Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into gwerror

Author: MekaylaMoore

articles/api-management/api-management-howto-integrate-internal-vnet-appgateway.md

@@ -8,7 +8,7 @@ author: dlepow
 ms.service: azure-api-management
 ms.topic: how-to
 ms.author: danlep
-ms.date: 04/17/2023
+ms.date: 04/17/2025
 ms.custom: engagement-fy23, devx-track-azurepowershell
 ---
 # Integrate API Management in an internal virtual network with Application Gateway
@@ -50,7 +50,7 @@ To follow the steps described in this article, you must have:
 
 ## Scenario
 
-In this article, you learn how to use a single API Management instance for internal and external consumers and make it act as a single front end for both on-premises and cloud APIs. You create an API Management instance of the newer single-tenant version 2 (stv2) type. You learn how to use public and private listeners in Application Gateway. You understand how to expose only a subset of your APIs for external consumption by using routing functionality available in Application Gateway. In the example, the APIs are highlighted in green.
+In this article, you learn how to use a single API Management instance for internal and external consumers and make it act as a single front end for both on-premises and cloud APIs. You create an API Management instance and deploy it in an Azure virtual network. You learn how to use public and private listeners in Application Gateway. You understand how to expose only a subset of your APIs for external consumption by using routing functionality available in Application Gateway. In the example, the APIs are highlighted in green.
 
 In the first setup example, all your APIs are managed only from within your virtual network. Internal consumers can access all your internal and external APIs. Traffic never goes out to the internet. High-performance connectivity can be delivered via Azure ExpressRoute circuits. In the example, the internal consumers are highlighted in orange.
 
@@ -170,7 +170,7 @@ The following example shows how to create a virtual network by using Resource Ma
         "nsg-agw" -SecurityRules $appGwRule1, $appGwRule2
     ```
     
-1. Create a network security group (NSG) and NSG rules for the API Management subnet. [API Management stv2 requires several specific NSG rules](api-management-using-with-internal-vnet.md#enable-vnet-connection).
+1. Create a network security group (NSG) and NSG rules for the API Management subnet. [API Management requires several specific NSG rules](api-management-using-with-internal-vnet.md#enable-vnet-connection).
 
     ```powershell
     $apimRule1 = New-AzNetworkSecurityRuleConfig -Name APIM-Management -Description "APIM inbound" `
@@ -223,7 +223,7 @@ The following example shows how to create a virtual network by using Resource Ma
 
 The following example shows how to create an API Management instance in a virtual network configured for internal access only.
 
-1. API Management stv2 requires a public IP with a unique `DomainNameLabel`.
+1. API Management requires a public IP with a unique `DomainNameLabel`.
 
     ```powershell
     $apimPublicIpAddressId = New-AzPublicIpAddress -ResourceGroupName $resGroupName -name "pip-apim" -location $location `

articles/api-management/api-management-howto-ip-addresses.md

@@ -133,7 +133,7 @@ In the Developer, Basic, Standard, and Premium tiers of API Management, the publ
 * The service subscription is disabled or warned (for example, for nonpayment) and then reinstated. [Learn more about subscription states](/azure/cost-management-billing/manage/subscription-states)
 * (Developer and Premium tiers) Azure Virtual Network is added to or removed from the service.
 * (Developer and Premium tiers) API Management service is switched between external and internal VNet deployment mode.
-* (Developer and Premium tiers) API Management service is moved to a different subnet, [migrated](migrate-stv1-to-stv2.md) from the `stv1` to the `stv2` compute platform, or configured with a different public IP address resource.
+* (Developer and Premium tiers) API Management service is moved to a different subnet or configured with a different public IP address resource.
 * (Premium tier) [Availability zones](../reliability/migrate-api-mgt.md) are enabled, added, or removed.
 * (Premium tier) In [multi-regional deployments](api-management-howto-deploy-multi-region.md), the regional IP address changes if a region is vacated and then reinstated.
 

articles/api-management/api-management-using-with-internal-vnet.md

@@ -5,7 +5,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 05/15/2024
+ms.date: 04/17/2025
 ms.author: danlep
 ---
 
@@ -46,7 +46,7 @@ For configurations specific to the *external* mode, where the API Management end
 
 ## Enable VNet connection
 
-### Enable VNet connectivity using the Azure portal (`stv2` platform)
+### Enable VNet connectivity using the Azure portal
 
 1. Go to the [Azure portal](https://portal.azure.com) to find your API management instance. Search for and select **API Management services**.
 1. Choose your API Management instance.
@@ -68,16 +68,12 @@ After successful deployment, you should see your API Management service's **priv
 > [!NOTE]
 > Since the gateway URL is not registered on the public DNS, the test console available on the Azure portal will not work for an **internal** VNet deployed service. Instead, use the test console provided on the **developer portal**.
 
