MicrosoftDocs
diff --git a/‎articles/active-directory-b2c/add-captcha.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory-b2c/add-captcha.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/active-directory-b2c/localization-string-ids.md
Lines changed: 1 addition & 0 deletions b/‎articles/active-directory-b2c/localization-string-ids.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/azure-vmware/configure-virtual-trusted-platform-module.md
Lines changed: 29 additions & 4 deletions b/‎articles/azure-vmware/configure-virtual-trusted-platform-module.md
Lines changed: 29 additions & 4 deletions
diff --git a/‎articles/event-grid/mqtt-overview.md
Lines changed: 1 addition & 1 deletion b/‎articles/event-grid/mqtt-overview.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/event-hubs/schema-registry-concepts.md
Lines changed: 1 addition & 1 deletion b/‎articles/event-hubs/schema-registry-concepts.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/healthcare-apis/azure-api-for-fhir/release-notes.md
Lines changed: 11 additions & 0 deletions b/‎articles/healthcare-apis/azure-api-for-fhir/release-notes.md
Lines changed: 11 additions & 0 deletions
diff --git a/‎articles/healthcare-apis/release-notes-2024.md
Lines changed: 0 additions & 8 deletions b/‎articles/healthcare-apis/release-notes-2024.md
Lines changed: 0 additions & 8 deletions
diff --git a/‎articles/service-bus-messaging/message-transfers-locks-settlement.md
Lines changed: 2 additions & 1 deletion b/‎articles/service-bus-messaging/message-transfers-locks-settlement.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎articles/site-recovery/azure-to-azure-common-questions.md
Lines changed: 2 additions & 2 deletions b/‎articles/site-recovery/azure-to-azure-common-questions.md
Lines changed: 2 additions & 2 deletions
@@ -234,9 +234,9 @@ For the various page layouts, use the following page layout versions:
 
 |Page layout |Page layout version range |
 |---------|---------|
-| Selfasserted  | >=2.1.30 |
-| Unifiedssp  | >=2.1.18 |
-|  Multifactor  |    >=1.2.16  |
+| Selfasserted  | >=2.1.33 |
+| Unifiedssp  | >=2.1.21 |
+|  Multifactor  |    >=1.2.19  |
 
 **Example:**
 
 
@@ -274,6 +274,7 @@ The following example shows the use of some of the user interface elements in th
     <LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfInvalidInput">{0} has invalid input.</LocalizedString>
     <LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfMissingRequiredElement">Missing required element: {0}</LocalizedString>
     <LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfValidationError">Error in validation by: {0}</LocalizedString>
+    <LocalizedString ElementType="ErrorMessage" StringId="InvalidUserInput"> An Invalid value was presented for a property</LocalizedString>
   </LocalizedStrings>
 </LocalizedResources>
 ```
 
@@ -3,7 +3,7 @@ title: Configure Virtual Machines - Virtual Trusted Platform Module (vTPM)
 description: Learn how to configure Virtual Machines - Virtual Trusted Platform Module (vTPM).
 ms.topic: how-to
 ms.service: azure-vmware
-ms.date: 11/22/2024
+ms.date: 11/25/2024
 ms.custom: engagement-fy25
 ---
 
@@ -13,9 +13,9 @@ This article demonstrates how to enable the virtual Trusted Platform Module (vTP
 
 A virtual Trusted Platform Module (vTPM) in VMware vSphere is a virtual counterpart of a physical TPM 2.0 chip, utilizing VM Encryption. It provides the same functionalities as a physical TPM but operates within VMs. Each VM can have its own unique and isolated vTPM, which helps secure sensitive information and maintain system integrity. This setting enables VMs to apply security features like BitLocker disk encryption and authenticate virtual hardware devices, creating a more secure virtual environment. 
 
-## Pre-requisites
+## Prerequisites
 
-Before configuring vTPM on a VM in Azure VMware Solution, ensure the following pre-requisites are met:
+Before configuring vTPM on a VM in Azure VMware Solution, ensure the following prerequisites are met:
 
 - The virtual machine must use EFI firmware.
