Merge pull request #302760 from MicrosoftDocs/main

Auto Publish – main to live - 2025-07-15 17:00 UTC

Author: learn-build-service-prod[bot]

articles/app-service/configure-ssl-certificate.md

@@ -55,7 +55,7 @@ You can add up to 1,000 private certificates per webspace.
 
 ## Create a free managed certificate
 
-The free App Service managed certificate is a turnkey solution that helps to secure your custom DNS name in App Service. App Service manages this TLS/SSL server certificate without any action from you.
+The free App Service managed certificate is a turn-key solution for helping to secure your custom DNS name in App Service. Without any action from you, this TLS/SSL server certificate is fully managed by App Service and is automatically renewed continuously in six-month increments, 45 days before expiration, as long as the prerequisites that you set up stay the same. All the associated bindings are updated with the renewed certificate. You create and bind the certificate to a custom domain, and let App Service do the rest.
 
 Before you create a free managed certificate, make sure that you [meet the prerequisites](#prerequisites) for your app.
 

articles/app-service/overview-ai-integration.md

@@ -35,6 +35,7 @@ Build AI-powered .NET applications with these tutorials:
 - [Build a RAG application with Azure OpenAI and Azure SQL](deploy-intelligent-apps-dotnet-to-azure-sql.md) - Use Azure SQL as a vector database for RAG applications.
 - [Run a chatbot with a local SLM sidecar extension](tutorial-ai-slm-dotnet.md) - Deploy a chatbot that uses a local SLM without requiring an external AI service.
 - [Invoke a web app from Azure AI Foundry Agent](invoke-openapi-web-app-from-azure-ai-agent-service.md) - Make your web API available to AI agents.
+- [Build an agentic web app with Semantic Kernel Agent2Agent (A2A) Protocol integration](https://techcommunity.microsoft.com/blog/appsonazureblog/building-agent-to-agent-a2a-applications-on-azure-app-service/4433114) - Deploy a multi-agent system where a main agent coordinates with specialized agents using [A2A](https://a2aproject.github.io/A2A/latest/).
 
 ## Java applications
 

articles/application-gateway/mutual-authentication-powershell.md

@@ -5,24 +5,25 @@ services: application-gateway
 author: mbender-ms
 ms.service: azure-application-gateway
 ms.topic: how-to
-ms.date: 02/18/2022
+ms.date: 07/11/2025
 ms.author: mbender 
 ms.custom: devx-track-azurepowershell
 # Customer intent: "As an IT admin, I want to configure mutual authentication for my Application Gateway using PowerShell, so that I can ensure secure client-server communication through certificate verification."
 ---
 
 # Configure mutual authentication with Application Gateway through PowerShell
-This article describes how to use the PowerShell to configure mutual authentication on your Application Gateway. Mutual authentication means Application Gateway authenticates the client sending the request using the client certificate you upload onto the Application Gateway. 
+This article describes how to use PowerShell to configure mutual authentication on your Application Gateway. Mutual authentication means Application Gateway authenticates the client sending the request using the client certificate you upload onto the Application Gateway. 
 
 If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
 
-[!INCLUDE [updated-for-az](~/reusable-content/ce-skilling/azure/includes/updated-for-az.md)]
+> [!NOTE]
+> We recommend that you use the Azure Az PowerShell module to interact with Azure. To get started, see [Install Azure PowerShell](/powershell/azure/install-azure-powershell). To learn how to migrate to the Az PowerShell module, see [Migrate Azure PowerShell from AzureRM to Az](/powershell/azure/migrate-from-azurerm-to-az).
 
-This article requires the Azure PowerShell module version 1.0.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-azure-powershell). If you're running PowerShell locally, you also need to run `Login-AzAccount` to create a connection with Azure.
+This article requires the Azure PowerShell module version 1.0.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-azure-powershell). If you're running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.
 
 ## Before you begin
 
-To configure mutual authentication with an Application Gateway, you need a client certificate to upload to the gateway. The client certificate will be used to validate the certificate the client will present to Application Gateway. For testing purposes, you can use a self-signed certificate. However, this is not advised for production workloads, because they're harder to manage and aren't completely secure.
+To configure mutual authentication with an Application Gateway, you need a client certificate to upload to the gateway. The client certificate is used to validate the certificate the client presents to Application Gateway. For testing purposes, you can use a self-signed certificate. However, this is not advised for production workloads, because they're harder to manage and aren't completely secure.
 
 To learn more, especially about what kind of client certificates you can upload, see [Overview of mutual authentication with Application Gateway](./mutual-authentication-overview.md#certificates-supported-for-mutual-authentication).
 
@@ -62,9 +63,9 @@ $fipconfig = New-AzApplicationGatewayFrontendIPConfig -Name $fipconfigName -Publ
 $port = New-AzApplicationGatewayFrontendPort -Name $frontendPortName  -Port 443
 ```
 
-## Configure frontend SSL 
+## Configure frontend TLS/SSL 
 
-Configure the SSL certificates for your Application Gateway.
+Configure the TLS/SSL certificates for your Application Gateway.
 
 ```azurepowershell
 $password = ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force
@@ -77,10 +78,10 @@ $sslCert = New-AzApplicationGatewaySslCertificate -Name $sslCertName -Certificat
 Configure client authentication on your Application Gateway. For more information on how to extract trusted client CA certificate chains to use here, see [how to extract trusted client CA certificate chains](./mutual-authentication-certificate-management.md).
 
 > [!IMPORTANT]
-> Please ensure that you upload the entire client CA certificate chain in one file, and only one chain per file.  
+> Ensure that you upload the entire client CA certificate chain in one file, and only one chain per file. The maximum size of each uploaded file must be 25 KB or less.
 
 > [!NOTE]
-> We recommend using TLS 1.2 with mutual authentication as TLS 1.2 will be mandated in the future. 
+> We recommend using TLS 1.2 with mutual authentication as TLS 1.2 will be mandated starting August 31, 2025. 
 
 ```azurepowershell
 $clientCertFilePath = $basedir + "/ScenarioTests/Data/TrustedClientCertificate.cer"
@@ -93,7 +94,7 @@ $listener = New-AzApplicationGatewayHttpListener -Name $listenerName -Protocol H
 
 ## Configure the backend pool and settings
 
-Set up backend pool and settings for your Application Gateway. Optionally, set up the backend trusted root certificate for end-to-end SSL encryption.  
+Set up backend pool and settings for your Application Gateway. Optionally, set up the backend trusted root certificate for end-to-end TLS/SSL encryption.  
 
 ```azurepowershell
 $certFilePath = $basedir + "/ScenarioTests/Data/ApplicationGatewayAuthCert.cer"
@@ -110,17 +111,17 @@ Set up a rule on your Application Gateway.
 $rule = New-AzApplicationGatewayRequestRoutingRule -Name $ruleName -RuleType basic -BackendHttpSettings $poolSetting -HttpListener $listener -BackendAddressPool $pool
 ```
 
-## Set up default SSL policy for future listeners
+## Set up default TLS/SSL policy for future listeners
 
-You've set up a listener specific SSL policy while setting up mutual authentication. In this step, you can optionally set the default SSL policy for future listeners you create. 
+You've set up a listener specific TLS/SSL policy while setting up mutual authentication. In this step, you can optionally set the default TLS/SSL policy for future listeners you create.
 
 ```azurepowershell
 $sslPolicyGlobal = New-AzApplicationGatewaySslPolicy -PolicyType Predefined -PolicyName "AppGwSslPolicy20170401"
 ```
 
 ## Create the Application Gateway
 
-Using everything we created above, deploy your Application Gateway.
+Using everything we created, deploy your Application Gateway.
 
 ```azurepowershell
 $sku = New-AzApplicationGatewaySku -Name Standard_v2 -Tier Standard_v2

articles/application-gateway/tutorial-autoscale-ps.md

@@ -13,7 +13,7 @@ ms.custom: mvc, devx-track-azurepowershell
 ---
 # Tutorial: Create an application gateway that improves web application access
 
-If you're an IT admin concerned with improving web application access, you can optimize your application gateway to scale based on customer demand and span multiple availability zones. This tutorial helps you configure Azure Application Gateway features that do that: autoscaling, zone redundancy, and reserved VIPs (static IP). You'll use Azure PowerShell cmdlets and the Azure Resource Manager deployment model to solve the problem.
+If you're an IT admin concerned with improving web application access, you can optimize your application gateway to scale based on customer demand and span multiple availability zones. This tutorial helps you configure Azure Application Gateway v2 features that do that: autoscaling, zone redundancy, and static VIPs. You'll use Azure PowerShell cmdlets and the Azure Resource Manager deployment model to solve the problem.
 
 In this tutorial, you learn how to:
 
@@ -30,7 +30,8 @@ If you don't have an Azure subscription, create a [free account](https://azure.m
 
 ## Prerequisites
 
-[!INCLUDE [updated-for-az](~/reusable-content/ce-skilling/azure/includes/updated-for-az.md)]
+> [!NOTE]
+> We recommend that you use the Azure Az PowerShell module to interact with Azure. To get started, see [Install Azure PowerShell](/powershell/azure/install-azure-powershell). To learn how to migrate to the Az PowerShell module, see [Migrate Azure PowerShell from AzureRM to Az](/powershell/azure/migrate-from-azurerm-to-az).
 
 This tutorial requires that you run an administrative Azure PowerShell session locally. You must have Azure PowerShell module version 1.0.0 or later installed. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-azure-powershell). After you verify the PowerShell version, run `Connect-AzAccount` to create a connection with Azure.
 
@@ -118,7 +119,7 @@ $gwSubnet = Get-AzVirtualNetworkSubnetConfig -Name "AppGwSubnet" -VirtualNetwork
 
 ## Create web apps
 
-Configure two web apps for the backend pool. Replace *\<site1-name>* and *\<site-2-name>* with unique names in the `azurewebsites.net` domain.
+Configure two web apps for the backend pool. Replace *\<site1-name>* and *\<site2-name>* with unique names in the `azurewebsites.net` domain.
 
 ```azurepowershell
 New-AzAppServicePlan -ResourceGroupName $rg -Name "ASP-01"  -Location $location -Tier Basic `
@@ -135,7 +136,7 @@ Replace your two web app FQDNs (for example: `mywebapp.azurewebsites.net`) in th
 
 ```azurepowershell
 $ipconfig = New-AzApplicationGatewayIPConfiguration -Name "IPConfig" -Subnet $gwSubnet
-$fip = New-AzApplicationGatewayFrontendIPConfig -Name "FrontendIPCOnfig" -PublicIPAddress $publicip
+$fip = New-AzApplicationGatewayFrontendIPConfig -Name "FrontendIPConfig" -PublicIPAddress $publicip
 $pool = New-AzApplicationGatewayBackendAddressPool -Name "Pool1" `
        -BackendIPAddresses <your first web app FQDN>, <your second web app FQDN>
 $fp01 = New-AzApplicationGatewayFrontendPort -Name "SSLPort" -Port 443