Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into afd-rules

Author: halkazwini

.openpublishing.redirection.json

@@ -1,5 +1,65 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/cdn/cdn-traffic-manager.md",
+      "redirect_url": "/previous-versions/azure/cdn/cdn-traffic-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/quickstart-create-front-door.md",
+      "redirect_url": "/previous-versions/azure/frontdoor/quickstart-create-front-door",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/quickstart-create-front-door-terraform.md",
+      "redirect_url": "/previous-versions/azure/frontdoor/quickstart-create-front-door-terraform",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/quickstart-create-front-door-template.md",
+      "redirect_url": "/previous-versions/azure/frontdoor/quickstart-create-front-door-template",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/quickstart-create-front-door-powershell.md",
+      "redirect_url": "/previous-versions/azure/frontdoor/quickstart-create-front-door-powershell",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/quickstart-create-front-door-cli.md",
+      "redirect_url": "/previous-versions/azure/frontdoor/quickstart-create-front-door-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/frontdoor/quickstart-create-front-door-bicep.md",
+      "redirect_url": "/previous-versions/azure/frontdoor/quickstart-create-front-door-bicep",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cloud-services/cloud-services-application-and-service-availability-faq.yml",
+      "redirect_url": "/previous-versions/azure/cloud-services/cloud-services-application-and-service-availability-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cloud-services/cloud-services-configuration-and-management-faq.yml",
+      "redirect_url": "/previous-versions/azure/cloud-services/cloud-services-configuration-and-management-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cloud-services/cloud-services-connectivity-and-networking-faq.yml",
+      "redirect_url": "/previous-versions/azure/cloud-services/cloud-services-connectivity-and-networking-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cloud-services/cloud-services-deployment-faq.yml",
+      "redirect_url": "/previous-versions/azure/cloud-services/cloud-services-deployment-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cloud-services/index.yml",
+      "redirect_url": "/previous-versions/azure/cloud-services/index",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/private-multi-access-edge-compute-mec/index.yml",
       "redirect_url": "/previous-versions/azure/private-multi-access-edge-compute-mec/index",
@@ -6978,6 +7038,26 @@
       "source_path": "articles/defender-for-iot/organizations/eiot-sensor.md",
       "redirect_url": "/azure/defender-for-iot/organizations/concept-enterprise",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cyclecloud/release-notes/ccws/2024.09.18.md",
+      "redirect_url": "/azure/cyclecloud/release-notes/ccws/2024-09-18",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cyclecloud/release-notes/ccws/2024.11.08.md",
+      "redirect_url": "/azure/cyclecloud/release-notes/ccws/2024-11-08",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cyclecloud/release-notes/ccws/2024.12.18.md",
+      "redirect_url": "/azure/cyclecloud/release-notes/ccws/2024-12-18",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cyclecloud/release-notes/ccws/2025.02.06.md",
+      "redirect_url": "/azure/cyclecloud/release-notes/ccws/2025-02-06",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-b2c/identity-provider-adfs.md

@@ -31,7 +31,7 @@ zone_pivot_groups: b2c-policy-type
 
 To enable sign-in for users with an AD FS account in Azure Active Directory B2C (Azure AD B2C), create an Application Group in your AD FS. For more information, see [Build a web application using OpenID Connect with AD FS 2016 and later](../active-directory/develop/msal-migration.md)
 
-To create an Application Group, follow theses steps:
+To create an Application Group, follow these steps:
 
 1. In **Server Manager**, select **Tools**, and then select **AD FS Management**.
 1. In AD FS Management, right-click on **Application Groups** and select **Add Application Group**.

articles/active-directory-b2c/password-complexity.md

@@ -83,7 +83,7 @@ Allows you to control the different character types used in the password.
 
