Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

articles/azure-cache-for-redis/cache-management-faq.yml

@@ -5,21 +5,21 @@ services: azure-netapp-files
 author: b-hchen
 ms.service: azure-netapp-files
 ms.topic: concept-article
-ms.date: 09/05/2024
+ms.date: 05/05/2025
 ms.author: anfdocs
 ms.custom: references_regions
 ---
 # Azure NetApp Files double encryption at rest
 
-By default, Azure NetApp Files capacity pools use single encryption at rest. When you [create a capacity pool](azure-netapp-files-set-up-capacity-pool.md#encryption_type), you have the option to use double encryption at rest for the volumes in the capacity pool. You can do so by selecting `double` as the **encryption type** for the capacity pool that you are creating.  
+By default, Azure NetApp Files capacity pools use single encryption at rest. When you [create a capacity pool](azure-netapp-files-set-up-capacity-pool.md#encryption_type), you have the option to use double encryption at rest for the volumes in the capacity pool. You can do so by selecting `double` as the **encryption type** for the capacity pool that you're creating.  
 
 Critical data is often found in places such as financial institutions, military users, business customer data, government records, health care medical records, and so on.  While single encryption at rest may be considered sufficient for some data, you should use double encryption at rest for data where a breach of confidentiality would be catastrophic. Leaks of information such as customer sensitive data, names, addresses, and government identification can result in extremely high liability, and it can be mitigated by having data confidentiality protected by double encryption at rest.
 
 When data is transported over networks, additional encryption such as Transport Layer Security (TLS) can help to protect the transit of data. But once the data has arrived, protection of that data at rest helps to address the vulnerability. Using Azure NetApp Files double encryption at rest complements the security that’s inherent with the physically secure cloud storage in Azure data centers.
 
 Azure NetApp Files double encryption at rest provides two levels of encryption protection: both a hardware-based encryption layer (encrypted SSD drives) and a software-encryption layer. The hardware-based encryption layer resides at the physical storage level, using FIPS 140-2 certified drives. The software-based encryption layer is at the volume level completing the second level of encryption protection.
 
-If you are using this feature for the first time, you need to create a double-encryption capacity pool. For details, see [Create a capacity pool for Azure NetApp Files](azure-netapp-files-set-up-capacity-pool.md).
+If you're using this feature for the first time, you need to create a double-encryption capacity pool. For details, see [Create a capacity pool for Azure NetApp Files](azure-netapp-files-set-up-capacity-pool.md).
 
 When you create a volume in a double-encryption capacity pool, the default key management (the **Encryption key source** field) is `Microsoft Managed Key`, and the other choice is `Customer Managed Key`. Using customer-managed keys requires additional preparation of an Azure Key Vault and other details.  For more information about using volume encryption with customer managed keys, see [Configure customer-managed keys for Azure NetApp Files volume encryption](configure-customer-managed-keys.md).
 
@@ -77,6 +77,7 @@ Azure NetApp Files double encryption at rest is supported for the following regi
 * You can't convert volumes in a single-encryption capacity pool to use double encryption at rest. However, you can copy data in a single-encryption volume to a volume created in a capacity pool that is configured with double encryption.  
 * For capacity pools created with double encryption at rest, volume names in the capacity pool are visible only to volume owners for maximum security.
 * Using double encryption at rest might have performance impacts based on the workload type and frequency. The performance impact can be a minimal 1-2%, depending on the workload profile. 
+* When [creating](/cli/azure/netappfiles/pool#az-netappfiles-pool-create) or [updating](/cli/azure/netappfiles/pool#az-netappfiles-pool-update) a capacity pool with the CLI, set the `--encryption-type` to `double` to enable double encryption. 
 
 ## Next steps
 

articles/azure-netapp-files/double-encryption-at-rest.md

@@ -24,7 +24,7 @@ The following requirements and considerations apply to large volumes. For perfor
 * Large volumes are currently not supported with Azure NetApp Files backup.
 * You can't create a large volume with application volume groups.
 * Currently, large volumes aren't suited for database (HANA, Oracle, SQL Server, etc.) data and log volumes. For database workloads requiring more than a single volume’s throughput limit, consider deploying multiple regular volumes. To optimize multiple volume deployments for databases, use [application volume groups](application-volume-group-concept.md).
-*	Throughput ceilings for all the Standard, Premium, and Ultra service levels with large volumes is 12,800 MiB/s. You're able to grow to 1 PiB with the throughput ceiling per the following table:  
+*	The throughput ceiling for the Standard, Premium, and Ultra service levels with large volumes is 12,800 MiB/s. You're able to grow to 1 PiB with the throughput ceiling per the following table:  
 
