Merge branch 'main' into release-esan-backup

Author: v-alje

articles/active-directory-b2c/string-transformations.md

@@ -446,7 +446,7 @@ The following example generates an error message when an account is already in t
 </Localization>
 ```
 
-The claims transformation creates a response message based on the localized string. The message contains the user's email address embedded into the localized sting *ResponseMessage_EmailExists*.
+The claims transformation creates a response message based on the localized string. The message contains the user's email address embedded into the localized string *ResponseMessage_EmailExists*.
 
 ```xml
 <ClaimsTransformation Id="SetResponseMessageForEmailAlreadyExists" TransformationMethod="FormatLocalizedString">

articles/active-directory-b2c/tutorial-create-user-flows.md

@@ -211,8 +211,8 @@ Next, specify that the application should be treated as a public client:
 1. In the left menu, under **Manage**, select **Authentication**.
 1. Under **Advanced settings**, in the **Allow public client flows** section, set **Enable the following mobile and desktop flows** to **Yes**. 
 1. Select **Save**.
-1. Ensure that **"isFallbackPublicClient": true** is set in the application manifest:
-    1. In the left menu, under **Manage**, select **Manifest** to open application manifest.
+1. Ensure that **"isFallbackPublicClient": true** is set in the Microsoft Graph App Manifest(New):
+    1. In the left menu, under **Manage**, select **Manifest** to open Microsoft Graph App Manifest(New)
     1. Switch from the **Microsoft Graph App Manifest (New)** tab to the **AAD Graph App Manifest (Deprecating Soon)** tab.
     1. Find **isFallbackPublicClient** key and ensure its value is set to **true**.
 

articles/api-management/applications.md

@@ -1,5 +1,5 @@
 ---
-title: Protect Access to Product APIs with Microsoft Entra Application - Azure API Management
+title: Securely Access Products and APIs - Microsoft Entra Applications - Azure API Management
 titleSuffix: Azure API Management
 description: Configure OAuth 2.0 access to product APIs in Azure API Management with Microsoft Entra ID applications.
 services: api-management
@@ -11,7 +11,7 @@ ms.date: 05/19/2025
 ms.author: danlep
 ms.custom: 
 ---
-# Secure product API access with Microsoft Entra applications
+# Securely access products and APIs with Microsoft Entra applications
 
 [!INCLUDE [api-management-availability-premium-dev-standard-basic](../../includes/api-management-availability-premium-dev-standard-basic.md)]
 
@@ -64,14 +64,14 @@ The following example uses the **Starter** product, but choose any published pro
 1. In the left menu, under **APIs**, select **Products**.
 1. Choose the product that you want to configure, such as the **Starter** product.
 1. In the left menu, under **Product**, select **Properties**.
-1. Enable the **Application based access** setting.
-1. Optionally, enable the **Requires subscription** setting. If you enable both application based access and a subscription requirement, the API Management gateway can accept either OAuth 2.0 authorization or a subscription key for access to the product's APIs.
+1. In the **Application based access** section, enable the **OAuth 2.0 token (most secure)** setting.
+1. Optionally, enable the **Subscription key** setting. If you enable both application based access and a subscription requirement, the API Management gateway can accept either an OAuth 2.0 token or a subscription key for access to the product's APIs.
 1. Select **Save**.
 
 :::image type="content" source="media/applications/enable-application-based-access.png" alt-text="Screenshot of enabling application based access in the portal.":::
 
 > [!TIP]
-> You can also enable the **Application based access** setting when creating a new product.
+> You can also enable the **OAuth 2.0 token** setting when creating a new product.
 
  Enabling application based access creates a backend enterprise application in Microsoft Entra ID to represent the product. The backend application ID is displayed in the product's **Properties** page.
 

articles/api-management/media/applications/enable-application-based-access.png

@@ -95,18 +95,20 @@ Self-hosted gateways require outbound TCP/IP connectivity to Azure on port 443.
 
 To operate properly, each self-hosted gateway needs outbound connectivity on port 443 to the following endpoints associated with its cloud-based API Management instance:
 
-| Description | Required for v1 | Required for v2 | Notes |
-|:------------|:---------------------|:---------------------|:------|
-| Hostname of the configuration endpoint | `<apim-service-name>.management.azure-api.net` | `<apim-service-name>.configuration.azure-api.net`<sup>1</sup> | Custom hostnames are also supported and can be used instead of the default hostname. |
-| Public IP address of the API Management instance | ✔️ | ✔️ | IP address of primary location is sufficient. |
-| Public IP addresses of Azure Storage [service tag](../virtual-network/service-tags-overview.md) | ✔️ | Optional<sup>2</sup> | IP addresses must correspond to primary location of API Management instance. |
-| Hostname of Azure Blob Storage account | ✔️ | Optional<sup>2</sup> | Account associated with instance (`<blob-storage-account-name>.blob.core.windows.net`) |
-| Hostname of Azure Table Storage account | ✔️ | Optional<sup>2</sup> | Account associated with instance (`<table-storage-account-name>.table.core.windows.net`) |
-| Endpoints for Azure Resource Manager | ✔️ | Optional<sup>3</sup> | Required endpoints are `management.azure.com`. |
-| Endpoints for Microsoft Entra integration | ✔️ | Optional<sup>4</sup> | Required endpoints are `<region>.login.microsoft.com` and `login.microsoftonline.com`. |
-| Endpoints for [Azure Application Insights integration](api-management-howto-app-insights.md) | Optional<sup>5</sup> | Optional<sup>5</sup> | Minimal required endpoints are:<ul><li>`rt.services.visualstudio.com:443`</li><li>`dc.services.visualstudio.com:443`</li><li>`{region}.livediagnostics.monitor.azure.com:443`</li></ul>Learn more in [Azure Monitor docs](/azure/azure-monitor/ip-addresses#outgoing-ports) |
-| Endpoints for [Event Hubs integration](api-management-howto-log-event-hubs.md) | Optional<sup>5</sup> | Optional<sup>5</sup> | Learn more in [Azure Event Hubs docs](../event-hubs/network-security.md) |
-| Endpoints for [external cache integration](api-management-howto-cache-external.md) | Optional<sup>5</sup> | Optional<sup>5</sup> | This requirement depends on the external cache that is being used |
+
+| Endpoint | Required? | Notes |
+|:------------|:---------------------|:------|
+| Hostname of the configuration endpoint | `<apim-service-name>.configuration.azure-api.net`<sup>1</sup> | Custom hostnames are also supported and can be used instead of the default hostname. |
+| Public IP address of the API Management instance | ✔️ | IP address of primary location is sufficient. |
+| Public IP addresses of Azure Storage [service tag](../virtual-network/service-tags-overview.md) | Optional<sup>2</sup> | IP addresses must correspond to primary location of API Management instance. |
+| Hostname of Azure Blob Storage account | Optional<sup>2</sup> | Account associated with instance (`<blob-storage-account-name>.blob.core.windows.net`) |
+| Hostname of Azure Table Storage account | Optional<sup>2</sup> | Account associated with instance (`<table-storage-account-name>.table.core.windows.net`) |
+| Endpoints for Azure Resource Manager | Optional<sup>3</sup> | Required endpoints are `management.azure.com`. |
+| Endpoints for Microsoft Entra integration | Optional<sup>4</sup> | Required endpoints are `<region>.login.microsoft.com` and `login.microsoftonline.com`. |
+| Endpoints for [Azure Application Insights integration](api-management-howto-app-insights.md) | Optional<sup>5</sup> | Minimal required endpoints are:<ul><li>`rt.services.visualstudio.com:443`</li><li>`dc.services.visualstudio.com:443`</li><li>`{region}.livediagnostics.monitor.azure.com:443`</li></ul>Learn more in [Azure Monitor docs](/azure/azure-monitor/ip-addresses#outgoing-ports) |
+| Endpoints for [Event Hubs integration](api-management-howto-log-event-hubs.md) | Optional<sup>5</sup> | Learn more in [Azure Event Hubs docs](../event-hubs/network-security.md) |
+| Endpoints for [external cache integration](api-management-howto-cache-external.md) | Optional<sup>5</sup> | This requirement depends on the external cache that is being used |
+
 
 <sup>1</sup>For an API Management instance in an internal virtual network, see [Connectivity in an internal virtual network](#connectivity-in-internal-virtual-network).<br/>
 <sup>2</sup>Only required in v2 when API inspector or quotas are used in policies.<br/>
@@ -167,9 +169,6 @@ The following functionality found in the managed gateways is **not available** i
 
 ### Transport Layer Security (TLS)
 
-> [!IMPORTANT]
-> This overview is only applicable to the self-hosted gateway v1 & v2.
-
 #### Supported protocols
 
 The self-hosted gateway provides support for TLS v1.2 by default.
@@ -178,9 +177,6 @@ Customers using custom domains can enable TLS v1.0 and/or v1.1 [in the control p
 
 #### Available cipher suites
 
-> [!IMPORTANT]
-> This overview is only applicable to the self-hosted gateway v2.
-
 The self-hosted gateway uses the following cipher suites for both client and server connections:
 
 - `TLS_AES_256_GCM_SHA384`

articles/api-management/media/applications/product-application-settings.png

@@ -71,8 +71,8 @@ This guidance helps you provide the required information to define how to authen
 
 | Name                    | Description              | Required | Default           | Availability |
 |-------------------------|------------------------|----------|-------------------| ----|
-| k8s.ingress.enabled     | Enable Kubernetes Ingress integration. | No | `false` | v1.2+ |
-| k8s.ingress.namespace   | Kubernetes namespace to watch Kubernetes Ingress resources in. | No | `default` | v1.2+ |
+| k8s.ingress.enabled     | Enable Kubernetes Ingress integration. | No | `false` | v2.0+ |
+| k8s.ingress.namespace   | Kubernetes namespace to watch Kubernetes Ingress resources in. | No | `default` | v2.0+ |
 | k8s.ingress.dns.suffix  | DNS suffix to build DNS hostname for services to send requests to. | No | `svc.cluster.local` | v2.4+ |
 | k8s.ingress.config.path | Path to Kubernetes configuration (Kubeconfig). | No | N/A | v2.4+ |
 

articles/api-management/self-hosted-gateway-overview.md

@@ -15,7 +15,7 @@ For more information about containerized applications in a serverless environmen
 ## Prerequisites
 
 - An [Azure account](https://azure.microsoft.com/free/?utm_source=campaign&utm_campaign=vscode-tutorial-docker-extension&mktingSource=vscode-tutorial-docker-extension)
-- An [Azure container registry](/azure/container-registry/container-registry-get-started-portal)
+- An [Azure Container Registry](/azure/container-registry/container-registry-get-started-portal)
 - [Azure CLI](/cli/azure/install-azure-cli)
 - [Docker](https://www.docker.com/community-edition)
 
@@ -91,7 +91,7 @@ Sign in to the [Azure portal](https://portal.azure.com).
 
 1. At the top of the page, select the **Container** tab.
 
-1. In the **Container** tab, for **Image Source**, select **Azure Container Registry**. Under **Azure container registry options**, set the following values:
+1. In the **Container** tab, for **Image Source**, select **Azure Container Registry**. Under **Azure Container Registry options**, set the following values:
 
    - **Registry**: Select your Azure Container Registry.
    - **Image**: Select **dotnetcore-docs-hello-world-linux**.

articles/api-management/self-hosted-gateway-settings-reference.md

@@ -27,7 +27,7 @@ This quickstart uses Azure Container Registry as the registry. You can use other
 Create a container registry by following the instructions in [Quickstart: Create a private container registry using the Azure portal](/azure/container-registry/container-registry-get-started-portal).
 
