Merge branch 'patch-5' of https://github.com/MikeRayMSFT/azure-docs into 240611-update-output-arc-data

Author: MikeRayMSFT

articles/active-directory-b2c/localization-string-ids.md

@@ -532,7 +532,7 @@ The following IDs are used for an [Microsoft Entra ID multifactor authentication
 | `UserMessageIfMaxAllowedCodeRetryReached` | Wrong code entered too many times, please try again later.|
 | `UserMessageIfServerError` | Cannot use MFA service, please try again later.|
 | `UserMessageIfThrottled` | Your request has been throttled, please try again later.|
-| `UserMessageIfWrongCodeEntered` |Wrong code entered, please try again.|
+| `UserMessageIfIncorrectOTPCodeEntered` |Wrong code entered, please try again.|
 
 <a name='azure-ad-mfa-example'></a>
 
@@ -684,4 +684,4 @@ This example shows localized messages for CAPTCHA display control.
 See the following articles for localization examples:
 
 - [Language customization with custom policy in Azure AD B2C](language-customization.md)
-- [Language customization with user flows in Azure AD B2C](language-customization.md)
+- [Language customization with user flows in Azure AD B2C](language-customization.md)

articles/api-management/api-management-howto-api-inspector.md

@@ -90,7 +90,7 @@ Enable tracing by the following steps using calls to the API Management REST API
     {
         "credentialsExpireAfter": PT1H,
         "apiId": "<API resource ID>",
-        "purposes: ["tracing"]
+        "purposes": ["tracing"]
     }
     ```
         

articles/app-service/configure-common.md

@@ -212,10 +212,15 @@ At runtime, connection strings are available as environment variables, prefixed
 * MySQL: `MYSQLCONNSTR_` 
 * SQLAzure: `SQLAZURECONNSTR_` 
 * Custom: `CUSTOMCONNSTR_`
-* PostgreSQL: `POSTGRESQLCONNSTR_`  
+* PostgreSQL: `POSTGRESQLCONNSTR_`
+* Notification Hub: `NOTIFICATIONHUBCONNSTR_`
+* Service Bus: `SERVICEBUSCONNSTR_`
+* Event Hub: `EVENTHUBCONNSTR_`
+* Document Db: `DOCDBCONNSTR_`
+* Redis Cache: `REDISCACHECONNSTR_`
 
 >[!Note]
-> .NET apps targeting PostgreSQL should set the connection string to **Custom** as workaround for a [knows issue in .NET EnvironmentVariablesConfigurationProvider](https://github.com/dotnet/runtime/issues/36123) 
+> .NET apps targeting PostgreSQL, Notification Hub, Service Bus, Event Hub, Document Db and Redis Cache should set the connection string to **Custom** as workaround for a [known issue in .NET EnvironmentVariablesConfigurationProvider](https://github.com/dotnet/runtime/issues/36123) 
 >
 
 For example, a MySQL connection string named *connectionstring1* can be accessed as the environment variable `MYSQLCONNSTR_connectionString1`. For language-stack specific steps, see:

articles/azure-arc/data/upload-logs.md

@@ -40,7 +40,7 @@ Example output:
 
 ```output
 {
-  "customerId": "d6abb435-2626-4df1-b887-445fe44a4123",
+  "customerId": "00000000-0000-0000-0000-000000000000",
   "eTag": null,
   "id": "/subscriptions/<Subscription ID>/resourcegroups/user-arc-demo/providers/microsoft.operationalinsights/workspaces/user-logworkspace",
   "location": "eastus",
@@ -93,8 +93,8 @@ Example output:
 
 ```output
 {
-  "primarySharedKey": "JXzQp1RcGgjXFCDS3v0sXoxPvbgCoGaIv35lf11Km2WbdGFvLXqaydpaj1ByWGvKoCghL8hL4BRoypXxkLr123==",
-  "secondarySharedKey": "p2XHSxLJ4o9IAqm2zINcEmx0UWU5Z5EZz8PQC0OHpFjdpuVaI0zsPbTv5VyPFgaCUlCZb2yEbkiR4eTuTSF123=="
+  "primarySharedKey": "<primarySharedKey>==",
+  "secondarySharedKey": "<secondarySharedKey>=="
 }
 ```
 

articles/storage/common/authorize-data-access.md

@@ -80,7 +80,7 @@ The following section briefly describes the authorization options for Azure Stor
 
 - **Shared Key authorization**: Applies to blobs, files, queues, and tables. A client using Shared Key passes a header with every request that is signed using the storage account access key. For more information, see [Authorize with Shared Key](/rest/api/storageservices/authorize-with-shared-key/).
 
-    Microsoft recommends that you disallow Shared Key authorization for your storage account. When Shared Key authorization is disallowed, clients must use Microsoft Entra ID or a user delegation SAS to authorize requests for data in that storage account. For more information, see [Prevent Shared Key authorization for an Azure Storage account](shared-key-authorization-prevent.md).
+    The storage account access key should be used with caution. Anyone who has the access key is able to authorize requests against the storage account, and effectively has access to all the data. Microsoft recommends that you disallow Shared Key authorization for your storage account. When Shared Key authorization is disallowed, clients must use Microsoft Entra ID or a user delegation SAS to authorize requests for data in that storage account. For more information, see [Prevent Shared Key authorization for an Azure Storage account](shared-key-authorization-prevent.md).
 
 - **Shared access signatures** for blobs, files, queues, and tables. Shared access signatures (SAS) provide limited delegated access to resources in a storage account via a signed URL. The signed URL specifies the permissions granted to the resource and the interval over which the signature is valid. A service SAS or account SAS is signed with the account key, while the user delegation SAS is signed with Microsoft Entra credentials and applies to blobs only. For more information, see [Using shared access signatures (SAS)](storage-sas-overview.md).
 

articles/virtual-network/what-is-ip-address-168-63-129-16.md

@@ -35,6 +35,8 @@ The public IP address 168.63.129.16 is used in all regions and all national clou
 
   By default DNS communication isn't subject to the configured network security groups unless targeted using the [AzurePlatformDNS](../virtual-network/service-tags-overview.md#available-service-tags) service tag. To block DNS traffic to Azure DNS through NSG, create an outbound rule to deny traffic to [AzurePlatformDNS](../virtual-network/service-tags-overview.md#available-service-tags). Specify **"Any"** as **"Source"**, **"*"** as **"Destination port ranges"**, **"Any"** as protocol and **"Deny"** as action.
 
+  Additionally, the IP address 168.63.129.16 does not support reverse DNS lookup. This means if you try to retrieve the Fully Qualified Domain Name (FQDN) using reverse lookup commands like `host`, `nslookup`, or `dig -x` on 168.63.129.16, you won't receive any FQDN.
+
 - When the VM is part of a load balancer backend pool, [health probe](../load-balancer/load-balancer-custom-probe-overview.md) communication should be allowed to originate from 168.63.129.16. The default network security group configuration has a rule that allows this communication. This rule uses the [AzureLoadBalancer](../virtual-network/service-tags-overview.md#available-service-tags) service tag. If desired, this traffic can be blocked by configuring the network security group. The configuration of the block result in probes that fail.
 
 ## Troubleshoot connectivity