Merge pull request #295134 from MicrosoftDocs/main

2/21/2025 PM Publish

Author: Albertyang0

articles/active-directory-b2c/faq.yml

@@ -163,6 +163,18 @@ sections:
           * **Audit reports** include both admin activity and application activity.
           * **Usage reports** include the number of users, number of logins, and volume of MFA.
 
+      - question: |
+          Why does my Azure AD B2C bill show phone charges named "Microsoft Entra External ID?"
+        answer: |
+          Following the new [billing model](https://azure.microsoft.com/pricing/details/active-directory-b2c/) for Azure AD External Identities SMS Phone Authentication, you may notice a new name on your bill. Previously, Phone MFA was billed as "Azure Active Directory B2C - Basic 1 Multi-Factor Authentication." Now you’ll see the following names based on your [country or region pricing tier](https://aka.ms/B2CSMSCountries):
+          
+          * Microsoft Entra External ID - Phone Authentication Low Cost 1 Transaction
+          * Microsoft Entra External ID - Phone Authentication Mid Low Cost 1 Transaction
+          * Microsoft Entra External ID - Phone Authentication Mid High Cost 1 Transaction
+          * Microsoft Entra External ID - Phone Authentication High Cost 1 Transaction
+          
+          Although the new bill mentions Microsoft Entra External ID, **you’re still billed for Azure AD B2C based on your core MAU count**.
+          
       - question: |
           Can end users use a time-based one-time password (TOTP) with an authenticator app to authenticate to my Azure AD B2C app?
         answer: |
@@ -271,7 +283,7 @@ sections:
       - question: |
           I am using rolling refresh tokens for my application and I am getting an invalid_grant error on redeeming newly acquired refresh tokens well within their set validity period. Why does this happen? 
         answer: |
-          While determining validity for rolling refresh tokens, B2C will consider the initial login time of the user in the application also to calculate the token validity skew. If the user haven't logged out of the application for a very long time, this skew value will exceed the validity period of the token and hence for security reasons the tokens will be considered as invalid. Hence the error. Inform the user to perform a proper logout and login back into the application and this should reset the skew. This scenario is not applicable if refresh token rolling is set as infinite rolling.
+          While determining validity for rolling refresh tokens, B2C will consider the initial login time of the user in the application also to calculate the token validity skew. If the user hasn't logged out of the application for a very long time, this skew value will exceed the validity period of the token and hence for security reasons the tokens will be considered as invalid. Hence the error. Inform the user to perform a proper logout and login back into the application and this should reset the skew. This scenario is not applicable if refresh token rolling is set as infinite rolling.
              
           
       - question: |

articles/api-management/breaking-changes/stv1-platform-retirement-august-2024.md

@@ -5,7 +5,7 @@ services: api-management
 author: dlepow
 ms.service: azure-api-management
 ms.topic: reference
-ms.date: 08/28/2024
+ms.date: 02/19/2025
 ms.author: danlep
 ---
 
@@ -54,9 +54,8 @@ As of 1 September 2024, API Management will no longer provide any service level
 
 Through continued use of an instance hosted on the `stv1` platform beyond the retirement date, you acknowledge that Azure does not commit to the SLA of 99.95% for the retired instances.
 
-### Automatic migration
+[!INCLUDE [api-management-automatic-migration](../../../includes/api-management-automatic-migration.md)]
 
-Starting 1 September 2024, we'll automatically migrate remaining `stv1` service instances to the `stv2` compute platform. All affected customers will be notified of the upcoming automatic migration a week in advance. Automatic migration might cause downtime for your upstream API consumers. You may still migrate your own instances before automatic migration takes place.
 
 [!INCLUDE [api-management-migration-support](../../../includes/api-management-migration-support.md)]
 

articles/api-management/breaking-changes/stv1-platform-retirement-sovereign-clouds-february-2025.md

@@ -52,6 +52,7 @@ As of 1 September 2024, API Management will no longer provide any service level
 
 Through continued use of an instance hosted on the `stv1` platform beyond 1 September 2024, you acknowledge that Azure does not commit to the SLA of 99.95%.
 
+[!INCLUDE [api-management-automatic-migration](../../../includes/api-management-automatic-migration.md)]
 
 [!INCLUDE [api-management-migration-support](../../../includes/api-management-migration-support.md)]
 

articles/api-management/migrate-stv1-to-stv2-vnet.md

@@ -6,7 +6,7 @@ author: dlepow
 ms.service: azure-api-management
 ms.custom:
 ms.topic: how-to
-ms.date: 11/04/2024
+ms.date: 02/19/2025
 ms.author: danlep
 ---
 
@@ -241,6 +241,9 @@ Under certain conditions, [Option 1: Migrate and keep same subnet](#option-1-mig
 
 * **Azure Key Vault blocked** - If access to Azure Key Vault is currently blocked, you must migrate using Option 2, including setting up NSG rules in the new subnet for access to Azure Key Vault.
 
