Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into rs-configure2

halkazwini · halkazwini · commit b03954c2f328 · 2024-09-16T12:03:26.000-05:00
diff --git a/articles/app-service/app-service-web-tutorial-custom-domain.md b/articles/app-service/app-service-web-tutorial-custom-domain.md
@@ -161,7 +161,7 @@ Browse to the DNS names that you configured.
 If you receive an HTTP 404 (Not Found) error when you browse to the URL of your custom domain, the two most likely causes are:
 
 - The browser client has cached the old IP address of your domain. Clear the cache and test the DNS resolution again. On a Windows machine, you can clear the cache with `ipconfig /flushdns`.
-- You configured an IP-based certificate binding, and the app's IP address has changed because of it. [Remap the A record](configure-ssl-bindings.md#2-remap-records-for-ip-based-ssl) in your DNS entries to the new IP address.
+- You configured an IP-based certificate binding, and the app's IP address has changed because of it. [Remap the A record](configure-ssl-bindings.md#remap-records-for-ip-based-ssl) in your DNS entries to the new IP address.
 
 If you receive a `Page not secure` warning or error, it's because your domain doesn't have a certificate binding yet. [Add a private certificate for the domain](configure-ssl-certificate.md) and [configure the binding](configure-ssl-bindings.md).
 
diff --git a/articles/app-service/configure-ssl-bindings.md b/articles/app-service/configure-ssl-bindings.md
@@ -1,87 +1,87 @@
 ---
 title: Secure a custom DNS with a TLS/SSL binding
-description: Secure HTTPS access to your custom domain by creating a TLS/SSL binding with a certificate. Improve your website's security by enforcing HTTPS or TLS 1.2.
+description: Help secure HTTPS access to your custom domain by creating a TLS/SSL binding with a certificate. Improve your website's security by enforcing HTTPS or TLS 1.2.
 tags: buy-ssl-certificates
 ms.custom: devx-track-azurepowershell
 
-ms.topic: article
-ms.date: 04/20/2023
+ms.topic: how-to
+ms.date: 09/16/2024
 ms.reviewer: yutlin
 ms.author: msangapu
 author: msangapu-msft
 ---
-# Secure a custom DNS name with a TLS/SSL binding in Azure App Service
+# Provide security for a custom DNS name with a TLS/SSL binding in App Service
 
-This article shows you how to secure the [custom domain](app-service-web-tutorial-custom-domain.md) in your [App Service app](./index.yml) or [function app](../azure-functions/index.yml) by creating a certificate binding. When you're finished, you can access your App Service app at the `https://` endpoint for your custom DNS name (for example, `https://www.contoso.com`). 
+This article shows you how to provide security for the [custom domain](app-service-web-tutorial-custom-domain.md) in your [App Service app](./index.yml) or [function app](../azure-functions/index.yml) by creating a certificate binding. When you're finished, you can access your App Service app at the `https://` endpoint for your custom DNS name (for example, `https://www.contoso.com`). 
 
-![Web app with custom TLS/SSL certificate](./media/configure-ssl-bindings/app-with-custom-ssl.png)
+![Web app with custom TLS/SSL certificate.](./media/configure-ssl-bindings/app-with-custom-ssl.png)
 
 ## Prerequisites
 
-- [Scale up your App Service app](manage-scale-up.md) to one of the supported pricing tiers: **Basic**, **Standard**, **Premium**.
+- [Scale up your App Service app](manage-scale-up.md) to one of the supported pricing tiers: Basic, Standard, Premium.
 - [Map a domain name to your app](app-service-web-tutorial-custom-domain.md) or [buy and configure it in Azure](manage-custom-dns-buy-domain.md).
 
 <a name="upload"></a>
 
-## 1. Add the binding
+## Add the binding
 
 In the <a href="https://portal.azure.com" target="_blank">Azure portal</a>:
 
 1. From the left menu, select **App Services** > **\<app-name>**.
 
-1. From the left navigation of your app, select **Custom domains**
+1. From the left navigation of your app, select **Custom domains**.
 
-1. Next to the custom domain, select **Add binding**
+1. Next to the custom domain, select **Add binding**.
 
