MicrosoftDocs
diff --git a/‎articles/app-service/resources-kudu.md
Lines changed: 9 additions & 2 deletions b/‎articles/app-service/resources-kudu.md
Lines changed: 9 additions & 2 deletions
diff --git a/‎articles/azure-netapp-files/application-volume-group-delete.md
Lines changed: 4 additions & 3 deletions b/‎articles/azure-netapp-files/application-volume-group-delete.md
Lines changed: 4 additions & 3 deletions
diff --git a/‎articles/azure-netapp-files/azure-netapp-files-mount-unmount-volumes-for-virtual-machines.md
Lines changed: 22 additions & 16 deletions b/‎articles/azure-netapp-files/azure-netapp-files-mount-unmount-volumes-for-virtual-machines.md
Lines changed: 22 additions & 16 deletions
diff --git a/‎articles/azure-netapp-files/azure-netapp-files-resource-limits.md
Lines changed: 1 addition & 1 deletion b/‎articles/azure-netapp-files/azure-netapp-files-resource-limits.md
Lines changed: 1 addition & 1 deletion
@@ -43,9 +43,16 @@ It also provides features like these:
 
 ## RBAC permissions required to access Kudu
 
-To access Kudu in the browser by using Microsoft Entra authentication, you need to be a member of a built-in or custom role.
+To access Kudu in the browser by using Microsoft Entra authentication, you need to be assigned an appropriate built-in or custom role over the scope of the application. The assigned role must include permission for the `Microsoft.Web/sites/publish/Action` resource provider operation. The following table shows example built-in roles that include this permission.
 
-If you're using a built-in role, you must be a member of Website Contributor, Contributor, or Owner. If you're using a custom role, you need the resource provider operation: `Microsoft.Web/sites/publish/Action`.
+| Role type | Example built-in roles | 
+|-|-|
+| Job function roles | [Website Contributor](../role-based-access-control//built-in-roles/web-and-mobile.md#website-contributor)<br/>[Logic Apps Standard Developer (Preview)](../role-based-access-control//built-in-roles/integration.md#logic-apps-standard-developer-preview)  |
+| Privileged administrator roles<sup>1</sup> | [Owner](../role-based-access-control//built-in-roles/privileged.md#owner)<br/>[Contributor](../role-based-access-control//built-in-roles/privileged.md#contributor) |
+
+<sup>1</sup> Privileged administrator roles grant much more permission than is needed to access Kudu. If need to create a new role assignment, consider if a job function role with less access can be used instead.
+
+See the [role-based access control overview](../role-based-access-control/overview.md) to learn more about creating role assignments.
 
 ## More resources
 
 
@@ -5,23 +5,24 @@ services: azure-netapp-files
 author: b-hchen
 ms.service: azure-netapp-files
 ms.topic: how-to
-ms.date: 10/20/2023
+ms.date: 01/28/2025
 ms.author: anfdocs
 ---
 # Delete an application volume group
 
 This article describes how to delete an application volume group.
 
 > [!IMPORTANT]
-> You can delete a volume group only if it contains no volumes. Before deleting a volume group, delete all volumes in the group. An error occurs preventing you from deleting the volume group if it contains one or more volumes.
+> You can delete a volume group only if it contains no volumes. Before deleting a volume group, delete all volumes in the group. If the volume group contains _any_ volume, an error message prevents you from deleting the volume group.
 
 ## Steps
 
 1. Select **Application volume groups**. Select the volume group you want to delete.
 
 2. To delete the volume group, select **Delete**. If you are prompted, type the volume group name to confirm the deletion.  
 
