Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into vpn-peer-update

Author: asudbring

articles/api-center/TOC.yml

@@ -79,4 +79,4 @@
       - name: Samples and labs
         href: resources.md
       - name: Azure updates
-        href: https://azure.microsoft.com/updates/?query=%22API%20Center%22
+        href: https://aka.ms/apic/updates

articles/app-service/overview.md

@@ -60,6 +60,10 @@ If you need to create another web app with an outdated runtime version that is n
 * The Azure portal shows only features that currently work for Linux apps. As features are enabled, they're activated on the portal.
 * When deployed to built-in images, your code and content are allocated a storage volume for web content, backed by Azure Storage. The disk latency of this volume is higher and more variable than the latency of the container filesystem. Apps that require heavy read-only access to content files may benefit from the custom container option, which places files in the container filesystem instead of on the content volume.
 
+## App Service Environments
+
+An App Service Environment is an Azure App Service feature that provides a fully isolated and dedicated environment for running App Service apps securely at high scale. Unlike the App Service offering where supporting ingfrastructure is shared, compute is dedicated to a single customer with App Service Environment. For more information on the differences between App Service Environment and App Service, see the [comparison](./environment/ase-multi-tenant-comparison.md).
+
 ## Next steps
 
 Create your first web app.

articles/application-gateway/application-gateway-diagnostics.md

@@ -6,7 +6,7 @@ services: application-gateway
 author: greg-lindsay
 ms.service: application-gateway
 ms.topic: article
-ms.date: 05/17/2024
+ms.date: 06/17/2024
 ms.author: greglin 
 ---
 
@@ -158,6 +158,9 @@ The access log is generated only if you've enabled it on each Application Gatewa
 |sslEnabled| Whether communication to the backend pools used TLS. Valid values are on and off.|
 |sslCipher| Cipher suite being used for TLS communication (if TLS is enabled).|
 |sslProtocol| SSL/TLS protocol being used (if TLS is enabled).|
+|sslClientVerify | Shows the result of client certificate verification as SUCCESS or FAILED. Failed status will include error information.|
+|sslClientCertificateFingerprint|The SHA1 thumbprint of the client certificate for an established TLS connection.|
+|sslClientCertificateIssuerName|The issuer DN string of the client certificate for an established TLS connection.|
 |serverRouted| The backend server that application gateway routes the request to.|
 |serverStatus| HTTP status code of the backend server.|
 |serverResponseLatency| Latency of the response (in **seconds**) from the backend server.|

articles/azure-arc/servers/prerequisites.md

@@ -1,7 +1,7 @@
 ---
 title: Connected Machine agent prerequisites
 description: Learn about the prerequisites for installing the Connected Machine agent for Azure Arc-enabled servers.
-ms.date: 04/09/2024
+ms.date: 06/19/2024
 ms.topic: conceptual
 ms.custom: devx-track-azurepowershell
 ---
@@ -11,7 +11,7 @@ ms.custom: devx-track-azurepowershell
 > [!CAUTION]
 > This article references CentOS, a Linux distribution that is nearing End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md).
 
-This topic describes the basic requirements for installing the Connected Machine agent to onboard a physical server or virtual machine to Azure Arc-enabled servers. Some [onboarding methods](deployment-options.md) may have more requirements.
+This article describes the basic requirements for installing the Connected Machine agent to onboard a physical server or virtual machine to Azure Arc-enabled servers. Some [onboarding methods](deployment-options.md) may have more requirements.
 
