Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into newNetwork

Author: roygara

articles/application-gateway/configuration-listeners.md

@@ -85,7 +85,9 @@ $gw.EnableHttp2 = $true
 Set-AzApplicationGateway -ApplicationGateway $gw
 ```
 
-You can also enable HTTP2 support using the Azure portal by selecting **Enabled** under **HTTP2** in Application gateway > Configuration. 
+> [!IMPORTANT]
+> When creating an application gateway resource through the Azure portal, the default option for **HTTP2** is set as enabled. You can choose **Disabled** during creation, and re-enabled HTTP2 support using the Azure portal by selecting **Enabled** under **HTTP2** in **Application gateway > Configuration**.
+>
 
 ### WebSocket support
 

articles/application-gateway/key-vault-certs.md

@@ -121,7 +121,8 @@ For Cert name, type a friendly name for the certificate to be referenced in Key
 Once selected, select  **Add** (if creating) or **Save** (if editing) to apply the referenced Key Vault certificate to the listener.
 
 #### Key Vault Azure role-based access control permission model
-Application Gateway supports certificates referenced in Key Vault via the Role-based access control permission model. The first few steps to reference the Key Vault must be completed via ARM template, Bicep, CLI, or  PowerShell.
+
+Application Gateway supports certificates referenced in Key Vault via the Role-based access control permission model. The first few steps to reference the Key Vault must be completed via ARM template, Bicep, CLI, or PowerShell. During this process, a managed identity containing the proper Role-based access control permissions is utilized.
 
 > [!Note]
 > Specifying Azure Key Vault certificates that are subject to the role-based access control permission model is not supported via the portal.
@@ -140,7 +141,7 @@ Add-AzApplicationGatewaySslCertificate -KeyVaultSecretId $secretId -ApplicationG
 # Commit the changes to the Application Gateway
 Set-AzApplicationGateway -ApplicationGateway $appgw
 ```
-
+> 
 Once the commands have been executed, you can navigate to your Application Gateway in the Azure portal and select the Listeners tab.  Click Add Listener (or select an existing) and specify the Protocol to HTTPS.
 
 Under **Choose a certificate** select the certificate named in the previous steps.  Once selected, select  *Add* (if creating) or *Save* (if editing) to apply the referenced Key Vault certificate to the listener.

articles/azure-functions/functions-bindings-mcp.md

@@ -48,7 +48,7 @@ To use this experimental bundle in your app, replace the existing `extensionBund
 
 ```json
 "extensionBundle": {
-  "id": "Microsoft.Azure.Functions.ExtensionBundle.Preview",
+  "id": "Microsoft.Azure.Functions.ExtensionBundle.Experimental",
   "version": "[4.*, 5.0.0)"
 }
 ```

articles/azure-vmware/azure-vmware-solution-known-issues.md

@@ -4,7 +4,7 @@ description: This article provides details about the known issues of Azure VMwar
 ms.topic: reference
 ms.custom: "engagement-fy23"
 ms.service: azure-vmware
-ms.date: 6/9/2025
+ms.date: 6/10/2025
 ---
 
 # Known issues: Azure VMware Solution
@@ -16,6 +16,7 @@ Refer to the table to find details about resolution dates or possible workaround
 |Issue | Date discovered | Workaround | Date resolved |
 | :------------------------------------- | :------------ | :------------- | :------------- |
 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) Multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228) have been identified in VMware ESXi and vCenter Server. | May 2025 | Microsoft, in collaboration with Broadcom/VMware, has confirmed the applicability of these vulnerabilities to Azure VMware Solution (AVS). Existing security controls, including cloudadmin role restrictions and network isolation, are deemed to significantly mitigate the impact of these vulnerabilities prior to official patching. The vulnerabilities have been adjudicated with a combined adjusted Environmental Score of [6.8](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H) within the Azure VMware Solution. Until the update is fully addressed, customers are advised to exercise additional caution when granting administrative access to guest virtual machines and to actively monitor any administrative activities performed on them. | N/A |
+|[VMSA-2025-0007](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683) VMware Tools update addresses an insecure file handling vulnerability (CVE-2025-22247). | May 2025 | To remediate CVE-2025-22247, apply version 12.5.2 of VMware Tools, use the Azure VMware Solution Run command ``Set-Tools-Repo.`` | May 2025 |
 | ESXi hosts may experience operational issues if NSX Layer-2 DFW default rule logging is enabled. More information can be obtained in this Knowledge Base article from Broadcom: [ESXi hosts may experience operational issues if L2 DFW default rule logging is enabled.](https://knowledge.broadcom.com/external/article/326455/esxi-hosts-may-experience-operational-is.html) | May 2025 | It is not recommended to enable logging on the default Layer-2 DFW rule in a Production environment for any sustained period of time. If logging must be enabled on an L2 rule, it is advised to create a new L2 rule specific to the traffic flow in question and enable logging on that rule only. Please see [Broadcom Knowledge Base Article 326455.](https://knowledge.broadcom.com/external/article/326455/esxi-hosts-may-experience-operational-is.html).| N/A |
 | With VMware HCX versions 4.10.3 and earlier, attempts to download upgrade bundles or the Connector OVA directly from the HCX Manager UI (port 443) fail due to the decommissioning of the external image depot server. More information can be obtained in this Knowledge Base article from Broadcom: [Upgrade Bundle Download from 443 UI will Fail in All HCX versions prior to 4.11](https://knowledge.broadcom.com/external/article/395372)| April 2025 | We will begin upgrading all Azure VMware Solution customers to HCX 4.11.0 in the coming weeks, this will provide customers with access to the HCX Connector upgrade bundles, which will be stored on their vSAN datastore. Until then, all customers will need to submit a support request (SR) to obtain the required upgrade bundles. | May 2025 |
 |[VMSA-2025-0005](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518) VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230). | April 2025 | To remediate CVE-2025-22230, apply version 12.5.1 of VMware Tools, use the Azure VMware Solution Run command ``Set-Tools-Repo.`` | May 2025 |

articles/azure-vmware/upgrade-hcx-azure-vmware-solutions.md

@@ -125,7 +125,7 @@ To ensure smooth migration, customers are required to upgrade any paired HCX con
 
 ### What is the impact of an HCX upgrade? 
 
-Apply service updates during a maintenance window where no new HCX operations and migration are queued up. The upgrade window accounts for a brief disruption to the Network Extension service, while the appliances are redeployed with the updated code.  
+Apply service updates during a maintenance window where no new HCX operations and migration are queued up.  
 For individual HCX component upgrade impact, see [Planning for HCX Updates](https://techdocs.broadcom.com/us/en/vmware-cis/hcx/vmware-hcx/4-10/vmware-hcx-user-guide-4-10/updating-vmware-hcx/planning-for-hcx-updates.html). 
 
 ### Do I need to upgrade the service mesh appliances? 

articles/logic-apps/testing-framework/create-unit-tests-standard-workflow-definitions-visual-studio-code.md

@@ -46,10 +46,6 @@ This guide shows how to create a unit test definition from a workflow. This defi
 - This release doesn't support the following action types:
 
   - Integration account actions
-  - Data Mapper actions
-  - Custom code actions
-  - XML actions
-  - Liquid actions
   - EDI encode and decode actions
 
 ## Review the basic concepts
@@ -86,7 +82,7 @@ The following list includes basic but important concepts about unit tests for St
    |----------------|-------------|
    | **`Tests`** <br>**\|\| <`logic-app-name`>** | In the **`Tests`** folder, a **<`logic-app-name`>** folder appears when you add unit tests to a logic app project. |
    | **`Tests`** <br>**\|\| <`logic-app-name`>** <br>**\|\|\| <`workflow-name`>** | In the **<`logic-app-name`>** folder, a **<`workflow-name`>** folder appears when you add unit tests for a workflow. |
-   | **`Tests`** <br>**\|\| <`logic-app-name`>** <br>**\|\|\| <`workflow-name`>** <br>**\|\|\|\| `MockOutputs`** <br>**\|\|\|\|\| <`operation-name-outputs`>**.**`cs`** | In the **<`workflow-name`>** folder, the **`MockOutputs`** folder contains a C# (**.cs**) file with strongly-typed classes for each connector operation in the workflow. Each **.cs** file name uses the following format: <br><br>**<`operation-name`>[`Trigger\|Action`]`Output.cs`** <br><br>If a connector operation has *dynamic contracts*, a class appears for each *dynamic type*. A dynamic type refers to an operation parameter that has different inputs and outputs based on the value provided for that parameter. You can use these classes to extend your unit tests and create new mocks from scratch. |
+   | **`Tests`** <br>**\|\| <`logic-app-name`>** <br>**\|\|\| <`workflow-name`>** <br>**\|\|\|\| `MockOutputs`** <br>**\|\|\|\|\| <`operation-name-outputs`>**.**`cs`** | In the **<`workflow-name`>** folder, the **`MockOutputs`** folder contains a C# (**.cs**) file with strongly typed classes for each connector operation in the workflow. Each **.cs** file name uses the following format: <br><br>**<`operation-name`>[`Trigger\|Action`]`Output.cs`** <br><br>If a connector operation has *dynamic contracts*, a class appears for each *dynamic type*. A dynamic type refers to an operation parameter that has different inputs and outputs based on the value provided for that parameter. You can use these classes to extend your unit tests and create new mocks from scratch. |
    | **`Tests`** <br>**\|\| <`logic-app-name`>** <br>**\|\|\| <`workflow-name`>** <br>**\|\|\|\| <`unit-test-name`>** <br>**\|\|\|\|\| <`unit-test-name`>`.cs`** | In the **<`workflow-name`>** folder, the **<`unit-test-name`>** folder contains a **<`unit-test-name`>`.cs`** file. You use this file, which contains a sample C# class and methods, to run and assert results. You can edit this file to match your specific test scenarios. |
 
 ## Review the unit test *.cs file

articles/reliability/reliability-app-service.md

@@ -27,7 +27,7 @@ When you deploy Azure App Service, you can provision multiple instances in an *A
 
 - Use premium v3/v4 App Service plans.
 
-- [Enable zone redundancy](#availability-zone-support), which requires that you use Premium v3, Premium v4 or Isolated v2 App Service plans and that you have at minimum three instances of the plan. To view more information, make sure that you select the appropriate tier at the top of this page.
+- [Enable zone redundancy](#availability-zone-support), which requires that you use Premium v3, Premium v4 or Isolated v2 App Service plans and that you have at minimum two instances of the plan. To view more information, make sure that you select the appropriate tier at the top of this page.
 
 ::: zone-end
 

articles/storage/common/storage-account-overview.md

@@ -78,7 +78,7 @@ Business continuity and disaster recovery (BCDR) is a business’s ability to re
 Artificial intelligence (AI) is technology that simulates human intelligence and problem-solving capabilities in machines. Machine Learning (ML) is a sub-discipline of AI that uses algorithms to create models that enable machines to perform tasks. Both represent the newest workload on Azure which is growing at a rapid pace. This type of workload can be applied across every industry to improve metrics and meet performance goals. These types of technologies can lead to discoveries of life-saving drugs and practices in the field of medicine/health while also providing health assessments. Other everyday uses of ML and AI include fraud detection, image recognition, and the flagging of misinformation. These workloads typically need highly specialized compute (large numbers of GPU) and require high throughput and IOPS, low latency access to storage and POSIX file system access. Azure Storage supports these types of workloads by storing checkpoints and providing storage for large-scale datasets and models. These datasets and models read and write at a pace to keep GPUs utilized. 
 
 ### Recommended workload configurations
-The table below illustrates Microsoft's suggested storage account configurations for each workload
+The table below illustrates Microsoft's suggested storage account configurations for each workload. Changes in the configuration options (associated with each workload) have cost implications. Visit the [Block blob pricing](https://azure.microsoft.com/pricing/details/storage/blobs/) to view pricing. Enter the configuration options for the workload into the calculator and select the "Recommended" tab to view detailed pricing for the specific workload you are creating. 
 
 |Workload |Account kind |Performance |Redundancy |Hierarchical namespace enabled |Default access tier |Soft delete enabled |
 |---|---|---|---|---|---|---|