Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into patricka-m3-dataflow

Author: PatAltimore

.openpublishing.redirection.json

@@ -1,5 +1,105 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/lab-services/class-type-adobe-creative-cloud.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-adobe-creative-cloud",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-arcgis.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-arcgis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-autodesk.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-autodesk",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-big-data-analytics.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-big-data-analytics",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-database-management.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-database-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-deep-learning-natural-language-processing.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-deep-learning-natural-language-processing",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-ethical-hacking.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-ethical-hacking",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-matlab.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-matlab",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-jupyter-notebook.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-jupyter-notebook",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-networking-gns3.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-networking-gns3",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-pltw.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-pltw",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-react-linux.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-react-linux",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-react-windows.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-react-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-rstudio-linux.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-rstudio-linux",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-rstudio-windows.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-rstudio-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-shell-scripting-linux.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-shell-scripting-linux",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-solidworks.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-solidworks",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-type-sql-server.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-type-sql-server",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/class-types.md",
+      "redirect_url": "/previous-versions/azure/lab-services/class-types",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/how-to-create-lab-accounts.md",
+      "redirect_url": "/previous-versions/azure/lab-services/how-to-create-lab-accounts",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/devtest-labs/devtest-lab-integrate-ci-cd.md",
       "redirect_url": "/previous-versions/azure/devtest-labs/devtest-lab-integrate-ci-cd",
@@ -3330,6 +3430,11 @@
       "redirect_url": "/azure/vpn-gateway/add-remove-site-to-site-connections",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal.md",
+      "redirect_url": "/azure/vpn-gateway/point-to-site-certificate-gateway",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/vpn-gateway/vpn-gateway-howto-openvpn-clients.md",
       "redirect_url": "/azure/vpn-gateway/point-to-site-vpn-client-cert-windows",

articles/app-service/configure-gateway-required-vnet-integration.md

@@ -35,9 +35,9 @@ You can't use gateway-required virtual network integration:
 
 To create a gateway:
 
-1. [Create the VPN gateway and subnet](../vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal.md#creategw). Select a route-based VPN type.
+1. [Create the VPN gateway and subnet](../vpn-gateway/point-to-site-certificate-gateway.md#creategw). Select a route-based VPN type.
 
-1. [Set the point-to-site addresses](../vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal.md#addresspool). If the gateway isn't in the basic SKU, then IKEV2 must be disabled in the point-to-site configuration and SSTP must be selected. The point-to-site address space must be in the RFC 1918 address blocks 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.
+1. [Set the point-to-site addresses](../vpn-gateway/point-to-site-certificate-gateway.md#addresspool). If the gateway isn't in the basic SKU, then IKEV2 must be disabled in the point-to-site configuration and SSTP must be selected. The point-to-site address space must be in the RFC 1918 address blocks 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.
 
 If you create the gateway for use with gateway-required virtual network integration, you don't need to upload a certificate. Creating the gateway can take 30 minutes. You won't be able to integrate your app with your virtual network until the gateway is created.
 

articles/app-service/configure-vnet-integration-routing.md

@@ -17,7 +17,7 @@ Your app is already integrated using the regional virtual network integration fe
 
 ## Configure application routing
 
-Application routing defines what traffic is routed from your app and into the virtual network. We recommend that you use the `vnetRouteAllEnabled` site setting to enable routing of all traffic. Using the configuration setting allows you to audit the behavior with [a built-in policy](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F33228571-70a4-4fa1-8ca1-26d0aba8d6ef). The existing `WEBSITE_VNET_ROUTE_ALL` app setting can still be used, and you can enable all traffic routing with either setting.
+Application routing defines what traffic is routed from your app and into the virtual network. We recommend that you use the `vnetRouteAllEnabled` site setting to enable routing of all traffic. Using the configuration setting allows you to audit the behavior with [a built-in policy](https://portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ff5c0bfb3-acea-47b1-b477-b0edcdf6edc1). The existing `WEBSITE_VNET_ROUTE_ALL` app setting can still be used, and you can enable all traffic routing with either setting.
 
