Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

articles/application-gateway/tutorial-ingress-controller-add-on-existing.md

@@ -57,6 +57,9 @@ To configure more parameters for the above command, see [az aks create](/cli/azu
 >[!NOTE]
 >If you are planning on using AGIC with an AKS cluster using CNI Overlay, specify the parameter `--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/AppGatewayWithOverlayPreview` to configure AGIC to handle connectivity to the CNI Overlay enabled cluster.
 
+>[!WARNING]
+>This document assumes Azure CNI is installed in the AKS cluster. If you are planning on using CNI Overlay, you must ensure Application Gateway and the AKS cluster are part of the same virtual network.
+
 ## Deploy a new application gateway 
 
 You'll now deploy a new application gateway, to simulate having an existing application gateway that you want to use to load balance traffic to your AKS cluster, **myCluster**. The name of the application gateway will be **myApplicationGateway**, but you'll need to first create a public IP resource, named **myPublicIp**, and a new virtual network called **myVnet** with address space 10.0.0.0/16, and a subnet with address space 10.0.0.0/24 called **mySubnet**, and deploy your application gateway in **mySubnet** using **myPublicIp**. 

articles/azure-resource-manager/templates/deployment-script-template.md

@@ -61,6 +61,9 @@ For deployment script API version 2020-10-01 or later, there are two principals
             "Microsoft.Resources/deployments/*",
             "Microsoft.Resources/deploymentScripts/*"
           ],
+         "dataActions": [
+            "Microsoft.Storage/storageAccounts/fileServices/*"
+          ]
         }
       ],
       "assignableScopes": [

articles/azure-vmware/configure-azure-native-pure-storage-cloud.md

@@ -25,7 +25,7 @@ Pure Storage manages onboarding of Azure Native Pure Storage Cloud for Azure VMw
 
 For more information, see the following resources:
 
-- [Azure Native Pure Storage Cloud - Overview](https://learn.microsoft.com/azure/partner-solutions/pure-storage/overview)
+- [Azure Native Pure Storage Cloud - Overview](/azure/partner-solutions/pure-storage/overview)
 - [Azure Native Pure Storage Cloud - Deployment Guide](https://support.purestorage.com/bundle/m_azure_native_pure_storage_cloud/page/Production/Pure_Cloud_Block_Store/Azure_Native_Pure_Storage_Cloud/deployment/c_psc_deployment.html)
 - [Azure Native Pure Storage Cloud - Management Guide](https://support.purestorage.com/bundle/m_azure_native_pure_storage_cloud/page/Production/Pure_Cloud_Block_Store/Azure_Native_Pure_Storage_Cloud/management/c_psc_management.html)
 - [Azure Native Pure Storage Cloud - Troubleshooting Guide](https://support.purestorage.com/bundle/m_azure_native_pure_storage_cloud/page/Production/Pure_Cloud_Block_Store/Azure_Native_Pure_Storage_Cloud/troubleshooting/c_troubleshooting.html)

articles/azure-web-pubsub/policy-definitions.md

@@ -1,8 +1,8 @@
 ---
 title: Built-in policy definitions for Azure Web PubSub
 description: Lists Azure Policy built-in policy definitions for Azure Web PubSub. These built-in policy definitions provide common approaches to managing your Azure resources.
-author: cebundy
-ms.author: v-catherbund
+author: yjin81
+ms.author: yajin1
 ms.date: 01/03/2022
 ms.topic: reference
 ms.service: azure-web-pubsub
@@ -27,4 +27,4 @@ the link in the **Version** column to view the source on the
 
 - See the built-ins on the [Azure Policy GitHub repo](https://github.com/Azure/azure-policy).
 - Review the [Azure Policy definition structure](../governance/policy/concepts/definition-structure.md).
-- Review [Understanding policy effects](../governance/policy/concepts/effects.md).
+- Review [Understanding policy effects](../governance/policy/concepts/effects.md).

articles/cost-management-billing/costs/understand-work-scopes.md

@@ -46,10 +46,10 @@ Azure supports three scopes for resource management. Each scope supports managin
 
     Resource type: [Microsoft.Resources/subscriptions](/rest/api/resources/subscriptions)
 
-- [**Resource groups**](../../azure-resource-manager/management/overview.md#resource-groups) - Logical groupings of related resources for an Azure solution that share the same lifecycle. For example resources that are deployed and deleted together.
+- **[Resource groups](../../azure-resource-manager/management/overview.md#resource-groups)** - Logical groupings of related resources for an Azure solution that share the same lifecycle. For example resources that are deployed and deleted together.
 
