MicrosoftDocs
diff --git a/‎articles/container-apps/containers.md
Lines changed: 25 additions & 16 deletions b/‎articles/container-apps/containers.md
Lines changed: 25 additions & 16 deletions
diff --git a/‎articles/container-apps/environment.md
Lines changed: 28 additions & 18 deletions b/‎articles/container-apps/environment.md
Lines changed: 28 additions & 18 deletions
diff --git a/‎articles/container-apps/firewall-integration.md
Lines changed: 2 additions & 2 deletions b/‎articles/container-apps/firewall-integration.md
Lines changed: 2 additions & 2 deletions
@@ -5,7 +5,7 @@ services: container-apps
 author: craigshoemaker
 ms.service: container-apps
 ms.topic: conceptual
-ms.date: 5/4/2023
+ms.date: 08/29/2023
 ms.author: cshoe
 ms.custom: ignite-fall-2021, event-tier1-build-2022
 ---
@@ -22,7 +22,7 @@ Azure Container Apps supports:
 - Containers from any public or private container registry
 - [Sidecar](#sidecar-containers) and [init](#init-containers) containers
 
-Container apps features include:
+Features also include:
 
 - Changes to the `template` configuration section trigger a new [container app revision](application-lifecycle-management.md).
 - If a container crashes, it automatically restarts.
@@ -131,19 +131,19 @@ The following code is an example of the `containers` array in the [`properties.t
 
 | Setting | Description | Remarks |
 |---|---|---|
-| `image` | The container image name for your container app. | This value takes the form of `repository/image-name:tag`. |
+| `image` | The container image name for your container app. | This value takes the form of `repository/<IMAGE_NAME>:<TAG>`. |
 | `name` | Friendly name of the container. | Used for reporting and identification. |
 | `command` | The container's startup command. | Equivalent to Docker's [entrypoint](https://docs.docker.com/engine/reference/builder/) field.  |
 | `args` | Start up command arguments. | Entries in the array are joined together to create a parameter list to pass to the startup command. |
 | `env` | An array of key/value pairs that define environment variables. | Use `secretRef` instead of the `value` field to refer to a secret. |
-| `resources.cpu` | The number of CPUs allocated to the container. | With the Consumption plan, values must adhere to the following rules:<br><br>• greater than zero<br>• less than or equal to 2<br>• can be any decimal number (with a max of two decimal places)<br><br> For example, `1.25` is valid, but `1.555` is invalid.<br> The default is 0.25 CPU per container.<br><br>When you use the Consumption workload profile in the Consumption + Dedicated plan structure, the same rules apply, except CPU must be less than or equal to 4.<br><br>When you use a Dedicated workload profile in the Consumption + Dedicated plan structure, the maximum CPU must be less than or equal to the number of cores available in the profile. |
-| `resources.memory` | The amount of RAM allocated to the container. | With the Consumption plan, values must adhere to the following rules:<br><br>• greater than zero<br>• less than or equal to `4Gi`<br>• can be any decimal number (with a max of two decimal places)<br><br>For example, `1.25Gi` is valid, but `1.555Gi` is invalid.<br>The default is `0.5Gi` per container.<br><br>When you use the Consumption workload profile in the Consumption + Dedicated plan structure, the same rules apply except memory must be less than or equal to `8Gi`.<br><br>When you use a dedicated workload profile in the Consumption + Dedicated plan structure, the maximum memory must be less than or equal to the amount of memory available in the profile. |
+| `resources.cpu` | The number of CPUs allocated to the container. | With the [Consumption plan](plans.md), values must adhere to the following rules:<br><br>• greater than zero<br>• less than or equal to 2<br>• can be any decimal number (with a max of two decimal places)<br><br> For example, `1.25` is valid, but `1.555` is invalid.<br> The default is 0.25 CPUs per container.<br><br>When you use the Consumption workload profile on the Dedicated plan, the same rules apply, except CPUs must be less than or equal to 4.<br><br>When you use the [Dedicated plan](plans.md), the maximum CPUs must be less than or equal to the number of cores available in the profile where the container app is running. |
+| `resources.memory` | The amount of RAM allocated to the container. | With the [Consumption plan](plans.md), values must adhere to the following rules:<br><br>• greater than zero<br>• less than or equal to `4Gi`<br>• can be any decimal number (with a max of two decimal places)<br><br>For example, `1.25Gi` is valid, but `1.555Gi` is invalid.<br>The default is `0.5Gi` per container.<br><br>When you use the the Consumption workload on the [Dedicated plan](plans.md), the same rules apply except memory must be less than or equal to `8Gi`.<br><br>When you use the Dedicated plan, the maximum memory must be less than or equal to the amount of memory available in the profile where the container app is running. |
 | `volumeMounts` | An array of volume mount definitions. | You can define a temporary volume or multiple permanent storage volumes for your container.  For more information about storage volumes, see [Use storage mounts in Azure Container Apps](storage-mounts.md).|
 | `probes`| An array of health probes enabled in the container. | This feature is based on Kubernetes health probes. For more information about probes settings, see [Health probes in Azure Container Apps](health-probes.md).|
 
