Merge pull request #285608 from MicrosoftDocs/main

8/27/2024 AM Publish

Author: Taojunshen

articles/azure-app-configuration/concept-feature-management.md

@@ -13,7 +13,7 @@ ms.date: 02/20/2024
 
 Traditionally, shipping a new application feature requires a complete redeployment of the application itself. Testing a feature often requires multiple deployments of the application. Each deployment might change the feature or expose the feature to different customers for testing.  
 
-Feature management is a modern software-development practice that decouples feature release from code deployment and enables quick changes to feature availability on demand. It uses a technique called *feature flags* (also known as *feature toggles* and *feature switches*) to dynamically administer a feature's lifecycle.
+Feature management is a software-development practice that decouples feature release from code deployment and enables quick changes to feature availability on demand. It uses a technique called *feature flags* (also known as *feature toggles* and *feature switches*) to dynamically administer a feature's lifecycle.
 
 Feature management helps developers address the following problems:
 

articles/azure-monitor/agents/azure-monitor-agent-migration-data-collection-rule-generator.md

@@ -73,6 +73,8 @@ To run script, copy the following command and replace the parameters with your v
 
 For information on deploying the DCRs, see [Data collection rules in Azure Monitor](/azure/azure-monitor/essentials/data-collection-rule-overview) and [Create and edit data collection rules (DCRs) in Azure Monitor](/azure/azure-monitor/essentials/data-collection-rule-create-edit)
 
+> [!Warning]
+> You shouldn’t use an existing custom log table used by MMA agents. Your MMA agents won't be able to write to the table once the first AMA agent writes to the table. You should create a new table for AMA to use to prevent MMA data loss.
 
 ## Next steps
 

articles/azure-monitor/logs/manage-table-access.md

@@ -90,7 +90,7 @@ The user can now read workspace details and run a query, but can't read data fro
 1. From the **Log Analytics workspaces** menu, select **Tables**.  
 1. Select the ellipsis ( **...** ) to the right of your table and select **Access control (IAM)**.
 
-   :::image type="content" source="media/manage-access/table-level-access-control.png" alt-text="Screenshot that shows the Log Analytics workspace table management screen with the table-level access control button highlighted." lightbox="media/manage-access/manage-access-create-custom-role-json.png":::      
+   :::image type="content" source="media/manage-access/table-level-access-control.png" alt-text="Screenshot that shows the Log Analytics workspace table management screen with the table-level access control button highlighted." lightbox="media/manage-access/table-level-access-control.png":::      
 
 1. On the **Access control (IAM)** screen, select **Add** > **Add role assignment**. 
 1. Select the **Reader** role and select **Next**.    

articles/azure-netapp-files/manage-cool-access.md

@@ -28,7 +28,7 @@ The storage with cool access feature provides options for the “coolness period
 * You can't use [large volume](large-volumes-requirements-considerations.md) with cool access.
 * See [Resource limits for Azure NetApp Files](azure-netapp-files-resource-limits.md#resource-limits) for maximum number of volumes supported for cool access per subscription per region.
 * Considerations for using cool access with [cross-region replication](cross-region-replication-requirements-considerations.md) and [cross-zone replication](cross-zone-replication-introduction.md): 
-    * The cool access setting on the destination is updated automatically to match the source volume whenever the setting is changed on the source volume or during authorizing or performing a reverse resync of the replication. Changes to the cool access setting on the destination volume don't affect the setting on the source volume.
+    * The cool access setting on the destination volume is updated automatically to match the source volume whenever the setting is changed on the source volume or during authorizing or performing a reverse resync of the replication  only if the destination volume is in a cool access-enabled capacity pool. Changes to the cool access setting on the destination volume don't affect the setting on the source volume.
     * In cross-region or cross-zone replication configuration, you can enable cool access exclusively for destination volumes to enhance data protection and create cost savings without affecting latency in source volumes.
 * Considerations for using cool access with [snapshot restore](snapshots-restore-new-volume.md):
     * When restoring a snapshot of a cool access enabled volume to a new volume, the new volume inherits the cool access configuration from the parent volume. Once the new volume is created, the cool access settings can be modified.  