 ## Supported environments
 
@@ -42,7 +42,6 @@ Azure Arc supports the following Windows and Linux operating systems. Only x86-6
 * Amazon Linux 2 and 2023
 * Azure Linux (CBL-Mariner) 1.0, 2.0
 * Azure Stack HCI
-* CentOS Linux 7 and 8
 * Debian 10, 11, and 12
 * Oracle Linux 7, 8, and 9
 * Red Hat Enterprise Linux (RHEL) 7, 8 and 9
@@ -64,8 +63,8 @@ The listed version is supported until the **End of Arc Support Date**. If critic
 
 | Operating system | Last supported agent version | End of Arc Support Date | Notes |
 | -- | -- | -- | -- | 
-| Windows Server 2008 R2 SP1 | 1.39 [Download](https://download.microsoft.com/download/1/9/f/19f44dde-2c34-4676-80d7-9fa5fc44d2a8/AzureConnectedMachineAgent.msi)  | 3/31/2025 | Windows Server 2008 and 2008 R2 reached End of Support in January 2020. See [End of support for Windows Server 2008 and Windows Server 2008 R2](/troubleshoot/windows-server/windows-server-eos-faq/end-of-support-windows-server-2008-2008r2). | 
-
+| Windows Server 2008 R2 SP1 | 1.39 [Download](https://download.microsoft.com/download/1/9/f/19f44dde-2c34-4676-80d7-9fa5fc44d2a8/AzureConnectedMachineAgent.msi)  | 03/31/2025 | Windows Server 2008 and 2008 R2 reached End of Support in January 2020. See [End of support for Windows Server 2008 and Windows Server 2008 R2](/troubleshoot/windows-server/windows-server-eos-faq/end-of-support-windows-server-2008-2008r2). | 
+| CentOS 7 and 8 | 1.42 [Download](https://download.microsoft.com/download/9/6/0/9600825a-e532-4e50-a2d5-7f07e400afc1/AzureConnectedMachineAgent.msi)  | 05/31/2025 | See the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). | 
 
 ### Client operating system guidance
 
@@ -98,13 +97,13 @@ Linux operating systems:
 
 ## Local user logon right for Windows systems
 
-The Azure Hybrid Instance Metadata Service runs under a low-privileged virtual account, `NT SERVICE\himds`. This account needs the "log on as a service" right in Windows to run. In most cases, there's nothing you need to do because this right is granted to virtual accounts by default. However, if your organization uses Group Policy to customize this setting, you will need to add `NT SERVICE\himds` to the list of accounts allowed to log on as a service.
+The Azure Hybrid Instance Metadata Service runs under a low-privileged virtual account, `NT SERVICE\himds`. This account needs the "log on as a service" right in Windows to run. In most cases, there's nothing you need to do because this right is granted to virtual accounts by default. However, if your organization uses Group Policy to customize this setting, you'll need to add `NT SERVICE\himds` to the list of accounts allowed to log on as a service.
 
 You can check the current policy on your machine by opening the Local Group Policy Editor (`gpedit.msc`) from the Start menu and navigating to the following policy item:
 
 Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Log on as a service
 
-Check if any of `NT SERVICE\ALL SERVICES`, `NT SERVICE\himds`, or `S-1-5-80-4215458991-2034252225-2287069555-1155419622-2701885083` (the static security identifier for NT SERVICE\\himds) are in the list. If none are in the list, you'll need to work with your Group Policy administrator to add `NT SERVICE\himds` to any policies that configure user rights assignments on your servers. The Group Policy administrator will need to make the change on a computer with the Azure Connected Machine agent installed so the object picker resolves the identity correctly. The agent doesn't need to be configured or connected to Azure to make this change.
+Check if any of `NT SERVICE\ALL SERVICES`, `NT SERVICE\himds`, or `S-1-5-80-4215458991-2034252225-2287069555-1155419622-2701885083` (the static security identifier for NT SERVICE\\himds) are in the list. If none are in the list, you'll need to work with your Group Policy administrator to add `NT SERVICE\himds` to any policies that configure user rights assignments on your servers. The Group Policy administrator needs to make the change on a computer with the Azure Connected Machine agent installed so the object picker resolves the identity correctly. The agent doesn't need to be configured or connected to Azure to make this change.
 
 :::image type="content" source="media/prerequisites/arc-server-user-rights-assignment.png" alt-text="Screen capture of the Local Group Policy Editor showing which users have permissions to log on as a service." border="true":::
 
@@ -118,7 +117,7 @@ You'll need the following Azure built-in roles for different aspects of managing
 
 ## Azure subscription and service limits
 
-There are no limits to the number of Azure Arc-enabled servers you can register in any single resource group, subscription or tenant.
+There are no limits to the number of Azure Arc-enabled servers you can register in any single resource group, subscription, or tenant.
 
 Each Azure Arc-enabled server is associated with a Microsoft Entra object and counts against your directory quota. See [Microsoft Entra service limits and restrictions](../../active-directory/enterprise-users/directory-service-limits-restrictions.md) for information about the maximum number of objects you can have in a Microsoft Entra directory.
 

articles/cloud-shell/persisting-shell-storage.md

@@ -56,62 +56,17 @@ If you want to disallow users from creating storage accounts in Cloud Shell, cre
 
 ## Managing Cloud Shell storage
 
-### Use the `clouddrive` command
-
-Cloud Shell includes a command-line tool that enables you to change the Azure Files share that's in
-Cloud Shell. Run `clouddrive` to see the available commands.
-
-```Output
-Group
-  clouddrive                  :Manage storage settings for Azure Cloud Shell.
-
-Commands
-  mount                       :Mount a file share to Cloud Shell.
-  unmount                     :Unmount a file share from Cloud Shell.
-```
-
 ### Mount a new clouddrive
 
-Use the `clouddrive mount` command to change the share used by Cloud Shell.
+If you have previously selected to use ephemeral sessions for Cloud Shell, then you must reset your
+preferences by selecting **Settings** > **Reset User Settings** in Cloud Shell. Follow the steps to
+mount an [existing storage account][04] or a [new storage account][05].
+
 
 > [!NOTE]
 > If you're mounting a new share, a new user image is created for your `$HOME` directory. Your
 > previous `$HOME` image is kept in the previous file share.
 
-Run the `clouddrive mount` command with the following parameters:
-
-```bash
-clouddrive mount -s mySubscription -g myRG -n storageAccountName -f fileShareName
-```
-
-For more information, run `clouddrive mount -h`.
-
-```Output
-Command
-  clouddrive mount            :Mount an Azure file share to Cloud Shell.
-
-    Mount enables mounting and associating an Azure file share to Cloud Shell.
-    Cloud Shell will automatically attach this file share on each session start-up.
-
-    Note: This command does not mount storage if the session is Ephemeral.
-
-    Cloud Shell persists files with both methods below:
-    1. Create a disk image of your $HOME directory to persist files within $HOME.
-    This disk image is saved in your specified file share as 'acc_sean.img'' at
-    '//<storageaccount>.file.storage.windows.net/<fileshare>/.cloudconsole/acc_sean.img'
-    2. Mount specified file share as 'clouddrive' in $HOME for file sharing.
-    '/home/sean/clouddrive' maps to '//<storageaccount>.file.storage.windows.net/<fileshare>'
-
-Arguments
-  -s | --subscription id          [Required]:Subscription ID or name.
-  -g | --resource-group group     [Required]:Resource group name.
-  -n | --storage-account name     [Required]:Storage account name.
-  -f | --file-share name          [Required]:File share name.
-  -d | --disk-size size                     :Disk size in GB. (default 5)
-  -F | --force                              :Skip warning prompts.
-  -? | -h | --help                          :Shows this usage text.
-```
-
 ### Unmount clouddrive
 