-### Enable connectivity using a Resource Manager template (`stv2` platform)
+### Enable connectivity using a Resource Manager template
 
 * Azure Resource Manager [template](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.apimanagement/api-management-create-with-internal-vnet-publicip) (API version 2021-08-01 )
 
      :::image type="content" source="~/reusable-content/ce-skilling/azure/media/template-deployments/deploy-to-azure-button.svg" alt-text="Button to deploy the Resource Manager template to Azure." border="false" link="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.apimanagement%2Fapi-management-create-with-internal-vnet-publicip%2Fazuredeploy.json":::
 
-### Enable connectivity using Azure PowerShell cmdlets (`stv1` platform)
-
-[Create](/powershell/module/az.apimanagement/new-azapimanagement) or [update](/powershell/module/az.apimanagement/update-azapimanagementregion) an API Management instance in a VNet.
-
 [!INCLUDE [api-management-recommended-nsg-rules](../../includes/api-management-recommended-nsg-rules.md)]
 
 ## DNS configuration

articles/api-management/api-management-using-with-vnet.md

@@ -32,7 +32,7 @@ For configurations specific to the *internal* mode, where the endpoints are acce
 
 ## Enable VNet connection
 
-### Enable VNet connectivity using the Azure portal (`stv2` compute platform)
+### Enable VNet connectivity using the Azure portal
 
 1. Go to the [Azure portal](https://portal.azure.com) to find your API management instance. Search for and select **API Management services**.
 1. Choose your API Management instance.
@@ -53,16 +53,13 @@ For configurations specific to the *internal* mode, where the endpoints are acce
 
 1. In the top navigation bar, select **Save**.
 
-### Enable connectivity using a Resource Manager template (`stv2` compute platform)
+### Enable connectivity using a Resource Manager template
 
 * Azure Resource Manager [template](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.apimanagement/api-management-create-with-external-vnet-publicip) (API version 2021-08-01)
 
      :::image type="content" source="~/reusable-content/ce-skilling/azure/media/template-deployments/deploy-to-azure-button.svg" alt-text="Button to deploy the Resource Manager template to Azure." border="false" link="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.apimanagement%2Fapi-management-create-with-external-vnet-publicip%2Fazuredeploy.json":::
 
 
-### Enable connectivity using Azure PowerShell cmdlets (`stv1` platform)
-
-[Create](/powershell/module/az.apimanagement/new-azapimanagement) or [update](/powershell/module/az.apimanagement/update-azapimanagementregion) an API Management instance in a VNet.
 
 [!INCLUDE [api-management-recommended-nsg-rules](../../includes/api-management-recommended-nsg-rules.md)]
 

articles/api-management/backends.md

@@ -334,3 +334,4 @@ Include a JSON snippet similar to the following in your ARM template for a load-
 * Blog: [Using Azure API Management circuit breaker and load balancing with Azure OpenAI Service](https://techcommunity.microsoft.com/t5/fasttrack-for-azure/using-azure-api-management-circuit-breaker-and-load-balancing/ba-p/4041003)
 * Set up a [Service Fabric backend](how-to-configure-service-fabric-backend.yml) using the Azure portal.
 * Quickstart [Create a Backend Pool in Azure API Management using Bicep for load balance OpenAI requests](https://github.com/Azure-Samples/apim-lbpool-openai-quickstart)
+* See [Azure API Management as an Event Grid source](/azure/event-grid/event-schema-api-management) for information about Event Grid events that are generated by the gateway when a circuit breaker is tripped or reset. Use these events to take action before backend issues escalate. 

articles/api-management/how-to-event-grid.md

@@ -5,7 +5,7 @@ author: dlepow
 ms.topic: how-to
 ms.service: azure-api-management
 ms.author: danlep
-ms.date: 11/2/2021
+ms.date: 05/07/2025
 ms.custom: devx-track-azurecli
 ---
 
@@ -15,12 +15,19 @@ ms.custom: devx-track-azurecli
 
 API Management integrates with [Azure Event Grid](../event-grid/overview.md) so that you can send event notifications to other services and trigger downstream processes. Event Grid is a fully managed event routing service that uses a publish-subscribe model. Event Grid has built-in support for Azure services like [Azure Functions](../azure-functions/functions-overview.md) and [Azure Logic Apps](../logic-apps/logic-apps-overview.md), and can deliver event alerts to non-Azure services using webhooks.
 
