Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into afdfreshness1

Author: duongau

articles/azure-cache-for-redis/managed-redis/managed-redis-how-to-scale.md

@@ -37,9 +37,9 @@ There are four tiers of Azure Managed Redis available, each with different perfo
 
 Three tiers are for in-memory data:
 
-- _Memory Optimized_. Ideal for memory-intensive use cases that require a high memory-to-vCPU ratio (1:8) but don't need the highest throughput performance. It provides a lower price point for scenarios where less processing power or throughput is necessary, making it an excellent choice for development and testing environments.
-- _Balanced (Memory + Compute)_. Offers a balanced memory-to-vCPU (1:4) ratio, making it ideal for standard workloads. It provides a healthy balance of memory and compute resources.
-- _Compute Optimized_. Designed for performance-intensive workloads requiring maximum throughput, with a low memory-to-vCPU (1:2) ratio. It's ideal for applications that demand the highest performance.
+- _Memory Optimized_. Ideal for memory-intensive use cases that require a high memory-to-vCPU ratio (8:1) but don't need the highest throughput performance. It provides a lower price point for scenarios where less processing power or throughput is necessary, making it an excellent choice for development and testing environments.
+- _Balanced (Memory + Compute)_. Offers a balanced memory-to-vCPU (4:1) ratio, making it ideal for standard workloads. It provides a healthy balance of memory and compute resources.
+- _Compute Optimized_. Designed for performance-intensive workloads requiring maximum throughput, with a low memory-to-vCPU (2:1) ratio. It's ideal for applications that demand the highest performance.
 
 One tier stores data both in-memory and on-disk:
 

articles/azure-cache-for-redis/managed-redis/managed-redis-overview.md

@@ -48,9 +48,9 @@ There are four tiers of Azure Managed Redis available, each with different perfo
 
 Three tiers are for in-memory data:
 
-- **Memory Optimized** Ideal for memory-intensive use cases that require a high memory-to-vCPU ratio (1:8) but don't need the highest throughput performance. It provides a lower price point for scenarios where less processing power or throughput is necessary, making it an excellent choice for development and testing environments.
-- **Balanced (Memory + Compute)** Offers a balanced memory-to-vCPU (1:4) ratio, making it ideal for standard workloads. This tier provides a healthy balance of memory and compute resources.
-- **Compute Optimized** Designed for performance-intensive workloads requiring maximum throughput, with a low memory-to-vCPU (1:2) ratio. It's ideal for applications that demand the highest performance.
+- **Memory Optimized** Ideal for memory-intensive use cases that require a high memory-to-vCPU ratio (8:1) but don't need the highest throughput performance. It provides a lower price point for scenarios where less processing power or throughput is necessary, making it an excellent choice for development and testing environments.
+- **Balanced (Memory + Compute)** Offers a balanced memory-to-vCPU (4:1) ratio, making it ideal for standard workloads. This tier provides a healthy balance of memory and compute resources.
+- **Compute Optimized** Designed for performance-intensive workloads requiring maximum throughput, with a low memory-to-vCPU (2:1) ratio. It's ideal for applications that demand the highest performance.
 
 One tier stores data both in-memory and on-disk:
 <!--Kyle [umanag] should On-disk section callout the difference from Persistance which uses attached managed disk too -->

articles/sentinel/feature-availability.md

@@ -6,7 +6,7 @@ ms.author: bagol
 ms.topic: feature-availability
 ms.custom: references_regions
 ms.service: microsoft-sentinel
-ms.date: 09/30/2024
+ms.date: 11/07/2024
 
 
 #Customer intent: As a security operations manager, I want to understand the Microsoft Sentinel's feature availability across different Azure environments so that I can effectively plan and manage our security operations.
@@ -17,12 +17,18 @@ ms.date: 09/30/2024
 
 This article describes the features available in Microsoft Sentinel across different Azure environments. Features are listed as GA (generally available), public preview, or shown as not available. 
 
-While Microsoft Sentinel is also available in the [Microsoft Defender portal](microsoft-sentinel-defender-portal.md), this article only covers Azure environments. Microsoft Sentinel within the Microsoft unified security operations platform is currently supported only in the Azure commercial cloud.
-
 > [!NOTE]
 > These lists and tables do not include feature or bundle availability in the Azure Government Secret or Azure Government Top Secret clouds. 
 > For more information about specific availability for air-gapped clouds, please contact your account team.
 
