Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into vwan-change-audience

Author: cherylmc

articles/azure-netapp-files/azacsnap-release-notes.md

@@ -5,7 +5,7 @@ services: azure-netapp-files
 author: Phil-Jensen
 ms.service: azure-netapp-files
 ms.topic: conceptual
-ms.date: 10/31/2024
+ms.date: 01/14/2025
 ms.author: phjensen
 ---
 
@@ -24,8 +24,8 @@ For specific information on Preview features, refer to the [AzAcSnap Preview](az
 AzAcSnap 10a is being released with the following fixes and improvements:
 
 - Fixes and Improvements:
-  - Allow configurable wait timeout for Microsoft SQL Server. This will help you increase timeout for slow responding systems (default and minimum value is 30 seconds).
-    - Added a global override variable `MSSQL_CMD_TIMEOUT_SECS` to be used in either the `.azacsnaprc` file or as an environment variable set to the required wait timeout in seconds. For details on configuration refer to the [global override settings to control AzAcSnap behavior](azacsnap-tips.md#global-override-settings-to-control-azacsnap-behavior).
+  - Allow configurable wait time-out for Microsoft SQL Server. This option helps you increase time-out for slow responding systems (default and minimum value is 30 seconds).
+    - Added a global override variable `MSSQL_CMD_TIMEOUT_SECS` to be used in either the `.azacsnaprc` file or as an environment variable set to the required wait time-out in seconds. For details on configuration refer to the [global override settings to control AzAcSnap behavior](azacsnap-tips.md#global-override-settings-to-control-azacsnap-behavior).
 
 Download the binary of [AzAcSnap 10a for Linux](https://aka.ms/azacsnap-10a-linux)([signature file](https://aka.ms/azacsnap-10a-linux-signature)) or [AzAcSnap 10a for Windows](https://aka.ms/azacsnap-10a-windows).
 
@@ -42,13 +42,13 @@ AzAcSnap 10 is being released with the following fixes and improvements:
   - New configuration file layout.
     - To upgrade pre-AzAcSnap 10 configurations use the `azacsnap -c configure --configuration new` command to create a new configuration file and use the values in your existing configuration file.
   - Azure Large Instance storage management via REST API over HTTPS.
-    - This allows the use of Consistency Group snapshots on supported Azure Large Instance storage.
+    - This change to the REST API allows the use of Consistency Group snapshots on supported Azure Large Instance storage.
 - Fixes and Improvements:
-  - New `--flush` option which will flush in memory file buffers for local storage, useful for Azure Large Instance and Azure Managed Disk when connected as block storage.
+  - New `--flush` option which flushes in memory file buffers for local storage, useful for Azure Large Instance and Azure Managed Disk when connected as block storage.
   - Logging improvements.
 - Features removed:
   - AzAcSnap installer for Linux.
-    - AzAcSnap is now downloadable as a binary for supported versions of Linux and Windows.  This simplifies access to the AzAcSnap program allowing you to get started quickly.
+    - AzAcSnap is now downloadable as a binary for supported versions of Linux and Windows to simplify access to the AzAcSnap program allowing you to get started quickly.
   - Azure Large Instance storage management via CLI over SSH.
     - CLI over SSH replaced with the REST API over HTTPS.
 
@@ -123,15 +123,15 @@ AzAcSnap 8 is being released with the following fixes and improvements:
   - Restore (`-c restore`) changes:
     - New ability to use `-c restore` to `--restore revertvolume` for Azure NetApp Files.
   - Backup (`-c backup`) changes:
-    - Fix for incorrect error output when using `-c backup` and the database has ‘backint’ configured.
+    - Fix for incorrect error output when using `-c backup` and the database has "backint" configured.
     - Remove lower-case conversion for anfBackup rename-only option using `-c backup` so the snapshot name maintains case of Volume name.
     - Fix for when a snapshot is created even though SAP HANA wasn't put into backup-mode. Now if SAP HANA can't be put into backup-mode, AzAcSnap immediately exits with an error.
   - Details (`-c details`) changes:
     - Fix for listing snapshot details with `-c details` when using Azure Large Instance storage.
   - Logging enhancements:
     - Extra logging output to syslog (for example, `/var/log/messages`) on failure.
-    - New “mainlog” (`azacsnap.log`) to provide a more parse-able high-level log of commands run with success or failure result.
-  - New global settings file (`.azacsnaprc`) to control behavior of azacsnap, including location of “mainlog” file.
+    - New "mainlog" (`azacsnap.log`) to provide a more parse-able high-level log of commands run with success or failure result.
+  - New global settings file (`.azacsnaprc`) to control behavior of azacsnap, including location of "mainlog" file.
 
