learning

docs/solution-ideas/articles/azure-security-build-first-layer-defense-content.md

@@ -107,25 +107,23 @@ This section describes the components and services that appear in the diagram. M
 
 ### Components
 
-The example architecture in this article uses the following Azure components:
+- [Microsoft Entra ID](/entra/fundamentals/whatis) is an identity and access management service. In this architecture, it manages user identities and access to external resources such as Microsoft 365 and the Azure portal, and internal resources such as apps on your corporate intranet network.
 
-- [Microsoft Entra ID](/entra/fundamentals/whatis) is a cloud-based identity and access management service. Microsoft Entra ID helps your users to access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. It also helps them access internal resources, like apps on your corporate intranet network.
+- [Azure Virtual Network](/azure/well-architected/service-guides/virtual-network) is a networking service  that enables secure communication between Azure resources, the internet, and on-premises networks. In this architecture, it provides the private network infrastructure that supports secure connectivity and isolation for workloads.
 
-- [Azure Virtual Network](/azure/well-architected/service-guides/virtual-network) is the fundamental building block for your private network in Azure. Virtual Network enables many types of Azure resources to securely communicate with each other, the internet, and on-premises networks. Virtual Network provides a virtual network that benefits from Azure's infrastructure, such as scale, availability, and isolation.
+- [Azure Load Balancer](/azure/well-architected/service-guides/azure-load-balancer) is a low-latency layer-4 load balancing service for UDP and TCP traffic. Load Balancer is a zone-redundant service that can handle millions of concurrent flows. In this architecture, it ensures high availability and scalability by distributing inbound and outbound traffic across resources in the virtual network.
 
-- [Azure Load Balancer](/azure/well-architected/service-guides/azure-load-balancer) is a high-performance, low-latency Layer 4 load-balancing service (inbound and outbound) for all UDP and TCP protocols. It's built to handle millions of requests per second while ensuring that your solution is highly available. Azure Load Balancer is zone-redundant, ensuring high availability across Availability Zones.
+- [Azure Virtual Machines](/azure/well-architected/service-guides/virtual-machines) is an infrastructure as a service (IaaS) offering that provides scalable compute resources. In this architecture, VMs host workloads that require direct control over the operating system and security configurations.
 
-- [Virtual machines](/azure/well-architected/service-guides/virtual-machines) are one of several types of on-demand, scalable computing resources that Azure offers. An Azure virtual machine (VM) gives you the flexibility of virtualization without having to buy and maintain the physical hardware that runs it.
+- [Azure Kubernetes Service (AKS)](/azure/well-architected/service-guides/azure-kubernetes-service) is a managed container orchestration service that simplifies deploying and managing Kubernetes clusters. In this architecture, AKS runs containerized applications and provides built-in features for security, governance, and continuous integration/continuous delivery (CI/CD).
 
-- [Azure Kubernetes service (AKS)](/azure/well-architected/service-guides/azure-kubernetes-service) is a fully managed Kubernetes service for deploying and managing containerized applications. AKS provides serverless Kubernetes, continuous integration/continuous delivery (CI/CD), and enterprise-grade security and governance.
+- [Virtual Desktop](/azure/virtual-desktop/overview) is a desktop and app virtualization service that delivers remote desktops from the cloud. In this architecture, it provides secure access to corporate desktops for remote users and includes built-in features like RDP Shortpath and reverse connect.
 
-- [Azure Virtual Desktop](/azure/virtual-desktop/overview) is a desktop and app virtualization service that runs on the cloud to provide desktops for remote users.
+- [The Web Apps feature of App Service](/azure/well-architected/service-guides/app-service-web-apps) hosts web applications, REST APIs, and mobile back ends. In this architecture, Web Apps hosts HTTP-based applications and provides security features like TLS and private endpoints. You can develop in your chosen language. Applications run and scale in both Windows and Linux-based environments.
 
-- [App Service Web Apps](/azure/well-architected/service-guides/app-service-web-apps) is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, and applications run and scale with ease on both Windows and Linux-based environments.
+- [Azure Storage](/azure/storage/common/storage-introduction) is a scalable and secure storage solution for various data types, including blobs, files, queues, and tables. In this architecture, it stores application and system data with encryption at rest and supports secure access via SAS tokens and private endpoints.
 
-- [Azure Storage](/azure/storage/common/storage-introduction) is highly available, massively scalable, durable, and secure storage for various data objects in the cloud, including object, blob, file, disk, queue, and table storage. All data written to an Azure storage account is encrypted by the service. Azure Storage provides you with fine-grained control over who has access to your data.
-
-- [Azure SQL Database](/azure/well-architected/service-guides/azure-sql-database) is a fully managed PaaS database engine that handles most of the database management functions such as upgrading, patching, backups, and monitoring. It provides these functions without user involvement. SQL Database provides a range of built-in security and compliance features to help your application meet security and compliance requirements.
+- [SQL Database](/azure/well-architected/service-guides/azure-sql-database) is a managed relational database service that automates patching, backups, and monitoring. In this architecture, it provides secure and compliant data storage via features like transparent data encryption, auditing, and vulnerability assessments.
 