     <table><thead>
       <tr>
@@ -36,28 +36,28 @@ The following requirements and considerations apply to large volumes. For perfor
       <tr>
         <td>Capacity tier</td>
         <td>Minimum volume size<br>(TiB)</td>
-        <td>Maximum volume size (TiB)</td>
+        <td>Maximum volume size (TiB)*</td>
         <td>Minimum throughput for capacity tier (MiB/s)</td>
         <td>Maximum throughput for capacity tier (MiB/s)</td>
       </tr>
       <tr>
         <td>Standard (16 MiB/s per TiB)</td>
         <td>50</td>
-        <td>1,024</td>
+        <td>1,024*</td>
         <td>800</td>
         <td>12,800</td>
       </tr>
       <tr>
         <td>Premium (64 MiB/s per TiB)</td>
         <td>50</td>
-        <td>1,024</td>
+        <td>1,024*</td>
         <td>3,200</td>
         <td>12,800</td>
       </tr>
       <tr>
         <td>Ultra (128 MiB/s per TiB)</td>
         <td>50</td>
-        <td>1,024</td>
+        <td>1,024*</td>
         <td>6,400</td>
         <td>12,800</td>
       </tr>

articles/azure-netapp-files/large-volumes-requirements-considerations.md

@@ -4,7 +4,7 @@ description: This article provides details about the known issues of Azure VMwar
 ms.topic: reference
 ms.custom: "engagement-fy23"
 ms.service: azure-vmware
-ms.date: 4/19/2025
+ms.date: 5/5/2025
 ---
 
 # Known issues: Azure VMware Solution
@@ -15,7 +15,7 @@ Refer to the table to find details about resolution dates or possible workaround
 
 |Issue | Date discovered | Workaround | Date resolved |
 | :------------------------------------- | :------------ | :------------- | :------------- |
-|[VMSA-2025-0005](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.broadcom.com%2Fweb%2Fecx%2Fsupport-content-notification%2F-%2Fexternal%2Fcontent%2FSecurityAdvisories%2F0%2F25518&data=05%7C02%7Cjacobjaygbay%40microsoft.com%7C63a10c374bad4e1e21ca08dd88002ad4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638816256483262655%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=U4GruR4roReR8NNKCd8vT%2BqP5117ROHVHU9hikBWH8w%3D&reserved=0) VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230). | April 2025 |To remediate CVE-2025-22230, apply version 12.5.1 of VMware Tools, use the RUN Command ``Set-Tools-Repo.`` | May 2025 |
+|[VMSA-2025-0005](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518) VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230). | April 2025 | To remediate CVE-2025-22230, apply version 12.5.1 of VMware Tools, use the Azure VMware Solution Run command ``Set-Tools-Repo.`` | May 2025 |
 | If you're a user of AV64, you may notice a “Status of other hardware objects” alarm on your hosts in vCenter Server. This alarm doesn't indicate a hardware issue. It's triggered when the System Event Log (SEL) reaches its capacity threshold according to vCenter Server. Despite the alarm, the host remains healthy with no hardware-related error signatures detected, and no high availability (HA) events are expected as a result. It's safe to continue operating your private cloud without interruption. The alarm has only two possible states—green and red—with no intermediate warning state. Once the status changes to red, it will remain red even if conditions improve to what would typically qualify as a warning. | April 2025 | This alarm should be treated as a warning and won't affect operability of your private cloud. Microsoft adjusts thresholds for the alarm, so it doesn't alert in vCenter Server. | May 2025 |
 | After deploying an AV48 private cloud, you may see a High pNIC error rate detected. Check the host's vSAN performance view for details if alert is active in the vSphere Client.  | April 2025  | The alert should be considered an informational message, since Microsoft manages the service. Select the **Reset to Green** link to clear it. | April 2025 |
 | [VMSA-2025-0004](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390) VMCI Heap-overflow, ESXi arbitrary write, and Information disclosure vulnerabilities | March 2025 | Microsoft has verified the applicability of the vulnerabilities within the Azure VMware Solution service and have adjudicated the vulnerabilities at a combined adjusted Environmental Score of [9.4](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H). Customers are advised to take additional precautions when granting administrative access to, and monitor any administrative activities on, guest VMs until the update is fully addressed. For additional information on the vulnerability and Microsoft’s involvement, please see [this blog post](https://techcommunity.microsoft.com/blog/azuremigrationblog/azure-vmware-solution-broadcom-vmsa-2025-0004-remediation/4388074). (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) | March 2025 - Resolved in [ESXi 8.0_U2d](https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2d-release-notes.html) |

articles/azure-vmware/azure-vmware-solution-known-issues.md

@@ -37,22 +37,27 @@ Azure Functions on Container Apps provide a versatile combination of services to
 
 - **Serverless workloads**: Serverless workload processing of videos, images, transcripts, or any other processing intensive tasks that required  GPU compute resources.
 
+- **Common Azure Functions scenarios**: All common Azure Functions scenarios like processing file uploads, running scheduled tasks, responding to database changes, machine learning/AI and others detailed in [Azure Functions scenarios](/azure/azure-functions/functions-scenarios?pivots=programming-language-csharp). 
+
 ## Event-driven scaling
 
 All Functions triggers are available in your containerized Functions app. However, only the following triggers can dynamically scale (from zero instances) based on received events when running in a Container Apps environment:
 
 - Azure Event Grid
 - Azure Event Hubs
-- Azure Blob Storage (event-based)
+- Azure Blob Storage (Event Grid based)
 - Azure Queue Storage
 - Azure Service Bus
 - Durable Functions (MSSQL storage provider)
 - HTTP
 - Kafka
 - Timer
+- Azure Cosmos DB
 
 Azure Functions on Container Apps are designed to configure the scale parameters and rules as per the event target. You don't need to worry about configuring the KEDA scaled objects. You can still set minimum and maximum replica count when creating or modifying your function app.
 
+Auto scaling for Azure Cosmos DB trigger and Durable functions is currently supported using connection strings only.
+
 You can write your function code in any [language stack supported](/azure/azure-functions/supported-languages?tabs=isolated-process%2Cv4&pivots=programming-language-csharp) by Azure Functions. You can use the same Functions triggers and bindings with event-driven scaling.
 
 ## Managed identity authorization

articles/container-apps/functions-overview.md

@@ -5,25 +5,24 @@ services: container-apps
 author: craigshoemaker
 ms.service: azure-container-apps
 ms.topic: how-to
-ms.date: 08/30/2022
+ms.date: 05/02/2025
 ms.author: cshoe
 ---
 
 # Monitor logs in Azure Container Apps with Log Analytics
 
-Azure Container Apps is integrated with Azure Monitor Log Analytics to monitor and analyze your container app's logs.  When selected as your log monitoring solution, your Container Apps environment includes a Log Analytics workspace that provides a common place to store the system and application log data from all container apps running in the environment.  
+Azure Container Apps is integrated with Azure Monitor Log Analytics to monitor and analyze your container app's logs. When selected as your log monitoring solution, your Container Apps environment includes a Log Analytics workspace that provides a common place to store the system and application log data from all container apps running in the environment. 
 
 Log entries are accessible by querying Log Analytics tables through the Azure portal or a command shell using the [Azure CLI](/cli/azure/monitor/log-analytics).
 
-There are two types of logs for Container Apps.  
-
-- Console logs, which are emitted by your app.
-- System logs, which are emitted by the Container Apps service.
+Azure Container Apps provides two types of logs to help you monitor and troubleshoot: 
 
+- **Console logs**: Your application generates these logs.
+- **System logs**: The Container Apps service generates these logs.
 
 ## System Logs
 
-The Container Apps service provides system log messages at the container app level.  System logs emit the following messages:
+The Container Apps service provides system log messages at the container app level. System logs emit the following messages:
 
 | Source | Type | Message |
 |---------|------|---------|
@@ -52,10 +51,10 @@ The system log data is accessible by querying the `ContainerAppSystemLogs_CL` ta
 
 ## Console Logs
 
-Console logs originate from the `stderr` and `stdout` messages from the containers in your container app and Dapr sidecars.  You can view console logs by querying the `ContainerAppConsoleLogs_CL` table.
+Console logs originate from the `stderr` and `stdout` messages from the containers in your container app and Dapr sidecars. You can view console logs by querying the `ContainerAppConsoleLogs_CL` table.
 
 > [!TIP]
-> Instrumenting your code with well-defined log messages can help you to understand how your code is performing and to debug issues.  To learn more about best practices refer to [Design for operations](/azure/architecture/guide/design-principles/design-for-operations).
+> Instrumenting your code with well-defined log messages can help you to understand how your code is performing and to debug issues. To learn more about best practices, refer to [Design for operations](/azure/architecture/guide/design-principles/design-for-operations).
 
