Merge pull request #97694 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)

Author: huypub

articles/active-directory/authentication/active-directory-certificate-based-authentication-get-started.md

@@ -41,6 +41,9 @@ To configure certificate-based authentication, the following statements must be
 - Your client device must have access to at least one certificate authority that issues client certificates.
 - A client certificate for client authentication must have been issued to your client.
 
+>[!IMPORTANT]
+>The maximum size of a CRL for Azure Active Directory to successfully download and cache is 20MB, and the time required to download the CRL must not exceed 10 seconds.  If Azure Active Directory can't download a CRL, certificate based authentications using certificates issued by the corresponding CA will fail. Best practices to ensure CRL files are within size constraints are to keep certificate lifetimes to within reasonable limits and to clean up expired certificates. 
+
 ## Step 1: Select your device platform
 
 As a first step, for the device platform you care about, you need to review the following:

articles/azure-arc/servers/quickstart-onboard-powershell.md

@@ -169,15 +169,15 @@ Upon successful completion, your machine is connected to Azure. You can view you
 For **Linux**, if the server requires a proxy server, you can either:
 
 * Run the `install_linux_hybrid_agent.sh` script from the [Install the Agent](#download-and-install-the-agent) section above, with `--proxy`.
-* If you have already installed the agent, execute the command `/opt/azcmagent/bin/hybridrp_proxy add https://{proxy-url}:{proxy-port}`, which configures the proxy and restarts the agent.
+* If you have already installed the agent, execute the command `/opt/azcmagent/bin/hybridrp_proxy add http://{proxy-url}:{proxy-port}`, which configures the proxy and restarts the agent.
 
 #### Windows
 
 For **Windows**, if the server requires proxy server for access to internet resources, you should run the command below to set the proxy server environment variable. This allows the agent to use proxy server for internet access.
 
 ```powershell
 # If a proxy server is needed, execute these commands with actual proxy URL
-[Environment]::SetEnvironmentVariable("https_proxy", "{https:\\proxy-url:proxyport}", "Machine")
+[Environment]::SetEnvironmentVariable("https_proxy", "http://{proxy-url}:{proxy-port}", "Machine")
 $env:https_proxy = [System.Environment]::GetEnvironmentVariable("https_proxy","Machine")
 # The agent service needs to be restarted after the proxy environment variable is set in order for the changes to take effect.
 Restart-Service -Name himds

articles/azure-monitor/app/java-trace-logs.md

@@ -18,28 +18,41 @@ If you're using Logback or Log4J (v1.2 or v2.0) for tracing, you can have your t
 
 ## Using the Application Insights Java agent
 
-You can configure the Application Insights Java agent to automatically capture your logs,
-by enabling the feature in the `AI-Agent.xml` file:
+By default, the Application Insights Java agent automatically captures logging performed at `WARN` level and above.
+
+You can change the threshold of logging that is captured using the `AI-Agent.xml` file:
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<ApplicationInsightsAgent>
+   <Instrumentation>
+      <BuiltIn>
+         <Logging threshold="info"/>
+      </BuiltIn>
+   </Instrumentation>
+</ApplicationInsightsAgent>
+```
+
+You can disable the Java agent's logging capture using the `AI-Agent.xml` file:
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <ApplicationInsightsAgent>
    <Instrumentation>
-      <BuiltIn enabled="true">
-         <Logging enabled="true" />
+      <BuiltIn>
+         <Logging enabled="false"/>
       </BuiltIn>
    </Instrumentation>
-   <AgentLogger />
 </ApplicationInsightsAgent>
 ```
 
-Alternatively, you can follow the instructions below.
+## Alternatively (as opposed to using the Java agent), you can follow the instructions below
 
-## Install the Java SDK
+### Install the Java SDK
 
 Follow the instructions to install [Application Insights SDK for Java][java], if you haven't already done that.
 
