Merge pull request #302512 from MicrosoftDocs/main

Auto Publish – main to live - 2025-07-10 05:00 UTC

Author: learn-build-service-prod[bot]

articles/application-gateway/tutorial-url-redirect-powershell.md

@@ -39,9 +39,142 @@ Access logs categories for a network security perimeter are based on the results
 > [!NOTE]
 > The available access modes for a network security perimeter are **Transition** and **Enforced**. The **Transition** mode was previously named **Learning** mode. You may continue to see references to **Learning** mode in some instances. 
 
+## Access log schema
+
+Every PaaS resource associated with the network security perimeter, generates access log(s) with unified log schema when enabled.
+> [!NOTE]
+> Network security perimeter access logs may have been aggregated. If the fields 'count' and 'timeGeneratedEndTime' are missing, consider the aggregation count as 1.
+
+| **Value** | **Description** |
+| --- | --- |
+| **time** | The timestamp (UTC) of the first event in log aggregation window. |
+| **timeGeneratedEndTime** | The timestamp (UTC) of the last event in the log aggregation window. |
+| **count** | Number of logs aggregated. |
+| **resourceId** | The resource Id of the network security perimeter.|
+| **location** | The region of network security perimeter.|
+| **operationName** | The name of the PaaS resource operation represented by this event. |
+| **operationVersion** | The api-version associated with the operation. |
+| **category** | Log categories defined for Access logs. |
+| **properties** | Network security perimeter specific extended properties related to this category of events.|
+| **resultDescription** | The static text description of this operation on the PaaS resource, e.g. “Get storage file.” |
+
+## Network security perimeter specific properties
+
+This section describes the network security perimeter specific properties in the log schema. 
+> [!NOTE]
+> Application of the properties is subjected to log category type. Do refer respective log category schemas for applicability.
+
+| **Value** | **Description** |
+| --- | --- |
+| **serviceResourceId** | Resource ID of PaaS resource emitting network security perimeter access logs. |
+| **serviceFqdn** | Fully Qualified Domain Name of PaaS resource emitting network security perimeter access logs. |
+| **profile** | Name of the network security perimeter profile associated to the resource. |
+| **parameters** | List of optional PaaS resource properties in JSON string format. E.g., { {Param1}: {value1}, {Param2}: {value2}, ...}. |
+| **appId** | Unique GUID representing the app ID of resource in the Azure Active Directory. |
+| **matchedRule** | JSON property bag containing matched accessRule name, {"accessRule" : "{ruleName}"}. It can be either network security perimeter access rule Name or resource rule name (not the ArmId). |
+| **source** | JSON property bag describing source of the inbound connection. |
+| **destination** | JSON property bag describing destination of the outbound connection. |
+| **accessRulesVersion** | JSON property bag containing access rule version of the resource. |
+	
+## Source properties
+
+Properties describing source of inbound connection.
+
+| **Value** | **Description** |
+| --- | --- |
+| **resourceId** | Resource ID of source PaaS resource for an inbound connection. Will exist if applicable. |
+| **ipAddress** | IP address of source making inbound connection. Will exist if applicable. |
+| **port** | Port number of inbound connection. May not exist for all resource types. |
+| **protocol** | Application & transport layer protocols for inbound connection in format {AppProtocol}:{TptProtocol}. E.g., HTTPS:TCP. May not exist for all resource types. |
+| **perimeterGuids** | List of perimeter GUIDs of source resource. It should be specified only if allowed based on perimeter GUID. |
+| **appId** | Unique GUID representing the app ID of source in the Azure Active Directory. |
+| **parameters** | List of optional source properties in JSON string format. E.g., { {Param1}: {value1}, {Param2}: {value2}, ...}. |
+
+## Destination properties
+Properties describing destination of outbound connection.
+
+| **Value** | **Description** |
+| --- | --- |
+| **resourceId** | Resource ID of destination PaaS resource for an outbound connection. Will exist if applicable. |
+| **fullyQualifiedDomainName** | Fully Qualified Domain (FQDN) name of the destination. |
+| **parameters** | List of optional destination properties in JSON string format. E.g., { {Param1}: {value1}, {Param2}: {value2}, ...}. |
+| **port** | Port number of outbound connection. May not exist for all resource types. |
+| **protocol** | Application & transport layer protocols for outbound connection in the format {AppProtocol}:{TptProtocol}. E.g., HTTPS:TCP. May not exist for all resource types. |
+
+## Sample log entry For inbound categories
+
+``` json
+{
+  "time" : "{timestamp}",
+  "timeGeneratedEndTime" : "{timestamp}",
+  "count" : "{countOfAggregatedLogs}",
+  "resourceId" : "/SUBSCRIPTIONS/{subsId}/RESOURCEGROUPS/{resourceGroupName}/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYPERIMETERS/{perimeterName}",
+  "operationName" : "{PaaSOperationName}" ,
+  "operationVersion" : "{api-version}",
+  "category" : "{inboundCategory}",
+  "location" : "{networksecurityperimeterRegion}",
+  "properties" : {
+    "serviceResourceId" : "/subscriptions/{paasSubsId}/resourceGroups/{paasResourceGroupName}/providers/{provider}/{resourceType}/{resourceName}",
+    "serviceFqdn": "{PaaSResourceFQDN}",
+    "accessRulesVersion" : "{accessRulesVersion}",
+    "profile" : "{networksecurityperimeterProfileName}",
+    "appId" : "{resourceAppId}",
+    "parameters" : "{ {ParameterType1}: {value1}, {ParameterType2}: {value2}, ...}", // Parsable JSON 
+    "matchedRule" : {
+      "accessRule" : "{matchedRuleName}",
+      },
+    "source" : {
+      "resourceId" : "/subscriptions/{sourceSubscriptionId}/resourceGroups/{sourceResourceGroupName}/providers/{sourceProvider}/{sourceResourceType}/{sourceResourceName}",
+      "ipAddress": "{sourceIPAddress}",
+      "perimeterGuids" : ["{sourcePerimeterGuid}"], // Only included if request comes from perimeter
+      "appId" : "{sourceAppId}",
+      "port" : "{Port}",
+      "protocol" : "{Protocol}",
+      "parameters" : "{ {ParameterType1}: {value1}, {ParameterType2}: {value2}, ...}", // Parsable JSON 
+    },
+  },
+  "resultDescription" : "The static text description of this operation on the PaaS resource. For example, \"Get storage file.\""
+}
+```
+
+## Sample log entry for outbound categories
+
+``` json
+{
+  "time" : "{timestamp}",
+  "timeGeneratedEndTime" : "{timestamp}",
+  "count" : "{countOfAggregatedLogs}",
+  "resourceId" : "/SUBSCRIPTIONS/{subsId}/RESOURCEGROUPS/{resourceGroupName}/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYPERIMETERS/{perimeterName}",
+  "operationName" : "{PaaSOperationName}" ,
+  "operationVersion" : "{api-version}",
+  "category" : "{outboundCategory}",
+  "location" : "{networksecurityperimeterRegion}",
+  "properties" : {
+    "serviceResourceId" : "/subscriptions/{paasSubsId}/resourceGroups/{paasResourceGroupName}/providers/{provider}/{resourceType}/{resourceName}",
+    "serviceFqdn": "{PaaSResourceFQDN}",
+    "accessRulesVersion" : "{accessRulesVersion}",
+    "profile" : "{networksecurityperimeterProfileName}",
+    "appId" : "{resourceAppId}",
+    "parameters" : "{{ParameterType1}: {value1}, {ParameterType2}: {value2}, ...}", // Parsable JSON 
+    "matchedRule" : {
+      "accessRule" : "{matchedRuleName}",
+      },
+    "destination" : {
+      "resourceId" : "/subscriptions/{destSubsId}/resourceGroups/{destResourceGroupName}/providers/{destProvider}/{destResourceType}/{destResourceName}",
+      "fullyQualifiedDomainName" : "{destFQDN}",
+      "appId" : "{destAppId}",
+      "port" : "{Port}",
+      "protocol" : "{Protocol}",
+      "parameters" : "{ {ParameterType1}: {value1}, {ParameterType2}: {value2}, ...}", // Parsable JSON 
+    },
+  },
+  "resultDescription" : "The static text description of this operation on the PaaS resource. For example, \"Get storage file.\""
+}
+```
+
 ## Logging destination options for access logs  
 
