Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

articles/app-service/index.yml

@@ -9,7 +9,7 @@ metadata:
   ms.topic: landing-page
   ms.author: msangapu
   ms.service: azure-app-service
-  ms.date: 01/22/2025
+  ms.date: 06/10/2025
   ms.custom: UpdateFrequency3
 
 landingContent:
@@ -74,12 +74,20 @@ landingContent:
           - text: Invoke OpenAPI web app from Azure AI Agent
             url: invoke-openapi-web-app-from-azure-ai-agent-service.md
 
-  - title: Troubleshoot with Azure SRE Agent (AI)
+  - title: Secure and deploy  
     linkLists:
+      - linkListType: concept
+        links:
+          - text: Security in Azure App Service
+            url: overview-security.md        
       - linkListType: tutorial
         links:
-          - text: Fix application issues with SRE Agent
-            url: tutorial-sre-agent.md
+          - text: Secure with custom domain and certificate
+            url: tutorial-secure-domain-certificate.md
+          - text: Continuous deployment
+            url: deploy-continuous-deployment.md
+          - text: Upload content with FTP
+            url: deploy-ftp.md
 
   - title: Build a CRUD app
     linkLists:
@@ -102,18 +110,9 @@ landingContent:
           - text: REST API
             url: /rest/api/appservice/
 
-  - title: Secure and deploy  
+  - title: Troubleshoot with Azure SRE Agent (AI)
     linkLists:
-      - linkListType: concept
-        links:
-          - text: Security in Azure App Service
-            url: overview-security.md        
       - linkListType: tutorial
         links:
-          - text: Secure with custom domain and certificate
-            url: tutorial-secure-domain-certificate.md
-          - text: Continuous deployment
-            url: deploy-continuous-deployment.md
-          - text: Upload content with FTP
-            url: deploy-ftp.md
-
+          - text: Fix application issues with SRE Agent
+            url: tutorial-sre-agent.md

articles/application-gateway/configuration-listeners.md

@@ -85,7 +85,9 @@ $gw.EnableHttp2 = $true
 Set-AzApplicationGateway -ApplicationGateway $gw
 ```
 
-You can also enable HTTP2 support using the Azure portal by selecting **Enabled** under **HTTP2** in Application gateway > Configuration. 
+> [!IMPORTANT]
+> When creating an application gateway resource through the Azure portal, the default option for **HTTP2** is set as enabled. You can choose **Disabled** during creation, and re-enabled HTTP2 support using the Azure portal by selecting **Enabled** under **HTTP2** in **Application gateway > Configuration**.
+>
 
 ### WebSocket support
 

articles/application-gateway/key-vault-certs.md

@@ -121,7 +121,8 @@ For Cert name, type a friendly name for the certificate to be referenced in Key
 Once selected, select  **Add** (if creating) or **Save** (if editing) to apply the referenced Key Vault certificate to the listener.
 
 #### Key Vault Azure role-based access control permission model
-Application Gateway supports certificates referenced in Key Vault via the Role-based access control permission model. The first few steps to reference the Key Vault must be completed via ARM template, Bicep, CLI, or  PowerShell.
+
+Application Gateway supports certificates referenced in Key Vault via the Role-based access control permission model. The first few steps to reference the Key Vault must be completed via ARM template, Bicep, CLI, or PowerShell. During this process, a managed identity containing the proper Role-based access control permissions is utilized.
 
 > [!Note]
 > Specifying Azure Key Vault certificates that are subject to the role-based access control permission model is not supported via the portal.
@@ -140,7 +141,7 @@ Add-AzApplicationGatewaySslCertificate -KeyVaultSecretId $secretId -ApplicationG
 # Commit the changes to the Application Gateway
 Set-AzApplicationGateway -ApplicationGateway $appgw
 ```
-
+> 
 Once the commands have been executed, you can navigate to your Application Gateway in the Azure portal and select the Listeners tab.  Click Add Listener (or select an existing) and specify the Protocol to HTTPS.
 
