Merge pull request #261981 from MicrosoftDocs/main

12/27/2023 AM Publish

Author: Taojunshen

articles/app-service/configure-language-java.md

@@ -66,7 +66,7 @@ With the [Maven Plugin for Azure Web Apps](https://github.com/microsoft/azure-ma
 mvn com.microsoft.azure:azure-webapp-maven-plugin:2.11.0:config
 ```
 
-This command adds a `azure-webapp-maven-plugin` plugin and related configuration by prompting you to select an existing Azure Web App or create a new one. Then you can deploy your Java app to Azure using the following command:
+This command adds an `azure-webapp-maven-plugin` plugin and related configuration by prompting you to select an existing Azure Web App or create a new one. Then you can deploy your Java app to Azure using the following command:
 
 ```shell
 mvn package azure-webapp:deploy

articles/communication-services/quickstarts/email/add-custom-verified-domains.md

@@ -204,7 +204,7 @@ The following links provide additional information on how to add a CNAME record
 
 ## Next steps
 
-* [Get started by connecting Email Communication Service with a Azure Communication Service resource](../../quickstarts/email/connect-email-communication-resource.md)
+* [Get started by connecting Email Communication Service with an Azure Communication Service resource](../../quickstarts/email/connect-email-communication-resource.md)
 
 * [How to send an email using Azure Communication Service](../../quickstarts/email/send-email.md)
 

articles/communication-services/quickstarts/email/create-email-communication-resource.md

@@ -44,7 +44,7 @@ Get started with Email by provisioning your first Email Communication Services r
 
 * [Email domains and sender authentication for Azure Communication Services](../../concepts/email/email-domain-and-sender-authentication.md)
 
-* [Get started by connecting Email Communication Service with a Azure Communication Service resource](../../quickstarts/email/connect-email-communication-resource.md)
+* [Get started by connecting Email Communication Service with Azure Communication Service resource](../../quickstarts/email/connect-email-communication-resource.md)
 
 The following documents may be interesting to you:
 

articles/defender-for-cloud/agentless-vulnerability-assessment-aws.md

@@ -18,7 +18,7 @@ In every account where enablement of this capability is completed, all images st
 
 Container vulnerability assessment powered by Microsoft Defender Vulnerability Management has the following capabilities:  
 
-- **Scanning OS packages** - container vulnerability assessment has the ability to scan vulnerabilities in packages installed by the OS package manager in Linux and Windows OS. See the [full list of the supported OS and their versions](support-matrix-defender-for-containers.md#registries-and-images-support-for-aws---vulnerability-assessment-powered-by-microsoft-defender-vulnerability-management).
+- **Scanning OS packages** - container vulnerability assessment has the ability to scan vulnerabilities in packages installed by the OS package manager in Linux and Windows operating systems. See the [full list of the supported OS and their versions](support-matrix-defender-for-containers.md#registries-and-images-support-for-aws---vulnerability-assessment-powered-by-microsoft-defender-vulnerability-management).
 
 - **Language specific packages** – **Linux only** - support for language specific packages and files, and their dependencies installed or copied without the OS package manager. See the [complete list of supported languages](support-matrix-defender-for-containers.md#registries-and-images-support-for-aws---vulnerability-assessment-powered-by-microsoft-defender-vulnerability-management).  
 
@@ -40,7 +40,7 @@ Container vulnerability assessment powered by Microsoft Defender Vulnerability M
 The triggers for an image scan are:
 
 - **One-time triggering**:
-  - Each image pushed to a container registry is triggered to be scanned. In most cases, the scan is completed within a few hours, but sometin rare cases it might take up to 24 hors.
+  - Each image pushed to a container registry is triggered to be scanned. In most cases, the scan is completed within a few hours, but in rare cases it might take up to 24 hours.
   - Each image pulled from a registry is triggered to be scanned within 24 hours.
 
 

articles/mariadb/concepts-connectivity-architecture.md

@@ -31,62 +31,64 @@ As part of ongoing service maintenance, we'll periodically refresh compute hardw
 * You hard code the gateway IP addresses in the connection string of your application. It is **not recommended**. You should use fully qualified domain name (FQDN) of your server in the format `<servername>.mariadb.database.azure.com`, in the connection string for your application. 
 * You don't update the newer gateway IP addresses in the client-side firewall to allow outbound traffic to be able to reach our new gateway rings.
 