 The most commonly used Container Apps specific columns in ContainerAppConsoleLogs_CL include:
 
@@ -75,13 +74,13 @@ Log Analytics is a tool in the Azure portal that you can use to view and analyze
 
 ### Azure portal
 
-Start Log Analytics from **Logs** in the sidebar menu on your container app page.  You can also start Log Analytics from **Monitor>Logs**.  
+Start Log Analytics from **Logs** in the sidebar menu on your container app page. You can also start Log Analytics from **Monitor>Logs**. 
 
-You can query the logs using the tables listed in the **CustomLogs** category **Tables** tab.  The tables in this category are the `ContainerAppSystemlogs_CL` and `ContainerAppConsoleLogs_CL` tables.
+You can query the logs using the tables listed in the **CustomLogs** category **Tables** tab. The tables in this category are the `ContainerAppSystemlogs_CL` and `ContainerAppConsoleLogs_CL` tables.
 
 :::image type="content" source="media/observability/log-analytics-query-page.png" alt-text="Screenshot of the Log Analytics custom log tables.":::
 
-Below is a Kusto query that displays console log entries for the container app named *album-api*. 
+The following Kusto query displays console log entries for the container app named *album-api*. 
 
 ```kusto
 ContainerAppConsoleLogs_CL
@@ -90,7 +89,7 @@ ContainerAppConsoleLogs_CL
 | take 100
 ```
 
-Below is a Kusto query that displays system log entries for the container app named *album-api*. 
+The following Kusto query displays system log entries for the container app named *album-api*. 
 
 ```kusto
 ContainerAppSystemLogs_CL
@@ -103,9 +102,9 @@ For more information regarding Log Analytics and log queries, see the [Log Analy
 
 ### Azure CLI/PowerShell
 
-Container Apps logs can be queried using the [Azure CLI](/cli/azure/monitor/log-analytics).  
+Container Apps logs can be queried using the [Azure CLI](/cli/azure/monitor/log-analytics). 
 
-These example Azure CLI queries output a table containing log records for the container app name **album-api**.  The table columns are specified by the parameters after the `project` operator.  The `$WORKSPACE_CUSTOMER_ID` variable contains the GUID of the Log Analytics workspace.
+These example Azure CLI queries output a table containing log records for the container app name **album-api**. The parameters after the `project` operator specify the table columns. The `$WORKSPACE_CUSTOMER_ID` variable contains the GUID of the Log Analytics workspace.
 
 
 This example queries the `ContainerAppConsoleLogs_CL` table:

articles/container-apps/log-monitoring.md

@@ -5,7 +5,7 @@ services: container-apps
 author: craigshoemaker
 ms.service: azure-container-apps
 ms.topic: tutorial
-ms.date: 02/03/2025
+ms.date: 05/05/2025
 ms.author: cshoe
 ms.custom: mode-api, devx-track-azurecli, devx-track-azurepowershell
 ms.devlang: azurecli
@@ -18,7 +18,7 @@ The Azure Container Apps service enables you to run microservices and containeri
 In this tutorial, you create a secure Container Apps environment and deploy your first container app.
 
 > [!NOTE]
-> You can also deploy this app using the [az containerapp up](/cli/azure/containerapp#az_containerapp_up) by following the instructions in the [Quickstart: Deploy your first container app with containerapp up](get-started.md) article.  The `az containerapp up` command is a fast and convenient way to build and deploy your app to Azure Container Apps using a single command.  However, it doesn't provide the same level of customization for your container app.
+> You can also deploy this app using the [az containerapp up](/cli/azure/containerapp#az_containerapp_up) by following the instructions in the [Quickstart: Deploy your first container app with containerapp up](get-started.md) article. The `az containerapp up` command is a fast and convenient way to build and deploy your app to Azure Container Apps using a single command. However, it doesn't provide the same level of customization for your container app.
 
 
 ## Prerequisites
@@ -115,7 +115,7 @@ Copy this location to a web browser.
 If you're not going to continue to use this application, run the following command to delete the resource group along with all the resources created in this tutorial.
 
 >[!CAUTION]
-> The following command deletes the specified resource group and all resources contained within it. If resources outside the scope of this tutorial exist in the specified resource group, they will also be deleted.
+> The following command deletes the specified resource group and all resources contained within it. If resources outside the scope of this tutorial exist in the specified resource group, they're also deleted.
 
 # [Bash](#tab/bash)