+[!INCLUDE [api-management-automatic-migration](../../includes/api-management-automatic-migration.md)]
+
+
 [!INCLUDE [api-management-migration-support](../../includes/api-management-migration-support.md)]
 
 ## Frequently asked questions

articles/api-management/virtual-network-reference.md

@@ -87,7 +87,7 @@ NSG rules allowing outbound connectivity to Storage, SQL, and Azure Event Hubs s
 
 ## TLS functionality  
 
-To enable TLS/SSL certificate chain building and validation, the API Management service needs outbound network connectivity on ports `80` and `443` to `ocsp.msocsp.com`, `oneocsp.msocsp.com`, `mscrl.microsoft.com`, `crl.microsoft.com`, and `csp.digicert.com`. This dependency is not required if any certificate you upload to API Management contains the full chain to the CA root.
+To enable TLS/SSL certificate chain building and validation, the API Management service needs outbound network connectivity on ports `80` and `443` to `ocsp.msocsp.com`, `oneocsp.msocsp.com`, `mscrl.microsoft.com`, `crl.microsoft.com`, `cacerts.digicert.com`, `crl3.digicert.com` and `csp.digicert.com`. 
 
 
 ## DNS access

articles/app-service/app-service-configure-premium-tier.md

@@ -4,27 +4,32 @@ description: Learn how to better performance for your web, mobile, and API app i
 keywords: app service, azure app service, scale, scalable, app service plan, app service cost
 ms.assetid: ff00902b-9858-4bee-ab95-d3406018c688
 ms.topic: article
-ms.date: 08/29/2023
+ms.date: 02/21/2025
 ms.author: msangapu
 author: msangapu-msft
 ms.custom: devx-track-azurecli, devx-track-azurepowershell
+#customer intent: As a deployment engineer, I want to understand the process and the benefits of scaling up apps to the Premium V3 pricing tier in Azure App Service.
 ---
 
 # Configure Premium V3 tier for Azure App Service
 
-The new Premium V3 pricing tier gives you faster processors, SSD storage, memory-optimized options, and quadruple the memory-to-core ratio of the existing pricing tiers (double the Premium V2 tier). With the performance advantage, you could save money by running your apps on fewer instances. In this article, you learn how to create an app in Premium V3 tier or scale up an app to Premium V3 tier.
+The new Premium V3 pricing tier gives you faster processors, SSD storage, and memory-optimized options. It offers to quadruple the memory-to-core ratio of the existing pricing tiers. The memory-to-core ratio is double the Premium V2 tier. With the performance advantage, you could save money by running your apps on fewer instances. In this article, you learn how to create an app in Premium V3 tier or scale up an app to Premium V3 tier.
 
 ## Prerequisites
 
-To scale-up an app to Premium V3, you need to have an Azure App Service app that runs in a pricing tier lower than Premium V3, and the app must be running in an App Service deployment that supports Premium V3. Additionally the App Service deployment must support the desired SKU within Premium V3.
+To scale-up an app to Premium V3:
+
+- An Azure App Service app that runs in a pricing tier lower than Premium V3.
+- The app must run in an App Service deployment that supports Premium V3.
+- The App Service deployment must support the desired SKU in Premium V3.
 
 <a name="availability"></a>
 
 ## Premium V3 availability
 
 The Premium V3 tier is available for both native and custom containers, including both Windows containers and Linux containers.
 
-Premium V3 as well as specific Premium V3 SKUs are available in some Azure regions and availability in additional regions is being added continually. To see if a specific PremiumV3 offering is available in your region, run the following Azure CLI command in the [Azure Cloud Shell](../cloud-shell/overview.md) (substitute _P1v3_ with the desired SKU):
+Premium V3 and specific Premium V3 SKUs are available in some Azure regions. Microsoft is adding availability in other regions continually. To see if a specific PremiumV3 offering is available in your region, run the following Azure CLI command in the [Azure Cloud Shell](../cloud-shell/overview.md). Substitute *P1v3* with the desired SKU:
 
 **Windows** SKU availability
 
@@ -43,61 +48,62 @@ az appservice list-locations --linux-workers-enabled --sku P1V3
 
 The pricing tier of an App Service app is defined in the [App Service plan](overview-hosting-plans.md) that it runs on. You can create an App Service plan by itself or create it as part of app creation.
 
-When configuring the new App Service plan in the <a href="https://portal.azure.com" target="_blank">Azure portal</a>, select **Pricing plan** and pick one of the **Premium V3** tiers.
+When you configure the new App Service plan in the <a href="https://portal.azure.com" target="_blank">Azure portal</a>, select **Pricing plan** and choose one of the **Premium V3** tiers.
 