articles/azure-signalr/concept-connection-string.md

@@ -4,7 +4,7 @@ description: This article gives an overview of connection strings in Azure Signa
 author: chenkennt
 ms.service: azure-signalr-service
 ms.topic: conceptual
-ms.date: 03/29/2023
+ms.date: 08/09/2024
 ms.author: kenchen
 ---
 

articles/azure-web-pubsub/howto-disable-local-auth.md

@@ -4,26 +4,32 @@ description: This article provides information about how to disable access key a
 author: terencefan
 
 ms.author: tefa
-ms.date: 03/31/2023
+ms.date: 08/09/2024
 ms.service: azure-web-pubsub
 ms.custom: devx-track-arm-template
 ms.topic: conceptual
 ---
 
 # Disable local (access key) authentication with Azure Web PubSub Service
 
-There are two ways to authenticate to Azure Web PubSub Service resources: Microsoft Entra ID and Access Key. Microsoft Entra ID provides superior security and ease of use over access key. With Microsoft Entra ID, there’s no need to store the tokens in your code and risk potential security vulnerabilities. We recommend that you use Microsoft Entra ID with your Azure Web PubSub Service resources when possible.
+There are two ways to authenticate to Azure Web PubSub Service resources:
+
+1. Microsoft Entra ID
+
+2. Access Keys
+
+ **Recommendation:** Microsoft Entra ID provides superior security and ease of use over access keys. With Microsoft Entra ID, there’s no need to store the tokens in your code and risk potential security vulnerabilities. We recommend that you use Microsoft Entra ID with your Azure Web PubSub Service resources when possible.
 
 > [!IMPORTANT]
-> Disabling local authentication can have following influences.
+> Disabling local authentication has the following effects:
 >
-> - The current set of access keys will be permanently deleted.
+> - Access keys' current set is permanently deleted.
 > - Tokens signed with current set of access keys will become unavailable.
-> - Signature will **NOT** be attached in the upstream request header. Please visit _[how to validate access token](./howto-use-managed-identity.md#validate-access-tokens)_ to learn how to validate requests via Microsoft Entra token.
+> - The signature will **NOT** be attached in the upstream request header. Please visit _[how to validate access token](./howto-use-managed-identity.md#validate-access-tokens)_ to learn how to validate requests via Microsoft Entra token.
 
 ## Use Azure portal
 
-In this section, you will learn how to use the Azure portal to disable local authentication.
+In this section, you learn how to use the Azure portal to disable local authentication.
 
 1. Navigate to your Web PubSub Service resource in the [Azure portal](https://portal.azure.com).
 
@@ -89,7 +95,7 @@ You can disable local authentication by setting `disableLocalAuth` property to t
 
 ## Use Azure Policy
 
-You can assign the [Azure Web PubSub Service should have local authentication methods disabled](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fb66ab71c-582d-4330-adfd-ac162e78691e) Azure policy to an Azure subscription or a resource group to enforce disabling of local authentication for all Web PubSub resources in the subscription or the resource group.
+You can assign the [Azure Web PubSub Service should have local authentication methods disabled](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fb66ab71c-582d-4330-adfd-ac162e78691e) Azure policy to an Azure subscription or a resource group. Doing so enforces disabling of local authentication for all Web PubSub resources in the subscription or the resource group.
 
 ![Screenshot of disabling local auth policy.](./media/howto-disable-local-auth/disable-local-auth-policy.png)
 

articles/cost-management-billing/manage/change-azure-account-profile.yml

@@ -6,7 +6,7 @@ metadata:
   author: bandersmsft
   ms.author: banders
   ms.reviewer: judupont
-  ms.date: 08/19/2024
+  ms.date: 08/27/2024
   ms.service: cost-management-billing
   ms.subservice: billing
   ms.topic: how-to
@@ -91,7 +91,7 @@ procedureSection:
   - title: |
       Add a PO number
     summary: |
-      By default, invoices for the billing profile don't have an associated PO number. After you add a PO number for a billing profile, the system regenerates the invoices within 24 hours. Afterward, the PO number appears on invoices for the billing profile.
+      By default, invoices for the billing profile don't have an associated PO number. After you add a PO number for a billing profile, the system uses the updated PO number in the next invoice. Afterward, the PO number appears in invoices for the billing profile.
       
       To add a PO number for a billing profile, use the following steps.
     steps:

articles/ddos-protection/ddos-protection-features.md

@@ -21,7 +21,7 @@ Azure DDoS Protection monitors actual traffic utilization and constantly compare
 During mitigation, traffic sent to the protected resource is redirected by the DDoS protection service and several checks are performed, such as:
 
 - Ensure packets conform to internet specifications and aren't malformed.
-- Interact with the client to determine if the traffic is potentially a spoofed packet (e.g: SYN Auth or SYN Cookie or by dropping a packet for the source to retransmit it).
+- Interact with the client to determine if the traffic is potentially a spoofed packet (for example: SYN Auth or SYN Cookie or by dropping a packet for the source to retransmit it).
 - Rate-limit packets, if no other enforcement method can be performed.
 
 Azure DDoS Protection drops attack traffic and forwards the remaining traffic to its intended destination. Within a few minutes of attack detection, you're notified using Azure Monitor metrics. By configuring logging on DDoS Protection telemetry, you can write the logs to available options for future analysis. Metric data in Azure Monitor for DDoS Protection is retained for 30 days.

articles/expressroute/expressroute-howto-circuit-portal-resource-manager.md

@@ -166,11 +166,12 @@ You can do the following tasks with no downtime:
   > [!IMPORTANT]
   > Changing the SKU from **Standard/Premium** to **Local** is not supported in Azure portal. To downgrade the SKU to **Local**, you can use [Azure PowerShell](expressroute-howto-circuit-arm.md) or [Azure CLI](howto-circuit-cli.md).
 
-* Increase the bandwidth of your ExpressRoute circuit, provided there's capacity available on the port.
+* Increase the bandwidth of your ExpressRoute circuit, provided there's capacity available on the port. 
 
   > [!IMPORTANT]
   > * Downgrading the bandwidth of a circuit is not supported.
-  > * To determine if there is available capacity for a bandwidth upgrade, submit a support request.
+  > * When upgrading the bandwidth of an ExpressRoute circuit, the Azure portal provides a list of available bandwidth options based on the capacity of the port. If the desired bandwidth isn't available, you need to recreate the circuit to get the desired bandwidth.
+  >    :::image type="content" source="./media/expressroute-howto-circuit-portal-resource-manager/circuit-bandwidth-upgrade.png" alt-text="Screenshot of the bandwidth upgrade available for an ExpressRoute circuit.":::
 
 * Change the metering plan from *Metered Data* to *Unlimited Data*.
 

articles/expressroute/maintenance-alerts.md

@@ -41,7 +41,7 @@ ExpressRoute uses Azure Service Health to notify you of planned and upcoming Exp
 
     :::image type="content" source="./media/maintenance-alerts/health-history.png" alt-text="Screenshot of selecting Health history in Service Health." lightbox="./media/maintenance-alerts/health-history-expanded.png"::: 
 
-1. On this page, you can review individual maintenance events by filtering on a target subscription and Azure Region. To further narrow the scope of health history events, you can select the health event type and define a past time range. To filer for planned ExpressRoute circuit maintenance, set the Health Event Type to **Planned Maintenance**.
+1. On this page, you can review individual maintenance events by filtering on a target subscription and Azure Region. To further narrow the scope of health history events, you can select the health event type and define a past time range. To filter for planned ExpressRoute circuit maintenance, set the Health Event Type to **Planned Maintenance**.
 
     :::image type="content" source="./media/maintenance-alerts/past-maintenance.png" alt-text="Screenshot of past maintenance on Health history page." lightbox="./media/maintenance-alerts/past-maintenance-expanded.png":::