docs(architect): weekly KB update — 52 files refreshed (2026-04)

Key content changes:
- MLOps: MLflow 3 scorers expanded (RetrievalRelevance, Fluency, multi-turn judges)
- MLflow 3 A/B eval: mirror_traffic GA confirmed, new scorer catalog
- CI/CD: OIDC auth replaces deprecated --sdk-auth (Azure ML GitHub Actions)
- Agent framework A2A: updated SDK patterns (A2ACardResolver, BearerAuth)
- AG-UI backend tool rendering: accurate TOOL_CALL_* event shapes
- Computer Use agents: US region requirement, credentials patterns
- Purview governance: bulk term edit, expire/delete workflows
- CAF AI Secure: 3-phase structure confirmed current
- Copilot Studio: Claude Sonnet 4.5/4.6 GA, new orchestration controls
- M365 manifest: v1.26 GA (April 2026), copilotAgents node
- Power Platform: agent flow capacity enforcement corrected
- Azure Monitor: Simple Log Alerts GA, AMBA for policy-based alerting
- Security Copilot: SCU capacity model (400 SCU/1000 users)
- EU Data Boundary: all EU + EFTA countries confirmed
- gateway-multi-backend: added 4th topology, subscription-level quota note

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

plugins/ms-ai-architect/skills/ms-ai-security/references/cost-optimization/observability-cost-reduction.md

@@ -166,7 +166,7 @@ builder.Services.AddApplicationInsightsTelemetry(new ApplicationInsightsServiceO
 | **Query-frekvens** | Daglig/ukentlig | Månedlig/ved incidents | Sjelden (search jobs) |
 | **Query-kompleksitet** | Full KQL, joins, aggregeringer | Begrenset KQL (8 dager) | Search jobs kun |
 | **Ingestion-volum** | Moderat | Høyt (debugging) | Veldig høyt (verbose) |
-| **Alerts** | Støttes | Støttes ikke | Støttes ikke |
+| **Alerts** | Støttes | ✅ (Simple Log Alerts) — Verified (MCP 2026-04) | Støttes ikke |
 | **Retention** | 30-730 dager | 8 dager interactive + long-term | Long-term kun |
 | **Pris (ingestion)** | Standard | ~50% lavere | ~75% lavere |
 | **Workspace replication** | ✅ | ✅ | ❌ (data ikke replikert — ingen beskyttelse ved regional feil) |
@@ -174,8 +174,8 @@ builder.Services.AddApplicationInsightsTelemetry(new ApplicationInsightsServiceO
 
 **Beslutningstre:**
 1. **Trenger du real-time alerting?** → Analytics
-2. **Queries kun ved feilsøking?** → Basic
-3. **Kun compliance-arkivering?** → Auxiliary
+2. **Queries kun ved feilsøking?** → Basic (støtter Simple Log Alerts — Verified MCP 2026-04)
+3. **Kun compliance-arkivering?** → Auxiliary (støtter Microsoft Sentinel og Search jobs — Verified MCP 2026-04)
 
 ### Vanlige feil
 
@@ -443,7 +443,7 @@ For volumer >1 TB/dag, vurder dedicated cluster for ytterligere besparelser (clu
 
 10. **Azure Monitor Logs overview: Table plans:**
     https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-platform-logs#table-plans
-    *Confidence: Verified (MCP 2026-04)* – Analytics, Basic, Auxiliary table plans. Oppdatering 2026-04: Auxiliary-plan bekrefter ingen workspace replication (data ikke beskyttet mot regional feil) og ingen Customer Lockbox-støtte.
+    *Confidence: Verified (MCP 2026-04)* – Analytics, Basic, Auxiliary table plans. Oppdatering 2026-04: Basic-plan støtter nå Simple Log Alerts (✅), ikke kun Analytics-plan. Auxiliary-plan bekrefter ingen workspace replication (data ikke beskyttet mot regional feil) og ingen Customer Lockbox-støtte. Auxiliary-plan støtter Microsoft Sentinel (✅), Search jobs (✅) og Summary rules (✅). Verified (MCP 2026-04)
 
 ### Norsk lovverk (Baseline-kunnskap)
 

plugins/ms-ai-architect/skills/ms-ai-security/references/performance-scalability/connection-pooling-patterns.md