-## Add logging libraries to your project
+### Add logging libraries to your project
 *Choose the appropriate way for your project.*
 
 #### If you're using Maven...
@@ -120,7 +133,7 @@ Follow the guidelines to manually install Application Insights Java SDK, downloa
 | Log4j v1.2 |[Log4J v1.2 appender Jar](https://search.maven.org/#search%7Cga%7C1%7Ca%3A%22applicationinsights-logging-log4j1_2%22) |applicationinsights-logging-log4j1_2 |
 
 
-## Add the appender to your logging framework
+### Add the appender to your logging framework
 To start getting traces, merge the relevant snippet of code to the Log4J or Logback configuration file: 
 
 *Logback*

articles/frontdoor/front-door-faq.md

@@ -175,6 +175,8 @@ The following are the current cipher suites supported by Azure Front Door Servic
 - TLS_RSA_WITH_AES_128_CBC_SHA256
 - TLS_RSA_WITH_AES_256_CBC_SHA
 - TLS_RSA_WITH_AES_128_CBC_SHA
+- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
 
 ### Does Azure Front Door Service also support re-encryption of traffic to the backend?
 

articles/frontdoor/front-door-http-headers-protocol.md

@@ -38,6 +38,7 @@ Front Door Service includes headers from an incoming request unless removed beca
 | X-Forwarded-For | X-Forwarded-For: 127.0.0.1 </br> The X-Forwarded-For (XFF) HTTP header field often identifies the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer. If there's an existing XFF header, then Front Door appends the client socket IP to it or adds the XFF header with the client socket IP. |
 | X-Forwarded-Host | X-Forwarded-Host: contoso.azurefd.net </br> The X-Forwarded-Host HTTP header field is a common method used to identify the original host requested by the client in the Host HTTP request header. This is because the host name from Front Door may differ for the backend server handling the request. |
 | X-Forwarded-Proto | X-Forwarded-Proto: http </br> The X-Forwarded-Proto HTTP header field is often used to identify the originating protocol of an HTTP request because Front Door, based on configuration, might communicate with the backend by using HTTPS. This is true even if the request to the reverse proxy is HTTP. |
+| X-FD-HealthProbe | X-FD-HealthProbe HTTP header field is used to identify the health probe from Front Door. If this header set to 1, the request is health probe. You can use when want to strict access from paticular Front Door with X-Forwarded-Host header field. |
 
 ## Front Door Service to client
 
@@ -53,4 +54,4 @@ Any headers sent to Front Door from the backend are also passed through to the c
 - [How Front Door works](front-door-routing-architecture.md)
 
 <!--Image references-->
-[1]: ./media/front-door-http-headers-protocol/front-door-protocol-summary.png
+[1]: ./media/front-door-http-headers-protocol/front-door-protocol-summary.png

articles/marketplace/marketplace-commercial-transaction-capabilities-and-considerations.md

@@ -63,7 +63,7 @@ Depending on the transaction option used, the publisher's software license fees
 
 * Pay-as-you-go: Software license fees are presented as a per-hour, per-core (vCPU) pricing rate based on the Azure infrastructure used. This only applies to Virtual Machines and Azure Applications.
 
-* •	Subscription pricing: Software license fees are presented as a monthly or annual, recurring fee billed as a flat rate or per-seat. This only applies to SaaS Apps and Azure Applications - Managed Apps.
+* Subscription pricing: Software license fees are presented as a monthly or annual, recurring fee billed as a flat rate or per-seat. This only applies to SaaS Apps and Azure Applications - Managed Apps.
 
 * Free software trial: No charge for software licenses for 30-days or 90-days.
 

includes/virtual-wan-faq-include.md

@@ -32,8 +32,6 @@ No. You can use any VPN-capable device that adheres to the Azure requirements fo
 
 ### How do Virtual WAN partners automate connectivity with Azure Virtual WAN?
 
-Software-defined connectivity solutions typically manage their branch devices using a controller, or a device provisioning center. The controller can use Azure APIs to automate connectivity to the Azure Virtual WAN. For more information, see Virtual WAN partner automation.
-
 Software-defined connectivity solutions typically manage their branch devices using a controller, or a device provisioning center. The controller can use Azure APIs to automate connectivity to the Azure Virtual WAN. The automation includes uploading branch information, downloading the Azure configuration, setting up IPSec tunnels into Azure Virtual hubs, and automatically setting up connectivity form the branch device to Azure Virtual WAN. When you have hundreds of branches, connecting using Virtual WAN CPE Partners is easy because the onboarding experience takes away the need to set up, configure, and manage large-scale IPsec connectivity. For more information, see [Virtual WAN partner automation](../articles/virtual-wan/virtual-wan-configure-automation-providers.md).
 
 ### Am I required to use a preferred partner device?