 ### Configure in the Azure portal
 
@@ -75,4 +75,4 @@ az resource update --resource-group <group-name> --name <app-name> --resource-ty
 ## Next steps
 
 - [Enable virtual network integration](./configure-vnet-integration-enable.md)
-- [General networking overview](./networking-features.md)
+- [General networking overview](./networking-features.md)

articles/azure-government/azure-secure-isolation-guidance.md

@@ -576,7 +576,7 @@ TLS provides strong authentication, message privacy, and integrity. [Perfect For
 **In-transit encryption for VMs** –  Remote sessions to Windows and Linux VMs deployed in Azure can be conducted over protocols that ensure data encryption in transit. For example, the [Remote Desktop Protocol (RDP)](/windows/win32/termserv/remote-desktop-protocol) initiated from your client computer to Windows and Linux VMs enables TLS protection for data in transit. You can also use [Secure Shell](/azure/virtual-machines/linux/ssh-from-windows) (SSH) to connect to Linux VMs running in Azure. SSH is an encrypted connection protocol available by default for remote management of Linux VMs hosted in Azure.
 
 > [!IMPORTANT]
-> You should review best practices for network security, including guidance for **[disabling RDP/SSH access to Virtual Machines](../security/fundamentals/network-best-practices.md#disable-rdpssh-access-to-virtual-machines)** from the Internet to mitigate brute force attacks to gain access to Azure Virtual Machines. Accessing VMs for remote management can then be accomplished via **[point-to-site VPN](../vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal.md)**, **[site-to-site VPN](../vpn-gateway/tutorial-site-to-site-portal.md)**, or **[Azure ExpressRoute](../expressroute/expressroute-howto-linkvnet-portal-resource-manager.md)**.
+> You should review best practices for network security, including guidance for **[disabling RDP/SSH access to Virtual Machines](../security/fundamentals/network-best-practices.md#disable-rdpssh-access-to-virtual-machines)** from the Internet to mitigate brute force attacks to gain access to Azure Virtual Machines. Accessing VMs for remote management can then be accomplished via **[point-to-site VPN](../vpn-gateway/point-to-site-about.md)**, **[site-to-site VPN](../vpn-gateway/tutorial-site-to-site-portal.md)**, or **[Azure ExpressRoute](../expressroute/expressroute-howto-linkvnet-portal-resource-manager.md)**.
 
 **Azure Storage transactions** –  When interacting with Azure Storage through the Azure portal, all transactions take place over HTTPS. Moreover, you can configure your storage accounts to accept requests only from secure connections by setting the “[secure transfer required](../storage/common/storage-require-secure-transfer.md)” property for the storage account. The “secure transfer required” option is enabled by default when creating a Storage account in the Azure portal.
 
@@ -586,7 +586,7 @@ TLS provides strong authentication, message privacy, and integrity. [Perfect For
 **VPN encryption** – [Virtual Network](../virtual-network/virtual-networks-overview.md) (VNet) provides a means for Azure Virtual Machines (VMs) to act as part of your internal (on-premises) network. With VNet, you choose the address ranges of non-globally-routable IP addresses to be assigned to the VMs so that they won't collide with addresses you're using elsewhere. You have options to securely connect to a VNet from your on-premises infrastructure or remote locations.
 
 - **Site-to-Site** (IPsec/IKE VPN tunnel) – A cryptographically protected “tunnel” is established between Azure and your internal network, allowing an Azure VM to connect to your back-end resources as though it was directly on that network. This type of connection requires a [VPN device](../vpn-gateway/vpn-gateway-vpn-faq.md#s2s) located on-premises that has an externally facing public IP address assigned to it. You can use Azure [VPN Gateway](../vpn-gateway/vpn-gateway-about-vpngateways.md) to send encrypted traffic between your VNet and your on-premises infrastructure across the public Internet, for example, a [site-to-site VPN](../vpn-gateway/tutorial-site-to-site-portal.md) relies on IPsec for transport encryption. VPN Gateway supports many encryption algorithms that are FIPS 140 validated. Moreover, you can configure VPN Gateway to use [custom IPsec/IKE policy](../vpn-gateway/vpn-gateway-about-compliance-crypto.md) with specific cryptographic algorithms and key strengths instead of relying on the default Azure policies. IPsec encrypts data at the IP level (Network Layer 3).
-- **Point-to-Site** (VPN over SSTP, OpenVPN, and IPsec) – A secure connection is established from your individual client computer to your VNet using Secure Socket Tunneling Protocol (SSTP), OpenVPN, or IPsec. As part of the [Point-to-Site VPN](../vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal.md) configuration, you need to install a certificate and a VPN client configuration package, which allow the client computer to connect to any VM within the VNet. [Point-to-Site VPN](../vpn-gateway/point-to-site-about.md) connections don't require a VPN device or a public facing IP address.
+- **Point-to-Site** (VPN over SSTP, OpenVPN, and IPsec) – A secure connection is established from your individual client computer to your VNet using Secure Socket Tunneling Protocol (SSTP), OpenVPN, or IPsec. As part of the [Point-to-Site VPN](../vpn-gateway/point-to-site-certificate-gateway.md) configuration, you need to install a certificate and a VPN client configuration package, which allow the client computer to connect to any VM within the VNet. [Point-to-Site VPN](../vpn-gateway/point-to-site-about.md) connections don't require a VPN device or a public facing IP address.
 
