Merge branch 'MicrosoftDocs:main' into main

Author: ADOYLEMSFT

.openpublishing.redirection.json

@@ -75,7 +75,7 @@ In this scenario, Trusona acts as an Identity Provider (IdP) for Azure AD B2C to
 
 ## Step 1: Onboard with Trusona Authentication Cloud
 
-1.	Sign in to the [Trusona Portal](https://portal.trusona.io).
+1.	Sign in to the [Trusona Portal](https://portal.trusona.com/).
 2.	From the left navigation panel, select **Settings**
 3.	In the Settings menu, select the slider to **Enable OIDC**.
 4.	Select the appropriate **Inputs** and provide the **Redirect URL** `https://{your-tenant-name}.b2clogin.com/{your-tenant-name}.onmicrosoft.com/oauth2/authresp`.

articles/active-directory-b2c/partner-trusona.md

@@ -246,14 +246,14 @@
       href: openai-compatible-llm-api.md
     - name: Import Google Gemini API
       href: openai-compatible-google-gemini-api.md
+    - name: Import Amazon Bedrock API
+      href: amazon-bedrock-passthrough-llm-api.md
   - name: Expose REST API as MCP server
     href: export-rest-mcp-server.md
   - name: Semantic caching for Azure OpenAI API requests
     href: azure-openai-enable-semantic-caching.md
   - name: Authenticate and authorize to Azure OpenAI
     href: api-management-authenticate-authorize-azure-openai.md
-  - name: Protect Azure OpenAI keys
-    href: /semantic-kernel/deploy/use-ai-apis-with-api-management?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json
 - name: Manage APIs with policies
   items:
   - name: API Management policies overview

articles/api-management/TOC.yml

@@ -165,4 +165,3 @@ Following are high level steps to restrict API access to users or apps that are
 
 * Learn more about [Microsoft Entra ID and OAuth2.0](../active-directory/develop/authentication-vs-authorization.md).  
 * [Authenticate requests to Azure AI services](/azure/ai-services/authentication)
-* [Protect Azure OpenAI keys with API Management](/semantic-kernel/deploy/use-ai-apis-with-api-management?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json)

articles/api-management/amazon-bedrock-passthrough-llm-api.md

@@ -10,7 +10,7 @@ ms.custom:
   - devdivchpfy22
   - build-2025
 ms.topic: tutorial
-ms.date: 05/14/2025
+ms.date: 07/09/2025
 ms.author: danlep
 ---
 # Tutorial: Monitor published APIs

articles/api-management/api-management-authenticate-authorize-azure-openai.md

@@ -54,6 +54,8 @@ If you want to enable *public* inbound access to an API Management instance in t
 * Minimum: /27 (32 addresses)
 * Recommended: /24 (256 addresses) - to accommodate scaling of API Management instance
 
+### Network security group
+
 [!INCLUDE [api-management-virtual-network-v2-nsg-rules](../../includes/api-management-virtual-network-v2-nsg-rules.md)]
 
 ### Subnet delegation

articles/api-management/api-management-howto-use-azure-monitor.md

@@ -46,8 +46,14 @@ If you want to inject a Premium v2 (preview) API Management instance into a virt
 * Minimum: /27 (32 addresses)
 * Recommended: /24 (256 addresses) - to accommodate scaling of API Management instance
 
+### Network security group
+
 [!INCLUDE [api-management-virtual-network-v2-nsg-rules](../../includes/api-management-virtual-network-v2-nsg-rules.md)]
 
+> [!IMPORTANT]
+> * Inbound NSG rules do not apply when a v2 tier instance is integrated in a virtual network for private outbound access. To enforce inbound NSG rules, use virtual network injection instead of integration.
+> * This differs from networking in the classic Premium tier, where inbound NSG rules are enforced in both external and internal virtual network injection modes. [Learn more](virtual-network-injection-resources.md)
+
 ### Subnet delegation
 
 The subnet needs to be delegated to the **Microsoft.Web/serverFarms** service.