Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into us303970-content-curation

asudbring · asudbring · commit b5ad7e308d8a · 2024-11-07T15:51:35.000-06:00
diff --git a/articles/expressroute/about-fastpath.md b/articles/expressroute/about-fastpath.md
@@ -5,7 +5,7 @@ services: expressroute
 author: duongau
 ms.service: azure-expressroute
 ms.topic: conceptual
-ms.date: 09/02/2024
+ms.date: 11/7/2024
 ms.author: duau
 ms.custom: template-concept, references_regions, engagement-fy23
 ---
@@ -40,6 +40,10 @@ While FastPath supports many configurations, it doesn't support the following fe
 
 * Load Balancers: If you deploy an Azure internal load balancer in your virtual network or the Azure PaaS service you deploy in your virtual network, the network traffic from your on-premises network to the virtual IPs hosted on the load balancer is sent to the virtual network gateway.
 
+* Gateway Transit: If you deploy two peered hub virtual networks connected to one circuit, you need to make sure to set the Allow Gateway Transit on the virtual network peering to false, otherwise you will experience connectivity issues.
+
+* Use Remote Gateway: If you deploy a spoke vnet peered to two hub vnets, you can only use one hub gateway as the remote gateway. If you use both as a remote gateway, you will experience connectivity issues. 
+
 * Private Link: FastPath Connectivity to a private endpoint or Private Link service over an ExpressRoute Direct circuit is supported for limited scenarios. For more information, see [enable FastPath and Private Link for 100-Gbps ExpressRoute Direct](expressroute-howto-linkvnet-arm.md#fastpath-virtual-network-peering-user-defined-routes-udrs-and-private-link-support-for-expressroute-direct-connections). FastPath connectivity to a Private endpoint/Private Link service isn't supported for ExpressRoute partner provider circuits.
 
 * DNS Private Resolver: Azure ExpressRoute FastPath doesn't support connectivity to [DNS Private Resolver](../dns/dns-private-resolver-overview.md).
diff --git a/articles/storage-actions/storage-tasks/storage-task-operations.md b/articles/storage-actions/storage-tasks/storage-task-operations.md
@@ -94,7 +94,7 @@ The following table shows the supported operations, parameters, and parameter va
 
 | Operation                    | Parameters           | Values                                         |
 |------------------------------|----------------------|------------------------------------------------|
-| SetBlobTier                | tier                 | Hot \| Cold \| Archive |
+| SetBlobTier                | tier                 | Hot \| Cool \| Archive |
 | SetBlobExpiry              | expiryTime, expiryOption                 |(expiryTime): Number of milliseconds<br>(expiryOption): Absolute \| NeverExpire \| RelativeToCreation \| RelativeToNow |
 | DeleteBlob                  | None                 | None                                           |
 | UndeleteBlob                | None                 | None                                           |
diff --git a/articles/synapse-analytics/sql/sql-authentication.md b/articles/synapse-analytics/sql/sql-authentication.md
@@ -5,7 +5,7 @@ author: vvasic-msft
 ms.service: azure-synapse-analytics
 ms.subservice: sql
 ms.topic: overview
-ms.date: 03/07/2022
+ms.date: 11/07/2024
 ms.author: vvasic
 ms.reviewer: whhender, wiassaf
 ---
@@ -14,30 +14,30 @@ ms.reviewer: whhender, wiassaf
 
 Azure Synapse Analytics has two SQL form-factors that enable you to control your resource consumption. This article explains how the two form-factors control the user authentication.
 
-To authorize to Synapse SQL, you can use two authorization types:
+To authenticate to Synapse SQL, you can use two options:
 
-- Microsoft Entra authorization
-- SQL authorization
+- Microsoft Entra authentication
+- SQL authentication
 
-SQL authorization enables legacy applications to connect to Azure Synapse SQL in a familiar way. However, Microsoft Entra authentication allows you to centrally manage access to Azure Synapse resources, such as SQL pools. Azure Synapse Analytics supports disabling local authentication, such as SQL authentication, both during and after workspace creation. Once disabled, local authentication can be enabled at any time by authorized users. For more information on Microsoft Entra-only authentication, see [Disabling local authentication in Azure Synapse Analytics](active-directory-authentication.md).
+SQL authentication enables legacy applications to connect to Azure Synapse SQL in a familiar way, with a user name and password. However, Microsoft Entra authentication allows you to centrally manage access to Azure Synapse resources, such as SQL pools. Azure Synapse Analytics supports disabling local authentication, such as SQL authentication, both during and after workspace creation. Once disabled, local authentication can be enabled at any time by authorized users. For more information on Microsoft Entra-only authentication, see [Disabling local authentication in Azure Synapse Analytics](active-directory-authentication.md).
 
