Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-rbac-roles-refactor-anchors

Author: rolyon

articles/azure-app-configuration/concept-disaster-recovery.md

@@ -5,7 +5,7 @@ author: avanigupta
 ms.author: avgupta
 ms.service: azure-app-configuration
 ms.topic: conceptual
-ms.date: 04/20/2023
+ms.date: 02/16/2024
 ---
 
 # Resiliency and disaster recovery
@@ -14,6 +14,9 @@ Azure App Configuration is a regional service. Each configuration store is creat
 
 This article provides general guidance on how you can use multiple replicas across Azure regions to increase the geo-resiliency of your application.
 
+> [!TIP]
+> See [best practices](./howto-best-practices.md#building-applications-with-high-resiliency) for building applications with high resiliency.
+
 ## High-availability architecture
 
 The original App Configuration store is also considered a replica, so to realize cross-region redundancy, you need to create at least one new replica in a different region. However, you can choose to create multiple App Configuration replicas in different regions based on your requirements. You may then utilize these replicas in your application in the order of your preference. With this setup, your application has at least one additional replica to fall back on if the primary replica becomes inaccessible.

articles/azure-app-configuration/enable-dynamic-configuration-azure-kubernetes-service.md

@@ -1,21 +1,23 @@
 ---
-title: "Tutorial: Use dynamic configuration in Azure App Configuration Kubernetes Provider | Microsoft Docs"
+title: "Tutorial: Use dynamic configuration in Azure App Configuration Kubernetes Provider"
 description: "In this quickstart, use the Azure App Configuration Kubernetes Provider to dynamically load updated key-values from App Configuration store."
 services: azure-app-configuration
 author: junbchen
 ms.service: azure-app-configuration
 ms.devlang: csharp
 ms.custom: devx-track-csharp
 ms.topic: tutorial
-ms.date: 11/14/2023
+ms.date: 02/16/2024
 ms.author: linglingye
 #Customer intent: As an Azure Kubernetes Service user, I want to manage all my app settings in one place using Azure App Configuration.
 ---
 
 # Tutorial: Use dynamic configuration in Azure Kubernetes Service
 
-If you use Azure Kubernetes Service (AKS), this tutorial will show you how to enable dynamic configuration for your workloads in AKS by leveraging Azure App Configuration and its Kubernetes Provider. The tutorial assumes that you have already worked through the quickstart and have an App Configuration Kubernetes Provider set up, so before proceeding, make sure you have completed the [Use Azure App Configuration in Azure Kubernetes Service](./quickstart-azure-kubernetes-service.md) quickstart.
+If you use Azure Kubernetes Service (AKS), this tutorial shows you how to enable dynamic configuration for your workloads in AKS by leveraging Azure App Configuration and its Kubernetes Provider. The tutorial assumes that you work through the quickstart and have an App Configuration Kubernetes Provider set up, so before proceeding, make sure you complete the [Use Azure App Configuration in Azure Kubernetes Service](./quickstart-azure-kubernetes-service.md) quickstart.
 
+> [!TIP]
+> See [options](./howto-best-practices.md#azure-kubernetes-service-access-to-app-configuration) for workloads hosted in Kubernetes to access Azure App Configuration.
 
 ## Prerequisites
 
@@ -36,7 +38,7 @@ Add the following key-value to your App Configuration store. For more informatio
 
 ## Reload data from App Configuration
 
-1. Open the *appConfigurationProvider.yaml* file located in the *Deployment* directory. Then, add the `refresh` section under the `configuration` property as shown below. It enables configuration refresh by monitoring the sentinel key.
+1. Open the *appConfigurationProvider.yaml* file located in the *Deployment* directory. Then, add the `refresh` section under the `configuration` property. It enables configuration refresh by monitoring the sentinel key.
 
     ```yaml
     apiVersion: azconfig.io/v1
@@ -64,15 +66,15 @@ Add the following key-value to your App Configuration store. For more informatio
     > [!TIP]
     > By default, the Kubernetes provider polls the monitoring key-values every 30 seconds for change detection. However, you can change this behavior by setting the `interval` property of the `refresh`. If you want to reduce the number of requests to your App Configuration store, you can adjust it to a higher value.
 
-1. Open the *deployment.yaml* file in the *Deployment* directory and add the following content to the `spec.containers` section. Your application will load configuration from a volume-mounted file the App Configuration Kubernetes provider generates. By setting this environment variable, your application can [ use polling to monitor changes in mounted files](/dotnet/api/microsoft.extensions.fileproviders.physicalfileprovider.usepollingfilewatcher).
+1. Open the *deployment.yaml* file in the *Deployment* directory and add the following content to the `spec.containers` section. Your application loads configuration from a volume-mounted file the App Configuration Kubernetes provider generates. By setting this environment variable, your application can [ use polling to monitor changes in mounted files](/dotnet/api/microsoft.extensions.fileproviders.physicalfileprovider.usepollingfilewatcher).
 
     ```yaml
     env:
     - name: DOTNET_USE_POLLING_FILE_WATCHER
       value: "true"
     ```
 
-1. Run the following command to deploy the change. Replace the namespace if you are using your existing AKS application.
+1. Run the following command to deploy the change. Replace the namespace if you're using your existing AKS application.
 
    ```console
    kubectl apply -f ./Deployment -n appconfig-demo
@@ -90,7 +92,7 @@ Add the following key-value to your App Configuration store. For more informatio
     | Settings:Message | Hello from Azure App Configuration - now with live updates! |
     | Settings:Sentinel | 2 |
 
-1. After refreshing the browser a few times, you will see the updated content once the ConfigMap is updated in 30 seconds.
+1. After refreshing the browser a few times, you'll see the updated content once the ConfigMap is updated in 30 seconds.
 