 - **2 of 4: Lowercase character, Uppercase character, Number (0-9), Symbol** ensures the password contains at least two character types. For example, a number and a lowercase character.
 - **3 of 4: Lowercase character, Uppercase character, Number (0-9), Symbol** ensures the password contains at least three character types. For example, a number, a lowercase character and an uppercase character.
-- **4 of 4: Lowercase character, Uppercase character, Number (0-9), Symbol** ensures the password contains all for character types.
+- **4 of 4: Lowercase character, Uppercase character, Number (0-9), Symbol** ensures the password contains all four character types.
 
     > [!NOTE]
     > Requiring **4 of 4** can result in end-user frustration. Some studies have shown that this requirement doesn't improve password entropy. See [NIST Password Guidelines](https://pages.nist.gov/800-63-3/sp800-63b.html#appA)

articles/active-directory-b2c/policy-keys-overview.md

@@ -75,7 +75,7 @@ If an Azure AD B2C keyset has multiple keys, only one of the keys is active at a
   - When the current date and time is greater than a key's activation date, Azure AD B2C activates the key and stop using the prior active key.
 - When the current key's expiration time has elapsed and the key container contains a new key with valid *nbf (not before)* and *exp (expiration)* times, the new key becomes active automatically. New tokens are signed with the newly active key. It's possible to keep an expired key published for token validation until disabled by an admin, but this must be requested by [filing a support request](/azure/active-directory-b2c/find-help-open-support-ticket).
 
-- When the current key's expiration time has elapsed and the key container *doesn't* contain a new key with valid *not before* and *expiration* times, Azure AD B2C won't be able to use the expired key. Azure AD B2C raises an error message within a dependant component of your custom policy. To avoid this issue, you can create a default key without activation and expiration dates as a safety net.
+- When the current key's expiration time has elapsed and the key container *doesn't* contain a new key with valid *not before* and *expiration* times, Azure AD B2C won't be able to use the expired key. Azure AD B2C raises an error message within a dependent component of your custom policy. To avoid this issue, you can create a default key without activation and expiration dates as a safety net.
 - The key's endpoint (JWKS URI) of the OpenId Connect well-known configuration endpoint reflects the keys configured in the Key Container, when the Key is referenced in the [JwtIssuer Technical Profile](./jwt-issuer-technical-profile.md). An application using an OIDC library will automatically fetch this metadata to ensure it uses the correct keys to validate tokens. For more information, learn how to use [Microsoft Authentication Library](../active-directory/develop/msal-b2c-overview.md), which always fetches the latest token signing keys automatically.
 
 :::image type="content" source="media/policy-keys-overview/key-rollover.png" alt-text="A diagram describing the process for key rollover in Azure AD B2C." lightbox="media/policy-keys-overview/key-rollover.png":::

articles/api-management/TOC.yml

@@ -204,24 +204,6 @@
         href: sap-api.md
     - name: Import gRPC API
       href: grpc-api.md
-    - name: Azure OpenAI and LLM APIs
-      items:
-      - name: AI gateway capabilities in API Management
-        href: genai-gateway-capabilities.md
-      - name: Import Azure AI Foundry API
-        href: azure-ai-foundry-api.md
-      - name: Import Azure OpenAI API
-        href: azure-openai-api-from-specification.md
-      - name: Import OpenAI-compatible LLM API
-        href: openai-compatible-llm-api.md
-      - name: Authenticate and authorize to Azure OpenAI
-        href: api-management-authenticate-authorize-azure-openai.md
-      - name: Expose REST API as MCP server
-        href: export-rest-mcp-server.md
-      - name: Semantic caching for Azure OpenAI API requests
-        href: azure-openai-enable-semantic-caching.md
-      - name: Protect Azure OpenAI keys
-        href: /semantic-kernel/deploy/use-ai-apis-with-api-management?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json
     - name: Configure API for SSE
       href: how-to-server-sent-events.md
     - name: API import restrictions
@@ -250,6 +232,24 @@
       href: api-management-howto-cache.md
     - name: Custom caching
       href: api-management-sample-cache-by-key.md
+- name: API management for AI
+  items:
+  - name: AI gateway capabilities in API Management
+    href: genai-gateway-capabilities.md
+  - name: Import Azure AI Foundry API
+    href: azure-ai-foundry-api.md
+  - name: Import Azure OpenAI API
+    href: azure-openai-api-from-specification.md
+  - name: Import OpenAI-compatible LLM API
+    href: openai-compatible-llm-api.md
+  - name: Authenticate and authorize to Azure OpenAI
+    href: api-management-authenticate-authorize-azure-openai.md
+  - name: Expose REST API as MCP server
+    href: export-rest-mcp-server.md
+  - name: Semantic caching for Azure OpenAI API requests
+    href: azure-openai-enable-semantic-caching.md
+  - name: Protect Azure OpenAI keys
+    href: /semantic-kernel/deploy/use-ai-apis-with-api-management?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json
 - name: Manage APIs with policies
   items:
   - name: API Management policies overview

