Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into quality-and-diagnostics

Author: ShawnJackson

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/governance/machine-configuration/whats-new/migrating-from-dsc-extension.md ",
+      "redirect_url": " https://azure.microsoft.com/updates/migrate-from-linux-dsc-extension-to-the-guest-configuration-feature-of-azure-policy-by-may-1-2025/",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/vpn-gateway/vpn-gateway-about-forced-tunneling.md",
       "redirect_url": "/previous-versions/azure/vpn-gateway/vpn-gateway-about-forced-tunneling",

articles/app-service/routine-maintenance-downtime.md

@@ -447,6 +447,8 @@
       href: https://azure.microsoft.com/updates/?product=app-service
     - name: Routine maintenance
       href: routine-maintenance.md
+    - name: Routine maintenance, Restarts, and Downtime
+      href: routine-maintenance-downtime.md
     - name: Language support policy
       href: language-support-policy.md
     - name: OS functionality

articles/app-service/toc.yml

@@ -166,9 +166,9 @@ After the Update Management feature is enabled on Windows or Linux machines, you
 If you have more than 2,000 hybrid workers, to get a list of all of them, you can run the following PowerShell script:
 
 ```powershell
-"Get-AzSubscription -SubscriptionName "<subscriptionName>" | Set-AzContext
+Get-AzSubscription -SubscriptionName "<subscriptionName>" | Set-AzContext
 $workersList = (Get-AzAutomationHybridWorkerGroup -ResourceGroupName "<resourceGroupName>" -AutomationAccountName "<automationAccountName>").Runbookworker
-$workersList | export-csv -Path "<Path>\output.csv" -NoClobber -NoTypeInformation"
+$workersList | export-csv -Path "<Path>\output.csv" -NoClobber -NoTypeInformation
 ```
 
 ## Next steps

articles/automation/automation-hybrid-runbook-worker.md

@@ -50,7 +50,7 @@ The following is an example of a minimal `project` file with these changes:
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
-    <AzureFunctionsVersion>V4</AzureFunctionsVersion>
+    <AzureFunctionsVersion>v4</AzureFunctionsVersion>
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Sdk.Functions" Version="4.4.0" />

articles/azure-functions/functions-dotnet-class-library.md

@@ -46,9 +46,9 @@ Azure NetApp Files is updated regularly. This article provides a summary about t
 
     Volume encryption with customer-managed keys with managed HSM extends the [customer-managed keys](configure-customer-managed-keys.md), enabling you to store your keys in a more secure FIPS 140-2 Level 3 HSM service instead of the FIPS 140-2 Level 1 or 2 encryption offered with Azure Key Vault. 
 
-* [Volume enhancement: Azure NetApp Files now supports 50 GiB minimum volume sizes](azure-netapp-files-resource-limits.md) (preview)
+* [Volume enhancement: Azure NetApp Files now supports 50 GiB minimum volume sizes](azure-netapp-files-create-volumes.md#50-gib) (preview)
 
-    You can now create an Azure NetApp Files volume as small as 50 GiB--a reduction from the initial minimum size of 100 GiB. 50 GiB volumes save costs for workloads that require volumes smaller than 100 GiB, allowing you to appropriately size storage volumes. 50 GiB volumes are supported for all protocols with Azure NetApp Files: [NFS](azure-netapp-files-create-volumes.md#50-gib), [SMB](azure-netapp-files-create-volumes-smb.md#50-gib), and [dual-protocol](create-volumes-dual-protocol.md#50-gib). You must register for the feature before creating a volume smaller than 100 GiB. 
+    You can now create an Azure NetApp Files volume as small as [50 GiB](azure-netapp-files-resource-limits.md)--a reduction from the initial minimum size of 100 GiB. 50 GiB volumes save costs for workloads that require volumes smaller than 100 GiB, allowing you to appropriately size storage volumes. 50 GiB volumes are supported for all protocols with Azure NetApp Files: [NFS](azure-netapp-files-create-volumes.md#50-gib), [SMB](azure-netapp-files-create-volumes-smb.md#50-gib), and [dual-protocol](create-volumes-dual-protocol.md#50-gib). You must register for the feature before creating a volume smaller than 100 GiB. 
 