+## Experience in the Defender portal 
+
+Microsoft Sentinel is also available in the [Microsoft Defender portal](microsoft-sentinel-defender-portal.md) as Microsoft's unified security operations (SecOps) platform. In the Defender portal, all features in general availability are available in both commercial and GCC High and DoD clouds. Features still in preview are available only in the commercial cloud.
+
+While [attack disruption in the Defender portal](/defender-xdr/automatic-attack-disruption) is generally available, [SAP support for attack disruption](/defender-xdr/automatic-attack-disruption#automated-response-actions-for-sap-with-microsoft-sentinel) with Microsoft's unified SecOps platform is available only in the commercial cloud.
+
+For more information, see [Microsoft Defender XDR for US Government customers](/defender-xdr/usgov).
+
 ## Analytics		
 
 |Feature  |Feature stage |Azure commercial  |Azure Government |Azure China 21Vianet  |

articles/storage/common/storage-network-security.md

@@ -6,7 +6,7 @@ author: normesta
 ms.service: azure-storage
 ms.subservice: storage-common-concepts
 ms.topic: how-to
-ms.date: 11/06/2024
+ms.date: 11/19/2024
 ms.author: normesta
 ms.reviewer: santoshc
 ms.custom: devx-track-azurepowershell, devx-track-azurecli, build-2023, engagement
@@ -103,7 +103,7 @@ This preview doesn't support the following services, operations, and protocols o
 - [Lifecycle management](../blobs/lifecycle-management-overview.md) for Azure Blob Storage
 - [SSH File transfer protocol (SFTP)](../blobs/secure-file-transfer-protocol-support.md) over Azure Blob Storage
 - Network file system (NFS) protocol with [Azure Blob Storage](../blobs/network-file-system-protocol-support.md) and [Azure Files](../files/files-nfs-protocol.md).
-- Server message block (SMB) protocol with Azure Files can only be achieved thru IP allowlisting at this time.
+- Server message block (SMB) protocol with Azure Files can only be achieved through IP allowlisting at this time.
 - [Azure Blob Inventory](../blobs/blob-inventory.md)
 
 We recommend you don't enable Network Security Perimeter if you need to use any of these services, operations, or protocols. This is to prevent any potential data loss or data exfiltration risk.
@@ -152,19 +152,13 @@ You must set the default rule to **deny**, or network rules have no effect. Howe
 
 2. In the service menu, under **Security + networking**, select **Networking**.
 
-3. Under **Public network access**, select **Manage**.
+3. Choose what network access is enabled through the storage account's public endpoint:
 
-4. Choose what network access is enabled through the storage account's public endpoint:
+   - Select either **Enabled from all networks** or **Enabled from selected virtual networks and IP addresses**. If you select the second option, you'll be prompted to add virtual networks and IP address ranges.
 
-   - To allow inbound and outbound access with the option to restrict inbound access to specific virtual networks and IP addresses, select **Enable**. Then select either **Enable from all networks** or **Enable from selected networks**. If you select the second option, you'll be prompted to save and configure your settings. Select **Save + Configure**, and you'll be directed to the resource settings page to add virtual networks and IP addresses.
+   - To restrict inbound access while allowing outbound access, select **Disabled**.
 
-   - To restrict inbound access while allowing outbound access, select **Disable**.
-
-   - To restrict inbound and outbound access using a Network Security Perimeter, select **Secure by perimeter**.
-
-5. Select **Save** to apply your changes.
-
-6. If you selected **Secure by perimeter**, then you'll need to [associate a network perimeter](#associate-a-network-security-perimeter-with-a-storage-account) with your storage account.
+4. Select **Save** to apply your changes.
 
 <a id="powershell"></a>
 
@@ -218,9 +212,6 @@ You must set the default rule to **deny**, or network rules have no effect. Howe
 
 ---
 
-> [!CAUTION]
-> By design, access to a storage account from trusted services takes the highest precedence over other network access restrictions. If you set **Public network access** to **Disabled** after previously setting it to **Enabled from selected virtual networks and IP addresses**, any [resource instances](#grant-access-from-azure-resource-instances) and [exceptions](#manage-exceptions) that you previously configured, including [Allow Azure services on the trusted services list to access this storage account](#grant-access-to-trusted-azure-services), will remain in effect. As a result, those resources and services might still have access to the storage account.
-
 ## Grant access from a virtual network
 