-    [![Screenshot that shows Application Volume Groups list.](./media/application-volume-group-delete/application-volume-group-list.png) ](./media/application-volume-group-delete/application-volume-group-list.png#lightbox)
+    :::image type="content" source="./media/application-volume-group-add-volume-secondary/application-volume-group-create-extension-one.png" alt-text="Screenshot of create application volume group interface for extension one." lightbox="./media/application-volume-group-add-volume-secondary/application-volume-group-create-extension-one.png":::
+
 
 
 ## Next steps  
 
@@ -6,11 +6,11 @@ ms.author: anfdocs
 ms.service: azure-netapp-files
 ms.custom: linux-related-content
 ms.topic: how-to
-ms.date: 09/07/2022
+ms.date: 01/28/2025
 ---
 # Mount NFS volumes for Linux or Windows VMs 
 
-You can mount an NFS file for Windows or Linux virtual machines (VMs). 
+You can mount an NFS file on both Linux and Windows virtual machines (VMs). 
 
 ## Requirements 
 
@@ -24,23 +24,23 @@ You can mount an NFS file for Windows or Linux virtual machines (VMs).
 | **Port 2049 TCP/UDP – NFS** <br /> _NFS traffic._ | ![White checkmark in green box](../static-web-apps/media/get-started-cli/checkmark-green-circle.png) | ![White checkmark in green box](../static-web-apps/media/get-started-cli/checkmark-green-circle.png) |
 | **Port 4045 TCP/UDP – Network Lock Manager (NLM)** <br /> _Handles lock requests._ | ![White checkmark in green box](../static-web-apps/media/get-started-cli/checkmark-green-circle.png) | N/A* | 
 | **Port 4046 TCP/UDP – Network Status Monitor (NSM)** <br /> _Notifies NFS clients about reboots of the server for lock management._ | ![White checkmark in green box](../static-web-apps/media/get-started-cli/checkmark-green-circle.png) | N/A* | 
-| **Port 4049 TCP/UDP – `Rquotad`** <br /> _Handles [remote quota](https://linux.die.net/man/8/rpc.rquotad) services. (optional)_ | ![White checkmark in green box](../static-web-apps/media/get-started-cli/checkmark-green-circle.png) | N/A* | 
+| **Port 4049 TCP/UDP – `Rquotad`** <br /> _Handles [remote quota](https://linux.die.net/man/8/rpc.rquotad) services (optional)_ | ![White checkmark in green box](../static-web-apps/media/get-started-cli/checkmark-green-circle.png) | N/A* | 
 
 \* Incorporated into the NFSv4.1 standards. All traffic passed over port 2049.
 
 ### About outbound client ports
 
-Outbound client port requests leverage a port range for NFS connectivity. For instance, while the Azure NetApp Files mount port is static at 635, a client can initiate a connection using a dynamic port number in the range of 1 to 1024. (for example, 1010 -> 635)
+Outbound client port requests leverage a port range for NFS connectivity. The Azure NetApp Files mount port is static at 635. A client can initiate a connection using a dynamic port number in the range of 1 to 1023. For example, while the Azure NetApp Files mount port is 635, the client can use a dynamic port such as 1010. 
 
-Since there are only 1023 ports in that range, concurrent mount requests should be limited to below that amount. Otherwise, mount attempts fail if no available outgoing ports are available at the time of the request. Mount requests are ephemeral, so once the mount is established, the outbound client mount port frees up the connection.
+Since there are only 1,023 ports in that range, concurrent mount requests should be limited to below that amount. Otherwise, mount attempts fail if no available outgoing ports are free at the time of the request. Mount requests are ephemeral, so once the mount is established, the outbound client mount port frees up the connection.
 
 If mounting using UDP, once the mount request completes, a port isn't freed for up to 60 seconds. If mounting with TCP specified in the mount options, then the mount port is freed upon completion.
 
 Outbound client requests for NFS (directed to port 2049) allow up to 65,534 concurrent client ports per Azure NetApp Files NFS server. Once an NFS request is complete, the port is returned to the pool.
 