-    :::image type="content" source="media/configure-ssl-bindings/secure-domain-launch.png" alt-text="A screenshot showing how to launch the Add TLS/SSL Binding dialog.":::
+    :::image type="content" source="media/configure-ssl-bindings/secure-domain-launch.png" alt-text="A screenshot showing how to launch the Add TLS/SSL Binding dialog." lightbox="media/configure-ssl-bindings/secure-domain-launch.png":::
 
 1. If your app already has a certificate for the selected custom domain, you can select it in **Certificate**. If not, you must add a certificate using one of the selections in **Source**.
 
-    - **Create App Service Managed Certificate** - Let App Service create a managed certificate for your selected domain. This option is the simplest. For more information, see [Create a free managed certificate](configure-ssl-certificate.md#create-a-free-managed-certificate).
-    - **Import App Service Certificate** - In **App Service Certificate**, choose an [App Service certificate](configure-ssl-app-service-certificate.md) you've purchased for your selected domain.
+    - **Create App Service Managed Certificate** - Let App Service create a managed certificate for your selected domain. This option is the easiest. For more information, see [Create a free managed certificate](configure-ssl-certificate.md#create-a-free-managed-certificate).
+    - **Import App Service Certificate** - In **App Service Certificate**, select an [App Service certificate](configure-ssl-app-service-certificate.md) you've purchased for your selected domain.
     - **Upload certificate (.pfx)** - Follow the workflow at [Upload a private certificate](configure-ssl-certificate.md#upload-a-private-certificate) to upload a PFX certificate from your local machine and specify the certificate password.
     - **Import from Key Vault** - Select **Select key vault certificate** and select the certificate in the dialog.
 
-1. In **TLS/SSL type**, choose between **SNI SSL** and **IP based SSL**.
+1. In **TLS/SSL type**, select either **SNI SSL** or **IP based SSL**.
 
-    - **[SNI SSL](https://en.wikipedia.org/wiki/Server_Name_Indication)**: Multiple SNI SSL bindings may be added. This option allows multiple TLS/SSL certificates to secure multiple domains on the same IP address. Most modern browsers (including Internet Explorer, Chrome, Firefox, and Opera) support SNI (for more information, see [Server Name Indication](https://wikipedia.org/wiki/Server_Name_Indication)).
-    - **IP based SSL**: Only one IP SSL binding may be added. This option allows only one TLS/SSL certificate to secure a dedicated public IP address. After you configure the binding, follow the steps in [2. Remap records for IP based SSL](#2-remap-records-for-ip-based-ssl).<br/>IP SSL is supported only in **Basic** tier or higher.
+    - **[SNI SSL](https://en.wikipedia.org/wiki/Server_Name_Indication)**: Multiple SNI SSL bindings can be added. This option allows multiple TLS/SSL certificates to help secure multiple domains on the same IP address. Most modern browsers (including Microsoft Edge, Chrome, Firefox, and Opera) support SNI. (For more information, see [Server Name Indication](https://wikipedia.org/wiki/Server_Name_Indication).)
+    - **IP based SSL**: Only one IP SSL binding can be added. This option allows only one TLS/SSL certificate to help secure a dedicated public IP address. After you configure the binding, follow the steps in [Remap records for IP-based SSL](#remap-records-for-ip-based-ssl).<br/>IP-based SSL is supported only in Standard tier or higher.
 
 1. When adding a new certificate, validate the new certificate by selecting **Validate**.
 
 1. Select **Add**.
 
-    Once the operation is complete, the custom domain's TLS/SSL state is changed to **Secure**.
+    Once the operation is complete, the custom domain's TLS/SSL state is changed to **Secured**.
     
     :::image type="content" source="media/configure-ssl-bindings/secure-domain-finished.png" alt-text="A screenshot showing the custom domain secured by a certificate binding.":::
     
 > [!NOTE]
-> A **Secure** state in the **Custom domains** means that it is secured with a certificate, but App Service doesn't check if the certificate is self-signed or expired, for example, which can also cause browsers to show an error or warning.
+> A **Secured** state in **Custom domains** means that a certificate is providing security, but App Service doesn't check if the certificate is self-signed or expired, for example, which can also cause browsers to show an error or warning.
 
-## 2. Remap records for IP based SSL
+## Remap records for IP-based SSL
 
-This step is needed only for IP based SSL. For an SNI SSL binding, skip to [Test HTTPS for your custom domain](#3-test-https).
+This step is needed only for IP-based SSL. For an SNI SSL binding, skip to [Test HTTPS](#test-https).
 
-There are two changes you need to make, potentially:
+There are potentially two changes you need to make:
 
 - By default, your app uses a shared public IP address. When you bind a certificate with IP SSL, App Service creates a new, dedicated IP address for your app. If you mapped an A record to your app, update your domain registry with this new, dedicated IP address.
 
     Your app's **Custom domain** page is updated with the new, dedicated IP address. Copy this IP address, then [remap the A record](app-service-web-tutorial-custom-domain.md#create-the-dns-records) to this new IP address.
 
-- If you have an SNI SSL binding to `<app-name>.azurewebsites.net`, [remap any CNAME mapping](app-service-web-tutorial-custom-domain.md#create-the-dns-records) to point to `sni.<app-name>.azurewebsites.net` instead (add the `sni` prefix).
+- If you have an SNI SSL binding to `<app-name>.azurewebsites.net`, [remap any CNAME mapping](app-service-web-tutorial-custom-domain.md#create-the-dns-records) to point to `sni.<app-name>.azurewebsites.net` instead. (Add the `sni` prefix.)
 
-## 3. Test HTTPS
+## Test HTTPS
 
-In various browsers, browse to `https://<your.custom.domain>` to verify that it serves up your app.
+Browse to `https://<your.custom.domain>` in various browsers to verify that your app appears.
 
-:::image type="content" source="./media/configure-ssl-bindings/app-with-custom-ssl.png" alt-text="Screenshot showing an example of browsing to your custom domain with the contoso.com URL highlighted.":::
+:::image type="content" source="./media/configure-ssl-bindings/app-with-custom-ssl.png" alt-text="Screenshot showing an example of browsing to your custom domain. The contoso.com URL is highlighted.":::
 
-Your application code can inspect the protocol via the "x-appservice-proto" header. The header has a value of `http` or `https`. 
+Your application code can inspect the protocol via the `x-appservice-proto` header. The header has a value of `http` or `https`. 
 
 > [!NOTE]
 > If your app gives you certificate validation errors, you're probably using a self-signed certificate.
 >
-> If that's not the case, you may have left out intermediate certificates when you export your certificate to the PFX file.
+> If that's not the case, you might have left out intermediate certificates when you exported your certificate to the PFX file.
 
 ## Frequently asked questions
 
@@ -94,7 +94,7 @@ Your application code can inspect the protocol via the "x-appservice-proto" head
 
 #### How do I make sure that the app's IP address doesn't change when I make changes to the certificate binding?
 
-Your inbound IP address can change when you delete a binding, even if that binding is IP SSL. This is especially important when you renew a certificate that's already in an IP SSL binding. To avoid a change in your app's IP address, follow these steps in order:
+Your inbound IP address can change when you delete a binding, even if that binding is IP SSL. This is especially important when you renew a certificate that's already in an IP SSL binding. To avoid a change in your app's IP address, follow these steps, in order:
 
 1. Upload the new certificate.
 2. Bind the new certificate to the custom domain you want without deleting the old one. This action replaces the binding instead of removing the old one.
@@ -116,21 +116,21 @@ Your app allows [TLS](https://wikipedia.org/wiki/Transport_Layer_Security) 1.2 b
 
 #### How do I handle TLS termination in App Service?
 
-In App Service, [TLS termination](https://wikipedia.org/wiki/TLS_termination_proxy) happens at the network load balancers, so all HTTPS requests reach your app as unencrypted HTTP requests. If your app logic needs to check if the user requests are encrypted or not, inspect the `X-Forwarded-Proto` header.
+In App Service, [TLS termination](https://wikipedia.org/wiki/TLS_termination_proxy) happens at the network load balancers, so all HTTPS requests reach your app as unencrypted HTTP requests. If your app logic needs to check if the user requests are encrypted, inspect the `X-Forwarded-Proto` header.
 
-Language specific configuration guides, such as the [Linux Node.js configuration](configure-language-nodejs.md#detect-https-session) guide, shows you how to detect an HTTPS session in your application code.
+Language-specific configuration guides, such as the [Linux Node.js configuration](configure-language-nodejs.md#detect-https-session) guide, show how to detect an HTTPS session in your application code.
 
 ## Automate with scripts
 
-### Azure CLI
+#### Azure CLI
 
 [Bind a custom TLS/SSL certificate to a web app](scripts/cli-configure-ssl-certificate.md)
 
-### PowerShell
+#### PowerShell
 
 [!code-powershell[main](../../powershell_scripts/app-service/configure-ssl-certificate/configure-ssl-certificate.ps1?highlight=1-3 "Bind a custom TLS/SSL certificate to a web app")]
 
-## More resources
+## Related content
 
 * [Use a TLS/SSL certificate in your code in Azure App Service](configure-ssl-certificate-in-code.md)
-* [FAQ : App Service Certificates](./faq-configuration-and-management.yml)
+* [Frequently asked questions about creating or deleting resources in Azure App Service](./faq-configuration-and-management.yml)
diff --git a/articles/baremetal-infrastructure/workloads/nc2-on-azure/about-nc2-on-azure.md b/articles/baremetal-infrastructure/workloads/nc2-on-azure/about-nc2-on-azure.md
@@ -6,7 +6,7 @@ description: Learn about Nutanix Cloud Clusters on Azure and the benefits it off
 ms.topic: overview
 ms.subservice: baremetal-nutanix
 ms.custom: engagement-fy23
-ms.date: 8/15/2024
+ms.date: 9/16/2024
 ms.service: azure-baremetal-infrastructure
 ---
 
@@ -142,7 +142,7 @@ NC2 on Azure implements a shared responsibility model that defines distinct role
 
 On-premises Nutanix environments require the Nutanix customer to support all the hardware and software for running the platform. For NC2 on Azure, Microsoft maintains the hardware for the customer.
 
-:::image type="content" source="media/nc2-on-azure-responsibility-matrix.png" alt-text="A diagram showing the support responsibilities for Microsoft and partners." border="false" lightbox="media/nc2-on-azure-responsibility-matrix.png":::
+:::image type="content" source="media/nc2-on-azure-responsibility-matrix.png" alt-text="Diagram showing the support responsibilities for Microsoft and partners." border="false" lightbox="media/nc2-on-azure-responsibility-matrix.png":::
 
 Microsoft manages the Azure BareMetal specialized compute hardware and its data and control plane platform for underlay network. Microsoft supports if the customers plan to bring their existing Azure Subscription, VNet, vWAN, etc.
 
diff --git a/articles/baremetal-infrastructure/workloads/nc2-on-azure/media/nc2-on-azure-responsibility-matrix.png b/articles/baremetal-infrastructure/workloads/nc2-on-azure/media/nc2-on-azure-responsibility-matrix.png
diff --git a/includes/app-service-ssl-binding-types.md b/includes/app-service-ssl-binding-types.md
@@ -14,5 +14,5 @@ ms.custom: "include file"
 |-|-|
 | Custom domain | The domain name to add the TLS/SSL binding for. |
 | Private Certificate Thumbprint | The certificate to bind. |
-| TLS/SSL Type | - **[SNI SSL](https://en.wikipedia.org/wiki/Server_Name_Indication)**: Multiple SNI SSL bindings may be added. This option allows multiple TLS/SSL certificates to secure multiple domains on the same IP address. Most modern browsers (including Internet Explorer, Chrome, Firefox, and Opera) support SNI (for more information, see [Server Name Indication](https://wikipedia.org/wiki/Server_Name_Indication)).<br />- **IP SSL**: Only one IP SSL binding may be added. This option allows only one TLS/SSL certificate to secure a dedicated public IP address. After you configure the binding, follow the steps in [2. Remap records for IP based SSL](../articles/app-service/configure-ssl-bindings.md#2-remap-records-for-ip-based-ssl).<br/>IP SSL is supported only in **Standard** tier or above. |
+| TLS/SSL Type | - **[SNI SSL](https://en.wikipedia.org/wiki/Server_Name_Indication)**: Multiple SNI SSL bindings may be added. This option allows multiple TLS/SSL certificates to secure multiple domains on the same IP address. Most modern browsers (including Internet Explorer, Chrome, Firefox, and Opera) support SNI (for more information, see [Server Name Indication](https://wikipedia.org/wiki/Server_Name_Indication)).<br />- **IP SSL**: Only one IP SSL binding may be added. This option allows only one TLS/SSL certificate to secure a dedicated public IP address. After you configure the binding, follow the steps in [Remap records for IP based SSL](../articles/app-service/configure-ssl-bindings.md#remap-records-for-ip-based-ssl).<br/>IP SSL is supported only in **Standard** tier or above. |
 
