Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into resource-manager-add-caf-relocate

Author: stephen-sumner

.openpublishing.redirection.json

@@ -1,5 +1,25 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/cdn/cdn-advanced-http-reports.md",
+      "redirect_url": "/previous-versions/azure/cdn/cdn-advanced-http-reports",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cdn/cdn-preload-endpoint.md",
+      "redirect_url": "/previous-versions/azure/cdn/cdn-preload-endpoint",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cdn/cdn-real-time-stats.md",
+      "redirect_url": "/previous-versions/azure/cdn/cdn-real-time-stats",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cdn/cdn-token-auth.md",
+      "redirect_url": "/previous-versions/azure/cdn/cdn-token-auth",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cdn/edgio-retirement-faq.md",
       "redirect_url": "/previous-versions/azure/cdn/edgio-retirement-faq",

articles/api-center/frequently-asked-questions.yml

@@ -59,5 +59,6 @@ additionalContent: |
     ## Related content
 
     * [Azure API Center overview](overview.md)
-    * [Build APIs | Microsoft Developer](https://developer.microsoft.com/build-apis
+    * [Build APIs | Microsoft Developer](https://developer.microsoft.com/build-apis)
+    * [API Center flash workshop](https://azure-samples.github.io/API-Center-Workshop/)
 

articles/api-center/synchronize-aws-gateway-apis.md

@@ -8,8 +8,9 @@ ms.date: 02/10/2025
 ms.author: danlep 
 ms.custom: 
   - devx-track-azurecli
-  - migration
-  - aws-to-azure
+ms.collection: 
+ - migration
+ - aws-to-azure
 # Customer intent: As an API program manager, I want to integrate my Azure API Management instance with my API center and synchronize API Management APIs to my inventory.
 ---
 

articles/api-management/api-management-error-handling-policies.md

@@ -113,13 +113,13 @@ The following errors are predefined for error conditions that can occur during p
 | ip-filter    | Caller IP is in blocked list                                    | CallerIpBlocked           | Caller IP address is blocked. Access denied.                                                                                         |
 | check-header | Required header not presented or value is missing               | HeaderNotFound            | Header {header-name} was not found in the request. Access denied.                                                                    |
 | check-header | Required header not presented or value is missing               | HeaderValueNotAllowed     | Header {header-name} value of {header-value} is not allowed. Access denied.                                                          |
-| validate-jwt | Jwt token is missing in request                                 | TokenNotPresent             | JWT not present.                                                                                         |
+| validate-jwt | JWT is missing in request                                 | TokenNotPresent             | JWT not present.                                                                                         |
 | validate-jwt | Signature validation failed                                     | TokenSignatureInvalid     | <message from jwt library\>. Access denied.                                                                                          |
 | validate-jwt | Invalid audience                                                | TokenAudienceNotAllowed   | <message from jwt library\>. Access denied.                                                                                          |
 | validate-jwt | Invalid issuer                                                  | TokenIssuerNotAllowed     | <message from jwt library\>. Access denied.                                                                                          |
 | validate-jwt | Token expired                                                   | TokenExpired              | <message from jwt library\>. Access denied.                                                                                          |
 | validate-jwt | Signature key was not resolved by ID                            | TokenSignatureKeyNotFound | <message from jwt library\>. Access denied.                                                                                          |
-| validate-jwt | Required claims are missing from token                          | TokenClaimNotFound        | JWT token is missing the following claims: <c1\>, <c2\>, … Access denied.                                                            |
+| validate-jwt | Required claims are missing from token                          | TokenClaimNotFound        | JWT is missing the following claims: <c1\>, <c2\>, … Access denied.                                                            |
 | validate-jwt | Claim values mismatch                                           | TokenClaimValueNotAllowed | Claim {claim-name} value of {claim-value} is not allowed. Access denied.                                                             |
 | validate-jwt | Other validation failures                                       | JwtInvalid                | <message from jwt library\>                                                                                                          |
 | forward-request or send-request | HTTP response status code and headers were not received from the backend within the configured timeout | Timeout | multiple |

articles/api-management/api-management-key-concepts-experiment.md

@@ -58,7 +58,7 @@ All requests from client applications first reach the API gateway, which then fo
 The API gateway:
 