 Under **Choose a certificate** select the certificate named in the previous steps.  Once selected, select  *Add* (if creating) or *Save* (if editing) to apply the referenced Key Vault certificate to the listener.

articles/azure-functions/functions-app-settings.md

@@ -203,7 +203,14 @@ A comma-delimited list of beta features to enable. Beta features enabled by thes
 |---|------------|
 |AzureWebJobsFeatureFlags|`feature1,feature2,EnableProxies`|
 
-Add `EnableProxies` to this list to re-enable proxies on version 4.x of the Functions runtime while you plan your migration to Azure API Management. For more information, see [Re-enable proxies in Functions v4.x](./legacy-proxies.md#re-enable-proxies-in-functions-v4x). 
+If your app currently has this setting, add new flags to the end of the comma-delineated list. 
+
+Currently-supported feature flags:
+
+|Flag value | Description |
+| ----- | ----- |
+| `EnableProxies` | Re-enables proxies on version 4.x of the Functions runtime while you plan your migration to Azure API Management. For more information, see [Re-enable proxies in Functions v4.x](./legacy-proxies.md#re-enable-proxies-in-functions-v4x). |
+| `EnableAzureMonitorTimeIsoFormat` | Enables the `ISO 8601` time format in Azure Monitor logs for Linux apps running on a Dedicated (App Service) plan. |
 
 ## AzureWebJobsKubernetesSecretName 
 

articles/azure-functions/functions-bindings-mcp.md

@@ -48,7 +48,7 @@ To use this experimental bundle in your app, replace the existing `extensionBund
 
 ```json
 "extensionBundle": {
-  "id": "Microsoft.Azure.Functions.ExtensionBundle.Preview",
+  "id": "Microsoft.Azure.Functions.ExtensionBundle.Experimental",
   "version": "[4.*, 5.0.0)"
 }
 ```

articles/azure-vmware/azure-vmware-solution-known-issues.md

@@ -4,7 +4,7 @@ description: This article provides details about the known issues of Azure VMwar
 ms.topic: reference
 ms.custom: "engagement-fy23"
 ms.service: azure-vmware
-ms.date: 6/9/2025
+ms.date: 6/10/2025
 ---
 
 # Known issues: Azure VMware Solution
@@ -16,6 +16,7 @@ Refer to the table to find details about resolution dates or possible workaround
 |Issue | Date discovered | Workaround | Date resolved |
 | :------------------------------------- | :------------ | :------------- | :------------- |
 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) Multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228) have been identified in VMware ESXi and vCenter Server. | May 2025 | Microsoft, in collaboration with Broadcom/VMware, has confirmed the applicability of these vulnerabilities to Azure VMware Solution (AVS). Existing security controls, including cloudadmin role restrictions and network isolation, are deemed to significantly mitigate the impact of these vulnerabilities prior to official patching. The vulnerabilities have been adjudicated with a combined adjusted Environmental Score of [6.8](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H) within the Azure VMware Solution. Until the update is fully addressed, customers are advised to exercise additional caution when granting administrative access to guest virtual machines and to actively monitor any administrative activities performed on them. | N/A |
+|[VMSA-2025-0007](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683) VMware Tools update addresses an insecure file handling vulnerability (CVE-2025-22247). | May 2025 | To remediate CVE-2025-22247, apply version 12.5.2 of VMware Tools, use the Azure VMware Solution Run command ``Set-Tools-Repo.`` | May 2025 |
 | ESXi hosts may experience operational issues if NSX Layer-2 DFW default rule logging is enabled. More information can be obtained in this Knowledge Base article from Broadcom: [ESXi hosts may experience operational issues if L2 DFW default rule logging is enabled.](https://knowledge.broadcom.com/external/article/326455/esxi-hosts-may-experience-operational-is.html) | May 2025 | It is not recommended to enable logging on the default Layer-2 DFW rule in a Production environment for any sustained period of time. If logging must be enabled on an L2 rule, it is advised to create a new L2 rule specific to the traffic flow in question and enable logging on that rule only. Please see [Broadcom Knowledge Base Article 326455.](https://knowledge.broadcom.com/external/article/326455/esxi-hosts-may-experience-operational-is.html).| N/A |
 | With VMware HCX versions 4.10.3 and earlier, attempts to download upgrade bundles or the Connector OVA directly from the HCX Manager UI (port 443) fail due to the decommissioning of the external image depot server. More information can be obtained in this Knowledge Base article from Broadcom: [Upgrade Bundle Download from 443 UI will Fail in All HCX versions prior to 4.11](https://knowledge.broadcom.com/external/article/395372)| April 2025 | We will begin upgrading all Azure VMware Solution customers to HCX 4.11.0 in the coming weeks, this will provide customers with access to the HCX Connector upgrade bundles, which will be stored on their vSAN datastore. Until then, all customers will need to submit a support request (SR) to obtain the required upgrade bundles. | May 2025 |
 |[VMSA-2025-0005](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518) VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230). | April 2025 | To remediate CVE-2025-22230, apply version 12.5.1 of VMware Tools, use the Azure VMware Solution Run command ``Set-Tools-Repo.`` | May 2025 |