+You can subscribe to the following types of API Management events:
+
+* **Control plane events**: These events are generated when you create, update, or delete certain API Management resources. For example, you can receive an event when a new user or new product is created in your API Management instance.
+* **Data plane events** (preview): These events are generated  during operation of the API Management gateway. Currently, API Management can generate events for [backend circuit breakers](backends.md#circuit-breaker) and for the lifecycle of self-hosted gateway [access tokens](self-hosted-gateway-overview.md#authentication-options).
+
+For a complete list of available events, see the [Event Grid schema for API Management](../event-grid/event-schema-api-management.md).
+
+:::image type="content" source="media/how-to-event-grid/event-grid-intro.png" alt-text="Diagram of API Management integration with Event Grid.":::
+
 For example, using integration with Event Grid, you can build an application that updates a database, creates a billing account, and sends an email notification each time a user is added to your API Management instance.
 
 In this article, you subscribe to Event Grid events in your API Management instance, trigger events, and send the events to an endpoint that processes the data. To keep it simple, you send events to a sample web app that collects and displays the messages:
 
-:::image type="content" source="media/how-to-event-grid/event-grid-viewer-intro.png" alt-text="API Management events in Event Grid viewer":::
-
 [!INCLUDE [azure-cli-prepare-your-environment.md](~/reusable-content/azure-cli/azure-cli-prepare-your-environment.md)]
 - If you don't already have an API Management service, complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md)
 - Enable a [system-assigned managed identity](api-management-howto-use-managed-service-identity.md#create-a-system-assigned-managed-identity) in your API Management instance.

articles/api-management/integrate-vnet-outbound.md

@@ -48,7 +48,7 @@ If you want to inject a Premium v2 (preview) API Management instance into a virt
 
 ### Network security group
 
-A network security group must be associated with the subnet. Configure any network security group rules that you need for the gateway to access your API backends. To set up a network security group, see [Create a network security group](../virtual-network/manage-network-security-group.md).
+A network security group must be associated with the subnet. Configure any network security group rules that you need for the gateway to access your API backends. Network security groups (NSG) can also be used to block outbound traffic to the internet and access only resources in your virtual network. To set up a network security group, see [Create a network security group](../virtual-network/manage-network-security-group.md).
 
 ### Subnet delegation
 

articles/api-management/media/how-to-event-grid/event-grid-intro.png

@@ -1,12 +1,12 @@
 ---
-title: Defend API Management against DDoS attacks 
+title: Defend API Management Against DDoS Attacks 
 description: Learn how to protect your API Management instance in an external virtual network against volumetric and protocol DDoS attacks by using Azure DDoS Protection.
 services: api-management
 author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 01/24/2023
+ms.date: 04/17/2025
 ms.author: danlep
 ---
 # Defend your Azure API Management instance against DDoS attacks
@@ -34,9 +34,8 @@ Enabling Azure DDoS Protection for API Management is supported only for instance
 
 * An API Management instance
     * The instance must be deployed in an Azure VNet in [external mode](api-management-using-with-vnet.md) or [internal mode](api-management-using-with-internal-vnet.md).
-    * The instance must be configured with an Azure public IP address resource, which is supported only on the API Management `stv2` [compute platform](compute-infrastructure.md). 
-        > [!NOTE]
-        > If the instance is hosted on the `stv1` platform, you must [migrate](compute-infrastructure.md#how-do-i-migrate-to-the-stv2-platform) to the `stv2` platform.
+    * The instance must be configured with an Azure public IP address resource.
+
 * An Azure DDoS Protection [plan](../ddos-protection/manage-ddos-protection.md)
     * The plan you select can be in the same, or different, subscription than the virtual network and the API Management instance. If the subscriptions differ, they must be associated to the same Microsoft Entra tenant.
     * You may use a plan created using either the Network DDoS protection SKU or IP DDoS Protection SKU. See [Azure DDoS Protection SKU Comparison](../ddos-protection/ddos-protection-sku-comparison.md).