Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into nw-insights

Author: halkazwini

articles/confidential-computing/quick-create-confidential-vm-arm.md

@@ -173,7 +173,7 @@ Use this example to create a custom parameter file for a Linux-based confidentia
     New-MgServicePrincipal -AppId bf7b6499-ff71-4aa2-97a4-f372087be7f0 -DisplayName "Confidential VM Orchestrator"
     ```
 
-1. Set up your Azure key vault. For how to use an Azure Key Vault Managed HSM instead, see the next step.
+1. Set up your Azure Key Vault. For how to use an Azure Key Vault Managed HSM instead, see the next step.
 
     1. Create a resource group for your key vault. Your key vault instance and your confidential VM must be in the same Azure region.
 
@@ -198,7 +198,7 @@ Use this example to create a custom parameter file for a Linux-based confidentia
         az keyvault set-policy --name $KeyVault --object-id $cvmAgent.Id --key-permissions get release
         ```
 
-1. (Optional) If you don't want to use an Azure key vault, you can create an Azure Key Vault Managed HSM instead.
+1. (Optional) If you don't want to use an Azure Key Vault, you can create an Azure Key Vault Managed HSM instead.
 
     1. Follow the [quickstart to create an Azure Key Vault Managed HSM](/azure/key-vault/managed-hsm/quick-create-cli) to provision and activate Azure Key Vault Managed HSM.
     1. Enable purge protection on the Azure Managed HSM. This step is required to enable key release.

articles/container-apps/TOC.yml

@@ -390,10 +390,10 @@
       - name: Launch your first Java app
         items:
         - name: Dockerfile
-          href: /azure/developer/java/toolkit-for-intellij/java-get-started-dockerfile.md
+          href: /azure/developer/java/toolkit-for-intellij/java-get-started-dockerfile
           displayName: java
         - name: Github repository
-          href: /azure/developer/java/toolkit-for-intellij/java-get-started-github-repository.md
+          href: /azure/developer/java/toolkit-for-intellij/java-get-started-github-repository
           displayName: java
         - name: IntelliJ
           href: /azure/developer/java/toolkit-for-intellij/create-container-apps-intellij?toc=/azure/container-apps/toc.json&bc=/azure/container-apps/breadcrumb/toc.json

articles/digital-twins/how-to-send-twin-to-twin-events.md

@@ -4,7 +4,7 @@ titleSuffix: Azure Digital Twins
 description: Learn how to create a function in Azure for propagating events through the twin graph.
 author: baanders
 ms.author: baanders # Microsoft employees only
-ms.date: 06/21/2022
+ms.date: 03/10/2025
 ms.topic: how-to
 ms.service: azure-digital-twins
 ms.custom: devx-track-azurecli
@@ -17,25 +17,25 @@ ms.devlang: azurecli
 
 # Set up twin-to-twin event handling
 
-This article shows how to send events from twin to twin, so that when one digital twin in the graph is updated, related twins in the graph that are affected by this information can also update. This event handling will help you create a fully connected Azure Digital Twins graph, where data that arrives into Azure Digital Twins from external sources like IoT Hub is propagated through the entire graph.
+This article shows how to send events from twin to twin, so that when one digital twin in the graph is updated, related twins in the graph affected by this information can also update. This event handling helps you create a fully connected Azure Digital Twins graph, where data that arrives into Azure Digital Twins from external sources like IoT Hub is propagated through the entire graph.
 
-To set up this twin-to-twin event handling, you'll create an [Azure function](../azure-functions/functions-overview.md) that watches for twin life-cycle events. The function recognizes which events should affect other twins in the graph, and uses the event data to update the affected twins accordingly.
+To set up this twin-to-twin event handling, you create an [Azure function](../azure-functions/functions-overview.md) that watches for twin life-cycle events. The function recognizes which events should affect other twins in the graph, and uses the event data to update the affected twins accordingly.
 
 ## Prerequisites
 
-To set up twin-to-twin handling, you'll need an Azure Digital Twins instance to work with. For instructions on how to create an instance, see [Set up an Azure Digital Twins instance and authentication](./how-to-set-up-instance-portal.md). The instance should contain at least two twins that you want to send data between.
+To set up twin-to-twin handling, you need an Azure Digital Twins instance to work with. For instructions on how to create an instance, see [Set up an Azure Digital Twins instance and authentication](./how-to-set-up-instance-portal.md). The instance should contain at least two twins that you want to send data between.
 