     ![Screenshot of the web app with updated values.](./media/quickstarts/kubernetes-provider-app-launch-dynamic-after.png)
 

articles/azure-app-configuration/faq.yml

@@ -3,11 +3,11 @@ metadata:
   title: Azure App Configuration FAQ
   description: Read answers to frequently asked questions (FAQ) about Azure App Configuration, such as how it's different from Azure Key Vault.
   services: azure-app-configuration
-  author: maud-lv
+  author: zhenlan
   ms.service: azure-app-configuration
   ms.topic: faq
-  ms.date: 08/23/2022
-  ms.author: malev
+  ms.date: 02/16/2024
+  ms.author: zhenlwa
   ms.custom: references_regions
 title: Azure App Configuration FAQ
 summary: This article answers frequently asked questions about Azure App Configuration.
@@ -35,7 +35,7 @@ sections:
         answer: |
           Although App Configuration provides hardened security, Key Vault is still the best place for storing application secrets. Key Vault provides hardware-level encryption, granular access policies, and management operations such as certificate rotation.
           
-          You can create App Configuration values that reference secrets stored in Key Vault. For more information, see [Use Key Vault references in an ASP.NET Core app](./use-key-vault-references-dotnet-core.md).
+          You can create App Configuration key-values that reference secrets stored in Key Vault. For more information, see [Use Key Vault references in an ASP.NET Core app](./use-key-vault-references-dotnet-core.md).
           
       - question: Does App Configuration encrypt my data?
         answer: Yes. App Configuration always encrypts all data in transit and at rest. All network communication is over TLS 1.2 or TLS 1.3. App Configuration supports encryption at rest with either [Microsoft-managed keys or customer-managed keys](./concept-customer-managed-keys.md).
@@ -54,6 +54,8 @@ sections:
 
           This limit should be sufficient for a single setting in most applications. If you find that your setting is larger than this limit, you may consider storing your data elsewhere, and [add a reference of that data](./howto-best-practices.md#references-to-external-data) in App Configuration.
 
+          For more information, see [Azure subscription and service limits](/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-app-configuration).
+
       - question: How should I store configurations for multiple environments (test, staging, production, and so on)?
         answer: |
           You control who can access App Configuration at a per-store level. Use a separate store for each environment that requires different permissions. This approach provides the best security isolation.
@@ -77,19 +79,19 @@ sections:
           
       - question: Which App Configuration tier should I use?
         answer: |
-          Both App Configuration tiers offer core functionality, including config settings, feature flags, Key Vault references, basic management operations, metrics, and logs.
+          Both App Configuration tiers offer core functionality, including config settings, feature flags, Key Vault references, configuration snapshots, basic management operations, metrics, and logs.
           
           The following are considerations for choosing a tier.
           
-          - **Resources per subscription**: A resource consists of a single configuration store. Each subscription is limited to one configuration store in the free tier. Subscriptions can have an unlimited number of configuration stores in the standard tier.
-          - **Storage per resource**: In the free tier, each configuration store is limited to 10 MB of storage. In the standard tier, each configuration store can use up to 1 GB of storage.
+          - **Resources per subscription**: A resource consists of a single configuration store. Each subscription is limited to one configuration store per region in the free tier. Subscriptions can have an unlimited number of configuration stores in the standard tier.
+          - **Storage per resource**: In the free tier, each configuration store is limited to 10 MB of regular storage and 10 MB of snapshot storage. In the standard tier, each configuration store can use up to 1 GB of regular storage and an additional 1 GB of snapshot storage.
           - **Revision history**: App Configuration stores a history of all changes made to keys. In the free tier, this history is stored for seven days. In the standard tier, this history is stored for 30 days.
           - **Requests quota**: Free tier stores are limited to 1,000 requests per day. When a store reaches 1,000 requests, it returns HTTP status code 429 for all requests until midnight UTC.
           
               Standard tier stores are limited to 30,000 requests per hour. When the hourly quota is exhausted, requests may return HTTP status code 429 indicating too many requests until end of the hour. As more requests are sent which are above quota, a higher percentage of them may return status code 429. 
           
-          - **Service level agreement**: The standard tier has an SLA of 99.9% availability. The free tier doesn't have an SLA.
-          - **Security features**: Both tiers include basic security functionality, including encryption with Microsoft-managed keys, authentication via HMAC or Azure Active Directory, Azure RBAC support, managed identity, and service tags. The Standard tier offers more advanced security functionality, including Private Link support and encryption with customer-managed keys.
+          - **Service level agreement**: The standard tier has an SLA of 99.9% availability and 99.95% availability with geo-replication enabled. The free tier doesn't have an SLA.
+          - **Features**: Both tiers include functionalities, including encryption with Microsoft-managed keys, authentication via access key or Microsoft Entra ID, Azure role-based access control (RBAC), managed identity, service tags, and availability zone redundancy. The Standard tier offers more functionalities, including Private Link support, encryption with customer-managed keys, soft delete protection, and geo-replication capability.
           - **Cost**: Standard tier stores have a daily usage charge. The first 200,000 requests each day are included in the daily charge. There's also an overage charge for requests past the daily allocation. There's no cost to use a free tier store.
           
       - question: Can I upgrade a store from the Free tier to the Standard tier? Can I downgrade a store from the Standard tier to the Free tier?