Merge pull request #288072 from MicrosoftDocs/main

10/8/2024 PM Publish

Author: Taojunshen

.github/policies/disallow-edits.yml

@@ -0,0 +1,89 @@
+name: GitOps.PullRequestIssueManagement
+description: GitOps.PullRequestIssueManagement primitive
+resource: repository
+
+configuration:
+  resourceManagementConfiguration:
+    eventResponderTasks:
+      - description: Close PRs that contain content for services that have been migrated out of the azure-docs-pr repository.
+        if:
+          - payloadType: Pull_Request
+          - isAction:
+              action: Opened
+          - or:              
+              - filesMatchPattern:
+                  pattern: articles/aks/*
+              - filesMatchPattern:
+                  pattern: articles/defender-for-cloud/*
+              - filesMatchPattern:
+                  pattern: articles/attestation/*
+              - filesMatchPattern:
+                  pattern: articles/confidential-ledger/*
+              - filesMatchPattern:
+                  pattern: articles/dedicated-hsm/*
+              - filesMatchPattern:
+                  pattern: articles/key-vault/*
+              - includesModifiedFiles:
+                  files: 
+                    - articles/payment-hsm/*
+              - filesMatchPattern:
+                  pattern: articles/postgresql/*
+              - filesMatchPattern:
+                  pattern: articles/cosmos-db/*
+              - filesMatchPattern:
+                  pattern: articles/dms/*
+              - filesMatchPattern:
+                  pattern: articles/mariadb/*
+              - filesMatchPattern:
+                  pattern: articles/mysql/*
+              - filesMatchPattern:
+                  pattern: articles/managed-instance-apache-cassandra/*
+              - filesMatchPattern:
+                  pattern: articles/virtual-machines/*
+              - filesMatchPattern:
+                  pattern: articles/virtual-machines-scale-sets/*
+              - filesMatchPattern:
+                  pattern: articles/container-instances/*
+              - filesMatchPattern:
+                  pattern: articles/service-fabric/*
+              - filesMatchPattern:
+                  pattern: articles/machine-learning/*
+              - filesMatchPattern:
+                  pattern: articles/ai-studio/*
+              - filesMatchPattern:
+                  pattern: articles/ai-services/*
+              - filesMatchPattern:
+                  pattern: articles/genomics/*
+              - filesMatchPattern:
+                  pattern: articles/open-datasets/*
+              - filesMatchPattern:
+                  pattern: articles/search/*
+              - filesMatchPattern:
+                  pattern: articles/azure-monitor/*
+              - filesMatchPattern:
+                  pattern: articles/advisor/*
+              - filesMatchPattern:
+                  pattern: articles/chaos-studio/*
+              - filesMatchPattern:
+                  pattern: articles/service-health/*
+              - filesMatchPattern:
+                  pattern: articles/azure-arc/*
+              - filesMatchPattern:
+                  pattern: articles/azure-linux/*
+              - filesMatchPattern:
+                  pattern: articles/azure-portal/*
+              - filesMatchPattern:
+                  pattern: articles/copilot/*
+              - filesMatchPattern:
+                  pattern: articles/lighthouse/*
+              - filesMatchPattern:
+                  pattern: articles/quotas/*
+              - filesMatchPattern:
+                  pattern: articles/container-registry/*
+              - filesMatchPattern:
+                  pattern: articles/kubernetes-fleet/*
+        then:
+          - addReply:
+              reply: >-
+                @${issueAuthor} - You tried to add content to a folder path that has been removed from this repository. Your pull request will be automatically closed. Submit your changes to the updated repository, which can be identified by clicking the Edit this Document link at the top of any published article for that product or service.
+          - closePullRequest

articles/api-management/quota-by-key-policy.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: article
-ms.date: 07/23/2024
+ms.date: 09/16/2024
 ms.author: danlep
 ---
 # Set usage quota by key
@@ -29,6 +29,7 @@ To understand the difference between rate limits and quotas, [see Rate limits an
               bandwidth="kilobytes"
               renewal-period="seconds"
               increment-condition="condition"
+              increment-count="number"
               counter-key="key value"
               first-period-start="date-time" />
 ```
@@ -41,6 +42,7 @@ To understand the difference between rate limits and quotas, [see Rate limits an
 | calls               | The maximum total number of calls allowed during the time interval specified in the `renewal-period`. Policy expressions aren't allowed.    | Either `calls`, `bandwidth`, or both together must be specified. | N/A     |
 | counter-key         | The key to use for the `quota policy`. For each key value, a single counter is used for all scopes at which the policy is configured. Policy expressions are allowed.             | Yes                                                              | N/A     |
 | increment-condition | The Boolean expression specifying if the request should be counted towards the quota (`true`). Policy expressions are allowed.             | No                                                               | N/A     |
+| increment-count | The number by which the counter is increased per request. Policy expressions are allowed. | No | 1 |
 | renewal-period      | The length in seconds of the fixed window after which the quota resets. The start of each period is calculated relative to `first-period-start`. Minimum period: 300 seconds. When `renewal-period` is set to 0, the period is set to infinite. Policy expressions aren't allowed.                                                  | Yes                                                              | N/A     |
 | first-period-start      | The starting date and time for quota renewal periods, in the following format: `yyyy-MM-ddTHH:mm:ssZ` as specified by the ISO 8601 standard. Policy expressions aren't allowed.   | No                                                              | `0001-01-01T00:00:00Z`     |
 

articles/api-management/xml-to-json-policy.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: article
-ms.date: 07/23/2024
+ms.date: 09/06/2024
 ms.author: danlep
 ---
 
@@ -21,7 +21,7 @@ The `xml-to-json` policy converts a request or response body from XML to JSON. T
 ## Policy statement
 
 ```xml
-<xml-to-json kind="javascript-friendly | direct" apply="always | content-type-xml" consider-accept-header="true | false"/>
+<xml-to-json kind="javascript-friendly | direct" apply="always | content-type-xml" consider-accept-header="true | false" always-array-children="true | false"/>
 ```
 
 
@@ -32,6 +32,7 @@ The `xml-to-json` policy converts a request or response body from XML to JSON. T
 |kind|The attribute must be set to one of the following values.<br /><br /> -   `javascript-friendly` - the converted JSON has a form friendly to JavaScript developers.<br />-   `direct` - the converted JSON reflects the original XML document's structure.<br/><br/>Policy expressions are allowed.|Yes|N/A|
 |apply|The attribute must be set to one of the following values.<br /><br /> -   `always` - convert always.<br />-   `content-type-xml` - convert only if response Content-Type header indicates presence of XML.<br/><br/>Policy expressions are allowed.|Yes|N/A|
 |consider-accept-header|The attribute must be set to one of the following values.<br /><br /> -   `true` - apply conversion if JSON is requested in request Accept header.<br />-   `false` -always apply conversion.<br/><br/>Policy expressions are allowed.|No|`true`|
+|always-array-children|The attribute must be set to one of the following values.<br /><br /> -   `true` - Always convert child elements into a JSON array.<br />-   `false` - Only convert multiple child elements into a JSON array. Convert a single child element into a JSON object.<br/><br/>Policy expressions are allowed.|No|`false`|
 
 ## Usage
 

articles/app-service/overview-tls.md

@@ -45,7 +45,7 @@ You can use Azure Policy to help audit your resources when it comes to minimum T
 
 ### Minimum TLS Version and SCM Minimum TLS Version 
 
-App Service also allows you to set minimum TLS version for incoming requests to your web app and to SCM site. By default, the minimum TLS version for incoming requests to your web app and to SCM would be set to 1.2 on both portal and API. 
+App Service also allows you to set minimum TLS version for incoming requests to your web app and to SCM site. By default, the minimum TLS version for incoming requests to your web app and to SCM is set to 1.2 on both portal and API. 
 
 ### TLS 1.3
 A [Minimum TLS Cipher Suite](#minimum-tls-cipher-suite-preview) setting is available with TLS 1.3. This includes two cipher suites at the top of the cipher suite order:
@@ -54,12 +54,12 @@ A [Minimum TLS Cipher Suite](#minimum-tls-cipher-suite-preview) setting is avail
 
 ### TLS 1.0 and 1.1 
 
-TLS 1.0 and 1.1 are considered legacy protocols and are no longer considered secure. It's generally recommended for customers to use TLS 1.2 or above as the minimum TLS version. When creating a web app, the default minimum TLS version would be TLS 1.2.
+TLS 1.0 and 1.1 are considered legacy protocols and are no longer considered secure. It's generally recommended for customers to use TLS 1.2 or above as the minimum TLS version. When creating a web app, the default minimum TLS version is TLS 1.2.
 
 To ensure backward compatibility for TLS 1.0 and TLS 1.1, App Service will continue to support TLS 1.0 and 1.1 for incoming requests to your web app. However, since the default minimum TLS version is set to TLS 1.2, you need to update the minimum TLS version configurations on your web app to either TLS 1.0 or 1.1 so the requests won't be rejected. 
 
 > [!IMPORTANT]
-> Incoming requests to web apps and incoming requests to Azure are treated differently. App Service will continue to support TLS 1.0 and 1.1 for incoming requests to the web apps. For incoming requests directly to Azure, for example through ARM or API, it's not recommended to use TLS 1.0 or 1.1.
+> Incoming requests to web apps and incoming requests to Azure are treated differently. App Service will continue to support TLS 1.0 and 1.1 for incoming requests to the web apps. For incoming requests directly to the Azure control plane, for example through ARM or API calls, it is not recommended to use TLS 1.0 or 1.1.
 >
 
 ## Minimum TLS cipher suite (preview)

articles/container-apps/plans.md

@@ -31,15 +31,10 @@ You can select from general purpose or specialized compute
 
 Use the Dedicated plan when you need any of the following in a single environment:
 
-- **Secure outbound traffic**: You can assign single outbound network path to systems protected by firewalls or other network appliances.
-
-- **Environment isolation**: Dedicated workload profiles provide access to dedicated hardware with a single tenant guarantee.
+- **Compute isolation**: Dedicated workload profiles provide access to dedicated hardware with a single tenant guarantee.
 
 - **Customized compute**: Select from many types and sizes of workload profiles based on your apps requirements. You can deploy many apps to each workload profile. Each workload profile can scale independently as more apps are added or removed or as apps scale their replicas up or down.
 
-
-- **Cost control**: Traditional serverless compute options optimize for scale in response to events and may not provide cost control options. Dedicated workload profiles let you set minimum and maximum scaling to help you better control costs.
-
     The Dedicated plan can be more cost effective when you're running higher scale deployments with steady throughput.
 
 > [!NOTE]

articles/cost-management-billing/understand/pay-bill.md

@@ -7,7 +7,7 @@ ms.reviewer: lishepar
 ms.service: cost-management-billing
 ms.subservice: billing
 ms.topic: how-to
-ms.date: 10/04/2024
+ms.date: 10/08/2024
 ms.author: banders
 ---
 
@@ -116,9 +116,12 @@ Although you can generally use debit cards to pay your Azure bill, consider thes
 
 If the default payment method of your billing profile is wire transfer, follow the payment instructions on your invoice PDF file.
 
+> [!NOTE]
+> When you pay your bill by wire transfer, the payment might take up to 10 business days to get processed.
+
 Alternatively, if your invoice is under the threshold amount for your currency, you can make a one-time payment in the Azure portal with a credit or debit card by using **Pay now**. If your invoice amount exceeds the threshold, you can't pay your invoice with a credit or debit card. You'll find the threshold amount for your currency in the Azure portal after you select **Pay now**.
 
-> [!NOTE]
+>[!NOTE]
 > When multiple invoices are remitted in a single wire transfer, you must specify the invoice numbers for all of the invoices.
 
 ### Bank details used to send wire transfer payments

articles/expressroute/expressroute-howto-linkvnet-portal-resource-manager.md

@@ -223,16 +223,6 @@ When adding a new connection for your ExpressRoute gateway, select the checkbox
 > [!NOTE]
 > You can use [Connection Monitor](how-to-configure-connection-monitor.md) to verify that your traffic is reaching the destination using FastPath.
 
-## Enroll in ExpressRoute FastPath features (preview)
-
-FastPath support for virtual network peering is now in Public preview. Enrollment is only available through Azure PowerShell. For instructions on how to enroll, see [FastPath preview features](expressroute-howto-linkvnet-arm.md#fastpath-virtual-network-peering-user-defined-routes-udrs-and-private-link-support-for-expressroute-direct-connections). 
-
-> [!NOTE] 
-> Any connections configured for FastPath in the target subscription will be enrolled in this preview. We do not advise enabling this preview in production subscriptions.
-> If you already have FastPath configured and want to enroll in the preview feature, you need to do the following:
-> 1. Enroll in the FastPath preview feature with the Azure PowerShell command.
-> 1. Disable and then re-enable FastPath on the target connection.
-
 ## Clean up resources
 
 You can delete a connection and unlink your virtual network to an ExpressRoute circuit by selecting the **Delete** icon on the page for your connection.

articles/frontdoor/standard-premium/how-to-configure-https-custom-domain.md

@@ -91,7 +91,7 @@ There are currently two ways to authenticate Azure Front Door to access your Key
 Register the service principal for Azure Front Door as an app in your Microsoft Entra ID by using Microsoft Graph PowerShell or the Azure CLI.
 
 > [!NOTE]
-> * This action requires you to have Global Administrator permissions in Microsoft Entra ID. The registration only needs to be performed *once per Microsoft Entra tenant*.
+> * This action requires you to have User Access Administrator permissions in Microsoft Entra ID. The registration only needs to be performed *once per Microsoft Entra tenant*.
 > * The application IDs of **205478c0-bd83-4e1b-a9d6-db63a3e1e1c8** and **d4631ece-daab-479b-be77-ccb713491fc0** are predefined by Azure for Azure Front Door Standard and Premium across all Azure tenants and subscriptions. Azure Front Door (classic) has a different application ID.
 
 # [Microsoft Graph PowerShell](#tab/powershell)

articles/governance/policy/concepts/definition-structure-basics.md

@@ -127,7 +127,7 @@ When Azure Policy versioning is released, the following Resource Provider modes
 
 Built-in policy definitions can host multiple versions with the same `definitionID`. If no version number is specified, all experiences will show the latest version of the definition. To see a specific version of a built-in, it must be specified in API, SDK or UI. To reference a specific version of a definition within an assignment, see [definition version within assignment](../concepts/assignment-structure.md#policy-definition-id-and-version-preview)
 
-The Azure Policy service uses `version`, `preview`, and `deprecated` properties to convey level of change to a built-in policy definition or initiative and state. The format of `version` is: `{Major}.{Minor}.{Patch}`. Specific states, such as _deprecated_ or _preview_, are appended to the `version` property or in another property as a **boolean**.
+The Azure Policy service uses `version`, `preview`, and `deprecated` properties to convey state and level of change to a built-in policy definition or initiative. The format of `version` is: `{Major}.{Minor}.{Patch}`. When a policy definition is in preview state, the suffix _preview_ is appended to the `version` property and treated as a **boolean**. When a policy definition is deprecated, the deprecation is captured as a boolean in the definition's metadata using `"deprecated": "true"`.
 
 - Major Version (example: 2.0.0): introduce breaking changes such as major rule logic changes, removing parameters, adding an enforcement effect by default.
 - Minor Version (example: 2.1.0): introduce changes such as minor rule logic changes, adding new parameter allowed values, change to `roleDefinitionIds`, adding or moving definitions within an initiative.

articles/governance/policy/concepts/initiative-definition-structure.md

@@ -128,7 +128,7 @@ there are some _common_ properties used by Azure Policy and in built-ins.
 ## Version (preview)
 Built-in policy initiatives can host multiple versions with the same `definitionID`. If no version number is specified, all experiences will show the latest version of the definition. To see a specific version of a built-in, it must be specified in API, SDK or UI. To reference a specific version of a definition within an assignment, see [definition version within assignment](../concepts/assignment-structure.md#policy-definition-id-and-version-preview)
 
-The Azure Policy service uses `version`, `preview`, and `deprecated` properties to convey the level of change to a built-in policy definition or initiative and state. The format of `version` is: `{Major}.{Minor}.{Patch}`. Specific states, such as _deprecated_ or _preview_, are appended to the `version` property or in another property as a **boolean** as shown in the common metadata properties.
+The Azure Policy service uses `version`, `preview`, and `deprecated` properties to convey state and level of change to a built-in policy definition or initiative. The format of `version` is: `{Major}.{Minor}.{Patch}`. When a policy definition is in preview state, the suffix _preview_ is appended to the `version` property and treated as a **boolean**. When a policy definition is deprecated, the deprecation is captured as a boolean in the definition's metadata using `"deprecated": "true"`.
 
 - Major Version (example: 2.0.0): introduce breaking changes such as major rule logic changes, removing parameters, adding an enforcement effect by default.
 - Minor Version (example: 2.1.0): introduce changes such as minor rule logic changes, adding new parameter allowed values, change to role definitionIds, adding or removing definitions within an initiative.