articles/api-management/api-management-howto-autoscale.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 02/06/2024
+ms.date: 06/03/2025
 ms.author: danlep
 ms.custom: engagement-fy23
 ---
@@ -22,7 +22,6 @@ The article walks through the process of configuring autoscale and suggests opti
 > [!NOTE]
 > * In service tiers that support multiple scale units, you can also [manually scale](upgrade-and-scale.md) your API Management instance.
 > * An API Management service in the **Consumption** tier scales automatically based on the traffic - without any additional configuration needed.
-> * Currently, autoscale is not supported for the [workspace gateway](workspaces-overview.md#workspace-gateway) in API Management workspaces.
 
 [!INCLUDE [api-management-service-update-behavior](../../includes/api-management-service-update-behavior.md)]
 
@@ -41,15 +40,15 @@ Certain limitations and consequences of scaling decisions need to be considered
 
 + The [pricing tier](api-management-features.md) of your API Management instance determines the [maximum number of units](upgrade-and-scale.md#upgrade-and-scale) you may scale to. For example, the **Standard tier** can be scaled to 4 units. You can add any number of units to the **Premium** tier.
 + If the service is locked by another operation, the scaling request will fail and retry automatically.
-+ If your service instance is deployed in multiple regions (locations), only units in the **Primary location** can be autoscaled with Azure Monitor autoscale. Units in other locations can only be scaled manually.
-+ If your service instance is configured with [availability zones](zone-redundancy.md) in the **Primary location**, be aware of the number of zones when configuring autoscaling. The number of API Management units in autoscale rules and limits must be a multiple of the number of zones. 
++ If your service instance is deployed in multiple regions (locations), only units in the **Primary location** can be autoscaled with Azure Monitor autoscale. Units in other locations can be scaled manually or using custom scaling tools.
++ If your service instance is configured with [availability zones](zone-redundancy.md) in the **Primary location**, we recommend leaving the default **Automatic** setting for availability zones. If you select specific zones, the number of API Management units in autoscale rules and limits must be a multiple of the number of zones configured. 
 
 ## Enable and configure autoscale for an API Management instance
 
 Follow these steps to configure autoscale for an Azure API Management service:
 
 1. Sign in to the [Azure portal](https://portal.azure.com), and navigate to your API Management instance.
-1. In the left menu, select **Scale out (auto-scale)**, and then select **Custom autoscale**.
+1. In the left menu, select **Deployment + infrastructure** > **Scale out (auto-scale)**, and then select **Custom autoscale**.
 