-Optionally, you may want to set up [automatic telemetry ingestion through IoT Hub](how-to-ingest-iot-hub-data.md) for your twins as well. This process isn't required to send data from twin to twin, but it's an important piece of a complete solution where the twin graph is driven by live device telemetry.
+Optionally, you might want to set up [automatic telemetry ingestion through IoT Hub](how-to-ingest-iot-hub-data.md) for your twins as well. This process isn't required to send data from twin to twin, but it's an important piece of a complete solution where live device telemetry drives the twin graph.
 
 ## Send twin events to an endpoint
 
-To set up twin-to-twin event handling, start by creating an *endpoint* in Azure Digital Twins and a *route* to that endpoint. Twins undergoing an update will use the route to send information about their update events to the endpoint (where Event Grid can pick them up later and pass them to an Azure function for processing).
+To set up twin-to-twin event handling, start by creating an *endpoint* in Azure Digital Twins and a *route* to that endpoint. Twins undergoing an update use the route to send information about their update events to the endpoint (where Event Grid can pick them up later and pass them to an Azure function for processing).
 
 [!INCLUDE [digital-twins-twin-to-twin-resources.md](../../includes/digital-twins-twin-to-twin-resources.md)]
 
 ## Create Azure function to update twins
 
-Next, create an Azure function that will listen on the endpoint and receive twin events that are sent there via the route. The logic of the function should use the information in the events to determine what other twins need to be updated and then perform the updates.
+Next, create an Azure function that listens on the endpoint and receive twin events that are sent there via the route. The logic of the function should use the information in the events to determine what other twins need to be updated and then perform the updates.
 
 1. First, create a new Azure Functions project. 
 
@@ -53,23 +53,23 @@ Next, create an Azure function that will listen on the endpoint and receive twin
 
     For instructions on how to publish the function using **Visual Studio**, see [Develop Azure Functions using Visual Studio](../azure-functions/functions-develop-vs.md#publish-to-azure). For instructions on how to publish the function using **Visual Studio Code**, see [Create a C# function in Azure using Visual Studio Code](../azure-functions/create-first-function-vs-code-csharp.md?tabs=in-process#publish-the-project-to-azure). For instructions on how to publish the function using the **Azure CLI**, see [Create a C# function in Azure from the command line](../azure-functions/create-first-function-cli-csharp.md?tabs=azure-cli%2Cin-process#deploy-the-function-project-to-azure).
 
-Once the process of publishing the function completes, you can use this Azure CLI command to verify the publish was successful. There are placeholders for your resource group, the name of your function app, and the name of your specific function. The command will print information about your function.
+Once the process of publishing the function completes, you can use this Azure CLI command to verify the publish was successful. There are placeholders for your resource group, the name of your function app, and the name of your specific function. The command prints information about your function.
 
 ```azurecli-interactive
 az functionapp function show --resource-group <your-resource-group> --name <your-function-app> --function-name <your-function>
 ```
 
 ### Configure the function app
 
-Before your function can access Azure Digital Twins, it needs some information about the instance and permission to access it. In this section, you'll assign an access role for the function and configure the application settings so that it can find and access the instance.
+Before your function can access Azure Digital Twins, it needs some information about the instance and permission to access it. In this section, you assign an access role for the function and configure the application settings so that it can find and access the instance.
 
 [!INCLUDE [digital-twins-configure-function-app-cli.md](../../includes/digital-twins-configure-function-app-cli.md)]
 
 ## Connect the function to the endpoint
 
-Next, subscribe your Azure function to the Event Grid endpoint you created earlier. Doing so will ensure that data can flow from an updated twin through the Event Grid topic to the function, which can use the event information to update other twins as needed.
+Next, subscribe your Azure function to the Event Grid endpoint you created earlier. Doing so ensures that data can flow from an updated twin through the Event Grid topic to the function, which can use the event information to update other twins as needed.
 
-To subscribe your Azure function, you'll create an *Event Grid subscription* that sends data from the Event Grid topic that you created earlier to your Azure function.
+To subscribe your Azure function, you create an *Event Grid subscription* that sends data from the Event Grid topic that you created earlier to your Azure function.
 
 Use the following CLI command, filling in placeholders for your subscription ID, resource group, function app, and function name.
 

articles/iot-operations/deploy-iot-ops/howto-enable-secure-settings.md

@@ -35,7 +35,7 @@ This article provides instructions for enabling secure settings if you didn't do
 
 ## Enable the cluster for secure settings
 
-To enable secrets synchronization for your Azure IoT Operations instance, your cluster must be enabled as an OIDC issuer and for workload identity federation. This configuration is required for the Secret Store extension to sync the secrets from an Azure key vault and store them on the edge as Kubernetes secrets.
+To enable secrets synchronization for your Azure IoT Operations instance, your cluster must be enabled as an OIDC issuer and for workload identity federation. This configuration is required for the Secret Store extension to sync the secrets from an Azure Key Vault and store them on the edge as Kubernetes secrets.
 
 For Azure Kubernetes Service (AKS) clusters, the OIDC issuer and workload identity features can be enabled only at the time of cluster creation. For clusters on AKS Edge Essentials, the automated script enables these features by default. For AKS clusters on Azure Local, follow the steps to [Deploy and configure workload identity on an AKS enabled by Azure Arc cluster](/azure/aks/aksarc/workload-identity) to create a new cluster if you don't have one with the required features.
 
@@ -85,16 +85,16 @@ For k3s clusters on Kubernetes, you can update an existing cluster. To enable an
 
 ## Set up secrets management
 
-Secrets management for Azure IoT Operations uses the Secret Store extension to sync the secrets from an Azure key vault and store them on the edge as Kubernetes secrets. The Secret Store extension requires a user-assigned managed identity with access to the Azure key vault where secrets are stored. To learn more, see [What are managed identities for Azure resources?](/entra/identity/managed-identities-azure-resources/overview).
+Secrets management for Azure IoT Operations uses the Secret Store extension to sync the secrets from an Azure Key Vault and store them on the edge as Kubernetes secrets. The Secret Store extension requires a user-assigned managed identity with access to the Azure Key Vault where secrets are stored. To learn more, see [What are managed identities for Azure resources?](/entra/identity/managed-identities-azure-resources/overview).
 
 To set up secrets management:
 
-1. [Create an Azure key vault](/azure/key-vault/secrets/quick-create-cli#create-a-key-vault) that's used to store secrets, and [give your user account permissions to manage secrets](/azure/key-vault/secrets/quick-create-cli#give-your-user-account-permissions-to-manage-secrets-in-key-vault) with the `Key Vault Secrets Officer` role.
+1. [Create an Azure Key Vault](/azure/key-vault/secrets/quick-create-cli#create-a-key-vault) that's used to store secrets, and [give your user account permissions to manage secrets](/azure/key-vault/secrets/quick-create-cli#give-your-user-account-permissions-to-manage-secrets-in-key-vault) with the `Key Vault Secrets Officer` role.
 1. [Create a user-assigned managed identity](/entra/identity/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-azp#create-a-user-assigned-managed-identity) for the *secret store* extension to use to access the key vault.
 1. Use the [az iot ops secretsync enable](/cli/azure/iot/ops/secretsync#az-iot-ops-secretsync-enable) command to set up the Azure IoT Operations instance for secret synchronization. This command:
 
     - Creates a federated identity credential by using the user-assigned managed identity.
-    - Adds a role assignment to the user-assigned managed identity for access to the Azure key vault.
+    - Adds a role assignment to the user-assigned managed identity for access to the Azure Key Vault.
     - Adds a minimum secret provider class associated with the Azure IoT Operations instance.
 
     # [Bash](#tab/bash)

articles/logic-apps/secure-single-tenant-workflow-virtual-network-private-endpoint.md

@@ -132,6 +132,7 @@ To secure outbound traffic from your logic app, you can integrate your logic app
   |-------------|------------------|--------|-------------|----------|---------|
   | * | 443 | Subnet integrated with Standard logic app | Storage account | TCP | Storage account |
   | * | 445 | Subnet integrated with Standard logic app | Storage account | TCP | Server Message Block (SMB) File Share |
+  | * | 20000-30000 | Subnet integrated with Standard logic app | Worker process | TCP | Communication between App Service Plan and Standard logic app nodes |
 
 - For Azure-hosted managed connectors to work, you need to have an uninterrupted connection to the managed API service. With virtual network integration, make sure that no firewall or network security policy blocks these connections. If your virtual network uses a network security group (NSG), user-defined route table (UDR), or a firewall, make sure that the virtual network allows outbound connections to [all managed connector IP addresses](/connectors/common/outbound-ip-addresses#azure-logic-apps) in the corresponding region. Otherwise, Azure-managed connectors won't work.
 

articles/network-watcher/frequently-asked-questions.yml

@@ -9,7 +9,7 @@ metadata:
   ms.date: 03/10/2025
 title: "Network Watcher frequently asked questions (FAQ)"
 summary: |
-  This article provides answers to the most frequently asked questions asked about Azure Network Watcher.
+  This article provides answers to the most frequently asked questions about Azure Network Watcher.
   
 
 sections: