fix

Ja-Dunn · Ja-Dunn · commit 2192ff6467c1 · 2022-01-17T13:59:18.000-08:00
diff --git a/articles/defender-for-cloud/defender-for-databases-introduction.md b/articles/defender-for-cloud/defender-for-databases-introduction.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender for open-source relational databases - the benefits and features
 description: Learn about the benefits and features of Microsoft Defender for open-source relational databases such as PostgreSQL, MySQL, and MariaDB
-ms.date: 11/09/2021
+ms.date: 01/17/2022
 ms.topic: overview
 ---
 
@@ -19,15 +19,14 @@ Defender for Cloud detects anomalous activities indicating unusual and potential
 
 ## Availability
 
-| Aspect                             | Details                                                                                                                                    |
-|------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------|
-| Release state:                     | General availability (GA)                                                     |
-| Pricing:                           | **Microsoft Defender for open-source relational databases** is billed as shown on the [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/)   |
-| Protected versions of PostgreSQL:  | Single Server - General Purpose and Memory Optimized. Learn more in [PostgreSQL pricing tiers](../postgresql/concepts-pricing-tiers.md).   |
-| Protected versions of MySQL:       | Single Server - General Purpose and Memory Optimized. Learn more in [MySQL pricing tiers](../mysql/concepts-pricing-tiers.md).                        |
-| Protected versions of MariaDB:     | General Purpose and Memory Optimized. Learn more in [MariaDB pricing tiers](../mariadb/concepts-pricing-tiers.md).                      |
-| Clouds:                            | :::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/no-icon.png"::: National (Azure Government, Azure China 21Vianet) |
-|                                    |                                                                                                                                            |
+| Aspect | Details |
+|--|:-|
+| Release state: | General availability (GA) |
+| Pricing: | **Microsoft Defender for open-source relational databases** is billed as shown on the [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/) |
+| Protected versions of PostgreSQL: | Single Server - General Purpose and Memory Optimized. Learn more in [PostgreSQL pricing tiers](../postgresql/concepts-pricing-tiers.md). |
+| Protected versions of MySQL: | Single Server - General Purpose and Memory Optimized. Learn more in [MySQL pricing tiers](../mysql/concepts-pricing-tiers.md). |
+| Protected versions of MariaDB: | General Purpose and Memory Optimized. Learn more in [MariaDB pricing tiers](../mariadb/concepts-pricing-tiers.md). |
+| Clouds: | :::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br> :::image type="icon" source="./media/icons/yes-icon.png"::: Azure Government<br>:::image type="icon" source="./media/icons/no-icon.png"::: Azure China 21Vianet |
 
 ## What are the benefits of Microsoft Defender for open-source relational databases?
 
diff --git a/articles/static-web-apps/configuration.md b/articles/static-web-apps/configuration.md
@@ -316,6 +316,24 @@ In addition to IP address blocks, you can also specify [service tags](../virtual
 * [Default authentication providers](authentication-authorization.md#login), don't require settings in the configuration file. 
 * [Custom authentication providers](authentication-custom.md) use the `auth` section of the settings file.
 
+## Disable cache for authenticated paths
+
+If you have enabled [enterprise-grade edge](enterprise-edge.md), or set up [manual integration with Azure Front Door](front-door-manual.md), you may want to disable caching for your secured routes.
+
+To disable Azure Front Door caching for secured routes, add `"Cache-Control": "no-store"` to the route header definition.
+
+For example:
+
+```json
+{
+    "route": "/members",
+    "allowedRoles": ["authenticated, members"],
+    "headers": {
+        "Cache-Control": "no-store"
+    }
+}
+```
+
 ## Forwarding gateway
 
 The `forwardingGateway` section configures how a static web app is accessed from a forwarding gateway such as a CDN or Azure Front Door.
@@ -357,7 +375,7 @@ For example, the following configuration shows how you can add a unique identifi
 
 - Key/value pairs can be any set of arbitrary strings
 - Keys are case insensitive
-- Values are case sensitive
+- Values are case-sensitive
 
 ## Example configuration file
 
diff --git a/articles/static-web-apps/front-door-manual.md b/articles/static-web-apps/front-door-manual.md
@@ -5,7 +5,7 @@ services: static-web-apps
 author: craigshoemaker
 ms.service: static-web-apps
 ms.topic: how-to
-ms.date: 09/20/2021
+ms.date: 01/12/2022
 ms.author: cshoe
 ---
 
@@ -17,13 +17,13 @@ In this tutorial, you learn how to:
 
 > [!div class="checklist"]
 >
-> - Create an Azure Front Door instance
+> - Create an Azure Front Door Standard/Premium instance
 > - Associate Azure Front Door with your Azure Static Web Apps site
 
 > [!NOTE]
-> This tutorial requires the Azure Static Web Apps Standard plan.
+> This tutorial requires the Azure Static Web Apps Standard and Azure Front Door Standard / Premium plans.
 
