Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into azure-hdinsight-articles

Author: paulth1

articles/api-management/api-management-authenticate-authorize-azure-openai.md

@@ -5,7 +5,7 @@ description: Options to authenticate and authorize to Azure OpenAI APIs using Az
 author: dlepow
 ms.service: azure-api-management
 ms.topic: article
-ms.date: 02/20/2024
+ms.date: 01/23/2025
 ms.author: danlep
 ms.collection: ce-skilling-ai-copilot
 ---
@@ -78,7 +78,7 @@ In this example, the named value in API Management is *openai-api-key*.
 
 ## Authenticate with managed identity
 
-An alternative way to authenticate to an Azure OpenAI API by using a managed identity in Microsoft Entra ID. For background, see
+An alternative and recommended way to authenticate to an Azure OpenAI API is by using a managed identity in Microsoft Entra ID. For background, see
 [How to configure Azure OpenAI Service with managed identity](/azure/ai-services/openai/how-to/managed-identity).
 
 Following are steps to configure your API Management instance to use a managed identity to authenticate requests to an Azure OpenAI API. 

articles/api-management/azure-openai-api-from-specification.md

@@ -5,7 +5,7 @@ ms.service: azure-api-management
 author: dlepow
 ms.author: danlep
 ms.topic: how-to
-ms.date: 05/10/2024
+ms.date: 01/23/2025
 ms.collection: ce-skilling-ai-copilot
 ms.custom: template-how-to, build-2024
 ---
@@ -16,7 +16,7 @@ ms.custom: template-how-to, build-2024
 
 This article shows two options to import an [Azure OpenAI Service](/azure/ai-services/openai/overview) API into an Azure API Management instance as a REST API:
 
-- [Import an Azure OpenAI API directly from Azure OpenAI Service](#option-1-import-api-from-azure-openai-service)
+- [Import an Azure OpenAI API directly from Azure OpenAI Service](#option-1-import-api-from-azure-openai-service) (recommended)
 - [Download and add the OpenAPI specification](#option-2-add-an-openapi-specification-to-api-management) for Azure OpenAI and add it to API Management as an OpenAPI API.
 
 ## Prerequisites

articles/api-management/azure-openai-token-limit-policy.md

@@ -9,7 +9,7 @@ ms.collection: ce-skilling-ai-copilot
 ms.custom:
   - build-2024
 ms.topic: reference
-ms.date: 06/25/2024
+ms.date: 02/18/2025
 ms.author: danlep
 ---
 

articles/api-management/llm-token-limit-policy.md

@@ -8,7 +8,7 @@ ms.service: azure-api-management
 ms.collection: ce-skilling-ai-copilot
 ms.custom:
 ms.topic: reference
-ms.date: 08/08/2024
+ms.date: 02/18/2025
 ms.author: danlep
 ---
 

articles/api-management/media/visual-studio-code-tutorial/test-api.png

@@ -64,7 +64,7 @@ For more information about custom CA certificates and certificate authorities, s
 
 | Element             | Description                                  | Required |
 | ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- |
-|   identities      |  Add this element to specify one or more `identity` elements with defined claims on the client certificate.       |    No        |
+|   identities      |  Add this element to specify up to 10 `identity` subelements with defined claims on the client certificate.       |    No        |
 
 ## identity attributes
 
@@ -73,7 +73,7 @@ For more information about custom CA certificates and certificate authorities, s
 | thumbprint | Certificate thumbprint. | No | N/A |
 | serial-number | Certificate serial number. | No | N/A |
 | common-name | Certificate common name (part of Subject string). | No | N/A |
-| subject | Subject string. Must follow format of Distinguished Name, which consists of comma-separated name attributes, for example, *"CN=MyName, OU=MyOrgUnit, C=US..."*.| No | N/A |
+| subject | Subject string. Must follow format of Distinguished Name, which consists of comma-separated name attributes, for example, *"CN=MyName, OU=MyOrgUnit, C=US..."*.| No | N/A | 
 | dns-name | Value of dnsName entry inside Subject Alternative Name claim. | No | N/A |
 | issuer-subject | Issuer's subject. Must follow format of Distinguished Name, which consists of comma-separated name attributes, for example, *"CN=MyName, OU=MyOrgUnit, C=US..."*. | No | N/A |
 | issuer-thumbprint | Issuer thumbprint. | No | N/A |

articles/api-management/validate-client-certificate-policy.md

@@ -5,7 +5,7 @@ ms.service: azure-api-management
 author: dlepow
 ms.author: danlep
 ms.topic: tutorial
-ms.date: 11/19/2024
+ms.date: 02/20/2025
 ms.custom: devdivchpfy22
 ---
 
@@ -113,7 +113,7 @@ You need a subscription key for your API Management instance to test the importe
 1. In the Explorer pane, expand the **Operations** node under the *petstore* API that you imported.
 1. Select an operation such as *[GET] Find pet by ID*, and then right-click the operation and select **Test Operation**.
 1. In the editor window, substitute `5` for the `petId` parameter in the request URL.
-1. In the editor window, next to **Ocp-Apim-Subscription-Key**, replace `{{SubscriptionKey}}` with the subscription key that you copied.
+1. In the editor window, next to **Ocp-Apim-Subscription-Key**, paste the subscription key that you copied.
 1. Select **Send request**.
 
 :::image type="content" source="media/visual-studio-code-tutorial/test-api.png" alt-text="Screenshot of sending API request from Visual Studio Code.":::

articles/api-management/visual-studio-code-tutorial.md

@@ -5,7 +5,7 @@ ms.service: azure-api-management
 author: dlepow
 ms.author: danlep
 ms.topic: how-to
-ms.date: 10/27/2022
+ms.date: 02/18/2025
 ms.custom: template-how-to
 ---
 
@@ -17,7 +17,7 @@ With API Management’s WebSocket API solution, API publishers can quickly add a
 
 [!INCLUDE [api-management-workspace-availability](../../includes/api-management-workspace-availability.md)]
 
-You can secure WebSocket APIs by applying existing access control policies, like [JWT validation](validate-jwt-policy.md). You can also test WebSocket APIs using the API test consoles in both Azure portal and developer portal. Building on existing observability capabilities, API Management provides metrics and logs for monitoring and troubleshooting WebSocket APIs. 
+WebSocket APIs can be secured by applying API Management's [access control policies](api-management-policies.md#authentication-and-authorization) to the initial handshake operation. You can also test WebSocket APIs using the API test consoles in both Azure portal and developer portal. Building on existing observability capabilities, API Management provides metrics and logs for monitoring and troubleshooting WebSocket APIs. 
 
 In this article, you will:
 > [!div class="checklist"]
@@ -39,25 +39,25 @@ API Management supports WebSocket passthrough.
 
 :::image type="content" source="./media/websocket-api/websocket-api-passthrough.png" alt-text="Visual illustration of WebSocket passthrough flow":::
 
-During the WebSocket passthrough the client application establishes a WebSocket connection with the API Management Gateway, which then establishes a connection with the corresponding backend services. API Management then proxies WebSocket client-server messages.
+During the WebSocket passthrough, the client application establishes a WebSocket connection with the API Management gateway, which then establishes a connection with the corresponding backend services. API Management then proxies WebSocket client-server messages.
 
-1. The client application sends a WebSocket handshake request to APIM gateway, invoking onHandshake operation.
-1. APIM gateway sends WebSocket handshake request to the corresponding backend service.
+1. The client application sends a WebSocket handshake request to the gateway, invoking the onHandshake operation
+1. The API Management gateway applies configured policies and sends WebSocket handshake requests to the corresponding backend service.
 1. The backend service upgrades a connection to WebSocket.
-1. APIM gateway upgrades the corresponding connection to WebSocket.
-1. Once the connection pair is established, APIM will broker messages back and forth between the client application and backend service.
-1. The client application sends message to APIM gateway.
-1. APIM gateway forwards the message to the backend service.
-1. The backend service sends a message to APIM gateway.
-1. APIM gateway forwards the message to the client application.
-1. When either side disconnects, APIM terminates the corresponding connection.
+1. The gateway upgrades the corresponding connection to WebSocket.
+1. After the connection pair is established, API Management brokers messages back and forth between the client application and backend service.
+1. The client application sends a message to the gateway.
+1. The gateway forwards the message to the backend service.
+1. The backend service sends a message to the gateway.
+1. The gateway forwards the message to the client application.
+1. When either side disconnects, API Management terminates the corresponding connection.
 