 * [Azure NetApp Files double encryption at rest](double-encryption-at-rest.md) is now generally available (GA). 
 

articles/azure-netapp-files/whats-new.md

@@ -517,7 +517,7 @@ For more information, see [VM Applications](/azure/virtual-machines/vm-applicati
 
 #### Disk encryption sets
 
-There's a limitation of 1000 disk encryption sets per region, per subscription. For more
+There's a limitation of 5000 disk encryption sets per region, per subscription. For more
 information, see the encryption documentation for
 [Linux](/azure/virtual-machines/disk-encryption#restrictions) or
 [Windows](/azure/virtual-machines/disk-encryption#restrictions) virtual machines. If you

articles/azure-resource-manager/management/azure-subscription-service-limits.md

@@ -4,7 +4,7 @@ description: This article provides details about the known issues of Azure VMwar
 ms.topic: reference
 ms.custom: "engagement-fy23"
 ms.service: azure-vmware
-ms.date: 7/30/2024
+ms.date: 9/18/2024
 ---
 
 # Known issues: Azure VMware Solution
@@ -31,6 +31,7 @@ Refer to the table to find details about resolution dates or possible workaround
 | Zerto DR isn't currently supported with the AV64 SKU. The AV64 SKU uses ESXi host secure boot and Zerto DR hasn't implemented a signed VIB for the ESXi install. | 2024  | Continue using the AV36, AV36P, and AV52 SKUs for Zerto DR. | N/A |
 | [VMSA-2024-0013 (CVE-2024-37085)](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505) VMware ESXi Active Directory Integration Authentication Bypass | July 2024 | Azure VMware Solution does not provide Active Directory integration and isn't vulnerable to this attack. | N/A |
 | AV36P SKU new private cloud deploys with vSphere 7, not vSphere 8. | September 2024 | The AV36P SKU is waiting for a Hotfix to be deployed, which will resolve this issue. | N/A |
+| [VMSA-2024-0019](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968)) Vulnerability in the DCERPC Protocol and Local Privilege Escalations | September 2024 | Microsoft, working with Broadcom, adjudicated the risk of CVE-2024-38812 at an adjusted Environmental Score of [6.8](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/MAC:L/MPR:H/MUI:R) and CVE-2024-38813 with an adjusted Environmental Score of [6.8](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/MAV:A/MAC:H/MPR:L/MUI:R). Adjustments from the base scores were possible due to the network isolation of the Azure VMware Solution vCenter Server DCERPC protocol access (ports 2012, 2014, and 2020 aren't exposed via any interactive network path) and multiple levels of authentication and authorization necessary to gain interactive access to the Azure VMware Solution vCenter Server. A plan is being put in place to address these vulnerabilities at a future date TBD. | N/A |
 
 In this article, you learned about the current known issues with the Azure VMware Solution.
 

articles/azure-vmware/azure-vmware-solution-known-issues.md

@@ -5,7 +5,7 @@ author: vicancy
 ms.author: lianwei
 ms.service: azure-web-pubsub
 ms.topic: how-to
-ms.date: 08/01/2024
+ms.date: 09/19/2024
 ---
 
 # Configure event handler in Azure Web PubSub service
@@ -18,7 +18,7 @@ The Web PubSub service delivers client events to the configured upstream webhook
 
 ## Event handler settings
 
-A client always connects to a hub, and you could configure multiple event handler settings for the hub. The order of the event handler settings matters and the former one has the higher priority. When a client connects and an event is triggered, Web PubSub goes through the configured event handlers in the priority order and the first matching one wins. When configuring the event handler, the below properties should be set.
+A client always connects to a hub, and you could configure multiple event handler settings for the hub. The order of the event handler settings matters and the former one has the higher priority. When a client connects and an event is triggered, Web PubSub goes through the configured event handlers in the priority order and the first matching one wins. Set the following properties when you configure the event handler:
 
 |Property name | Description |
 |--|--|
@@ -29,24 +29,24 @@ A client always connects to a hub, and you could configure multiple event handle
 
 ### Events
 
-The events include user events and system events. System events are predefined events that are triggered during the lifetime of a client, and user events are the events triggered when the client sends data, the user event name can be customized using client protocols, [here contains the detailed explanation](concept-service-internals.md#client-protocol).
+The events include user events and system events. System events are predefined events that are triggered during the lifetime of a client. User events are triggered when the client sends data, the user event name can be customized using client protocols, [here contains the detailed explanation](concept-service-internals.md#client-protocol).
 
 Event type | Supported values |
 |--|--|
-System events | `connect`, `connected` and `disconnected` |
+System events | `connect`, `connected`, and `disconnected` |
 User events | `message`, or custom event name following client protocols |
 
 ### URL template
 
-URL template supports several parameters that can be evaluated during runtime. With this feature, it is easy to route different hubs or events into different upstream servers with a single setting. KeyVault reference syntax is also support so that data could be stored in Azure Key Vault securely.
+URL template supports several parameters that can be evaluated during runtime. With this feature, it's easy to route different hubs or events into different upstream servers with a single setting. KeyVault reference syntax is also support so that data could be stored in Azure Key Vault securely.
 
-Note URL domain name should not contain parameter syntax, for example, `http://{hub}.com` is not a valid URL template.
+Note URL domain name shouldn't contain parameter syntax, for example, `http://{hub}.com` isn't a valid URL template.
 
 | Supported parameters | Syntax | Description | Samples |
 |--|--|--|--|
 | Hub parameter | `{hub}` | The value is the hub that the client connects to. | When a client connects to `client/hubs/chat`, a URL template `http://host.com/api/{hub}` evaluates to `http://host.com/api/chat` because for this client, hub is `chat`. |
-| Event parameter | `{event}` | The value of the triggered event. `event` values are listed [here](#events).The event value for abuse protection requests is `validate` as explained [here](#upstream-and-validation). | If there is a URL template `http://host.com/api/{hub}/{event}` configured for event `connect`, When a client connects to `client/hubs/chat`, Web PubSub initiates a POST request to the evaluated URL `http://host.com/api/chat/connect` when the client is connecting, since for this client event, hub is `chat` and the event triggering this event handler setting is `connect`.  |
-| KeyVault reference parameter | `{@Microsoft.KeyVault(SecretUri=<secretUri>)}` | The **SecretUri** should be the full data-plane URI of a secret in the vault, optionally including a version, e.g., `https://myvault.vault.azure.net/secrets/mysecret/` or `https://myvault.vault.azure.net/secrets/mysecret/ec96f02080254f109c51a1f14cdb1931`. When using KeyVault reference, you also need to configure the authentication between your Web PubSub service and your KeyVault service, check [here](howto-use-managed-identity.md#use-a-managed-identity-for-a-key-vault-reference) for detailed steps. | `@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/)` |
+| Event parameter | `{event}` | The value of the triggered event. `event` values are listed [here](#events). The event value for abuse protection requests is `validate` as explained [here](#upstream-and-validation). | If there's a URL template `http://host.com/api/{hub}/{event}` configured for event `connect`, When a client connects to `client/hubs/chat`, Web PubSub initiates a POST request to the evaluated URL `http://host.com/api/chat/connect` when the client is connecting, since for this client event, hub is `chat` and the event triggering this event handler setting is `connect`. |
+| KeyVault reference parameter | `{@Microsoft.KeyVault(SecretUri=<secretUri>)}` | The **SecretUri** should be the full data-plane URI of a secret in the vault, optionally including a version, for example, `https://myvault.vault.azure.net/secrets/mysecret/` or `https://myvault.vault.azure.net/secrets/mysecret/ec96f02080254f109c51a1f14cdb1931`. When using KeyVault reference, you also need to configure the authentication between your Web PubSub service and your KeyVault service, check [here](howto-use-managed-identity.md#use-a-managed-identity-for-a-key-vault-reference) for detailed steps. | `@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/)` |
 
 ### Authentication between service and webhook
 
@@ -58,7 +58,7 @@ You can use any of these methods to authenticate between the service and webhook
 
 ## Upstream and Validation
 
-When setting up the event handler webhook through Azure portal or CLI, the service follows the [CloudEvents Abuse Protection](https://github.com/cloudevents/spec/blob/v1.0/http-webhook.md#4-abuse-protection) to validate the upstream webhook. Every registered upstream webhook URL is validated by this mechanism. The `WebHook-Request-Origin` request header is set to the service domain name `xxx.webpubsub.azure.com`, and it expects the response to have a header `WebHook-Allowed-Origin` to contain this domain name or `*`.
+When setting up the event handler webhook through Azure portal or CLI, the service follows the [CloudEvents Abuse Protection](https://github.com/cloudevents/spec/blob/v1.0/http-webhook.md#4-abuse-protection) to validate the upstream webhook. This mechanism validates every registered upstream webhook URL. The `WebHook-Request-Origin` request header is set to the service domain name `xxx.webpubsub.azure.com`, and it expects the response to have a header `WebHook-Allowed-Origin` to contain this domain name or `*`.
 
 When doing the validation, the `{event}` parameter is resolved to `validate`. For example, when trying to set the URL to `http://host.com/api/{event}`, the service tries to **OPTIONS** a request to `http://host.com/api/validate`. And only when the response is valid, the configuration can be set successfully.
 

articles/azure-web-pubsub/howto-develop-eventhandler.md

@@ -5,12 +5,12 @@ author: vicancy
 ms.author: lianwei
 ms.service: azure-web-pubsub
 ms.topic: how-to 
-ms.date: 11/08/2021
+ms.date: 09/18/2024
 ---
 
 #  Start a WebSocket connection to Azure Web PubSub
 
-Clients connect to the Azure Web PubSub service by using the standard [WebSocket](https://tools.ietf.org/html/rfc6455) protocol. You can use languages that have WebSocket client support to write a client for the service. In this article, you'll see several WebSocket client samples in different languages.
+Clients connect to the Azure Web PubSub service by using the standard [WebSocket](https://tools.ietf.org/html/rfc6455) protocol. You can use languages that have WebSocket client support to write a client for the service. In this article, you see several WebSocket client samples in different languages.
 
 ## Authorization