Merge branch 'main' into SSL-Policies

Author: Vyshnavi-MSFT

articles/application-gateway/for-containers/quickstart-deploy-application-gateway-for-containers-alb-controller.md

@@ -7,7 +7,7 @@ author: mbender-ms
 ms.service: azure-appgw-for-containers
 ms.custom: devx-track-azurecli
 ms.topic: quickstart
-ms.date: 5/2/2025
+ms.date: 7/9/2025
 ms.author: mbender
 # Customer intent: As a Kubernetes administrator, I want to install the Application Gateway for Containers ALB Controller on my AKS cluster, so that I can efficiently manage load balancing rules and enhance application traffic handling.
 ---
@@ -181,7 +181,6 @@ You need to complete the following tasks before deploying Application Gateway fo
    
     | NAME                                     | READY | STATUS  | RESTARTS | AGE  |
     | ---------------------------------------- | ----- | ------- | -------- | ---- |
-    | alb-controller-bootstrap-6648c5d5c-hrmpc | 1/1   | Running | 0        | 4d6h |
     | alb-controller-6648c5d5c-sdd9t           | 1/1   | Running | 0        | 4d6h |
     | alb-controller-6648c5d5c-au234           | 1/1   | Running | 0        | 4d6h |
 

articles/application-gateway/tutorial-url-redirect-powershell.md

@@ -15,7 +15,7 @@ ms.custom: references_regions
 In this quickstart, you learn how to connect to VMs using Azure Bastion Developer. In just a few seconds, you can connect to virtual machines (VM) in the virtual network at no extra cost via Bastion Developer using the private IP address of the VM. The VMs you connect to don't need a public IP address, client software, agent, or a special configuration. For more information about Azure Bastion, see [What is Azure Bastion](bastion-overview.md)?
 
 > [!IMPORTANT]
-> Bastion Developer is currently unavailable. We're working to restore service. As a workaround, you can use the [Basic SKU](tutorial-create-host-portal.md) or the [Standard SKU](quickstart-host-portal.md) to connect to your VMs. We'll update this article when Bastion Developer is available again.
+> Bastion Developer is currently only available in East Asia, West Central US, UK South, and Central US. We're working to restore service in all public regions. As a workaround, you can use the [Basic SKU](tutorial-create-host-portal.md) or the [Standard SKU](quickstart-host-portal.md) to connect to your VMs. We'll update this article periodically as Bastion Developer becomes available in more regions.
 
 [!INCLUDE [Bastion developer](../../includes/bastion-developer-description.md)] Virtual network peering isn't currently supported for Bastion Developer.
 

articles/bastion/quickstart-developer.md

@@ -4,7 +4,7 @@ description: Learn to record and query data collected using OpenTelemetry in Azu
 services: container-apps
 author: craigshoemaker
 ms.service: azure-container-apps
-ms.date: 06/16/2025
+ms.date: 07/07/2025
 ms.author: cshoe
 ms.topic: how-to
 ms.custom:
@@ -745,6 +745,13 @@ resource environment 'Microsoft.App/managedEnvironments@2024-10-02-preview' = {
 
 For more information, see [Microsoft.App/managedEnvironments](/azure/templates/microsoft.app/2024-02-02-preview/managedenvironments).
 
+## Data resilience
+
+In the event of a messaging inturruptions to an endpoint, the OpenTelemetry agent uses the following procedure to support data resilience: 
+
+- **In-memory buffering and retries**: The agent holds data in memory and keeps retrying (with backoff) for up to five minutes.
+- **Dropping data**: If the buffered queue fills up, or the endpoint is still down after retries, the agent discards the oldest batches to avoid running out of memory.
+
 ## Environment variables
 
 The OpenTelemetry agent automatically injects a set of environment variables into your application at runtime.

