Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into sre/prompts

Author: craigshoemaker

.openpublishing.redirection.json

@@ -6958,6 +6958,11 @@
       "source_path": "articles/signups/startup-programs.md",
       "redirect_url": "/azure/signups/overview",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/reliability/migrate-sql-database.md",
+      "redirect_url": "/azure/azure-sql/database/enable-zone-redundancy",
+      "redirect_document_id": false
     }
 
   ]

articles/api-management/api-management-features.md

@@ -28,7 +28,7 @@ Each API Management [pricing tier](api-management-key-concepts.md#api-management
 | -------------------------------------------------------------------------------------------- | ----------- | --------- | --------- | --------- | ----- | -------- | ------- | ------- | 
 | Microsoft Entra integration<sup>1</sup>                                                             | No          | Yes       | No    | Yes      | Yes      | Yes      | Yes     | Yes |
 | Virtual network injection support                                                               | No          | Yes       | No    | No       | No       | No       | Yes    | Yes |
-| Private endpoint support for inbound connections                                                               | No          | Yes       | Yes    | No       | Yes      | Yes (preview)       | Yes  | No   |
+| Private endpoint support for inbound connections                                                               | No          | Yes       | Yes    | No       | Yes      | Yes     | Yes  | No   |
 | Outbound virtual network integration support                                                             | No          | No       | No    | No       | No       | Yes       | No    | Yes |
 | Multi-region deployment                                                                      | No          | No        | No    | No       | No       | No       | Yes     | No |
 | Availability zones                                                                           | No          | No        | No    | No       | No       | No       | Yes     | No  |
@@ -64,4 +64,4 @@ Each API Management [pricing tier](api-management-key-concepts.md#api-management
 * [Overview of Azure API Management](api-management-key-concepts.md)
 * [API Management limits](/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/api-management/toc.json&bc=/azure/api-management/breadcrumb/toc.json#api-management-limits)
 * [V2 tiers overview](v2-service-tiers-overview.md)
-* [API Management pricing](https://azure.microsoft.com/pricing/details/api-management/)
+* [API Management pricing](https://azure.microsoft.com/pricing/details/api-management/)

articles/api-management/api-management-gateways-overview.md

@@ -8,7 +8,7 @@ ms.service: azure-api-management
 ms.custom:
   - build-2024
 ms.topic: concept-article
-ms.date: 07/11/2024
+ms.date: 07/22/2025
 ms.author: danlep
 ---
 
@@ -79,20 +79,20 @@ The following tables compare features available in the following API Management
 | [Virtual network injection](virtual-network-concepts.md)  |  Developer, Premium | Premium v2 | ❌ | ✔️<sup>1,2</sup> | ✔️ |
 | [Inbound private endpoints](private-endpoint.md)  |  Developer, Basic, Standard, Premium | Standard v2 | ❌ | ❌ | ❌ |
 | [Outbound virtual network integration](integrate-vnet-outbound.md)  | ❌ | Standard  v2, Premium v2  |  ❌ | ❌ | ✔️ |
-| [Availability zones](zone-redundancy.md)  |  Premium | ✔️<sup>3</sup>  | ❌ | ✔️<sup>1</sup> | ✔️<sup>3</sup> |
+| [Availability zones](zone-redundancy.md)  |  Premium | ❌  | ❌ | ✔️<sup>1</sup> | ❌ |
 | [Multi-region deployment](api-management-howto-deploy-multi-region.md) |  Premium | ❌ |  ❌ | ✔️<sup>1</sup> | ❌ |
-| [CA root certificates](api-management-howto-ca-certificates.md) for certificate validation |  ✔️ | ❌ | ❌ | ✔️<sup>4</sup> |  ❌ |
+| [CA root certificates](api-management-howto-ca-certificates.md) for certificate validation |  ✔️ | ❌ | ❌ | ✔️<sup>3</sup> |  ❌ |
 | [Managed domain certificates](configure-custom-domain.md?tabs=managed#domain-certificate-options) |  Developer, Basic, Standard, Premium | ❌ | ✔️ | ❌ | ❌ |
 | [TLS settings](api-management-howto-manage-protocols-ciphers.md) |  ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
-| **HTTP/2** (Client-to-gateway) | ✔️<sup>5</sup> | ✔️<sup>5</sup> |❌ | ✔️ | ❌ |
-| **HTTP/2** (Gateway-to-backend) |  ❌ | ❌ | ❌ | ✔️ | ❌ |
+| **HTTP/2** (Client-to-gateway) | ✔️<sup>4</sup> | ✔️<sup>4</sup> |❌ | ✔️ | ❌ |
+| **HTTP/2** (Gateway-to-backend) |  ❌ | ✔️<sup>5</sup> | ❌ | ✔️<sup>5</sup> | ❌ |
 | API threat detection with [Defender for APIs](protect-with-defender-for-apis.md) | ✔️ | ✔️ |  ❌ | ❌ | ❌ |
 
 <sup>1</sup> Depends on how the gateway is deployed, but is the responsibility of the customer.<br/>
 <sup>2</sup> Connectivity to the self-hosted gateway v2 [configuration endpoint](self-hosted-gateway-overview.md#fqdn-dependencies) requires DNS resolution of the endpoint hostname.<br/>
-<sup>3</sup> Two zones are enabled by default; not configurable.<br/>
-<sup>4</sup> CA root certificates for self-hosted gateway are managed separately per gateway<br/>
-<sup>5</sup> Client protocol needs to be enabled.
+<sup>3</sup> CA root certificates for self-hosted gateway are managed separately per gateway<br/>
+<sup>4</sup> Client protocol needs to be enabled.<br/>
+<sup>5</sup> Configure using the [forward-request](forward-request-policy.md) policy.
 
 ### Backend APIs
 

articles/api-management/azure-openai-emit-token-metric-policy.md

@@ -59,7 +59,7 @@ The `azure-openai-emit-token-metric` policy sends custom metrics to Application
 | ----------- | --------------------------------------------------------------------------------- | -------- |
 | dimension   | Add one or more of these elements for each dimension included in the metric.  | Yes      |
 
-### dimension attributes
+### Dimension attributes
 
 | Attribute | Description                | Required |  Default value  |
 | --------- | -------------------------- |  ------------------ | -------------- |
@@ -77,7 +77,7 @@ The `azure-openai-emit-token-metric` policy sends custom metrics to Application
 ### Usage notes
 
 * This policy can be used multiple times per policy definition.
-* You can configure at most 10 custom dimensions for this policy.
+* You can configure at most 5 custom dimensions for this policy.
 * This policy can optionally be configured when adding an API from the Azure OpenAI Service using the portal.
 * Where available, values in the usage section of the response from the Azure OpenAI Service API are used to determine token metrics.
 * Certain Azure OpenAI endpoints support streaming of responses. When `stream` is set to `true` in the API request to enable streaming, token metrics are estimated.

articles/api-management/configure-custom-domain.md

@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 05/30/2025
+ms.date: 07/25/2025
 ms.author: danlep
 ms.custom:
   - engagement-fy23
@@ -104,12 +104,20 @@ For more information, see [Use managed identities in Azure API Management](api-m
 
 API Management offers a free, managed TLS certificate for your domain, if you don't wish to purchase and manage your own certificate. The certificate is autorenewed automatically.
 
+> [!IMPORTANT]
+> **Creation of managed certificates for custom domains in API Management will be temporarily unavailable from August 15, 2025 to March 15, 2026.** Our Certificate Authority (CA), DigiCert, will migrate to a new validation platform to meet Multi-Perspective Issuance Corroboration (MPIC) requirements for issuing certificates. This migration requires us to temporarily suspend the creation of managed certificates for custom domains. [Learn more](breaking-changes/managed-certificates-suspension-august-2025.md)
+>
+> Existing managed certificates will be autorenewed and remain unaffected.
+>
+> While creation of managed certificates is suspended, use other certificate options for configuring custom domains.
+
 > [!NOTE]
-> The free, managed TLS certificate is in preview. Currently, it's unavailable in the v2 service tiers. 
+> The free, managed TLS certificate is in preview. 
 
 #### Limitations
 
 * Currently can be used only with the Gateway endpoint of your API Management service
+* Not supported in the v2 tiers
 * Not supported with the self-hosted gateway
 * Not supported in the following Azure regions: France South and South Africa West
 * Currently available only in the Azure cloud

articles/api-management/emit-metric-policy.md

@@ -52,7 +52,7 @@ The `emit-metric` policy sends custom metrics in the specified format to Applica
 | ----------- | --------------------------------------------------------------------------------- | -------- |
 | dimension   | Add one or more of these elements for each dimension included in the custom metric.  | Yes      |
 
-### dimension attributes
+### Dimension attributes
 
 | Attribute | Description                | Required |  Default value  |
 | --------- | -------------------------- |  ------------------ | -------------- |
@@ -69,7 +69,7 @@ The `emit-metric` policy sends custom metrics in the specified format to Applica
 
 ### Usage notes
 
-* You can configure at most 10 custom dimensions for this policy.
+* You can configure at most 5 custom dimensions for this policy.
 
 ## Example
 

articles/api-management/forward-request-policy.md

@@ -35,7 +35,7 @@ The `forward-request` policy forwards the incoming request to the backend servic
 | timeout                             | The amount of time in seconds to wait for the HTTP response headers to be returned by the backend service before a timeout error is raised. Minimum value is 0 seconds. Values greater than 240 seconds may not be honored, because the underlying network infrastructure can drop idle connections after this time. Policy expressions are allowed. You can specify either `timeout` or `timeout-ms` but not both. | No       | 300    |
 | timeout-ms                             | The amount of time in milliseconds to wait for the HTTP response headers to be returned by the backend service before a timeout error is raised. Minimum value is 0 ms. Policy expressions are allowed. You can specify either `timeout` or `timeout-ms` but not both.  | No       | N/A    |
 | continue-timeout | The amount of time in seconds to wait for a `100 Continue` status code to be returned by the backend service before a timeout error is raised. Policy expressions are allowed. | No  | N/A |
-| http-version                             | The HTTP spec version to use when sending the HTTP response to the backend service. When using `2or1`, the gateway will favor HTTP /2 over /1, but fall back to HTTP /1 if HTTP /2 doesn't work. | No       | 1    |
+| http-version                             | The HTTP protocol version to use when sending the HTTP request to the backend service: <br> - `1`: HTTP/1 <br> - `2`: HTTP/2 <br/> - `2or1`: The gateway favors HTTP/2 over HTTP/1, but falls back to HTTP/1 if HTTP/2 doesn't work.<br/><br/> HTTP/2 outbound is supported in select gateways. See [Usage notes](#usage-notes) for details. | No       | 1    |
 | follow-redirects | Specifies whether redirects from the backend service are followed by the gateway or returned to the caller. Policy expressions are allowed.                                                                                                                                                                                                    | No       | `false`   |
 | buffer-request-body      | When set to `true`, request is buffered and will be reused on [retry](retry-policy.md).                                                                                                                                                                                               | No       | `false`   |
 | buffer-response | Affects processing of chunked responses. When set to `false`, each chunk received from the backend is immediately returned to the caller. When set to `true`, chunks are buffered (8 KB, unless end of stream is detected) and only then returned to the caller.<br/><br/>Set to `false` with backends such as those implementing [server-sent events (SSE)](how-to-server-sent-events.md) that require content to be returned or streamed immediately to the caller. Policy expressions aren't allowed. | No | `true` |
@@ -48,11 +48,18 @@ The `forward-request` policy forwards the incoming request to the backend servic
 - [**Policy scopes:**](./api-management-howto-policies.md#scopes) global, workspace, product, API, operation
 -  [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption, self-hosted, workspace
 
+### Usage notes
+
+*  Use the `http-version` attribute to enable the HTTP/2 protocol outbound from the gateway to the backend. Set the attribute to `2or1` or `2`. Currently, HTTP/2 outbound is supported in the self-hosted gateway and in preview in the v2 gateway.
+
+    > [!IMPORTANT]
+    > In the v2 gateway, HTTP/2 is supported inbound to the API Management gateway and outbound from the gateway to the backend but not end-to-end. Currently, the v2 gateway downgrades an incoming HTTP/2 connection to HTTP/1 before forwarding the request to the backend.
+
 ## Examples
 
 ### Send request to HTTP/2 backend
 
-The following API level policy forwards all API requests to an HTTP/2 backend service.
+The following API level policy forwards all API requests to an HTTP/2 backend service. For example, use this policy to forward requests from a self-hosted gateway to a gRPC backend.
 
 ```xml
 <!-- api level -->
@@ -69,8 +76,6 @@ The following API level policy forwards all API requests to an HTTP/2 backend se
 </policies>
 ```
 
-This is required for HTTP /2 or gRPC workloads and currently only supported in self-hosted gateway. Learn more in our [API gateway overview](api-management-gateways-overview.md).
-
 ### Forward request with timeout interval
 
 The following API level policy forwards all API requests to the backend service with a timeout interval of 60 seconds.

articles/api-management/llm-emit-token-metric-policy.md

@@ -58,7 +58,7 @@ The `llm-emit-token-metric` policy sends custom metrics to Application Insights
 | ----------- | --------------------------------------------------------------------------------- | -------- |
 | dimension   | Add one or more of these elements for each dimension included in the metric.  | Yes      |
 
-### dimension attributes
+### Dimension attributes
 
 | Attribute | Description                | Required |  Default value  |
 | --------- | -------------------------- |  ------------------ | -------------- |
@@ -77,7 +77,7 @@ The `llm-emit-token-metric` policy sends custom metrics to Application Insights
 ### Usage notes
 
 * This policy can be used multiple times per policy definition.
-* You can configure at most 10 custom dimensions for this policy.
+* You can configure at most 5 custom dimensions for this policy.
 * Where available, values in the usage section of the response from the LLM API are used to determine token metrics.
 * Certain LLM endpoints support streaming of responses. When `stream` is set to `true` in the API request to enable streaming, token metrics are estimated.
 

articles/app-service/tutorial-ai-openai-chatbot-python.md

@@ -15,7 +15,7 @@ ms.collection: ce-skilling-ai-copilot
 
 # Tutorial: Build a chatbot with Azure App Service and Azure OpenAI (Flask)
 
-In this tutorial, you'll build an intelligent AI application by integrating Azure OpenAI with a Python web application and deploying it to Azure App Service. You'll create a Flask app that sends chat completion requests to a model in Azure OpneAI.
+In this tutorial, you'll build an intelligent AI application by integrating Azure OpenAI with a Python web application and deploying it to Azure App Service. You'll create a Flask app that sends chat completion requests to a model in Azure OpenAI.
 
 :::image type="content" source="media/tutorial-ai-openai-chatbot-python/chat-in-browser.png" alt-text="Screenshot showing chatbot running in Azure App Service.":::
 

articles/application-gateway/application-gateway-private-deployment.md

@@ -187,6 +187,10 @@ The resource tag is cosmetic, and serves to confirm that the gateway has been pr
 
 Application Gateway Subnet is the subnet within the Virtual Network where the Application Gateway Resources will be deployed. In the Frontend Private Ip configuration, is important that this subnet can reach privately the resources that want to connect to your exposed app or site.
 
+> [!NOTE]
+> As of May 5, 2025, new and existing deployments of Private Application Gateway require Subnet Delegation to `Microsoft.Network/applicationGateways`.
+> Please follow [these steps](/azure/virtual-network/manage-subnet-delegation?tabs=manage-subnet-delegation-portal) for configuring Subnet Delegation.
+
 ## Outbound Internet connectivity
 
 Application Gateway deployments that contain only a private frontend IP configuration (do not have a public IP frontend configuration associated to a request routing rule) aren't able to egress traffic destined to the Internet. This configuration affects communication to backend targets that are publicly accessible via the Internet.