 You can configure storage accounts to allow access only from specific subnets. The allowed subnets can belong to a virtual network in the same subscription or a different subscription, including those that belong to a different Microsoft Entra tenant. With [cross-region service endpoints](#azure-storage-cross-region-service-endpoints), the allowed subnets can also be in different regions from the storage account.
@@ -264,19 +255,13 @@ If you want to enable access to your storage account from a virtual network or s
 
 2. In the service menu, under **Security + networking**, select **Networking**.
 
-3. Check that you've chosen to enable public network access from selected networks. Under **Resource settings**, select **Manage**. If you haven't enabled public network access from selected networks, then resource settings won't be in effect, and the **Manage** option won't be available.
+3. Check that you've chosen to enable public network access from selected virtual networks and IP addresses.
 
-4. To allow select virtual networks to connect to your storage account using service endpoints, select **+ Add a virtual network**. Then select either **Add existing virtual network** or **Add new virtual network**.
+4. To grant access to a virtual network by using a new network rule, under **Virtual networks**, select **Add existing virtual network**. Select the **Virtual networks** and **Subnets** options, and then select **Add**. To create a new virtual network and grant it access, select **Add new virtual network**. Provide the necessary information to create the new virtual network, and then select **Create**. Currently, only virtual networks that belong to the same Microsoft Entra tenant appear for selection during rule creation. To grant access to a subnet in a virtual network that belongs to another tenant, use PowerShell, the Azure CLI, or REST API.
 
-5. To add an existing virtual network, select the subscription, virtual network, and subnets, and then select **Add**. Currently, only virtual networks that belong to the same Microsoft Entra tenant appear for selection during rule creation. To grant access to a subnet in a virtual network that belongs to another tenant, use PowerShell, the Azure CLI, or REST APIs.
+5. To remove a virtual network or subnet rule, select the ellipsis (**...**) to open the context menu for the virtual network or subnet, and then select **Remove**.
 
-6. To create a new virtual network and subnet and grant it access, provide the necessary information and then select **Create**.
-
-7. Add any IP addresses that you want to be able to access your storage account.
-
-8. Check any of the exception boxes that apply to your use case.
-
-9. Select **Save** to apply your changes.
+6. Select **Save** to apply your changes.
 
 > [!IMPORTANT]
 > If you delete a subnet that's included in a network rule, it will be removed from the network rules for the storage account. If you create a new subnet by the same name, it won't have access to the storage account. To allow access, you must explicitly authorize the new subnet in the network rules for the storage account.
@@ -390,9 +375,9 @@ You can manage IP network rules for storage accounts through the Azure portal, P
 
 2. In the service menu, under **Security + networking**, select **Networking**.
 
-3. Check that you've chosen to enable public network access from selected networks. Under **Resource settings**, select **Manage**. If you haven't enabled public network access from selected networks, then resource settings won't be in effect, and the **Manage** option won't be available.
+3. Check that you've chosen to enable public network access from selected virtual networks and IP addresses.
 
-4. To grant access to an internet IP range, enter the IP address or address range (in CIDR format) under **IP Addresses**.
+4. To grant access to an internet IP range, enter the IP address or address range (in CIDR format) under **Firewall** > **Address Range**.
 
 5. To remove an IP network rule, select the delete icon (:::image type="icon" source="media/storage-network-security/delete-icon.png":::) next to the address range.
 
@@ -472,7 +457,7 @@ You can manage IP network rules for storage accounts through the Azure portal, P
 
 ## Grant access from Azure resource instances
 
-In some cases, an application might depend on Azure resources that can't be isolated through a virtual network or an IP address rule. But you still want to secure and restrict storage account access to only your application's Azure resources. You can configure storage accounts to allow access to specific resource instances of trusted Azure services by creating a resource instance rule. This will specify resource instances that will have access to your storage account based on their system-assigned managed identity.
+In some cases, an application might depend on Azure resources that can't be isolated through a virtual network or an IP address rule. But you still want to secure and restrict storage account access to only your application's Azure resources. You can configure storage accounts to allow access to specific resource instances of trusted Azure services by creating a resource instance rule.
 
 The Azure role assignments of the resource instance determine the types of operations that a resource instance can perform on storage account data. Resource instances must be from the same tenant as your storage account, but they can belong to any subscription in the tenant.
 