 Download the [AzAcSnap 8](https://aka.ms/azacsnap-8) installer.
 
@@ -157,7 +157,7 @@ AzAcSnap 7 is being released with the following fixes and improvements:
   - Backup (`-c backup`) changes:
     - Shorten suffix added to the snapshot name. The previous 26 character suffix of "YYYY-MM-DDThhhhss-nnnnnnnZ" was too long. The suffix is now an 11 character hex-decimal based on the ten-thousandths of a second since the Unix epoch to avoid naming collisions, for example, F2D212540D5.
     - Increased validation when creating snapshots to avoid failures on snapshot creation retry.
-    - Time out when executing AzAcSnap mechanism to disable/enable backint (`autoDisableEnableBackint=true`) now aligns with other SAP HANA related operation timeout values.
+    - Time out when executing AzAcSnap mechanism to disable/enable backint (`autoDisableEnableBackint=true`) now aligns with other SAP HANA related operation time-out values.
     - Azure Backup now allows third party snapshot-based backups without impact to streaming backups (also known as "backint"). Therefore, AzAcSnap "backint" detection logic is reordered to allow for future deprecation of this feature. By default this setting is disabled (`autoDisableEnableBackint=false`). For customers who relied on this feature to take snapshots with AzAcSnap and use Azure Backup, keeping this value as true means AzAcSnap 7 continues to disable/enable backint. As this setting is no longer necessary for Azure Backup, we recommend testing AzAcSnap backups with the value of `autoDisableEnableBackint=false`, and then if successful make the same change in your production deployment.
   - Restore (`-c restore`) changes:
     - Ability to create a custom suffix for Volume clones created when using `-c restore --restore snaptovol` either:
@@ -207,6 +207,8 @@ AzAcSnap v5.0.3 (Build: 20220524.14204) is provided as a patch update to the v5.
 
 - Fix for handling delimited identifiers when querying SAP HANA. This issue only impacted SAP HANA in HSR-HA node when there's a Secondary node configured with "logreplay_readaccss" and is resolved.
 
+Download the [AzAcSnap 5.0.3](https://aka.ms/azacsnap-5) installer.
+
 ### AzAcSnap v5.1 Preview (Build: 20220524.15550)
 
 AzAcSnap v5.1 Preview (Build: 20220524.15550) is an updated build to extend the preview expiry date for 90 days. This update contains the fix for handling delimited identifiers when querying SAP HANA as provided in v5.0.3.
@@ -270,7 +272,7 @@ AzAcSnap v5.0.1 (Build: 20210524.14837) is provided as a patch update to the v5.
 
 AzAcSnap v5.0 (Build: 20210421.6349) is now Generally Available and for this build had the following fixes and improvements:
 
-- The hdbsql retry timeout (to wait for a response from SAP HANA) is automatically set to half of the "savePointAbortWaitSeconds" to avoid race conditions. The setting for "savePointAbortWaitSeconds" can be modified directly in the JSON configuration file and must be a minimum of 600 seconds.
+- The hdbsql retry time-out (to wait for a response from SAP HANA) is automatically set to half of the "savePointAbortWaitSeconds" to avoid race conditions. The setting for "savePointAbortWaitSeconds" can be modified directly in the JSON configuration file and must be a minimum of 600 seconds.
 
 ## March-2021
 

articles/network-watcher/connection-troubleshoot-overview.md

@@ -34,7 +34,7 @@ Connection troubleshoot provides the capability to check TCP or ICMP connections
 - Virtual machines
 - Virtual machine scale sets
 - Azure Bastion instances
-- Application gateways v2 (except private deployments. For more information, see [Private Application Gateway deployment (preview)](../application-gateway/application-gateway-private-deployment.md))
+- Application gateways v2 (except private deployments). For more information, see [Private Application Gateway deployment](../application-gateway/application-gateway-private-deployment.md)
 
 > [!IMPORTANT]
 > Connectivity test of connection troubleshoot requires that the virtual machine you run the test from has the ***Network Watcher agent VM extension*** installed.  This extension is not required for running other connection troubleshoot tests or on the destination virtual machine.