 <a id="allocations"></a>
 
-In the Consumption plan and the Consumption workload profile in the [Consumption + Dedicated plan structure](plans.md#consumption-dedicated), the total CPU and memory allocations requested for all the containers in a container app must add up to one of the following combinations.
+When you use either the Consumption plan or a Consumption workload on the Dedicated plan, the total CPU and memory allocations requested for all the containers in a container app must add up to one of the following combinations.
 
 | vCPUs (cores) | Memory | Consumption plan | Consumption workload profile |
 |---|---|---|---|
@@ -165,31 +165,40 @@ In the Consumption plan and the Consumption workload profile in the [Consumption
 | `4.0` | `8.0Gi` |  | ✔ |
 
 - The total of the CPU requests in all of your containers must match one of the values in the *vCPUs* column.
+
 - The total of the memory requests in all your containers must match the memory value in the memory column in the same row of the CPU column.
 
-When you use a Dedicated workload profile in the Consumption + Dedicated plan structure, the total CPU and memory allocations requested for all the containers in a container app must be less than or equal to the cores and memory available in the profile.
+When you use the Consumption profile on the Dedicated plan, the total CPU and memory allocations requested for all the containers in a container app must be less than or equal to the cores and memory available in the profile.
 
 ## Multiple containers
 
-In advanced scenarios, you can run multiple containers in a single container app. The containers share hard disk and network resources and experience the same [application lifecycle](./application-lifecycle-management.md). There are two ways to run multiple containers in a container app: [sidecar containers](#sidecar-containers) and [init containers](#init-containers).
+In advanced scenarios, you can run multiple containers in a single container app. Use this pattern only in specific instances where your containers are tightly coupled.
+
+For most microservice scenarios, the best practice is to deploy each service as a separate container app.
+
+The multiple containers in the same container app share hard disk and network resources and experience the same [application lifecycle](./application-lifecycle-management.md).
+
+There are two ways to run multiple containers in a container app: [sidecar containers](#sidecar-containers) and [init containers](#init-containers).
 
 ### Sidecar containers
 
-You can define multiple containers in a single container app to implement the [sidecar pattern](/azure/architecture/patterns/sidecar). Examples of sidecar containers include:
+You can define multiple containers in a single container app to implement the [sidecar pattern](/azure/architecture/patterns/sidecar).
+
+Examples of sidecar containers include:
 
 - An agent that reads logs from the primary app container on a [shared volume](storage-mounts.md?pivots=aca-cli#temporary-storage) and forwards them to a logging service.
+
 - A background process that refreshes a cache used by the primary app container in a shared volume.
 
-> [!NOTE]
-> Running multiple containers in a single container app is an advanced use case. You should use this pattern only in specific instances in which your containers are tightly coupled. In most situations where you want to run multiple containers, such as when implementing a microservice architecture, deploy each service as a separate container app.
+These scenarios are examples, and don't represent the only ways you can implement a sidecar.
 
 To run multiple containers in a container app, add more than one container in the `containers` array of the container app template.
 