 ### Network address translation and firewalls
 
-If a network address translation (NAT) or firewall sits between the NFS client and server, consider:
+If a network address translation (NAT) or firewall sits between the NFS client and server:
 
 *	NFS maintains a reply cache to keep track of certain operations to make sure that they have completed. This reply cache is based on the source port and source IP address. When NAT is used in NFS operations, the source IP or port might change in flight, which could lead to data resiliency issues. If NAT is used, static entries for the NFS server IP and port should be added to make sure that data remains consistent.
 *	In addition, NAT can also cause issues with NFS mounts hanging due to how NAT handles idle sessions. If using NAT, the configuration should take idle sessions into account and leave them open indefinitely to prevent issues. NAT can also create issues with NLM lock reclamation.
@@ -53,35 +53,41 @@ For more information about how NFS operates in Azure NetApp Files, see [Understa
 
 ## Mount NFS volumes on Linux clients
 
-1. Review the [Linux NFS mount options best practices](performance-linux-mount-options.md).
-2. Select the **Volumes** pane and then the NFS volume that you want to mount.
-3. To mount the NFS volume using a Linux client, select **Mount instructions** from the selected volume. Follow the displayed instructions to mount the volume. 
+Before mounting NFS volumes on Linux clients, review the [Linux NFS mount options best practices](performance-linux-mount-options.md).
+
+1. Select the **Volumes** pane and then the NFS volume that you want to mount.
+1. To mount the NFS volume using a Linux client, select **Mount instructions** from the selected volume. Follow the displayed instructions to mount the volume. 
   :::image type="content" source="./media/azure-netapp-files-mount-unmount-volumes-for-virtual-machines/azure-netapp-files-mount-instructions-nfs.png" alt-text="Screenshot of Mount instructions." lightbox="./media/azure-netapp-files-mount-unmount-volumes-for-virtual-machines/azure-netapp-files-mount-instructions-nfs.png":::
       * Ensure that you use the `vers` option in the `mount` command to specify the NFS protocol version that corresponds to the volume you want to mount. 
   For example, if the NFS version is NFSv4.1: 
   `sudo mount -t nfs -o rw,hard,rsize=65536,wsize=65536,vers=4.1,tcp,sec=sys $MOUNTTARGETIPADDRESS:/$VOLUMENAME $MOUNTPOINT` 
       * If you use NFSv4.1 and your configuration requires using VMs with the same host names (for example, in a DR test), see [Configure two VMs with the same hostname to access NFSv4.1 volumes](configure-nfs-clients.md#configure-two-vms-with-the-same-hostname-to-access-nfsv41-volumes).
       * In Azure NetApp Files, NFSv4.2 is enabled when NFSv4.1 is used, however NFSv4.2 is officially unsupported. If you don’t specify NFSv4.1 in the client’s mount options (`vers=4.1`), the client may negotiate to the highest allowed NFS version, meaning the mount is out of support compliance.
-4. If you want the volume mounted automatically when an Azure VM is started or rebooted, add an entry to the `/etc/fstab` file on the host. 
+1. If you want the volume mounted automatically when an Azure VM is started or rebooted, add an entry to the `/etc/fstab` file on the host. 
   For example: `$ANFIP:/$FILEPATH /$MOUNTPOINT nfs bg,rw,hard,noatime,nolock,rsize=65536,wsize=65536,vers=3,tcp,_netdev 0 0`
     * `$ANFIP` is the IP address of the Azure NetApp Files volume found in the volume properties menu
     * `$FILEPATH` is the export path of the Azure NetApp Files volume
     * `$MOUNTPOINT` is the directory created on the Linux host used to mount the NFS export
-5. If you want to mount an NFS Kerberos volume, refer to [Configure NFSv4.1 Kerberos encryption](configure-kerberos-encryption.md) for additional details.
-6. You can also access SMB volumes from Unix and Linux clients via NFS by setting the protocol access for the volume to “dual-protocol”. This allows for accessing the volume via NFS (NFSv3 or NFSv4.1) and SMB. See [Create a dual-protocol volume](create-volumes-dual-protocol.md) for details. Take note of the security style mappings table. Mounting a dual-protocol volume from Unix and Linux clients relies on the same procedure as regular NFS volumes.
+1. If you want to mount an NFS Kerberos volume, refer to [Configure NFSv4.1 Kerberos encryption](configure-kerberos-encryption.md) for additional details.
+
+>[!NOTE]
+>You can also access SMB volumes from Unix and Linux clients via NFS by setting the protocol access for the volume to "dual-protocol." The dual-protocol setting allows for accessing the volume via NFS (NFSv3 or NFSv4.1) and SMB. See [Create a dual-protocol volume](create-volumes-dual-protocol.md) for details. Take note of the security style mappings table. Mounting a dual-protocol volume from Unix and Linux clients relies on the same procedure as regular NFS volumes.
 
-## Mount NFS volumes on Windows clients 
+## Mount NFSv3 volumes on Windows clients 
 
-Mounting NFSv4.1 volumes on Windows clients is not supported. For more information, see [Network File System overview](/windows-server/storage/nfs/nfs-overview).
+>[!IMPORTANT]
+>Mounting NFSv4.1 volumes on Windows clients isn't supported. For more information, see [Network File System overview](/windows-server/storage/nfs/nfs-overview).
 
-If you want to mount NFSv3 volumes on a Windows client using NFS: 
+To mount NFSv3 volumes on a Windows client using NFS: 
 
 1. [Mount the volume onto a Unix or Linux VM first](#mount-nfs-volumes-on-linux-clients).
 1. Run a `chmod 777` or `chmod 775` command against the volume. 
 1. Mount the volume via the NFS client on Windows using the mount option `mtype=hard` to reduce connection issues. 
   See [Windows command line utility for mounting NFS volumes](/windows-server/administration/windows-commands/mount) for more detail. 
   For example: `Mount -o rsize=256 -o wsize=256 -o mtype=hard \\10.x.x.x\testvol X:* `
-1. You can also access NFS volumes from Windows clients via SMB by setting the protocol access for the volume to “dual-protocol”. This setting allows access to the volume via SMB and NFS (NFSv3 or NFSv4.1) and results in better performance than using the NFS client on Windows with an NFS volume. See [Create a dual-protocol volume](create-volumes-dual-protocol.md) for details, and take note of the security style mappings table. Mounting a dual-protocol volume from Windows clients using the same procedure as regular SMB volumes. 
+
+>[!NOTE]
+>You can also access NFS volumes from Windows clients via SMB by setting the protocol access for the volume to "dual-protocol." This setting allows access to the volume via SMB and NFS (NFSv3 or NFSv4.1) and results in better performance than using the NFS client on Windows with an NFS volume. See [Create a dual-protocol volume](create-volumes-dual-protocol.md) for details, and take note of the security style mappings table. Mounting a dual-protocol volume from Windows clients using the same procedure as regular SMB volumes. 
 
 ## Next steps
 
 
@@ -39,7 +39,7 @@ The following table describes resource limits for Azure NetApp Files:
 |  Maximum number of files `maxfiles` per volume     |  See [`maxfiles`](maxfiles-concept.md)  |    Yes    |    
 |  Maximum number of export policy rules per volume     |    5  |    No    | 
 |  Maximum number of quota rules per volume     |   100  |    No    | 
-|  Minimum assigned throughput for a manual QoS volume     |    1 MiB/s   |    No    |    
+|  Minimum assigned throughput for a manual Quality of Service (QoS) volume     |    1 MiB/s   |    No    |    
 |  Maximum assigned throughput for a manual QoS volume     |    4,500 MiB/s    |    No    |    
 |  Number of cross-region replication data protection volumes (destination volumes)     |    50    |    Yes    |     
 |  Number of cross-zone replication data protection volumes (destination volumes)     |    50    |    Yes    |