+> [!IMPORTANT]
+> If customer connectivity stack needs to connect directly to gateway instead of **recommended DNS name approach**, or allow-list gateway in the firewall rules for connections to\from customer infrastructure, we **strongly encourage** customers to use Gateway IP address **subnets** versus hardcoding static IP in order to not be impacted by this activity in a region that may cause IP to change within the subnet range. 
+
 The following table lists the gateway IP addresses of the Azure Database for MariaDB gateway for all data regions. The most up-to-date information of the gateway IP addresses for each region is maintained in the table below. In the table below, the columns represent following:
 
-* **Gateway IP addresses:** This column lists the current IP addresses of the gateways hosted on the latest generation of hardware. If you're provisioning a new server, we recommend that you open the client-side firewall to allow outbound traffic for the IP addresses listed in this column.
-* **Gateway IP addresses (decommissioning):** This column lists the IP addresses of the gateways hosted on an older generation of hardware that is being decommissioned right now. If you're provisioning a new server, you can ignore these IP addresses. If you have an existing server, continue to retain the outbound rule for the firewall for these IP addresses as we haven't decommissioned it yet. If you drop the firewall rules for these IP addresses, you may get connectivity errors. Instead, you're expected to proactively add the new IP addresses listed in Gateway IP addresses column to the outbound firewall rule as soon as you receive the notification for decommissioning. This will ensure when your server is migrated to latest gateway hardware, there's no interruptions in connectivity to your server.
-* **Gateway IP addresses (decommissioned):** This column lists the IP addresses of the gateway rings, which are decommissioned and are no longer in operations. You can safely remove these IP addresses from your outbound firewall rule.
-
-| **Region name** | **Gateway IP addresses** |**Gateway IP addresses (decommissioning)** | **Gateway IP addresses (decommissioned)** |
-|:----------------|:-------------------------|:-------------------------------------------|:------------------------------------------|
-| Australia Central| 20.36.105.0  | | |
-| Australia Central2     | 20.36.113.0  | | |
-| Australia East | 40.79.161.1, 13.70.112.32    | 13.75.149.87 | |
-| Australia South East |13.77.49.33, 191.239.192.109      | 13.73.109.251 | |
-| Brazil South |191.233.201.8, 191.233.200.16     |  | 104.41.11.5|
-| Canada Central |40.85.224.249     | | |
-| Canada East | 40.69.105.32     |40.86.226.166 | |
-| Central US | 23.99.160.139, 52.182.136.37, 52.182.136.38 | 13.67.215.62 | |
-| China East | 139.219.130.35     | | |
-| China East 2 | 40.73.82.1     | | |
-| China North | 139.219.15.17     | | |
-| China North 2 | 40.73.50.0     | | |
-| East Asia | 191.234.2.139, 52.175.33.150, 13.75.33.20, 13.75.33.21     | | |
-| East US |40.71.8.203, 40.71.83.113 |40.121.158.30|191.238.6.43 |
-| East US 2 | 40.70.144.38, 52.167.105.38  | 52.177.185.181 | |
-| France Central | 40.79.137.0, 40.79.129.1     | | |
-| France South | 40.79.177.0, 40.79.176.40     | | |
-| Germany Central | 51.4.144.100     | | |
-| Germany North | 51.116.56.0 | |
-| Germany North East | 51.5.144.179     | | |
-| Germany West Central | 51.116.152.0 | |
-| India Central | 104.211.96.159     | | |
-| India South | 104.211.224.146     | | |
-| India West |  104.211.144.32   |104.211.160.80  | |
-| Japan East | 40.79.192.23, 40.79.184.8 | 13.78.61.196 | |
-| Japan West | 191.238.68.11, 40.74.96.6, 40.74.96.7     | 104.214.148.156 | |
-| Korea Central | 52.231.17.13     | 52.231.32.42 | |
-| Korea South | 52.231.145.3     | 52.231.200.86 | |
-| North Central US | 52.162.104.35, 52.162.104.36     | 23.96.178.199 | |