 ### <a name="init-containers"></a>Init containers
 
-You can define one or more [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) in a container app. Init containers run before the primary app container and can be used to perform initialization tasks such as downloading data or preparing the environment.
+You can define one or more [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) in a container app. Init containers run before the primary app container and are used to perform initialization tasks such as downloading data or preparing the environment.
 
-Init containers are defined in the `initContainers` array of the container app template. The containers run in the order they are defined in the array and must complete successfully before the primary app container starts.
+Init containers are defined in the `initContainers` array of the container app template. The containers run in the order they're defined in the array and must complete successfully before the primary app container starts.
 
 > [!NOTE]
 > Init containers support [image pulls using managed identities](#managed-identity-with-azure-container-registry), but processes running in init containers don't have access to managed identities.
@@ -211,7 +220,7 @@ To use a container registry, you define the required fields in `registries` arra
 }
 ```
 
-With the registry information added, the saved credentials can be used to pull a container image from the private registry when your app is deployed.
+Saved credentials are used to pull a container image from the private registry as your app is deployed.
 
 The following example shows how to configure Azure Container Registry credentials in a container app.
 
@@ -238,13 +247,13 @@ The following example shows how to configure Azure Container Registry credential
 ```
 
 > [!NOTE]
-> Docker Hub [limits](https://docs.docker.com/docker-hub/download-rate-limit/) the number of Docker image downloads. When the limit is reached, containers in your app will fail to start. You're recommended to use a registry with sufficient limits, such as [Azure Container Registry](../container-registry/container-registry-intro.md).
+> Docker Hub [limits](https://docs.docker.com/docker-hub/download-rate-limit/) the number of Docker image downloads. When the limit is reached, containers in your app will fail to start. Use a registry with sufficient limits, such as [Azure Container Registry](../container-registry/container-registry-intro.md) to avoid this problem.
 
 ### Managed identity with Azure Container Registry
 
 You can use an Azure managed identity to authenticate with Azure Container Registry instead of using a username and password. For more information, see [Managed identities in Azure Container Apps](managed-identity.md).
 
-When assigning a managed identity to a registry, use the managed identity resource ID for a user-assigned identity, or "system" for the system-assigned identity.
+When assigning a managed identity to a registry, use the managed identity resource ID for a user-assigned identity, or `system` for the system-assigned identity.
 
 ```json
 {
 
@@ -5,35 +5,52 @@ services: container-apps
 author: craigshoemaker
 ms.service: container-apps
 ms.topic:  conceptual
-ms.date: 03/13/2023
+ms.date: 08/29/2023
 ms.author: cshoe
 ms.custom: ignite-fall-2021, event-tier1-build-2022, build-2023
 ---
 
 # Azure Container Apps environments
 
-A Container Apps environment is a secure boundary around groups of container apps and jobs that share the same virtual network and write logs to the same logging destination.
+A Container Apps environment is a secure boundary around one or more container apps and jobs. The Container Apps runtime manages each environment by handling OS upgrades, scale operations, failover procedures, and resource balancing.
 
-Container Apps environments are fully managed where Azure handles OS upgrades, scale operations, failover procedures, and resource balancing.
+Environments include the following features:
+
+| Feature | Description |
+|---|---|
+| Type | There are [two different types](#types) of Container Apps environments: Workload profiles environments and Consumption only environments. Workload profiles environments support both the Consumption and Dedicated [plans](plans.md) whereas Consumption only environments support only the Consumption [plan](plans.md). |
+| Virtual network | A virtual network supports each environment, which enforces the environment's secure boundaries. As you create an environment, a virtual network that has [limited network capabilities](networking.md) is created for you, or you can provide your own. Adding an [existing virtual network](vnet-custom.md) gives you fine-grained control over your network. |
+| Multiple container apps | When multiple container apps are in the same environment, they share the same virtual network and write logs to the same logging destination. |
+| Multi-service integration | You can add [Azure Functions](https://aka.ms/functionsonaca) and [Azure Spring Apps](https://aka.ms/asaonaca) to your Azure Container Apps environment. |
 
 :::image type="content" source="media/environments/azure-container-apps-environments.png" alt-text="Azure Container Apps environments.":::
 
-Reasons to deploy container apps and jobs to the same environment include situations when you need to:
+Depending on your needs, you may want to use one or more Container Apps environments. Use the following criteria to help you decide if you should use a single or multiple environments.
+
+### Single environment
+
+Use a single environment when you want to:
 
 - Manage related services
 - Deploy different applications to the same virtual network
 - Instrument Dapr applications that communicate via the Dapr service invocation API
-- Have applications to share the same Dapr configuration
-- Have applications share the same log analytics workspace
+- Have applications share the same Dapr configuration
+- Have applications share the same log destination
 
-Also, you may provide an [existing virtual network](vnet-custom.md) when you create an environment.
+### Multiple environments
 
-Reasons to deploy container apps to different environments include situations when you want to ensure:
+Use more than one environment when you want two or more applications to:
 
-- Two applications never share the same compute resources
-- Two Dapr applications can't communicate via the Dapr service invocation API
+- Never share the same compute resources
+- Not communicate via the Dapr service invocation API
+- Be isolated due to team or environment usage (for example, test vs. production)
 
-You can add [**Azure Functions**](https://aka.ms/functionsonaca) and [**Azure Spring Apps**](https://aka.ms/asaonaca) to your Azure Container Apps environment.
+## Types
+
+| Type | Description | Plan | Billing considerations |
+|--|--|--|--|
+| Workload profile | Run serverless apps with support for scale-to-zero and pay only for resources your apps use with the consumption profile. You can also run apps with customized hardware and increased cost predictability using dedicated workload profiles. | Consumption and Dedicated | You can choose to run apps under either or both plans using seperate workload profiles. The Dedicated plan has a fixed cost for the entire environment regardless of how many workload profiles you're using. |
+| Consumption only | Run serverless apps with support for scale-to-zero and pay only for resources your apps use. | Consumption only | Billed only for individual container apps and their resource usage. There's no cost associated with the Container Apps environment. |
 
 ## Logs
 
@@ -44,13 +61,6 @@ Settings relevant to the Azure Container Apps environment API resource.
 | `properties.appLogsConfiguration` | Used for configuring the Log Analytics workspace where logs for all apps in the environment are published. |
 | `properties.containerAppsConfiguration.daprAIInstrumentationKey` | App Insights instrumentation key provided to Dapr for tracing |
 
-## Billing
-
-Azure Container Apps has two different pricing structures.
-
-- If you're using the Consumption only plan, or only the Consumption workload profile in the Consumption + Dedicated plan structure then billing is relevant only to individual container apps and their resource usage. There's no cost associated with the Container Apps environment.
-- If you're using any Dedicated workload profiles in the Consumption + Dedicated plan structure, there's a fixed cost for the Dedicated plan management. This cost is for the entire environment regardless of how many Dedicated workload profiles you're using.
-
 ## Next steps
 
 > [!div class="nextstepaction"]
 
@@ -6,7 +6,7 @@ author: CaryChai
 ms.service: container-apps
 ms.custom: event-tier1-build-2022
 ms.topic:  reference
-ms.date: 03/29/2023
+ms.date: 08/29/2023
 ms.author: cachai
 ---
 
@@ -16,7 +16,7 @@ Network Security Groups (NSGs) needed to configure virtual networks closely rese
 
 You can lock down a network via NSGs with more restrictive rules than the default NSG rules to control all inbound and outbound traffic for the Container Apps environment at the subscription level.
 
-In the workload profiles environment, user-defined routes (UDRs) and securing outbound traffic with a firewall are supported. Learn more in the [networking concepts document](./networking.md#user-defined-routes-udr---preview).
+In the workload profiles environment, user-defined routes (UDRs) and securing outbound traffic with a firewall are supported. Learn more in the [networking concepts document](./networking.md#user-defined-routes-udr).
 
 In the Consumption only environment, custom user-defined routes (UDRs) and ExpressRoutes aren't supported.