     :::image type="content" source="media/api-management-howto-autoscale/01.png" alt-text="Screenshot of scale-out options in the portal.":::
 

articles/api-management/configure-custom-domain.md

@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 05/09/2025
+ms.date: 05/30/2025
 ms.author: danlep
 ms.custom:
   - engagement-fy23
@@ -50,10 +50,10 @@ There are several API Management endpoints to which you can assign a custom doma
 | Endpoint | Default |
 | -------- | ----------- |
 | **Gateway** | Default is: `<apim-service-name>.azure-api.net`. Gateway is the only endpoint available for configuration in the Consumption tier.<br/><br/>The default Gateway endpoint configuration remains available after a custom Gateway domain is added. |
-| **Developer portal** | Default is: `<apim-service-name>.developer.azure-api.net` |
-| **Management** | Default is: `<apim-service-name>.management.azure-api.net` |
-| **Configuration API (v2)** | Default is: `<apim-service-name>.configuration.azure-api.net` |
-| **SCM** | Default is: `<apim-service-name>.scm.azure-api.net` |
+| **Developer portal** (all tiers except Consumption) | Default is: `<apim-service-name>.developer.azure-api.net` |
+| **Management** (classic tiers only) | Default is: `<apim-service-name>.management.azure-api.net` |
+| **Self-hosted gateway configuration API (v2)** | Default is: `<apim-service-name>.configuration.azure-api.net` |
+| **SCM** (classic tiers only) | Default is: `<apim-service-name>.scm.azure-api.net` |
 
 ### Considerations
 
@@ -62,6 +62,7 @@ There are several API Management endpoints to which you can assign a custom doma
 * Only API Management instance owners can use **Management** and **SCM** endpoints internally. These endpoints are less frequently assigned a custom domain name.
 * The **Premium** and **Developer** tiers support setting multiple hostnames for the **Gateway** endpoint.
 * Wildcard domain names, like `*.contoso.com`, are supported in all tiers except the Consumption tier. A specific subdomain certificate (for example, api.contoso.com) would take precedence over a wildcard certificate (*.contoso.com) for requests to api.contoso.com.
+* When configuing a custom domain for the **Developer portal**, you can [enable CORS](enable-cors-developer-portal.md) for the new domain name. This is needed for developer portal visitors to use the interactive console in the API reference pages.
 
 ## Domain certificate options
 

articles/api-management/configure-service-update-settings.md

@@ -15,15 +15,15 @@ ms.author: danlep
 
 This article shows you how to configure *service update* settings (preview) in your API Management instance. Azure periodically applies service updates automatically to API Management instances, using a phased rollout approach. These updates include new features, security enhancements, and reliability improvements. 
 
-You can't control exactly when Azure updates each API Management instance, but in select service tiers you can choose an *update group* for your instance so that it receives updates earlier or later than it usually would during an update rollout. You can also configure a *maintenance window* during the day when you want your instance to receive updates. 
+You can't control exactly when Azure updates each API Management instance, but in select service tiers you can choose an *update group* (also called a *release channel*) for your instance so that it receives updates earlier or later than it usually would during an update rollout. You can also configure a *maintenance window* during the day when you want your instance to receive updates. 
 
 * **Update group** - A set of instances that receive API Management service updates during a production rollout, which can take from several days to several weeks to complete. 
 
     Choose from:
     * **Early** - Receive updates early in the rollout, for testing and early access to new features. This option is not recommended for production deployments.
     * **Default** - Receive updates as part of the regular release rollout. This option is recommended for most services, including production deployments.
     * **Late** - Receive updates later than the previous groups, typically weeks after the initial rollout. This option is recommended for mission-critical deployments only.
-    * **AI Gateway Early** (GenAI release) - Get early access to the latest [AI gateway features and updates](genai-gateway-capabilities.md) before they reach other update groups. Receive other service updates as part of the **Late** rollout group.
+    * **AI Gateway Early** (GenAI release channel) - Get early access to the latest [AI gateway features and updates](genai-gateway-capabilities.md) before they reach other update groups. Receive other service updates as part of the **Late** rollout group.
 
     > [!NOTE]
     > Azure deploys all updates using a [safe deployment practices (SDP) framework](https://azure.microsoft.com/blog/advancing-safe-deployment-practices/). Updates released early in a rollout might be less stable and replaced later by stable releases. All instances are eventually updated to the most stable release builds.