articles/azure-vmware/upgrade-hcx-azure-vmware-solutions.md

@@ -125,7 +125,7 @@ To ensure smooth migration, customers are required to upgrade any paired HCX con
 
 ### What is the impact of an HCX upgrade? 
 
-Apply service updates during a maintenance window where no new HCX operations and migration are queued up. The upgrade window accounts for a brief disruption to the Network Extension service, while the appliances are redeployed with the updated code.  
+Apply service updates during a maintenance window where no new HCX operations and migration are queued up.  
 For individual HCX component upgrade impact, see [Planning for HCX Updates](https://techdocs.broadcom.com/us/en/vmware-cis/hcx/vmware-hcx/4-10/vmware-hcx-user-guide-4-10/updating-vmware-hcx/planning-for-hcx-updates.html). 
 
 ### Do I need to upgrade the service mesh appliances? 

articles/communication-services/samples/includes/call-automation-azure-openai-csharp.md

@@ -25,6 +25,9 @@ This server-side application helps create a virtual assistant that can handle ph
 - Azure Dev Tunnels. For details, see  [Enable dev tunnel](/azure/developer/dev-tunnels/get-started)
 - An Azure OpenAI Resource and Deployed Model. See [instructions](/azure/ai-services/openai/how-to/create-resource?pivots=web-portal).
 
+> [!NOTE]
+> Bidirectional Streaming in Azure Communication Services is generally available, but the Azure OpenAI real-time API has its own release schedule. For up-to-date info on the API’s availability, check out the [official docs](/azure/ai-services/openai/concepts/models?tabs=global-standard%2Cstandard-chat-completions#audio-models).
+
 ## Set up instructions
 
 Before running this sample, you need to set up the resources with the following configuration updates:

articles/communication-services/samples/includes/call-automation-azure-openai-js.md

@@ -27,6 +27,9 @@ This server-side application helps create a virtual assistant that can handle ph
 - Azure Dev Tunnels. For details, see  [Enable dev tunnel](/azure/developer/dev-tunnels/get-started)
 - An Azure OpenAI Resource and Deployed Model. See [instructions](/azure/ai-services/openai/how-to/create-resource?pivots=web-portal).
 
+> [!NOTE]
+> Bidirectional Streaming in Azure Communication Services is generally available, but the Azure OpenAI real-time API has its own release schedule. For up-to-date info on the API’s availability, check out the [official docs](/azure/ai-services/openai/concepts/models?tabs=global-standard%2Cstandard-chat-completions#audio-models).
+
 
 ## Before running the sample for the first time