Merge branch 'main' into release-ga-lbcd

Author: v-alje

articles/api-management/api-management-capacity.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 04/17/2025
+ms.date: 06/16/2025
 ms.author: danlep
 ms.custom:
   - fasttrack-edit
@@ -42,6 +42,9 @@ In the v2 tiers, the following metrics are available:
 
 * **Memory Percentage of Gateway** - The percentage of memory capacity used by the gateway units.
 
+    > [!NOTE]
+    > Currently, the Memory Percentage of Gateway metric isn't supported in the Premium v2 tier.
+
 Available aggregations for these metrics are as follows.
 
 * **Avg** - Average percentage of capacity used across gateway processes in every [unit](upgrade-and-scale.md) of an API Management instance. 

articles/api-management/api-management-howto-autoscale.md

@@ -13,7 +13,7 @@ ms.custom: engagement-fy23
 
 # Automatically scale an Azure API Management instance
 
-[!INCLUDE [api-management-availability-premium-standard-basic](../../includes/api-management-availability-premium-standard-basic.md)]
+[!INCLUDE [api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2](../../includes/api-management-availability-premium-standard-basic-premiumv2-standardv2-basicv2.md)]
 
 An Azure API Management service instance can scale automatically based on a set of rules. This behavior can be enabled and configured through [Azure Monitor autoscale](/azure/azure-monitor/autoscale/autoscale-overview#supported-services-for-autoscale).
 
@@ -64,7 +64,7 @@ Follow these steps to configure autoscale for an Azure API Management service:
     |-----------------------|-------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
     | Metric source         | Current resource  | Define the rule based on the current API Management resource metrics.                                                                                                                                                                                                     |
     | *Criteria*            |                   |                                                                                                                                                                                                                                                                                 |
-    | Metric name           | Capacity          | [Capacity metric](api-management-capacity.md) is an API Management metric reflecting usage of resources by an Azure API Management instance.                                                                                                                                                            |
+    | Metric name           | Capacity          | [Capacity metric](api-management-capacity.md) is one of the API Management metrics reflecting usage of resources by an Azure API Management instance. Choose a capacity metric supported in your API Management service tier.                                                                                                                                                           |
     | Location | Select the primary location of the API Management instance | |
     | Operator              | Greater than      |                                                                                                                                                                                                                                                                                 |
     | Metric threshold             | 70%               | The threshold for the averaged capacity metric. For considerations on setting this threshold, see [Using capacity for scaling decisions](api-management-capacity.md#use-capacity-for-scaling-decisions).                                                                                                                                                                                                                               |

articles/api-management/developer-portal-overview.md

@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: concept-article
-ms.date: 04/28/2025
+ms.date: 06/04/2025
 ms.author: danlep 
 ---
 
@@ -64,9 +64,9 @@ If you're accessing the portal for the first time, the portal includes placehold
 For a step-by-step walkthrough of customizing and publishing the developer portal, see [Tutorial: Access and customize the developer portal](api-management-howto-developer-portal-customize.md).
 
 > [!IMPORTANT]
-> * Access to the developer portal by API publishers and consumers requires network connectivity to both the developer portal's endpoint (default: `https://<apim-instance-name>.portal.azure-api.net`) and the API Management instance's management endpoint (default: `https://<apim-instance-name>.management.azure-api.net`).
+> * Access to the developer portal by API publishers and consumers requires network connectivity to the developer portal's endpoint (default: `https://<apim-instance-name>.portal.azure-api.net`).
 > * Publishing the developer portal requires additional connectivity to blob storage managed by API Management in the West US region. 
-> * If the API Management instance is deployed in a VNet, ensure that the hostnames of the developer portal and management endpoint resolve properly and that you enable connectivity to required dependencies for the developer portal. [Learn more](virtual-network-reference.md).
+> * If the API Management instance is deployed in a VNet, ensure that the hostname of the developer portal resolves properly and that you enable connectivity to required dependencies for the developer portal. [Learn more](virtual-network-reference.md).
 
 ### Visual editor
 
@@ -268,4 +268,4 @@ Learn more about the developer portal:
 Browse other resources:
 
 - [GitHub repository with the source code](https://github.com/Azure/api-management-developer-portal)
-- [Frequently asked questions about the developer portal](developer-portal-faq.md)
+- [Frequently asked questions about the developer portal](developer-portal-faq.md)

articles/api-management/v2-service-tiers-overview.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: concept-article
-ms.date: 05/09/2025
+ms.date: 06/16/2025
 ms.author: danlep
 ms.custom:
   - references_regions
@@ -77,7 +77,6 @@ The following API Management capabilities are currently unavailable in the v2 ti
 * Multiple custom domain names 
 * Capacity metric - *replaced by CPU Percentage of Gateway and Memory Percentage of Gateway metrics*
 * Built-in analytics - *replaced by Azure Monitor-based dashboard*
-* Autoscaling
 * Upgrade to v2 tiers from classic tiers 
 * CA Certificates
 * Sending events to Event Grid