-The destinations for storing diagnostic logs for a network security perimeter include services like Log Analytic workspace, Azure Storage account, and Azure Event Hubs. For the full list and details of supported destinations, see [Supported destinations for diagnostic logs](/azure/azure-monitor/essentials/diagnostic-settings).
+The destinations for storing diagnostic logs for a network security perimeter include services like Log Analytic workspace (**Table name: NSPAccessLogs**), Azure Storage account, and Azure Event Hubs. For the full list and details of supported destinations, see [Supported destinations for diagnostic logs](/azure/azure-monitor/essentials/diagnostic-settings).
 
 ## Enable logging through the Azure portal
 

articles/private-link/network-security-perimeter-diagnostic-logs.md

@@ -103,6 +103,32 @@ Further, here are some prompts you can use to help you interact with your agent:
 - List [Container Apps/Web Apps/etc.] that you’re managing across all subscriptions.
 - Visualize split of Container Apps vs Web Apps vs AKS clusters managed across all subscriptions as a pie chart.
 
+## Supported services
+
+While Azure SRE Agent can help you manage and report on all Azure services, the agent features specialized tools for managing the following services:
+
+- Azure API Management
+- Azure App Service
+- Azure Cache for Redis
+- Azure Container Apps
+- Azure Cosmos DB
+- Azure Database for PostgreSQL
+- Azure Functions
+- Azure Kubernetes Service
+- Azure SQL
+- Azure Storage
+- Azure Virtual Machines
+
+To get the latest list of services with custom agent tooling, you can submit the following prompt to the agent:
+
+```text
+Which Azure services do you have specialized tooling available for?
+```
+
+### Identifying resource groups
+
+As you create an agent, the resource group picker indicates groups that have instances of services with specialized tooling. From the resource group picker you'll see a checkmark (:::image type="icon" source="media/blue-check.png" border="false":::) next to the group name indicating the group includes services with specialized support.
+
 ## Preview access
 
 Access to an SRE Agent is only available as in preview. To sign up for access, fill out the [SRE Agent application](https://go.microsoft.com/fwlink/?linkid=2319540).

articles/sre-agent/media/blue-check.png

@@ -82,9 +82,7 @@ Azure File Sync is supported with the following versions of Windows Server:
 | Windows Server 2022 | Azure, Datacenter, Essentials, Standard, and IoT | Full and Core |
 | Windows Server 2019 | Datacenter, Essentials, Standard, and IoT | Full and Core |
 | Windows Server 2016 | Datacenter, Essentials, Standard, and Storage Server | Full and Core |
-| Windows Server 2012 R2* | Datacenter, Essentials, Standard, and Storage Server | Full and Core |
 
-*Requires downloading and installing [Windows Management Framework (WMF) 5.1](https://www.microsoft.com/download/details.aspx?id=54616). The appropriate package to download and install for Windows Server 2012 R2 is **Win8.1AndW2K12R2-KB\*\*\*\*\*\*\*-x64.msu**.
 