-| North Europe | 52.138.224.6, 52.138.224.7     | 40.113.93.91 |191.235.193.75 |
-| South Africa North  | 102.133.152.0     | | |
-| South Africa West    | 102.133.24.0     | | |
-| South Central US |104.214.16.39, 20.45.120.0  |13.66.62.124  |23.98.162.75 |
-| South East Asia | 40.78.233.2, 23.98.80.12     | 104.43.15.0 | |
-| Switzerland North | 51.107.56.0 ||
-| Switzerland West | 51.107.152.0| ||
-| UAE Central | 20.37.72.64     | | |
-| UAE North | 65.52.248.0     | | |
-| UK South | 51.140.184.11     | | |
-| UK West | 51.141.8.11     | | |
-| West Central US |  13.71.193.34    | 13.78.145.25| |
-| West Europe |13.69.105.208, 104.40.169.187 | 40.68.37.158 | 191.237.232.75 |
-| West US |13.86.216.212, 13.86.217.212 |104.42.238.205  | 23.99.34.75|
-| West US 2 | 13.66.226.202     | | |
+* **Region Name:** This column lists the name of Azure region where Azure Database for PostgreSQL - Single Server is offered. 
+* **Gateway IP address subnets:** This column lists the IP address subnets of the gateway rings located in the particular region. As we retire older gateway hardware, we recommend that you open the client-side firewall to allow outbound traffic for the IP address subnets in the region you're operating.
+
+| **Region name** |  **Gateway IP address subnets** |
+|:----------------|:------------------------------------------|
+| Australia Central  | 20.36.105.32/29 | 
+| Australia Central 2      | 20.36.113.32/29 |
+| Australia East     |  13.70.112.32/29, 40.79.160.32/29, 40.79.168.32/29 |
+| Australia South East   |13.77.49.32/29  |
+| Brazil South  | 191.233.200.32/29, 191.234.144.32/29|
+| Canada Central  | 	13.71.168.32/29, 20.38.144.32/29, 52.246.152.32/29|
+| Canada East    | 40.69.105.32/29 |
+| Central US  | 104.208.21.192/29, 13.89.168.192/29, 52.182.136.192/29
+| China East                     |      52.130.112.136/29|
+| China East 2             | 52.130.120.88/29|
+| China East 3           | 52.130.128.88/29|
+| China North   | 52.130.128.88/29 |
+| China North 2  | 	52.130.40.64/29|
+| China North 3  | 13.75.32.192/29, 13.75.33.192/29 |
+| East Asia    | 13.75.32.192/29, 13.75.33.192/29|
+| East US  |20.42.65.64/29, 20.42.73.0/29, 52.168.116.64/29|
+| East US 2  |104.208.150.192/29, 40.70.144.192/29, 52.167.104.192/29|
+| France Central   | 40.79.136.32/29, 40.79.144.32/29 |
+| France South  | 	40.79.176.40/29, 40.79.177.32/29|
+| Germany West Central  | 51.116.152.32/29, 51.116.240.32/29, 51.116.248.32/29|
+| India Central | 104.211.86.32/29, 20.192.96.32/29|
+| India South    | 40.78.192.32/29, 40.78.193.32/29|
+| India West     | 	104.211.144.32/29, 104.211.145.32/29 |
+| Japan East  | 13.78.104.32/29, 40.79.184.32/29, 40.79.192.32/29 |
+| Japan West  | 40.74.96.32/29 |
+| Korea Central     | 20.194.64.32/29,20.44.24.32/29, 52.231.16.32/29 |
+| Korea South   | 52.231.145.0/29 |
+| North Central US   | 52.162.105.192/29|
+| North Europe   |13.69.233.136/29, 13.74.105.192/29, 52.138.229.72/29 |
+| South Africa North     | 102.133.120.32/29, 102.133.152.32/29, 102.133.248.32/29 |
+| South Africa West      | 102.133.25.32/29|
+| South Central US  |20.45.121.32/29, 20.49.88.32/29, 20.49.89.32/29, 40.124.64.136/29|
+| South East Asia  | 13.67.16.192/29, 23.98.80.192/29, 40.78.232.192/29 |
+| Switzerland North   |51.107.56.32/29, 51.103.203.192/29, 20.208.19.192/29, 51.107.242.32/27|
+| Switzerland West  | 51.107.153.32/29|
+| UAE Central     | 20.37.72.96/29, 20.37.73.96/29 |
+| UAE North    | 40.120.72.32/29, 65.52.248.32/29 |
+| UK South   |51.105.64.32/29, 51.105.72.32/29, 51.140.144.32/29|
+| UK West | 51.140.208.96/29, 51.140.209.32/29 |
+| West Central US    | 13.71.193.32/29 |
+| West Europe  | 104.40.169.32/29, 13.69.112.168/29, 52.236.184.32/29|
+| West US  |13.86.217.224/29|
+| West US 2    | 13.66.136.192/29, 40.78.240.192/29, 40.78.248.192/29|
+| West US 3     | 20.150.168.32/29, 20.150.176.32/29, 20.150.184.32/29 |
 
