MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 10 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 10 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/localization-string-ids.md
Lines changed: 7 additions & 7 deletions b/‎articles/active-directory-b2c/localization-string-ids.md
Lines changed: 7 additions & 7 deletions
diff --git a/‎articles/api-management/graphql-apis-overview.md
Lines changed: 1 addition & 1 deletion b/‎articles/api-management/graphql-apis-overview.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/api-management/publish-event-policy.md
Lines changed: 1 addition & 0 deletions b/‎articles/api-management/publish-event-policy.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/app-service/overview-tls.md
Lines changed: 2 additions & 2 deletions b/‎articles/app-service/overview-tls.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/azure-app-configuration/feature-management-overview.md
Lines changed: 1 addition & 0 deletions b/‎articles/azure-app-configuration/feature-management-overview.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/azure-netapp-files/configure-ldap-extended-groups.md
Lines changed: 5 additions & 5 deletions b/‎articles/azure-netapp-files/configure-ldap-extended-groups.md
Lines changed: 5 additions & 5 deletions
diff --git a/‎articles/azure-netapp-files/create-active-directory-connections.md
Lines changed: 6 additions & 6 deletions b/‎articles/azure-netapp-files/create-active-directory-connections.md
Lines changed: 6 additions & 6 deletions
diff --git a/‎articles/azure-resource-manager/bicep/bicep-core-diagnostics.md
Lines changed: 3 additions & 3 deletions b/‎articles/azure-resource-manager/bicep/bicep-core-diagnostics.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/azure-resource-manager/bicep/diagnostics/bcp135.md
Lines changed: 60 additions & 0 deletions b/‎articles/azure-resource-manager/bicep/diagnostics/bcp135.md
Lines changed: 60 additions & 0 deletions
@@ -30,6 +30,11 @@
       "redirect_url": "/previous-versions/azure/partner-solutions/logzio/troubleshoot",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/event-grid/event-schema-storage-actions.md",
+      "redirect_url": "/azure/storage-actions/overview",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/hdinsight-aks/index.yml",
       "redirect_url": "/previous-versions/azure/hdinsight-aks",
@@ -5935,6 +5940,11 @@
       "redirect_url": "/azure/reliability/overview-reliability-guidance",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/reliability/sovereign-cloud-china.md",
+      "redirect_url": "/azure/china/concepts-service-availability",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/managed-grafana/concept-role-based-access-control.md",
       "redirect_url": "/azure/managed-grafana/how-to-manage-access-permissions-users-identities",
 
@@ -496,18 +496,18 @@ The following IDs are used for a [time-based one-time password (TOTP) display co
       </LocalizedResources>
 ```
 
-## Restful service error messages
+## RESTful service error messages
 
-The following IDs are used for [Restful service technical profile](restful-technical-profile.md) error messages:
+The following IDs are used for [RESTful service technical profile](restful-technical-profile.md) error messages:
 
 | ID | Default value |
 | --- | ------------- |
-| `DefaultUserMessageIfRequestFailed` | Failed to establish connection to restful service end point. Restful service URL: {0} |
-| `UserMessageIfCircuitOpen` | {0} Restful Service URL: {1} |
-| `UserMessageIfDnsResolutionFailed` | Failed to resolve the hostname of the restful service endpoint. Restful service URL: {0} |
-| `UserMessageIfRequestTimeout` | Failed to establish connection to restful service end point within timeout limit {0} seconds. Restful service URL: {1} |
+| `DefaultUserMessageIfRequestFailed` | Failed to establish connection to restful service end point. RESTful service URL: {0} |
+| `UserMessageIfCircuitOpen` | {0} RESTful Service URL: {1} |
+| `UserMessageIfDnsResolutionFailed` | Failed to resolve the hostname of the restful service endpoint. RESTful service URL: {0} |
+| `UserMessageIfRequestTimeout` | Failed to establish connection to restful service end point within timeout limit {0} seconds. RESTful service URL: {1} |
 
-### Restful service example
+### RESTful service example
 
 ```xml
 <LocalizedResources Id="api.localaccountsignup.en">
 
@@ -21,7 +21,7 @@ API Management helps you import, manage, protect, test, publish, and monitor Gra
 
 |Pass-through GraphQL   |Synthetic GraphQL  |
 |---------|---------|
-| ▪️ Pass-through API to existing GraphQL service endpoint<br><br/>▪️ Support for GraphQL queries, mutations, and subscriptions  |   ▪️ API based on a custom GraphQL schema<br></br>▪️ Support for GraphQL queries, mutations, and subscriptions<br/><br/>▪️  Configure custom resolvers, for example, to HTTP data sources<br/><br/>▪️ Develop GraphQL schemas and GraphQL-based clients while consuming data from legacy APIs     |
+| ▪️ Pass-through API to existing GraphQL service endpoint<br><br/>▪️ Support for GraphQL queries, mutations, and subscriptions  |   ▪️ API based on a custom GraphQL schema<br></br>▪️ Support for GraphQL queries, mutations, and subscriptions<br/><br/>▪️  Configure custom resolvers, for example, to HTTP data sources<br/><br/>▪️ Develop GraphQL schemas and GraphQL-based clients while consuming data from legacy APIs<br/><br/>▪️ Synthetic subscriptions do not require resolvers. See [publish-event](publish-event-policy.md) policy.    |
 
 ## Availability
 
 
@@ -53,6 +53,7 @@ The `publish-event` policy publishes an event to one or more subscriptions speci
 ### Usage notes
 
 * This policy is invoked only when a related GraphQL query or mutation is executed.
+* Resolver *should not* be defined for the corresponding subscription. Defining a `publish-event` policy on a source query or mutation is sufficient to trigger subscription events.
 
 ## Example
 
 
@@ -55,8 +55,8 @@ Key benefits include:
 - **Better Performance**: Uses streamlined encryption algorithms that lower computational overhead and improve efficiency.
 - **Enhanced Privacy**: Encrypts handshake messages, reducing metadata exposure and mitigating downgrade attacks.
 
-#### Default Configuration  
-TLS 1.3 is fully supported in Azure App Service and can be enabled by setting the **Minimum Inbound TLS Version** to **1.3** in the Azure portal, CLI, or ARM templates.
+#### Default Configuration 
+The default incoming TLS version is TLS 1.2 for Azure App Service. Incoming TLS 1.3 is fully supported in Azure App Service and can be enabled by setting the **Minimum Inbound TLS Version** to **1.3** in the Azure portal, CLI, or ARM templates.
 
 #### Cipher Suites  
 A [Minimum TLS Cipher Suite](#minimum-tls-cipher-suite) setting is available with TLS 1.3. This includes two cipher suites at the top of the cipher suite order:
 
@@ -39,6 +39,7 @@ Feature | .NET | Spring | Python | JavaScript
 ------- | ---- | ------ | ------ | ----------
 Targeting Filter | [GA](./feature-management-dotnet-reference.md#targeting) | GA | [GA](./feature-management-python-reference.md#targeting) | [GA](./feature-management-javascript-reference.md#targeting)
 Targeting Exclusion | [GA](./feature-management-dotnet-reference.md#targeting-exclusion) | GA | [GA](./feature-management-python-reference.md#targeting-exclusion) | [GA](./feature-management-javascript-reference.md#targeting-exclusion)
+Ambient Targeting | [GA](./feature-management-dotnet-reference.md#targeting-in-a-web-application) | GA | WIP | WIP
 Time Window Filter | [GA](./feature-management-dotnet-reference.md#microsofttimewindow) | GA | [GA](./feature-management-python-reference.md#microsofttimewindow) | [GA](./feature-management-javascript-reference.md#microsofttimewindow)
 Recurring Time Window | [GA](./feature-management-dotnet-reference.md#microsofttimewindow) | GA | WIP | WIP
 Custom Feature Filter | [GA](./feature-management-dotnet-reference.md#implementing-a-feature-filter) | GA | [GA](./feature-management-python-reference.md#implementing-a-feature-filter) | [GA](./feature-management-javascript-reference.md#implementing-a-feature-filter)
 
@@ -5,7 +5,7 @@ services: azure-netapp-files
 author: b-hchen
 ms.service: azure-netapp-files
 ms.topic: how-to
-ms.date: 03/17/2023
+ms.date: 02/21/2025
 ms.author: anfdocs
 ---
 # Enable Active Directory Domain Services (AD DS) LDAP authentication for NFS volumes
@@ -43,13 +43,13 @@ The following information is passed to the server in the query:
 
 * The following table describes the Time to Live (TTL) settings for the LDAP cache. You need to wait until the cache is refreshed before trying to access a file or directory through a client. Otherwise, an access or permission denied message appears on the client. 
 
-    | Cache |  Default Timeout |
+    | Cache |  Default time out |
     |-|-|
     | Group membership list  | 24-hour TTL  |
     | Unix groups  | 24-hour TTL, 1-minute negative TTL  |
     | Unix users  | 24-hour TTL, 1-minute negative TTL  |
 
-    Caches have a specific timeout period called *Time to Live*. After the timeout period, entries age out so that stale entries don't linger. The *negative TTL* value is where a lookup that has failed resides to help avoid performance issues due to LDAP queries for objects that might not exist.
+    Caches have a specific time-out period called *Time to Live*. After the time-out period, entries age out so that stale entries don't linger. The *negative TTL* value is where a lookup that has failed resides to help avoid performance issues due to LDAP queries for objects that might not exist.
 
 * The **Allow local NFS users with LDAP** option in Active Directory connections intends to provide occasional and temporary access to local users. When this option is enabled, user authentication and lookup from the LDAP server stop working, and the number of group memberships that Azure NetApp Files will support will be limited to 16.  As such, you should keep this option *disabled* on Active Directory connections, except for the occasion when a local user needs to access LDAP-enabled volumes. In that case, you should disable this option as soon as local user access is no longer required for the volume. See [Allow local NFS users with LDAP to access a dual-protocol volume](create-volumes-dual-protocol.md#allow-local-nfs-users-with-ldap-to-access-a-dual-protocol-volume) about managing local user access.
 
@@ -108,8 +108,8 @@ The following information is passed to the server in the query:
 
     To resolve the users and group from an LDAP server for large topologies, set the values of the **User DN**, **Group DN**, and **Group Membership Filter** options on the Active Directory Connections page as follows:
 
-    * Specify nested **User DN** and **Group DN** in the format of `OU=subdirectory,OU=directory,DC=domain,DC=com`. 
-    * Specify **Group Membership Filter** in the format of `(gidNumber=*)`. 
+    * Specify nested **User DN** and **Group DN** in the format of `OU=subdirectory,OU=directory,DC=domain,DC=com`. Multiple organizational units can be specified using a semicolon, for example: `OU=subdirectory1,OU=directory1,DC=domain,DC=com;OU=subdirectory2,OU=directory2,DC=domain,DC=com`
+    * Specify **Group Membership Filter** in the format of `(gidNumber=*)`. For example, setting `(gidNumber=9*)` searches for `gidNumbers` starting with 9. You can also use two filters together: `(|(cn=*22)(cn=*33))` searches for CN values ending in 22 or 33. 
     * If a user is a member of more than 256 groups, only 256 groups will be listed. 
     * Refer to [errors for LDAP volumes](troubleshoot-volumes.md#errors-for-ldap-volumes) if you run into errors.
 
 
@@ -6,7 +6,7 @@ author: b-hchen
 ms.service: azure-netapp-files
 ms.custom: devx-track-azurepowershell
 ms.topic: how-to
-ms.date: 10/21/2024
+ms.date: 02/21/2025
 ms.author: anfdocs
 ---
 # Create and manage Active Directory connections for Azure NetApp Files
@@ -71,11 +71,11 @@ Several features of Azure NetApp Files require that you have an Active Directory
 
 * LDAP queries take effect only in the domain specified in the Active Directory connections (the **AD DNS Domain Name** field). This behavior applies to NFS, SMB, and dual-protocol volumes.
 
-* <a name="ldap-query-timeouts"></a> LDAP query timeouts 
+* <a name="ldap-query-timeouts"></a> LDAP query time outs 
 
-    By default, LDAP queries time out if they cannot be completed in a timely fashion. If an LDAP query fails due to a timeout, the user and/or group lookup will fail and access to the Azure NetApp Files volume may be denied, depending on the permission settings of the volume.
+    By default, LDAP queries time out if they cannot be completed in a timely fashion. If an LDAP query fails due to a time out, the user and/or group lookup will fail and access to the Azure NetApp Files volume may be denied, depending on the permission settings of the volume.
     
-    Query timeouts can occur in large LDAP environments with many user and group objects, over slow WAN connections, and if an LDAP server is over-utilized with requests. Azure NetApp Files timeout setting for LDAP queries is set to 10 seconds. Consider leveraging the user and group DN features on the Active Directory Connection for the LDAP server to filter searches if you are experiencing LDAP query timeout issues.
+    Query time outs can occur in large LDAP environments with many user and group objects, over slow WAN connections, and if an LDAP server is over-utilized with requests. Azure NetApp Files time-out setting for LDAP queries is set to 10 seconds. Consider leveraging the user and group DN features on the Active Directory Connection for the LDAP server to filter searches if you're experiencing LDAP query time-out issues.
 
 ## NetApp accounts and Active Directory type
 
@@ -132,7 +132,7 @@ For more information about the relationship between NetApp accounts and subscrip
     * **Organizational unit path**  
         This is the LDAP path for the organizational unit (OU) where SMB server computer accounts will be created. That is, `OU=second level, OU=first level`. For example, if you want to use an OU called `ANF` created at the root of the domain, the value would be `OU=ANF`.
 
-        If no value is provided, Azure NetApp Files will use the `CN=Computers` container. 
+        If no value is provided, Azure NetApp Files uses the `CN=Computers` container. 
 
         If you're using Azure NetApp Files with Microsoft Entra Domain Services, the organizational unit path is `OU=AADDC Computers`
 
@@ -178,7 +178,7 @@ For more information about the relationship between NetApp accounts and subscrip
 
         The [**LDAP search scope**](/windows/win32/ad/search-scope) option optimizes Azure NetApp Files storage LDAP queries for use with large AD DS topologies and LDAP with extended groups or Unix security style with an Azure NetApp Files dual-protocol volume. 
         
-        The **User DN** and **Group DN** options allow you to set the search base in AD DS LDAP. These options limit the search areas for LDAP queries, reducing the search time and helping to reduce LDAP query timeouts. 
+        The **User DN** and **Group DN** options allow you to set the search base in AD DS LDAP. These options limit the search areas for LDAP queries, reducing the search time and helping to reduce LDAP query time outs. 
          
         The **Group Membership Filter** option allows you to create a custom search filter for users who are members of specific AD DS groups. 
 
 
@@ -138,8 +138,8 @@ If you need more information about a particular diagnostic code, select the **Fe
 | <a id='BCP130' />BCP130 | Error | Decorators aren't allowed here. |
 | <a id='BCP132' />[BCP132](./diagnostics/bcp132.md) | Error | Expected a declaration after the decorator. |
 | <a id='BCP133' />BCP133 | Error | The unicode escape sequence isn't valid. Valid unicode escape sequences range from \\u{0} to \\u{10FFFF}. |
-| <a id='BCP134' />BCP134 | Warning | Scope {ToQuotedString(LanguageConstants.GetResourceScopeDescriptions(suppliedScope))} isn't valid for this module. Permitted scopes: {ToQuotedString(LanguageConstants.GetResourceScopeDescriptions(supportedScopes))}. |
-| <a id='BCP135' />BCP135 | Warning | Scope {ToQuotedString(LanguageConstants.GetResourceScopeDescriptions(suppliedScope))} isn't valid for this resource type. Permitted scopes: {ToQuotedString(LanguageConstants.GetResourceScopeDescriptions(supportedScopes))}. |
+| <a id='BCP134' />BCP134 | Error | Scope \<scope-name> isn't valid for this module. Permitted scopes: \<scope-name>. |
+| <a id='BCP135' />[BCP135](./diagnostics/bcp135.md) | Error | Scope \<scope-name> isn't valid for this resource type. Permitted scopes: \<scope-name>. |
 | <a id='BCP136' />BCP136 | Error | Expected a loop item variable identifier at this location. |
 | <a id='BCP137' />BCP137 | Error | Loop expected an expression of type "{LanguageConstants.Array}" but the provided value is of type "{actualType}". |
 | <a id='BCP138' />BCP138 | Error | For-expressions aren't supported in this context. For-expressions may be used as values of resource, module, variable, and output declarations, or values of resource and module properties. |
@@ -237,7 +237,7 @@ If you need more information about a particular diagnostic code, select the **Fe
 | <a id='BCP235' />BCP235 | Error | Specified JSONPath doesn't exist in the given file or is invalid. |
 | <a id='BCP236' />BCP236 | Error | Expected a new line or comma character at this location. |
 | <a id='BCP237' />BCP237 | Error | Expected a comma character at this location. |
-| <a id='BCP238' />BCP238 | Error | Unexpected new line character after a comma. |
+| <a id='BCP238' />[BCP238](./diagnostics/bcp238.md) | Error | Unexpected new line character after a comma. |
 | <a id='BCP239' />BCP239 | Error | Identifier "{name}" is a reserved Bicep symbol name and can't be used in this context. |
 | <a id='BCP240' />BCP240 | Error | The "parent" property only permits direct references to resources. Expressions aren't supported. |
 | <a id='BCP241' />BCP241 | Warning | The \<function-name> function is deprecated and will be removed in a future release of Bicep. Add a comment to https://github.com/Azure/bicep/issues/2017 if you believe this will impact your workflow. |
 
@@ -0,0 +1,60 @@
+---
+title: BCP135
+description: Scope <scope-name> isn't valid for this resource type. Permitted scopes <scope-name>.
+ms.topic: reference
+ms.custom: devx-track-bicep
+ms.date: 02/20/2025
+---
+
+# Bicep diagnostic code - BCP135
+
+In Bicep, scopes determine the hierarchical level at which resources are deployed within Azure. ARM provides four deployment scopes—resource group, management group, subscription, and tenant. Resources must be deployed within the allowed scopes. For more information, see [Deployment scope](../deploy-to-resource-group.md#deployment-scopes).
+
+## Description
+
+Scope \<scope-name> isn't valid for this resource type. Permitted scopes: \<scope-name>.
+
+## Level
+
+Error
+
+## Solutions
+
+Deploy resources to the permitted scopes.
+
+## Examples
+
+The following example raises the diagnostic because `storageAccounts` can't be deployed at the management group scope.
+
+```bicep
+targetScope = 'managementGroup'
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' = {
+  name: 'demostorage0220'
+  location: 'eastus'
+  sku: {
+    name:  'Standard_LRS'
+  }
+  kind:  'StorageV2'
+}
+```
+
+You can fix the diagnostic by setting the `targetScope` to `resourceGroup`.  
+
+```bicep
+targetScope = 'resourceGroup'
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' = {
+  name: 'demostorage0220'
+  location: 'eastus'
+  sku: {
+    name:  'Standard_LRS'
+  }
+  kind:  'StorageV2'
+}
+
+```
+
+## Next steps
+
+For more information about Bicep diagnostics, see [Bicep core diagnostics](../bicep-core-diagnostics.md).