 > [!IMPORTANT]  
 > We recommend keeping all servers that you use with Azure File Sync up to date with the latest updates from Windows Update. 

articles/sre-agent/overview.md

@@ -0,0 +1,51 @@
+---
+title: Release notes for Arc-enabled VM extensions July 2025
+description: Learn about Azure Arc-enabled VM extensions, including their latest releases, known issues, and bug fixes, in the month of July to help you manage updates effectively.
+ms.service: azure-update-manager
+ms.date: 07/09/2025
+ms.topic: overview
+author: habibaum
+ms.author: v-uhabiba
+---
+
+# Release notes for Azure Arc-enabled VM extensions - July 25
+
+For Azure Arc-enabled machines, two extensions are installed. For more information, see [How Update Manager works](workflow-update-manager.md)
+
+
+The Azure Arc-enabled VM extensions receive improvements on an ongoing basis. This article provides you with the following information to help you stay up to date with the latest developments:
+
+- The latest releases
+- Known issues
+- Bug fixes
+
+## Windows extension
+
+Update this when future versions are released.
+
+## Linux extensions
+
+### July 2025
+
+#### Extension name: Microsoft.SoftwareUpdateManagement.LinuxOsUpdateExtension 
+#### Extension Version: 1.0.55.0
+
+Added support for management of following distributions: 
+
+- Ubuntu 24 
+- Debian 12 
+
+In previous releases, patching an Ubuntu 24.04 server failed with the error: **E: the list of sources couldn't be read**.
+
+
+## Next steps
+
+- [How Update Manager works](workflow-update-manager.md)
+- [Prerequisites of Update Manager](prerequisites.md)
+- [View updates for a single machine](view-updates.md).
+- [Deploy updates now (on-demand) for a single machine](deploy-updates.md).
+- [Enable periodic assessment at scale using policy](https://aka.ms/aum-policy-support).
+- [Schedule recurring updates](scheduled-patching.md)
+- [Manage update settings via the portal](manage-update-settings.md).
+- [Manage multiple machines by using Update Manager](manage-multiple-machines.md).
+

articles/storage/file-sync/file-sync-planning.md

@@ -1,5 +1,5 @@
 ---
-title: Release notes of Arc-enabled VM extensions
+title: Release notes of Arc-enabled VM extensions May 2025
 description: Learn about Azure Arc-enabled VM extensions, including their latest releases, known issues, and bug fixes, to help you manage updates effectively.
 ms.service: azure-update-manager
 ms.date: 03/28/2025
@@ -9,12 +9,12 @@ ms.author: v-uhabiba
 # Customer intent: "As a cloud administrator, I want to stay updated on the latest improvements and bug fixes for Azure Arc-enabled VM extensions, so that I can effectively manage updates and troubleshoot any issues that arise."
 ---
 
-# Release notes for Azure Arc-enabled VM extensions
+# Release notes for Azure Arc-enabled VM extensions - March 25
 
 For Azure Arc-enabled machines, two extensions are installed. For more information, see [How Update Manager works](workflow-update-manager.md)
 
 
-The Azure Arc-enabled VM extensions receive improvements on an ongoing basis. To stay up to date with the most recent developments, this article provides you with the information about:
+The Azure Arc-enabled VM extensions receive improvements on an ongoing basis.  This article provides you with the following information to help you stay up to date with the latest developments:
 
 - The latest releases
 - Known issues
@@ -33,7 +33,7 @@ The Azure Arc-enabled VM extensions receive improvements on an ongoing basis. To
     - Current error message:  *An internal error occurred while processing the operation.*
     - New error message: *Windows update API threw an exception while assessing the machine for available updates. HResult: 0x80004005*
     > [!NOTE]
-    > The HResult could be different, based on the issue.
+    > The HResult changes based on the issue.
 
 - Fixed an issue where at times the extension status is stuck in  **Creating state**. Then the assessment or install updates job fails with the following error: *Extension failed during enable. Extension Enable command timed out.*
 
@@ -43,7 +43,6 @@ The Azure Arc-enabled VM extensions receive improvements on an ongoing basis. To
 
 To be updated as and when future versions are released.
 
-
 ## Next steps
 
 - [How Update Manager works](workflow-update-manager.md)

articles/update-manager/arc-enabled-vm-extensions.md

@@ -17,6 +17,8 @@ items:
       items:
       - name: March 2025
         href: overview-arc-enabled-vm-extensions.md
+      - name: July 2025
+        href: arc-enabled-vm-extensions.md
 - name: Getting started
   items:
   - name: Prerequisites