 
 ## Contributors

docs/solution-ideas/articles/azure-security-build-first-layer-defense.yml

@@ -8,6 +8,7 @@ metadata:
   ms.date: 11/11/2024
   ms.topic: solution-idea
   ms.subservice: solution-idea
+  ai-usage: ai-assisted
 azureCategories:
   - integration
   - security

docs/solution-ideas/articles/devsecops-infrastructure-as-code-content.md

@@ -34,23 +34,23 @@ The following dataflow corresponds to the previous diagram:
 
 ### Components
 
-- [GitHub](https://github.com) is a code-hosting platform for version control and collaboration. A GitHub source-control [repository](https://docs.github.com/github/creating-cloning-and-archiving-repositories/about-repositories) contains all project files and their revision history. Developers can work together to contribute, discuss, and manage code in the repository.
+- [GitHub](https://github.com) is a code-hosting platform for version control and collaboration. In this architecture, it stores IaC templates and serves as the central [repository](https://docs.github.com/github/creating-cloning-and-archiving-repositories/about-repositories) for development, testing, and governance workflows.
 
-- [GitHub Actions](https://github.com/features/actions) provides a suite of build and release workflows that covers continuous integration, automated testing, and container deployments.
+- [GitHub Actions](https://github.com/features/actions) is a continuous integration and continuous deployment (CI/CD) automation tool that enables workflows to build, test, and deploy code directly from GitHub repositories. In this architecture, GitHub Actions automates unit testing, security scanning, and infrastructure provisioning for IaC pipelines.
 
-- [GitHub Advanced Security](https://github.com/advanced-security) provides features to secure your IaC. It requires another license.
+- [GitHub Advanced Security](https://github.com/advanced-security) is a suite of security features that includes static analysis and vulnerability detection for code stored in GitHub. In this architecture, it enhances IaC security by scanning templates and raising alerts about misconfigurations or risks.
 
-- [CodeQL](https://codeql.github.com) provides security scanning tools that run on static code to detect infrastructure misconfigurations.
+- [CodeQL](https://codeql.github.com) is a semantic code analysis engine that enables custom queries to detect vulnerabilities and misconfigurations in code. In this architecture, CodeQL scans repository artifacts to identify potential security problems before deployment.
 
-- [Terraform](https://www.terraform.io) is a partner product developed by HashiCorp that allows infrastructure automation on Azure and other environments.
+- [Terraform](https://www.terraform.io) is an open-source infrastructure automation tool developed by HashiCorp that enables declarative provisioning across cloud environments. In this architecture, Terraform provisions and modifies Azure resources based on IaC definitions and supports test-driven development workflows.
 
-- [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction) provides unified security management and advanced threat protection across hybrid cloud workloads.
+- [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction) is a security management platform that provides threat protection across hybrid cloud workloads. In this architecture, it continuously monitors deployed infrastructure for vulnerabilities.
 
-- [Microsoft Sentinel](/azure/sentinel/overview) is a cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution. It uses advanced AI and security analytics to help you detect and respond to threats across your enterprise.
+- [Microsoft Sentinel](/azure/sentinel/overview) is a cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution that uses AI and analytics to detect and respond to threats. In this architecture, Microsoft Sentinel monitors infrastructure activity and raises alerts or GitHub Issues when anomalies are detected.
 
-- [Azure Policy](/azure/governance/policy/overview) helps teams manage and prevent IT problems by using policy definitions that can enforce rules for cloud resources. For example, if your project is about to deploy a virtual machine that has an unrecognized SKU, Azure Policy alerts you to the problem and stops the deployment.
+- [Azure Policy](/azure/governance/policy/overview) is a governance service that enforces rules and compliance across Azure resources. In this architecture, Azure Policy validates IaC deployments against organizational and workload standards and blocks noncompliant configurations. For example, if your project is about to deploy a virtual machine that has an unrecognized SKU, Azure Policy alerts you and stops the deployment.
 
-- [Azure Monitor](/azure/azure-monitor/fundamentals/overview) collects and analyzes app telemetry, such as performance metrics and activity logs. When this service identifies irregular conditions, it alerts apps and personnel.
+- [Azure Monitor](/azure/azure-monitor/fundamentals/overview) is a telemetry and observability platform that collects performance metrics and activity logs from Azure resources. In this architecture, Azure Monitor detects irregular conditions in infrastructure and triggers alerts so triage and remediation can start.
 
 ## Scenario details
 

docs/solution-ideas/articles/devsecops-infrastructure-as-code.yml

@@ -8,6 +8,7 @@ metadata:
   ms.topic: solution-idea
   ms.subservice: solution-idea
   ms.custom: arb-devops
+  ai-usage: ai-assisted
 azureCategories:
   - devops
   - security