   * Accepts API calls and routes them to configured backends
-  * Verifies API keys, JWT tokens, certificates, and other credentials
+  * Verifies API keys, JWTs, certificates, and other credentials
   * Enforces usage quotas and rate limits
   * Optionally transforms requests and responses as specified in [policy statements](#policies)
   * If configured, caches responses to improve response latency and minimize the load on backend services

articles/api-management/api-management-policy-expressions.md

@@ -230,8 +230,8 @@ The `context` variable is implicitly available in every policy [expression](api-
 |`BasicAuthCredentials AsBasic(input: this string)`|`input`: `string`<br /><br /> If the input parameter contains a valid HTTP Basic Authentication authorization request header value, the method returns an object of type `BasicAuthCredentials`; otherwise the method returns null.|
 |`bool TryParseBasic(input: this string, result: out BasicAuthCredentials)`|`input`: `string`<br /><br /> `result`: `out BasicAuthCredentials`<br /><br /> If the input parameter contains a valid HTTP Basic Authentication authorization value in the request header, the method returns `true` and the result parameter contains a value of type `BasicAuthCredentials`; otherwise the method returns `false`.|
 |`BasicAuthCredentials`|`Password`: `string`<br /><br /> `UserId`: `string`|
-|`Jwt AsJwt(input: this string)`|`input`: `string`<br /><br /> If the input parameter contains a valid JWT token value, the method returns an object of type `Jwt`; otherwise the method returns `null`.|
-|`bool TryParseJwt(input: this string, result: out Jwt)`|`input`: `string`<br /><br /> `result`: `out Jwt`<br /><br /> If the input parameter contains a valid JWT token value, the method returns `true` and the result parameter contains a value of type `Jwt`; otherwise the method returns `false`.|
+|`Jwt AsJwt(input: this string)`|`input`: `string`<br /><br /> If the input parameter contains a valid JWT value, the method returns an object of type `Jwt`; otherwise the method returns `null`.|
+|`bool TryParseJwt(input: this string, result: out Jwt)`|`input`: `string`<br /><br /> `result`: `out Jwt`<br /><br /> If the input parameter contains a valid JWT value, the method returns `true` and the result parameter contains a value of type `Jwt`; otherwise the method returns `false`.|
 |`Jwt`|`Algorithm`: `string`<br /><br /> `Audiences`: `IEnumerable<string>`<br /><br /> `Claims`: `IReadOnlyDictionary<string, string[]>`<br /><br /> `ExpirationTime`: `DateTime?`<br /><br /> `Id`: `string`<br /><br /> `Issuer`: `string`<br /><br /> `IssuedAt`: `DateTime?`<br /><br /> `NotBefore`: `DateTime?`<br /><br /> `Subject`: `string`<br /><br /> `Type`: `string`|
 |`string Jwt.Claims.GetValueOrDefault(claimName: string, defaultValue: string)`|`claimName`: `string`<br /><br /> `defaultValue`: `string`<br /><br /> Returns comma-separated claim values or `defaultValue` if the header isn't found.|
 |`byte[] Encrypt(input: this byte[], alg: string, key:byte[], iv:byte[])`|`input` - plaintext to be encrypted<br /><br />`alg` - name of a symmetric encryption algorithm<br /><br />`key` - encryption key<br /><br />`iv` - initialization vector<br /><br />Returns encrypted plaintext.|

articles/api-management/genai-gateway-capabilities.md

@@ -107,7 +107,7 @@ In API Management, enable semantic caching by using Azure Redis Enterprise or an
 
 ## Labs and samples
 
-* [Labs for the AI gateway capabilities of Azure API Management](https://github.com/Azure-Samples/genai-gateway)
+* [Labs for the AI gateway capabilities of Azure API Management](https://github.com/Azure-Samples/ai-gateway)
 * [Azure API Management (APIM) - Azure OpenAI Sample (Node.js)](https://github.com/Azure-Samples/genai-gateway-apim)
 * [Python sample code for using Azure OpenAI with API Management](https://github.com/Azure-Samples/openai-apim-lb/blob/main/docs/sample-code.md)
 

articles/app-service/environment/creation-terraform.md

@@ -0,0 +1,141 @@
+---
+title: 'Quickstart: Use Terraform to configure an Azure App Service Environment v3'
+description: In this quickstart, you learn how to configure an Azure App Service Environment v3. 
+ms.topic: quickstart
+ms.date: 04/08/2025
+ms.custom: devx-track-terraform
+ms.service: azure-app-service
+author: cephalin
+ms.author: cephalin
+#customer intent: As a Terraform user, I want to learn how to configure an Azure App Service Environment v3.
+content_well_notification: 
+  - AI-contribution
+---
+
+# Quickstart: Use Terraform to configure an Azure App Service Environment v3
+
+In this quickstart, you use [Terraform](/azure/developer/terraform) to create an App Service Environment, single-tenant deployment of Azure App Service. You use it with an Azure virtual network. You need one subnet for a deployment of App Service Environment, and this subnet can't be used for anything else. You create a resource group, virtual network, and a subnet to configure an Azure App Service Environment v3.
+
+In this article, you learn how to:
+
+> [!div class="checklist"]
+> * Create an Azure resource group with a unique name.
+> * Establish a virtual network with a specified name and address.
+> * Generate a random name for the subnet, and create a subnet in the virtual network.
+> * Delegate the subnet to the Microsoft.Web/hostingEnvironments service.
+> * Generate a random name for the App Service Environment v3, and create an App Service Environment v3 in the subnet.
+> * Set the internal load-balancing mode for the App Service Environment v3.
+> * Set cluster settings for the App Service Environment v3.
+> * Tag the App Service Environment v3.
+> * Output the names of the resource group, virtual network, subnet, and App Service Environment v3.
+
+## Prerequisites
+
+- An Azure account with an active subscription. You can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+- Terraform. For more information, see [Install and configure Terraform](/azure/developer/terraform/quickstart-configure).
+
+> [!IMPORTANT]
+> If you're using the 4.x azurerm provider, you must [explicitly specify the Azure subscription ID](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide#specifying-subscription-id-is-now-mandatory) to authenticate to Azure before running the Terraform commands.
+>
+> One way to specify the Azure subscription ID without putting it in the `providers` block is to specify the subscription ID in an environment variable named `ARM_SUBSCRIPTION_ID`.
+>
+> For more information, see the [Azure provider reference documentation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#argument-reference).
+
+## Implement the Terraform code
+
+The sample code for this article is located in the [Azure Terraform GitHub repo](https://github.com/Azure/terraform/tree/master/quickstart/101-app-service-environment). You can view the log file containing the [test results from current and previous versions of Terraform](https://github.com/Azure/terraform/tree/master/quickstart/101-app-service-environment/TestRecord.md). See more [articles and sample code showing how to use Terraform to manage Azure resources](/azure/terraform).
+
+1. Create a directory in which to test and run the sample Terraform code, and make it the current directory.
+
+1. Create a file named `main.tf`, and insert the following code:
+    :::code language="Terraform" source="~/terraform_samples/quickstart/101-app-service-environment/main.tf":::
+
+1. Create a file named `outputs.tf`, and insert the following code:
+    :::code language="Terraform" source="~/terraform_samples/quickstart/101-app-service-environment/outputs.tf":::
+
+1. Create a file named `providers.tf`, and insert the following code:
+    :::code language="Terraform" source="~/terraform_samples/quickstart/101-app-service-environment/providers.tf":::
+
+1. Create a file named `variables.tf`, and insert the following code:
+    :::code language="Terraform" source="~/terraform_samples/quickstart/101-app-service-environment/variables.tf":::
+
+## Initialize Terraform
+
+[!INCLUDE [terraform-init.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-init.md)]
+
+## Create a Terraform execution plan
+
+[!INCLUDE [terraform-plan.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-plan.md)]
+
+## Apply a Terraform execution plan
+
+[!INCLUDE [terraform-apply-plan.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-apply-plan.md)]
+
+## Verify the results
+
+### [Azure CLI](#tab/azure-cli)
+
+1. Get the Azure resource group name.
+
+    ```console
+    resource_group_name=$(terraform output -raw resource_group_name)
+    ```
+
+1. Get the virtual network name.
+
+    ```console
+    virtual_network_name=$(terraform output -raw virtual_network_name)
+    ```
+
+1. Get the subnet name.
+
+    ```console
+    subnet_name=$(terraform output -raw subnet_name)
+    ```
+
+1. Run `az appservice ase show` to view the App Service Environment v3.
+
+    ```azurecli
+    az appservice ase show --name $app_service_environment_v3_name --resource-group $resource_group_name  
+    ```
+
+### [Azure PowerShell](#tab/azure-powershell)
+
+1. Get the Azure resource group name.
+
+    ```console
+    $resource_group_name=$(terraform output -raw resource_group_name)
+    ```
+
+1. Get the virtual network name.
+
+    ```console
+    $virtual_network_name=$(terraform output -virtual_network_name)
+    ```
+
+1. Get the subnet name.
+
+    ```console
+    $subnet_name=$(terraform output -subnet_name)
+    ```
+
+1. Run `Get-AzAppServiceEnvironment` to view the AKS cluster within the Azure Extended Zone.
+
+    ```azurepowershell
+    Get-AzAppServiceEnvironment -Name $app_service_environment_v3_name -ResourceGroupName $resource_group_name 
+    ```
+
+---
+
+## Clean up resources
+
+[!INCLUDE [terraform-plan-destroy.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-plan-destroy.md)]
+
+## Troubleshoot Terraform on Azure
+
+[Troubleshoot common problems when using Terraform on Azure](/azure/developer/terraform/troubleshoot).
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [See more articles about Azure app service environment v3.](/search/?terms=Azure%20app%20service%20environment%20v3%20and%20terraform)

articles/app-service/environment/toc.yml

@@ -11,6 +11,8 @@
   items:
   - name: Create App Service Environment in portal
     href: creation.md
+  - name: Create an App Service Environment using Terraform
+    href: creation-terraform.md
 - name: Tutorials
   items:
   - name: Integrate with Application Gateway

articles/application-gateway/application-gateway-probe-overview.md

@@ -5,7 +5,7 @@ services: application-gateway
 author: greg-lindsay
 ms.service: azure-application-gateway
 ms.topic: concept-article
-ms.date: 09/14/2023
+ms.date: 04/09/2025
 ms.author: greglin 
 ms.custom: devx-track-azurepowershell
 ---
@@ -46,15 +46,15 @@ Once the probe detects a failed response, the counter for "Unhealthy threshold"
 
 An application gateway automatically configures a default health probe when you don't set up any custom probe configuration. The monitoring behavior works by making an HTTP GET request to the IP addresses or FQDN configured in the backend pool. For default probes if the backend http settings are configured for HTTPS, the probe uses HTTPS to test health of the backend servers.
 
-For example: You configure your application gateway to use backend servers A, B, and C to receive HTTP network traffic on port 80. The default health monitoring tests the three servers every 30 seconds for a healthy HTTP response with a 30-second-timeout for each request. A healthy HTTP response has a [status code](/troubleshoot/developer/webapps/iis/www-administration-management/http-status-code) between 200 and 399. In this case, the HTTP GET host header for the health probe looks like `http://127.0.0.1/`. Also see [HTTP response codes in Application Gateway](http-response-codes.md).
+For example: You configure your application gateway to use backend servers A, B, and C to receive HTTP network traffic on port 80. The default health monitoring tests the three servers every 30 seconds for a healthy HTTP response with a 30-second-timeout for each request. A healthy HTTP response has a [status code](/troubleshoot/developer/webapps/iis/www-administration-management/http-status-code) between 200 and 399. In this case, the HTTP GET Host header for the health probe appears as `http://127.0.0.1/`, unless a hostname is configured in the [Backend Settings](configuration-http-settings.md#configuring-the-host-name).
 
 If the default probe check fails for server A, the application gateway stops forwarding requests to this server. The default probe still continues to check for server A every 30 seconds. When server A responds successfully to one request from a default health probe, application gateway starts forwarding the requests to the server again.
 
 ### Default health probe settings
 
 | Probe property | Value | Description |
 | --- | --- | --- |
-| Probe URL |\<protocol\>://127.0.0.1:\<port\>/ |The protocol and port are inherited from the backend HTTP settings to which the probe is associated |
+| Probe URL |\<protocol\>://127.0.0.1:\<port\>/ |The protocol and port are inherited from the Backend Settings to which the probe is associated. The default host is 127.0.0.1 unless one is specified in the associated Backend Settings. |
 | Interval |30 |The amount of time in seconds to wait before the next health probe is sent.|
 | Time-out |30 |The amount of time in seconds the application gateway waits for a probe response before marking the probe as unhealthy. If a probe returns as healthy, the corresponding backend is immediately marked as healthy.|
 | Unhealthy threshold |3 |Governs how many probes to send in case there's a failure of the regular health probe. In v1 SKU, these additional health probes are sent in quick succession to determine the health of the backend quickly and don't wait for the probe interval. For v2 SKU, the health probes wait the interval. The backend server is marked down after the consecutive probe failure count reaches the unhealthy threshold. |