Merge pull request #294472 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: Taojunshen

articles/api-center/set-up-api-center.md

@@ -26,7 +26,7 @@ To register the resource provider using the portal:
 
 1. Select the subscription where you want to create the API center.
 
-1. In the left menu, under **Resources**, select **Resource providers**.
+1. In the left menu, under **Settings** > **Resources**, select **Resource providers**.
 
 1. Search for **Microsoft.ApiCenter** in the list of resource providers. If it's not registered, select **Register**.
 

articles/api-management/api-management-api-import-restrictions.md

@@ -147,6 +147,7 @@ The following fields are included in either [OpenAPI version 3.0.x](https://swag
 | **PathItem** | <ul><li>`trace`</li><li>`servers`</li></ul> |
 | **Operation** | <ul><li>`externalDocs`</li><li>`callbacks`</li><li>`security`</li><li>`servers`</li></ul> |
 | **Parameter** | <ul><li>`allowEmptyValue`</li><li>`style`</li><li>`explode`</li><li>`allowReserved`</li></ul> |
+| **Server templating** | <ul><li>`API Server and Base URL`</li></ul> |
 
 ## OpenAPI import, update, and export mechanisms
 

articles/api-management/azure-openai-enable-semantic-caching.md

@@ -115,7 +115,7 @@ If the request is successful, the response includes a vector representation of t
 
 ## Configure semantic caching policies
 
-Configure the following policies to enable semantic caching for Azure OpenAI APIs in Azure API Management:
+To enable semantic caching for Azure OpenAI APIs in Azure API Management, apply the following policies: one to check the cache before sending requests (lookup) and another to store responses for future reuse (store):
 * In the **Inbound processing** section for the API, add the [azure-openai-semantic-cache-lookup](azure-openai-semantic-cache-lookup-policy.md) policy. In the `embeddings-backend-id` attribute, specify the Embeddings API backend you created.
 
     > [!NOTE]

articles/api-management/backends.md

@@ -271,3 +271,4 @@ Include a JSON snippet similar to the following in your ARM template for a backe
 
 * Blog: [Using Azure API Management circuit breaker and load balancing with Azure OpenAI Service](https://techcommunity.microsoft.com/t5/fasttrack-for-azure/using-azure-api-management-circuit-breaker-and-load-balancing/ba-p/4041003)
 * Set up a [Service Fabric backend](how-to-configure-service-fabric-backend.yml) using the Azure portal.
+* Quickstart [Create a Backend Pool in Azure API Management using Bicep for load balance OpenAI requests](https://github.com/Azure-Samples/apim-lbpool-openai-quickstart)

articles/azure-functions/durable/durable-functions-perf-and-scale.md

@@ -31,7 +31,7 @@ On a premium plan, automatic scaling can help to keep the number of workers (and
 
 ### CPU usage
 
-**Orchestrator functions** are executed on a single thread to ensure that execution can be deterministic across many replays. Because of this single-threaded execution, it's important that orchestrator function threads do not perform CPU-intensive tasks, do I/O, or block for any reason. Any work that may require I/O, blocking, or multiple threads should be moved into activity functions.
+**Orchestrator functions** run their logic multiple times due to their replaying behavior. It's therefore important that orchestrator function threads do not perform CPU-intensive tasks, do I/O, or block for any reason. Any work that may require I/O, blocking, or multiple threads should be moved into activity functions.
 
 **Activity functions** have all the same behaviors as regular queue-triggered functions. They can safely do I/O, execute CPU intensive operations, and use multiple threads. Because activity triggers are stateless, they can freely scale out to an unbounded number of VMs.
 

articles/container-apps/revisions.md

@@ -5,7 +5,7 @@ services: container-apps
 author: craigshoemaker
 ms.service: azure-container-apps
 ms.topic: conceptual
-ms.date: 02/01/2024
+ms.date: 02/10/2025
 ms.author: cshoe
 ms.custom: build-2023
 ---
@@ -26,7 +26,7 @@ Key characteristics of revisions include:
 
 - **Scoped changes**: While revisions remain static, [application-scope](#change-types) changes can affect all revisions, while [revision-scope](#change-types) changes create a new revision.
 
-- **Historical record**: By default, you have access to 100 inactive revisions, but you can [adjust this threshold manually](#change-inactive-revision-limit).
+- **Historical record**: By default, you have access to 100 inactive revisions, but you can [adjust this threshold manually](#change-inactive-revision-limit-preview).
 