 You can unmount a Cloud Shell file share at any time. Since Cloud Shell requires a mounted file

articles/communication-services/concepts/analytics/logs/voice-and-video-logs.md

@@ -85,6 +85,8 @@ The call summary log contains data to help you identify key properties of all ca
 |     `participantTenantId`               |    The ID of the Microsoft tenant associated with the identity of the participant. The tenant can either be the Azure tenant that owns the Azure Communication Services resource or the Microsoft tenant of an M365 identity. This field is used to guide cross-tenant redaction.
 |`participantType` | 	Description of the participant as a combination of its client (Azure Communication Services or Teams), and its identity, (Azure Communication Services or Microsoft 365). Possible values include: Azure Communication Services (Azure Communication Services identity and Azure Communication Services SDK), Teams (Teams identity and Teams client), Azure Communication Services as Teams external user (Azure Communication Services identity and Azure Communication Services SDK in Teams call or meeting), Azure Communication Services as Microsoft 365 user (M365 identity and Azure Communication Services client), and Teams Voice Apps.
 | `pstnPartcipantCallType `|It represents the type and direction of PSTN participants including Emergency calling, direct routing, transfer, forwarding, etc.| 
+| `ParticipantEndSubCode `| it represents the Calling SDK error subcode that the SDK emits (when relevant) for each `participantId` value.| 
+| `ResultCategory `|It represents the category of the participant ending the call. It can be one of these 4 values: Success, ExpectedError, UnexpectedClientError, UnexpectedServerError. | 
 
 ### Call diagnostic log schema
 
@@ -121,6 +123,11 @@ For each endpoint within a call, a distinct call diagnostic log is created for o
 |     `VideoFrameRateAvg`     |    The average number of video frames that are transmitted per second during a video/screensharing call. The video frame rate can impact the quality and smoothness of the video stream, with higher frame rates generally resulting in smoother and more fluid motion. The standard frame rate for WebRTC video is typically 30 frames per second (fps), although this can vary depending on the specific implementation and network conditions.  <br><br> The stream quality is considered poor when this value is less than 7 for video stream, or less than 1 for screensharing stream. 
 |     `RecvResolutionHeight`     |    The average of vertical size of the incoming video stream that is transmitted during a video/screensharing call. It's measured in pixels and is one of the factors that determines the overall resolution and quality of the video stream. The specific resolution used may depend on the capabilities of the devices and network conditions involved in the call.  <br><br> The stream quality is considered poor when this value is less than 240 for video stream, or less than 768 for screensharing stream. 
 |     `RecvFreezeDurationPerMinuteInMs`     |    The average freeze duration in milliseconds per minute for incoming video/screensharing stream. Freezes are typically due to bad network condition and can degrade the stream quality.  <br><br> The stream quality is considered poor when this value is greater than 6,000 ms for video stream, or greater than 25,000 ms for screensharing stream. 
+|     `PacketUtilization`     |    The packets sent or received for a given media stream.  <br><br> Usually the longer the call, the higher the value is. If this value is zero, it could indicate that media is not flowing. 
+|     `VideoBitRateAvg`     |    The average bitrate (bits pers second) for a video or screenshare stream.  <br><br> A low bitrate value could indicate poor network issue. The minimum bitrate (bandwidth) required can be found here: [Network bandwidth](../../voice-video-calling/network-requirements.md#network-bandwidth).
+|     `VideoBitRateMax`     |    The maximum bitrate (bits pers second) for a video or screenshare stream.  <br><br> A low bitrate value could indicate poor network issue. The minimum bitrate (bandwidth) required can be found here: [Network bandwidth](../../voice-video-calling/network-requirements.md#network-bandwidth).
+|     `StreamDirection`     |    The direction of the media stream. It is either Inbound or Outbound.
+|     `CodecName`     |    The name of the codec used for processing media streams. It can be OPUS, G722, H264S, SATIN etc.
 
 ### Call client operations log schema
 

articles/cosmos-db/index-policy.md

@@ -150,7 +150,7 @@ Here's an example of an indexing policy with a vector index:
     "vectorIndexes": [
         {
             "path": "/vector",
-            "type": "DiskANN"
+            "type": "diskANN"
         }
     ]
 }