Merge branch 'main' into fxl---ml-sfi-curation

Author: flang-msft

.openpublishing.redirection.json

@@ -7058,6 +7058,12 @@
       "source_path": "articles/cyclecloud/release-notes/ccws/2025.02.06.md",
       "redirect_url": "/azure/cyclecloud/release-notes/ccws/2025-02-06",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/reliability/whats-new.md",
+      "redirect_url": "/azure/reliability/overview",
+      "redirect_document_id": false
     }
   ]
 }
+

articles/api-center/synchronize-api-management-apis.md

@@ -4,7 +4,7 @@ description: Integrate an API Management instance to Azure API Center for automa
 author: dlepow
 ms.service: azure-api-center
 ms.topic: how-to
-ms.date: 06/02/2025
+ms.date: 06/18/2025
 ms.author: danlep 
 ms.custom: devx-track-azurecli
 # Customer intent: As an API program manager, I want to integrate my Azure API Management instance with my API center and synchronize API Management APIs to my inventory.
@@ -32,6 +32,7 @@ API Management APIs automatically synchronize to the API center whenever existin
 > [!NOTE]
 > * Integration of Azure API Management is currently in preview.
 > * There are [limits](../azure-resource-manager/management/azure-subscription-service-limits.md?toc=/azure/api-center/toc.json&bc=/azure/api-center/breadcrumb/toc.json#azure-api-center-limits) for the number of integrated API Management instances (API sources).
+> * An integrated API Management instance can be configured in a virtual network.
 > * API updates in API Management typically synchronize to your API center within minutes, but synchronization can take up to 24 hours.
 > * API definitions also synchronize to the API center if you select the option to include them during integration.
 

articles/api-management/api-management-capacity.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 04/17/2025
+ms.date: 06/16/2025
 ms.author: danlep
 ms.custom:
   - fasttrack-edit
@@ -42,6 +42,9 @@ In the v2 tiers, the following metrics are available:
 
 * **Memory Percentage of Gateway** - The percentage of memory capacity used by the gateway units.
 
+    > [!NOTE]
+    > Currently, the Memory Percentage of Gateway metric isn't supported in the Premium v2 tier.
+
 Available aggregations for these metrics are as follows.
 
 * **Avg** - Average percentage of capacity used across gateway processes in every [unit](upgrade-and-scale.md) of an API Management instance. 

articles/api-management/api-management-howto-autoscale.md

@@ -13,7 +13,7 @@ ms.custom: engagement-fy23
 
 # Automatically scale an Azure API Management instance
 
-[!INCLUDE [api-management-availability-premium-standard-basic](../../includes/api-management-availability-premium-standard-basic.md)]
+[!INCLUDE [api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2](../../includes/api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2.md)]
 
 An Azure API Management service instance can scale automatically based on a set of rules. This behavior can be enabled and configured through [Azure Monitor autoscale](/azure/azure-monitor/autoscale/autoscale-overview#supported-services-for-autoscale).
 
@@ -64,7 +64,7 @@ Follow these steps to configure autoscale for an Azure API Management service:
     |-----------------------|-------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
     | Metric source         | Current resource  | Define the rule based on the current API Management resource metrics.                                                                                                                                                                                                     |
     | *Criteria*            |                   |                                                                                                                                                                                                                                                                                 |
-    | Metric name           | Capacity          | [Capacity metric](api-management-capacity.md) is an API Management metric reflecting usage of resources by an Azure API Management instance.                                                                                                                                                            |
+    | Metric name           | Capacity          | [Capacity metric](api-management-capacity.md) is one of the API Management metrics reflecting usage of resources by an Azure API Management instance. Choose a capacity metric supported in your API Management service tier.                                                                                                                                                           |
     | Location | Select the primary location of the API Management instance | |
     | Operator              | Greater than      |                                                                                                                                                                                                                                                                                 |
     | Metric threshold             | 70%               | The threshold for the averaged capacity metric. For considerations on setting this threshold, see [Using capacity for scaling decisions](api-management-capacity.md#use-capacity-for-scaling-decisions).                                                                                                                                                                                                                               |

articles/api-management/api-management-region-availability.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: concept-article
-ms.date: 05/28/2025
+ms.date: 06/17/2025
 ms.author: danlep
 ms.custom:
   - references_regions
@@ -34,7 +34,7 @@ Information in the following table is updated regularly. Capacity availability i
 | Central India  | ✅ | ✅ | |  |
 | East Asia | ✅ | ✅ | | ✅ |
 | East US  | ✅ | ✅ |  |  |
-| East US 2 | ✅ | ✅ |  | ✅ |
+| East US 2 | ✅ | ✅ | ✅ | ✅ |
 | France Central  | ✅ | ✅ | | ✅ |
 | Germany West Central  | ✅ | ✅ | ✅ | ✅ |
 | Japan East | ✅ | ✅ | | ✅ |

articles/api-management/developer-portal-overview.md

@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: concept-article
-ms.date: 04/28/2025
+ms.date: 06/04/2025
 ms.author: danlep 
 ---
 
@@ -64,9 +64,9 @@ If you're accessing the portal for the first time, the portal includes placehold
 For a step-by-step walkthrough of customizing and publishing the developer portal, see [Tutorial: Access and customize the developer portal](api-management-howto-developer-portal-customize.md).
 
 > [!IMPORTANT]
-> * Access to the developer portal by API publishers and consumers requires network connectivity to both the developer portal's endpoint (default: `https://<apim-instance-name>.portal.azure-api.net`) and the API Management instance's management endpoint (default: `https://<apim-instance-name>.management.azure-api.net`).
+> * Access to the developer portal by API publishers and consumers requires network connectivity to the developer portal's endpoint (default: `https://<apim-instance-name>.portal.azure-api.net`).
 > * Publishing the developer portal requires additional connectivity to blob storage managed by API Management in the West US region. 
-> * If the API Management instance is deployed in a VNet, ensure that the hostnames of the developer portal and management endpoint resolve properly and that you enable connectivity to required dependencies for the developer portal. [Learn more](virtual-network-reference.md).
+> * If the API Management instance is deployed in a VNet, ensure that the hostname of the developer portal resolves properly and that you enable connectivity to required dependencies for the developer portal. [Learn more](virtual-network-reference.md).
 
 ### Visual editor
 
@@ -268,4 +268,4 @@ Learn more about the developer portal:
 Browse other resources:
 
 - [GitHub repository with the source code](https://github.com/Azure/api-management-developer-portal)
-- [Frequently asked questions about the developer portal](developer-portal-faq.md)
+- [Frequently asked questions about the developer portal](developer-portal-faq.md)

articles/api-management/self-hosted-gateway-enable-dapr.md

@@ -18,7 +18,7 @@ Dapr integration in API Management enables operations teams to directly expose D
 
 ## About Dapr
 
-Dapr is a portable runtime for building stateless and stateful microservices-based applications with any language or framework. It codifies the common microservice patterns, like service discovery and invocation with build-in retry logic, publish-and-subscribe with at-least-once delivery semantics, or pluggable binding resources to ease composition using external services. Go to [dapr.io](https://dapr.io) for detailed information and instruction on how to get started with Dapr.
+Dapr is a portable runtime for building stateless and stateful microservices-based applications with any language or framework. It codifies the common microservice patterns, like service discovery and invocation with built-in retry logic, publish-and-subscribe with at-least-once delivery semantics, or pluggable binding resources to ease composition using external services. Go to [dapr.io](https://dapr.io) for detailed information and instruction on how to get started with Dapr.
 
 ## Enable Dapr support
 

articles/api-management/v2-service-tiers-overview.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: concept-article
-ms.date: 05/09/2025
+ms.date: 06/16/2025
 ms.author: danlep
 ms.custom:
   - references_regions
@@ -77,7 +77,6 @@ The following API Management capabilities are currently unavailable in the v2 ti
 * Multiple custom domain names 
 * Capacity metric - *replaced by CPU Percentage of Gateway and Memory Percentage of Gateway metrics*
 * Built-in analytics - *replaced by Azure Monitor-based dashboard*
-* Autoscaling
 * Upgrade to v2 tiers from classic tiers 
 * CA Certificates
 * Sending events to Event Grid

articles/api-management/validate-client-certificate-policy.md

@@ -54,11 +54,11 @@ For more information about custom CA certificates and certificate authorities, s
 
 | Name                            | Description      | Required |  Default    |
 | ------------------------------- | -----------------| -------- | ----------- |
-| validate-revocation  | Boolean. Specifies whether certificate is validated against online revocation list. Policy expressions aren't allowed.  | No  | `true`  |
-| validate-trust | Boolean. Specifies if validation should fail in case chain cannot be successfully built up to trusted CA. Policy expressions aren't allowed. | No | `true` |
-| validate-not-before | Boolean. Validates value against current time. Policy expressions aren't allowed.| No | `true` |
-| validate-not-after  | Boolean. Validates value against current time. Policy expressions aren't allowed.| No | `true`|
-| ignore-error  | Boolean. Specifies if policy should proceed to the next handler or jump to on-error upon failed validation. Policy expressions aren't allowed. | No | `false` |
+| validate-revocation | Boolean. Specifies whether certificate is validated against online revocation list. Policy expressions aren't allowed. | No  | `true`  |
+| validate-trust| Boolean. Specifies if validation should fail in case chain cannot be successfully built up to trusted CA. Policy expressions aren't allowed. | No | `true` |
+| validate-not-before | Boolean. Validates value against current time. Policy expressions aren't allowed.| No| `true` |
+| validate-not-after | Boolean. Validates value against current time. Policy expressions aren't allowed.| No| `true`|
+| ignore-error | Boolean. Specifies if policy should proceed to the next handler or jump to on-error upon failed validation. Policy expressions aren't allowed. | No | `false` |
 
