Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into apicaccess

Author: gitName

articles/app-service/configure-language-java-deploy-run.md

@@ -401,25 +401,9 @@ To configure the app setting from the Maven plugin, add setting/value tags in th
 
 ::: zone-end
 
-Developers running a single application with one deployment slot in their App Service plan can use the following options:
-
-- B1 and S1 instances: `-Xms1024m -Xmx1024m`
-- B2 and S2 instances: `-Xms3072m -Xmx3072m`
-- B3 and S3 instances: `-Xms6144m -Xmx6144m`
-- P1v2 instances: `-Xms3072m -Xmx3072m`
-- P2v2 instances: `-Xms6144m -Xmx6144m`
-- P3v2 instances: `-Xms12800m -Xmx12800m`
-- P1v3 instances: `-Xms6656m -Xmx6656m`
-- P2v3 instances: `-Xms14848m -Xmx14848m`
-- P3v3 instances: `-Xms30720m -Xmx30720m`
-- I1 instances: `-Xms3072m -Xmx3072m`
-- I2 instances: `-Xms6144m -Xmx6144m`
-- I3 instances: `-Xms12800m -Xmx12800m`
-- I1v2 instances: `-Xms6656m -Xmx6656m`
-- I2v2 instances: `-Xms14848m -Xmx14848m`
-- I3v2 instances: `-Xms30720m -Xmx30720m`
-
-When tuning application heap settings, review your App Service plan details. Consider the needs of multiple applications and deployment slots to find the optimal allocation of memory.
+By default, App Service sets the JVM Max Heap size to 70% of the total memory available for the App Service Plan. To disable the default setting, you can use app setting WEBSITE_DISABLE_JAVA_HEAP_CONFIGURATION=”true".
+
+Enhancing your application's performance on the platform may involve adjusting the heap size to better suit your specific needs. When tuning application heap settings, please review your App Service plan details and consider the requirements of multiple applications and deployment slots to find the optimal memory allocation.
 
 ### Turn on web sockets
 

articles/app-service/overview-access-restrictions.md

@@ -67,7 +67,7 @@ Service endpoints allow you to lock down *inbound* access to your app so that th
 > [!NOTE]
 > Access restriction rules based on service endpoints are not supported on apps that have private endpoint configured or apps that use IP-based SSL ([App-assigned address](./networking-features.md#app-assigned-address)).
 
-To learn more about configuring service endpoints with your app, see [Azure App Service access restrictions](../virtual-network/virtual-network-service-endpoints-overview.md).
+To learn more about configuring service endpoints with your app, see [Azure Virtual Network service endpoints](../virtual-network/virtual-network-service-endpoints-overview.md).
 
 #### Any service endpoint source
 

articles/application-gateway/application-gateway-troubleshooting-502.md

@@ -5,7 +5,7 @@ services: application-gateway
 author: greg-lindsay
 ms.service: azure-application-gateway
 ms.topic: troubleshooting
-ms.date: 05/19/2023
+ms.date: 04/29/2025
 ms.author: greglin
 ms.custom: devx-track-azurepowershell
 ---
@@ -87,9 +87,9 @@ The following table lists the values associated with the default health probe:
 
 ### Solution
 
-* Host value of the request will be set to 127.0.0.1. Ensure that a default site is configured and is listening at 127.0.0.1.
+* Host value of the request is set to 127.0.0.1. Ensure that a default site is configured and is listening at 127.0.0.1.
 * Protocol of the request is determined by the BackendHttpSetting protocol.
-* URI Path will be set to */*.
+* URI Path is set to */*.
 * If BackendHttpSetting specifies a port other than 80, the default site should be configured to listen at that port.
 * The call to `protocol://127.0.0.1:port` should return an HTTP result code of 200. This code should be returned within the 30-second timeout period.
 * Ensure the configured port is open and there are no firewall rules or Azure Network Security Groups blocking incoming or outgoing traffic on the port configured.
@@ -130,7 +130,7 @@ Validate that the Custom Health Probe is configured correctly, as shown in the p
 
