Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into tamram24-0116

Author: tamram

articles/aks/best-practices-performance-scale-large.md

@@ -3,7 +3,7 @@ title: Performance and scaling best practices for large workloads in Azure Kuber
 titleSuffix: Azure Kubernetes Service
 description: Learn the best practices for performance and scaling for large workloads in Azure Kubernetes Service (AKS).
 ms.topic: conceptual
-ms.date: 11/03/2023
+ms.date: 01/18/2024
 ---
 
 # Best practices for performance and scaling for large workloads in Azure Kubernetes Service (AKS)
@@ -33,10 +33,10 @@ Kubernetes has a multi-dimensional scale envelope with each resource type repres
 
 The control plane manages all the resource scaling in the cluster, so the more you scale the cluster within a given dimension, the less you can scale within other dimensions. For example, running hundreds of thousands of pods in an AKS cluster impacts how much pod churn rate (pod mutations per second) the control plane can support.
 
-The size of the envelope is proportional to the size of the Kubernetes control plane. AKS supports two control plane tiers as part of the Base SKU: the Free tier and the Standard tier. For more information, see [Free and Standard pricing tiers for AKS cluster management][free-standard-tier].
+The size of the envelope is proportional to the size of the Kubernetes control plane. AKS supports three control plane tiers as part of the Base SKU: Free, Standard, and Premium tier. For more information, see [Free, Standard, and Premium pricing tiers for AKS cluster management][pricing-tiers].
 
 > [!IMPORTANT]
-> We highly recommend using the Standard tier for production or at-scale workloads. AKS automatically scales up the Kubernetes control plane to support the following scale limits:
+> We highly recommend using the Standard or Premium tier for production or at-scale workloads. AKS automatically scales up the Kubernetes control plane to support the following scale limits:
 >
 > * Up to 5,000 nodes per AKS cluster
 > * 200,000 pods per AKS cluster (with Azure CNI Overlay)
@@ -115,7 +115,7 @@ As you scale your AKS clusters to larger scale points, keep the following node p
 [managed-nat-gateway]: ./nat-gateway.md
 [azure-cni-dynamic-ip]: ./configure-azure-cni-dynamic-ip-allocation.md
 [azure-cni-overlay]: ./azure-cni-overlay.md
-[free-standard-tier]: ./free-standard-pricing-tiers.md
+[pricing-tiers]: ./free-standard-pricing-tiers.md
 [cluster-autoscaler]: cluster-autoscaler.md
 [azure-npm]: ../virtual-network/kubernetes-network-policies.md
 

articles/api-management/api-management-gateways-overview.md

@@ -101,7 +101,8 @@ The following table compares features available in the managed gateway versus th
 | [Synthetic GraphQL](graphql-apis-overview.md)|  ✔️ |  ✔️<sup>1</sup> | ✔️<sup>1</sup> |
 | [Pass-through WebSocket](websocket-api.md) |  ✔️ |  ❌ | ✔️ |
 | [Pass-through gRPC](grpc-api.md) |  ❌ |  ❌ | ✔️ |
-| [Circuit Breaker](backends.md#circuit-breaker-preview) |  ✔️ |  ✔️ | ✔️ |
+| [Circuit breaker in backend](backends.md#circuit-breaker-preview) |  ✔️ |  ❌ | ✔️ |
+| [Load-balanced backend pool](backends.md#load-balanced-pool-preview) |  ✔️ |  ✔️ | ✔️ |
 
 <sup>1</sup> Synthetic GraphQL subscriptions (preview) aren't supported.
 

articles/api-management/authentication-authorization-overview.md

@@ -123,7 +123,7 @@ Examples:
 
 * [Configure credential manager - Microsoft Graph API](credentials-how-to-azure-ad.md)
 * [Configure credential manager - GitHub API](credentials-how-to-github.md)
-* [Configure credential manager - user delegated access to backend APIs](credentials-how-to-github.md)
+* [Configure credential manager - user delegated access to backend APIs](credentials-how-to-user-delegated.md)
 
 ## Other options to secure APIs
 

articles/api-management/backends.md

@@ -89,6 +89,10 @@ Starting in API version 2023-03-01 preview, API Management exposes a [circuit br
 
 The backend circuit breaker is an implementation of the [circuit breaker pattern](/azure/architecture/patterns/circuit-breaker) to allow the backend to recover from overload situations. It augments general [rate-limiting](rate-limit-policy.md) and [concurrency-limiting](limit-concurrency-policy.md) policies that you can implement to protect the API Management gateway and your backend services.
 
+> [!NOTE]
+> * Currently, the backend circuit breaker isn't supported in the **Consumption** tier of API Management.
+> * Because of the distributed nature of the API Management architecture, circuit breaker tripping rules are approximate. Different instances of the gateway do not synchronize and will apply circuit breaker rules based on the information on the same instance.
+
 ### Example
 
 Use the API Management [REST API](/rest/api/apimanagement/backend) or a Bicep or ARM template to configure a circuit breaker in a backend. In the following example, the circuit breaker in *myBackend* in the API Management instance *myAPIM* trips when there are three or more `5xx` status codes indicating server errors in a day. The circuit breaker resets after one hour.
@@ -177,7 +181,9 @@ Use a backend pool for scenarios such as the following:
 To create a backend pool, set the `type` property of the backend to `pool` and specify a list of backends that make up the pool.
 
 > [!NOTE]
-> Currently, you can only include single backends in a backend pool. You can't add a backend of type `pool` to another backend pool.
+> * Currently, you can only include single backends in a backend pool. You can't add a backend of type `pool` to another backend pool.
+> * Because of the distributed nature of the API Management architecture, backend load balancing is approximate. Different instances of the gateway do not synchronize and will load balance based on the information on the same instance.
+
 
 ### Example
 

articles/bastion/bastion-faq.md

@@ -241,6 +241,10 @@ Make sure the user has **read** access to both the VM, and the peered VNet. Addi
 |Microsoft.Network/virtualNetworks/subnets/virtualMachines/read|Gets references to all the virtual machines in a virtual network subnet|Action|
 |Microsoft.Network/virtualNetworks/virtualMachines/read|Gets references to all the virtual machines in a virtual network|Action|
 
+### I am connecting to a VM using a JIT policy, do I need additional permissions?
+
+If user is connecting to a VM using a JIT policy, there is no additional permissions needed. For more information on connecting to a VM using a JIT policy, see [Enable just-in-time access on VMs](../defender-for-cloud/just-in-time-access-usage.md)
+
 ### My privatelink.azure.com can't resolve to management.privatelink.azure.com
 
 This may be due to the Private DNS zone for privatelink.azure.com linked to the Bastion virtual network causing management.azure.com CNAMEs to resolve to management.privatelink.azure.com behind the scenes. Create a CNAME record in their privatelink.azure.com zone for management.privatelink.azure.com to arm-frontdoor-prod.trafficmanager.net to enable successful DNS resolution.

articles/connectors/connectors-create-api-azureblobstorage.md

@@ -5,7 +5,7 @@ services: logic-apps
 ms.suite: integration
 ms.reviewer: estfan, azla
 ms.topic: how-to
-ms.date: 01/10/2024
+ms.date: 01/18/2024
 tags: connectors
 ---
 
@@ -39,6 +39,13 @@ The Azure Blob Storage connector has different versions, based on [logic app typ
 
     1. Follow the trigger with the Azure Blob Storage managed connector action named [**Get blob content**](/connectors/azureblobconnector/#get-blob-content), which reads the complete file and implicitly uses chunking.
 
+- Azure Blob Storage trigger limits
+
+  - The *managed* connector trigger is limited to 30,000 blobs in the polling virtual folder.
+  - The *built-in* connector trigger is limited to 10,000 blobs in the entire polling container.
+  
+  If the limit is exceeded, a new blob might not be able to trigger the workflow, so the trigger is skipped.
+
 ## Prerequisites
 
 - An Azure account and subscription. If you don't have an Azure subscription, [sign up for a free Azure account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).

articles/data-share/concepts-roles-permissions.md

@@ -309,7 +309,9 @@ The following shows an example of how the required actions will be listed in JSO
 
 "Microsoft.Storage/storageAccounts/blobServices/containers/read", 
 
-"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action", 
+"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action",
+
+"Microsoft.Storage/storageAccounts/listkeys/action",
 
 "Microsoft.DataShare/accounts/read", 
 

articles/healthcare-apis/.openpublishing.redirection.healthcare-apis.json

@@ -486,15 +486,17 @@
     {   "source_path_from_root": "/articles/healthcare-apis/dicom/dicom-configure-azure-rbac-old.md",
         "redirect_url": "/azure/healthcare-apis/dicom/dicom-configure-azure-rbac",
         "redirect_document_id": true     
-      },
-    {  "source_path_from_root": "/articles/healthcare-apis/dicom/export-dicom-files.md",
+    },
+    {  
+       "source_path_from_root": "/articles/healthcare-apis/dicom/export-dicom-files.md",
        "redirect_url": "/azure/healthcare-apis/dicom/export-files",
        "redirect_document_id": true     
-    },     
-    {  "source_path_from_root": "/articles/healthcare-apis/dicom/update-files.md",
-       "redirect_url": "/azure/healthcare-apis/dicom/overview",
-       "redirect_document_id": false     
     },
+    {  
+       "source_path_from_root": "/articles/healthcare-apis/dicom/dicom-change-feed-overview.md",
+       "redirect_url": "/azure/healthcare-apis/dicom/change-feed-overview",
+       "redirect_document_id": true   
+    },     
       {
           "source_path_from_root": "/articles/healthcare-apis/fhir/configure-azure-rbac-for-fhir.md",
           "redirect_url": "/azure/healthcare-apis/configure-azure-rbac",

articles/healthcare-apis/dicom/dicom-change-feed-overview.md renamed to articles/healthcare-apis/dicom/change-feed-overview.md

@@ -1,17 +1,17 @@
 ---
-title:  Overview of DICOM change feed - Azure Health Data Services
-description: In this article, you learn the concepts of DICOM change feed.
+title:  Change feed overview for the DICOM service in Azure Health Data Services
+description: Learn how to use the change feed in the DICOM service to access the logs of all the changes that occur in your organization's medical imaging data. The change feed allows you to query, process, and act upon the change events in a scalable and efficient way.
 author: mmitrik
 ms.service: healthcare-apis
 ms.subservice: dicom
 ms.topic: conceptual
-ms.date: 10/9/2023
+ms.date: 1/18/2024
 ms.author: mmitrik
 ---
 
 # Change feed overview
 
-The change feed provides logs of all the changes that occur in the DICOM® service. The change feed provides ordered, guaranteed, immutable, and read-only logs of these changes. The change feed offers the ability to go through the history of DICOM service and acts upon the creates and deletes in the service.
+The change feed provides logs of all the changes that occur in the DICOM® service. The change feed provides ordered, guaranteed, immutable, and read-only logs of these changes. The change feed offers the ability to go through the history of DICOM service and acts upon the creates, updates, and deletes in the service.
 
 Client applications can read these logs at any time in batches of any size. The change feed enables you to build efficient and scalable solutions that process change events that occur in your DICOM service.
 
@@ -38,7 +38,7 @@ Sequence            | long      | The unique ID per change event
 StudyInstanceUid    | string    | The study instance UID
 SeriesInstanceUid   | string    | The series instance UID
 SopInstanceUid      | string    | The sop instance UID
-Action              | string    | The action that was performed - either `create` or `delete`
+Action              | string    | The action that was performed - either `create`, `update`, or `delete`
 Timestamp           | datetime  | The date and time the action was performed in UTC
 State               | string    | [The current state of the metadata](#states)
 Metadata            | object    | Optionally, the current DICOM metadata if the instance exists
@@ -48,12 +48,12 @@ Metadata            | object    | Optionally, the current DICOM metadata if the
 State    | Description
 :------- | :---
 current  | This instance is the current version.
-replaced | This instance has been replaced by a new version.
-deleted  | This instance has been deleted and is no longer available in the service.
+replaced | This instance is replaced with a new version.
+deleted  | This instance is deleted and is no longer available in the service.
 
 ## Change feed
 
-The change feed resource is a collection of events that have occurred within the DICOM server.
+The change feed resource is a collection of events that occurred within the DICOM server.
 
 ### Version 2
 
@@ -152,7 +152,7 @@ limit           | int      | The maximum value of the sequence number relative t
 includeMetadata | bool     | Indicates whether or not to include the DICOM metadata | `true` | | |
 
 ## Latest change feed
-The latest change feed resource represents the latest event that has occurred within the DICOM Server.
+The latest change feed resource represents the latest event that occurred within the DICOM server.
 
 ### Request
 ```http
@@ -168,7 +168,7 @@ Content-Type: application/json
     "StudyInstanceUid": "{uid}",
     "SeriesInstanceUid": "{uid}",
     "SopInstanceUid": "{uid}",
-    "Action": "create|delete",
+    "Action": "create|update|delete",
     "Timestamp": "2020-03-05T07:13:16.4834Z",
     "State": "current|replaced|deleted",
     "Metadata": {
@@ -208,15 +208,15 @@ includeMetadata | bool | Indicates whether or not to include the metadata | `tru
 2. On some regular polling interval, the application performs the following actions:
     * Fetches the latest sequence number from the `/changefeed/latest` endpoint
     * Fetches the next set of changes for processing by querying the change feed with the current offset
-        * For example, if the application has currently processed up to sequence number 15 and it only wants to process at most 5 events at once, then it should use the URL `/changefeed?offset=15&limit=5`
+        * For example, if the application processed up to sequence number 15 and it only wants to process at most five events at once, then it should use the URL `/changefeed?offset=15&limit=5`
     * Processes any entries return by the `/changefeed` resource
     * Updates its current sequence number to either:
         1. The maximum sequence number returned by the `/changefeed` resource
         2. The `offset` + `limit` if no change events were returned from the `/changefeed` resource, but the latest sequence number returned by `/changefeed/latest` is greater than the current sequence number used for `offset`
 
 ### Other potential usage patterns
 
-Change feed support is well suited for scenarios that process data based on objects that have changed. For example, it can be used to:
+Change feed support is well-suited for scenarios that process data based on objects that are changed. For example, it can be used to:
 
 * Build connected application pipelines like ML that react to change events or schedule executions based on created or deleted instance.
 * Extract business analytics insights and metrics, based on changes that occur to your objects.