 > [!IMPORTANT]
-> Be sure to set the **Admin User** option to **Enable** when you create the Azure container registry. You can also set it from the **Access keys** section of your registry page in the Azure portal. This setting is required for App Service access. For managed identity, see [Deploy from ACR tutorial](../../tutorial-custom-container.md?pivots=container-linux#vi-configure-the-web-app).
+> Be sure to set the **Admin User** option to **Enable** when you create the Azure Container Registry. You can also set it from the **Access keys** section of your registry page in the Azure portal. This setting is required for App Service access. For managed identity, see [Deploy from ACR tutorial](../../tutorial-custom-container.md?pivots=container-linux#vi-configure-the-web-app).
 
 ## Sign in
 
@@ -132,7 +132,7 @@ docker --version
 1. Make sure the image tag begins with `<acr-name>.azurecr.io` and press **Enter**.
 1. When Visual Studio Code finishes pushing the image to your container registry, select **Refresh** at the top of the **REGISTRIES** explorer and verify that the image is pushed successfully.
 
-    :::image type="content" source="../../media/quickstart-docker/image-in-registry.png" alt-text="Screenshot shows the image deployed to Azure container registry.":::
+    :::image type="content" source="../../media/quickstart-docker/image-in-registry.png" alt-text="Screenshot shows the image deployed to Azure Container Registry.":::
 
 ## Deploy to App Service
 

articles/app-service/includes/quickstart-custom-container/quickstart-custom-container-linux-azure-portal-pivot.md

@@ -14,7 +14,7 @@ This quickstart shows you how to deploy an ASP.NET app in a Windows image from A
 ## Prerequisites
 
 - An [Azure account](https://azure.microsoft.com/free/?utm_source=campaign&utm_campaign=vscode-tutorial-docker-extension&mktingSource=vscode-tutorial-docker-extension)
-- An [Azure container registry](/azure/container-registry/container-registry-get-started-portal)
+- An [Azure Container Registry](/azure/container-registry/container-registry-get-started-portal)
 - [Azure CLI](/cli/azure/install-azure-cli)
 - [Install Docker for Windows](https://docs.docker.com/docker-for-windows/install/)
 - [Switch Docker to run Windows containers](/virtualization/windowscontainers/quick-start/quick-start-windows-10)
@@ -94,7 +94,7 @@ Sign in to the [Azure portal](https://portal.azure.com).
 
 1. At the top of the page, select the **Container** tab.
 
-1. In the **Container** tab, for **Image Source**, select **Azure Container Registry** . Under **Azure container registry options**, set the following values:
+1. In the **Container** tab, for **Image Source**, select **Azure Container Registry** . Under **Azure Container Registry options**, set the following values:
 
    - **Registry**: Select your Azure Container Registry.
    - **Image**: Select **dotnetcore-docs-hello-world-linux**.
@@ -137,7 +137,7 @@ The App Service app pulls from the container registry each time it starts. If yo
 - [Secure with custom domain and certificate](../../tutorial-secure-domain-certificate.md)
 - [Integrate your app with an Azure virtual network](../../overview-vnet-integration.md)
 - [Use Private Endpoints for App Service apps](../../networking/private-endpoint.md)
-- [Use Azure container registry with Private Link](/azure/container-registry/container-registry-private-link)
+- [Use Azure Container Registry with Private Link](/azure/container-registry/container-registry-private-link)
 - [Migrate to Windows container in Azure](../../tutorial-custom-container.md)
 - [Deploy a container with Azure Pipelines](../../deploy-container-azure-pipelines.md)
 - [Deploy a container with GitHub Actions](../../deploy-container-github-action.md)