 ## Connection redirection
 
-Azure Database for MariaDB supports another connection policy, **redirection**, that helps to reduce network latency between client applications and MariaDB servers. With this feature, after the initial TCP session is established to the Azure Database for MariaDB server, the server returns the backend address of the node hosting the MariaDB server to the client. Thereafter, all subsequent packets flow directly to the server, bypassing the gateway. As packets flow directly to the server, latency and throughput have improved performance.
+Azure Database for MariaDB supports another connection policy, **redirection** that helps to reduce network latency between client applications and MariaDB servers. With this feature, after the initial TCP session is established to the Azure Database for MariaDB server, the server returns the backend address of the node hosting the MariaDB server to the client. Thereafter, all subsequent packets flow directly to the server, bypassing the gateway. As packets flow directly to the server, latency and throughput have improved performance.
 
 This feature is supported in Azure Database for MariaDB servers with engine versions 10.2 and 10.3.
 
@@ -99,29 +101,29 @@ Support for redirection is available in the PHP [mysqlnd_azure](https://github.c
 
 ### What you need to know about this planned maintenance?
 
-This is a DNS change only, which makes it transparent to clients. While the IP address for FQDN is changed in the DNS server, the local DNS cache will be refreshed within 5 minutes, and it's automatically done by the operating systems. After the local DNS refresh, all the new connections will connect to the new IP address, all existing connections will remain connected to the old IP address with no interruption until the old IP addresses are fully decommissioned. The old IP address will roughly take three to four weeks before getting decommissioned; therefore, it should have no effect on the client applications.
+This is a DNS change only, which makes it transparent to clients. While the IP address for FQDN is changed in the DNS server, the local DNS cache is refreshed within 5 minutes, and it's automatically done by the operating systems. After the local DNS refresh, all the new connections will connect to the new IP address, all existing connections will remain connected to the old IP address with no interruption until the old IP addresses are fully decommissioned. The old IP address will roughly take three to four weeks before getting decommissioned; therefore, it should have no effect on the client applications.
 
 ### What are we decommissioning?
 
-Only Gateway nodes will be decommissioned. When users connect to their servers, the first stop of the connection is to gateway node, before connection is forwarded to server. We're decommissioning old gateway rings (not tenant rings where the server is running) refer to the [connectivity architecture](#connectivity-architecture) for more clarification.
+Only Gateway nodes are decommissioned. When users connect to their servers, the first stop of the connection is to gateway node, before connection is forwarded to server. We're decommissioning old gateway rings (not tenant rings where the server is running) refer to the [connectivity architecture](#connectivity-architecture) for more clarification.
 
 ### How can you validate if your connections are going to old gateway nodes or new gateway nodes?
 
-Ping your server's FQDN, for example  ``ping xxx.mariadb.database.azure.com``. If the returned IP address is one of the IPs listed under Gateway IP addresses (decommissioning) in the document above, it means your connection is going through the old gateway. Contrarily, if the returned Ip address is one of the IPs listed under Gateway IP addresses, it means your connection is going through the new gateway.
+Ping your server's FQDN, for example  ``ping xxx.mariadb.database.azure.com``. If the returned IP address is one of the IPs listed under Gateway IP addresses (decommissioning) in the document above, it means your connection is going through the old gateway. Contrarily, if the returned Ip-address is one of the IPs listed under Gateway IP addresses, it means your connection is going through the new gateway.
 
 You may also test by [PSPing](/sysinternals/downloads/psping) or TCPPing the database server from your client application with port 3306 and ensure that return IP address isn't one of the decommissioning IP addresses
 
 ### How do I know when the maintenance is over and will I get another notification when old IP addresses are decommissioned?
 
-You'll receive an email to inform you when we'll start the maintenance work. The maintenance can take up to one month depending on the number of servers we need to migrate in al regions. Prepare your client to connect to the database server using the FQDN or using the new IP address from the table above.
+You receive an email to inform you when we start the maintenance work. The maintenance can take up to one month depending on the number of servers we need to migrate in al regions. Prepare your client to connect to the database server using the FQDN or using the new IP address from the table above.
 
 ### What do I do if my client applications are still connecting to old gateway server?
 
 This indicates that your applications connect to server using static IP address instead of FQDN. Review connection strings and connection pooling setting, AKS setting, or even in the source code.
 
 ### Is there any impact for my application connections?
 
-This maintenance is just a DNS change, so it's transparent to the client. Once the DNS cache is refreshed in the client (automatically done by operation system), all the new connection will connect to the new IP address and all the existing connection will still working fine until the old IP address fully get decommissioned, which several weeks later. And the retry logic isn't required for this case, but it's good to see the application have retry logic configured. Either use FQDN to connect to the database server or enable list the new 'Gateway IP addresses' in your application connection string.
+This maintenance is just a DNS change, so it's transparent to the client. Once the DNS cache is refreshed in the client (automatically done by operation system), all the new connections connect to the new IP address and all the existing connections will still work fine until the old IP address is fully decommissioned, which happens several weeks later. And the retry logic isn't required for this case, but it's good to see the application have retry logic configured. Either use FQDN to connect to the database server or enable list the new 'Gateway IP addresses' in your application connection string.
 This maintenance operation won't drop the existing connections. It only makes the new connection requests go to new gateway ring.
 
 ### Can I request for a specific time window for the maintenance?