Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into nw-vnetflow

Author: halkazwini

articles/api-management/api-management-howto-log-event-hubs.md

@@ -277,7 +277,7 @@ Once your logger is configured in API Management, you can configure your [log-to
 1. Select **Save** to save the updated policy configuration. As soon as it's saved, the policy is active and events are logged to the designated event hub.
 
 > [!NOTE]
-> The maximum supported message size that can be sent to an event hub from this API Management policy is 200 kilobytes (KB). If a message that is sent to an event hub is larger than 200 KB, it will be automatically truncated, and the truncated message will be transferred to the event hub.
+> The maximum supported message size that can be sent to an event hub from this API Management policy is 200 kilobytes (KB). If a message that is sent to an event hub is larger than 200 KB, it will be automatically truncated, and the truncated message will be transferred to the event hub. For larger messages, consider using Azure Storage with Azure API Management as a workaround to bypass the 200KB limit. More details can be found in [this article](https://techcommunity.microsoft.com/t5/microsoft-developer-community/how-to-send-requests-to-azure-storage-from-azure-api-management/ba-p/3624955). 
 
 ## Preview the log in Event Hubs by using Azure Stream Analytics
 

articles/azure-monitor/insights/set-up-code-optimizations.md

@@ -19,7 +19,7 @@ Setting up Code Optimizations to identify and analyze CPU and memory bottlenecks
 
 ## Demo video
 
-<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/vbi9YQgIgC8" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
+> [!VIDEO https://www.youtube-nocookie.com/embed/vbi9YQgIgC8]
 
 ## Connect your web app to Application Insights
 

articles/operator-nexus/concepts-access-control-lists.md

@@ -52,3 +52,7 @@ The action property of an ACL statement can have one of the following types:
 - **Permit**: Allows packets that match specified conditions.
 - **Drop**: Discards packets that match specified conditions.
 - **Count**: Counts the number of packets that match specified conditions.
+
+## Next steps:
+
+[Creating Access Control List (ACL) management for NNI and layer 3 isolation domain external networks](howto-create-access-control-list-for-network-to-network-interconnects.md)

articles/sap/workloads/media/sap-proximity-placement-scenarios/vm-ppg-zone.png

@@ -1,17 +1,17 @@
 ---
-title: Configuration options for optimal network latency with SAP applications | Microsoft Docs
-description: Describes SAP deployment scenarios to achieve optimal network latency
+title: Configuration options to minimize network latency with SAP applications | Microsoft Docs
+description: Describes SAP deployment scenarios to minimize network latency
 author: msjuergent
 manager: bburns
 ms.service: sap-on-azure
 ms.subservice: sap-vm-workloads
 ms.custom: devx-track-azurepowershell
 ms.topic: article
-ms.date: 03/15/2024
+ms.date: 04/24/2024
 ms.author: juergent
 ---
 
-# Configuration options for optimal network latency with SAP applications
+# Configuration options to minimize network latency with SAP applications
 
 > [!IMPORTANT]
 > In November 2021 we made significant changes in the way how proximity placement groups should be used with SAP workload in zonal deployments.

articles/sap/workloads/proximity-placement-scenarios.md

@@ -89,7 +89,7 @@ items:
         href: sap-higher-availability-architecture-scenarios.md
       - name: Azure Availability Zones for SAP workloads
         href: high-availability-zones.md
-      - name: Configuration options for optimal network latency with SAP applications
+      - name: Configuration options to minimize network latency with SAP applications
         href: proximity-placement-scenarios.md
       - name: Public endpoint connectivity with Azure Load Balancer
         href: high-availability-guide-standard-load-balancer-outbound-connections.md

articles/sap/workloads/toc.yml

@@ -4,7 +4,7 @@ description: Learn how to enable identity-based Kerberos authentication for hybr
 author: khdownie
 ms.service: azure-file-storage
 ms.topic: how-to
-ms.date: 11/21/2023
+ms.date: 04/24/2024
 ms.author: kendownie
 ms.custom: engagement-fy23
 recommendations: false
@@ -47,6 +47,8 @@ Clients must be Microsoft Entra joined or [Microsoft Entra hybrid joined](../../
 
 This feature doesn't currently support user accounts that you create and manage solely in Microsoft Entra ID. User accounts must be [hybrid user identities](../../active-directory/hybrid/whatis-hybrid-identity.md), which means you'll also need AD DS and either [Microsoft Entra Connect](../../active-directory/hybrid/whatis-azure-ad-connect.md) or [Microsoft Entra Connect cloud sync](../../active-directory/cloud-sync/what-is-cloud-sync.md). You must create these accounts in Active Directory and sync them to Microsoft Entra ID. To assign Azure Role-Based Access Control (RBAC) permissions for the Azure file share to a user group, you must create the group in Active Directory and sync it to Microsoft Entra ID.
 
+This feature doesn't currently support cross-tenant access for B2B users or guest users. Users from an Entra tenant other than the one configured won't be able to access the file share.
+
 You must disable multifactor authentication (MFA) on the Microsoft Entra app representing the storage account.
 
 With Microsoft Entra Kerberos, the Kerberos ticket encryption is always AES-256. But you can set the SMB channel encryption that best fits your needs.
@@ -76,7 +78,7 @@ To enable Microsoft Entra Kerberos authentication using the [Azure portal](https
 
    :::image type="content" source="media/storage-files-identity-auth-hybrid-identities-enable/enable-azure-ad-kerberos.png" alt-text="Screenshot of the Azure portal showing Active Directory configuration settings for a storage account. Microsoft Entra Kerberos is selected." lightbox="media/storage-files-identity-auth-hybrid-identities-enable/enable-azure-ad-kerberos.png" border="true":::
 
-1. **Optional:** If you want to configure directory and file-level permissions through Windows File Explorer, then you need to specify the domain name and domain GUID for your on-premises AD. You can get this information from your domain admin or by running the following Active Directory PowerShell cmdlet from an on-premises AD-joined client: `Get-ADDomain`. Your domain name should be listed in the output under `DNSRoot` and your domain GUID should be listed under `ObjectGUID`. If you'd prefer to configure directory and file-level permissions using icacls, you can skip this step. However, if you want to use icacls, the client will need unimpeded network connectivity to the on-premises AD.
+1. **Optional:** If you want to configure directory and file-level permissions through Windows File Explorer, then you must specify the domain name and domain GUID for your on-premises AD. You can get this information from your domain admin or by running the following Active Directory PowerShell cmdlet from an on-premises AD-joined client: `Get-ADDomain`. Your domain name should be listed in the output under `DNSRoot` and your domain GUID should be listed under `ObjectGUID`. If you'd prefer to configure directory and file-level permissions using icacls, you can skip this step. However, if you want to use icacls, the client will need unimpeded network connectivity to the on-premises AD.
 
 1. Select **Save**.
 
@@ -184,10 +186,10 @@ There are two options for configuring directory and file-level permissions with
 - **Windows File Explorer:** If you choose this option, then the client must be domain-joined to the on-premises AD.
 - **icacls utility:** If you choose this option, then the client doesn't need to be domain-joined, but needs unimpeded network connectivity to the on-premises AD.
 
-To configure directory and file-level permissions through Windows File Explorer, you also need to specify domain name and domain GUID for your on-premises AD. You can get this information from your domain admin or from an on-premises AD-joined client. If you prefer to configure using icacls, this step is not required.
+To configure directory and file-level permissions through Windows File Explorer, you also need to specify domain name and domain GUID for your on-premises AD. You can get this information from your domain admin or from an on-premises AD-joined client. If you prefer to configure using icacls, this step isn't required.
 
 > [!IMPORTANT]
-> You can set file/directory level ACLs for identities which are not synced to Microsoft Entra ID. However, these ACLs will not be enforced because the Kerberos ticket used for authentication/authorization will not contain these not-synced identities. In order to enforce set ACLs, identities need to be synced to Microsoft Entra ID.
+> You can set file/directory level ACLs for identities which aren't synced to Microsoft Entra ID. However, these ACLs won't be enforced because the Kerberos ticket used for authentication/authorization won't contain these not-synced identities. In order to enforce set ACLs, identities must be synced to Microsoft Entra ID.
 
 > [!TIP]
 > If Microsoft Entra hybrid joined users from two different forests will be accessing the share, it's best to use icacls to configure directory and file-level permissions. This is because Windows File Explorer ACL configuration requires the client to be domain joined to the Active Directory domain that the storage account is joined to.

articles/storage/files/storage-files-identity-auth-hybrid-identities-enable.md

@@ -3,7 +3,7 @@ title: Select a disk type for Azure IaaS VMs - managed disks
 description: Learn about the available Azure disk types for virtual machines, including ultra disks, Premium SSDs v2, Premium SSDs, standard SSDs, and Standard HDDs.
 author: roygara
 ms.author: rogarana
-ms.date: 02/27/2024
+ms.date: 04/23/2024
 ms.topic: conceptual
 ms.service: azure-disk-storage
 ms.custom: references_regions
@@ -50,7 +50,7 @@ Ultra disks must be used as data disks and can only be created as empty disks. Y
 
 ### Ultra disk size
 
-Azure ultra disks offer up to 32-TiB per region per subscription by default, but ultra disks support higher capacity by request. To request an increase in capacity, request a quota increase or contact Azure Support.
+Azure ultra disks offer up to 100 TiB per region per subscription by default, but ultra disks support higher capacity by request. To request an increase in capacity, request a quota increase or contact Azure Support.
 
 The following table provides a comparison of disk sizes and performance caps to help you decide which to use.
 
@@ -122,7 +122,7 @@ Premium SSD v2 disks are designed to provide sub millisecond latencies and provi
 
 Premium SSD v2 capacities range from 1 GiB to 64 TiBs, in 1-GiB increments. You're billed on a per GiB ratio, see the [pricing page](https://azure.microsoft.com/pricing/details/managed-disks/) for details.
 
-Premium SSD v2 offers up to 100 TiBs per region per subscription by default, but supports higher capacity by request. To request an increase in capacity, request a quota increase or contact Azure Support.
+Premium SSD v2 offers up to 100 TiB per region per subscription by default, but supports higher capacity by request. To request an increase in capacity, request a quota increase or contact Azure Support.
 
 #### Premium SSD v2 IOPS