MicrosoftDocs
diff --git a/‎articles/api-management/api-management-gateways-overview.md
Lines changed: 8 additions & 8 deletions b/‎articles/api-management/api-management-gateways-overview.md
Lines changed: 8 additions & 8 deletions
diff --git a/‎articles/api-management/azure-openai-emit-token-metric-policy.md
Lines changed: 2 additions & 2 deletions b/‎articles/api-management/azure-openai-emit-token-metric-policy.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/api-management/configure-custom-domain.md
Lines changed: 10 additions & 2 deletions b/‎articles/api-management/configure-custom-domain.md
Lines changed: 10 additions & 2 deletions
diff --git a/‎articles/api-management/emit-metric-policy.md
Lines changed: 2 additions & 2 deletions b/‎articles/api-management/emit-metric-policy.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/api-management/forward-request-policy.md
Lines changed: 9 additions & 4 deletions b/‎articles/api-management/forward-request-policy.md
Lines changed: 9 additions & 4 deletions
diff --git a/‎articles/api-management/llm-emit-token-metric-policy.md
Lines changed: 2 additions & 2 deletions b/‎articles/api-management/llm-emit-token-metric-policy.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/azure-maps/tutorial-create-store-locator.md
Lines changed: 1 addition & 1 deletion b/‎articles/azure-maps/tutorial-create-store-locator.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/azure-netapp-files/backup-requirements-considerations.md
Lines changed: 3 additions & 1 deletion b/‎articles/azure-netapp-files/backup-requirements-considerations.md
Lines changed: 3 additions & 1 deletion
diff --git a/‎articles/azure-resource-manager/bicep/deployment-script-develop.md
Lines changed: 1 addition & 1 deletion b/‎articles/azure-resource-manager/bicep/deployment-script-develop.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/azure-resource-manager/bicep/file.md
Lines changed: 10 additions & 10 deletions b/‎articles/azure-resource-manager/bicep/file.md
Lines changed: 10 additions & 10 deletions
@@ -8,7 +8,7 @@ ms.service: azure-api-management
 ms.custom:
   - build-2024
 ms.topic: concept-article
-ms.date: 07/11/2024
+ms.date: 07/22/2025
 ms.author: danlep
 ---
 
@@ -79,20 +79,20 @@ The following tables compare features available in the following API Management
 | [Virtual network injection](virtual-network-concepts.md)  |  Developer, Premium | Premium v2 | ❌ | ✔️<sup>1,2</sup> | ✔️ |
 | [Inbound private endpoints](private-endpoint.md)  |  Developer, Basic, Standard, Premium | Standard v2 | ❌ | ❌ | ❌ |
 | [Outbound virtual network integration](integrate-vnet-outbound.md)  | ❌ | Standard  v2, Premium v2  |  ❌ | ❌ | ✔️ |
-| [Availability zones](zone-redundancy.md)  |  Premium | ✔️<sup>3</sup>  | ❌ | ✔️<sup>1</sup> | ✔️<sup>3</sup> |
+| [Availability zones](zone-redundancy.md)  |  Premium | ❌  | ❌ | ✔️<sup>1</sup> | ❌ |
 | [Multi-region deployment](api-management-howto-deploy-multi-region.md) |  Premium | ❌ |  ❌ | ✔️<sup>1</sup> | ❌ |
-| [CA root certificates](api-management-howto-ca-certificates.md) for certificate validation |  ✔️ | ❌ | ❌ | ✔️<sup>4</sup> |  ❌ |
+| [CA root certificates](api-management-howto-ca-certificates.md) for certificate validation |  ✔️ | ❌ | ❌ | ✔️<sup>3</sup> |  ❌ |
 | [Managed domain certificates](configure-custom-domain.md?tabs=managed#domain-certificate-options) |  Developer, Basic, Standard, Premium | ❌ | ✔️ | ❌ | ❌ |
 | [TLS settings](api-management-howto-manage-protocols-ciphers.md) |  ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
-| **HTTP/2** (Client-to-gateway) | ✔️<sup>5</sup> | ✔️<sup>5</sup> |❌ | ✔️ | ❌ |
-| **HTTP/2** (Gateway-to-backend) |  ❌ | ❌ | ❌ | ✔️ | ❌ |
+| **HTTP/2** (Client-to-gateway) | ✔️<sup>4</sup> | ✔️<sup>4</sup> |❌ | ✔️ | ❌ |
+| **HTTP/2** (Gateway-to-backend) |  ❌ | ✔️<sup>5</sup> | ❌ | ✔️<sup>5</sup> | ❌ |
 | API threat detection with [Defender for APIs](protect-with-defender-for-apis.md) | ✔️ | ✔️ |  ❌ | ❌ | ❌ |
 
