Merge pull request #296349 from MicrosoftDocs/repo_sync_working_branch

Albertyang0 · web-flow · commit 52774741a39f · 2025-03-14T09:57:57.000-07:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/event-hubs/includes/event-hubs-tier-limits.md b/articles/event-hubs/includes/event-hubs-tier-limits.md
@@ -22,7 +22,7 @@ The following table shows limits that are different for Basic, Standard, Premium
 | Maximum size of Event Hubs publication | 256 KB | 1 MB | 1 MB | 1 MB |
 | Number of consumer groups per event hub | 1 | 20 | 100 | 1,000<br/>No limit per CU |
 | Number of Kafka consumer groups per namespace | NA | 1,000 | 1,000 | 1,000 |
-| Number of brokered connections per namespace | 100 | 5,000 | 10,000 per PU<br/><br/>For example, if the namespace is assigned 3 PUs, the limit is 30,000. | 100,000 per CU |
+| Number of brokered connections per namespace | 100 | 5,000 | 10,000 per PU<br/><br/>For example, if the namespace is assigned 4 PUs, the limit is 40,000. | 100,000 per CU |
 | Maximum retention period of event data | 1 day | 7 days | 90 days | 90 days |
 | Event storage for retention | 84 GB per TU | 84 GB per TU | 1 TB per PU | 10 TB per CU | 
 | Maximum TUs or PUs or CUs | 40 TUs | 40 TUs | 16 PUs | 20 CUs |
diff --git a/articles/firewall/firewall-sftp.md b/articles/firewall/firewall-sftp.md
@@ -108,22 +108,6 @@ $firewall = New-AzFirewall `
     -PublicIpAddress $pip `
     -FirewallPolicyId $policy.id
 
-# Create the route table
-$routeTableDG = New-AzRouteTable `
-  -Name Firewall-rt-table `
-  -ResourceGroupName "$rg" `
-  -location $location `
-  -DisableBgpRoutePropagation
-
-# Add the default route
-Add-AzRouteConfig `
-  -Name "DG-Route" `
-  -RouteTable $routeTableDG `
-  -AddressPrefix 0.0.0.0/0 `
-  -NextHopType "VirtualAppliance" `
-  -NextHopIpAddress $pip.ipaddress `
- | Set-AzRouteTable
-
 ```
 
 ## Create a storage account and container
diff --git a/articles/firewall/snat-private-range.md b/articles/firewall/snat-private-range.md
@@ -17,7 +17,7 @@ Azure Firewall provides SNAT capability for all outbound traffic to public IP ad
 This logic works well when you route traffic directly to the Internet. However, there are scenarios where you may want to override the default SNAT behavior.
 
 - If you've enabled [forced tunneling](forced-tunneling.md), Internet-bound traffic is SNATed to one of the firewall private IP addresses in AzureFirewallSubnet, hiding the source from your on-premises firewall.
-- If your organization uses registered IP address ranges outside of IANA RFC 1918 or IANA RFC 6598 for private networks, Azure Firewall SNATs the traffic to one of the firewall private IP addresses in AzureFirewallSubnet. However, you can configure Azure Firewall to **not** SNAT your public IP address range. For example, to specify an individual IP address you can specify it like this: `192.168.1.10`. To specify a range of IP addresses, you can specify it like this: `192.168.1.0/24`.
+- If your organization uses registered IP address ranges outside of IANA RFC 1918 or IANA RFC 6598 for private networks, Azure Firewall SNATs the traffic to one of the firewall private IP addresses in AzureFirewallSubnet. However, you can configure Azure Firewall to **not** SNAT your public IP address range. For example, to specify an individual IP address you can specify it as a single IP address `x.x.x.x`. To specify a range of IP addresses, you can specify it like this: `x.x.x.x/24`.
 
 Azure Firewall SNAT behavior can be changed in the following ways:
 
diff --git a/articles/hdinsight/disk-encryption.md b/articles/hdinsight/disk-encryption.md
@@ -22,7 +22,7 @@ HDInsight supports multiple types of encryption in two different layers:
 
 - Server Side Encryption (SSE) - SSE is performed by the storage service. In HDInsight, SSE is used to encrypt OS disks and data disks. It is enabled by default. SSE is a layer 1 encryption service.
 - Encryption at host using platform-managed key - Similar to SSE, this type of encryption is performed by the storage service. However, it is only for temporary disks and is not enabled by default. Encryption at host is also a layer 1 encryption service.
-- Encryption at rest using customer managed key - This type of encryption can be used on data and temporary disks. It is not enabled by default and requires the customer to provide their own key through Azure key vault. Encryption at rest is a layer 2 encryption service.
+- Encryption at rest using customer managed key - This type of encryption can be used on data and temporary disks. It is not enabled by default and requires the customer to provide their own key through Azure Key Vault. Encryption at rest is a layer 2 encryption service.
 
 These types are summarized in the following table.
 
@@ -39,7 +39,7 @@ Both data disks and temporary disks on each node of the cluster are encrypted wi
 
 For OS disks attached to the cluster VMs only one layer of encryption (PMK) is available. It is recommended that customers avoid copying sensitive data to OS disks if having a CMK encryption is required for their scenarios.
 
-If the key vault firewall is enabled on the key vault where the disk encryption key is stored, the HDInsight regional Resource Provider IP addresses for the region where the cluster will be deployed must be added to the key vault firewall configuration. This is necessary because HDInsight is not a trusted Azure key vault service.
+If the key vault firewall is enabled on the key vault where the disk encryption key is stored, the HDInsight regional Resource Provider IP addresses for the region where the cluster will be deployed must be added to the key vault firewall configuration. This is necessary because HDInsight is not a trusted Azure Key Vault service.
 
 You can use the Azure portal or Azure CLI to safely rotate the keys in the key vault. When a key rotates, the HDInsight cluster starts using the new key within minutes. Enable the [Soft Delete](/azure/key-vault/general/soft-delete-overview) key protection features to protect against ransomware scenarios and accidental deletion. Key vaults without this protection feature aren't supported.
 
diff --git a/articles/web-application-firewall/ag/application-gateway-crs-rulegroups-rules.md b/articles/web-application-firewall/ag/application-gateway-crs-rulegroups-rules.md
@@ -366,7 +366,6 @@ The following rule groups and rules are available when using Web Application Fir
 |942430|Warning - 3|Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)|
 |942440|Critical - 5|SQL Comment Sequence Detected|
 |942450|Critical - 5|SQL Hex Encoding Identified|
-|942460|Warning - 3|Meta-Character Anomaly Detection Alert - Repetitive Non-Word Characters|
 |942470|Critical - 5|SQL Injection Attack|
 |942480|Critical - 5|SQL Injection Attack|
 |942500|Critical - 5|MySQL in-line comment detected|
@@ -691,7 +690,6 @@ The following rule groups and rules are available when using Web Application Fir
 |944210|Possible use of Java serialization|
 |944240|Remote Command Execution: Java serialization|
 |944250|Remote Command Execution: Suspicious Java method detected|
-|944300|Base64 encoded string matched suspicious keyword|
 
 # [OWASP 3.1](#tab/owasp31)
 
