Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-rbac-elevate-access-manage-users

Author: rolyon

.openpublishing.redirection.json

@@ -4024,6 +4024,26 @@
       "source_path_from_root": "/articles/managed-grafana/how-to-transition-domain.md",
       "redirect_url": "/azure/managed-grafana/overview",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/load-balancer/move-across-regions-external-load-balancer-portal.md",
+      "redirect_url": "/azure/load-balancer/move-across-regions-azure-load-balancer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/load-balancer/move-across-regions-external-load-balancer-powershell.md",
+      "redirect_url": "/azure/load-balancer/move-across-regions-azure-load-balancer",
+      "redirect_document_id": false
+    },    
+    {
+      "source_path_from_root": "/articles/load-balancer/move-across-regions-internal-load-balancer-portal.md",
+      "redirect_url": "/azure/load-balancer/move-across-regions-azure-load-balancer",
+      "redirect_document_id": false
+    },    
+    {
+      "source_path_from_root": "/articles/load-balancer/move-across-regions-internal-load-balancer-powershell.md",
+      "redirect_url": "/azure/load-balancer/move-across-regions-azure-load-balancer",
+      "redirect_document_id": false
     }
   ]
 }

articles/api-center/index.yml

@@ -61,7 +61,7 @@ landingContent:
       - linkListType: how-to-guide
         links:
           - text: Analyze APIs using linting rules
-            url: enable-api-analysis-linting.md
+            url: enable-managed-api-analysis-linting.md
       - linkListType: concept
         links:
           - text: Use metadata for governance

articles/api-management/inject-vnet-v2.md

@@ -68,9 +68,11 @@ The subnet needs to be delegated to the **Microsoft.Web/hostingEnvironments** se
 
 For more information about configuring subnet delegation, see [Add or remove a subnet delegation](../virtual-network/manage-subnet-delegation.md).
 
+[!INCLUDE [api-management-virtual-network-address-prefix](../../includes/api-management-virtual-network-address-prefix.md)]
+
 ### Permissions
 
-You must have at least the following role-based access control permissions on the subnet or at a higher level to configure virtual network integration:
+You must have at least the following role-based access control permissions on the subnet or at a higher level to configure virtual network injection:
 
 | Action | Description |
 |-|-|
@@ -86,13 +88,11 @@ When you [create](get-started-create-service-instance.md) a Premium v2 instance
 
 1. In the **Create API Management service** wizard, select the **Networking** tab.
 1. In **Connectivity type**, select **Virtual network**.
-1. In **Type**, select **Internal**. 
-1. In **Configure virtual networks**, select the virtual network and the delegated subnet that you want to integrate. 
-
-    Optionally, provide a public IP address resource if you want to own and control an IP address that's used only for outbound connection to the internet.
+1. In **Type**, select **Injection**. 
+1. In **Configure virtual networks**, select the virtual network and the delegated subnet that you want to inject. 
 1. Complete the wizard to create the API Management instance.
 
-## DNS settings for integration with private IP address
+## DNS settings for access to private IP address
 
 When a Premium v2 API Management instance is injected in a virtual network, you have to manage your own DNS to enable inbound access to API Management. 
 

articles/app-service/configure-ssl-certificate.md

@@ -341,6 +341,9 @@ This is only supported for Windows container apps in multi-tenant App Service. I
 ### Can I load a private CA certificate in my App Service Trusted Root Store?
 You can load your own CA certificate into the Trusted Root Store in [App Service Environment version 3](./environment/overview-certificates.md). You can't modify the list of Trusted Root Certificates in App Service (multi-tenant). For more information on App Service multi-tenant vs. single-tenant, see [App Service Environment v3 and App Service public multitenant comparison](./environment/ase-multi-tenant-comparison.md).
 
+### Can App Service Certificate be used for other services?
+Yes, certificates purchased via App Service Certificate can be exported and used with Application Gateway or other services. Refer to the following blog article for more information: [Creating a local PFX copy of App Service Certificate](https://azure.github.io/AppService/2017/02/24/Creating-a-local-PFX-copy-of-App-Service-Certificate.html).
+
 ## More resources
 
 * [Secure a custom DNS name with a TLS/SSL binding in Azure App Service](configure-ssl-bindings.md)

articles/app-service/environment/auto-migration.md

@@ -74,7 +74,7 @@ The following errors might be displayed in the portal if you're ineligible for a
 
 ## What to do if your App Service Environment is suspended
 
-If your App Service Environment is suspended, you have two options.
+If your App Service Environment is suspended, you have three options.
 
 ### Unsuspend and self-migrate
 
@@ -88,6 +88,14 @@ If you want to expedite migration, you can resume/unsuspend your environment as
 
 :::image type="content" source="./media/migration/resume-as-asev3.png" alt-text="Screenshot that shows the button on the Migration page where you can resume as an App Service Environment v3.":::
 
+### Delete your App Service Environment
+
+If you no longer need your App Service Environment, you can delete your environment using the following CLI command. Replace the placeholders for the subscription id, environment name, and resource group with your values for the App Service Environment that you want to delete. The Azure CLI is the only available method for deleting your environment. If you haven't previously used the Azure CLI, [install the Azure CLI](/cli/azure/install-azure-cli) or use [Azure Cloud Shell](https://shell.azure.com/) and use a Bash shell. Deleting your environment will also delete the associated apps and App Service plans. This action is irreversible.
+
+```azurecli
+az rest --method delete --url "https://management.azure.com/subscriptions/<SUBSCRIPTION-ID>/resourceGroups/<RESOURCE-GROUP>/providers/Microsoft.Web/hostingEnvironments/<ASE-NAME>?api-version=2020-12-01" --url-parameters forceDelete=true --verbose
+```
+
 ## Features to limit the effects of auto-migrations
 
 To limit the effect of auto-migrations, we implemented the following features to the auto-migration feature.

articles/app-service/tutorial-python-postgresql-app.md

@@ -289,6 +289,22 @@ The creation wizard generated the connectivity variables for you already as [app
     :::column:::
     :::column-end:::
 :::row-end:::
+:::row:::
+    :::column span="2":::
+        **Step 4:** Back in the **Configuration** page, select **New application setting**. Name the setting `SECRET_KEY`. Paste the value from the previous value. Select **OK**.
+    :::column-end:::
+    :::column:::
+        :::image type="content" source="./media/tutorial-python-postgresql-app/azure-portal-app-service-app-setting.png" alt-text="A screenshot showing how to set the SECRET_KEY app setting in the Azure portal (Django)." lightbox="./media/tutorial-python-postgresql-app/azure-portal-app-service-app-setting.png":::
+    :::column-end:::
+:::row-end:::
+:::row:::
+    :::column span="2":::
+        **Step 5:** Select **Save**.
+    :::column-end:::
+    :::column:::
+        :::image type="content" source="./media/tutorial-python-postgresql-app/azure-portal-app-service-app-setting-save.png" alt-text="A screenshot showing how to save the SECRET_KEY app setting in the Azure portal (Django)." lightbox="./media/tutorial-python-postgresql-app/azure-portal-app-service-app-setting-save.png":::
+    :::column-end:::
+:::row-end:::
 
 ### [Django](#tab/django)
 

articles/automation/change-tracking/overview-monitoring-agent.md

@@ -3,7 +3,7 @@ title: Azure Automation Change Tracking and Inventory overview using Azure Monit
 description: This article describes the Change Tracking and Inventory feature using Azure monitoring agent, which helps you identify software and Microsoft service changes in your environment.
 services: automation
 ms.subservice: change-inventory-management
-ms.date: 11/15/2024
+ms.date: 12/09/2024
 ms.topic: overview
 ms.service: azure-automation
 ---
@@ -21,6 +21,20 @@ This article explains on the latest version of change tracking support using Azu
 > - [FIM with Change Tracking and Inventory using AMA](https://learn.microsoft.com/azure/defender-for-cloud/migrate-file-integrity-monitoring#migrate-from-fim-over-ama).
 > - [FIM with Change Tracking and Inventory using MMA](https://learn.microsoft.com/azure/defender-for-cloud/migrate-file-integrity-monitoring#migrate-from-fim-over-mma).
 
+## What is Change Tracking & Inventory
+
+Azure Change Tracking & Inventory service enhances the auditing and governance for in-guest operations by monitoring changes and providing detailed inventory logs for servers across Azure, on-premises, and other cloud environments.
+
+1. **Change Tracking**
+
+    a. Monitors changes, including modifications to files, registry keys, software installations, and Windows services or Linux daemons.</br>
+    b. Provides detailed logs of what and when the changes were made, who made them, enabling you to quickly detect configuration drifts or unauthorized changes.
+    
+1. **Inventory**
+
+    a. Collects and maintains an updated list of installed software, operating system details, and other server configurations in linked LA workspace </br>
+    b. Helps create an overview of system assets, which is useful for compliance, audits, and proactive maintenance.
+
 ## Support matrix
 
 |**Component**| **Applies to**|

articles/azure-cache-for-redis/cache-how-to-premium-vnet.md

@@ -27,9 +27,10 @@ ms.date: 08/29/2023
   - failure of replica node to replicate data from primary node
   - potential data loss
   - failure of management operations like scaling
+  - intermittent or complete SSL/TLS failures
   - in the most severe scenarios, loss of availability
 - VNet injected caches are only available for Premium-tier Azure Cache for Redis, not other tiers.
-- When using a VNet injected cache, you must change your VNet to cache dependencies such as CRLs/PKI, AKV, Azure Storage, Azure Monitor, and more.
+- When using a VNet injected cache, you must change your VNet to cache dependencies such as Certificate Revocation Lists/Public Key Instructure, Azure Key Vault, Azure Storage, Azure Monitor, and more.
 - You can't inject an existing Azure Cache for Redis instance into a Virtual Network. You must select this option when you _create_ the cache.
 
 ## Set up virtual network support
@@ -166,9 +167,9 @@ There are network connectivity requirements for Azure Cache for Redis that might
 
 - Outbound network connectivity to Azure Key Vault endpoints worldwide. Azure Key Vault endpoints resolve under the DNS domain `vault.azure.net`.
 - Outbound network connectivity to Azure Storage endpoints worldwide. Endpoints located in the same region as the Azure Cache for Redis instance and storage endpoints located in _other_ Azure regions are included. Azure Storage endpoints resolve under the following DNS domains: `table.core.windows.net`, `blob.core.windows.net`, `queue.core.windows.net`, and `file.core.windows.net`.
-- Outbound network connectivity to `ocsp.digicert.com`, `crl4.digicert.com`, `ocsp.msocsp.com`, `mscrl.microsoft.com`, `crl3.digicert.com`, `cacerts.digicert.com`, `oneocsp.microsoft.com`, and `crl.microsoft.com`. This connectivity is needed to support TLS/SSL functionality.
+- Outbound network connectivity to `ocsp.digicert.com`, `crl4.digicert.com`, `ocsp.msocsp.com`, `mscrl.microsoft.com`, `crl3.digicert.com`, `cacerts.digicert.com`, `oneocsp.microsoft.com`, and `crl.microsoft.com`, `cacerts.geotrust.com`, `www.microsoft.com`, `cdp.geotrust.com`, `status.geotrust.com`. This connectivity is needed to support TLS/SSL functionality.
 - The DNS configuration for the virtual network must be able to resolve all of the endpoints and domains mentioned in the earlier points. These DNS requirements can be met by ensuring a valid DNS infrastructure is configured and maintained for the virtual network.
-- Outbound network connectivity to the following Azure Monitor endpoints, which resolve under the following DNS domains: `shoebox2-black.shoebox2.metrics.nsatc.net`, `north-prod2.prod2.metrics.nsatc.net`, `azglobal-black.azglobal.metrics.nsatc.net`, `shoebox2-red.shoebox2.metrics.nsatc.net`, `east-prod2.prod2.metrics.nsatc.net`, `azglobal-red.azglobal.metrics.nsatc.net`, `shoebox3.prod.microsoftmetrics.com`, `shoebox3-red.prod.microsoftmetrics.com`, `shoebox3-black.prod.microsoftmetrics.com`, `azredis-red.prod.microsoftmetrics.com` and `azredis-black.prod.microsoftmetrics.com`.
+- Outbound network connectivity to the following Azure Monitor endpoints, which resolve under the following DNS domains: `shoebox3.prod.microsoftmetrics.com`, `shoebox3-red.prod.microsoftmetrics.com`, `shoebox3-black.prod.microsoftmetrics.com`, `azredis.prod.microsoftmetrics.com`, `azredis-red.prod.microsoftmetrics.com`, and `azredis-black.prod.microsoftmetrics.com`.
 
 ### How can I verify that my cache is working in a virtual network?
 
@@ -206,6 +207,8 @@ If you're unable to resolve the DNS name, some client libraries include configur
 
 `10.128.2.84:6380,password=xxxxxxxxxxxxxxxxxxxx,ssl=True,abortConnect=False;sslHost=[mycachename].redis.cache.windows.net`
 
+In addition, if the subnet where Azure Cache for Redis is hosted is blocking TCP outbound connections over port 80 for SSL/TLS functionality, clients might experience intermittent TLS certificate validation errors.
+
 ### Can I use virtual networks with a standard or basic cache?
 
 Virtual networks can only be used with Premium-tier caches.

articles/azure-cache-for-redis/cache-how-to-scale.md

@@ -120,7 +120,7 @@ For more information on scaling with PowerShell, see [To scale an Azure Cache fo
 
 #### Scale up and down using Azure CLI
 
-To scale your Azure Cache for Redis instances using Azure CLI, call the [az redis update](/cli/azure/redis#az-redis-update) command. Use the `sku.capcity` property to scale within a tier, for example from a Standard C0 to Standard C1 cache:
+To scale your Azure Cache for Redis instances using Azure CLI, call the [az redis update](/cli/azure/redis#az-redis-update) command. Use the `sku.capacity` property to scale within a tier, for example from a Standard C0 to Standard C1 cache:
 
 ```azurecli
 az redis update --cluster-name myCache --resource-group myGroup --set "sku.capacity"="2"

articles/azure-cache-for-redis/cache-how-to-upgrade.md

@@ -86,7 +86,7 @@ To defer upgrades to your cache, navigate to the **Advanced Settings** on the Re
 
 ## Considerations before upgrading Redis versions
 
-Each new Redis version is intended to be a seamless upgrade from previous versions with backwards-compatibilty as a design principle. However, small changes and bug fixes do occur which can cause application changes. Being conscious of these changes is always a good idea.
+Each new Redis version is intended to be a seamless upgrade from previous versions with backwards-compatibility as a design principle. However, small changes and bug fixes do occur which can cause application changes. Being conscious of these changes is always a good idea.
 
 ### Client version