Merge pull request #301200 from MicrosoftDocs/main

6/11/2025 AM Publish

Author: Taojunshen

articles/application-gateway/configuration-http-settings.md

@@ -77,7 +77,7 @@ By default, the Application Gateway resource includes popular CA certificates, a
 
 ### Request timeout
 
-This setting is the number of seconds that the application gateway waits to receive a response from the backend server.
+This setting is the number of seconds that the application gateway waits to receive a response from the backend server. The default value is 20 seconds. However, you may wish to adjust this setting to the needs of your application.
 
 ### Override backend path
 

articles/automation/automation-hrw-run-runbooks.md

@@ -432,7 +432,7 @@ You will perform the following steps to complete this configuration:
 > [!NOTE]
 > The Create a GPG keyring and keypair are applicable only for the agent-based hybrid workers.
 
-To create the GPG keyring and keypair, use the Hybrid Runbook Worker [nxautomation account](automation-runbook-execution.md#log-analytics-agent-for-linux).
+To create the GPG keyring and keypair, use the Hybrid Runbook Worker.
 
 1. Use the sudo application to sign in as the **nxautomation** account.
 

articles/automation/automation-hybrid-runbook-worker.md

@@ -149,7 +149,7 @@ You might have runbooks that manage resources on the local machine or run agains
 
 ### Hybrid Runbook Worker jobs
 
-Hybrid Runbook Worker jobs run under the local **System** account on Windows or the [nxautomation account](automation-runbook-execution.md#log-analytics-agent-for-linux) on Linux. Azure Automation handles jobs on Hybrid Runbook Workers differently from jobs run in Azure sandboxes. See [Runbook execution environment](automation-runbook-execution.md#runbook-execution-environment).
+Hybrid Runbook Worker jobs run under the local **System** account on Windows or the nxautomation account on Linux. Azure Automation handles jobs on Hybrid Runbook Workers differently from jobs run in Azure sandboxes. See [Runbook execution environment](automation-runbook-execution.md#runbook-execution-environment).
 
 If the Hybrid Runbook Worker host machine reboots, any running runbook job restarts from the beginning, or from the last checkpoint for PowerShell Workflow runbooks. After a runbook job is restarted more than three times, it's suspended.
 

articles/automation/automation-linux-hrw-install.md

@@ -176,7 +176,7 @@ To install and configure a Linux Hybrid Runbook Worker, perform the following st
     > To manage the configuration of machines that support the Hybrid Runbook Worker role with Desired State Configuration (DSC), you must add the machines as DSC nodes.
 
     > [!NOTE]
-    > The [nxautomation account](automation-runbook-execution.md#log-analytics-agent-for-linux) with the corresponding sudo permissions must be present during installation of the Linux Hybrid Worker. If you try to install the worker and the account is not present or doesn't have the appropriate permissions, the installation fails.
+    > The nxautomation account with the corresponding sudo permissions must be present during installation of the Linux Hybrid Worker. If you try to install the worker and the account is not present or doesn't have the appropriate permissions, the installation fails.
 
 3. Verify agent is reporting to workspace.
 

articles/automation/automation-runbook-execution.md

@@ -31,15 +31,14 @@ The following diagram shows the lifecycle of a runbook job for [PowerShell runbo
 
 Runbooks in Azure Automation can run on either an Azure sandbox or a [Hybrid Runbook Worker](automation-hybrid-runbook-worker.md). 
 
-When runbooks are designed to authenticate and run against resources in Azure, they run in an Azure sandbox. Azure Automation assigns a worker to run each job during runbook execution in the sandbox. While workers are shared by many Automation accounts, jobs from different Automation accounts are isolated from one another.  Jobs using the same sandbox are bound by the resource limitations of the sandbox. The Azure sandbox environment doesn't support interactive operations. It prevents access to all out-of-process COM servers, and it doesn't support making [WMI calls](/windows/win32/wmisdk/wmi-architecture) to the Win32 provider in your runbook.  These scenarios are only supported by running the runbook on a Windows Hybrid Runbook Worker.
+When runbooks are designed to authenticate and run against resources in Azure, they run in an Azure sandbox. Azure Automation assigns a worker to run each job during runbook execution in the sandbox. While workers are shared by many Automation accounts, jobs from different Automation accounts are isolated from one another.  Jobs using the same sandbox are bound by the resource limitations of the sandbox. The Azure sandbox environment doesn't support interactive operations.
 
 You can also use a [Hybrid Runbook Worker](automation-hybrid-runbook-worker.md) to run runbooks directly on the computer that hosts the role and against local resources in the environment. Azure Automation stores and manages runbooks and then delivers them to one or more assigned computers.
 
 Enabling the Azure Firewall on [Azure Storage](../storage/common/storage-network-security.md), [Azure Key Vault](/azure/key-vault/general/network-security), or [Azure SQL](/azure/azure-sql/database/firewall-configure) blocks access from Azure Automation runbooks for those services. Access will be blocked even when the firewall exception to allow trusted Microsoft services is enabled, as Automation isn't a part of the trusted services list. With an enabled firewall, access can only be made by using a Hybrid Runbook Worker and a [virtual network service endpoint](../virtual-network/virtual-network-service-endpoints-overview.md).
 
 >[!NOTE]
 >- To run on a Linux Hybrid Runbook Worker, your scripts must be signed and the worker configured accordingly. Alternatively, [signature validation must be turned off](automation-linux-hrw-install.md#turn-off-signature-validation).
->- Runbook execution shouldn't depend on timezone of the sandbox.
 
 The following table lists some runbook execution tasks with the recommended execution environment listed for each.
 
@@ -57,7 +56,6 @@ The following table lists some runbook execution tasks with the recommended exec
 |Install a module with an installer|Hybrid Runbook Worker|Modules for sandbox must support copying.|
 |Use runbooks or modules that require .NET Framework version different from 4.7.2|Hybrid Runbook Worker|Azure sandboxes support .NET Framework 4.7.2, and upgrading to a different version isn't supported.|
 |Run scripts that require elevation|Hybrid Runbook Worker|Sandboxes don't allow elevation. With a Hybrid Runbook Worker, you can turn off UAC and use [Invoke-Command](/powershell/module/microsoft.powershell.core/invoke-command) when running the command that requires elevation.|
-|Run scripts that require access to Windows Management Instrumentation (WMI)|Hybrid Runbook Worker|Jobs running in sandboxes in the cloud can't access WMI provider. |
 
 ## Temporary storage in a sandbox
 
@@ -78,28 +76,15 @@ Defender for Cloud places constraints on users who can run any scripts, either s
 
 ## Subscriptions
 
-An Azure [subscription](/office365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings) is an agreement with Microsoft to use one or more cloud-based services, for which you are charged. For Azure Automation, each subscription is linked to an Azure Automation account, and you can [create multiple subscriptions](manage-runbooks.md#work-with-multiple-subscriptions) in the account.
+An Azure [subscription](/office365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings) is an agreement with Microsoft to use one or more cloud-based services, for which you are charged. You can [manage multiple subscriptions](manage-runbooks.md#work-with-multiple-subscriptions) from the same Automation account if the credential you are using has access to multiple subscriptions.
 
 ## Credentials
 
 A runbook requires appropriate [credentials](shared-resources/credentials.md) to access any resource, whether for Azure or third-party systems. These credentials are stored in Azure Automation, Key Vault, etc.  
 
 ## Azure Monitor
 
-Azure Automation makes use of [Azure Monitor](/azure/azure-monitor/overview) for monitoring its machine operations. The operations require a Log Analytics workspace and a [Log Analytics agent](/azure/azure-monitor/agents/log-analytics-agent).
-
-### Log Analytics agent for Windows
-
-The [Log Analytics agent for Windows](/azure/azure-monitor/agents/agent-windows) works with Azure Monitor to manage Windows VMs and physical computers. The machines can be running either in Azure or in a non-Azure environment, such as a local datacenter.
-
->[!NOTE]
->The Log Analytics agent for Windows was previously known as the Microsoft Monitoring Agent (MMA).
-
-### Log Analytics agent for Linux
-
-The [Log Analytics agent for Linux](/azure/azure-monitor/agents/agent-linux) works similarly to the agent for Windows, but connects Linux computers to Azure Monitor. The agent is installed with certain service accounts that execute commands requiring root permissions. For more information, see [Service accounts](./automation-hrw-run-runbooks.md#service-accounts).
-
-The Log Analytics agent log is located at `/var/opt/microsoft/omsagent/log/omsagent.log`.
+Azure Automation can make use of [Azure Monitor](/azure/azure-monitor/overview) for monitoring its machine operations.
 
 ## Runbook permissions
 
@@ -217,7 +202,7 @@ Runbooks that run in Azure sandboxes don't support calling processes, such as ex
 
 ## Device and application characteristics
 
-Runbook jobs in Azure sandboxes can't access any device or application characteristics. The most common API used to query performance metrics on Windows is WMI, with some of the common metrics being memory and CPU usage. However, it doesn't matter what API is used, as jobs running in the cloud can't access the Microsoft implementation of Web-Based Enterprise Management (WBEM). This platform is built on the Common Information Model (CIM), providing the industry standards for defining device and application characteristics.
+Runbook jobs in Azure sandboxes can't access any device or application characteristics. The most common API used to query performance metrics on Windows is WMI, with some of the common metrics being memory and CPU usage. 
 
 ## Webhooks
 

articles/azure-netapp-files/faq-application-resilience.md

@@ -5,7 +5,7 @@ ms.service: azure-netapp-files
 ms.topic: concept-article
 author: b-hchen
 ms.author: anfdocs
-ms.date: 03/01/2025
+ms.date: 06/10/2025
 ms.custom:
   - build-2025
 ---
@@ -15,7 +15,7 @@ This article answers frequently asked questions (FAQs) about Azure NetApp Files
 
 ## What do you recommend for handling potential application disruptions due to storage service maintenance events?
 
-Azure NetApp Files might undergo occasional planned maintenance (for example, platform updates, service or software upgrades). From a file protocol (NFS/SMB) perspective, the maintenance operations are nondisruptive, as long as the application can handle the IO pauses that might briefly occur during these events. The I/O pauses are typically short, ranging from a few seconds up to 30 seconds. The NFS protocol is especially robust, and client-server file operations continue normally. Some applications might require tuning to handle IO pauses for as long as 30-45 seconds. As such, ensure that you're aware of the application’s resiliency settings to cope with the storage service maintenance events. For human interactive applications leveraging the SMB protocol, the standard protocol settings are usually sufficient. 
+Azure NetApp Files might undergo occasional planned maintenance (for example, platform updates, service or software upgrades). From a file protocol (NFS/SMB) perspective, the maintenance operations are nondisruptive, as long as the application can handle the I/O pauses that might briefly occur during these events. The I/O pauses are typically short, ranging from a few seconds up to 30 seconds. The NFS protocol is especially robust, and client-server file operations continue normally. Some applications might require tuning to handle I/O pauses for as long as 30-45 seconds for NFSv3 and up to 120 seconds for NFSv4.1. As such, ensure that you're aware of the application’s resiliency settings to cope with the storage service maintenance events. For human interactive applications leveraging the SMB protocol, the standard protocol settings are usually sufficient.
 
 >[!IMPORTANT]
 >To ensure a resilient architecture, it is crucial to recognize that the cloud operates under a _shared responsibility_ model. This model encompasses the Azure cloud platform, its infrastructure services, the OS-layer, and application vendors. Each of these components plays a vital role in gracefully handling potential application disruptions that may arise during storage service maintenance events.

articles/azure-resource-manager/management/relocation/relocation-cosmos-db.md

@@ -1,12 +1,11 @@
 ---
 title: Relocate an Azure Cosmos DB NoSQL account to another region
 description: Learn how to relocate an Azure Cosmos DB NoSQL account to another region.
-author: seesharprun
+author: markjbrown
 ms.topic: how-to
 ms.custom: subject-relocation
-ms.date: 06/11/2024
-ms.author: sidandrews
-ms.reviewer: mjbrown
+ms.date: 06/11/2025
+ms.author: mjbrown
 ---
 
 # Relocate an Azure Cosmos DB NoSQL account to another region

articles/azure-vmware/azure-vmware-solution-known-issues.md

@@ -15,7 +15,8 @@ Refer to the table to find details about resolution dates or possible workaround
 
 |Issue | Date discovered | Workaround | Date resolved |
 | :------------------------------------- | :------------ | :------------- | :------------- |
-| [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) Multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228) have been identified in VMware ESXi and vCenter Server. | May 2025 | Microsoft, in collaboration with Broadcom/VMware, has confirmed the applicability of these vulnerabilities to Azure VMware Solution (AVS). Existing security controls, including cloudadmin role restrictions and network isolation, are deemed to significantly mitigate the impact of these vulnerabilities prior to official patching. The vulnerabilities have been adjudicated with a combined adjusted Environmental Score of [6.8](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H) within the Azure VMware Solution. Until the update is fully addressed, customers are advised to exercise additional caution when granting administrative access to guest virtual machines and to actively monitor any administrative activities performed on them. | N/A |
+|[VMSA-2025-0012](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738) Multiple vulnerabilities (CVE-2025-22243, CVE-2025-22244, CVE-2025-22245) have been identified in VMware NSX. | May 2025 | The vulnerability described in the Broadcom document does not apply to Azure VMware Solution due to existing compensating controls mitigate the risk of exploitation. | The upcoming version of NSX will include a patch to address this vulnerability. |
+|[VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) Multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228) have been identified in VMware ESXi and vCenter Server. | May 2025 | Microsoft, in collaboration with Broadcom/VMware, has confirmed the applicability of these vulnerabilities to Azure VMware Solution (AVS). Existing security controls, including cloudadmin role restrictions and network isolation, are deemed to significantly mitigate the impact of these vulnerabilities prior to official patching. The vulnerabilities have been adjudicated with a combined adjusted Environmental Score of [6.8](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H) within the Azure VMware Solution. Until the update is fully addressed, customers are advised to exercise additional caution when granting administrative access to guest virtual machines and to actively monitor any administrative activities performed on them. | N/A |
 |[VMSA-2025-0007](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683) VMware Tools update addresses an insecure file handling vulnerability (CVE-2025-22247). | May 2025 | To remediate CVE-2025-22247, apply version 12.5.2 of VMware Tools, use the Azure VMware Solution Run command ``Set-Tools-Repo.`` | May 2025 |
 | ESXi hosts may experience operational issues if NSX Layer-2 DFW default rule logging is enabled. More information can be obtained in this Knowledge Base article from Broadcom: [ESXi hosts may experience operational issues if L2 DFW default rule logging is enabled.](https://knowledge.broadcom.com/external/article/326455/esxi-hosts-may-experience-operational-is.html) | May 2025 | It is not recommended to enable logging on the default Layer-2 DFW rule in a Production environment for any sustained period of time. If logging must be enabled on an L2 rule, it is advised to create a new L2 rule specific to the traffic flow in question and enable logging on that rule only. Please see [Broadcom Knowledge Base Article 326455.](https://knowledge.broadcom.com/external/article/326455/esxi-hosts-may-experience-operational-is.html).| N/A |
 | With VMware HCX versions 4.10.3 and earlier, attempts to download upgrade bundles or the Connector OVA directly from the HCX Manager UI (port 443) fail due to the decommissioning of the external image depot server. More information can be obtained in this Knowledge Base article from Broadcom: [Upgrade Bundle Download from 443 UI will Fail in All HCX versions prior to 4.11](https://knowledge.broadcom.com/external/article/395372)| April 2025 | We will begin upgrading all Azure VMware Solution customers to HCX 4.11.0 in the coming weeks, this will provide customers with access to the HCX Connector upgrade bundles, which will be stored on their vSAN datastore. Until then, all customers will need to submit a support request (SR) to obtain the required upgrade bundles. | May 2025 |

articles/backup/back-up-managed-disks-tutorial.md

@@ -2,7 +2,7 @@
 title: Tutorial - Back up Azure Managed Disks using Azure Backup
 description: In this tutorial, learn how to back up Azure Managed Disks from the Azure portal.
 ms.topic: tutorial
-ms.date: 06/11/2024
+ms.date: 06/11/2025
 ms.service: azure-backup
 author: jyothisuri
 ms.author: jsuri
@@ -197,4 +197,4 @@ To run an on-demand disk backup, follow these steps:
 
 ## Next step
 
-- [Restore Azure Managed Disks](restore-managed-disks.md)
+- Restore Managed Disk using [Azure portal](restore-managed-disks.md), [Azure PowerShell](restore-managed-disks-ps.md), [Azure CLI](restore-managed-disks-cli.md), [REST API](backup-azure-dataprotection-use-rest-api-restore-disks.md).

articles/backup/backup-azure-dataprotection-use-rest-api-backup-disks.md

@@ -2,7 +2,7 @@
 title: Back up Azure Disks using Azure Data Protection REST API.
 description: In this article, learn how to configure, initiate, and manage backup operations of Azure Disks using REST API.
 ms.topic: how-to
-ms.date: 04/16/2025
+ms.date: 06/11/2025
 ms.assetid: 6050a941-89d7-4b27-9976-69898cc34cde
 author: jyothisuri
 ms.author: jsuri
@@ -509,7 +509,7 @@ GET "https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx
 
 ## Next steps
 
-[Restore data from an Azure Disk backup](backup-azure-arm-userestapi-restoreazurevms.md)
+Restore Managed Disk using [Azure portal](restore-managed-disks.md), [Azure PowerShell](restore-managed-disks-ps.md), [Azure CLI](restore-managed-disks-cli.md), [REST API](backup-azure-dataprotection-use-rest-api-restore-disks.md).
 
 For more information on the Azure Backup REST APIs, see the following articles: