Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into reliability-hub-edit

Author: Court72

.openpublishing.publish.config.json

@@ -638,6 +638,12 @@
             "branch": "main",
             "branch_mapping": {}
         },
+        {
+            "path_to_root": "playwright-workspaces",
+            "url": "https://github.com/Azure/playwright-workspaces",
+            "branch": "main",
+            "branch_mapping": {}
+        },
         {
             "path_to_root": "playwright-testing-service",
             "url": "https://github.com/microsoft/playwright-testing-service",

.openpublishing.redirection.json

@@ -4034,6 +4034,36 @@
       "redirect_url": "/azure/expressroute/expressroute-howto-linkvnet-cli",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/expressroute/quickstart-create-expressroute-vnet-template.md",
+      "redirect_url": "/azure/expressroute/expressroute-howto-circuit-resource-manager-template",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/expressroute/expressroute-howto-expressroute-direct-cli.md",
+      "redirect_url": "/azure/expressroute/how-to-expressroute-direct-portal",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/expressroute/expressroute-howto-erdirect.md",
+      "redirect_url": "/azure/expressroute/how-to-expressroute-direct-portal",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/expressroute/how-to-routefilter-cli.md",
+      "redirect_url": "/azure/expressroute/how-to-routefilter-portal",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/expressroute/how-to-routefilter-powershell.md",
+      "redirect_url": "/azure/expressroute/how-to-routefilter-portal",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/expressroute/work-remotely-support.md",
+      "redirect_url": "/azure/networking/working-remotely-support",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/expressroute/working-remotely-support.md",
       "redirect_url": "/azure/expressroute/work-remotely-support",
@@ -6919,6 +6949,11 @@
       "redirect_url": "/azure/sre-agent/usage",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/sre-agent/incident-management-tools.md",
+      "redirect_url": "/azure/sre-agent/overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/app-service/tutorial-sre-agent.md",
       "redirect_url": "/azure/sre-agent/troubleshoot-azure-app-service",
@@ -6963,8 +6998,12 @@
       "source_path": "articles/reliability/migrate-sql-database.md",
       "redirect_url": "/azure/azure-sql/database/enable-zone-redundancy",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/reliability/migrate-app-gateway-v2.md",
+      "redirect_url": "/azure/reliability/reliability-application-gateway-v2",
+      "redirect_document_id": false
     }
-    
   ]
 }
 

articles/active-directory-b2c/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory business-to-customer (B2C)"
 description: "New and updated documentation for the Azure Active Directory business-to-customer (B2C)."
-ms.date: 07/03/2025
+ms.date: 08/01/2025
 ms.service: azure-active-directory
 ms.subservice: b2c
 ms.topic: whats-new
@@ -18,6 +18,12 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory B2C documentation. This article lists new and significantly updated docs from the past three months. To learn what's new with the B2C service, see [What's new in Microsoft Entra ID](../active-directory/fundamentals/whats-new.md), [Azure AD B2C developer release notes](custom-policy-developer-notes.md) and [What's new in Microsoft Entra External ID](/entra/external-id/whats-new-docs).
 
+## July 2025
+
+### Updated articles
+
+- [Azure Active Directory B2C service limits and restrictions](service-limits.md) - Added new region limits
+
 ## June 2025
 
 ### Updated articles
@@ -36,8 +42,3 @@ This month, we added an important note to our articles stating that starting May
 - [Manage administrator accounts in Azure Active Directory B2C](tenant-management-manage-administrator.md) - Updated the User page information
 - [Track user behavior in Azure AD B2C by using Application Insights](analytics-with-application-insights.md) - Replaced instrumentation key with connection string
 
-## March 2025
-
-### Updated articles
-- [Error codes: Azure Active Directory B2C](error-codes.md) - Updated error messages
-

articles/api-center/includes/about-mcp-servers.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-center
 ms.topic: include
-ms.date: 05/12/2025
+ms.date: 07/16/2025
 ms.author: danlep
 ms.custom:
   - Include file
@@ -21,24 +21,9 @@ The [model context protocol](https://www.anthropic.com/news/model-context-protoc
 