-## Copy URL
+## Copy web app URL
 
 1. Navigate to the Azure portal.
 
@@ -35,80 +35,104 @@ In this tutorial, you learn how to:
 
 ## Add Azure Front Door
 
-1. Navigate to the Azure portal.
+1. Navigate to the Azure home screen.
 
 1. Select **Create a resource**.
 
-1. Search for **Azure Front Door**.
+1. Search for **Front Door**.
 
-1. Select **Front Door**.
+1. Select **Front Door Standard/Premium**.
 
-    Make sure not to select the service labeled *Front Door Standard/Premium* as the steps for the Standard/Premium service differ from what's presented in this tutorial.
+    Make sure to select the service labeled *Front Door Standard/Premium* and not the plain *Front Door* option.
 
 1. Select **Create**.
 
+1. Select the **Azure Front Door Standard/Premium** option.
+
+1. Select the **Quick create** option.
+
+1. Select the **Continue to create a front door** button.
+
 1. In the *Basics* tab, enter the following values:
 
     | Setting | Value |
     |---|---|
     | Subscription | Select your Azure subscription. |
     | Resource group | Enter a resource group name. This name is often the same group name used by your static web app. |
     | Resource group location | If you create a new resource group, enter the location nearest you. |
+    | Name | Enter **my-static-web-app-front-door**. |
+    | Tier | Select **Standard**. |
+    | Endpoint name | Enter a unique name for your Front Door host. |
+    | Origin type | Select **Custom**. |
+    | Origin host name | Enter the hostname of your static web app that you set aside from the beginning of this tutorial. Make sure your value does not include a trailing slash or protocol. (For example, `desert-rain-04056.azurestaticapps.net`)  |
+    | Caching | Check the **Enable caching** checkbox. |
+    | Query string caching behavior | Select **Use Query string** from the dropdown. |
 
-    Select **Next: Configuration >**.
+1. Select **Review + create**.
 
-1. In the *Configuration* tab, select the **plus sign** next to *Frontends/domains*, and enter the following value:
+1. Select **Create**.
 
-    | Setting | Value |
-    |---|---|
-    | Host name | Enter a unique name for your Front Door host. |
+    The creation process may take a few minutes to complete.
 
-    Accept the defaults for the rest of the form, and select **Add**.
+1. Select **Go to resource**.
 
-1. Select the **plus sign** next to *Backend pools*, and enter the following value:
+## Disable cache for auth workflow
 
-    | Setting | Value |
-    |---|---|
-    | Name | Enter **my-static-web-app-pool**. |
+Add the following settings to disable Front Door's caching policies from trying to cache authentication and authorization-related pages.
 
-1. Select **+ Add a backend**, and enter the following values:
+### Add a condition
 
-    | Setting | Value |
-    |---|---|
-    | Backend host type | Select **Custom host**. |
-    | Backend host name | Enter the hostname of your static web app. Make sure your value does not include a trailing slash or protocol. (For example, `desert-rain-04056.azurestaticapps.net`)  |
-    | Backend host header | Enter the hostname of your static web app. Make sure your value does not include a trailing slash protocol. (For example, `desert-rain-04056.azurestaticapps.net`) |
-
-    Accept the defaults for the rest of the form, and select **Add**.
+1. Under *Settings*, select **Rule set**.
 
 1. Select **Add**.
 
-1. Select the **plus sign** next to *Routing rule*, and enter the following value:
+1. In the *Rule set name* textbox, enter **Security**.
 
-    | Setting | Value |
-    |---|---|
-    | Name | Enter **my-routing-rule**. |
+1. In the *Rule name* textbox, enter **NoCacheAuthRequests**.
 
-    Accept the defaults for the rest of the form, and select **Add**.
+1. Select **Add a condition**.
 
-1. Select **Review + create**.
+1. Select **Request path**.
 
-1. Select **Create**.
+1. Select **Begins With** in the *Operator* drop down.
 
-    The creation process may take a few minutes to complete.
+1. Select the **Edit** link above the *Value* textbox.
 
-1. Select **Go to resource**.
+1. Enter **/.auth** in the textbox.
 
-1. Select **Overview**.
+1. Select the **Update** button.
 
-1. Select the link labeled *Frontend host*.
+1. Select the **No transform** option from the *Case transform* dropdown.
 
-    When you select this link, you may see a 404 error if the site is not fully propagated. Instead of refreshing the page, wait a few minutes and return back to the *Overview* window and select the link labeled *Frontend host*.
+### Add an action
 
-1. From the *Overview* window, copy the value labeled **Front Door ID** and paste it into a file for later use.
+1. Select the **Add an action** dropdown.
+
+1. Select **Cache expiration**.
 
-> [!IMPORTANT]
-> By default, Azure Front Door configures [health probes](../frontdoor/front-door-health-probes.md) that may affect your traffic statistics. You may want to edit the default values for the [health probes](../frontdoor/front-door-health-probes.md).
+1. Select **Bypass cache** in the *Cache Behavior* dropdown.
+
+1. Select the **Save** button.
+
+### Associate rule to an endpoint
+
+Now that the rule is created, you apply the rule to a Front Door endpoint.
+
+1. Select the **Unassociated** link.
+
+1. Select the Endpoint name to which you want to apply the caching rule.
+
+1. Select the **Next** button.
+
+1. Select the **Associate** button.
+
+## Copy Front Door ID
+
+Use the following steps to copy the Front Door instance's unique identifier.
+
+1. Select the **Overview** link on the left-hand navigation.
+
+1. From the *Overview* window, copy the value labeled **Front Door ID** and paste it into a file for later use.
 
 ## Update static web app configuration
 
@@ -117,6 +141,7 @@ To complete the integration with Front Door, you need to update the application
 - Restrict traffic to your site only through Front Door
 - Restrict traffic to your site only from your Front Door instance
 - Define which domains can access your site
+- Disable caching for secured routes
 
 Open the [staticwebapp.config.json](configuration.md) file for your site and make the following changes.
 
@@ -147,12 +172,31 @@ Open the [staticwebapp.config.json](configuration.md) file for your site and mak
 
     In this example, replace `my-sitename.azurefd.net` with the Azure Front Door hostname for your site.
 
+1. For all secured routes in your app, disable Azure Front Door caching by adding `"Cache-Control": "no-store"` to the route header definition.
+
+    ```json
+    {
+        "route": "/members",
+        "allowedRoles": ["authenticated, members"],
+        "headers": {
+            "Cache-Control": "no-store"
+        }
+    }
+    ```
+
 With this configuration, your site is no longer available via the generated `*.azurestaticapps.net` hostname, but exclusively through the hostnames configured in your Front Door instance.
 
-> [!NOTE]
-> When you deploy updates to existing files in your static web app, Azure Front Door may continue to serve older versions of your files until their [time-to-live](https://wikipedia.org/wiki/Time_to_live) expires. [Purge the Azure Front Door cache](../frontdoor/front-door-caching.md#cache-purge) for the affected paths to ensure the latest files are served.
+## Considerations
+
+- **Custom domains**: Now that Front Door is managing your site, you no long use the Azure Static Web Apps custom domain feature. Azure Front Door has a separate process for adding a custom domain. Refer to [Add a custom domain to your Front Door](../frontdoor/front-door-custom-domain.md). When you add a custom domain to Front Door, you'll need to update your static web app configuration file to include it in the `allowedForwardedHosts` list.
+
+- **Traffic statistics**: By default, Azure Front Door configures [health probes](../frontdoor/front-door-health-probes.md) that may affect your traffic statistics. You may want to edit the default values for the [health probes](../frontdoor/front-door-health-probes.md).
+
+- **Serving old versions**: When you deploy updates to existing files in your static web app, Azure Front Door may continue to serve older versions of your files until their [time-to-live](https://wikipedia.org/wiki/Time_to_live) expires. [Purge the Azure Front Door cache](../frontdoor/front-door-caching.md#cache-purge) for the affected paths to ensure the latest files are served.
+
+## Clean up resources
 
-Now that Front Door is managing your site, you no long use the Azure Static Web Apps custom domain feature. Azure Front Door has a separate process for adding a custom domain. Refer to [Add a custom domain to your Front Door](../frontdoor/front-door-custom-domain.md). When you add a custom domain to Front Door, you'll need to update your static web app configuration file to include it in the `allowedForwardedHosts` list.
+If you no longer want to use the resources created in this tutorial, delete the Azure Static Web Apps and Azure Front Door instances.
 
 ## Next steps
 