 ### Cause
 
-When a user request is received, the application gateway applies the configured rules to the request and routes it to a backend pool instance. It waits for a configurable interval of time for a response from the backend instance. By default, this interval is **20** seconds. In Application Gateway v1, if the application gateway doesn't receive a response from backend application in this interval, the user request gets a 502 error.  In Application Gateway v2, if the application gateway doesn't receive a response from the backend application in this interval, the request will be tried against a second backend pool member.  If the second request fails the user request gets a 504 error.
+When a user request is received, the application gateway applies the configured rules to the request and routes it to a backend pool instance. It waits for a configurable interval of time for a response from the backend instance. By default, this interval is **20** seconds. In Application Gateway v1, if the application gateway doesn't receive a response from backend application in this interval, the user request gets a 502 error.  In Application Gateway v2, if the application gateway doesn't receive a response from the backend application in this interval, the request is tried against a second backend pool member.  If the second request fails the user request gets a 504 error.
 
 ### Solution
 
@@ -192,17 +192,17 @@ If all the instances of BackendAddressPool are unhealthy, then the application g
 
 Ensure that the instances are healthy and the application is properly configured. Check if the backend instances can respond to a ping from another VM in the same VNet. If configured with a public end point, ensure a browser request to the web application is serviceable.
 
-## Upstream SSL certificate does not match
+## Upstream SSL certificate doesn't match
 
 ### Cause
 
-The TLS certificate installed on backend servers does not match the hostname received in the Host request header. 
+The TLS certificate installed on backend servers doesn't match the hostname received in the Host request header. 
 
-In scenarios where End-to-end TLS is enabled, a configuration that is achieved by editing the appropriate "Backend HTTP Settings", and changing there the configuration of the "Backend protocol" setting to HTTPS, it is mandatory to ensure that the CNAME of the TLS certificate installed on backend servers matches the hostname coming to the backend in the HTTP host header request.
+In scenarios where End-to-end TLS is enabled, a configuration that is achieved by editing the appropriate "Backend HTTP Settings", and changing there the configuration of the "Backend protocol" setting to HTTPS, it's mandatory to ensure that the DNS NAME of the TLS certificate installed on backend servers matches the hostname coming to the backend in the HTTP host header request.
 
-As a reminder, the effect of enabling on the "Backend HTTP Settings" the option of protocol HTTPS rather than HTTP, will be that the second part of the communication that happens between the instances of the Application Gateway and the backend servers will be encrypted with TLS.
+As a reminder, the effect of enabling on the "Backend HTTP Settings" the option of protocol HTTPS rather than HTTP, is that the second part of the communication that happens between the instances of the Application Gateway and the backend servers are encrypted with TLS.
 
-Due to the fact that by default Application Gateway sends the same HTTP host header to the backend as it receives from the client, you will need to ensure that the TLS certificate installed on the backend server, is issued with a CNAME that matches the host name received by that backend server in the HTTP host header.
+Due to the fact that by default Application Gateway sends the same HTTP host header to the backend as it receives from the client, you need to ensure that the TLS certificate installed on the backend server, is issued with a DNS NAME that matches the host name received by that backend server in the HTTP host header.
 Remember that, unless specified otherwise, this hostname would be the same as the one received from the client.
 
 For example:
@@ -211,16 +211,16 @@ Imagine that you have an Application Gateway to serve the https requests for dom
 
 On that Application Gateway you should have a listener for the host www.contoso.com with a rule that has the "Backed HTTP Setting" forced to use protocol HTTPS (ensuring End-to-end TLS). That same rule could have configured a backend pool with two VMs running IIS as Web servers.
 
-As we know enabling HTTPS in the "Backed HTTP Setting" of the rule will make the second part of the communication that happens between the Application Gateway instances and the servers in the backend to use TLS.
+As we know enabling HTTPS in the "Backed HTTP Setting" of the rule makes the second part of the communication that happens between the Application Gateway instances and the servers in the backend to use TLS.
 