 <sup>1</sup> Depends on how the gateway is deployed, but is the responsibility of the customer.<br/>
 <sup>2</sup> Connectivity to the self-hosted gateway v2 [configuration endpoint](self-hosted-gateway-overview.md#fqdn-dependencies) requires DNS resolution of the endpoint hostname.<br/>
-<sup>3</sup> Two zones are enabled by default; not configurable.<br/>
-<sup>4</sup> CA root certificates for self-hosted gateway are managed separately per gateway<br/>
-<sup>5</sup> Client protocol needs to be enabled.
+<sup>3</sup> CA root certificates for self-hosted gateway are managed separately per gateway<br/>
+<sup>4</sup> Client protocol needs to be enabled.<br/>
+<sup>5</sup> Configure using the [forward-request](forward-request-policy.md) policy.
 
 ### Backend APIs
 
 
@@ -59,7 +59,7 @@ The `azure-openai-emit-token-metric` policy sends custom metrics to Application
 | ----------- | --------------------------------------------------------------------------------- | -------- |
 | dimension   | Add one or more of these elements for each dimension included in the metric.  | Yes      |
 
-### dimension attributes
+### Dimension attributes
 
 | Attribute | Description                | Required |  Default value  |
 | --------- | -------------------------- |  ------------------ | -------------- |
@@ -77,7 +77,7 @@ The `azure-openai-emit-token-metric` policy sends custom metrics to Application
 ### Usage notes
 
 * This policy can be used multiple times per policy definition.
-* You can configure at most 10 custom dimensions for this policy.
+* You can configure at most 5 custom dimensions for this policy.
 * This policy can optionally be configured when adding an API from the Azure OpenAI Service using the portal.
 * Where available, values in the usage section of the response from the Azure OpenAI Service API are used to determine token metrics.
 * Certain Azure OpenAI endpoints support streaming of responses. When `stream` is set to `true` in the API request to enable streaming, token metrics are estimated.
 
@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 05/30/2025
+ms.date: 07/25/2025
 ms.author: danlep
 ms.custom:
   - engagement-fy23
@@ -104,12 +104,20 @@ For more information, see [Use managed identities in Azure API Management](api-m
 
 API Management offers a free, managed TLS certificate for your domain, if you don't wish to purchase and manage your own certificate. The certificate is autorenewed automatically.
 
+> [!IMPORTANT]
+> **Creation of managed certificates for custom domains in API Management will be temporarily unavailable from August 15, 2025 to March 15, 2026.** Our Certificate Authority (CA), DigiCert, will migrate to a new validation platform to meet Multi-Perspective Issuance Corroboration (MPIC) requirements for issuing certificates. This migration requires us to temporarily suspend the creation of managed certificates for custom domains. [Learn more](breaking-changes/managed-certificates-suspension-august-2025.md)
+>
+> Existing managed certificates will be autorenewed and remain unaffected.
+>
+> While creation of managed certificates is suspended, use other certificate options for configuring custom domains.
+
 > [!NOTE]
-> The free, managed TLS certificate is in preview. Currently, it's unavailable in the v2 service tiers. 
+> The free, managed TLS certificate is in preview. 
 
 #### Limitations
 
 * Currently can be used only with the Gateway endpoint of your API Management service
+* Not supported in the v2 tiers
 * Not supported with the self-hosted gateway
 * Not supported in the following Azure regions: France South and South Africa West
 * Currently available only in the Azure cloud
 
@@ -52,7 +52,7 @@ The `emit-metric` policy sends custom metrics in the specified format to Applica
 | ----------- | --------------------------------------------------------------------------------- | -------- |
 | dimension   | Add one or more of these elements for each dimension included in the custom metric.  | Yes      |
 
-### dimension attributes
+### Dimension attributes
 
 | Attribute | Description                | Required |  Default value  |
 | --------- | -------------------------- |  ------------------ | -------------- |
@@ -69,7 +69,7 @@ The `emit-metric` policy sends custom metrics in the specified format to Applica
 
 ### Usage notes
 
-* You can configure at most 10 custom dimensions for this policy.
+* You can configure at most 5 custom dimensions for this policy.
 
 ## Example
 
 
@@ -35,7 +35,7 @@ The `forward-request` policy forwards the incoming request to the backend servic
 | timeout                             | The amount of time in seconds to wait for the HTTP response headers to be returned by the backend service before a timeout error is raised. Minimum value is 0 seconds. Values greater than 240 seconds may not be honored, because the underlying network infrastructure can drop idle connections after this time. Policy expressions are allowed. You can specify either `timeout` or `timeout-ms` but not both. | No       | 300    |
 | timeout-ms                             | The amount of time in milliseconds to wait for the HTTP response headers to be returned by the backend service before a timeout error is raised. Minimum value is 0 ms. Policy expressions are allowed. You can specify either `timeout` or `timeout-ms` but not both.  | No       | N/A    |
 | continue-timeout | The amount of time in seconds to wait for a `100 Continue` status code to be returned by the backend service before a timeout error is raised. Policy expressions are allowed. | No  | N/A |
-| http-version                             | The HTTP spec version to use when sending the HTTP response to the backend service. When using `2or1`, the gateway will favor HTTP /2 over /1, but fall back to HTTP /1 if HTTP /2 doesn't work. | No       | 1    |
+| http-version                             | The HTTP protocol version to use when sending the HTTP request to the backend service: <br> - `1`: HTTP/1 <br> - `2`: HTTP/2 <br/> - `2or1`: The gateway favors HTTP/2 over HTTP/1, but falls back to HTTP/1 if HTTP/2 doesn't work.<br/><br/> HTTP/2 outbound is supported in select gateways. See [Usage notes](#usage-notes) for details. | No       | 1    |
 | follow-redirects | Specifies whether redirects from the backend service are followed by the gateway or returned to the caller. Policy expressions are allowed.                                                                                                                                                                                                    | No       | `false`   |
 | buffer-request-body      | When set to `true`, request is buffered and will be reused on [retry](retry-policy.md).                                                                                                                                                                                               | No       | `false`   |
 | buffer-response | Affects processing of chunked responses. When set to `false`, each chunk received from the backend is immediately returned to the caller. When set to `true`, chunks are buffered (8 KB, unless end of stream is detected) and only then returned to the caller.<br/><br/>Set to `false` with backends such as those implementing [server-sent events (SSE)](how-to-server-sent-events.md) that require content to be returned or streamed immediately to the caller. Policy expressions aren't allowed. | No | `true` |
@@ -48,11 +48,18 @@ The `forward-request` policy forwards the incoming request to the backend servic
 - [**Policy scopes:**](./api-management-howto-policies.md#scopes) global, workspace, product, API, operation
 -  [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption, self-hosted, workspace
 
+### Usage notes
+
+*  Use the `http-version` attribute to enable the HTTP/2 protocol outbound from the gateway to the backend. Set the attribute to `2or1` or `2`. Currently, HTTP/2 outbound is supported in the self-hosted gateway and in preview in the v2 gateway.
+
+    > [!IMPORTANT]
+    > In the v2 gateway, HTTP/2 is supported inbound to the API Management gateway and outbound from the gateway to the backend but not end-to-end. Currently, the v2 gateway downgrades an incoming HTTP/2 connection to HTTP/1 before forwarding the request to the backend.
+
 ## Examples
 
 ### Send request to HTTP/2 backend
 
-The following API level policy forwards all API requests to an HTTP/2 backend service.
+The following API level policy forwards all API requests to an HTTP/2 backend service. For example, use this policy to forward requests from a self-hosted gateway to a gRPC backend.
 
 ```xml
 <!-- api level -->
@@ -69,8 +76,6 @@ The following API level policy forwards all API requests to an HTTP/2 backend se
 </policies>
 ```
 
-This is required for HTTP /2 or gRPC workloads and currently only supported in self-hosted gateway. Learn more in our [API gateway overview](api-management-gateways-overview.md).
-
 ### Forward request with timeout interval
 
 The following API level policy forwards all API requests to the backend service with a timeout interval of 60 seconds.
 
@@ -58,7 +58,7 @@ The `llm-emit-token-metric` policy sends custom metrics to Application Insights
 | ----------- | --------------------------------------------------------------------------------- | -------- |
 | dimension   | Add one or more of these elements for each dimension included in the metric.  | Yes      |
 
-### dimension attributes
+### Dimension attributes
 
 | Attribute | Description                | Required |  Default value  |
 | --------- | -------------------------- |  ------------------ | -------------- |
@@ -77,7 +77,7 @@ The `llm-emit-token-metric` policy sends custom metrics to Application Insights
 ### Usage notes
 
 * This policy can be used multiple times per policy definition.
-* You can configure at most 10 custom dimensions for this policy.
+* You can configure at most 5 custom dimensions for this policy.
 * Where available, values in the usage section of the response from the LLM API are used to determine token metrics.
 * Certain LLM endpoints support streaming of responses. When `stream` is set to `true` in the API request to enable streaming, token metrics are estimated.
 
 
@@ -59,7 +59,7 @@ This section lists the Azure Maps features that are demonstrated in the Contoso
 * A store logo on the header
 * A map that supports panning and zooming
 * A **My Location** button to search over the user's current location.
-* A Page layout that adjusts based on the width of the devices screen
+* A Page layout that adjusts based on the width of the device's screen
 * A search box and a search button
 
 ### Functionality features
 
@@ -5,7 +5,7 @@ services: azure-netapp-files
 author: b-hchen
 ms.service: azure-netapp-files
 ms.topic: concept-article
-ms.date: 01/27/2025
+ms.date: 07/28/2025
 ms.author: anfdocs
 ms.custom:
   - build-2025
@@ -51,6 +51,8 @@ Azure NetApp Files backup in a region can only protect an Azure NetApp Files vol
 
 * If you need to delete a parent resource group or subscription that contains backups, you should delete any backups first. Deleting the resource group or subscription doesn't delete the backups.
 
+* If the volume reaches its maximum quota, backup creation can fail depending on the quantity of data changes to the volume. If the backup fails, increase the size of the volume then wait for the next scheduled backup. 
+
 ## Next steps
 
 * [Understand Azure NetApp Files backup](backup-introduction.md)
 
@@ -3,7 +3,7 @@ title: Develop a deployment script in Bicep
 description: Learn how to develop a deployment script within a Bicep file or store one externally as a separate file.
 ms.custom: devx-track-bicep
 ms.topic: conceptual
-ms.date: 09/26/2024
+ms.date: 07/25/2025
 ---
 
 # Develop a deployment script in Bicep
 
@@ -3,7 +3,7 @@ title: Bicep file structure and syntax
 description: Understand how to use declarative syntax to understand the structure and properties of Bicep files.
 ms.topic: conceptual
 ms.custom: devx-track-bicep
-ms.date: 03/25/2025
+ms.date: 07/25/2025
 ---
 
 # Bicep file structure and syntax
@@ -68,7 +68,7 @@ param location string = resourceGroup().location
 
 var uniqueStorageName = '${storagePrefix}${uniqueString(resourceGroup().id)}'
 
-resource stg 'Microsoft.Storage/storageAccounts@2023-04-01' = {
+resource stg 'Microsoft.Storage/storageAccounts@2025-01-01' = {
   name: uniqueStorageName
   location: location
   sku: {
@@ -168,7 +168,7 @@ var uniqueStorageName = '${storagePrefix}${uniqueString(resourceGroup().id)}'
 Apply this variable wherever you need the complex expression.
 
 ```bicep
-resource stg 'Microsoft.Storage/storageAccounts@2023-04-01' = {
+resource stg 'Microsoft.Storage/storageAccounts@2025-01-01' = {
   name: uniqueStorageName
 ```
 
@@ -195,7 +195,7 @@ param storageAccountConfig storageAccountConfigType = {
   sku: 'Standard_LRS'
 }
 
-resource storageAccount 'Microsoft.Storage/storageAccounts@2023-04-01' = {
+resource storageAccount 'Microsoft.Storage/storageAccounts@2025-01-01' = {
   name: storageAccountConfig.name
   location: location
   sku: {
@@ -228,7 +228,7 @@ Use the `resource` keyword to define a resource to deploy. Your resource declara
 The resource declaration includes the resource type and API version. Within the body of the resource declaration, include properties that are specific to the resource type.
 
 ```bicep
-resource stg 'Microsoft.Storage/storageAccounts@2023-04-01' = {
+resource stg 'Microsoft.Storage/storageAccounts@2025-01-01' = {
   name: uniqueStorageName
   location: location
   sku: {
@@ -250,7 +250,7 @@ Some resources have a parent/child relationship. You can define a child resource
 The following example shows how to define a child resource within a parent resource. It contains a storage account with a child resource (file service) that's defined within the storage account. The file service also has a child resource (share) that's defined within it.
 
 ```bicep
-resource storage 'Microsoft.Storage/storageAccounts@2023-04-01' = {
+resource storage 'Microsoft.Storage/storageAccounts@2025-01-01' = {
   name: 'examplestorage'
   location: resourceGroup().location
   kind: 'StorageV2'
@@ -271,7 +271,7 @@ resource storage 'Microsoft.Storage/storageAccounts@2023-04-01' = {
 The next example shows how to define a child resource outside of the parent resource. You use the parent property to identify a parent/child relationship. The same three resources are defined.
 
 ```bicep
-resource storage 'Microsoft.Storage/storageAccounts@2023-04-01' = {
+resource storage 'Microsoft.Storage/storageAccounts@2025-01-01' = {
   name: 'examplestorage'
   location: resourceGroup().location
   kind: 'StorageV2'
@@ -373,15 +373,15 @@ Spaces and tabs are ignored when you author Bicep files.
 Bicep is newline sensitive. For example:
 
 ```bicep
-resource sa 'Microsoft.Storage/storageAccounts@2023-04-01' = if (newOrExisting == 'new') {
+resource sa 'Microsoft.Storage/storageAccounts@2025-01-01' = if (newOrExisting == 'new') {
   ...
 }
 ```
 
 Can't be written as:
 
 ```bicep
-resource sa 'Microsoft.Storage/storageAccounts@2023-04-01' =
+resource sa 'Microsoft.Storage/storageAccounts@2025-01-01' =
     if (newOrExisting == 'new') {
       ...
     }
@@ -397,7 +397,7 @@ The following example shows a single-line comment.
 
 ```bicep
 // This is your primary NIC.
-resource nic1 'Microsoft.Network/networkInterfaces@2023-11-01' = {
+resource nic1 'Microsoft.Network/networkInterfaces@2024-07-01' = {
   ...
 }
 ```