 ## Administrative accounts
 
-There are two administrative accounts (**SQL admin username** and **SQL Active Directory admin**) that act as administrators. To identify these administrator accounts for your SQL pools open the Azure portal, and navigate to the Properties tab of your Synapse workspace.
+There are two administrative accounts (**SQL admin username** and **Microsoft Entra admin**) that act as administrators. To identify these administrator accounts for your SQL pools open the Azure portal, and navigate to the Properties tab of your Synapse workspace.
 
 ![SQL Server Admins](./media/sql-authentication/sql-admins.png)
 
 - **SQL admin username**
 
   When you create an Azure Synapse Analytics, you must name a **Server admin login**. SQL server creates that account as a login in the `master` database. This account connects using SQL Server authentication (user name and password). Only one of these accounts can exist.
 
-- **SQL Active Directory admin**
+- **Microsoft Entra admin**
 
   One Microsoft Entra account, either an individual or security group account, can also be configured as an administrator. It's optional to configure a Microsoft Entra administrator, but a Microsoft Entra administrator **must** be configured if you want to use Microsoft Entra accounts to connect to Synapse SQL. 
 
    - The Microsoft Entra admin account controls access to dedicated SQL pools, while Synapse RBAC roles can be used to control access to serverless pools, for example, with the **Synapse Administrator** and **Synapse SQL Administrator** role. 
 
-The **SQL admin username** and **SQL Active Directory admin** accounts have the following characteristics:
+The **SQL admin username** and **Microsoft Entra admin** accounts have the following characteristics:
 
 - Are the only accounts that can automatically connect to any SQL Database on the server. (To connect to a user database, other accounts must either be the owner of the database, or have a user account in the user database.)
 - These accounts enter user databases as the `dbo` user and they have all the permissions in the user databases. (The owner of a user database also enters the database as the `dbo` user.)
@@ -48,7 +48,7 @@ The **SQL admin username** and **SQL Active Directory admin** accounts have the
 - Can view the `sys.sql_logins` system table.
 
 >[!Note]
->If a user is configured as an Active Directory admin and Synapse Administrator, and then removed from the Active Directory admin role, then the user will lose access to the dedicated SQL pools in Synapse. They must be removed and then added to the Synapse Administrator role to regain access to dedicated SQL pools.
+>If a user is configured as an Microsoft Entra admin and Synapse Administrator, and then removed from the Microsoft Entra admin role, then the user will lose access to the dedicated SQL pools in Synapse. They must be removed and then added to the Synapse Administrator role to regain access to dedicated SQL pools.
 
 ## [Serverless SQL pool](#tab/serverless)
 
@@ -78,7 +78,7 @@ Once login and user are created, you can use the regular SQL Server syntax to gr
 
 ### Administrator access path
 
-When the workspace-level firewall is properly configured, the **SQL admin username** and the **SQL Active Directory admin** can connect using client tools such as SQL Server Management Studio or SQL Server Data Tools. Only the latest tools provide all the features and capabilities. 
+When the workspace-level firewall is properly configured, the **SQL admin username** and the **SQL Microsoft Entra admin** can connect using client tools such as SQL Server Management Studio or SQL Server Data Tools. Only the latest tools provide all the features and capabilities. 
 
 The following diagram shows a typical configuration for the two administrator accounts:
  
@@ -220,6 +220,6 @@ When managing logins and users in SQL Database, consider the following points:
 - To `CREATE/ALTER/DROP` a user requires the `ALTER ANY USER` permission on the database.
 - When the owner of a database role tries to add or remove another database user to or from that database role, the following error may occur: **User or role 'Name' does not exist in this database.** This error occurs because the user isn't visible to the owner. To resolve this issue, grant the role owner the `VIEW DEFINITION` permission on the user. 
 
-## Next steps
+## Related content
 
 For more information, see [Contained Database Users - Making Your Database Portable](/sql/relational-databases/security/contained-database-users-making-your-database-portable).
diff --git a/articles/virtual-network-manager/concept-limitations.md b/articles/virtual-network-manager/concept-limitations.md
@@ -32,7 +32,8 @@ This article provides an overview of the current limitations when you're using [
 * By default, a virtual network can be part of up to two connected groups. For example, a virtual network:
   * Can be part of two mesh configurations.
   * Can be part of a mesh topology and a network group that has direct connectivity enabled in a hub-and-spoke topology.
-  * Can be part of two network groups with direct connectivity enabled in the same or a different hub-and-spoke configuration. 
+  * Can be part of two network groups with direct connectivity enabled in the same or a different hub-and-spoke configuration.
+  * This is a soft limit and can be adjusted by submitting a request using [this form](https://forms.office.com/r/xXxYrQt0NQ).  
 * The following BareMetal Infrastructures are not supported:
   * [Azure NetApp Files](../azure-netapp-files/index.yml)
   * [Azure VMware Solution](../azure-vmware/index.yml)
diff --git a/articles/virtual-network/virtual-networks-udr-overview.md b/articles/virtual-network/virtual-networks-udr-overview.md
@@ -72,7 +72,7 @@ You create custom routes by either creating [user-defined](#user-defined) routes
 
 To customize your traffic routes, you shouldn't modify the default routes but you should create custom, or user-defined(static) routes which override Azure's default system routes. In Azure, you create a route table, then associate the route table to zero or more virtual network subnets. Each subnet can have zero or one route table associated to it. To learn about the maximum number of routes you can add to a route table and the maximum number of user-defined route tables you can create per Azure subscription, see [Azure limits](../azure-resource-manager/management/azure-subscription-service-limits.md?toc=%2fazure%2fvirtual-network%2ftoc.json#networking-limits).
 
-By default, a route table can contain up to 1000 user-defined routes (UDRs). With Azure Virtual Network Manager’s [routing configuration](../virtual-network-manager/concept-user-defined-route.md), this can be expanded to 1000 UDRs per route table. This increased limit supports more advanced routing setups, such as directing traffic from on-premises data centers through a firewall to each spoke virtual network in a hub-and-spoke topology when you have a higher number of spoke virtual networks.
+By default, a route table can contain up to 400 user-defined routes (UDRs). With Azure Virtual Network Manager’s [routing configuration](../virtual-network-manager/concept-user-defined-route.md), this can be expanded to 1000 UDRs per route table. This increased limit supports more advanced routing setups, such as directing traffic from on-premises data centers through a firewall to each spoke virtual network in a hub-and-spoke topology when you have a higher number of spoke virtual networks.
 
 When you create a route table and associate it to a subnet, the table's routes are combined with the subnet's default routes. If there are conflicting route assignments, user-defined routes override the default routes.
 
diff --git a/azure-docs-pr b/azure-docs-pr
diff --git a/includes/firewall-limits.md b/includes/firewall-limits.md
@@ -13,7 +13,7 @@
 | Resource | Limit |
 | --- | --- |
 | Max Data throughput | 100 Gbps for Premium, 30 Gbps for Standard, 250 Mbps for Basic (preview) SKU<br><br> For more information, see [Azure Firewall performance](../articles/firewall/firewall-performance.md#performance-data). |
-|Rule limits|20,000 unique source/destinations in network rules <br><br> **Unique source/destinations in network** = sum of (unique source addresses * unique destination addresses for each rule)<br><br>An IP group counts as one address, regardless of how many IP addresses it contains.<br><br>You can track the Firewall Policy network rule count in the [policy analytics](../articles/firewall/policy-analytics.md) under the **Insights** tab. As a proxy, you can also monitor your Firewall Latency Probe metrics to ensure it stays within 20 ms even during peak hours.|
+|Rule limits|20,000 unique source/destinations in network rules <br><br> **Unique source/destinations in network** = (Source addresses + Source IP Groups) * (Destination addresses + Destination Fqdn count + Destination IP Groups) * (IP protocols count) * (Destination ports)<br><br>You can track the Firewall Policy network rule count in the [policy analytics](../articles/firewall/policy-analytics.md) under the **Insights** tab. As a proxy, you can also monitor your Firewall Latency Probe metrics to ensure it stays within 20 ms even during peak hours.|
 |Total size of rules within a single Rule Collection Group| 1 MB for Firewall policies created before July 2022<br>2 MB for Firewall policies created after July 2022|
 |Number of Rule Collection Groups in a firewall policy|50 for Firewall policies created before July 2022<br>90 for Firewall policies created after July 2022|
 |Maximum DNAT rules (Maximum external destinations)|250 maximum [number of firewall public IP addresses + unique destinations (destination address, port, and protocol)]<br><br> The DNAT limitation is due to the underlying platform.<br><br>For example, you can configure 500 UDP rules to the same destination IP address and port (one unique destination), while 500 rules to the same IP address but to 500 different ports exceeds the limit (500 unique destinations).<br><br>If you need more than 250, you'll need to add another firewall.|
diff --git a/includes/functions-supported-languages.md b/includes/functions-supported-languages.md
@@ -2,7 +2,7 @@
 author: ggailey777
 ms.service: azure-functions
 ms.topic: include
-ms.date: 02/05/2024
+ms.date: 11/05/2024
 ms.author: glenga
 ms.custom:
   - include file
@@ -51,7 +51,7 @@ For more information, see [Develop C# class library functions using Azure Functi
 | .NET 9 | Preview | [See policy][dotnet-policy] |
 | .NET 8 | GA | [November 10, 2026][dotnet-policy] |
 | .NET 6 | GA | [November 12, 2024][dotnet-policy] |
-| .NET Framework 4.8 | GA | [See policy][dotnet-framework-policy] |
+| .NET Framework 4.8.1 | GA | [See policy][dotnet-framework-policy] |
 
 [dotnet-policy]: https://dotnet.microsoft.com/platform/support/policy/dotnet-core#lifecycle
 [dotnet-framework-policy]: https://dotnet.microsoft.com/platform/support/policy/dotnet-framework
