Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into dmlib-update

Author: pauljewellmsft

articles/app-service/configure-authentication-oauth-tokens.md

@@ -37,7 +37,7 @@ From your client code (such as a mobile app or in-browser JavaScript), send an H
 When your provider's access token (not the [session token](#extend-session-token-expiration-grace-period)) expires, you need to reauthenticate the user before you use that token again. You can avoid token expiration by making a `GET` call to the `/.auth/refresh` endpoint of your application. When called, App Service automatically refreshes the access tokens in the [token store](overview-authentication-authorization.md#token-store) for the authenticated user. Subsequent requests for tokens by your app code get the refreshed tokens. However, for token refresh to work, the token store must contain [refresh tokens](/entra/identity-platform/refresh-tokens) for your provider. The way to get refresh tokens are documented by each provider, but the following list is a brief summary:
 
 - **Google**: Append an `access_type=offline` query string parameter to your `/.auth/login/google` API call. For more information, see [Google Refresh Tokens](https://developers.google.com/identity/protocols/OpenIDConnect#refresh-tokens).
-- **Facebook**: Doesn't provide refresh tokens. Long-lived tokens expire in 60 days (see [Facebook Expiration and Extension of Access Tokens](https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension)).
+- **Facebook**: Doesn't provide refresh tokens. Long-lived tokens expire in 60 days (see [Long-Lived Access Tokens](https://developers.facebook.com/docs/facebook-login/guides/access-tokens/get-long-lived/)).
 - **X**: Access tokens don't expire (see [OAuth FAQ](https://developer.x.com/en/docs/authentication/faq)).
 - **Microsoft**: In [https://resources.azure.com](https://resources.azure.com), do the following steps:
     1. At the top of the page, select **Read/Write**.

articles/app-service/environment/zone-redundancy.md

@@ -89,7 +89,7 @@ To make your apps zone redundant, you need to deploy two zonal ILB ASEs. The two
 
 ILB ASEs deployed in an availability zone will only store customer data within the region where the zonal ILB ASE has been deployed. Both website file content and customer supplied settings and secrets stored in App Service remain within the region where the zonal ILB ASE is deployed.
 
-Customers ensure single region data residency by following the steps outlined earlier in the section "How to Deploy an App Service Environment in an Availability Zone". By configuring an App Service Environment according to these steps, an App Service Environment deployed in an availability zone satisfies in region data residency requirements including those specified in the [Azure Trust Center](https://azuredatacentermap.azurewebsites.net/).
+Customers ensure single region data residency by following the steps outlined earlier in the section "How to Deploy an App Service Environment in an Availability Zone". By configuring an App Service Environment according to these steps, an App Service Environment deployed in an availability zone satisfies in region data residency requirements including those specified in the [Microsoft Datacenters Explorer](https://datacenters.microsoft.com/globe/explore).
 
 Customers can validate that an App Service Environment is properly configured to store data in a single region by following these steps:
 

articles/application-gateway/application-gateway-components.md

@@ -5,7 +5,7 @@ services: application-gateway
 author: greg-lindsay
 ms.service: azure-application-gateway
 ms.topic: concept-article
-ms.date: 08/21/2020
+ms.date: 02/11/2025
 ms.author: greglin
 ---
 
@@ -43,7 +43,7 @@ A port is where a listener listens for the client request. You can configure por
 
 | SKU | Supported port range | Exception(s) |
 | ---------- | ---------- | ---------- |
-| V2 | 1 to 64999 | 22 |
+| V2 | 1 to 64999 | 22, 53 |
 | V1 | 1 to 65502 | 3389 |
 
 ### Protocols

articles/application-gateway/configuration-infrastructure.md

@@ -87,7 +87,9 @@ Depending on whether you're creating new resources or using existing ones, add t
 | Subnet | Use existing| Microsoft.Network/virtualNetworks/subnets/read<br>Microsoft.Network/virtualNetworks/subnets/join/action |
 | IP addresses| Create new| Microsoft.Network/publicIPAddresses/write<br>Microsoft.Network/publicIPAddresses/join/action |
 | IP addresses  | Use existing| Microsoft.Network/publicIPAddresses/read<br>Microsoft.Network/publicIPAddresses/join/action |
-| ApplicationGatewayWebApplicationFirewallPolicies | Create new / Update existing | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/write Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/join/action |
+| ApplicationGatewayWebApplicationFirewallPolicies | Create new / Update existing | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/write 
+Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/read 
+Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/join/action |
 
 For more information, see [Azure permissions for Networking](../role-based-access-control/permissions/networking.md) and [Virtual network permissions](../virtual-network/virtual-network-manage-subnet.md#permissions).
 ## Roles scope

articles/application-gateway/rewrite-http-headers-url.md

@@ -256,7 +256,7 @@ For a URL redirect, Application Gateway sends a redirect response to the client
 - Rewrites aren't supported when the application gateway is configured to redirect the requests or to show a custom error page.
 - Request header names can contain alphanumeric characters and hyphens. Headers names containing other characters will be discarded when a request is sent to the backend target.
 - Response header names can contain any alphanumeric characters and specific symbols as defined in [RFC 7230](https://tools.ietf.org/html/rfc7230#page-27).
-- Connection and upgrade headers cannot be rewritten
+- X-Original-Host, Connection, and upgrade headers cannot be rewritten
 - Rewrites aren't supported for 4xx and 5xx responses generated directly from Application Gateway
 