articles/api-management/validate-client-certificate-policy.md

@@ -54,11 +54,11 @@ For more information about custom CA certificates and certificate authorities, s
 
 | Name                            | Description      | Required |  Default    |
 | ------------------------------- | -----------------| -------- | ----------- |
-| validate-revocation  | Boolean. Specifies whether certificate is validated against online revocation list. Policy expressions aren't allowed.  | No  | `true`  |
-| validate-trust | Boolean. Specifies if validation should fail in case chain cannot be successfully built up to trusted CA. Policy expressions aren't allowed. | No | `true` |
-| validate-not-before | Boolean. Validates value against current time. Policy expressions aren't allowed.| No | `true` |
-| validate-not-after  | Boolean. Validates value against current time. Policy expressions aren't allowed.| No | `true`|
-| ignore-error  | Boolean. Specifies if policy should proceed to the next handler or jump to on-error upon failed validation. Policy expressions aren't allowed. | No | `false` |
+| validate-revocation | Boolean. Specifies whether certificate is validated against online revocation list. Policy expressions aren't allowed. | No  | `true`  |
+| validate-trust| Boolean. Specifies if validation should fail in case chain cannot be successfully built up to trusted CA. Policy expressions aren't allowed. | No | `true` |
+| validate-not-before | Boolean. Validates value against current time. Policy expressions aren't allowed.| No| `true` |
+| validate-not-after | Boolean. Validates value against current time. Policy expressions aren't allowed.| No| `true`|
+| ignore-error | Boolean. Specifies if policy should proceed to the next handler or jump to on-error upon failed validation. Policy expressions aren't allowed. | No | `false` |
 
 ## Elements
 
@@ -70,27 +70,24 @@ For more information about custom CA certificates and certificate authorities, s
 
 | Name                            | Description      | Required |  Default    |
 | ------------------------------- | -----------------| -------- | ----------- |
-| thumbprint | Certificate thumbprint. | No | N/A |
+| thumbprint | Certificate SHA-1 thumbprint. | No | N/A |
 | serial-number | Certificate serial number. | No | N/A |
 | common-name | Certificate common name (part of Subject string). | No | N/A |
 | subject | Subject string. Must follow format of Distinguished Name, which consists of comma-separated name attributes, for example, *"CN=MyName, OU=MyOrgUnit, C=US..."*.| No | N/A | 
 | dns-name | Value of dnsName entry inside Subject Alternative Name claim. | No | N/A |
-| issuer-subject | Issuer's subject. Must follow format of Distinguished Name, which consists of comma-separated name attributes, for example, *"CN=MyName, OU=MyOrgUnit, C=US..."*. | No | N/A |
-| issuer-thumbprint | Issuer thumbprint. | No | N/A |
-| issuer-certificate-id | Identifier of existing certificate entity representing the issuer's public key. Mutually exclusive with other issuer attributes.  | No | N/A |
+| issuer-subject | Issuer's subject. Must follow format of Distinguished Name. | No | N/A |
+| issuer-thumbprint | Issuer SHA-1 thumbprint. | No | N/A |
+| issuer-certificate-id | Identifier of existing certificate entity representing the issuer's public key. Mutually exclusive with other issuer attributes. | No | N/A |
+
 
 ## Usage
 
 - [**Policy sections:**](./api-management-howto-policies.md#understanding-policy-configuration) inbound
 - [**Policy scopes:**](./api-management-howto-policies.md#scopes) global, workspace, product, API, operation
 - [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption, self-hosted, workspace
 
+## Examples
 
-### Usage notes
-
-* You must use double quotes to enclose values of name attributes in the `subject` and `issuer-subject` attributes when they contain certain special characters such as ",". For example, specify `O="Contoso, Inc."` instead of `O=Contoso, Inc.` for the organization name. [Learn more](/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#remarks)
-
-## Example
 
 The following example validates a client certificate to match the policy's default validation rules and checks whether the subject and issuer name match specified values.
 
@@ -109,6 +106,25 @@ The following example validates a client certificate to match the policy's defau
 </validate-client-certificate> 
 ```
 
+The following example performs a stricter validation by cheking whether the subject thumbprint and the issuer thumbprint match specified values.
+
+```xml
+<validate-client-certificate 
+    validate-revocation="true" 
+    validate-trust="true" 
+    validate-not-before="true" 
+    validate-not-after="true" 
+    ignore-error="false">
+    <identities>
+        <identity
+            thumbprint="AA11BB22CC33DD44EE55FF66AA77BB88CC99DD00"
+            issuer-thumbprint="BB22CC33DD44EE55FF66AA77BB88CC99DD00EE11" />
+    </identities>
+</validate-client-certificate> 
+```
+
+
+
 ## Related policies
 
 * [Authentication and authorization](api-management-policies.md#authentication-and-authorization)