articles/virtual-wan/TOC.yml

@@ -208,7 +208,9 @@
           href: certificates-point-to-site.md
       - name: Microsoft Entra ID authentication
         items:
-        - name: Configure a P2S VPN
+        - name: Configure P2S - Microsoft-registered VPN client
+          href: point-to-site-entra-gateway.md
+        - name: Configure P2S - manually registered VPN client
           href: virtual-wan-point-to-site-azure-ad.md
         - name: Configure a tenant
           href: openvpn-azure-ad-tenant.md

articles/virtual-wan/point-to-site-entra-gateway.md

@@ -0,0 +1,129 @@
+---
+title: 'Configure P2S User VPN for Microsoft Entra ID authentication: Microsoft-registered client'
+titleSuffix: Azure Virtual WAN
+description: Learn how to configure Virtual WAN P2S User VPN server settings for Microsoft Entra ID authentication using Microsoft-registered Azure VPN Client.
+services: virtual-wan
+author: cherylmc
+ms.service: azure-virtual-wan
+ms.topic: how-to
+ms.date: 01/14/2025
+ms.author: cherylmc 
+
+#Audience ID values are not sensitive data.
+
+---
+# Configure P2S User VPN for Microsoft Entra ID authentication – Microsoft-registered app
+
+This article helps you configure point-to-site User VPN connection to Virtual WAN that uses Microsoft Entra ID authentication and the new Microsoft-registered Azure VPN Client App ID.
+
+> [!NOTE]
+> The steps in this article apply to Microsoft Entra ID authentication using the new Microsoft-registered Azure VPN Client App ID and associated Audience values. This article doesn't apply to the older, manually registered Azure VPN Client app for your tenant. For the manually registered Azure VPN Client steps, see [Configure P2S using manually registered VPN client](virtual-wan-point-to-site-azure-ad.md).
+
+[!INCLUDE [About Microsoft-registered app](../../includes/virtual-wan-entra-app-id-descriptions.md)]
+
+[!INCLUDE [OpenVPN note](../../includes/vpn-gateway-openvpn-auth-include.md)]
+
+In this article, you learn how to:
+
+* Create a virtual WAN
+* Create a User VPN configuration
+* Download a virtual WAN User VPN profile
+* Create a virtual hub
+* Edit a hub to add P2S gateway
+* Connect a virtual network to a virtual hub
+* Download and apply the User VPN client configuration
+* View your virtual WAN
+
+:::image type="content" source="./media/virtual-wan-about/virtualwanp2s.png" alt-text="Screenshot of Virtual WAN diagram." lightbox="./media/virtual-wan-about/virtualwanp2s.png":::
+
+## Before you begin
+
+Verify that you've met the following criteria before beginning your configuration:
+
+* You have a virtual network that you want to connect to. Verify that none of the subnets of your on-premises networks overlap with the virtual networks that you want to connect to. To create a virtual network in the Azure portal, see the [Quickstart](../virtual-network/quick-create-portal.md).
+
+* Your virtual network doesn't have any virtual network gateways. If your virtual network has a gateway (either VPN or ExpressRoute), you must remove all gateways. The steps for this configuration help you connect your virtual network to the Virtual WAN virtual hub gateway.
+
+* Obtain an IP address range for your hub region. The hub is a virtual network that is created and used by Virtual WAN. The address range that you specify for the hub can't overlap with any of your existing virtual networks that you connect to. It also can't overlap with your address ranges that you connect to on premises. If you're unfamiliar with the IP address ranges located in your on-premises network configuration, coordinate with someone who can provide those details for you.
+
+* You need a Microsoft Entra ID tenant for this configuration. If you don't have one, you can create one by following the instructions in [Create a new tenant](/entra/fundamentals/create-new-tenant).
+
+## <a name="wan"></a>Create a virtual WAN
+
+From a browser, navigate to the [Azure portal](https://portal.azure.com) and sign in with your Azure account.
+
+[!INCLUDE [Create a virtual WAN](../../includes/virtual-wan-create-vwan-include.md)]
+
+## <a name="user-config"></a>Create a User VPN configuration
+
+A User VPN configuration defines the parameters for connecting remote clients. It's important to create the User VPN configuration before configuring your virtual hub with P2S settings, as you must specify the User VPN configuration you want to use.
+
+> [!IMPORTANT]
+> [!INCLUDE [Microsoft Entra ID note for portal pages](../../includes/vpn-gateway-entra-portal-note.md)]
+
+1. Go to your Virtual WAN. In the left pane, expand **Connectivity** and select the **User VPN configurations** page. On the **User VPN configurations** page, click **+Create user VPN config**.
+1. On the **Basics** page, specify the following parameters.
+
+    * **Configuration name** - Enter the name you want to call your User VPN Configuration. For example, **TestConfig1**.
+    * **Tunnel type** - Select OpenVPN from the dropdown menu.
+1. At the top of the page, click **Azure Active Directory**. You can view the necessary values on the Microsoft Entra ID page for Enterprise applications in the portal.