articles/container-apps/opentelemetry-agents.md

@@ -14,7 +14,7 @@ metadata:
   ms.topic: landing-page
   ms.author: rosemalcolm
   author: RoseHJM
-  ms.date: 03/31/2025
+  ms.date: 07/09/2025
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
 
 landingContent:

articles/dev-box/index.yml

@@ -18,5 +18,5 @@ Here are the SDKs currently available for the Azure Digital Twins control plane
 | .NET (C#) | [Azure.ResourceManager.DigitalTwins on NuGet](https://www.nuget.org/packages/Azure.ResourceManager.DigitalTwins) | [Reference for Azure DigitalTwins SDK for .NET](/dotnet/api/overview/azure/digitaltwins) | [Microsoft Azure Digital Twins management client library for .NET on GitHub](https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/digitaltwins/Azure.ResourceManager.DigitalTwins) |
 | Java | [azure-resourcemanager-digitaltwins on Maven](https://repo1.maven.org/maven2/com/azure/resourcemanager/azure-resourcemanager-digitaltwins/) | [Reference for Resource Management - Digital Twins](/java/api/overview/azure/digital-twins) | [Azure Resource Manager AzureDigitalTwins client library for Java on GitHub](https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/digitaltwins) |
 | JavaScript | [AzureDigitalTwinsManagement client library for JavaScript on npm](https://www.npmjs.com/package/@azure/arm-digitaltwins) | | [AzureDigitalTwinsManagement client library for JavaScript on GitHub](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/digitaltwins/arm-digitaltwins) |
-| Python | [azure-mgmt-digitaltwins on PyPI](https://pypi.org/project/azure-mgmt-digitaltwins/) | | [Microsoft Azure SDK for Python on GitHub](https://github.com/Azure/azure-sdk-for-python/tree/release/v3/sdk/digitaltwins/azure-mgmt-digitaltwins) |
+| Python | [azure-mgmt-digitaltwins on PyPI](https://pypi.org/project/azure-mgmt-digitaltwins/) | | [Microsoft Azure SDK for Python on GitHub](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/digitaltwins/azure-mgmt-digitaltwins) |
 | Go | [azure-sdk-for-go/services/digitaltwins/mgmt](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/services/digitaltwins/mgmt) | | [Azure SDK for Go on GitHub](https://github.com/Azure/azure-sdk-for-go)

articles/digital-twins/includes/digital-twins-sdks-control-plane.md

@@ -1,12 +1,12 @@
 ---
 title: Azure Firewall Manager policy overview
 description: Learn about Azure Firewall Manager policies.
-author: duongau
+author: sujamiya
 ms.service: azure-firewall-manager
 services: firewall-manager
 ms.topic: concept-article
-ms.date: 03/06/2024
-ms.author: duau
+ms.date: 07/09/2025
+ms.author: sujamiya
 ---
 
 # Azure Firewall Manager policy overview
@@ -21,7 +21,7 @@ A policy can be created and managed in multiple ways, including the Azure portal
 
 You can also migrate existing Classic rules from Azure Firewall using the portal or Azure PowerShell to create policies. For more information, see [How to migrate Azure Firewall configurations to Azure Firewall policy](migrate-to-policy.md). 
 
-Policies can be associated with one or more virtual hubs or VNets. The firewall can be in any subscription associated with your account and in any region.
+Policies can be associated with one or more firewalls deployed in either a Virtual WAN (creating a Secured Virtual Hub) or a Virtual Network (creating a Hub Virtual Network). Firewalls can reside in any region or subscription linked to your account.
 
 ## Classic rules and policies
 
@@ -31,7 +31,7 @@ Azure Firewall supports both Classic rules and policies, but policies is the rec
 | Subject | Policy  | Classic rules |
 | ------- | ------- | ----- |
 |Contains     |NAT, Network, Application rules, custom DNS and DNS proxy settings, IP Groups, and Threat Intelligence settings (including allowlist), IDPS, TLS Inspection, Web Categories, URL Filtering|NAT, Network, and Application rules, custom DNS and DNS proxy settings, IP Groups, and Threat Intelligence settings (including allowlist)|
-|Protects     |Virtual hubs and Virtual Networks|Virtual Networks only|
+|Protects     |Virtual Hubs (VWAN) and Virtual Networks|Virtual Networks only|
 |Portal experience     |Central management using Firewall Manager|Standalone firewall experience|
 |Multiple firewall support     |Firewall Policy is a separate resource that can be used across firewalls|Manually export and import rules, or using third-party management solutions |
 |Pricing     |Billed based on firewall association. See [Pricing](#pricing).|Free|
@@ -51,17 +51,19 @@ Azure Firewall supports Basic, Standard, and Premium policies. The following tab
 
 ## Hierarchical policies
 
-New policies can be created from scratch or inherited from existing policies. Inheritance allows DevOps to create local firewall policies on top of organization mandated base policy.
+New firewall policies can either be created from scratch or inherited from existing policies. Inheritance allows DevOps to define local firewall policies on top of organization mandated base policies.
 
-Policies created with non-empty parent policies inherit all rule collections from the parent policy. The parent policy and the child policy must be in the same region. A firewall policy can be associated with firewalls across regions regardless where they're stored.
+When a new policy is created with a non-empty parent policy, it inherits all rule collections from the parent. Both the parent and child policies must reside in the same region. However, a firewall policy, regardless of where it is stored, can be associated with firewalls in any region.
 
-Network rule collections inherited from a parent policy are always prioritized over network rule collections defined as part of a new policy. The same logic also applies to application rule collections. However, network rule collections are always processed before application rule collections regardless of inheritance.
+### Rule inheritance ###
+Network rule collections inherited from the parent policy are always prioritized over network rule collections defined as part of a new policy. The same logic also applies to application rule collections. Regardless of inheritance, network rule collections are processed before application rule collections. 
 
-Threat Intelligence mode is also inherited from the parent policy. You can set your threat Intelligence mode to a different value to override this behavior, but you can't turn it off. It's only possible to override with a stricter value. For example, if your parent policy is set to **Alert only**, you can configure this local policy to **Alert and deny**.
+NAT rule collections are not inherited, as they are specific to individual firewalls. If you want to use NAT rules, you must define them in the child policy.
 
-Like Threat Intelligence mode, the Threat Intelligence allowlist is inherited from the parent policy. The child policy can add more IP addresses to the allowlist.
+### Threat Intelligence mode and allowlist inheritance ###
+Threat Intelligence mode is also inherited from the parent policy. While you can override this setting in the child policy, it must be with a stricter mode - you cannot disable it. For example, if your parent policy is set to **Alert only**, the child policy can be set to **Alert and deny**, but not to a less strict mode.
 
-NAT rule collections aren't inherited because they're specific to a given firewall.
+Similarly, the Threat Intelligence allowlist is inherited from the parent policy, and the child policy can append additional IP addresses to this list.
 
 With inheritance, any changes to the parent policy are automatically applied down to associated firewall child policies.
 

articles/firewall-manager/policy-overview.md

@@ -5,7 +5,7 @@ author: halkazwini
 ms.author: halkazwini
 ms.service: azure-frontdoor
 ms.topic: concept-article
-ms.date: 11/18/2024
+ms.date: 11/19/2024
 ---
 
 # HTTP/2 support in Azure Front Door

articles/frontdoor/front-door-http2.md

@@ -57,7 +57,7 @@ The list below mentions the Azure and corresponding OCI regions with the regiona
 | West US | US West (San Jose)  | ✓  | ✓  | ✓| | Preview available | Single |
 | Central US | US Midwest (Chicago)  | ✓  |   ✓  | ✓ | | | Dual |
 | East US 2 | US East (Ashburn) | ✓  |   | | | | Dual |
-| South Central US | ✓  | |  | | | | Dual |
+| South Central US |Dallas| ✓  | |  | |  | Dual |
 
 > [!NOTE]
 > To provision Oracle Database@Azure resources in a supported region, your tenancy must be subscribed to the target region. Learn how to [manage regions](https://docs.oracle.com/iaas/Content/Identity/regions/managingregions.htm#Managing_Regions) and [subscribe to an infrastructure region](https://docs.oracle.com/iaas/Content/Identity/regions/To_subscribe_to_an_infrastructure_region.htm#subscribe).