 ## Elements
 
@@ -70,27 +70,24 @@ For more information about custom CA certificates and certificate authorities, s
 
 | Name                            | Description      | Required |  Default    |
 | ------------------------------- | -----------------| -------- | ----------- |
-| thumbprint | Certificate thumbprint. | No | N/A |
+| thumbprint | Certificate SHA-1 thumbprint. | No | N/A |
 | serial-number | Certificate serial number. | No | N/A |
 | common-name | Certificate common name (part of Subject string). | No | N/A |
 | subject | Subject string. Must follow format of Distinguished Name, which consists of comma-separated name attributes, for example, *"CN=MyName, OU=MyOrgUnit, C=US..."*.| No | N/A | 
 | dns-name | Value of dnsName entry inside Subject Alternative Name claim. | No | N/A |
-| issuer-subject | Issuer's subject. Must follow format of Distinguished Name, which consists of comma-separated name attributes, for example, *"CN=MyName, OU=MyOrgUnit, C=US..."*. | No | N/A |
-| issuer-thumbprint | Issuer thumbprint. | No | N/A |
-| issuer-certificate-id | Identifier of existing certificate entity representing the issuer's public key. Mutually exclusive with other issuer attributes.  | No | N/A |
+| issuer-subject | Issuer's subject. Must follow format of Distinguished Name. | No | N/A |
+| issuer-thumbprint | Issuer SHA-1 thumbprint. | No | N/A |
+| issuer-certificate-id | Identifier of existing certificate entity representing the issuer's public key. Mutually exclusive with other issuer attributes. | No | N/A |
+
 
 ## Usage
 
 - [**Policy sections:**](./api-management-howto-policies.md#understanding-policy-configuration) inbound
 - [**Policy scopes:**](./api-management-howto-policies.md#scopes) global, workspace, product, API, operation
 - [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption, self-hosted, workspace
 
+## Examples
 
-### Usage notes
-
-* You must use double quotes to enclose values of name attributes in the `subject` and `issuer-subject` attributes when they contain certain special characters such as ",". For example, specify `O="Contoso, Inc."` instead of `O=Contoso, Inc.` for the organization name. [Learn more](/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#remarks)
-
-## Example
 
 The following example validates a client certificate to match the policy's default validation rules and checks whether the subject and issuer name match specified values.
 
@@ -109,6 +106,25 @@ The following example validates a client certificate to match the policy's defau
 </validate-client-certificate> 
 ```
 
+The following example performs a stricter validation by cheking whether the subject thumbprint and the issuer thumbprint match specified values.
+
+```xml
+<validate-client-certificate 
+    validate-revocation="true" 
+    validate-trust="true" 
+    validate-not-before="true" 
+    validate-not-after="true" 
+    ignore-error="false">
+    <identities>
+        <identity
+            thumbprint="AA11BB22CC33DD44EE55FF66AA77BB88CC99DD00"
+            issuer-thumbprint="BB22CC33DD44EE55FF66AA77BB88CC99DD00EE11" />
+    </identities>
+</validate-client-certificate> 
+```
+
+
+
 ## Related policies
 
 * [Authentication and authorization](api-management-policies.md#authentication-and-authorization)

articles/api-management/virtual-network-reference.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: reference
-ms.date: 04/17/2025
+ms.date: 06/17/2025
 ms.author: danlep
 ms.custom: references_regions
 ---
@@ -42,6 +42,7 @@ When an API Management service instance is hosted in a VNet, the ports in the fo
 |-------|--------------|----------|---------|------------|-----------|-----|--------|-----|
 | Inbound | Internet | * | VirtualNetwork | [80], 443 |  TCP                | Allow           | **Client communication to API Management**                     | External only            |
 | Inbound | ApiManagement | * | VirtualNetwork | 3443                                 | TCP                | Allow       | **Management endpoint for Azure portal and PowerShell**         | External & Internal  |
+| Outbound | VirtualNetwork | * | Internet | 80                  |  TCP | Allow  | **Validation and management of Microsoft-managed and customer-managed certificates**      | External & Internal  |
 | Outbound | VirtualNetwork | * | Storage | 443                  |  TCP                | Allow             | **Dependency on Azure Storage**                             | External & Internal  |
 | Outbound | VirtualNetwork |  * | AzureActiveDirectory | 443                             | TCP                | Allow | [Microsoft Entra ID, Microsoft Graph,](api-management-howto-aad.md) and Azure Key Vault dependency (optional)              | External & Internal  |
 | Outbound | VirtualNetwork | * | AzureConnectors | 443                  |  TCP                | Allow | [managed connections](credentials-overview.md) dependency (optional)              | External & Internal  |