+
+    :::image type="content" source="./media/virtual-wan-point-to-site-azure-ad/values.png" alt-text="Screenshot of the Microsoft Entra ID page." lightbox="./media/virtual-wan-point-to-site-azure-ad/values.png"::: Configure the following values:
+
+   * **Azure Active Directory** - Select **Yes**.
+   * **Audience** - Enter the corresponding value for the Microsoft-registered Azure VPN Client App ID, Azure Public: `c632b3df-fb67-4d84-bdcf-b95ad541b5c8`. [Custom audience](../vpn-gateway/point-to-site-entra-register-custom-app.md) is also supported for this field.
+   * **Issuer** - Enter `https://sts.windows.net/<your Directory ID>/`.
+   * **AAD Tenant** - Enter the TenantID for the Microsoft Entra tenant. Make sure there isn't an `/` at the end of the Microsoft Entra tenant URL.
+
+1. Click **Create** to create the User VPN configuration. You'll select this configuration later in the exercise.
+
+## <a name="site"></a>Create an empty hub
+
+Next, create the virtual hub. The steps in this section create an empty virtual hub to which you can later add the P2S gateway. However, it's always much more efficient to combine creating the hub along with the gateway because each time you make a configuration change to the hub, you have to wait for the hub settings to build.
+
+For demonstration purposes, we'll create an empty hub first, then add the P2S gateway in the next section. But, you can choose to incorporate the P2S gateway settings from the next section at the same time you configure the hub.
+
+[!INCLUDE [Create an empty hub](../../includes/virtual-wan-hub-basics.md)]
+
+After configuring the settings, click **Review + create** to validate, then **Create** the hub. It can take up to 30 minutes to create a hub.
+
+## <a name="hub"></a>Add a P2S gateway to a hub
+
+This section shows you how to add a gateway to an already existing virtual hub. It can take up to 30 minutes to update a hub.
+
+1. Go to your Virtual WAN. In the left pane, expand **Settings** and select **Hubs**.
+1. Click the name of the hub that you want to edit.
+1. Click **Edit virtual hub** at the top of the page to open the **Edit virtual hub** page.
+1. On the **Edit virtual hub** page, check the checkboxes for **Include vpn gateway for vpn sites** and **Include point-to-site gateway** to reveal the settings. Then configure the values.
+
+   :::image type="content" source="./media/virtual-wan-point-to-site-azure-ad/hub.png" alt-text="Screenshot shows the Edit virtual hub." lightbox="./media/virtual-wan-point-to-site-azure-ad/hub.png":::
+
+   * **Gateway scale units**: Select the Gateway scale units. Scale units represent the aggregate capacity of the User VPN gateway. If you select 40 or more gateway scale units, plan your client address pool accordingly. For information about how this setting impacts the client address pool, see [About client address pools](about-client-address-pools.md). For information about gateway scale units, see the [FAQ](virtual-wan-faq.md#p2s-concurrent).
+   * **User VPN configuration**: Select the configuration that you created earlier.
+   * **User Groups to Address Pools Mapping**: Specify address pools. For information about this setting, see [Configure user groups and IP address pools for P2S User VPNs](user-groups-create.md).
+
+1. After configuring the settings, click **Confirm** to update the hub. It can take up to 30 minutes to update a hub.
+
+## <a name="connect-vnet"></a>Connect virtual network to hub
+
+In this section, you create a connection between your virtual hub and your virtual network.
+
+[!INCLUDE [Connect virtual network](../../includes/virtual-wan-connect-vnet-hub-include.md)]
+
+## <a name="download-profile"></a>Download User VPN profile
+
+All of the necessary configuration settings for the VPN clients are contained in a VPN client configuration zip file. The settings in the zip file help you easily configure the VPN clients. The VPN client configuration files that you generate are specific to the User VPN configuration for your gateway. You can download global (WAN-level) profiles, or a profile for a specific hub. For information and additional instructions, see [Download global and hub profiles](global-hub-profile.md). The following steps walk you through downloading a global WAN-level profile.
+
+[!INCLUDE [Download profile](../../includes/virtual-wan-p2s-download-profile-include.md)]
+
+##  <a name="configure-client"></a>Configure the Azure VPN Client
+
+Next, you examine the profile configuration package, configure the Azure VPN Client for the client computers, and connect to Azure. See the articles listed in the Next steps section.
+
+## Next steps
+
+Configure the Azure VPN Client. You can use the steps in the VPN Gateway client documentation to configure the Azure VPN Client for Virtual WAN.
+
+* [Azure VPN Client for Linux](../vpn-gateway/point-to-site-entra-vpn-client-linux.md)
+* [Azure VPN Client for Windows](../vpn-gateway/point-to-site-entra-vpn-client-windows.md)
+* [Azure VPN Client for macOS](../vpn-gateway/point-to-site-entra-vpn-client-mac.md)