Merge branch 'main' of https://github.com/microsoftdocs/azure-docs-pr into redis12

Author: v-thepet

articles/active-directory-b2c/media/analytics-with-application-insights/app-insights.png

@@ -61,7 +61,7 @@ To create an instance of Application Insights in your subscription, follow these
 1. Complete the form, select **Review + create**, and then select **Create**.
 1. Once the deployment completes, select **Go to resource**.
 1. Under **Configure** in Application Insights menu, select **Properties**.
-1. Record the **CONNECTION STRING** for use in a later step.
+1. Record the **Connection String** for use in a later step.
 
 ## Configure the custom policy
 
@@ -77,7 +77,7 @@ To create an instance of Application Insights in your subscription, follow these
 1. Add the following node as a child of the `<UserJourneyBehaviors>` element. Make sure to replace `{Your Application Insights Key}` with the Application Insights **Connection String** that you recorded earlier.
 
     ```xml
-    <JourneyInsights TelemetryEngine="ApplicationInsights" ConnectionString="{Your Application Insights Connection String}" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0" />
+    <JourneyInsights TelemetryEngine="ApplicationInsights" ConnectionString="{Your Application Insights ConnectionString}" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0" />
     ```
 
     * `DeveloperMode="true"` tells ApplicationInsights to expedite the telemetry through the processing pipeline. Good for development, but constrained at high volumes. In production, set the `DeveloperMode` to `false`.
@@ -102,7 +102,7 @@ To create an instance of Application Insights in your subscription, follow these
          <Endpoint Id="Token" UserJourneyReferenceId="RedeemRefreshToken" />
       </Endpoints>
       <UserJourneyBehaviors>
-        <JourneyInsights TelemetryEngine="ApplicationInsights" ConnectionString="{Your Application Insights Connection String}" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0" />
+        <JourneyInsights TelemetryEngine="ApplicationInsights" ConnectionString="{Your Application Insights ConnectionString}" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0" />
       </UserJourneyBehaviors>
       ...
     </TrustFrameworkPolicy>
@@ -144,7 +144,7 @@ We recommend you to install the [Azure AD B2C extension](https://marketplace.vis
 After you set up the Application Insights, and configure the custom policy, you need to get your Application Insights **API ID**, and create **API Key**. Both the API ID and API key are used by Azure AD B2C extension to read the Application Insights events (telemetries). Your API keys should be managed like passwords. Keep it secret.
 
 > [!NOTE]
-> Application Insights connection string that your create earlier is used by Azure AD B2C to send telemetries to Application Insights. You use the connection string only in your Azure AD B2C policy, not in the VS Code extension.
+> Application Insights Connection String that your create earlier is used by Azure AD B2C to send telemetries to Application Insights. You use the Connection String only in your Azure AD B2C policy, not in the VS Code extension.
 
 To get Application Insights ID and key:
 
@@ -195,7 +195,7 @@ To improve your production environment performance and better user experience, i
 
    ```xml
    <UserJourneyBehaviors>
-     <JourneyInsights TelemetryEngine="ApplicationInsights" ConnectionString="{Your Application Insights Connection String}" DeveloperMode="false" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0" />
+     <JourneyInsights TelemetryEngine="ApplicationInsights" ConnectionString="{Your Application Insights ConnectionString}" DeveloperMode="false" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0" />
    </UserJourneyBehaviors>
    ```
 

articles/active-directory-b2c/troubleshoot-with-application-insights.md

@@ -50,6 +50,8 @@
         href: design-api-github-copilot-azure.md
       - name: Register APIs - GitHub Actions
         href: register-apis-github-actions.md
+      - name: Register and discover MCP servers
+        href: register-discover-mcp-server.md
       - name: Export API from API Center to Copilot Studio
         href: export-to-copilot-studio.yml
 - name: API governance

articles/api-center/TOC.yml

@@ -0,0 +1,102 @@
+---
+title: Inventory and Discover MCP Servers in Your API Center
+description: Learn about how Azure API Center can be a centralized registry for MCP servers in your organization. Developers and other stakeholders can use the API Center portal to discover MCP servers.
+author: dlepow
+ms.service: azure-api-center
+ms.custom: 
+ms.topic: concept-article
+ms.date: 04/28/2025
+ms.author: danlep 
+# Customer intent: As an API program manager, I want to register and discover  MCP servers as APIs in my API Center inventory.
+---
+
+# Register and discover remote MCP servers in your API inventory
+
+This article describes how to use Azure API Center to maintain an inventory (or *registry*) of remote model context protocol (MCP) servers and help stakeholders discover them using the API Center portal. MCP servers expose backend APIs or data sources in a standard way to AI agents and models that consume them.
+
+## About MCP servers
+
+AI agents are becoming widely adopted because of enhanced large language model (LLM) capabilities. However, even the most advanced models face limitations because of their isolation from external data. Each new data source potentially requires custom implementations to extract, prepare, and make data accessible for the models.
+
+The [model context protocol](https://www.anthropic.com/news/model-context-protocol) (MCP) helps solve this problem. MCP is an open standard for connecting AI models and agents with external data sources such as local data sources (databases or computer files) or remote services (systems available over the internet, such as remote databases or APIs).
+
+### MCP architecture
+
+The following diagram illustrates the MCP architecture:
+ 
+:::image type="content" source="media/register-discover-mcp-server/mcp-architecture.png" alt-text="Diagram of model context protocol (MCP) architecture.":::
+
+The architecture consists of the following components:
+
+| Component      | Description                                                                                     |
+|----------------|-------------------------------------------------------------------------------------------------|
+| **MCP hosts**  | LLM applications such as chat apps or AI assistants in your IDEs (like GitHub Copilot in Visual Studio Code) that need to access external capabilities |
+| **MCP clients**| Protocol clients, inside the host application, that maintain 1:1 connections with servers        |
+| **MCP servers**| Lightweight programs that each expose specific capabilities and provide context, tools, and prompts to clients |
+| **MCP protocol**| Transport layer in the middle        |
+
+MCP follows a client-server architecture where a host application can connect to multiple servers. Whenever your MCP host or client needs a tool, it connects to the MCP server. The MCP server then connects to, for example, a database or an API. MCP hosts and servers connect with each other through the MCP protocol.
+
+### Remote versus local MCP servers
+
+MCP utilizes a client-host-server architecture built on [JSON-RPC 2.0 for messaging](https://modelcontextprotocol.io/docs/concepts/architecture). Communication between clients and servers occurs over defined transport layers, and supports primarily two modes of operation:
+
+* **Remote MCP servers** - MCP clients connect to MCP servers over the internet, establishing a connection using HTTP and server-sent events (SSE), and authorizing the MCP client access to resources on the user's account using OAuth.
+
+* **Local MCP servers** MCP clients connect to MCP servers on the same machine, using standard input/output as a local transport method.
+
+## MCP servers in your API inventory
+
+The following sections describe how to inventory and discover a remote MCP server in your API Center. 
+
+### MCP API type
+
+To register an MCP server in your API center inventory, specify the API type as **MCP**. To register an API using the Azure portal, see [Tutorial: Register APIs in your API inventory](register-apis.md).
+
+As described in the following sections, when you register an MCP server, you can specify an environment, deployment, and definition.
+
+
+### Environment and deployment for MCP server
+
+In API Center, specify an *environment* and a *deployment* for your MCP server. The environment is the location of the MCP server, such as an API management platform or a compute service, and the deployment is a runtime URL for the MCP service. 
+
+For information about creating an environment and a deployment, see [Tutorial: Add environments and deployments for APIs](configure-environments-deployments.md).
+
+### Definition for remote MCP server
+
+Optionally, add an API definition for a remote MCP server in OpenAPI 3.0 format. The API definition must include a URL endpoint for the MCP server. For an example of adding an OpenAPI definition, see [Tutorial: Register APIs in your API inventory](register-apis.md#add-a-definition-to-your-version).
+
+
+You can use the following lightweight OpenAPI 3.0 API definition for your MCP server, which includes a `url` endpoint for the MCP server:
+
+
+```json
+{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "Demo MCP server",
+    "description": "Very basic MCP server that exposes mock tools and prompts.",
+    "version": "1.0"
+  },
+  "servers": [
+    {
+      "url": "https://my-mcp-server.contoso.com"
+    }
+  ]
+}
+```
+
+###  Discover MCP servers using API Center portal
+
+Set up the [API Center portal](set-up-api-center-portal.md) so that developers and other stakeholders in your organization can discover MCP servers in your API inventory. Users can browse and filter MCP servers in the inventory and view details such as the URL endpoint of the MCP server, if available in the MCP server's API definition. 
+
+:::image type="content" source="media/register-discover-mcp-server/mcp-server-portal-small.png" lightbox="media/register-discover-mcp-server/mcp-server-portal.png" alt-text="Screenshot of MCP server in API Center portal.":::
+
+> [!NOTE]
+> The URL endpoint for the MCP server is only visible in the API Center portal if you add an MCP deployment and an API definition for the MCP server.
+
+## Related content
+
+* [Import APIs to your API center from API Management](import-api-management-apis.md)
+* [Use the Visual Studio extension for API Center](build-register-apis-vscode-extension.md) to build and register APIs from Visual Studio Code.
+

articles/api-center/media/register-discover-mcp-server/mcp-architecture.png

@@ -15,7 +15,8 @@ Refer to the table to find details about resolution dates or possible workaround
 
 |Issue | Date discovered | Workaround | Date resolved |
 | :------------------------------------- | :------------ | :------------- | :------------- |
-| If you're a user of AV64, you may notice a “Status of other hardware objects” alarm on your hosts in vCenter Server. This alarm doesn't indicate a hardware issue. It's triggered when the System Event Log (SEL) reaches its capacity threshold according to vCenter Server. Despite the alarm, the host remains healthy with no hardware-related error signatures detected, and no high availability (HA) events are expected as a result. It's safe to continue operating your private cloud without interruption. The alarm has only two possible states—green and red—with no intermediate warning state. Once the status changes to red, it will remain red even if conditions improve to what would typically qualify as a warning. | April 2025 | This alarm should be treated as a warning and won't affect operability of your private cloud. Microsoft will adjust thresholds for the alarm so it doesn't alert in vCenter Server. | May 2025 |
+|[VMSA-2025-0005](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.broadcom.com%2Fweb%2Fecx%2Fsupport-content-notification%2F-%2Fexternal%2Fcontent%2FSecurityAdvisories%2F0%2F25518&data=05%7C02%7Cjacobjaygbay%40microsoft.com%7C63a10c374bad4e1e21ca08dd88002ad4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638816256483262655%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=U4GruR4roReR8NNKCd8vT%2BqP5117ROHVHU9hikBWH8w%3D&reserved=0) VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230). | April 2025 |To remediate CVE-2025-22230, apply version 12.5.1 of VMware Tools, use the RUN Command ``Set-Tools-Repo.`` | May 2025 |
+| If you're a user of AV64, you may notice a “Status of other hardware objects” alarm on your hosts in vCenter Server. This alarm doesn't indicate a hardware issue. It's triggered when the System Event Log (SEL) reaches its capacity threshold according to vCenter Server. Despite the alarm, the host remains healthy with no hardware-related error signatures detected, and no high availability (HA) events are expected as a result. It's safe to continue operating your private cloud without interruption. The alarm has only two possible states—green and red—with no intermediate warning state. Once the status changes to red, it will remain red even if conditions improve to what would typically qualify as a warning. | April 2025 | This alarm should be treated as a warning and won't affect operability of your private cloud. Microsoft adjusts thresholds for the alarm, so it doesn't alert in vCenter Server. | May 2025 |
 | After deploying an AV48 private cloud, you may see a High pNIC error rate detected. Check the host's vSAN performance view for details if alert is active in the vSphere Client.  | April 2025  | The alert should be considered an informational message, since Microsoft manages the service. Select the **Reset to Green** link to clear it. | April 2025 |
 | [VMSA-2025-0004](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390) VMCI Heap-overflow, ESXi arbitrary write, and Information disclosure vulnerabilities | March 2025 | Microsoft has verified the applicability of the vulnerabilities within the Azure VMware Solution service and have adjudicated the vulnerabilities at a combined adjusted Environmental Score of [9.4](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H). Customers are advised to take additional precautions when granting administrative access to, and monitor any administrative activities on, guest VMs until the update is fully addressed. For additional information on the vulnerability and Microsoft’s involvement, please see [this blog post](https://techcommunity.microsoft.com/blog/azuremigrationblog/azure-vmware-solution-broadcom-vmsa-2025-0004-remediation/4388074). (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) | March 2025 - Resolved in [ESXi 8.0_U2d](https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2d-release-notes.html) |
 |Issue 3464419: After upgrading HCX 4.10.2 users are unable to log in or perform various management operations. | 2024 | None | December 2024- Resolved in [HCX 4.10.3](https://techdocs.broadcom.com/us/en/vmware-cis/hcx/vmware-hcx/4-10/hcx-4-10-release-notes/vmware-hcx-4103-release-notes.html#GUID-ca55e2de-cd98-494d-b026-201132967232-en_id-6fc83b19-af5d-4a89-a258-3ce63559ffb8) |