@@ -389,7 +389,7 @@ Connection pooling har spesielle hensyn for norsk offentlig sektor:
 - [Guidelines for using HttpClient](https://learn.microsoft.com/dotnet/fundamentals/networking/http/httpclient-guidelines) — HttpClient best practices
 - [Pool HTTP connections with HttpClientFactory](https://learn.microsoft.com/aspnet/core/performance/performance-best-practices) — ASP.NET performance
 - [Manage connections in Azure Functions](https://learn.microsoft.com/azure/azure-functions/manage-connections) — Serverless connection management
-- [Use a gateway in front of multiple Azure OpenAI deployments](https://learn.microsoft.com/azure/architecture/ai-ml/guide/azure-openai-gateway-multi-backend) — Multi-backend gateway patterns
+- [Use a gateway in front of multiple Azure OpenAI deployments or instances](https://learn.microsoft.com/azure/architecture/ai-ml/guide/azure-openai-gateway-multi-backend) — Multi-backend gateway patterns (Azure OpenAI i Foundry Models) — Verified (MCP 2026-04)
 
 ## For Cosmo
 

plugins/ms-ai-architect/skills/ms-ai-security/references/performance-scalability/rate-limit-management.md

@@ -405,8 +405,10 @@ Microsoft dokumenterer multi-backend gateway som den anbefalte arkitekturmønste
 
 ### Anbefalte topologier for rate limit-distribusjon
 
+> **Viktig:** Standard-kvote er subscription-nivå, ikke Azure OpenAI-instansnivå. Load balancing mellom standard-instanser i samme subscription gir IKKE høyere gjennomstrømning — bruk separate subscriptions eller global/data zone deployments for reell kvoteutvidelse. — Verified (MCP 2026-04)
+
 | Topologi | Kvote-kapasitet | Kompleksitet | Anbefalt for |
-|----------|----------------|--------------|--------------|
+|----------|----------------|--------------|------------|
 | Single instance | Baseline TPM | Lav | Utvikling, lav trafikk |
 | Multi-backend, single region | 2-5x baseline | Medium | Produksjon, standard |
 | Multi-subscription | 5-20x baseline | Høy | Høy trafikk enterprise |
@@ -475,7 +477,7 @@ Microsoft dokumenterer multi-backend gateway som den anbefalte arkitekturmønste
 - [Manage Azure OpenAI quota](https://learn.microsoft.com/azure/ai-foundry/openai/how-to/quota) — Kvotehåndtering
 - [Azure OpenAI quotas and limits](https://learn.microsoft.com/azure/ai-foundry/openai/quotas-limits) — Grenser per modell
 - [Azure OpenAI SDK retry handling](https://learn.microsoft.com/azure/ai-foundry/openai/supported-languages) — SDK retry-konfigurasjon
-- [Use a gateway in front of Azure OpenAI](https://learn.microsoft.com/azure/architecture/ai-ml/guide/azure-openai-gateway-multi-backend) — Multi-region gateway
+- [Use a gateway in front of multiple Azure OpenAI deployments or instances](https://learn.microsoft.com/azure/architecture/ai-ml/guide/azure-openai-gateway-multi-backend) — Multi-region gateway (Azure OpenAI i Foundry Models) — Verified (MCP 2026-04)
 
 ## For Cosmo
 

plugins/ms-ai-architect/skills/ms-ai-security/references/performance-scalability/regional-deployment-latency.md

@@ -28,6 +28,8 @@ Latensforskjellen mellom regioner kan være betydelig: en forespørsel fra Oslo
 
 ### Deployment-typer og regionvalg
 
+> **Anbefaling (Verified MCP 2026-04):** Hvis du ikke trenger å begrense databehandling til én bestemt region, bruk **Global** eller **Data Zone**-deployments for å utnytte Azures globale infrastruktur til dynamisk ruting til datasentre med ledig kapasitet — fremfor å bygge kompleks multi-region gateway-logikk.
+
 | Deployment Type | Data Location | Routing | Bruksområde |
 |----------------|---------------|---------|-------------|
 | Global Standard | Any Azure region | Automatisk til ledig kapasitet | Høyest tilgjengelighet, lavest kostnad |
@@ -394,7 +396,7 @@ Microsoft dokumenterer nå fire formelle topologier for Azure OpenAI gateway:
 
 ## Referanser
 
-- [Use a gateway for multi-backend Azure OpenAI](https://learn.microsoft.com/azure/architecture/ai-ml/guide/azure-openai-gateway-multi-backend) — Multi-region patterns
+- [Use a gateway in front of multiple Azure OpenAI deployments or instances](https://learn.microsoft.com/azure/architecture/ai-ml/guide/azure-openai-gateway-multi-backend) — Multi-region patterns (Azure OpenAI i Foundry Models) — Verified (MCP 2026-04)
 - [Azure Front Door](https://learn.microsoft.com/azure/frontdoor/front-door-overview) — Global load balancing
 - [APIM multi-region deployment](https://learn.microsoft.com/azure/api-management/api-management-howto-deploy-multi-region) — Regional gateway
 - [Azure OpenAI deployment types](https://learn.microsoft.com/azure/ai-foundry/openai/how-to/deployment-types) — Global vs Regional