 - **Multiple revisions**: You can run multiple revisions concurrently. This feature is especially beneficial when you need to manage different versions of your app simultaneously.
 
@@ -65,10 +65,16 @@ After a container app is successfully provisioned, a revision enters its operati
 
 Revisions can also enter an inactive state. These revisions don't possess provisioning or running states. However, Azure Container Apps maintains a list of these revisions, accommodating up to 100 inactive entries. You can activate a revision at any time.
 
-### Change inactive revision limit
+### Change inactive revision limit (preview)
 
 You can use the `--max-inactive-revisions` parameter with the `containerapp create` or `containerapp update` commands to control the number of inactive revisions tracked by Container Apps.
 
+First, make sure you have installed the Container Apps extension, with preview features enabled, for the Azure CLI:
+
+```azurecli
+az extension add --name containerapp --upgrade --allow-preview true
+```
+
 This example demonstrates how to create a new container app that tracks 50 inactive revisions:
 
 ```azurecli

articles/role-based-access-control/built-in-roles.md

@@ -446,6 +446,7 @@ The following table provides a brief description of each built-in role. Click th
 > | <a name='security-assessment-contributor'></a>[Security Assessment Contributor](./built-in-roles/security.md#security-assessment-contributor) | Lets you push assessments to Microsoft Defender for Cloud | 612c2aa1-cb24-443b-ac28-3ab7272de6f5 |
 > | <a name='security-manager-legacy'></a>[Security Manager (Legacy)](./built-in-roles/security.md#security-manager-legacy) | This is a legacy role. Please use Security Admin instead. | e3d13bf0-dd5a-482e-ba6b-9b8433878d10 |
 > | <a name='security-reader'></a>[Security Reader](./built-in-roles/security.md#security-reader) | View permissions for Microsoft Defender for Cloud. Can view recommendations, alerts, a security policy, and security states, but cannot make changes.<br><br>For Microsoft Defender for IoT, see [Azure user roles for OT and Enterprise IoT monitoring](/azure/defender-for-iot/organizations/roles-azure). | 39bc4728-0917-49c7-9d2c-d95423bc2eb4 |
+> | <a name='locks-contributor'></a>[Locks Contributor](./built-in-roles/security.md#locks-contributor) | Lets you manage locks operations | 28bf596f-4eb7-45ce-b5bc-6cf482fec137 |
 
 ## DevOps
 

articles/role-based-access-control/built-in-roles/security.md

@@ -1559,7 +1559,49 @@ View permissions for Microsoft Defender for Cloud. Can view recommendations, ale
   "type": "Microsoft.Authorization/roleDefinitions"
 }
 ```
+## Locks Contributor
+
+Manage locks operations.
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/locks/read | Gets locks at the specified scope |
+> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/locks/write | Add locks at the specified scope |
+> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/locks/delete | Delete locks at the specified scope |
+> | **NotActions** |  |
+> | *none* |  |
+> | **DataActions** |  |
+> | *none* |  |
+> | **NotDataActions** |  |
+> | *none* |  |
+
+```json
+{
+  "assignableScopes": [
+    "/"
+  ],
+  "description": "Can Manage Locks Operations.",
+  "id": "/providers/Microsoft.Authorization/roleDefinitions/28bf596f-4eb7-45ce-b5bc-6cf482fec137",
+  "name": "28bf596f-4eb7-45ce-b5bc-6cf482fec137",
+  "permissions": [
+    {
+      "actions": [
+        "Microsoft.Authorization/locks/read",
+        "Microsoft.Authorization/locks/write",
+        "Microsoft.Authorization/locks/delete"
+      ],
+      "notActions": [],
+      "dataActions": [],
+      "notDataActions": []
+    }
+  ],
+  "roleName": "Locks Contributor",
+  "roleType": "BuiltInRole",
+  "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
 
 ## Next steps
 
-- [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal)
+- [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal)

includes/api-management-authorization-azure-ad-provider.md

@@ -10,10 +10,9 @@ ms.author: danlep
 | Provider name | Name of credential provider resource in API Management |Yes | N/A | 
 | Identity provider  | Select **Azure Active Directory v1** |Yes | N/A | 
 | Grant type  | The OAuth 2.0 authorization grant type to use<br/><br/>Depending on your scenario, select either **Authorization code** or **Client credentials**. |Yes | Authorization code | 
-|**Authorization URL** | `https://graph.microsoft.com` | Yes | N/A |
+|**Authorization URL** | Authorization URL | No | `https://login.microsoftonline.com` |
 | Client ID | The application (client) ID used to identify the Microsoft Entra app | Yes | N/A |
 | Client secret | The client secret used for the Microsoft Entra app | Yes | N/A |
-| Login URL | The Microsoft Entra login URL  | No | `https://login.windows.net` |
 | Resource URL | The URL of the resource that requires authorization<br/><br/> Example: `https://graph.microsoft.com` | Yes | N/A |
 | Tenant ID | The tenant ID of your Microsoft Entra app | No | common |  
 | Scopes | One or more API permissions for your Microsoft Entra app, separated by the " " character <br/><br/>Example: `ChannelMessage.Read.All User.Read` | No | API permissions set in Microsoft Entra app | 

includes/api-management-recommended-nsg-rules.md

@@ -22,12 +22,12 @@ Configure custom network rules in the API Management subnet to filter traffic to
 |-------|--------------|----------|---------|------------|-----------|-----|--------|-----|
 | Inbound | Internet | * | VirtualNetwork | [80], 443   | TCP            | Allow | Client communication to API Management                   | External only          |
 | Inbound | ApiManagement | * | VirtualNetwork | 3443    | TCP | Allow     | Management endpoint for Azure portal and PowerShell        | External & Internal  |
-| Inbound | AzureLoadBalancer | * | Virtual Network | 6390      | TCP                | Allow | Azure Infrastructure Load Balancer             | External & Internal  |
+| Inbound | AzureLoadBalancer | * | VirtualNetwork | 6390      | TCP                | Allow | Azure Infrastructure Load Balancer             | External & Internal  |
 | Inbound | AzureTrafficManager | * | VirtualNetwork | 443 | TCP | Allow | Azure Traffic Manager routing for multi-region deployment | External only |
 | Outbound | VirtualNetwork | * | Storage | 443                  |  TCP | Allow  | Dependency on Azure Storage for core service functionality                            | External & Internal  |
 | Outbound | VirtualNetwork| * | SQL | 1433                     | TCP           | Allow | Access to Azure SQL endpoints for core service functionality                          | External & Internal  |
 | Outbound | VirtualNetwork | * | AzureKeyVault | 443                     | TCP                | Allow                | Access to Azure Key Vault for core service functionality                         | External & Internal  |
-| Outbound | VirtualNetwork | * | Azure Monitor | 1886, 443                     |  TCP                | Allow         | Publish [Diagnostics Logs and Metrics](../articles/api-management/api-management-howto-use-azure-monitor.md), [Resource Health](/azure/service-health/resource-health-overview), and [Application Insights](../articles/api-management/api-management-howto-app-insights.md)                  | External & Internal  |
+| Outbound | VirtualNetwork | * | AzureMonitor | 1886, 443                     |  TCP                | Allow         | Publish [Diagnostics Logs and Metrics](../articles/api-management/api-management-howto-use-azure-monitor.md), [Resource Health](/azure/service-health/resource-health-overview), and [Application Insights](../articles/api-management/api-management-howto-app-insights.md)                  | External & Internal  |
 
 
 ### [stv1](#tab/stv1)
@@ -40,7 +40,7 @@ Configure custom network rules in the API Management subnet to filter traffic to
 | Inbound | AzureTrafficManager | * | VirtualNetwork | 443 | TCP | Allow | Azure Traffic Manager routing for multi-region deployment | External only |
 | Outbound | VirtualNetwork | * | Storage | 443                  |  TCP | Allow  | Dependency on Azure Storage for core service functionality                            | External & Internal  |
 | Outbound | VirtualNetwork| * | SQL | 1433                     | TCP           | Allow | Access to Azure SQL endpoints for core service functionality                          | External & Internal  |
-| Outbound | VirtualNetwork | * | Azure Monitor | 1886, 443                     |  TCP                | Allow         | Publish [Diagnostics Logs and Metrics](../articles/api-management/api-management-howto-use-azure-monitor.md), [Resource Health](/azure/service-health/resource-health-overview), and [Application Insights](../articles/api-management/api-management-howto-app-insights.md)                  | External & Internal  |
+| Outbound | VirtualNetwork | * | AzureMonitor | 1886, 443                     |  TCP                | Allow         | Publish [Diagnostics Logs and Metrics](../articles/api-management/api-management-howto-use-azure-monitor.md), [Resource Health](/azure/service-health/resource-health-overview), and [Application Insights](../articles/api-management/api-management-howto-app-insights.md)                  | External & Internal  |
 
 
 ---