@@ -486,7 +471,7 @@ You can add or remove resource network rules in the Azure portal:
 
 3. In the service menu, under **Security + networking**, select **Networking**.
 
-4. Check that you've chosen to enable public network access from selected networks. Under **Resource settings**, select **Manage**. If you haven't enabled public network access from selected networks, then resource settings won't be in effect, and the **Manage** option won't be available.
+4. Check that you've chosen to enable public network access from selected virtual networks and IP addresses.
 
 5. Scroll down to find **Resource instances**. In the **Resource type** dropdown list, select the resource type of your resource instance.
 
@@ -708,7 +693,7 @@ To learn more about working with storage analytics, see [Use Azure Storage analy
 
 2. In the service menu, under **Security + networking**, select **Networking**.
 
-3. Check that you've chosen to enable public network access from selected networks. Under **Resource settings**, select **Manage**. If you haven't enabled public network access from selected networks, then resource settings won't be in effect, and the **Manage** option won't be available.
+3. Check that you've chosen to enable public network access from selected virtual networks and IP addresses.
 
 4. Under **Exceptions**, select the exceptions that you want to grant.
 
@@ -762,5 +747,5 @@ To learn more about working with storage analytics, see [Use Azure Storage analy
 
 ## Next steps
 
-Learn more about [Azure network service endpoints](../../virtual-network/virtual-network-service-endpoints-overview.md).
-Dig deeper into [security recommendations for Azure Blob storage](../blobs/security-recommendations.md).
+- Learn more about [Azure network service endpoints](../../virtual-network/virtual-network-service-endpoints-overview.md).
+- Dig deeper into [security recommendations for Azure Blob storage](../blobs/security-recommendations.md).

articles/virtual-desktop/compare-remote-desktop-clients.md

@@ -5,7 +5,7 @@ ms.topic: concept-article
 zone_pivot_groups: remote-desktop-clients
 author: dknappettmsft
 ms.author: daknappe
-ms.date: 10/08/2024
+ms.date: 11/19/2024
 ---
 
 # Compare Remote Desktop app features across platforms and devices
@@ -520,7 +520,7 @@ The following table shows which credential types are available for each platform
 ::: zone-end
 
 ::: zone pivot="azure-virtual-desktop,windows-365,dev-box"
-1. Available in preview. Requires macOS client version 10.9.8 or later. Requires iOS client version 10.5.9 or later. For more information, see [Support for FIDO2 authentication with Microsoft Entra ID](/entra/identity/authentication/concept-fido2-compatibility#native-application-support-with-authentication-broker-preview).
+1. Requires macOS client version 10.9.8 or later. Requires iOS client version 10.5.9 or later. For more information, see [Support for FIDO2 authentication with Microsoft Entra ID](/entra/identity/authentication/concept-fido2-compatibility#native-application-support).
 1. Available when using a web browser on a local Windows device only.
 
 ### Remote session authentication

articles/virtual-desktop/deploy-azure-virtual-desktop.md

@@ -18,7 +18,7 @@ ms.date: 10/18/2024
 >
 > - Azure Virtual Desktop on Azure Extended Zones.
 >
-> - Managing session hosts using a session host configuration. This limited preview is provided as-is, with all faults and as available, and is excluded from the service-level agreements (SLAs) or any limited warranties Microsoft provides for Azure services in general availability. To register for the limited preview, complete this form: [https://forms.office.com/r/ZziQRGR1Lz](https://forms.office.com/r/ZziQRGR1Lz).
+> - Host pools with a session host configuration.
 >
 > For legal terms that apply to Azure features that are in beta, in preview, or otherwise not yet released into general availability, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 

articles/virtual-desktop/host-pool-management-approaches.md

@@ -10,9 +10,7 @@ ms.date: 10/01/2024
 # Host pool management approaches for Azure Virtual Desktop
 
 > [!IMPORTANT]
-> Host pools with a session host configuration for Azure Virtual Desktop are currently in PREVIEW.  This preview is provided as-is, with all faults and as available, and are excluded from the service-level agreements (SLAs) or any limited warranties Microsoft provides for Azure services in general availability. To register for the limited preview, complete this form: [https://forms.office.com/r/ZziQRGR1Lz](https://forms.office.com/r/ZziQRGR1Lz).
->
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+> Host pools with a session host configuration for Azure Virtual Desktop are currently in PREVIEW. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 
 Host pools are logical groupings of session host virtual machines that have the same configuration and serve the same workload. You can choose one of two host pool management approaches, *standard* and using a *session host configuration* (preview). In this article, you learn about each management approach and the differences between them to help you decide which one to use.