MicrosoftDocs
diff --git a/‎articles/active-directory-b2c/tutorial-create-user-flows.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-b2c/tutorial-create-user-flows.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/api-center/includes/api-center-service-limits.md
Lines changed: 2 additions & 4 deletions b/‎articles/api-center/includes/api-center-service-limits.md
Lines changed: 2 additions & 4 deletions
diff --git a/‎articles/app-service/deploy-staging-slots.md
Lines changed: 1 addition & 1 deletion b/‎articles/app-service/deploy-staging-slots.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/app-service/manage-backup.md
Lines changed: 2 additions & 0 deletions b/‎articles/app-service/manage-backup.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎articles/app-service/overview-authentication-authorization.md
Lines changed: 1 addition & 1 deletion b/‎articles/app-service/overview-authentication-authorization.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/app-service/overview-managed-identity.md
Lines changed: 1 addition & 1 deletion b/‎articles/app-service/overview-managed-identity.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/app-service/overview-tls.md
Lines changed: 1 addition & 1 deletion b/‎articles/app-service/overview-tls.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/app-service/routine-maintenance.md
Lines changed: 1 addition & 1 deletion b/‎articles/app-service/routine-maintenance.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/app-service/troubleshoot-diagnostic-logs.md
Lines changed: 1 addition & 1 deletion b/‎articles/app-service/troubleshoot-diagnostic-logs.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/application-gateway/application-gateway-tls-version-retirement.md
Lines changed: 77 additions & 0 deletions b/‎articles/application-gateway/application-gateway-tls-version-retirement.md
Lines changed: 77 additions & 0 deletions
@@ -213,7 +213,7 @@ Next, specify that the application should be treated as a public client:
 1. Ensure that **"isFallbackPublicClient": true** is set in the application manifest:
     1. In the left menu, under **Manage**, select **Manifest** to open application manifest.
     1. Switch from the **Microsoft Graph App Manifest (New)** tab to the **AAD Graph App Manifest (Deprecating Soon)** tab.
-    1. Find **allowPublicClient** key and ensure its value is set to **true**.
+    1. Find **isFallbackPublicClient** key and ensure its value is set to **true**.
 
 
 Now, grant permissions to the API scope you exposed earlier in the *IdentityExperienceFramework* registration:
 
@@ -7,14 +7,13 @@ author: dlepow
 
 ms.service: azure-api-center
 ms.topic: include
-ms.date: 01/09/2025
+ms.date: 03/18/2025
 ms.author: danlep
 ms.custom: Include file
 ---
 
 | Resource | Free plan<sup>1</sup> | Standard plan<sup>2</sup> |
 | ---------------------------------------------------------------------- | -------------------------- |-------------|
-| Maximum number of APIs | 200<sup>3</sup> |  10,000 |
 | Maximum number of versions per API | 5 | 100 |
 | Maximum number of definitions per version | 5  | 5 |
 | Maximum number of deployments per API | 10 | 10 |
@@ -23,12 +22,11 @@ ms.custom: Include file
 | Maximum number of custom metadata properties per entity<sup>3</sup> | 10 | 20 |
 | Maximum number of child properties in custom metadata property of type "object" | 10 |10 | 
 | Maximum requests per minute (data plane) | 3,000 | 6,000  |
-| Maximum number of APIs accessed through data plane API | 5 | 10,000 |
 | Maximum number of API definitions [analyzed](../enable-managed-api-analysis-linting.md) | 10 | 2,000<sup>4</sup>  |
 | Maximum number of linked API sources<sup>5</sup> | 1  |  3 |
 | Maximum number of APIs synchronized from a linked API source | 200 | 2,000<sup>4</sup>  |
 
-<sup>1</sup> Free plan provided for 90 days, then service is soft-deleted. Use of full service features including API analysis and access through the data plane API is limited.<br/>
+<sup>1</sup> Free plan provided for 90 days, then service is soft-deleted. Use of full service features including API analysis is limited.<br/>
 <sup>2</sup> To increase a limit in the Standard plan, contact [support](https://azure.microsoft.com/support/options/).<br/>
 <sup>3</sup> Custom metadata properties assigned to APIs, deployments, and environments.<br/>
 <sup>4</sup> Process can take a few minutes to up to 24 hours to complete.<br/> 
 
@@ -1,5 +1,5 @@
 ---
-title: Set up Staging Environments in Azure App Service
+title: Set Up Staging Environments
 description: Learn how to deploy apps to a nonproduction slot and automatically swap into production. Increase the reliability and eliminate app downtime from deployments.
 ms.assetid: e224fc4f-800d-469a-8d6a-72bcde612450
 ms.topic: how-to
 
@@ -329,6 +329,8 @@ The following table shows which app configurations are restored when you choose
 
 A custom backup (on-demand backup or scheduled backup) includes all content and configuration that's included in an [automatic backup](#whats-included-in-an-automatic-backup), plus any linked database, up to the allowable maximum size.
 
+Each backup contains a .zip file with backup data and an .xml file {siteName}-{dateTime}.xml, which lists the contents, including [custom domains](app-service-web-tutorial-custom-domain.md). When restoring a custom backup, custom domains from the .xml file will be added to the destination app if no DNS conflict exists (i.e., the domain is available for binding), and if the destination app has different custom domains than the .xml file's custom domain list, those custom domains will be removed.
+
 When [backing up over Azure Virtual Network](#back-up-and-restore-over-azure-virtual-network), you can't [back up the linked database](#back-up-and-restore-a-linked-database).
 
 ### Why is my linked database not backed up?
 
@@ -1,5 +1,5 @@
 ---
-title: Authentication and Authorization in Azure App Service and Azure Functions
+title: Authentication and Authorization
 description: Learn about the built-in authentication and authorization support in Azure App Service and Azure Functions, and how it can help secure your app against unauthorized access.
 ms.assetid: b7151b57-09e5-4c77-a10c-375a262f17e5
 ms.topic: conceptual
 
@@ -1,5 +1,5 @@
 ---
-title: Use managed identities for App Service and Azure Functions
+title: Managed Identities
 description: Learn how managed identities work in Azure App Service and Azure Functions, along with how to configure a managed identity and generate a token for a back-end resource.
 ms.topic: how-to
 ms.date: 09/30/2024
 
@@ -64,7 +64,7 @@ These suites provide strong encryption and are automatically used when TLS 1.3 i
 
 ### TLS 1.2
 
-TLS 1.2 is the **default and recommended** TLS version for App Service. It provides strong encryption and broad compatibility while meeting compliance standards like PCI DSS. New web apps and SCM endpoints are automatically set to TLS 1.2 unless changed.
+TLS 1.2 is the **default** TLS version for App Service. It provides strong encryption and broad compatibility while meeting compliance standards like PCI DSS. New web apps and SCM endpoints are automatically set to TLS 1.2 unless changed.
 
 Azure App Service uses a secure set of TLS 1.2 cipher suites to ensure encrypted connections and protect against known vulnerabilities. While TLS 1.0 and 1.1 can be enabled for backward compatibility, they are not recommended.
 
 
@@ -60,7 +60,7 @@ Maintenance operations upgrade machines iteratively while App Service monitors t
 
 ### Are business hours reflected?
 
-Yes, business hours are reflected for the time zone of the region. Maintenance operations are optimized to start outside the standard business hours of 9 AM to 5 PM. Statistically, that's the best time for any interruptions and restarts of workloads because there's less stress on the system (in customer applications and transitively on the platform itself). If resources are still upgrading by 9 AM in a given region, the upgrade will safely pause before the next critical step and until the end of business hours. 
+Yes, business hours are reflected for the time zone of the region. Maintenance operations are optimized to start outside the standard business hours of 9 AM to 5 PM. Statistically, that's the best time for any interruptions and restarts of workloads because there's less stress on the system (in customer applications and transitively on the platform itself). App Service maintenance makes a best effort to reduce maintenance operations during these business hours. If resources are still upgrading by 9 AM in a given region, the upgrade will continue until reaching a safe stopping point, pausing before the next critical step and until the end of business hours.
 
 ### What are my options to control routine maintenance?
 
 
@@ -1,5 +1,5 @@
 ---
-title: Enable Diagnostic Logging for Apps in Azure App Service
+title: Enable Diagnostic Logging
 description: Learn how to enable diagnostic logging and add instrumentation to your application, along with how to access the information logged by Azure.
 ms.assetid: c9da27b2-47d4-4c33-a3cb-1819955ee43b
 ms.topic: how-to
 
@@ -0,0 +1,77 @@
+---
+title: TLS 1.0 and 1.1 retirement on Azure Application Gateway
+description: Guidance for managing your Application Gateway with the upcoming retirement of TLS 1.0 and 1.1.
+services: application gateway
+author: jaesoni
+ms.service: azure-application-gateway
+ms.topic: concept-article
+ms.date: 03/04/2025
+ms.author: greglin
+---
+
+# Managing your Application Gateway with TLS 1.0 and 1.1 retirement
+
+Starting **31st August 2025**, Azure Application Gateway will no longer support **TLS (Transport Layer Security) versions 1.0 and 1.1**. This change aligns with the [Azure-wide retirement](https://azure.microsoft.com/updates?id=update-retirement-tls1-0-tls1-1-versions-azure-services) of these TLS versions to enhance the security. As the owner of an Application Gateway resource, you should review both the Frontend clients and Backend servers TLS connections that may be using these older versions.
+
+## Frontend TLS connections
+
+With deprecation of TLS versions 1.0 and 1.1, the **older Predefined TLS policies** and certain cipher suites from the **Custom TLS policy** will be removed.
+
+### Predefined policies for V2 SKUs
+
+The predefined policies 20150501 and 20170401 that support TLS v1.0 and 1.1 will be discontinued and can no longer be associated with an Application Gateway resource after August 2025. It's advised to transition to one of the recommended TLS policies, 20220101 or 20220101S. Alternatively, the 20170401S policy may be used if specific cipher suites are required. 
+
+![A diagram showing predefined policies for V2 SKUs.](media/application-gateway-tls-version-retirement/v2-retiring-tls-policies.png)
+
+### Custom policies for V2 SKUs
+
+Azure Application Gateway V2 SKU offers two types of custom policies: Custom and CustomV2. The retirement of these TLS versions affects only the "Custom" policy. The newer "CustomV2" policy comes with TLS v1.3. Beyond August 2025, the older Custom policy will support only TLS v1.2 and the following cipher suites won't be supported.
+
+| Unsupported cipher suites |
+| ---------- |
+| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
+| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
+| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
+| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
+| TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
+| TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
+| TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
+| TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
+| TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
+| TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
+| TLS_RSA_WITH_3DES_EDE_CBC_SHA |
+| TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
+
+### Predefined policies for V1 SKUs
+
+The V1 SKU will only support the 20170401S policy after the older policies with TLS versions 1.0 and 1.1 are discontinued. The newer 20220101 or 20220101S policies won't be available for the soon-to-be-retired V1 SKU.
+
+![A diagram showing predefined policies for V1 SKUs.](media/application-gateway-tls-version-retirement/v1-retiring-tls-policies.png)
+
+### Custom policies for V1 SKUs
+
+Application Gateway V1 SKU only supports the older "Custom" policy. Beyond August 2025, this older Custom policy will support only TLS v1.2 and the following cipher suites won't be supported.
+
+| Unsupported cipher suites |
+| ---------- |
+| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
+| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
+| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
+| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
+| TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
+| TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
+| TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
+| TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
+| TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
+| TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
+| TLS_RSA_WITH_3DES_EDE_CBC_SHA |
+| TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
+
+## Backend TLS connections
+
+You don't need to configure anything on your Application Gateway for the backend connection's TLS version as the selection of TLS policy has no control over the backend TLS connections. After retirement, the connections to backend servers will always be with preferred TLS v1.3 and up to TLS v1.2. You must ensure that your servers in the backend pools are compatible with these updated protocol versions. This compatibility avoids any disruptions when establishing a TLS/HTTPS connection with those backend servers.
+
+## Next steps
+
+Learn about [TLS policy types and configurations](application-gateway-ssl-policy-overview.md)
+Visit Azure Updates for [retirement notice](https://azure.microsoft.com/updates?searchterms=application+gateway)