 To see all the Premium V3 options, select **Explore pricing plans**, then select one of the Premium V3 plans and select **Select**.
 
 :::image type="content" source="media/app-service-configure-premium-tier/explore-pricing-plans.png" alt-text="Screenshot showing the Explore pricing plans page with a Premium V3 plan selected.":::
 
-> [!IMPORTANT] 
-> If you don't see **P0V3**, **P1V3**, **P2V3**, **P3V3**, **P1mV3**, **P2mV3**, **P3mV3**, **P4mV3**, and **P5mV3** as options, or if some options are greyed out, then either **Premium V3** or an individual SKU within **Premium V3** isn't available in the underlying App Service deployment that contains the App Service plan. See [Scale up from an unsupported resource group and region combination](#unsupported) for more details.
->
+> [!IMPORTANT]
+> You might not see **P0V3**, **P1V3**, **P2V3**, **P3V3**, **P1mV3**, **P2mV3**, **P3mV3**, **P4mV3**, and **P5mV3** as options or some options might be grayed out. If so, either **Premium V3** or an individual SKU in **Premium V3** isn't available in the underlying App Service deployment. For more information, see [Scale up from an unsupported resource group and region combination](#unsupported).
 
 ## Scale up an existing app to Premium V3 tier
 
-Before scaling an existing app to Premium V3 tier, make sure that both Premium V3 as well as the specific SKU within Premium V3 are available. For information, see [PremiumV3 availability](#availability). If it's not available, see [Scale up from an unsupported resource group and region combination](#unsupported).
+Before you scale an existing app to Premium V3 tier, make sure that both Premium V3 and the specific SKU in Premium V3 are available. For more information, see [PremiumV3 availability](#availability). If it's not available, see [Scale up from an unsupported resource group and region combination](#unsupported).
 
-Depending on your hosting environment, scaling up may require extra steps. 
+Depending on your hosting environment, scaling up can require extra steps.
 
-In the <a href="https://portal.azure.com" target="_blank">Azure portal</a>, open your App Service app page.
+1. In the <a href="https://portal.azure.com" target="_blank">Azure portal</a>, open your App Service app page.
 
-In the left navigation of your App Service app page, select **Scale up (App Service plan)**.
+1. In the left navigation of your App Service app page, select **Settings** > **Scale up (App Service plan)**.
 
-![Screenshot showing how to scale up your app service plan.](media/app-service-configure-premium-tier/scale-up-tier-portal.png)
+   :::image type="content" source="media/app-service-configure-premium-tier/scale-up-tier-portal.png" alt-text="Screenshot showing how to scale up your app service plan.":::
 
-Select one of the Premium V3 plans and select **Select**.
+1. Select one of the Premium V3 plans and select **Select**.
 
-:::image type="content" source="media/app-service-configure-premium-tier/explore-pricing-plans.png" alt-text="Screenshot showing the Explore pricing plans page with a Premium V3 plan selected.":::
+   :::image type="content" source="media/app-service-configure-premium-tier/explore-pricing-plans.png" alt-text="Screenshot showing the Explore pricing plans page with a Premium V3 plan selected.":::
 
-If your operation finishes successfully, your app's overview page shows that it's now in a Premium V3 tier.
+   If your operation finishes successfully, your app's overview page shows that it's now in a Premium V3 tier.
 
-![Screenshot showing the Premium V3 pricing tier on your app's overview page.](media/app-service-configure-premium-tier/finished.png)
+   :::image type="content" source="media/app-service-configure-premium-tier/finished.png" alt-text="Screenshot showing the Premium V3 pricing tier on your app's overview page.":::
 
 ### If you get an error
 
-Some App Service plans can't scale up to the Premium V3 tier, or to a newer SKU within Premium V3, if the underlying App Service deployment doesn’t support the requested Premium V3 SKU. See [Scale up from an unsupported resource group and region combination](#unsupported) for more details.
+If the underlying App Service deployment doesn't support the requested Premium V3 SKU, some App Service plans can't scale up to the Premium V3 tier, or to a newer SKU in Premium V3. For more information, see [Scale up from an unsupported resource group and region combination](#unsupported).
 
 <a name="unsupported"></a>
 
 ## Scale up from an unsupported resource group and region combination
 
-If your app runs in an App Service deployment where Premium V3 isn't available, or if your app runs in a region that currently does not support Premium V3, you need to re-deploy your app to take advantage of Premium V3. Alternatively newer Premium V3 SKUs may not be available, in which case you also need to re-deploy your app to take advantage of newer SKUs within Premium V3. You have two options:
+If your app runs in an App Service deployment where Premium V3 isn't available or in a region that doesn't support Premium V3, redeploy your app to take advantage of Premium V3. If newer Premium V3 SKUs aren't available, you also need to redeploy your app to use newer SKUs in Premium V3. You have two options:
+
+- Create an app in a new resource group and with a new App Service plan.
 