     Resource type: [Microsoft.Resources/subscriptions/resourceGroups](/rest/api/resources/resourcegroups)
-
+  
 Management groups allow you to organize subscriptions into a hierarchy. For example, you might create a logical organization hierarchy using management groups. Then, give teams subscriptions for production and dev/test workloads. And then create resource groups in the subscriptions to manage each subsystem or component.
 
 Creating an organizational hierarchy allows cost and policy compliance to roll up organizationally. Then, each leader can view and analyze their current costs. And then they can create budgets to curb bad spending patterns and optimize costs with Advisor recommendations at the lowest level.
@@ -78,6 +78,36 @@ Management groups are only supported if they contain up to 3,000 Enterprise Agre
 
 If you have a mix of subscriptions, move the unsupported subscriptions to a separate arm of the management group hierarchy to enable Cost Management for the supported subscriptions. As an example, create two management groups under the root management group: **Microsoft Entra ID** and **My Org**. Move your Microsoft Entra subscription to the **Microsoft Entra ID** management group and then view and manage costs using the **My Org** management group.
 
+### Managed resource groups 
+
+Managed resource groups created by certain resource providers - such as Azure Red Hat OpenShift (ARO) or Azure Databricks - can't be used as scopes for Cost Management features like budgets or exports. These resource groups typically include deny assignments that restrict modifications to protect critical resources, which can result in authorization errors. For more information on deny assignments, please refer to [List Azure deny assignments](/azure/role-based-access-control/deny-assignments?tabs=azure-portal).
+
+To avoid these issues, use a higher-level scope such as the subscription scope which contains this managed resource group when configuring budgets or exports.
+
+#### Required permissions for exports at RBAC scope
+
+- Microsoft.CostManagement/exports/Read – View exports
+
+- Microsoft.CostManagement/exports/Write – Create or update exports
+
+- Microsoft.CostManagement/exports/Delete – Delete exports
+
+- Microsoft.CostManagement/exports/Action – Run export
+
+*Note: Deny assignments can result in permission errors, so please check even with these permissions if there are any deny assignments at this scope.*
+
+#### Required permissions for budgets at RBAC scope
+
+- Microsoft.Consumption/budgets/Read – View budgets
+
+- Microsoft.Consumption/budgets/Write – Create or update budgets
+
+- Microsoft.Consumption/budgets/Delete – Delete budgets
+
+- (Optional) Microsoft.Insights/actionGroups/Read – If action groups are configured for alerts
+
+*Note: Deny assignments can result in permission errors, so please check even with these permissions if there are any deny assignments at this scope.*
+
 ### Feature behavior for each role
 
 The following table shows how Cost Management features are used by each role. The following behavior is applicable to all Azure RBAC scopes.

articles/dns/dns-reverse-dns-overview.md

@@ -6,7 +6,7 @@ manager: KumuD
 ms.service: azure-dns
 ms.topic: concept-article
 ms.custom:
-ms.date: 09/12/2024
+ms.date: 04/21/2025
 ms.author: greglin
 ---
 
@@ -16,15 +16,15 @@ This article provides an overview of how reverse DNS works, and scenarios in whi
 
 ## What is reverse DNS?
 
-Conventional DNS records map a DNS name to an IP address, such as `www.contoso.com` resolves to 64.4.6.100. A reverse DNS does the opposite by translating an IP address back to a name. For example, a lookup of 64.4.6.100 will resolve to `www.contoso.com`.
+Conventional DNS records map a DNS name to an IP address. For example, assume that `www.contoso.com` resolves to 203.0.113.100. Reverse DNS does the opposite by translating an IP address back to a name. Using the same example, a lookup of 203.0.113.100 resolves to `www.contoso.com`.
 
 Reverse DNS records are used in various situations. For example, reverse DNS records are widely used in combating e-mail spam by verifying the sender of an e-mail message.  The receiving mail server retrieves the reverse DNS record of the sending server's IP address. Then the receiving mail server verifies if that host is authorized to send e-mail from the originating domain.
 
 ## How reverse DNS works
 
 Reverse DNS records are hosted in special DNS zones, known as 'ARPA' zones.  These zones form a separate DNS hierarchy in parallel with the normal hierarchy hosting domains such as `contoso.com`.
 
-For example, the DNS record `www.contoso.com` is implemented using a DNS 'A' record with the name 'www' in the zone `contoso.com`. This A record points to the corresponding IP address, in this case 64.4.6.100.  The reverse lookup gets implemented separately, using a 'PTR' record named '100' in the zone '6.4.64.in-addr.arpa'. Notice that IP addresses in ARPA zones are reversed. This PTR record, when configured correctly will point to the name `www.contoso.com`.
+For example, the DNS record `www.contoso.com` is implemented using a DNS 'A' record with the name 'www' in the zone `contoso.com`. This A record points to the corresponding IP address, in this case 203.0.113.100.  The reverse lookup gets implemented separately, using a 'PTR' record named '100' in the zone '113.0.203.in-addr.arpa'. Notice that IP addresses in ARPA zones are reversed. This PTR record, when configured correctly will point to the name `www.contoso.com`.
 
