Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into sre/tools

Author: craigshoemaker

articles/api-management/TOC.yml

@@ -133,16 +133,16 @@
       href: api-management-configuration-repository-git.md
     - name: DevOps and CI/CD
       href: devops-api-development-templates.md
-  - name: Resiliency
+  - name: Resiliency and reliability
     items:
-    - name: High availability features
+    - name: Reliability in API Management
       displayName: reliability, resilience, resiliency
-      href: high-availability.md
+      href: /azure/reliability/reliability-api-management?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json
     - name: Deploy to multiple Azure regions
       href: api-management-howto-deploy-multi-region.md
     - name: Enable availability zones
       displayName: zonal, zone-redundant
-      href: ../reliability/migrate-api-mgt.md?toc=%2Fazure%2Fapi-management%2Ftoc.json&bc=/azure/api-management/breadcrumb/toc.json
+      href: enable-availability-zone-support.md
     - name: Set up DR using backup/restore
       displayName: disaster, recovery
       href: api-management-howto-disaster-recovery-backup-restore.md
@@ -680,6 +680,8 @@
       href: breaking-changes/git-configuration-retirement-march-2025.md
     - name: Direct management API retirement (March 2025)
       href: breaking-changes/direct-management-api-retirement-march-2025.md
+    - name: Managed certificates suspension (August 2025)
+      href: breaking-changes/managed-certificates-suspension-august-2025.md
     - name: ADAL-based identity provider retirement (September 2025)
       href: breaking-changes/identity-provider-adal-retirement-sep-2025.md
     - name: CAPTCHA endpoint update (September 2025)

articles/api-management/api-management-capacity.md

@@ -42,9 +42,6 @@ In the v2 tiers, the following metrics are available:
 
 * **Memory Percentage of Gateway** - The percentage of memory capacity used by the gateway units.
 
-    > [!NOTE]
-    > Currently, the Memory Percentage of Gateway metric isn't supported in the Premium v2 tier.
-
 Available aggregations for these metrics are as follows.
 
 * **Avg** - Average percentage of capacity used across gateway processes in every [unit](upgrade-and-scale.md) of an API Management instance. 

articles/api-management/api-management-howto-deploy-multi-region.md

@@ -5,7 +5,7 @@ description: Learn how to deploy a Premium tier Azure API Management instance to
 author: dlepow
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 07/29/2024
+ms.date: 07/07/2025
 ms.author: danlep
 ---
 
@@ -19,7 +19,7 @@ When adding a region, you configure:
 
 * The number of scale [units](upgrade-and-scale.md) that region will host. 
 
-* Optional [availability zones](../reliability/migrate-api-mgt.md), if that region supports it.
+* [Availability zones](enable-availability-zone-support.md), if that region supports it. By default, API Management automatically configures availability zones for the added region, which is recommended. You can also manually configure availability zones for the added region.
 
 * [Virtual network](virtual-network-concepts.md) settings in the added region, if networking is configured in the existing region or regions.
 
@@ -35,37 +35,38 @@ When adding a region, you configure:
 
 ## Prerequisites
 
+* Thoroughly understand all requirements and considerations for enabling multi-region deployment in API Management by reading [Reliability in API Management](../reliability/reliability-api-management.md). 
 * If you haven't created an API Management service instance, see [Create an API Management service instance](get-started-create-service-instance.md). Select the Premium service tier.
 * If your API Management instance is deployed in a virtual network, ensure that you set up a virtual network and subnet in the location that you plan to add, and within the same subscription. See [virtual network prerequisites](api-management-using-with-vnet.md#prerequisites).
 
-## <a name="add-region"> </a>Deploy API Management service to an additional region
+## Deploy API Management service to an additional region
 
 1. In the Azure portal, navigate to your API Management service and select **Locations** from the left menu.
 1. Select **+ Add** in the top bar.
 1. Select the added location from the dropdown list.
 1. Select the number of scale **[Units](upgrade-and-scale.md)** in the location.
-1. Optionally select one or more [**Availability zones**](../reliability/migrate-api-mgt.md). 
-1. If the API Management instance is deployed in a [virtual network](api-management-using-with-vnet.md), configure virtual network settings in the location, including virtual network, subnet, and public IP address (if enabling availability zones).
+1. If the region supports [**Availability zones**](enable-availability-zone-support.md), leave the **Automatic** setting (recommended), or optionally select one or more zones. If you select specific zones, the number of units that you selected must distribute evenly across the availability zones. For example, if you selected three units, you would select three zones so that each zone hosts one unit. 
+1. If the API Management instance is deployed in a [virtual network](api-management-using-with-vnet.md), configure virtual network settings in the location, including virtual network, subnet, and public IP address.
 1. Select **Add** to confirm.
 1. Repeat this process until you configure all locations.
 1. Select **Save** in the top bar to start the deployment process.
 
-## <a name="remove-region"> </a>Remove an API Management service region
+## Remove an API Management service region
 
 1. In the Azure portal, navigate to your API Management service and select **Locations** from the left menu.
 1. For the location you would like to remove, select the context menu using the **...** button at the right end of the table. Select **Delete**.
 1. Confirm the deletion and select **Save** to apply the changes.
 
