Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

articles/app-service/overview-private-endpoint.md

@@ -28,9 +28,9 @@ Using private endpoint for your app enables you to:
 
 A private endpoint is a special network interface (NIC) for your App Service app in a subnet in your virtual network.
 When you create a private endpoint for your app, it provides secure connectivity between clients on your private network and your app. The private endpoint is assigned an IP Address from the IP address range of your virtual network.
-The connection between the private endpoint and the app uses a secure [Private Link](../private-link/private-link-overview.md). Private endpoint is only used for incoming traffic to your app. Outgoing traffic won't use this private endpoint. You can inject outgoing traffic to your network in a different subnet through the [virtual network integration feature](./overview-vnet-integration.md).
+The connection between the private endpoint and the app uses a secure [Private Link](../private-link/private-link-overview.md). Private endpoint is only used for incoming traffic to your app. Outgoing traffic doesn't use this private endpoint. You can inject outgoing traffic to your network in a different subnet through the [virtual network integration feature](./overview-vnet-integration.md).
 
-Each slot of an app is configured separately. You can plug up to 100 private endpoints per slot. You can't share a private endpoint between slots. The sub-resource name of a slot is `sites-<slot-name>`.
+Each slot of an app is configured separately. You can plug up to 100 private endpoints per slot. You can't share a private endpoint between slots. The subresource name of a slot is `sites-<slot-name>`.
 
 The subnet where you plug the private endpoint can have other resources in it, you don't need a dedicated empty subnet.
 You can also deploy the private endpoint in a different region than your app. 
@@ -40,11 +40,11 @@ You can also deploy the private endpoint in a different region than your app.
 
 From a security perspective:
 
-- Private endpoint and public access can co-exist on an app. For more information, see [overview of access restrictions](./overview-access-restrictions.md#how-it-works)
+- Private endpoint and public access can coexist on an app. For more information, see [overview of access restrictions](./overview-access-restrictions.md#how-it-works)
 - When you enable private endpoints to your app, ensure that public network access is disabled to ensure isolation.
 - You can enable multiple private endpoints in others virtual networks and subnets, including virtual network in other regions.
 - The access restrictions rules of your app aren't evaluated for traffic through the private endpoint.
-- You can eliminate the data exfiltration risk from the virtual network by removing all NSG rules where destination is tag Internet or Azure services.
+- You can eliminate the data exfiltration risk from the virtual network by removing all Network Security Group (NSG) rules where destination is tag Internet or Azure services.
 
 In the Web HTTP logs of your app, you find the client source IP. This feature is implemented using the TCP Proxy protocol, forwarding the client IP property up to the app. For more information, see [Getting connection Information using TCP Proxy v2](../private-link/private-link-service-overview.md#getting-connection-information-using-tcp-proxy-v2).
 
@@ -55,10 +55,9 @@ In the Web HTTP logs of your app, you find the client source IP. This feature is
 
 ## DNS
 
-When you use private endpoint for App Service apps, the requested URL must match the name of your app. By default mywebappname.azurewebsites.net (see [note at top](#dnl-note)).
+When you use private endpoint for App Service apps, the requested URL must match the name of your app. By default `<app-name>.azurewebsites.net`. When you're using [unique default hostname](#dnl-note) your app name has the format `<app-name>-<random-hash>.<region>.azurewebsites.net`. In the examples below _mywebapp_ could also represent the full regionalized unique hostname.
 
-By default, without private endpoint, the public name of your web app is a canonical name to the cluster.
-For example, the name resolution is:
+By default, without private endpoint, the public name of your web app is a canonical name to the cluster. For example, the name resolution is:
 
 |Name |Type |Value |
 |-----|-----|------|
@@ -86,13 +85,13 @@ For example, the name resolution is:
 |mywebapp.azurewebsites.net|CNAME|mywebapp.privatelink.azurewebsites.net|<--Azure creates this CNAME entry in Azure Public DNS to point the app address to the private endpoint address|
 |mywebapp.privatelink.azurewebsites.net|A|10.10.10.8|<--You manage this entry in your DNS system to point to your private endpoint IP address|
 
-After this DNS configuration, you can reach your app privately with the default name mywebappname.azurewebsites.net. You must use this name, because the default certificate is issued for *.azurewebsites.net.
+After this DNS configuration, you can reach your app privately with the default name mywebapp.azurewebsites.net. You must use this name, because the default certificate is issued for *.azurewebsites.net.
 
 
 If you need to use a custom DNS name, you must add the custom name in your app and you must validate the custom name like any custom name, using public DNS resolution. 
 For more information, see [custom DNS validation](./app-service-web-tutorial-custom-domain.md).
 
-For the Kudu console, or Kudu REST API (deployment with Azure DevOps self-hosted agents for example), you must create two records pointing to the private endpoint IP in your Azure DNS private zone or your custom DNS server. The first is for your app, the second is for the SCM of your app.
+For the Kudu console, or Kudu REST API (deployment with Azure DevOps Services self-hosted agents for example) you must create two records pointing to the private endpoint IP in your Azure DNS private zone or your custom DNS server. The first is for your app, the second is for the SCM of your app.
 
 | Name | Type | Value |
 |-----|-----|-----|
@@ -111,7 +110,7 @@ az appservice ase update --name myasename --allow-new-private-endpoint-connectio
 
 ## Specific requirements
 
-If the virtual network is in a different subscription than the app, you must ensure that the subscription with the virtual network is registered for the `Microsoft.Web` resource provider. You can explicitly register the provider [by following this documentation](../azure-resource-manager/management/resource-providers-and-types.md#register-resource-provider), but you also automatically register the provider when you create the first web app in a subscription.
+If the virtual network is in a different subscription than the app, you must ensure that the subscription with the virtual network is registered for the `Microsoft.Web` resource provider. You can explicitly register the provider [by following this documentation](../azure-resource-manager/management/resource-providers-and-types.md#register-resource-provider) but you also automatically register the provider when you create the first web app in a subscription.
 
 ## Pricing
 
@@ -120,12 +119,12 @@ For pricing details, see [Azure Private Link pricing](https://azure.microsoft.co
 
 ## Limitations
 
-* When you use Azure Function in Elastic Premium plan with private endpoint, to run or execute the function in Azure portal, you must have direct network access or you receive an HTTP 403 error. In other words, your browser must be able to reach the private endpoint to execute the function from the Azure portal. 
+* When you use Azure Function in Elastic Premium plan with private endpoint, to run or execute the function in Azure portal you must have direct network access or you receive an HTTP 403 error. In other words, your browser must be able to reach the private endpoint to execute the function from the Azure portal. 
 * You can connect up to 100 private endpoints to a particular app.
 * Remote Debugging functionality isn't available through the private endpoint. The recommendation is to deploy the code to a slot and remote debug it there.
 * FTP access is provided through the inbound public IP address. Private endpoint doesn't support FTP access to the app.
 * IP-Based SSL isn't supported with private endpoints.
-* Apps that you configure with private endpoints cannot receive public traffic coming from subnets with `Microsoft.Web` service endpoint enabled and cannot use [service endpoint-based access restriction rules](./overview-access-restrictions.md#access-restriction-rules-based-on-service-endpoints).
+* Apps that you configure with private endpoints can't receive public traffic coming from subnets with `Microsoft.Web` service endpoint enabled and can't use [service endpoint-based access restriction rules](./overview-access-restrictions.md#access-restriction-rules-based-on-service-endpoints).
 * Private endpoint naming must follow the rules defined for resources of type `Microsoft.Network/privateEndpoints`. Naming rules can be found [here](../azure-resource-manager/management/resource-name-rules.md#microsoftnetwork). 
 
 We're improving Azure Private Link feature and private endpoint regularly, check [this article](../private-link/private-endpoint-overview.md#limitations) for up-to-date information about limitations.

articles/application-gateway/proxy-buffers.md

@@ -5,36 +5,36 @@ services: application-gateway
 author: greg-lindsay
 ms.service: azure-application-gateway
 ms.topic: how-to
-ms.date: 08/03/2022
+ms.date: 09/25/2024
 ms.author: greglin
 #Customer intent: As a user, I want to know how can I disable/enable proxy buffers.
 ---
 
 # Configure Request and Response Proxy Buffers
 
-Azure Application Gateway Standard v2 SKU supports buffering Requests (from clients) or Responses (from the backend servers). Based on the processing capabilities of the clients that interact with your Application Gateway, you can use these buffers to configure the speed of packet delivery.
+Azure Application Gateway Standard v2 SKU supports buffering Requests from clients or Responses (from the backend servers). Based on the processing capabilities of the clients that interact with your application gateway, you can use these buffers to configure the speed of packet delivery.
 
 ## Response Buffer 
 
-Application Gateway's Response buffer can collect all or parts of the response packets sent by the backend server, before delivering them to the clients. By default, the Response buffering is enabled on Application Gateway which is useful to accommodate slow clients. This setting allows you to conserve the backend TCP connections as they can be closed once Application Gateway receives complete response and work according to the client's processing speed. This way, your Application Gateway will continue to deliver the response as per client’s pace. 
+Application Gateway's response buffer can collect all or parts of the response packets sent by the backend server, before delivering them to the clients. By default, the Response buffering is enabled on Application Gateway which is useful to accommodate slow clients. This setting allows you to conserve the backend TCP connections as they can be closed once Application Gateway receives complete response and work according to the client's processing speed. This way, your Application Gateway continues to deliver the response as per the client’s pace. 
 
 
 ## Request Buffer 
 
-In a similar way, Application Gateway's Request buffer can temporarily store the entire or parts of the request body, and then forward a larger upload request at once to the backend server. By default, Request buffering setting is enabled on Application Gateway and is useful to offload the processing function of re-assembling the smaller packets of data on the backend server.
+In a similar way, Application Gateway's Request buffer can temporarily store the entire or parts of the request body, and then forward a larger upload request at once to the backend server. By default, Request buffering setting is enabled on Application Gateway and is useful to offload the processing function of reassembling the smaller packets of data on the backend server.
 
 
 >[!NOTE]
->By default, both Request and Response buffers are enabled on your Application Gateway resource but you can choose to configure them separately. Further, the settings are applied at a resource level and cannot be managed separately for each listener.
+>By default, both Request and Response buffers are enabled on your Application Gateway resource but you can choose to configure them separately. Further, the settings are applied at a resource level and can't be managed separately for each listener.
  
 </br>
 
-You can keep either the Request or Response buffer, enabled or disable, based on your requirements and/or the observed performance of the client systems that communicate with your Application Gateway. 
+You can keep either the Request or Response buffer, enabled or disabled, based on your requirements and the observed performance of the client systems that communicate with your Application Gateway. 
 
 </br>
 
 > [!WARNING]
->We strongly recommend that you test and evaluate the performance before rolling this out on the production gateways. 
+> We strongly recommend that you test and evaluate the performance before rolling this out on the production gateways. 
 
 ## How to change the buffer settings? 
 
@@ -51,6 +51,20 @@ az network application-gateway update --name <gw-name> --resource-group <rg-name
  az network application-gateway update --name <gw-name> --resource-group <rg-name> --set globalConfiguration.enableRequestBuffering=false
 ```
 
+### PowerShell method
+
+**New application gateway**
+```PowerShell
+$AppGw02 = New-AzApplicationGateway -Name "ApplicationGateway02" -ResourceGroupName "ResourceGroup02" -Location $location -BackendAddressPools $pool -BackendHttpSettingsCollection $poolSetting01 -FrontendIpConfigurations $fipconfig -GatewayIpConfigurations $gipconfig -FrontendPorts $fp01 -HttpListeners $listener01 -RequestRoutingRules $rule01 -Sku $sku -EnableRequestBuffering:$false -EnableResponseBuffering:$false
+```
+**Update an existing application gateway**
+```PowerShell
+$appgw = Get-AzApplicationGateway -Name $appgwName -ResourceGroupName $rgname
+$appgw.EnableRequestBuffering = $false
+$appgw.EnableResponseBuffering = $false
+Set-AzApplicationGateway -ApplicationGateway $appgw
+```
+
 ### ARM template method
 
 ```json
@@ -85,5 +99,5 @@ For reference, visit [Azure SDK for .NET](/dotnet/api/microsoft.azure.management
 
 ## Limitations
 - API version 2020-01-01 or later should be used to configure buffers.
-- Currently, these changes are not supported through Portal and PowerShell.
-- Request buffering cannot be disabled if you are running the WAF SKU of Application Gateway. The WAF requires the full request to buffer as part of processing, therefore, even if you disable request buffering within Application Gateway the WAF will still buffer the request. Response buffering is not impacted by the WAF.
+- Currently, these changes aren't supported through Portal and PowerShell.
+- Request buffering can't be disabled if you're running the WAF SKU of Application Gateway. The WAF requires the full request to buffer as part of processing, therefore, even if you disable request buffering within Application Gateway the WAF still buffers the request. Response buffering isn't impacted by the WAF.

articles/azure-app-configuration/concept-experimentation.md

@@ -98,7 +98,7 @@ Benefits:
 
 ### For intelligent applications (for example, AI-based features)
 
-Objective: Accelerate General AI (Gen AI) adoption and optimize AI models and use cases through rapid experimentation.
+Objective: Accelerate Generative AI (Gen AI) adoption and optimize AI models and use cases through rapid experimentation.
 
