Merge pull request #302335 from MicrosoftDocs/main

Merged by Learn.Build PR Management system

Author: learn-build-service-prod[bot]

articles/app-service/app-service-hybrid-connections.md

@@ -4,7 +4,7 @@ description: Learn how to create and use hybrid connections in Azure App Service
 author: seligj95
 ms.assetid: 66774bde-13f5-45d0-9a70-4e9536a4f619
 ms.topic: article
-ms.date: 06/04/2025
+ms.date: 07/07/2025
 ms.update-cycle: 1095-days
 ms.author: jordanselig
 ms.custom:
@@ -170,6 +170,8 @@ To support the Hybrid Connections it's configured with, the Hybrid Connection Ma
 
 - TCP access to Azure over port 443.
 - TCP access to the Hybrid Connection endpoint.
+- Windows clients must have ports 4999-5001 available.
+- Linux clients must have port 5001 available.
 - The ability to do DNS look-ups on the endpoint host and the Service Bus namespace. In other words, the hostname in the Azure relay connection should be resolvable from the machine that hosts the Hybrid Connection Manager.
 
 ### Getting started with the Hybrid Connection Manager GUI

articles/application-gateway/configuration-infrastructure.md

@@ -91,6 +91,10 @@ Depending on whether you're creating new resources or using existing ones, add t
 | ApplicationGatewayWebApplicationFirewallPolicies | Create new / Update existing | `Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/write` <br> `Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/read` <br> `Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/join/action` |
 
 For more information, see [Azure permissions for Networking](../role-based-access-control/permissions/networking.md) and [Virtual network permissions](../virtual-network/virtual-network-manage-subnet.md#permissions).
+
+> [!NOTE]
+> When deploying an Application Gateway as part of an [Azure Managed Applicaton](../azure-resource-manager/managed-applications/overview.md), ensure that any deny assignments do not conflict with the RBAC Owner role assignment, as deny assignments take precedence over RBAC permissions.
+
 ## Roles scope
 In the process of custom role definition, you can specify a role assignment scope at four levels: management group, subscription, resource group, and resources. To grant access, you assign roles to users, groups, service principals, or managed identities at a particular scope.
 These scopes are structured in a parent-child relationship, with each level of hierarchy making the scope more specific. You can assign roles at any of these levels of scope, and the level you select determines how widely the role is applied.

articles/azure-vmware/deploy-vmware-cloud-director-availability-in-azure-vmware-solution.md

@@ -11,7 +11,7 @@ ms.date: 01/09/2025
 
 In this article, learn how to deploy VMware Cloud Director Availability in Azure VMware Solution.
 
-Customers can use [VMware Cloud Director Availability](https://techdocs.broadcom.com/us/en/vmware-cis/cloud-director/availability/4-7/what-is-vcda.html), a Disaster Recovery as a Service (DRaaS) solution, to protect and migrate workloads both to and from the VMware Cloud Director service associated with Azure VMware Solution. The native integration of VMware Cloud Director Availability with VMware Cloud Director and VMware Cloud Director service (CDS) enables provider and their tenants to efficiently manage migration and disaster recovery for workloads through the VMware Cloud Director Availability provider and tenant portal. 
+Customers can use [VMware Cloud Director Availability](/azure/azure-vmware/deploy-vmware-cloud-director-availability-in-azure-vmware-solution), a Disaster Recovery as a Service (DRaaS) solution, to protect and migrate workloads both to and from the VMware Cloud Director service associated with Azure VMware Solution. The native integration of VMware Cloud Director Availability with VMware Cloud Director and VMware Cloud Director service (CDS) enables provider and their tenants to efficiently manage migration and disaster recovery for workloads through the VMware Cloud Director Availability provider and tenant portal. 
 
 ## VMware Cloud Director Availability scenarios on Azure VMware Solution
 
@@ -98,30 +98,30 @@ The following image shows the Run commands that are available under **VMware.VCD
 
 :::image type="content" source="media/deploy-vmware-cloud-director-availability/vmware-cloud-director-availability-run-command.png" alt-text="Screenshot shows multiple VMware Cloud Director Availability Run commands available within the VMware Cloud Director Availability Run command package."lightbox="media/deploy-vmware-cloud-director-availability/vmware-cloud-director-availability-run-command.png"::: 
 
-Refer to [VMware Cloud Director Availability in Azure VMware Solution](https://techdocs.broadcom.com/us/en/vmware-cis/cloud-director/availability/4-7/availability-in-avs-4-7.html) for detailed instructions on utilizing the Run commands to effectively install and manage VMware Cloud Director Availability within your Azure solution private cloud. 
+Refer to [VMware Cloud Director Availability in Azure VMware Solution](https://techcommunity.microsoft.com/blog/azuremigrationblog/generally-available-vmware-cloud-director-availability-for-azure-vmware-solution/4042469) for detailed instructions on utilizing the Run commands to effectively install and manage VMware Cloud Director Availability within your Azure solution private cloud. 
 
 ## FAQs
 
 ### How do I install and configure VMware Cloud Director Availability in Azure VMware Solution and what are the prerequisites? 
 
-Deploy VMware Cloud Director Availability using Run commands to enable classic engines and to access Disaster Recovery functionality. See prerequisites and procedures in [Run command in Azure VMware Solution](https://techdocs.broadcom.com/us/en/vmware-cis/cloud-director/availability/4-7/availability-in-avs-4-7/availability-run-commands-in-avs.html).
+Deploy VMware Cloud Director Availability using Run commands to enable classic engines and to access Disaster Recovery functionality. See prerequisites and procedures in [Run command in Azure VMware Solution](/azure/azure-vmware/using-run-command).
 
 ### How is VMware Cloud Director Availability supported?
 
 VMware Cloud Director Availability is a VMware owned and supported product on Azure VMware Solution. For any support queries on VMware Cloud Director availability, contact VMware support for assistance. Both VMware and Microsoft support teams collaborate as necessary to address and resolve VMware Cloud Director Availability issues within Azure VMware Solution.
 
 ### What are Run commands in Azure VMware Solution? 
 
-For more information, go to [Run Command in Azure VMware Solution](/azure/azure-vmware/concepts-run-command).
+For more information, go to [Run Command in Azure VMware Solution](https://techdocs.broadcom.com/us/en/vmware-cis/live-recovery/cloud-director-availability/4-7/availability-in-avs-4-7/availability-run-commands-in-avs.html).
 
 ### How can I add more Replicators in my existing VMware Cloud Director Availability instance in Azure VMware Solution?
 
 You can use Run Command **Install-VCDAReplicator** to install and configure new VMware Cloud Director Availability replicator virtual machines in Azure VMware Solution.
 
 ### How can I upgrade VMware Cloud Director availability?
 
-VMware Cloud Director Availability can be upgraded using [Appliances upgrade sequence and prerequisites](https://techdocs.broadcom.com/us/en/vmware-cis/cloud-director/availability/4-7/cloud-availability-install-config-and-upgrade-guide-4-7/upgrading-in-the-cloud-director-site/vcav-upgrade-sequence.html).
+VMware Cloud Director Availability can be upgraded using [Appliances upgrade sequence and prerequisites](https://techdocs.broadcom.com/us/en/vmware-cis/live-recovery/cloud-director-availability/4-7/cloud-availability-install-config-and-upgrade-guide-4-7/upgrading-in-the-cloud-director-site.html).
 
 ## Next steps
 
-Learn more about VMware Cloud Director Availability Run commands in Azure VMware Solution, [VMware Cloud Director availability](https://techdocs.broadcom.com/us/en/vmware-cis/cloud-director/availability/4-7/what-is-vcda.html).
+Learn more about VMware Cloud Director Availability Run commands in Azure VMware Solution, [VMware Cloud Director availability](https://techdocs.broadcom.com/us/en/vmware-cis/live-recovery/cloud-director-availability/4-7/availability-in-avs-4-7/availability-run-commands-in-avs/installing.html).

articles/communication-services/concepts/interop/guest/meeting-capabilities.md

@@ -96,6 +96,8 @@ This article describes which capabilities Azure Communication Services SDKs supp
 | | Honor disabling or enabling a camera as an attendee | ✔️ |
 | | Adding Teams user honors information barriers | ✔️ |
 | | Announce when phone callers join or leave  | ❌ |
+| | Check if Teams participant has display name changed | ✔️ |
+| | Get notification that Teams participant display name changed | ✔️ |
 | Teams Copilot | User can access Teams Copilot | ❌[6] |
 | | User's transcript is captured when Copilot is enabled  | ✔️ |
 | Device management | Ask for permission to use audio and/or video | ✔️ |

articles/communication-services/concepts/interop/teams-user/meeting-capabilities.md

@@ -71,6 +71,8 @@ The following list of capabilities is allowed when Microsoft 365 users participa
 |                   | Disable or enable camera for attendees                                                                              | ❌        | ❌ | ❌ | ❌ |
 |                   | Honor disabling or enabling a camera as an attendee                                                                 | ✔️        | ✔️ | ✔️ | ✔️ |
 |                   | Adding Teams user honors information barriers                                                                       |   ✔️      | ✔️ | ✔️ | ✔️ |
+| | Check if Teams participant has display name changed | ✔️ | ❌ | ❌ | ❌ |
+| | Get notification that Teams participant display name changed | ✔️ | ❌ | ❌ | ❌ |
 | Device Management | Ask for permission to use  audio and/or video                                                                       | ✔️        | ✔️ | ✔️ | ✔️ |
 |                   | Get camera list                                                                                                     | ✔️        | ✔️ | ✔️ | ✔️ |
 |                   | Set camera                                                                                                          | ✔️        | ✔️ | ✔️ | ✔️ |
@@ -179,6 +181,7 @@ Teams meeting organizers can configure the Teams meeting options to adjust the e
 |[Allow reactions](/microsoftteams/meeting-policies-in-teams-general#meeting-reactions)|If enabled, Teams users can use reactions in the Teams meeting. Azure Communication Services doesn't support reactions. |❌|
 |[RTMP-IN](/microsoftteams/stream-teams-meetings)|If enabled, organizers can stream meetings and webinars to external endpoints by providing a Real-Time Messaging Protocol (RTMP) URL and key to the built-in Custom Streaming app in Teams. |Not applicable|
 |[Provide CART Captions](https://support.microsoft.com/office/use-cart-captions-in-a-microsoft-teams-meeting-human-generated-captions-2dd889e8-32a8-4582-98b8-6c96cf14eb47)|Communication access real-time translation (CART) is a service in which a trained CART captioner listens to the speech and instantaneously translates all speech to text. As a meeting organizer, you can set up and offer CART captioning to your audience instead of the Microsoft Teams built-in live captions that are automatically generated.|❌|
+|[Recognize and respond to Teams meeting participant display name changes](https://techcommunity.microsoft.com/blog/microsoft365insiderblog/edit-your-display-name-in-teams-meetings/4389359)|Teams users can change their display name in Teams meetings. As a meeting organizer, you can enable this feature in meeting options. The ACS Calling client SDK can receive notification of display name changes and determine whether the display name has changed, but it cannot make changes to the display name. |✔️|
 
 
 ## Next steps

articles/communication-services/concepts/interop/tpe/teams-phone-extensibility-faq.md

@@ -68,6 +68,10 @@ The business model for TPE is consistent with Azure Communication Services regul
 
 For TPE calls, we provide access to telemetry details similar to what is offered on Azure today for regular Azure Communication Services calls. These details include [Call Summary](/azure/azure-monitor/reference/tables/acscallsummary), [Call Diagnostics](/azure/azure-monitor/reference/tables/acscalldiagnostics), and what is available on the Teams admin center. You can also differentiate between Azure Communication Services and Teams Phone extensibility calls.
 
+## Why is my end user hearing an announcement that I didn't trigger whenever I start or pause the call recording?
+
+When a recording is started or paused in a call that includes a PSTN user and a Teams or Dual Persona user, the PSTN user will hear an announcement indicating the change. This is due to compliance requirements on Teams to ensure that all participants are aware of the recording status.
+
 ## How can I report issues related to TPE calls?
 
 If the developer or ISV has issues related to Azure Communication Services SDKs or services such as Call Automation, Calling SDK, or Call Recording, follow existing support process at [https://aka.ms/ACS-Support](https://aka.ms/ACS-Support).

articles/container-apps/waf-app-gateway.md

@@ -5,7 +5,7 @@ services: container-apps
 author: craigshoemaker
 ms.service: azure-container-apps
 ms.topic:  how-to
-ms.date: 04/28/2025
+ms.date: 07/07/2025
 ms.author: cshoe
 ---
 
@@ -190,7 +190,7 @@ The backend pool is used to route requests to the appropriate backend servers. B
 - Internal IP addresses
 - Virtual Machine Scale Sets
 - Fully qualified domain names (FQDN)
-- Multi-tenant back-ends like Azure App Service and Container Apps
+- Multitenant back-ends like Azure App Service and Container Apps
 
 In this example, you create a backend pool that targets your container app. 
 
@@ -278,6 +278,15 @@ To connect the frontend and backend pool, perform the following steps:
     | Host name override | Select **Pick host name from backend target**. |
     | Create custom probes | Select **No**. |
 
+1. Under **Request Header Rewrite**, configure the following:
+
+    - Enable Request Header Rewrite: Select **Yes**.  
+    - Add a request header:
+      - Header name: `X-Forwarded-Host`
+      - Value: `{host}`
+
+    This action ensures that the original `Host` header from the client request is preserved and accessible by the backend application.  
+
 1. Select **Add**, to add the backend settings.
 
 1. In the *Add a routing rule* window, select **Add** again.
@@ -302,10 +311,29 @@ You can establish a secured connection to internal-only container app environmen
     | Private link subnet | Select the subnet you wish to create the private link with. |
     | Frontend IP Configuration | Select the frontend IP for your Application Gateway. |
 
-1. Under **Private IP address settings** select **Add**.
+1. Under **Private IP address settings**, select **Add**.
 
 1. Select **Add** at the bottom of the window.
 
+## Preserve original host header for redirects and SSO
+
+When Azure Application Gateway is configured as a reverse proxy and the *Override with new host name* setting is enabled, the `Host` header is modified. Modifying the header can interfere with applications that rely on the original host value to generate redirect URLs, absolute links, or support OpenID Connect (OIDC) authentication flows.
+
+To forward the original host header, you can inject it into the `X-Forwarded-Host` header using Application Gateway's request header rewrite feature.
+
+### Configure X-Forwarded-Host injection
+
+To enable `X-Forwarded-Host` injection:
+
+1. Under the **Configuration** tab, select **Backend settings** section of your Application Gateway routing rule:
+
+    - Enable **Request Header Rewrite**.
+    - Add a new request header with the following values:
+      - Header name: `X-Forwarded-Host`
+      - Value: `{host}`
+
+    Your backend app can now read the original request host using the `X-Forwarded-Host` header.
+
 ## Verify the container app
 
 # [Default domain](#tab/default-domain)

articles/cost-management-billing/scope-level/create-sql-license-assignments.md

@@ -7,7 +7,7 @@ ms.date: 04/23/2025
 ms.topic: how-to
 ms.service: cost-management-billing
 ms.subservice: ahb
-ms.reviewer: primittal
+ms.reviewer: laurtay
 ms.custom: cpx
 ---
 

articles/expressroute/expressroute-config-samples-routing.md

@@ -256,7 +256,7 @@ Configure BFD under the protocol BGP section only.
                                 peer-as 12076;
                                 neighbor <IP#2_used_by_Azure>;
                                 bfd-liveness-detection {
-                                        minimum-interval 3000;
+                                        minimum-interval 300;
                                         multiplier 3;
                                 }
                         }

articles/load-balancer/upgrade-basic-standard-with-powershell.md

@@ -92,6 +92,8 @@ Install-Module -Name AzureBasicLoadBalancerUpgrade -Scope CurrentUser -Repositor
 - Plan for instance-level Public IP changes on Virtual Machine Scale Set instances (see note)
 - [Recommended] Create Network Security Groups or add security rules to an existing Network Security Group for your backend pool members. Allow the traffic through the Load Balancer along with any other traffic to be explicitly allowed on public Standard SKU resources
 - [Recommended] Prepare your [outbound connectivity](../virtual-network/ip-services/default-outbound-access.md), taking one of the following approaches described in [How should I configure outbound traffic for my Load Balancer?](#how-should-i-configure-outbound-traffic-for-my-load-balancer)
+- [Important] Remove all locks from the load balancer, its resource group, and any related resources before starting the migration
+- [Important] Confirm you have the necessary permissions to delete and create load balancers, and to modify associated Virtual Machine Scale Sets (VMSS) and network interfaces
 
 ### Post-migration steps