 - The virtual machine must be at hardware version 14 or later.
@@ -24,6 +24,31 @@ Before configuring vTPM on a VM in Azure VMware Solution, ensure the following p
 >[!IMPORTANT]
 >Customers do not need to configure a key provider to use vTPM with Azure VMware Solution. Azure VMware Solution already provides and manages key providers for each environment.
 
+## Trusted Launch for Azure VMware Solution
+
+Trusted Launch is a comprehensive security solution that encompasses three key components: Secure Boot, Virtual Trusted Platform Module (vTPM), and Virtualization-based security (VBS). Each of these components plays a vital role in fortifying the security posture of VMs.
+
+## Benefits
+
+•	Securely deploy VMs with verified boot loaders, operating system (OS) kernels, and drivers.
+
+•	Securely protect keys, certificates, and secrets in the VMs.
+•	Gain insights and confidence of the entire boot chain's integrity.
+
+•	Ensure that workloads are trusted and verifiable. 
+
+### Secure Boot
+
+Secure Boot is the first line of defense in Trusted Launch. It establishes a "root of trust" for VMs by ensuring that only signed operating systems and drivers are allowed to boot. This prevents the installation of malware-based rootkits and bootkits, which can compromise the security of the entire system. With Secure Boot enabled, every aspect of the boot process, from the boot loader to the kernel and kernel drivers, must be digitally signed by trusted publishers. This creates a robust shield against unauthorized modifications and ensures that the VM starts in a secure and trusted state.
+ 
+## Virtual Trusted Platform Module (vTPM) 
+
+The vTPM is a virtualized version of a hardware Trusted Platform Module (TPM) 2.0 device. It serves as a dedicated secure vault for storing keys, certificates, and secrets. What sets vTPM apart is its ability to operate in a secure environment outside the reach of any VM, making it tamper-resistant and highly secure. One of the key functions of vTPM is attestation. It measures the entire boot chain of a VM, including UEFI, OS, system components, and drivers, to certify that the VM booted securely. This attestation mechanism is invaluable for verifying the integrity of VMs and ensuring that they haven't been compromised.
+ 
+## Virtualization-based Security (VBS) 
+
+VBS is the final piece of the Trusted Launch puzzle. It leverages the hypervisor to create isolated, secure memory regions within the VM. VBS uses virtualization to enhance system security by creating an isolated, hypervisor-restricted, specialized subsystem. It provides protection against unauthorized access of credential, prevents malware from running on windows system and ensures only trusted code runs from bootloader onwards.
+
 ## How to Configure vTPM
 
 To configure vTPM on a VM in Azure VMware Solution, follow these steps:
@@ -43,7 +68,7 @@ To configure vTPM on a VM in Azure VMware Solution, follow these steps:
 
 ## Unsupported scenarios 
 
-Migration of VMs with vTPM may not be supported by some tools. Check the documentation of the migration tool. If it is not supported, you can follow VMware documentation to safely disable vTPM and re-enable it post-migration. 
+Migration of VMs with vTPM might not be supported by some tools. Check the documentation of the migration tool. If it isn't supported, you can follow VMware documentation to safely disable vTPM and re-enable it post-migration. 
 
 ## More information
 [Securing Virtual Machines with Virtual Trusted Platform Module](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-A43B6914-E5F9-4CB1-9277-448AC9C467FB.html)
 
@@ -102,7 +102,7 @@ Event Grid allows you to route your MQTT messages to Azure services or webhooks
 :::image type="content" source="media/mqtt-overview/routing-high-res.png" alt-text="Diagram of the MQTT message routing." border="false":::
 
 ### Edge MQTT broker integration
-Event Grid integrates with [Azure IoT MQ](https://aka.ms/iot-mq) to bridge its MQTT broker capability on the edge with Azure Event Grid’s MQTT broker feature in the cloud.  Azure IoT MQ is a new distributed MQTT broker for edge computing, running on Arc enabled Kubernetes clusters. It can connect to Event Grid MQTT broker with Microsoft Entra ID (formerly Azure Active Directory) authentication using system-assigned managed identity, which simplifies credential management. Azure IoT MQ provides high availability, scalability, and security for your IoT devices and applications. It's now available in [public preview](https://aka.ms/iot-mq-preview) as part of Azure IoT Operations. [Learn more about connecting Azure IoT MQ to Azure Event Grid's MQTT broker](https://aka.ms/iot-mq-eg-bridge).
+Event Grid integrates with [Azure IoT Operations](https://aka.ms/iot-mq) to bridge its MQTT broker capability on the edge with Azure Event Grid’s MQTT broker feature in the cloud. Azure IoT Operations provides a new distributed MQTT broker for edge computing, running on Arc enabled Kubernetes clusters. It can connect to Event Grid MQTT broker with Microsoft Entra ID (formerly Azure Active Directory) authentication using system-assigned managed identity, which simplifies credential management. MQTT Broker provides high availability, scalability, and security for your IoT devices and applications. It's now available in [public preview](https://aka.ms/iot-mq-preview) as part of Azure IoT Operations. [Learn more about connecting Azure IoT Operations MQTT Broker to Azure Event Grid's MQTT broker](https://aka.ms/iot-mq-eg-bridge).
 
 ### MQTT Clients Life Cycle Events
 
 
@@ -22,7 +22,7 @@ Schema group is a logical group of similar schemas based on your business criter
 The security boundary imposed by the grouping mechanism help ensures that trade secrets don't inadvertently leak through metadata in situations where the namespace is shared among multiple partners. It also allows for application owners to manage schemas independent of other applications that share the same namespace.
 
 ### Schemas
-Schemas define the contract between producers and consumers. A schema defined in an Event Hubs schema registry helps manage the contract outside of event data, thus removing the payload overhead. A schema has a name, type (example: record, array, and so on.), compatibility mode (none, forward, backward, full), and serialization type (only Avro for now). You can create multiple versions of a schema and retrieve and use a specific version of a schema. 
+Schemas define the contract between producers and consumers. A schema defined in an Event Hubs schema registry helps manage the contract outside of event data, thus removing the payload overhead. A schema has a name, type (example: record, array, and so on.), compatibility mode (none, forward, backward, full), and serialization type (both Avro and JSON). You can create multiple versions of a schema and retrieve and use a specific version of a schema. 
 
 ### Schema formats 
 Schema formats are used to determine the manner in which a schema is structured and defined, with each format outlining specific guidelines and syntax for defining the structure of the events that will be used for event streaming.
 
@@ -17,6 +17,17 @@ ms.author: kavitagaddam
 
 Azure API for FHIR&reg; provides a fully managed deployment of the Microsoft FHIR Server for Azure. The server is an implementation of the [FHIR](https://hl7.org/fhir) standard. This document provides details about the features and enhancements made to Azure API for FHIR.
 
+## **November 2024**
+
+### FHIR service
+
+**Bug fixes**
+
+- Export Validation Improvement: An issue was found where exports proceeded despite invalid search parameters. A new change is implemented to prevent exports under these conditions. This is the default behavior. Customers can override it using the lenient flag. This change was communicated to customers last month.
+- Bundle Performance Enhancement: The profile refresh process during bundle execution has been simplified. If a bundle contains changes to `ValueSet`, `StructureDefinition`, and/or `CodeSystem`, no profile refreshes will occur until the bundle is fully completed. This change improves the performance of bundles by reducing delays caused by multiple refreshes when handling changes to these resource types.
+- Content Type Header Parsing: An issue related to parsing the `application/x-www-form-urlencoded` content type header has been addressed and resolved.
+- Reindexing Enhancements The reindex operation has been improved by removing an artificial limitation that previously restricted handling of large historical datasets, or cases where customers requested a limited query size. Additionally, reindex process would incorrectly report as "completed" when handling many sequential historical or deleted resources with the default query size. This issue has been addressed to ensure that the reindexing process completes correctly and reports the appropriate status.
+
 ## **October 2024**
 
 ### FHIR service
 
@@ -28,14 +28,6 @@ This article describes features, enhancements, and bug fixes released in 2024 fo
 - Content Type Header Parsing: An issue related to parsing the `application/x-www-form-urlencoded` content type header has been addressed and resolved.
 - Reindexing Enhancements: The reindex operation is improved by removing an artificial limitation which previously restricted handling of large historical datasets, or cases where customers requested a limited query size. Additionally, reindex process would incorrectly report as "completed" when handling many sequential historical or deleted resources with the default query size. This issue has been addressed to ensure that the reindexing process completes correctly and reports the appropriate status.
 
-### Azure API for FHIR
-
-- Export Validation Improvement: An issue was found where exports proceeded despite invalid search parameters. A new change is implemented to prevent exports under these conditions. This is the default behavior. Customers can override it using the lenient flag. This change was communicated to customers last month.
-- Bundle Performance Enhancement: The profile refresh process during bundle execution has been simplified. If a bundle contains changes to `ValueSet`, `StructureDefinition`, and/or `CodeSystem`, no profile refreshes will occur until the bundle is fully completed. This change improves the performance of bundles by reducing delays caused by multiple refreshes when handling changes to these resource types.
-- Content Type Header Parsing: An issue related to parsing the `application/x-www-form-urlencoded` content type header has been addressed and resolved.
-- Reindexing Enhancements The reindex operation has been improved by removing an artificial limitation that previously restricted handling of large historical datasets, or cases where customers requested a limited query size. Additionally, reindex process would incorrectly report as "completed" when handling many sequential historical or deleted resources with the default query size. This issue has been addressed to ensure that the reindexing process completes correctly and reports the appropriate status.
-
-
 ## October 2024
 
 ### Azure Health Data Services
 
@@ -109,7 +109,7 @@ If a receiving client fails to process a message and knows that redelivering the
 > [!NOTE]
 > A dead-letter subqueue exists for a queue or a topic subscription only when you have the [dead-letter feature](service-bus-dead-letter-queues.md) enabled for the queue or subscription. 
 
-A special case of settlement is deferral, which is discussed in a [separate article](message-deferral.md).
+A special case of settlement is deferral. See the [Message deferral](message-deferral.md) for details. 
 
 The `Complete`, `DeadLetter`, or `RenewLock` operations might fail due to network issues, if the held lock has expired, or there are other service-side conditions that prevent settlement. In one of the latter cases, the service sends a negative acknowledgment that surfaces as an exception in the API clients. If the reason is a broken network connection, the lock is dropped since Service Bus doesn't support recovery of existing AMQP links on a different connection.
 
@@ -122,6 +122,7 @@ The typical mechanism for identifying duplicate message deliveries is by checkin
 >   * Service Update
 >   * OS update
 >   * Changing properties on the entity (Queue, Topic, Subscription) while holding the lock.
+>   * If the Service Bus Client application loses its connection to the Service Bus for any reason.
 >
 > When the lock is lost, Azure Service Bus will generate a MessageLockLostException or SessionLockLostException, which will surface in the client application. In this case, the client's default retry logic should automatically kick in and retry the operation.
 
 
@@ -3,7 +3,7 @@ title: Common questions about Azure virtual machine disaster recovery with Azure
 description: This article answers common questions about Azure virtual machine disaster recovery when you use Azure Site Recovery.
 ms.author: ankitadutta
 author: ankitaduttaMSFT
-ms.date: 09/16/2024
+ms.date: 11/25/2024
 ms.topic: faq
 ms.service: azure-site-recovery
 
@@ -237,7 +237,7 @@ Multi-VM consistency is CPU intensive, and enabling it can affect workload perfo
 
 ### Can I add a replicating virtual machine to a replication group?
 
-When you enable replication for a virtual machine, you can add it to a new replication group, or to an existing group. You can't add a virtual machine that's already replicating to a group.
+You cannot add a protected VM to an existing replication group.
 
 ### What conditions must be met to create a recovery plan for multi-VM consistency?