 ## Next steps

articles/azure-functions/functions-consumption-costs.md

@@ -1,7 +1,7 @@
 ---
 title: Estimating consumption-based costs in Azure Functions
 description: Learn how to better estimate the costs that you might incur when running your function app in either the Consumption plan or the Flex Consumption plan in Azure Functions.
-ms.date: 11/05/2024
+ms.date: 02/10/2025
 ms.topic: conceptual
 ms.custom:
   - build-2024
@@ -52,24 +52,24 @@ Consider a function app that is comprised only of HTTP triggers with and these b
 + HTTP triggers handle 10 concurrent requests.
 + The instance memory size setting is `2048 MB`. 
 + There are _no always ready instances configured_, which means the app can scale to zero.
-<!--- Update these example calculations after 12/1 based on GA pricing -->
+
 In a situation like this, the pricing depends more on the kind of work being done during code execution. Let's look at two workload scenarios:
 
 + **CPU-bound workload:** In a CPU-bound workload, there's no advantage to processing multiple requests in parallel in the same instance. This means that you're better off distributing each request to its own instance so requests complete as a quickly as possible without contention. In this scenario, you should set a low [HTTP trigger concurrency](./functions-concurrency.md#http-trigger-concurrency) of `1`. With 10 concurrent requests, the app scales to a steady state of roughly 10 instances, and each instance is continuously active processing one request at a time. 
 
-    Because the size of each instance is ~2 GB, the consumption for a single continuously active instance is `2 GB * 3600 s = 7200 GB-s`, which at the assumed on-demand execution rate (without any free grants applied) is `$0.1152 USD` per hour per instance. Because the CPU-bound app is scaled to 10 instance, the total hourly rate for execution time is `$1.152 USD`.
+    Because the size of each instance is ~2 GB, the consumption for a single continuously active instance is `2 GB * 3600 s = 7200 GB-s`. Assuming an on-demand execution rate of $0.000026 GB-s (without any free grants applied) becomes `$0.1872 USD` per hour per instance. Because the CPU-bound app is scaled to 10 instance, the total hourly rate for execution time is `$1.872 USD`.
 
-    Similarly, the on-demand per-execution charge (without any free grants) of 40 requests per second is equal to `40 * 3600 = 144,000` or 0.144 million executions per hour. The total (grant-free) hourly cost of executions is then `0.144 * $0.20`, which is `$0.0288` per hour.
+    Similarly, the on-demand per-execution charge (without any free grants) of 40 requests per second is equal to `40 * 3600 = 144,000` or `0.144 million` executions per hour. Assuming an on-demand rate of `$0.40` per million executions, the total (grant-free) hourly cost of executions is `0.144 * $0.40`, which is `$0.0576` per hour.
 
-    In this scenario, the total hourly cost of running on-demand on 10 instances is `$1.152 + $0.0288 = $1.1808 USD`.
+    In this scenario, the total hourly cost of running on-demand on 10 instances is `$1.872 + $0.0576s = $1.9296 USD`.
 
 + **IO bound workload:** In an IO-bound workload, most of the application time is spent waiting on incoming request, which might be limited by network throughput or other upstream factors. Because of the limited inputs, the code can process multiple operations concurrently without negative impacts. In this scenario, assume you can process all 10 concurrent requests on the same instance. 
 
-    Because consumption charges are based only on the memory of each active instance, the consumption charge calculation is simply `2 GB * 3600 s = 7200 GB-s`, which at the assumed on-demand execution rate (without any free grants applied) is `$0.1152 USD` per hour for the single instance.
+    Because consumption charges are based only on the memory of each active instance, the consumption charge calculation is simply `2 GB * 3600 s = 7200 GB-s`, which at the assumed on-demand execution rate (without any free grants applied) is `$0.1872 USD` per hour for the single instance.
 
-    As in the CPU-bound scenario, the on-demand per-execution charge (without any free grants) of 40 requests per second is equal to `40 * 3600 = 144,000` or 0.144 million executions per hour. In this case, the total (grant-free) hourly cost of executions `0.144 * $0.20`, which is `$0.0288` per hour.
+    As in the CPU-bound scenario, the on-demand per-execution charge (without any free grants) of 40 requests per second is equal to `40 * 3600 = 144,000` or 0.144 million executions per hour. In this case, the total (grant-free) hourly cost of executions `0.144 * $0.40`, which is `$0.0576` per hour.
 
-    In this scenario, the total hourly cost of running on-demand on a single instance is `$0.1152 + $0.0288 = $0.144 USD`. 
+    In this scenario, the total hourly cost of running on-demand on a single instance is `$0.1872 + $0.0576 = $0.245 USD`. 
 
 ### [Consumption plan](#tab/consumption-plan)
 

articles/azure-resource-manager/management/create-private-link-access-portal.md

@@ -2,7 +2,7 @@
 title: Create private link for managing resources - Azure portal
 description: Use Azure portal to create private link for managing resources.
 ms.topic: conceptual
-ms.date: 09/26/2024
+ms.date: 02/09/2025
 ---
 
 # Use portal to create private link for managing Azure resources
@@ -13,7 +13,7 @@ This article explains how to use [Azure Private Link](../../private-link/index.y
 
 ## Create resource management private link
 
-When you create a resource management private link, the private link association is automatically created for you.
+When you create a resource management private link, the portal automatically creates the private link association for you.
 
 1. In the [portal](https://portal.azure.com), search for **Resource management private links** and select it from the available options.