 ### MCP architecture
 
-The following diagram illustrates the MCP architecture:
- 
-:::image type="content" source="media/about-mcp-servers/mcp-architecture.png" alt-text="Diagram of model context protocol (MCP) architecture.":::
-
-The architecture consists of the following components:
-
-| Component      | Description                                                                                     |
-|----------------|-------------------------------------------------------------------------------------------------|
-| **MCP hosts**  | LLM applications such as chat apps or AI assistants in your IDEs (like GitHub Copilot in Visual Studio Code) that need to access external capabilities |
-| **MCP clients**| Protocol clients, inside the host application, that maintain 1:1 connections with servers        |
-| **MCP servers**| Lightweight programs that each expose specific capabilities and provide context, tools, and prompts to clients |
-| **MCP protocol**| Transport layer in the middle        |
-
 MCP follows a client-server architecture where a host application can connect to multiple servers. Whenever your MCP host or client needs a tool, it connects to the MCP server. The MCP server then connects to, for example, a database or an API. MCP hosts and servers connect with each other through the MCP protocol.
 
-### Remote versus local MCP servers
-
-MCP utilizes a client-host-server architecture built on [JSON-RPC 2.0 for messaging](https://modelcontextprotocol.io/docs/concepts/architecture). Communication between clients and servers occurs over defined transport layers, and supports primarily two modes of operation:
+The MCP architecture is built on [JSON-RPC 2.0 for messaging](https://modelcontextprotocol.io/docs/concepts/architecture). Communication between clients and servers occurs over defined transport layers, and supports primarily two modes of operation:
 
 * **Remote MCP servers** - MCP clients connect to MCP servers over the internet, establishing a connection using HTTP and server-sent events (SSE), and authorizing the MCP client access to resources on the user's account using OAuth.
 

articles/api-center/register-discover-mcp-server.md

@@ -4,7 +4,7 @@ description: Learn about how Azure API Center can be a centralized registry for
 author: dlepow
 ms.service: azure-api-center
 ms.topic: concept-article
-ms.date: 07/22/2025
+ms.date: 08/04/2025
 ms.author: danlep 
 # Customer intent: As an API program manager, I want to register and discover  MCP servers as APIs in my API Center inventory.
 ms.custom:
@@ -74,6 +74,7 @@ For a live example of how Azure API Center can power your private, enterprise-re
 
 ## Related content
 
+* [About MCP servers in API Management](../api-management/mcp-server-overview.md)
 * [Import APIs to your API center from API Management](import-api-management-apis.md)
 * [Use the Visual Studio extension for API Center](build-register-apis-vscode-extension.md) to build and register APIs from Visual Studio Code.
 

articles/api-management/TOC.yml

@@ -236,7 +236,7 @@
   items:
   - name: AI gateway capabilities in API Management
     href: genai-gateway-capabilities.md
-  - name: Import LLM APIs
+  - name: Manage LLM APIs
     items:
     - name: Import Azure AI Foundry API
       href: azure-ai-foundry-api.md
@@ -248,12 +248,20 @@
       href: openai-compatible-google-gemini-api.md
     - name: Import Amazon Bedrock API
       href: amazon-bedrock-passthrough-llm-api.md
-  - name: Expose REST API as MCP server
-    href: export-rest-mcp-server.md
-  - name: Semantic caching for Azure OpenAI API requests
-    href: azure-openai-enable-semantic-caching.md
-  - name: Authenticate and authorize to Azure OpenAI
-    href: api-management-authenticate-authorize-azure-openai.md
+    - name: Semantic caching for LLM API requests
+      href: azure-openai-enable-semantic-caching.md
+    - name: Authenticate and authorize to Azure OpenAI
+      href: api-management-authenticate-authorize-azure-openai.md
+  - name: Manage MCP servers
+    items:
+    - name: MCP server capabilities
+      href: mcp-server-overview.md
+    - name: Expose REST API as MCP server
+      href: export-rest-mcp-server.md
+    - name: Expose existing MCP server
+      href: expose-existing-mcp-server.md
+    - name: Secure access to MCP servers
+      href: secure-mcp-servers.md
 - name: Manage APIs with policies
   items:
   - name: API Management policies overview
@@ -449,7 +457,7 @@
     href: diagnose-solve-problems.md
   - name: Troubleshoot failed to update hostnames error
     href: api-management-troubleshoot-cannot-add-custom-domain.md
-  - name: Troubleshoot response timeouts and errors
+  - name: Troubleshoot response time-outs and errors
     href: troubleshoot-response-timeout-and-errors.md
 - name: Samples
   items:

articles/api-management/api-management-features.md

@@ -52,7 +52,8 @@ Each API Management [pricing tier](api-management-key-concepts.md#api-management
 | Static IP                                                                                    | No          | Yes       | Yes   | No          |Yes      | No          | Yes     | No |
 | Export API to Power Platform                                                         | Yes          | Yes       | Yes    | Yes       | Yes       | Yes       | Yes     | Yes |
 | Export API to Postman                                                         | Yes          | Yes       | Yes    | Yes       | Yes       | Yes       | Yes     | Yes |
-| Export API to MCP server (preview)                                                        | No          | No       | Yes    | No       | Yes       | No       | Yes     | No |
+| Export API to MCP server (preview)                                                        | No          | No       | Yes    | Yes       | Yes       | Yes       | Yes     | Yes |
+| Expose existing MCP server (preview)                                                      | No          | No       | Yes    | Yes       | Yes       | Yes       | Yes     | Yes |
 
 <sup>1</sup> Enables the use of Microsoft Entra ID (and Azure AD B2C or [Microsoft Entra External ID](/entra/external-id/customers/overview-customers-ciam)) as an identity provider for user sign in on the developer portal.<br/>
 <sup>2</sup> Including related functionality such as users, groups, issues, applications, and email templates and notifications.<br/>

articles/api-management/api-management-gateways-overview.md

@@ -77,12 +77,12 @@ The following tables compare features available in the following API Management
 | [Built-in cache](api-management-howto-cache.md) | ✔️ | ✔️ | ❌ | ❌ | ✔️ |
 | [External Redis-compatible cache](api-management-howto-cache-external.md) | ✔️ | ✔️ |✔️ | ✔️ | ❌ |
 | [Virtual network injection](virtual-network-concepts.md)  |  Developer, Premium | Premium v2 | ❌ | ✔️<sup>1,2</sup> | ✔️ |
-| [Inbound private endpoints](private-endpoint.md)  |  Developer, Basic, Standard, Premium | Standard v2 | ❌ | ❌ | ❌ |
+| [Inbound private endpoints](private-endpoint.md)  |  ✔️ | Standard v2 | ❌ | ❌ | ❌ |
 | [Outbound virtual network integration](integrate-vnet-outbound.md)  | ❌ | Standard  v2, Premium v2  |  ❌ | ❌ | ✔️ |
 | [Availability zones](zone-redundancy.md)  |  Premium | ❌  | ❌ | ✔️<sup>1</sup> | ❌ |
 | [Multi-region deployment](api-management-howto-deploy-multi-region.md) |  Premium | ❌ |  ❌ | ✔️<sup>1</sup> | ❌ |
 | [CA root certificates](api-management-howto-ca-certificates.md) for certificate validation |  ✔️ | ❌ | ❌ | ✔️<sup>3</sup> |  ❌ |
-| [Managed domain certificates](configure-custom-domain.md?tabs=managed#domain-certificate-options) |  Developer, Basic, Standard, Premium | ❌ | ✔️ | ❌ | ❌ |
+| [Managed domain certificates](configure-custom-domain.md?tabs=managed#domain-certificate-options) |  ✔️ | ❌ | ✔️ | ❌ | ❌ |
 | [TLS settings](api-management-howto-manage-protocols-ciphers.md) |  ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
 | **HTTP/2** (Client-to-gateway) | ✔️<sup>4</sup> | ✔️<sup>4</sup> |❌ | ✔️ | ❌ |
 | **HTTP/2** (Gateway-to-backend) |  ❌ | ✔️<sup>5</sup> | ❌ | ✔️<sup>5</sup> | ❌ |
@@ -114,8 +114,7 @@ The following tables compare features available in the following API Management
 | [Azure OpenAI and LLM](azure-openai-api-from-specification.md) | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
 | [Circuit breaker in backend](backends.md#circuit-breaker)  |  ✔️ | ✔️ | ❌ | ✔️ | ✔️ |
 | [Load-balanced backend pool](backends.md#load-balanced-pool)  |  ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
-
-<sup>1</sup> Synthetic GraphQL subscriptions (preview) aren't supported.
+| [Pass-through MCP server](expose-existing-mcp-server.md) (preview) |  Basic, Standard, Premium | ✔️ | ❌ | ❌ | ❌ |
 
 ### Policies
 

articles/api-management/backends.md

@@ -128,6 +128,9 @@ The backend circuit breaker is an implementation of the [circuit breaker pattern
 > * Because of the distributed nature of the API Management architecture, circuit breaker tripping rules are approximate. Different instances of the gateway do not synchronize and will apply circuit breaker rules based on the information on the same instance.
 > * Currently, only one rule can be configured for a backend circuit breaker.
 
+> [!CAUTION]
+> If you configure an Azure OpenAI service as a backend and the service receives too many requests, it returns a `429 Too Many Requests` response status code and  a `Retry-After` header with a value that can be large (for example, 1 day). With Azure OpenAI backends we recommend implementing circuit breaker rules to handle the `429` responses and accept the `Retry-After` duration.
+
 ### Example
 
 Use the Azure portal, API Management [REST API](/rest/api/apimanagement/backend), or a Bicep or ARM template to configure a circuit breaker in a backend. In the following example, the circuit breaker in *myBackend* in the API Management instance *myAPIM* trips when there are three or more `5xx` status codes indicating server errors in 1 hour. 

articles/api-management/cors-policy.md

@@ -42,7 +42,7 @@ The `cors` policy adds cross-origin resource sharing (CORS) support to an operat
 |Name|Description|Required|Default|
 |----------|-----------------|--------------|-------------|
 |allow-credentials|The `Access-Control-Allow-Credentials` header in the preflight response will be set to the value of this attribute and affect the client's ability to submit credentials in cross-domain requests. Policy expressions are allowed.|No|`false`|
-|terminate-unmatched-request|Controls the processing of cross-origin requests that don't match the policy settings. Policy expressions are allowed.<br/><br/>When `OPTIONS` request is processed as a preflight request and `Origin` header doesn't match policy settings:<br/> - If the attribute is set to `true`, immediately terminate the request with an empty `200 OK` response<br/>- If the attribute is set to `false`, check inbound for other in-scope `cors` policies that are direct children of the inbound element and apply them. If no `cors` policies are found, terminate the request with an empty `200 OK` response. <br/><br/>When `GET` or `HEAD` request includes the `Origin` header (and therefore is processed as a simple cross-origin request), and doesn't match policy settings:<br/>- If the attribute is set to `true`, immediately terminate the request with an empty `200 OK` response.<br/> - If the attribute is set to `false`, allow the request to proceed normally and don't add CORS headers to the response.|No|`true`|
+|terminate-unmatched-request|Controls the processing of cross-origin requests that don't match the policy settings. Policy expressions are allowed.<br/><br/>When `OPTIONS` request is processed as a preflight request and `Origin` header doesn't match policy settings:<br/> - If the attribute is set to `true`, immediately terminate the request with an empty `200 OK` response<br/>- If the attribute is set to `false`, check inbound for other in-scope `cors` policies that are direct children of the inbound element and apply them. If no `cors` policies are found, terminate the request with an empty `200 OK` response. <br/><br/>When `GET` or `HEAD` request includes the `Origin` header (and therefore is processed as a simple cross-origin request), and doesn't match policy settings:<br/>- If the attribute is set to `true`, immediately terminate the request with an empty `200 OK` response.<br/> - If the attribute is set to `false`, allow the request to proceed normally and don't add CORS headers to the response.|No|`false`|
 
 ## Elements