Merge pull request #302311 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: Taojunshen

articles/active-directory-b2c/best-practices.md

@@ -84,7 +84,7 @@ Manage your Azure AD B2C environment.
 | Use the Microsoft Graph API to automate the management of your B2C tenants | Microsoft Graph APIs:<br/>Manage [Identity Experience Framework](/graph/api/resources/trustframeworkpolicy?preserve-view=true&view=graph-rest-beta) (custom policies)<br/>[Keys](/graph/api/resources/trustframeworkkeyset?preserve-view=true&view=graph-rest-beta)<br/>[User Flows](/graph/api/resources/identityuserflow?preserve-view=true&view=graph-rest-beta) |
 | Integrate with Azure DevOps | A [CI/CD pipeline](deploy-custom-policies-devops.md) makes moving code between different environments easy and ensures production readiness always.   |
 | Deploy custom policy | Azure AD B2C relies on caching to deliver performance to your end users. When you deploy a custom policy using whatever method, expect a delay of up to **30 minutes** for your users to see the changes. As a result of this behavior, consider the following practices when you deploy your custom policies: <br> - If you're deploying to a development environment, set the `DeploymentMode` attribute in your custom policy file's `<TrustFrameworkPolicy>` element to `Production`. <br> - Deploy your updated policy files to a production environment when traffic in your app is low. <br> - When you deploy to a production environment to update existing policy files, upload the updated files with new names, which act as new versions of the policies. Then, update your app references to the new names/versions. You can remove the old policy files afterward or keep them as your last known good configuration for easy rollback.<br> - If you need to deploy to a production environment to update existing policy files without versioning, make the new policy backward compatible with the old policy by following some simple rules. If you need to change a technical profile, claim, or [SubJourney](subjourneys.md), create a new version of it, publish the policy, and wait for 30 minutes for Azure AD B2C caches to pick up the new version. Then, in a subsequent update, make changes to use the new version and perform another policy update. Wait for another 30 minutes, then you can delete the old version of the elements if needed. Ensure all of your business logic is inside SubJourneys.<br> - You can set the `DeploymentMode` to `Development` in a production environment to bypass the caching behavior. However, we don't recommend this practice. If you [Collect Azure AD B2C logs with Application Insights](troubleshoot-with-application-insights.md), all claims sent to and from identity providers are collected, which is a security and performance risk. |
-| Deploy app registration updates | When you modify your application registration in your Azure AD B2C tenant, such as updating the application's redirect URI, expect a delay of up to **2 hours (3600s)** for the changes to take effect in the production environment. We recommend that you modify your application registration in your production environment when traffic in your app is low.|
+| Deploy app registration updates | When you modify your application registration in your Azure AD B2C tenant, such as updating the application's redirect URI, expect a delay of up to **2 hours (7200s)** for the changes to take effect in the production environment. We recommend that you modify your application registration in your production environment when traffic in your app is low.|
 | Integrate with Azure Monitor | [Audit log events](view-audit-logs.md) are only retained for seven days. [Integrate with Azure Monitor](azure-monitor.md) to retain the logs for long-term use, or integrate with third-party security information and event management (SIEM) tools to gain insights into your environment. |
 | Setup active alerting and monitoring | [Track user behavior](./analytics-with-application-insights.md) in Azure AD B2C using Application Insights. |
 

articles/azure-maps/how-to-dataset-geojson.md

@@ -86,7 +86,7 @@ One thing to consider when adding to an existing dataset is how the feature IDs
 
 If your original dataset was created from a GoeJSON source and you wish to add another facility created from a drawing package, you can append it to your existing dataset by referencing its `conversionId`, as demonstrated by this HTTP POST request:
 
-```shttp
+```https
 https://us.atlas.microsoft.com/datasets?api-version=2023-03-01-preview&conversionId={conversionId}&outputOntology=facility-2.0&datasetId={datasetId}
 ```
 

articles/azure-signalr/index.yml

@@ -120,7 +120,7 @@ landingContent:
         links:
           - text: Use private endpoints
             url: howto-private-endpoints.md
-          - text: Manage network acess
+          - text: Manage network access
             url: howto-network-access-control.md
           - text: Custom domain
             url: howto-custom-domain.md

articles/azure-signalr/media/signalr-howto-config-application-firewall/signalr-add-application-firewall-rule.png

@@ -17,7 +17,7 @@ The Application Firewall provides sophisticated control over client connections
 
 ## What Does the Application Firewall Do?
 
-The Application Firewall consists of various rule lists. Currently, there are two rule lists called *Client Connection Count Rules* and *Client Traffic Control Rules*. Future updates will support more rule lists to control aspects such as connection lifetime.
+The Application Firewall consists of various rule lists. Currently, there are two rule lists called *Client Connection Count Rules* and *Client Traffic Control Rules* and a configuration *Max Client Lifetime*. Future updates will support more rule lists to control aspects such as connection lifetime.
 
 This guideline is divided into three parts:
 1. Introduction to different application firewall rules.
@@ -69,6 +69,9 @@ Client Traffic Control Rules restrict the inbound throughput of client connectio
    This rule limits the inbound throughput of the same claim.
 
 
+## Max Client Lifetime configuration
+This setting controls the maximum lifetime of a client connection, in seconds. When the client connection lifetime reaches the specified time, the service will automatically clean up the session and close the connection. To disable this limit, set the value to 0.
+
 ## Set up Application Firewall 
 
 # [Portal](#tab/Portal)
@@ -112,42 +115,43 @@ resource signalr 'Microsoft.SignalRService/signalr@2024-10-01-preview' = {
                 claimName: 'paidUser'
             }
         ]
-         clientTrafficControlRules:[
+        clientTrafficControlRules:[
         // Add or remove rules as needed
-        {
-            // This rule will be skipped if no userId is set
-            type: 'TrafficThrottleByUserIdRule'
-            // Every minute
-            aggregationWindowInSeconds: 60
-            // 10MB
-            maxInboundMessageBytes: 10485760
-        }
-        {
-            type: 'TrafficThrottleByJwtSignatureRule'
-            // Every 30 seconds
-            aggregationWindowInSeconds: 30
-            // 5MB
-            maxInboundMessageBytes: 5242880
-        }
-        {
-            // This rule will be skipped if no freeUser claim is set
-            type: 'TrafficThrottleByJwtCustomClaimRule'
-            // Every 10 minutes
-            aggregationWindowInSeconds: 600
-            // 1MB
-            maxInboundMessageBytes: 1048576
-            claimName: 'freeUser'
-        }
-        {
-            // This rule will be skipped if no paidUser claim is set
-            type: 'TrafficThrottleByJwtCustomClaimRule'  
-            // Every 30 seconds
-            aggregationWindowInSeconds: 30
-            // 1MB
-            maxInboundMessageBytes: 1048576
-            claimName: 'paidUser'
-        }
-      ]
+            {
+                // This rule will be skipped if no userId is set
+                type: 'TrafficThrottleByUserIdRule'
+                // Every minute
+                aggregationWindowInSeconds: 60
+                // 10MB
+                maxInboundMessageBytes: 10485760
+            }
+            {
+                type: 'TrafficThrottleByJwtSignatureRule'
+                // Every 30 seconds
+                aggregationWindowInSeconds: 30
+                // 5MB
+                maxInboundMessageBytes: 5242880
+            }
+            {
+                // This rule will be skipped if no freeUser claim is set
+                type: 'TrafficThrottleByJwtCustomClaimRule'
+                // Every 10 minutes
+                aggregationWindowInSeconds: 600
+                // 1MB
+                maxInboundMessageBytes: 1048576
+                claimName: 'freeUser'
+            }
+            {
+                // This rule will be skipped if no paidUser claim is set
+                type: 'TrafficThrottleByJwtCustomClaimRule'  
+                // Every 30 seconds
+                aggregationWindowInSeconds: 30
+                // 1MB
+                maxInboundMessageBytes: 1048576
+                claimName: 'paidUser'
+            }
+        ],
+        maxClientConnectionLifetimeInSeconds: 30
     }
   }
 }

articles/azure-signalr/signalr-howto-configure-application-firewall.md

@@ -4,7 +4,7 @@ description: Learn about enabling first-party application service principal for
 ms.topic: how-to
 ms.service: azure-vmware
 ms.date: 4/21/2025
-#cusom intent: As a cloud administrator, I want to enable first-party application service principal for Azure VMware Solution Generation 2 Private Clouds so that I can manage the Azure VMware Solution experiences.
+#customer intent: As a cloud administrator, I want to enable first-party application service principal for Azure VMware Solution Generation 2 Private Clouds so that I can manage the Azure VMware Solution experiences.
 # Customer intent: As a cloud administrator, I want to enable the first-party application service principal for Azure VMware Solution Generation 2 private clouds so that I can effectively manage and deploy the cloud infrastructure.
 ---
 

articles/azure-vmware/native-first-party-principle-security.md

@@ -45,7 +45,7 @@ You can use a similar pattern for REST and other supported languages to get task
 The List Pool Node Counts operation counts compute nodes by the following states in each pool. Separate aggregate counts are provided for dedicated nodes and Spot nodes in each pool.
 
 - **Creating**: An Azure-allocated VM that hasn't yet started to join a pool.
-- **Idle**: A compute node that's availale and currently not running any tasks.
+- **Idle**: A compute node that's available and currently not running any tasks.
 - **LeavingPool**: A node that is leaving the pool, either because the user explicitly removed it or because the pool is resizing or autoscaling down.
 - **Offline**: A node that Batch cannot use to schedule new tasks.
 - **Preempted**: A Spot node that was removed from the pool because Azure reclaimed the VM. A `preempted` node can be reinitialized when replacement Spot VM capacity is available.

articles/batch/batch-get-resource-counts.md

@@ -260,7 +260,7 @@ When copying data from PostgreSQL, the following mappings are used from PostgreS
 |`Integer`|`Int32`|`Int32`|
 |`BigInt`|`Int64`|`Int64`|
 |`Decimal` (Precision <= 28)|`Decimal`|`Decimal`|
-|`Decimal` (Precision > 28)|Unsupport |`String`|
+|`Decimal` (Precision > 28)|Unsupported |`String`|
 |`Numeric`|`Decimal`|`Decimal`|
 |`Real`|`Single`|`Single`|
 |`Double`|`Double`|`Double`|

articles/data-factory/connector-postgresql.md

@@ -2285,7 +2285,7 @@ ___
 <a name="substringIndex" ></a>
 
 ### <code>substringIndex</code>
-<code><b>substringIndex(<i>&lt;string to subset&gt;</i> : string, <i>&lt;delimiter&gt;</i> : string, &lt;count of delimiter occurences&gt;</i> : integral]) => string</b></code><br/><br/>
+<code><b>substringIndex(<i>&lt;string to subset&gt;</i> : string, <i>&lt;delimiter&gt;</i> : string, &lt;count of delimiter occurrences&gt;</i> : integral]) => string</b></code><br/><br/>
 Extracts the substring before `count` occurrences of the delimiter. If `count` is positive, everything to the left of the final delimiter (counting from the left) is returned. If `count` is negative, everything to the right of the final delimiter (counting from the right) is returned. 
 * ``substringIndex('111-222-333', '-', 1) -> '111'``  
 * ``substringIndex('111-222-333', '-', 2) -> '111-222'``  

articles/data-factory/data-flow-expressions-usage.md

@@ -69,7 +69,7 @@ For more information, see [Select the certificate for Azure Front Door to deploy
 
 ### Adopt custom domains
 
-Adopt custom domains for your Front Door endpoints to ensure better availaility and flexiility while managing your domains and traffic. Don't hardcode AFD provided domains (like *.azurefd.z01.net) in your clients/codebases/firewall. Use custom domains for such scenarios.
+Adopt custom domains for your Front Door endpoints to ensure better availability and flexibility while managing your domains and traffic. Don't hardcode AFD provided domains (like *.azurefd.z01.net) in your clients/codebases/firewall. Use custom domains for such scenarios.
 
 ### Use the same domain name on Front Door and your origin