Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into nw-toc

Author: halkazwini

.openpublishing.redirection.json

@@ -6978,6 +6978,26 @@
       "source_path": "articles/defender-for-iot/organizations/eiot-sensor.md",
       "redirect_url": "/azure/defender-for-iot/organizations/concept-enterprise",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cyclecloud/release-notes/ccws/2024.09.18.md",
+      "redirect_url": "/azure/cyclecloud/release-notes/ccws/2024-09-18",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cyclecloud/release-notes/ccws/2024.11.08.md",
+      "redirect_url": "/azure/cyclecloud/release-notes/ccws/2024-11-08",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cyclecloud/release-notes/ccws/2024.12.18.md",
+      "redirect_url": "/azure/cyclecloud/release-notes/ccws/2024-12-18",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cyclecloud/release-notes/ccws/2025.02.06.md",
+      "redirect_url": "/azure/cyclecloud/release-notes/ccws/2025-02-06",
+      "redirect_document_id": false
     }
   ]
 }

articles/api-management/configure-custom-domain.md

@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 05/09/2025
+ms.date: 05/30/2025
 ms.author: danlep
 ms.custom:
   - engagement-fy23
@@ -50,10 +50,10 @@ There are several API Management endpoints to which you can assign a custom doma
 | Endpoint | Default |
 | -------- | ----------- |
 | **Gateway** | Default is: `<apim-service-name>.azure-api.net`. Gateway is the only endpoint available for configuration in the Consumption tier.<br/><br/>The default Gateway endpoint configuration remains available after a custom Gateway domain is added. |
-| **Developer portal** | Default is: `<apim-service-name>.developer.azure-api.net` |
-| **Management** | Default is: `<apim-service-name>.management.azure-api.net` |
-| **Configuration API (v2)** | Default is: `<apim-service-name>.configuration.azure-api.net` |
-| **SCM** | Default is: `<apim-service-name>.scm.azure-api.net` |
+| **Developer portal** (all tiers except Consumption) | Default is: `<apim-service-name>.developer.azure-api.net` |
+| **Management** (classic tiers only) | Default is: `<apim-service-name>.management.azure-api.net` |
+| **Self-hosted gateway configuration API (v2)** | Default is: `<apim-service-name>.configuration.azure-api.net` |
+| **SCM** (classic tiers only) | Default is: `<apim-service-name>.scm.azure-api.net` |
 
 ### Considerations
 
@@ -62,6 +62,7 @@ There are several API Management endpoints to which you can assign a custom doma
 * Only API Management instance owners can use **Management** and **SCM** endpoints internally. These endpoints are less frequently assigned a custom domain name.
 * The **Premium** and **Developer** tiers support setting multiple hostnames for the **Gateway** endpoint.
 * Wildcard domain names, like `*.contoso.com`, are supported in all tiers except the Consumption tier. A specific subdomain certificate (for example, api.contoso.com) would take precedence over a wildcard certificate (*.contoso.com) for requests to api.contoso.com.
+* When configuing a custom domain for the **Developer portal**, you can [enable CORS](enable-cors-developer-portal.md) for the new domain name. This is needed for developer portal visitors to use the interactive console in the API reference pages.
 
 ## Domain certificate options
 

articles/api-management/enable-cors-developer-portal.md

@@ -6,19 +6,20 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 12/22/2023
+ms.date: 05/30/2025
 ms.author: danlep
 ---
 
 # Enable CORS for interactive console in the API Management developer portal 
+
+[!INCLUDE [premium-dev-standard-basic-premiumv2-standarv2-basicv2.md](../../includes/api-management-availability-premium-dev-standard-basic-premiumv2-standardv2-basicv2.md)]
+
 Cross-origin resource sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. 
 
 To let visitors to the API Management [developer portal](developer-portal-overview.md) use the interactive test console in the API reference pages, enable a [CORS policy](cors-policy.md) for APIs in your API Management instance. If the developer portal's domain name isn't an allowed origin for cross-domain API requests, test console users will see a CORS error.  
 
 For certain scenarios, you can configure the developer portal as a CORS proxy instead of enabling a CORS policy for APIs.
 
-[!INCLUDE [premium-dev-standard-basic.md](../../includes/api-management-availability-premium-dev-standard-basic.md)]
-
 ## Prerequisites 
 
 + Complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md)
@@ -41,7 +42,6 @@ You can enable a setting to configure a CORS policy automatically for all APIs i
 
 ![Screenshot that shows where to check status of your CORS policy in the developer portal.](media/enable-cors-developer-portal/cors-azure-portal.png)
 
-
 ### Enable CORS policy manually
 
 1. Select the **Manually apply it on the global level** link to see the generated policy code.
@@ -57,6 +57,12 @@ You can enable a setting to configure a CORS policy automatically for all APIs i
 >
 > As a workaround, you can pass the subscription key in a query parameter.
 
+## CORS configuration for custom domain name
+
+If you configure a [custom domain](configure-custom-domain.md) for the developer portal and want visitors to use the test console on API reference pages, ensure that you enable CORS for the custom developer portal domain name.
+
+When configuring the custom domain, you can enable a setting to add an origin for your custom developer portal domain in the CORS policy. If CORS was already enabled for the default domain, both origins will be included in the CORS policy. You can change the CORS policy settings anytime.
+
 ## CORS proxy option
 
 For some scenarios (for example, if the API Management gateway is network isolated), you can choose to configure the developer portal as a CORS proxy itself, instead of enabling a CORS policy for your APIs. The CORS proxy routes the interactive console's API calls through the portal's backend in your API Management instance.
@@ -84,4 +90,4 @@ If you [self-host](developer-portal-self-host.md) the developer portal, the foll
 ## Related content
 
 * For more information about configuring a policy, see [Set or edit policies](set-edit-policies.md).
-* For details about the CORS policy, see the [cors](cors-policy.md) policy reference.
+* For details about the CORS policy, see the [cors](cors-policy.md) policy reference.

articles/app-service/app-service-ip-restrictions.md

@@ -13,8 +13,6 @@ ms.assetid: 3be1f4bd-8a81-4565-8a56-528c037b24bd
 ---
 # Set up Azure App Service access restrictions
 
-[!INCLUDE [regionalization-note](./includes/regionalization-note.md)]
-
 When you set up access restrictions, you can define a priority-ordered allow/deny list that controls network access to your app. The list can include IP addresses or Azure Virtual Network subnets. When there are one or more entries, an implicit *deny all* exists at the end of the list. For more information, see [Azure App Service access restrictions](./overview-access-restrictions.md).
 
 The access restriction capability works with all Azure App Service-hosted workloads. The workloads can include web apps, API apps, Linux apps, Linux custom containers, and Azure Functions apps.

articles/app-service/app-service-key-vault-references.md

@@ -14,8 +14,6 @@ ms.custom: AppServiceConnectivity
 
 This article shows you how to use secrets from Azure Key Vault as values of [app settings](configure-common.md#configure-app-settings) or [connection strings](configure-common.md#configure-connection-strings) in your Azure App Service or Azure Functions apps.
 
-[!INCLUDE [regionalization-note](./includes/regionalization-note.md)]
-
 [Key Vault](/azure/key-vault/general/overview) is a service that provides centralized secrets management, with full control over access policies and audit history. When an app setting or connection string is a Key Vault reference, your application code can use it like any other app setting or connection string. This way, you can maintain secrets apart from your app's configuration. App settings are securely encrypted at rest, but if you need capabilities for managing secrets, they should go into a key vault.
 
 ## Grant your app access to a key vault

articles/app-service/app-service-plan-manage.md

@@ -12,8 +12,6 @@ ms.custom: "UpdateFrequency3"
 ---
 # Manage an App Service plan in Azure
 
-[!INCLUDE [regionalization-note](./includes/regionalization-note.md)]
-
 An [Azure App Service plan](overview-hosting-plans.md) provides the resources that an App Service app needs to run. This guide shows how to manage an App Service plan.
 
 ## Create an App Service plan
@@ -38,7 +36,7 @@ You can create an empty App Service plan, or you can create a plan as part of ap
 6. Select **Review + create** to create the App Service plan.
 
 > [!IMPORTANT]
-> When you create an new App Service plan in an existing resource group, certain conditions with existing apps can trigger these errors:
+> When you create a new App Service plan in an existing resource group, certain conditions with existing apps can trigger these errors:
 > - `The pricing tier is not allowed in this resource group`
 > - `<SKU_NAME> workers are not available in resource group <RESOURCE_GROUP_NAME>`
 > 

articles/app-service/app-service-web-tutorial-custom-domain.md

@@ -13,8 +13,6 @@ author: msangapu-msft
 
 # Set up an existing custom domain in Azure App Service
 
-[!INCLUDE [regionalization-note](./includes/regionalization-note.md)]
-
 [Azure App Service](overview.md) provides a highly scalable, self-patching web hosting service. This guide shows you how to map an existing custom Domain Name System (DNS) name to App Service. To migrate a live site and its DNS domain name to App Service with no downtime, see [Migrate an active DNS name to Azure App Service](manage-custom-dns-migrate-domain.md).
 
 The DNS record type you need to add with your domain provider depends on the domain you want to add to App Service.
@@ -110,7 +108,7 @@ Create two records, as described in the following table:
 
 | Record type | Host | Value | Comments |
 | - | - | - |-|
-| CNAME | `<subdomain>` (for example, `www`) | `<app-name>.azurewebsites.net`. (See [the note at the start of this article](#dnl-note).) | The domain mapping itself. |
+| CNAME | `<subdomain>` (for example, `www`) | (See the value in the Azure portal **Overview** page for your app.) | The domain mapping itself. |
 | TXT | `asuid.<subdomain>` (for example, `asuid.www`) | The domain verification ID shown in the **Add custom domain** dialog. | App Service accesses the `asuid.<subdomain>` TXT record to verify your ownership of the custom domain. |
 
 ![Screenshot that shows the portal navigation to an Azure app.](./media/app-service-web-tutorial-custom-domain/cname-record.png)
@@ -121,7 +119,7 @@ For a wildcard name, like `*` in `*.contoso.com`, create two records, as describ
 
 | Record type | Host | Value | Comments |
 | - | - | - | - |
-| CNAME | `*` | `<app-name>.azurewebsites.net`. (See [the note at the start of this article](#dnl-note).) | The domain mapping itself. |
+| CNAME | `*` | (See the value in the Azure portal **Overview** page for your app.) | The domain mapping itself. |
 | TXT | `asuid` | The domain verification ID shown in the **Add custom domain** dialog. | App Service accesses the `asuid` TXT record to verify your ownership of the custom domain. |
 
 ![Screenshot that shows the navigation to an Azure app.](./media/app-service-web-tutorial-custom-domain/cname-record-wildcard.png)

articles/app-service/configure-authentication-provider-aad.md

@@ -12,8 +12,6 @@ ms.author: cephalin
 
 # Configure your App Service or Azure Functions app to use Microsoft Entra sign-in
 
-[!INCLUDE [regionalization-note](./includes/regionalization-note.md)]
-
 Select another authentication provider to jump to it.
 
 [!INCLUDE [app-service-mobile-selector-authentication](../../includes/app-service-mobile-selector-authentication.md)]
@@ -81,7 +79,7 @@ To use an existing registration, select either:
 
 If you need to manually create an app registration in a workforce tenant, see [Register an application with the Microsoft identity platform](/entra/identity-platform/quickstart-register-app). As you go through the registration process, be sure to note the application (client) ID and client secret values.
 
-During the registration process, in the **Redirect URIs** section, select **Web** for platform and enter `<app-url>/.auth/login/aad/callback`. For example, enter `https://contoso.azurewebsites.net/.auth/login/aad/callback`.
+During the registration process, in the **Redirect URIs** section, select **Web** for platform, and enter a redirect URI. For example, enter `https://contoso.azurewebsites.net/.auth/login/aad/callback`.
 
 Now, modify the app registration:
 
@@ -168,7 +166,7 @@ To use an existing registration, select **Provide the details of an existing app
 
 If you need to manually create an app registration in an external tenant, see [Register an app in your external tenant](/entra/external-id/customers/how-to-register-ciam-app?tabs=webapp#register-your-web-app).
 
-During the registration process, in the **Redirect URIs** section, select **Web** for platform and enter `<app-url>/.auth/login/aad/callback`. For example, enter `https://contoso.azurewebsites.net/.auth/login/aad/callback`.
+During the registration process, in the **Redirect URIs** section, select **Web** for platform, and enter a redirect URI. For example, enter `https://contoso.azurewebsites.net/.auth/login/aad/callback`.
 
 Now, modify the app registration:
 
@@ -364,7 +362,7 @@ You can register native clients to request access to your App Service app's APIs
 
 1. On the **Register an application** pane, for **Name**, enter a name for your app registration.
 
-1. In **Redirect URI**, select **Public client/native (mobile & desktop)** and enter the URL `<app-url>/.auth/login/aad/callback`. For example, enter `https://contoso.azurewebsites.net/.auth/login/aad/callback`.
+1. In **Redirect URI**, select **Public client/native (mobile & desktop)** and enter the redirect URL. For example, enter `https://contoso.azurewebsites.net/.auth/login/aad/callback`.
 
 1. Select **Register**.
 

articles/app-service/configure-common.md

@@ -16,8 +16,6 @@ ms.author: cephalin
 
 This article explains how to configure common settings for web apps, a mobile back end, or an API app. For Azure Functions, see [App settings reference for Azure Functions](../azure-functions/functions-app-settings.md).
 
-[!INCLUDE [regionalization-note](./includes/regionalization-note.md)]
-
 ## Configure app settings
 
 In Azure App Service, app settings are variables passed as environment variables to the application code. The following conditions apply to app settings:
@@ -55,7 +53,7 @@ App settings are always encrypted when they're stored (encrypted at rest).
    By default, values for app settings are hidden in the portal for security. To see a hidden value of an app setting, under **Value**, select **Show value**. To see the hidden values of all app settings, select **Show values**.
 
    > [!NOTE]
-   > Read/Write user permimssions are required to view this section in the Azure portal. RBAC built-in roles with sufficient permissions are Owner, Contributor, and Website Contributor. The Reader role alone would not be allowed to access this page. 
+   > Read/Write user permissions are required to view this section in the Azure portal. RBAC built-in roles with sufficient permissions are Owner, Contributor, and Website Contributor. The Reader role alone would not be allowed to access this page. 
 
 1. To add a new app setting, select **Add**. To edit a setting, select the setting.
 1. In the dialog, you can [stick the setting to the current slot](deploy-staging-slots.md#which-settings-are-swapped).

articles/app-service/configure-ssl-certificate.md

@@ -13,8 +13,6 @@ author: msangapu-msft
 
 # Add and manage TLS/SSL certificates in Azure App Service
 
-[!INCLUDE [regionalization-note](./includes/regionalization-note.md)]
-
 You can add digital security certificates to [use in your application code](configure-ssl-certificate-in-code.md) or to [help secure custom DNS names](configure-ssl-bindings.md) in [Azure App Service](overview.md), which provides a highly scalable, self-patching web hosting service. Currently called Transport Layer Security (TLS) certificates, also previously known as Secure Socket Layer (SSL) certificates, these private or public certificates help you secure internet connections by encrypting data sent between your browser, websites that you visit, and the website server.
 
 The following table lists the options for you to add certificates in App Service:
@@ -69,7 +67,7 @@ The free App Service managed certificate is a turn-key solution for helping to s
 >
 > Free certificates are issued by DigiCert. For some domains, you must explicitly allow DigiCert as a certificate issuer by creating a [CAA domain record](https://wikipedia.org/wiki/DNS_Certification_Authority_Authorization) with the value: `0 issue digicert.com`.
 >
-> Azure fully manages the certificates on your behalf, so any aspect of the managed certificate, including the root issuer, can change at anytime. Certificate renewals change both public and private key parts.  All of these certificate changes are outside your control. Make sure to avoid hard dependencies and "pinning" practice certificates to the managed certificate or any part of the certificate hierarchy. If you need the certificate pinning behavior, add a certificate to your custom domain using any other available method in this article.
+> Azure fully manages the certificates on your behalf, so any aspect of the managed certificate, including the root issuer, can change at any time. Certificate renewals change both public and private key parts.  All of these certificate changes are outside your control. Make sure to avoid hard dependencies and "pinning" practice certificates to the managed certificate or any part of the certificate hierarchy. If you need the certificate pinning behavior, add a certificate to your custom domain using any other available method in this article.
 
 The free certificate comes with the following limitations:
 
@@ -148,7 +146,7 @@ The service principal app ID or assignee value is the ID for the App Service res
 
 | Resource provider | Service principal app ID | Key vault secret permissions | Key vault certificate permissions |
 |--|--|--|--|
-| **Microsoft Azure App Service** or **Microsoft.Azure.WebSites** | - `abfa0a7c-a6b6-4736-8310-5855508787cd` for public Azure cloud environment <br><br>- `6a02c803-dafd-4136-b4c3-5a6f318b4714` for Azure Government cloud environment | Get | Get |
+| **Microsoft Azure App Service** or **Microsoft.Azure.WebSites** | - `abfa0a7c-a6b6-4736-8310-5855508787cd` for global Azure cloud environment <br><br>- `6a02c803-dafd-4136-b4c3-5a6f318b4714` for Azure Government cloud environment | Get | Get |
 
 The service principal app ID or assignee value is the ID for the App Service resource provider. To learn how to authorize key vault permissions for the App Service resource provider using an access policy, see the [assign a Key Vault access policy documentation](/azure/key-vault/general/assign-access-policy?tabs=azure-portal).