 Approach: Use experimentation to iterate quickly on AI models, test different scenarios, and determine effective approaches.
 

articles/azure-functions/flex-consumption-plan.md

@@ -136,18 +136,13 @@ In Flex Consumption, many of the standard application settings and site configur
 
 Keep these other considerations in mind when using Flex Consumption plan during the current preview:
 
-+ ** Host ** There is a 30 seconds timeout for the app initialization. If your function app takes longer than 30 seconds to start you will see gRPC related System.TimeoutException entries. This will be configurable and a more clear exception will be implemented as part of [this host work item](https://github.com/Azure/azure-functions-host/issues/10482).
-+ ** Durable Functions Performance ** Due to the per function scaling nature of Flex Consumption, to ensure the best performance for Durable Functions we recommend setting the [Always Ready instance count](./flex-consumption-how-to.md#set-always-ready-instance-counts) for the `durable` group to `1`. Also, with the Azure Storage provider, consider reducing the [queue polling interval](./durable/durable-functions-azure-storage-provider.md#queue-polling) to 10 seconds or less.  
++ **Host**: There is a 30 seconds timeout for the app initialization. If your function app takes longer than 30 seconds to start you will see gRPC related System.TimeoutException entries. This timeout will be configurable and a more clear exception will be implemented as part of [this host work item](https://github.com/Azure/azure-functions-host/issues/10482).
++ **Durable Functions Performance**: Due to the per function scaling nature of Flex Consumption, to ensure the best performance for Durable Functions we recommend setting the [Always Ready instance count](./flex-consumption-how-to.md#set-always-ready-instance-counts) for the `durable` group to `1`. Also, with the Azure Storage provider, consider reducing the [queue polling interval](./durable/durable-functions-azure-storage-provider.md#queue-polling) to 10 seconds or less.  
 + **VNet Integration** Ensure that the `Microsoft.App` Azure resource provider is enabled for your subscription by [following these instructions](/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider). The subnet delegation required by Flex Consumption apps is `Microsoft.App/environments`.
 + **Triggers**: All triggers are fully supported except for Kafka and Azure SQL triggers. The Blob storage trigger only supports the [Event Grid source](./functions-event-grid-blob-trigger.md). Non-C# function apps must use version `[4.0.0, 5.0.0)` of the [extension bundle](./functions-bindings-register.md#extension-bundles), or a later version. 
-+ **Regions**:
-  + Not all regions are currently supported. To learn more, see [View currently supported regions](flex-consumption-how-to.md#view-currently-supported-regions).
-  + There is a temporary limitation where App Service quota limits for creating new apps are also being applied to Flex Consumption apps. If you see the following error "This region has quota of 0 instances for your subscription. Try selecting different region or SKU." please raise a support ticket so that your app creation can be unblocked.
-+ **Deployments**: These deployment-related features aren't currently supported:
-  + Deployment slots
-  + Continuous deployment using Azure DevOps Tasks (`AzureFunctionApp@2`)
-  + Continuous deployment using GitHub Actions (`functions-action@v1`) 
-+ **Scale**: The lowest maximum scale in preview is `40`. The highest currently supported value is `1000`.
++ **Regions**: Not all regions are currently supported. To learn more, see [View currently supported regions](flex-consumption-how-to.md#view-currently-supported-regions).
++ **Deployments**: Deployment slots are not currently supported.
++ **Scale**: The lowest maximum scale in preview is `40`. The highest currently supported value is `1000`. 
 + **Managed dependencies**: [Managed dependencies in PowerShell](functions-reference-powershell.md#dependency-management) aren't supported by Flex Consumption. You must instead [define your own custom modules](functions-reference-powershell.md#custom-modules).
 + **Diagnostic settings**: Diagnostic settings are not currently supported.