 > [!NOTE]
 > The client-side and backend-side connections consist of one-to-one mapping. 
 
 ## onHandshake operation
 
-Per the [WebSocket protocol](https://tools.ietf.org/html/rfc6455), when a client application tries to establish a WebSocket connection with a backend service, it will first send an [opening handshake request](https://tools.ietf.org/html/rfc6455#page-6). Each WebSocket API in API Management has an onHandshake operation. onHandshake is an immutable, unremovable, automatically created system operation. The onHandshake operation enables API publishers to intercept these handshake requests and apply API Management policies to them.
+Per the [WebSocket protocol](https://tools.ietf.org/html/rfc6455), when a client application tries to establish a WebSocket connection with a backend service, it first sends an [opening handshake request](https://tools.ietf.org/html/rfc6455#page-6). Each WebSocket API in API Management has an onHandshake operation. onHandshake is an immutable, unremovable, automatically created system operation. The onHandshake operation enables API publishers to intercept these handshake requests and apply API Management policies to them.
 
 :::image type="content" source="./media/websocket-api/onhandshake-screen.png" alt-text="onHandshake screen example":::
 
@@ -72,11 +72,11 @@ Per the [WebSocket protocol](https://tools.ietf.org/html/rfc6455), when a client
 
     | Field | Description |
     |----------------|-------|
-    | Display name | The name by which your WebSocket API will be displayed. |
+    | Display name | The name by which your WebSocket API is displayed. |
     | Name | Raw name of the WebSocket API. Automatically populates as you type the display name. |
     | WebSocket URL | The base URL with your websocket name. For example: *ws://example.com/your-socket-name* |
     | URL scheme | Accept the default |
-    | API URL suffix| Add a URL suffix to identify this specific API in this API Management instance. It has to be unique in this APIM instance. |
+    | API URL suffix| Add a URL suffix to identify this specific API in this API Management instance. It has to be unique in this API Management instance. |
     | Products | Associate your WebSocket API with a product to publish it. |
     | Gateways | Associate your WebSocket API with existing gateways. |
 
@@ -108,15 +108,15 @@ Use standard API Management and Azure Monitor features to [monitor](api-manageme
 * View API metrics in Azure Monitor
 * Optionally enable diagnostic settings to collect and view API Management gateway logs, which include WebSocket API operations
 
-For example, the following screenshot shows  recent WebSocket API responses with code `101` from the **ApiManagementGatewayLogs** table. These results indicate the successful switch of the requests from TCP to the WebSocket protocol.
+For example, the following screenshot shows recent WebSocket API responses with code `101` from the **ApiManagementGatewayLogs** table. These results indicate the successful switch of the requests from TCP to the WebSocket protocol.
 
 :::image type="content" source="./media/websocket-api/query-gateway-logs.png" alt-text="Query logs for WebSocket API requests":::
 
 ## Limitations
 
-Below are the current restrictions of WebSocket support in API Management:
+The following are the current restrictions of WebSocket support in API Management:
 
-* WebSocket APIs are not supported yet in the Consumption tier.
+* WebSocket APIs aren't supported yet in the Consumption tier.
 * WebSocket APIs support the following valid buffer types for messages: Close, BinaryFragment, BinaryMessage, UTF8Fragment, and UTF8Message.
 * Currently, the [set-header](set-header-policy.md) policy doesn't support changing certain well-known headers, including `Host` headers, in onHandshake requests.
 * During the TLS handshake with a WebSocket backend, API Management validates that the server certificate is trusted and that its subject name matches the hostname. With HTTP APIs, API Management validates that the certificate is trusted but doesn’t validate that hostname and subject match.
@@ -125,7 +125,7 @@ For WebSocket connection limits, see [API Management limits](../azure-resource-m
 
 ### Unsupported policies
 
-The following policies are not supported by and cannot be applied to the onHandshake operation:
+The following policies aren't supported by and can't be applied to the onHandshake operation:
 * Mock response
 * Get from cache
 * Store to cache
@@ -143,10 +143,10 @@ The following policies are not supported by and cannot be applied to the onHands
 * Validate status code
 
 > [!NOTE]
-> If you applied the policies at higher scopes (i.e., global or product) and they were inherited by a WebSocket API through the policy, they will be skipped at runtime.
+> If you applied the policies at higher scopes (for example, global or product) and they're inherited by a WebSocket API through the policy, they are skipped at runtime.
 
 [!INCLUDE [api-management-define-api-topics.md](../../includes/api-management-define-api-topics.md)]
 
-## Next steps
+## Related content
 > [!div class="nextstepaction"]
 > [Transform and protect a published API](transform-api.md)

articles/api-management/websocket-api.md

@@ -6,7 +6,7 @@ ms.custom: devx-track-azurecli
 ms.date: 01/16/2025
 ---
 
-To deploy with OpenID Connect using the managed identity you configured, use the `azure/login@v1` action with the `client-id`, `tenant-id`, and `subscription-id` keys. Reference the GitHub secrets that you created earlier.
+To deploy with OpenID Connect using the managed identity you configured, use the `azure/login@v2` action with the `client-id`, `tenant-id`, and `subscription-id` keys. Reference the GitHub secrets that you created earlier.
 
 # [ASP.NET Core](#tab/aspnetcore)
 
@@ -31,7 +31,7 @@ jobs:
     steps:
       # Checkout the repo
       - uses: actions/checkout@main
-      - uses: azure/login@v1
+      - uses: azure/login@v2
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -89,7 +89,7 @@ jobs:
     # checkout the repo
     - uses: actions/checkout@main
     
-    - uses: azure/login@v1
+    - uses: azure/login@v2
       with:
         client-id: ${{ secrets.AZURE_CLIENT_ID }}
         tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -140,7 +140,7 @@ jobs:
 
     steps:
     - uses: actions/checkout@v4
-    - uses: azure/login@v1
+    - uses: azure/login@v2
       with:
         client-id: ${{ secrets.AZURE_CLIENT_ID }}
         tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -240,7 +240,7 @@ jobs:
     - name: 'Checkout GitHub Action' 
       uses: actions/checkout@main
    
-    - uses: azure/login@v1
+    - uses: azure/login@v2
       with:
         client-id: ${{ secrets.AZURE_CLIENT_ID }}
         tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -292,7 +292,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     
-    - uses: azure/login@v1
+    - uses: azure/login@v2
       with:
         client-id: ${{ secrets.AZURE_CLIENT_ID }}
         tenant-id: ${{ secrets.AZURE_TENANT_ID }}

articles/app-service/includes/deploy-github-actions/deploy-github-actions-openid-connect.md

@@ -6,7 +6,7 @@ ms.custom: devx-track-azurecli
 ms.date: 01/16/2025
 ---
 
-To deploy with the service principal you configured, use the `azure/login@v1` action with the `creds` key and reference the `AZURE_CREDENTIALS` secret that you created earlier.
+To deploy with the service principal you configured, use the `azure/login@v2` action with the `creds` key and reference the `AZURE_CREDENTIALS` secret that you created earlier.
 
 # [ASP.NET Core](#tab/aspnetcore)
 
@@ -27,7 +27,7 @@ jobs:
     steps:
       # Checkout the repo
       - uses: actions/checkout@main
-      - uses: azure/login@v1
+      - uses: azure/login@v2
         with:
           creds: ${{ secrets.AZURE_CREDENTIALS }}
 
@@ -79,7 +79,7 @@ jobs:
     # checkout the repo
     - uses: actions/checkout@main
     
-    - uses: azure/login@v1
+    - uses: azure/login@v2
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
 
@@ -124,7 +124,7 @@ jobs:
 
     steps:
     - uses: actions/checkout@v4
-    - uses: azure/login@v1
+    - uses: azure/login@v2
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
     - name: Set up JDK 1.8
@@ -219,7 +219,7 @@ jobs:
     - name: 'Checkout GitHub Action' 
       uses: actions/checkout@main
    
-    - uses: azure/login@v1
+    - uses: azure/login@v2
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
         
@@ -267,7 +267,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     
-    - uses: azure/login@v1
+    - uses: azure/login@v2
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}