 When an organization is assigned an IP address block, they also acquire the right to manage the corresponding ARPA zone. The ARPA zones corresponding to the IP address blocks used by Azure are hosted and managed by Microsoft. Your ISP may host the ARPA zone for you for the IP addresses you owned. They may also allow you to host the ARPA zone in a DNS service of your choice, such as Azure DNS.
 

articles/high-performance-computing/lift-and-shift-overview.md

@@ -1,15 +1,15 @@
 ---
-title: "End-to-end high-performance computing (HPC) lift and shift architecture overview"
-description: Learn about how to conduct a lift and shift migration of HPC infrastructure and workloads from an on-premises environment to the cloud.
+title: "End-to-end lift and shift architecture overview"
+description: Learn how to conduct a lift and shift migration of HPC infrastructure and workloads from an on-premises environment to the cloud.
 author: tomvcassidy
 ms.author: tomcassidy
-ms.date: 08/30/2024
+ms.date: 04/10/2025
 ms.topic: how-to
 ms.service: azure-virtual-machines
 ms.subservice: hpc
 ---
 
-# End-to-end HPC lift and shift architecture overview
+# End-to-end lift and shift architecture overview
 
 "Lift and shift" in the context of High-Performance Computing (HPC) mostly refers to the process of migrating an on-premises environment and workload to the cloud. Ideally, modifications are kept to a minimum (for example, applications, job schedulers, and their configurations should remain mostly the same). Adjustments on storage and hardware are natural to happen because resources are different from on-premises to cloud platforms. With the lift and shift approach, organizations can start benefiting from the cloud more quickly.
 

articles/high-performance-computing/lift-and-shift-production-level-overview.md

@@ -1,15 +1,15 @@
 ---
-title: "Production-level environment migration guide overview"
-description: Learn about what a production-level environment migration entails.
+title: "Production level environment migration overview"
+description: Learn what a high performance computing production-level environment migration entails.
 author: tomvcassidy
 ms.author: tomcassidy
-ms.date: 08/30/2024
+ms.date: 04/10/2025
 ms.topic: how-to
 ms.service: azure-virtual-machines
 ms.subservice: hpc
 ---
 
-# Production-level environment migration guide overview
+# Production level environment migration overview
 
 When you move an HPC infrastructure from the on-premises environment to the cloud, there are various aspects to be taken into account. This document provides guidance on how to create such HPC environment in the cloud. We recommend
 a two-phase approach. First, a proof-of-concept, and then a production-level environment. Once the production environment is up and running, only certain components should be modified over time, including changes on VM types and storage capabilities to best meet the varying requirements of users, projects, and business.

articles/high-performance-computing/lift-and-shift-proof-of-concept.md

@@ -1,9 +1,9 @@
 ---
 title: "Proof-of-concept migration overview"
-description: Learn about what a proof-of-concept migration entails and follow the guide through one.
+description: Learn what a high performance computing proof-of-concept migration entails.
 author: tomvcassidy
 ms.author: tomcassidy
-ms.date: 08/30/2024
+ms.date: 04/10/2025
 ms.topic: how-to
 ms.service: azure-virtual-machines
 ms.subservice: hpc

articles/high-performance-computing/lift-and-shift-step-1-networking.md

@@ -1,17 +1,19 @@
 ---
-title: "Deployment step 1: basic infrastructure - network access component"
-description: Learn about the configuration of network access during migration deployment step one.
+title: "Network access configuration"
+description: Learn how to configure network access during a migration of high performance computing architecture.
 author: tomvcassidy
 ms.author: tomcassidy
-ms.date: 08/30/2024
+ms.date: 04/10/2025
 ms.topic: how-to
 ms.service: azure-virtual-machines
 ms.subservice: hpc
 ---
 
-# Deployment step 1: basic infrastructure - network access component
+# Network access configuration
 
-Mechanism to allow users access cloud environment in a secure way. It's a common practice in production environments to have resources with private IP addresses, and with rules to define how resources should be accessed.
+A key aspect of your high performance computing migration is the configuration of network access. Proper network access configration ensures secure, efficient, and uninterrupted communication between computational resources. This part of the guide covers the needs, tools, services, and best practices associated with your network access configuration.
+
+It's a common practice in production environments to have resources with private IP addresses, and with rules to define how resources should be accessed.
 
 This component should: