Merge pull request #297511 from MicrosoftDocs/main

4/2/2025 AM Publish

Author: Taojunshen

articles/active-directory-b2c/custom-policies-series-call-rest-api.md

@@ -93,7 +93,7 @@ You need to deploy an app, which serves as your external app. Your custom policy
                     "requestId": "requestId",
                     "userMessage" : "The access code you entered is incorrect. Please try again.",
                     "developerMessage" : `The provided code ${req.body.accessCode} does not match the expected code for user.`,
-                    "moreInfo" :"https://docs.microsoft.com/en-us/azure/active-directory-b2c/string-transformations"
+                    "moreInfo" :"https://learn.microsoft.com/en-us/azure/active-directory-b2c/string-transformations"
                 };
                 res.status(409).send(errorResponse);                
             }
@@ -138,7 +138,7 @@ You need to deploy an app, which serves as your external app. Your custom policy
             "requestId": "requestId",
             "userMessage": "The access code you entered is incorrect. Please try again.",
             "developerMessage": "The provided code 54321 does not match the expected code for user.",
-            "moreInfo": "https://docs.microsoft.com/en-us/azure/active-directory-b2c/string-transformations"
+            "moreInfo": "https://learn.microsoft.com/en-us/azure/active-directory-b2c/string-transformations"
         }
     ```
 Your REST service can return HTTP 4xx status code, but the value of `status` in the JSON response must be `409`.

articles/app-service/configure-authentication-provider-openid-connect.md

@@ -2,33 +2,34 @@
 title: Configure an OpenID Connect Provider
 description: Learn how to configure an OpenID Connect provider as an identity provider for your App Service or Azure Functions app.
 ms.topic: how-to
-ms.date: 10/20/2021
+ms.date: 04/02/2025
 ms.reviewer: mahender
 ms.custom: AppServiceIdentity
 author: cephalin
 ms.author: cephalin
+#customer intent: As an app developer, I want to use a custom authentication provider that uses the OpenID Connect specification in Azure App Service.
 ---
 
 # Configure your App Service or Azure Functions app to sign in by using an OpenID Connect provider
 
 [!INCLUDE [app-service-mobile-selector-authentication](../../includes/app-service-mobile-selector-authentication.md)]
 
-This article shows you how to configure Azure App Service or Azure Functions to use a custom authentication provider that adheres to the [OpenID Connect (OIDC) specification](https://openid.net/connect/). OIDC is an industry standard that many identity providers (IDPs) use. You don't need to understand the details of the specification in order to configure your app to use an adherent IDP.
+This article shows you how to configure Azure App Service or Azure Functions to use a custom authentication provider that adheres to the [OpenID Connect (OIDC) specification](https://openid.net/connect/). OIDC is an industry standard that many identity providers (IDPs) use. You don't need to understand the details of the specification for your app to use an OIDC identity provider.
 
-You can configure your app to use one or more OIDC providers. Each must have a unique alphanumeric name in the configuration, and only one can serve as the default redirect target.
+You can configure your app to use one or more OIDC providers. Each provider must have a unique alphanumeric name in the configuration. Only one provider can serve as the default redirect target.
 
 ## <a name="register"> </a>Register your application with the identity provider
 
 Your provider requires you to register the details of your application with it. One of these steps involves specifying a redirect URI that has the form `<app-url>/.auth/login/<provider-name>/callback`. Each identity provider should provide more instructions on how to complete the steps. The `<provider-name>` value refers to the friendly name that you give to the OpenID provider name in Azure.
 
 > [!NOTE]
-> Some providers might require additional steps for their configuration and for using the values that they provide. For example, Apple provides a private key that isn't itself used as the OIDC client secret. You instead must use it to craft a JSON Web Token (JWT) that's treated as the secret that you provide in your app configuration. For more information, see [Creating a client secret](https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens) in the Apple developer documentation.
+> Some providers might require extra steps for their configuration and for using the values that they provide. For example, Apple provides a private key that isn't itself used as the OIDC client secret. You use it to create a JSON Web Token (JWT). You use the web token as the secret that you provide in your app configuration. For more information, see [Creating a client secret](https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens).
 
-You need to collect a *client ID* and a *client secret* for your application. The client secret is an important security credential. Don't share this secret with anyone or distribute it within a client application.
+You need to collect a *client ID* and a *client secret* for your application. The client secret is an important security credential. Don't share this secret with anyone or distribute it in a client application.
 
-Additionally, you need the OIDC metadata for the provider. This metadata is often exposed in a [configuration metadata document](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig), which is the provider's issuer URL suffixed with `/.well-known/openid-configuration`. Gather this configuration URL.
+You also need the OIDC metadata for the provider. This metadata is often exposed in a [configuration metadata document](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig), which is the provider's issuer URL suffixed with `/.well-known/openid-configuration`. Get this configuration URL.
 
-If you can't use a configuration metadata document, gather the following values separately:
+If you can't use a configuration metadata document, get the following values separately:
 
 - The issuer URL (sometimes shown as `issuer`)
 - The [OAuth 2.0 authorization endpoint](https://tools.ietf.org/html/rfc6749#section-3.1) (sometimes shown as `authorization_endpoint`)
@@ -37,26 +38,30 @@ If you can't use a configuration metadata document, gather the following values
 
 ## <a name="configure"> </a>Add provider information to your application
 
+To add provider information for your OpenID Connect provider, follow these steps.
+
 1. Sign in to the [Azure portal] and go to your app.
 
-1. On the left menu, select **Authentication**. Then select **Add identity provider**.
+1. On the left menu, select **Settings** > **Authentication**. Then select **Add identity provider**.
 
-1. In the dropdown list for identity providers, select **OpenID Connect**.
+1. For **Identity provider**, select **OpenID Connect**.
 
 1. For **OpenID provider name**, provide the unique alphanumeric name that you selected earlier.
 
-1. If you have the URL for the metadata document from the identity provider, provide that value for **Metadata URL**. Otherwise, select the **Provide endpoints separately** option and put each URL gathered from the identity provider in the appropriate field.
+1. If you have the URL for the metadata document from the identity provider, provide that value for **Metadata URL**.
+
+   Otherwise, select **Provide endpoints separately**. Put each URL from the identity provider in the appropriate field.
 
-1. Provide the values that you collected earlier for **Client ID** and **Client Secret**.
+1. Provide the values that you collected earlier for **Client ID** and **Client secret**.
 
-1. Specify an application setting name for your client secret. Your client secret is stored as an app setting to ensure that secrets are stored in a secure fashion. You can update that setting later to use [Azure Key Vault references](./app-service-key-vault-references.md) if you want to manage the secret in Key Vault.
+1. Specify an application setting name for your client secret. Your client secret is stored as an app setting to ensure that secrets are stored in a secure fashion. If you want to manage the secret in Azure Key vault, update that setting later to use [Azure Key Vault references](./app-service-key-vault-references.md).
 
 1. Select **Add** to finish setting up the identity provider.
 
 > [!NOTE]
-> The OpenID provider name can't contain a hyphen (-) because an app setting is created based on this name, and the app setting doesn't support hyphens. Use an underscore (_) instead.  
+> The OpenID provider name can't contain a hyphen (-) because an app setting is created based on this name. The app setting doesn't support hyphens. Use an underscore (_) instead.  
 >
-> Azure requires `openid`, `profile`, and `email` scopes. Make sure that you configured your app registration in your ID provider with at least these scopes.  
+> Azure requires `openid`, `profile`, and `email` scopes. Make sure that you configure your app registration in your ID provider with at least these scopes.
 
 ## <a name="related-content"> </a>Related content
 

articles/automation/python-3-packages.md

@@ -174,7 +174,7 @@ def import_package_with_dependencies (packagename):
         pkgname = get_packagename_from_filename(file)
         download_uri_for_file = resolve_download_url(pkgname, file)
         send_webservice_import_module_request(pkgname, download_uri_for_file)
-        # Sleep a few seconds so we don't send too many import requests https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits#azure-automation-limits
+        # Sleep a few seconds so we don't send too many import requests https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-automation-limits
         time.sleep(10)
 
 if __name__ == '__main__':

articles/azure-cache-for-redis/cache-monitor-diagnostic-settings.md

@@ -29,7 +29,7 @@ Diagnostic settings in Azure are used to collect resource logs. An Azure resourc
 
 ## Cache Metrics
 
-Azure Cache for Redis emits [many metrics](/azure/redis/monitor-cache-reference.md#metrics) such as _Server Load_ and _Connections per Second_ that are useful to log. Selecting the **AllMetrics** option allows these and other cache metrics to be logged. You can configure how long the metrics are retained. See [here for an example of exporting cache metrics to a storage account](/azure/redis/monitor-cache.md#view-cache-metrics).
+Azure Cache for Redis emits [many metrics](../redis/monitor-cache-reference.md#metrics) such as _Server Load_ and _Connections per Second_ that are useful to log. Selecting the **AllMetrics** option allows these and other cache metrics to be logged. You can configure how long the metrics are retained. See [here for an example of exporting cache metrics to a storage account](../redis/monitor-cache.md#view-cache-metrics).
 
 ## Connection Logs
 

articles/azure-functions/functions-bindings-cache-output.md

@@ -334,6 +334,6 @@ There are three types of connections that are allowed from an Azure Functions in
 
 - [Introduction to Azure Functions](functions-overview.md)
 - [Tutorial: Get started with Azure Functions triggers in Azure Cache for Redis](/azure/redis/tutorial-functions-getting-started)
-- [Tutorial: Create a write-behind cache by using Azure Functions and Azure Cache for Redis](/azure/redis/cache-tutorial-write-behind)
+- [Tutorial: Create a write-behind cache by using Azure Functions and Azure Cache for Redis](/azure/redis/tutorial-write-behind)
 - [Redis connection string](functions-bindings-cache.md#redis-connection-string)
 - [Multiple output bindings](dotnet-isolated-process-guide.md#multiple-output-bindings)

articles/azure-netapp-files/azure-netapp-files-resource-limits.md

@@ -40,11 +40,11 @@ The following table describes resource limits for Azure NetApp Files:
 |  Maximum number of files in a single directory  | *Approximately* 4 million. <br> See [Determine if a directory is approaching the limit size](directory-sizes-concept.md#directory-limit).  |    No    |   
 |  Maximum number of files `maxfiles` per volume     |  See [`maxfiles`](maxfiles-concept.md)  |    Yes    |    
 |  Maximum number of export policy rules per volume     |    5  |    No    | 
-|  Maximum number of quota rules per volume     |   100  |    No    | 
+|  Maximum number of quota rules per volume     |   1,000  |    No    | 
 |  Minimum assigned throughput for a manual Quality of Service (QoS) volume     |    1 MiB/s   |    No    |    
 |  Maximum assigned throughput for a manual QoS volume     |    4,500 MiB/s    |    No    |    
-|  Number of cross-region replication data protection volumes (destination volumes)     |    50    |    Yes    |     
-|  Number of cross-zone replication data protection volumes (destination volumes)     |    50    |    Yes    |     
+|  Number of cross-region replication data protection volumes (destination volumes)     |    500    |    Yes    |     
+|  Number of cross-zone replication data protection volumes (destination volumes)     |    500    |    Yes    |     
 |  Maximum numbers of policy-based (scheduled) backups per volume  | <ul><li> Daily retention count: 2 (minimum) to 1019 (maximum) </li> <li> Weekly retention count: 1 (minimum) to 1019 (maximum) </li> <li> Monthly retention count: 1 (minimum) to 1019 (maximum) </ol></li> <br> The maximum hourly, daily, weekly, and monthly backup retention counts *combined* is 1019.  |  No  |
 |  Maximum size of protected volume  |  100 TiB  |  No  |
 |  Maximum number of volumes that can be backed up per subscription   |  500  |  No  |

articles/azure-netapp-files/manage-default-individual-user-group-quotas.md

@@ -6,7 +6,7 @@ author: b-hchen
 ms.author: anfdocs
 ms.service: azure-netapp-files
 ms.topic: how-to
-ms.date: 06/14/2023
+ms.date: 03/24/2025
 ---
 # Manage default and individual user and group quotas for a volume 
 
@@ -22,7 +22,7 @@ Quota rules only come into effect on the CRR/CZR destination volume after the re
 
 * A quota rule is specific to a volume and is applied to an existing volume.  
 * Deleting a volume results in deleting all the associated quota rules for that volume. 
-* You can create a maximum number of 100 quota rules for a volume.
+* You can create a maximum number of 1,000 quota rules for a volume.
 * Azure NetApp Files doesn't support individual group quota and default group quota for SMB and dual protocol volumes.
 * Group quotas track the consumption of disk space for files owned by a particular group. A file can only be owned by exactly one group. 
 * Auxiliary groups only help in permission checks. You can't use auxiliary groups to restrict the quota (disk space) for a file.

articles/azure-resource-manager/bicep/scenarios-rbac.md

@@ -93,7 +93,7 @@ When you create the role assignment resource, you need to specify a fully qualif
 ```bicep
 param principalId string
 
-@description('This is the built-in Contributor role. See https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#contributor')
+@description('This is the built-in Contributor role. See https://learn.microsoft.com/azure/role-based-access-control/built-in-roles#contributor')
 resource contributorRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
   scope: subscription()
   name: 'b24988ac-6180-42a0-ab88-20f7382dd24c'

articles/backup/backup-azure-vm-migrate-enhanced-policy.md

@@ -2,7 +2,7 @@
 title: Move VM backup - standard to enhanced policy in Azure Backup
 description: Learn how to trigger Azure VM backups migration from standard  policy to enhanced policy, and then monitor the configuration backup migration job.
 ms.topic: reference
-ms.date: 03/05/2025
+ms.date: 04/02/2025
 ms.service: azure-backup
 author: jyothisuri
 ms.author: jsuri
@@ -23,6 +23,11 @@ Azure Backup now supports migration to the enhanced policy for Azure VM backups
 - Migration operations trigger a backup job as part of the migration process and might take up to several hours to complete for large VMs.
 - The change from standard policy to enhanced policy can result in additional costs. [Learn More](backup-instant-restore-capability.md#cost-impact).
 
+>[!Note]
+> If the VM already has a shared disk attached to it, then perform migration by following these steps:
+>1. Detach the shared disk from the VM.
+>2. [Perform the Policy change](#trigger-the-backup-migration-operation).
+>3. Reattach the shared disk to implement the exclusion.
 
 ## Trigger the backup migration operation
 

articles/backup/backup-instant-restore-capability.md

@@ -2,7 +2,7 @@
 title: Azure Instant Restore Capability
 description: Azure Instant Restore Capability and FAQs for VM backup stack, Resource Manager deployment model
 ms.topic: overview
-ms.date: 03/27/2025
+ms.date: 04/02/2025
 author: jyothisuri
 ms.author: jsuri
 ---
@@ -138,3 +138,6 @@ Instant restore feature is enabled for everyone and can't be disabled. You can r
 
 Yes it's safe, and there's absolutely no impact in data transfer speed.
 
+### Why does a 12-month backup retention policy retain data for 372 days instead of 365?
+
+The retention period for monthly backups is calculated considering **31 days** for each month. When you multiply 31 days by 12 months, the total retention duration becomes **372 days**. This approach ensures consistent retention across all months, regardless of their actual number of days.