-If the backend servers do not have a TLS certificate issued for the CNAME www.contoso.com or *.contoso.com, the request will fail with **Server Error: 502 - Web server received an invalid response while acting as a gateway or proxy server** because the upstream SSL certificate (the certificate installed on the backend servers) will not match the hostname in the host header, and hence the TLS negotiation will fail. 
+If the backend servers do not have a TLS certificate issued for the DNS NAME www.contoso.com or *.contoso.com, the request fails with **Server Error: 502 - Web server received an invalid response while acting as a gateway or proxy server** because the upstream SSL certificate (the certificate installed on the backend servers) doesn't match the hostname in the host header, and hence the TLS negotiation fails. 
 
 
 www.contoso.com --> APP GW front end IP --> Listener with a rule that configures "Backend HTTP Settings" to use protocol HTTPS rather than HTTP  --> Backend Pool --> Web server (needs to have a TLS certificate installed for www.contoso.com) 
 
 ## Solution
 
-it is required that the CNAME of the TLS certificate installed on the backend server, matches the host name configured in the HTTP backend settings, otherwise the second part of the End-to-end communication that happens between the instances of the Application Gateway and the backend, will fail with "Upstream SSL certificate does not match", and will throw back a **Server Error: 502 - Web server received an invalid response while acting as a gateway or proxy server**
+It's required that the DNS NAME of the TLS certificate installed on the backend server, matches the host name configured in the HTTP backend settings, otherwise the second part of the End-to-end communication that happens between the instances of the Application Gateway and the backend, fails with "Upstream SSL certificate doesn't match", and throws back a **Server Error: 502 - Web server received an invalid response while acting as a gateway or proxy server**
 
 
 ## Next steps

articles/automation/automation-runbook-types.md

@@ -364,5 +364,5 @@ You can create and edit graphical and graphical PowerShell Workflow runbooks usi
 
 * To learn about PowerShell runbooks, see [Tutorial: Create a PowerShell runbook](./learn/powershell-runbook-managed-identity.md).
 * To learn about PowerShell Workflow runbooks, see [Tutorial: Create a PowerShell Workflow runbook](learn/automation-tutorial-runbook-textual.md).
-* To learn about graphical runbooks, see [Tutorial: Create a graphical runbook](./learn/powershell-runbook-managed-identity.md).
+* To learn about graphical runbooks, see [Tutorial: Create a graphical runbook](automation-graphical-authoring-intro.md).
 * To learn about Python runbooks, see [Tutorial: Create a Python runbook](./learn/automation-tutorial-runbook-textual-python-3.md).

articles/azure-resource-manager/management/resource-name-rules.md

@@ -637,7 +637,7 @@ In the following tables, the term alphanumeric refers to:
 > | netAppAccounts / shareNames | NetApp account | 1-64 | Alphanumerics and hyphens. <br><br>Start with alphanumeric.<br><br>Underscores aren't supported. |
 > | netAppAccounts / snapshots | NetApp account | 1-255 | Alphanumerics, underscores, and hyphens <br><br> Start with alphanumeric. |
 > | netAppAccounts / snapshotPolicies | NetApp account | 1-64 |  Alphanumerics, underscores, and hyphens<br><br>Start with alphanumeric. |
-> | netAppAccounts / volumes | NetApp account | 1-64 | Alphanumerics and hyphens <br><br> Start with alphanumeric. <br><br> Volume can't be named `bin` or `default`. |
+> | netAppAccounts / volumes | NetApp account | 1-64 | Alphanumerics, underscores, and hyphens <br><br> Start with alphanumeric. <br><br> Volume can't be named `bin` or `default`. |
 > | netAppAccounts / volumeGroups | NetApp account | 3-64 |  Alphanumerics, underscores, and hyphens<br><br>Start with alphanumeric. |
 
 ## Microsoft.Network