 In addition to controlling the type of algorithm that is supported for VPN connections, Azure provides you with the ability to enforce that all traffic leaving a VNet may only be routed through a VNet Gateway (for example, Azure VPN Gateway). This enforcement allows you to ensure that traffic may not leave a VNet without being encrypted. A VPN Gateway can be used for [VNet-to-VNet](../vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal.md) connections while also providing a secure tunnel with IPsec/IKE. Azure VPN uses [Pre-Shared Key (PSK) authentication](../vpn-gateway/vpn-gateway-vpn-faq.md#how-is-my-vpn-tunnel-authenticated) whereby Microsoft generates the PSK when the VPN tunnel is created. You can change the autogenerated PSK to your own.
 

articles/cloud-shell/faq-troubleshooting.md

@@ -1,6 +1,6 @@
 ---
 description: This article answers common questions and explains how to troubleshoot Cloud Shell issues.
-ms.date: 08/29/2024
+ms.date: 11/04/2024
 ms.topic: troubleshooting
 tags: azure-resource-manager
 ms.custom: has-azure-ad-ps-ref
@@ -125,7 +125,7 @@ command that requires elevated permissions.
 
 - **Details**: Cloud Shell uses Azure Relay for terminal connections. Cloud Shell can fail to
   request a terminal due to DNS resolution problems. This failure can be caused when you launch a
-  Cloud Shell session from a host in a network that has a private DNS Zone for the servicebus
+  Cloud Shell session from a host in a network that has a private DNS Zone for the `servicebus`
   domain. This error can also occur if you're using a private on-premises DNS server.
 
 - **Resolution**: You can add a DNS record for the Azure Relay instance that Cloud Shell uses.
@@ -189,6 +189,27 @@ command that requires elevated permissions.
   Alternately, you can deploy your own private Cloud Shell instance. For more information, see
   [Deploy Cloud Shell in a virtual network][01].
 
+### Terminal output - Sorry, your Cloud Shell failed to provision: {"code":"TenantDisabled" ...}
+
+
+- **Details**: In rare cases, Azure might flag out-of-the-ordinary resource consumption based in
+  from Cloud Shell as fraudulent activity. When this occurs, Azure disables Cloud Shell at the
+  tenant level and you see the following error message:
+
+  > Sorry, your Cloud Shell failed to provision: {"code":"TenantDisabled","message":"Cloud Shell has
+  > been disabled in directory<>."} Please refresh the page.
+
+  There can be legitimate use cases where CPU usage in your Azure Cloud Shell instance exceeds the
+  thresholds that trigger fraud prevention and block your tenant. Large AZCopy jobs could be the
+  cause this event. The Microsoft Azure engineering team can help to figure out why the tenant was
+  disabled and re-enable it.
+
+- **Resolution**: To investigate the cause and re-enable Cloud Shell for your tenant, open a new
+  Azure support request. Include the following details:
+
+  1. Tenant ID
+  2. The business justification and a description of how you use Cloud Shell.
+
 ## Managing Cloud Shell
 
 ### Manage personal data

articles/communication-services/how-tos/ui-library-sdk/includes/theming/android.md

@@ -8,8 +8,6 @@ ms.topic: include
 ms.service: azure-communication-services
 ---
 
-[!INCLUDE [Public Preview Notice](../../../../includes/public-preview-include.md)]
-
 For more information, see the [open-source Android UI Library](https://github.com/Azure/communication-ui-library-android) and the [sample application code](https://github.com/Azure-Samples/communication-services-android-quickstarts/tree/main/ui-calling).
 
 ### Defining a theme

articles/communication-services/how-tos/ui-library-sdk/includes/theming/ios.md

@@ -8,8 +8,6 @@ ms.topic: include
 ms.service: azure-communication-services
 ---
 
-[!INCLUDE [Public Preview Notice](../../../../includes/public-preview-include.md)]
-
 For more information, see the [open-source iOS UI Library](https://github.com/Azure/communication-ui-library-ios) and the [sample application code](https://github.com/Azure-Samples/communication-services-ios-quickstarts/tree/main/ui-calling).
 
 ### Defining a theme