Merge pull request #303106 from MicrosoftDocs/main

Auto Publish – main to live - 2025-07-22 17:00 UTC

Author: learn-build-service-prod[bot]

articles/automation/manage-runtime-environment.md

@@ -313,7 +313,7 @@ PATCH
 https://management.azure.com/subscriptions/<subscriptionId>/resourceGroups/<resourceGroup>/providers/Microsoft.Automation/automationAccounts/<accountName>/runbooks/<runbookName>?api-version=2024-10-23
 { 
   "properties": { 
-    "type": "PowerShell" 
+    "type": "PowerShell",
     "runtimeEnvironment": "<runtimeEnvironmentName>" 
   } 
 } 

articles/azure-functions/function-keys-how-to.md

@@ -5,7 +5,7 @@ services: azure-netapp-files
 author: b-ahibbard
 ms.service: azure-netapp-files
 ms.topic: how-to
-ms.date: 06/06/2025
+ms.date: 07/22/2025
 ms.author: anfdocs
 ms.custom:
   - build-2025
@@ -69,8 +69,11 @@ There are several considerations to be aware of when using cool access.
 
 ### Considerations for cross-region and cross-zone replication 
 
-* With [cross-region](cross-region-replication-introduction.md) and [cross-zone](cross-zone-replication-introduction.md) replication, the cool access setting on the destination volume is updated automatically to match the source volume. This update occurs whenever the setting is changed on the source volume or during authorization. The setting is also updated automatically when a reverse resync of the replication is performed, but only if the destination volume is in a cool access-enabled capacity pool. Changes to the cool access setting on the destination volume don't affect the setting on the source volume.
-* In a cross-region or cross-zone replication configuration, you can enable cool access exclusively for destination volumes to enhance data protection and create cost savings without affecting latency in source volumes.
+* In a [cross-region](cross-region-replication-introduction.md) or [cross-zone](cross-zone-replication-introduction.md) replication configuration, you can enable cool access exclusively for destination volumes to enhance data protection and create cost savings without affecting latency in source volumes.
+* When you enable cool access on a source volume with cross-region and cross-zone replication, the cool access settings are automatically propagated to the destination volume. These settings include the enablement of cool access, the retrieval policy, and the coolness period. 
+    * Settings are only propagated between the source and destination volumes at enablement.
+* After you enable cool access, changes are not propagated between source and destination volumes. If you update the retention policy or coolness period or disable cool access on the source volume, those changes are _not_ propagated to the destination. If you apply any of those changes to the destination volume, those settings aren't applied to the source volume. 
+* If you enable cool access on the destination volume, the cool access settings are not propagated to the source volume. 
 
 ### Considerations for snapshot restore
 

articles/azure-functions/functions-app-settings.md

@@ -2,7 +2,7 @@
 title: Back up Hyper-V virtual machines with MABS
 description: This article contains the procedures for backing up and recovery of virtual machines using Microsoft Azure Backup Server (MABS).
 ms.topic: how-to
-ms.date: 12/23/2024
+ms.date: 07/22/2025
 ms.service: azure-backup
 ms.custom: engagement-fy24
 author: AbhishekMallick-MS
@@ -149,7 +149,7 @@ To open the Recovery Wizard and recover a virtual machine, follow these steps:
     - **Recover as virtual machine to any host**: MABS supports alternate location recovery (ALR), which provides a seamless recovery of a protected Hyper-V virtual machine to a different Hyper-V host, independent of processor architecture. Hyper-V virtual machines that are recovered to a cluster node won't be highly available. If you choose this option, the Recovery Wizard presents you with an additional screen for identifying the destination and destination path.
 
         >[!NOTE]
-        >If you select the original host the behavior is the same as **Recover to original instance**. The original VHD and all associated checkpoints will be deleted.
+        >If you select the original standalone Hyper-V host or the original Hyper-V cluster and restore to any node of the cluster the behavior is the same as Recover to original instance. The original Virtual Machine and all associated checkpoints are deleted.
 
     - **Copy to a network folder**: MABS supports item-level recovery (ILR), which allows you to do item-level recovery of files, folders, volumes, and virtual hard disks (VHDs) from a host-level backup of Hyper-V virtual machines to a network share or a volume on a MABS protected server. The MABS protection agent doesn't have to be installed inside the guest to perform item-level recovery. If you choose this option, the Recovery Wizard presents you with an additional screen for identifying the destination and destination path.
 

articles/azure-functions/storage-considerations.md

@@ -68,6 +68,36 @@ To successfully create a data connection, you must first ensure that you've comp
 
 1. Expand the **Log Analytics agent instructions** section to view your workspace ID and primary key. These values are used to set up your data connection.
 
+> [!NOTE] 
+> The **HTTP Data Collector API**, currently used by the **Defender EASM Log Analytics Data Connector**, will be **deprecated on September 14, 2026**.
+>
+> All new Log Analytics Data Connectors will use the **Logs Ingestion API**, which requires additional permission configurations as outlined below.
+
+
+### Configure Resource Group Role Assignments
+
+1. On the leftmost pane, select **Overview** and navigate to the **Resource group** under **Essentials** on the main pane. 
+1. Open the Resource group that contains the Log Analytics workspace.
+1. On the leftmost pane, select **Access control (IAM)**.
+1. Search and select the **Reader** role.
+1. Search and select the **EASM API** as the member for the role assignment. 
+![Screenshot that shows Members for role assignments, specifically the EASM API app.](media/data-connections/add-role-assignment.png)
+1. Be sure the Assignment type is **Permanent** and then click **Review + assign**.
+1. Repeat this and add the **Monitoring Contributor**, **Log Analytics Contributor**, and the **Monitoring Metrics Publisher** roles for the **EASM API** app.
+
+> [!NOTE] 
+> The role assignments for the **EASM API** may take a few minutes to be assigned after. After configuring the assignments, please wait for a few minutes to create a new data connection.
+
+### Configure Subscription Resource Providers
+
+1. Open the Subscription that contains the Resource Group and Log Analytics workspace.
+1. On the leftmost pane, under **Settings** select **Resource Providers**.
+1. Search for **microsoft.insights** and register the provider.
+    ![Screenshot that shows Resource providers, specifically microsoft.insights.](media/data-connections/register-resource-provider.png)
+
+> [!NOTE] 
+> Using the new Log Analytics API, the Defender EASM resource and Log Analytics workspace that will ingest your Defender EASM data **must be in the same tenant**.
+
 Use of this data connection is subject to the pricing structure of Log Analytics. For more information, see [Azure Monitor pricing](https://azure.microsoft.com/pricing/details/monitor/).
 
 ## Configure Azure Data Explorer permissions
@@ -104,12 +134,14 @@ A configuration pane opens on the right side of the **Data Connections** page. T
 
 - **Name**: Enter a name for this data connection.
 - **Workspace ID**: Enter the workspace ID for the Log Analytics instance where you want to export Defender EASM data.
-- **API key**: Enter the API key for the Log Analytics instance.
 - **Content**: Select to integrate asset data, attack surface insights, or both datasets.
 - **Frequency**: Select the frequency that the Defender EASM connection uses to send updated data to the tool of your choice. Available options are daily, weekly, and monthly.
 
    ![Screenshot that shows the Add data connection screen for Log Analytics.](media/data-connections/data-connector-11.png)
 
+> [!NOTE]
+> All new data connections will use the Log Analytics API and **will not** use an API key.
+
 
 ### Azure Data Explorer