articles/api-center/media/register-discover-mcp-server/mcp-server-portal-small.png

@@ -2,7 +2,7 @@
 title: Support Matrix for Azure files backup by using Azure Backup
 description: Provides a summary of support settings and limitations when backing up Azure files.
 ms.topic: reference
-ms.date: 03/24/2025
+ms.date: 04/30/2025
 ms.custom: references_regions, engagement-fy24
 ms.service: azure-backup
 author: jyothisuri
@@ -140,7 +140,7 @@ Migration of  File Shares protected with snapshot backup to vaulted backup is su
 | Maximum size of a file (if the destination account is in a Vnet) | 1 TB |
 | Maximum  number of individual files or folders per restore, if ILR (Item level recovery)                         | 99      |
 | Maximum  recommended restore size per restore for large File Shares | 15  TiB |
-| Maximum duration of a restore job                           | 15 days
+| Maximum duration of a restore job                           | 7 days
 
 # [Vault-standard tier](#tab/vault-tier)
 
@@ -217,6 +217,18 @@ The following table lists the behavior of backups due to customer-initiated fail
 | Customer-managed planned failover | Supported | Supported | Not supported |
 | Customer-managed unplanned failover | Not supported | Only cross-region restore from the vault is supported. | Not supported |
 
+## Permitted scope for copy operations(preview)
+
+The following table lists the scope for copy operation:
+
+| Configuration | Support |
+| --- | --- |
+| From any storage account | Supported |
+| From storage accounts in the same Microsoft Entra tenant | Supported |
+| From storage accounts with a private endpoint to the same virtual network | Unsupported |
+
+Azure Trusted Services are allowed, but private endpoints take priority; so, this won't work. 
+
 
 ## Next steps
 

articles/api-center/media/register-discover-mcp-server/mcp-server-portal.png

@@ -2,7 +2,7 @@
 title: Back up Azure Files in the Azure portal
 description: Learn how to use the Azure portal to back up Azure Files in the Recovery Services vault
 ms.topic: how-to
-ms.date: 03/11/2025
+ms.date: 04/30/2025
 ms.service: azure-backup
 ms.custom: engagement-fy23
 author: jyothisuri
@@ -28,6 +28,7 @@ Azure Files backup is a native cloud solution that protects your data and elimin
 * [Create a backup policy for protection of Azure Files](quick-backup-azure-files-vault-tier-portal.md).
 * If the storage account access has restrictions, check the firewall settings of the account to ensure the exception **Allow Azure services on the trusted services list to access this storage account** is in grant state. You can refer to [this](../storage/common/storage-network-security.md?tabs=azure-portal#manage-exceptions) link for the steps to grant an exception.
 * Ensure that you allow the **Storage account key access** in the required storage account.
+* Ensure that the target storage account has the [supported configurations](azure-file-share-support-matrix.md#permitted-scope-for-copy-operationspreview).
 
 >[!IMPORTANT]
 >To perform [Cross Subscription Backup (CSB) for protecting Azure Files (preview)](azure-file-share-backup-overview.md#how-cross-subscription-backup-for-azure-files-works) in another subscription, ensure you register `Microsoft.RecoveryServices` in the **subscription of the file share** in addition to the given prerequisites.