-- Create an app in a new resource group and with a new App Service plan. When creating the App Service plan, select the desired Premium V3 tier. This step ensures that the App Service plan is deployed into a deployment unit that supports Premium V3 as well as the specific SKU within Premium V3. Then, redeploy your application code into the newly created app. Even if you scale the new App Service plan down to a lower tier to save costs, you can always scale back up to Premium V3 and the desired SKU within Premium V3 because the deployment unit supports it.
+  When creating the App Service plan, select the desired Premium V3 tier. This step ensures that the App Service plan is deployed into a deployment unit that supports Premium V3 and the specific SKU in Premium V3. Then, redeploy your application code into the newly created app. Even if you scale the new App Service plan down to a lower tier to save costs, you can always scale up again to Premium V3 and the desired SKU in Premium V3 because the deployment unit supports it.
 
-    ![Screenshot showing how to clone your app.](media/app-service-configure-premium-tier/clone-app.png)
+- In the **Development tools** > **Clone app** page, you can create an App Service plan using Premium V3 in the region you want, and specify the app settings and configuration that you want to clone.
+
+  :::image type="content" source="media/app-service-configure-premium-tier/clone-app.png" alt-text="Screenshot showing how to clone your app.":::
 
-    In the **Clone app** page, you can create an App Service plan using Premium V3 in the region you want, and specify the app settings and configuration that you want to clone.
- 
 ## Automate with scripts
 
 You can automate app creation in the Premium V3 tier with scripts, using the [Azure CLI](/cli/azure/install-azure-cli) or [Azure PowerShell](/powershell/azure/).
 
 ### Azure CLI
 
-The following command creates an App Service plan in _P1V3_. You can run it in the Cloud Shell. The options for `--sku` are _P0V3_, _P1V3_, _P2V3_, _P3V3_, _P1mV3_, _P2mV3_, _P3mV3_, _P4mV3_, and _P5mV3_.
+The following command creates an App Service plan in *P1V3*. You can run it in the Cloud Shell. The options for `--sku` are *P0V3*, *P1V3*, *P2V3*, *P3V3*, *P1mV3*, *P2mV3*, *P3mV3*, *P4mV3*, and *P5mV3*.
 
-```azurecli-interactive
+```azurecli
 az appservice plan create \
     --resource-group <resource_group_name> \
     --name <app_service_plan_name> \
@@ -108,7 +114,7 @@ az appservice plan create \
 
 [!INCLUDE [updated-for-az](~/reusable-content/ce-skilling/azure/includes/updated-for-az.md)]
 
-The following command creates an App Service plan in _P1V3_. The options for `-WorkerSize` are _Small_, _Medium_, and _Large_.
+The following command creates an App Service plan in _P1V3_. The options for `-WorkerSize` are *Small*, *Medium*, and *Large*.
 
 ```powershell
 New-AzAppServicePlan -ResourceGroupName <resource_group_name> `
@@ -118,8 +124,8 @@ New-AzAppServicePlan -ResourceGroupName <resource_group_name> `
     -WorkerSize "Small"
 ```
 
-## More resources
+## Related content
 
-* [Scale up an app in Azure](manage-scale-up.md)
-* [Scale instance count manually or automatically](/azure/azure-monitor/autoscale/autoscale-get-started)
-* [Tutorial: Run a load test to identify performance bottlenecks in a web app](../load-testing/tutorial-identify-bottlenecks-azure-portal.md)
+- [Scale up an app in Azure App Service](manage-scale-up.md)
+- [Get started with autoscale in Azure](/azure/azure-monitor/autoscale/autoscale-get-started)
+- [Run a load test to identify performance bottlenecks in a web app](../load-testing/tutorial-identify-bottlenecks-azure-portal.md)

articles/app-service/media/app-service-configure-premium-tier/clone-app.png

@@ -55,9 +55,6 @@ Key benefits include:
 - **Better Performance**: Uses streamlined encryption algorithms that lower computational overhead and improve efficiency.
 - **Enhanced Privacy**: Encrypts handshake messages, reducing metadata exposure and mitigating downgrade attacks.
 
-#### Default Configuration  
-TLS 1.3 is fully supported in Azure App Service and can be enabled by setting the **Minimum Inbound TLS Version** to **1.3** in the Azure portal, CLI, or ARM templates.
-
 #### Cipher Suites  
 A [Minimum TLS Cipher Suite](#minimum-tls-cipher-suite) setting is available with TLS 1.3. This includes two cipher suites at the top of the cipher suite order:
 - TLS_AES_256_GCM_SHA384