Merge pull request #292947 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: Taojunshen

articles/iot/iot-security-architecture.md

@@ -154,10 +154,10 @@ The following table shows example mitigations to these threats. The values in th
 
 | Component | Threat | Mitigation | Risk | Implementation |
 | --- | --- | --- | --- | --- |
-| Device |S |Assigning identity to the device and authenticating the device |Replacing device or part of the device with some other device. How do you know you're talking to the right device? |Authenticating the device, using Transport Layer Security (TLS) or IPSec. Infrastructure should support using preshared key (PSK) on those devices that can't handle full asymmetric cryptography. Use Microsoft Entra ID, [OAuth](https://www.rfc-editor.org/pdfrfc/rfc6755.txt.pdf). |
+| Device |S |Assigning identity to the device and authenticating the device |Replacing device or part of the device with some other device. How do you know you're talking to the right device? |Authenticating the device, using Transport Layer Security (TLS) or IPsec. Infrastructure should support using preshared key (PSK) on those devices that can't handle full asymmetric cryptography. Use Microsoft Entra ID, [OAuth](https://www.rfc-editor.org/pdfrfc/rfc6755.txt.pdf). |
 || TRID |Apply tamperproof mechanisms to the device, for example,  by making it hard to impossible to extract keys and other cryptographic material from the device. |The risk is if someone is tampering the device (physical interference). How are you sure that no one tampered with the device? |The most effective mitigation is a trusted platform module (TPM). A TPM stores keys but doesn't allow them to be read. However, the TPM itself can use the keys for cryptographic operations. Memory encryption of the device. Key management for the device. Signing the code. |
 || E |Having access control of the device. Authorization scheme. |If the device allows for individual actions to be performed based on commands from an outside source, or even compromised sensors, it allows the attack to perform operations not otherwise accessible. |Having authorization scheme for the device. |
-| Field Gateway |S |Authenticating the Field gateway to Cloud Gateway (such as cert based, PSK, or Claim based.) |If someone can spoof Field Gateway, then it can present itself as any device. |TLS RSA/PSK, IPSec, [RFC 4279](https://tools.ietf.org/html/rfc4279). All the same key storage and attestation concerns of devices in general – best case is use TPM. 6LowPAN extension for IPSec to support Wireless Sensor Networks (WSN). |
+| Field Gateway |S |Authenticating the Field gateway to Cloud Gateway (such as cert based, PSK, or Claim based.) |If someone can spoof Field Gateway, then it can present itself as any device. |TLS RSA/PSK, IPsec, [RFC 4279](https://tools.ietf.org/html/rfc4279). All the same key storage and attestation concerns of devices in general – best case is use TPM. 6LowPAN extension for IPsec to support Wireless Sensor Networks (WSN). |
 || TRID |Protect the Field Gateway against tampering (TPM) |Spoofing attacks that trick the cloud gateway thinking it's talking to field gateway could result in information disclosure and data tampering |Memory encryption, TPMs, authentication. |
 || E |Access control mechanism for Field Gateway | | |
 

articles/virtual-network/virtual-network-tcpip-performance-tuning.md

@@ -47,7 +47,7 @@ By default, Azure will drop out of order fragments, that is, fragmented packets
 
 #### Tune the MTU
 
-We don't recommend customers increase the MTU on VM NICs. If the VM needs to communicate with destinations that are not in the Virtual Network that have a similar MTU set, fragmentation will likely occur which will decrease performance.
+You may be able to increase intra Virtual Network throughput performance by increasing MTU for your VM's traffic. If the VM needs to communicate with destinations that are not in the Virtual Network that have a similar MTU set, fragmentation will likely occur which will decrease performance. See [Configure Maximum Transmission Unit (MTU) for virtual machines in Azure](./how-to-virtual-machine-mtu.md) for more information about MTU tuning in Azure. 
 
 #### Large send offload