 
-## <a name="route-backend"> </a>Route API calls to regional backend services
+## Route API calls to regional backend services
 
 By default, each API routes requests to a single backend service URL. Even if you've configured Azure API Management gateways in various regions, the API gateway will still forward requests to the same backend service, which is deployed in only one region. In this case, the performance gain will come only from responses cached within Azure API Management in a region specific to the request; contacting the backend across the globe may still cause high latency.
 
 To take advantage of geographical distribution of your system, you should have backend services deployed in the same regions as Azure API Management instances. Then, using policies and `@(context.Deployment.Region)` property, you can route the traffic to local instances of your backend.
 
 1. Navigate to your Azure API Management instance and select **APIs** from the left menu.
 2. Select your desired API.
-3. Select **Code editor** from the arrow dropdown in the **Inbound processing**.
+3. On the **Design** tab, in the **Inbound processing** section, select **Code editor**.
 
     ![API code editor](./media/api-management-howto-deploy-multi-region/api-management-api-code-editor.png)
 
@@ -109,7 +110,7 @@ You may also front your backend services with [Azure Traffic Manager](https://az
 
 * For traffic control during maintenance operations, we recommend using the Priority routing method.
 
-## <a name="custom-routing"> </a>Use custom routing to API Management regional gateways
+## Use custom routing to API Management regional gateways
 
 API Management routes the requests to a regional gateway based on [the lowest latency](../traffic-manager/traffic-manager-routing-methods.md#performance). Although it isn't possible to override this setting in API Management, you can use your own Traffic Manager with custom routing rules.
 
@@ -167,7 +168,7 @@ This section provides considerations for multi-region deployments when the API M
 * Configure each regional network independently. The [connectivity requirements](virtual-network-reference.md) such as required network security group rules for a virtual network in an added region are generally the same as those for a network in the primary region.
 * Virtual networks in the different regions don't need to be peered.
 > [!IMPORTANT]
-> When configured in internal VNet mode, each regional gateway must also have outbound connectivity on port 1433 to the Azure SQL database configured for your API Management instance, which is only in the *primary* region. Ensure that you allow connectivity to the FQDN or IP address of this Azure SQL database in any routes or firewall rules you configure for networks in your secondary regions; the Azure SQL service tag can't be used in this scenario. To find the Azure SQL database name in the primary region, go to the **Network** > **Network status** page of your API Management instance in the portal. 
+> When configured in internal virtual network mode, each regional gateway must also have outbound connectivity on port 1433 to the Azure SQL database configured for your API Management instance, which is only in the *primary* region. Ensure that you allow connectivity to the FQDN or IP address of this Azure SQL database in any routes or firewall rules you configure for networks in your secondary regions; the Azure SQL service endpoint can't be used in this scenario. To find the Azure SQL database name in the primary region, go to the **Network** > **Network status** page of your API Management instance in the portal. 
 
 ### IP addresses
 
@@ -185,10 +186,10 @@ This section provides considerations for multi-region deployments when the API M
 
 ## Related content
 
-* Learn more about configuring API Management for [high availability](high-availability.md).
-
-* Learn more about configuring [availability zones](../reliability/migrate-api-mgt.md) to improve the availability of an API Management instance in a region.
+* Learn more about [reliability in API Management](../reliability/reliability-api-management.md)
 
+* Learn more about enabling [availability zone support](enable-availability-zone-support.md) for an API Management instance.
+    
 * For more information about virtual networks and API Management, see:
 
     * [Connect to a virtual network using Azure API Management](api-management-using-with-vnet.md)

articles/api-management/api-management-region-availability.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: concept-article
-ms.date: 06/17/2025
+ms.date: 07/21/2025
 ms.author: danlep
 ms.custom:
   - references_regions
@@ -32,6 +32,7 @@ Information in the following table is updated regularly. Capacity availability i
 | Australia Southeast | ✅ | ✅ | | |
 | Brazil South | ✅ | ✅ | |  |
 | Central India  | ✅ | ✅ | |  |
+| Central US  | ✅ | ✅ | |  |
 | East Asia | ✅ | ✅ | | ✅ |
 | East US  | ✅ | ✅ |  |  |
 | East US 2 | ✅ | ✅ | ✅ | ✅ |
@@ -49,6 +50,7 @@ Information in the following table is updated regularly. Capacity availability i
 | Sweden Central | ✅ | ✅ | | |
 | South India | ✅ | ✅ |  |  |
 | Switzerland North | ✅ |✅ |  | |
+| UAE North | ✅ | ✅ | |  |
 | UK South | ✅  | ✅ | ✅ | ✅ |
 | UK West | ✅  | ✅ | | |
 | West Europe  | ✅ | ✅ | | ✅ |

articles/api-management/breaking-changes/managed-certificates-suspension-august-2025.md

@@ -0,0 +1,39 @@
+---
+title: Azure API Management - Managed certificates suspension for new custom domains (August 2025)
+description: Azure API Management is temporarily suspending managed certificates for new custom domains from August 15, 2025 to March 15, 2026 due to industry-wide changes in domain validation.
+services: api-management
+author: dlepow
+ms.service: azure-api-management
+ms.topic: reference
+ai-usage: ai-assisted
+ms.date: 07/18/2025
+ms.author: danlep
+---
+
+# Managed certificates suspension for new custom domains (August 2025)
+
+[!INCLUDE [premium-dev-standard-basic.md](../../../includes/api-management-availability-premium-dev-standard-basic.md)]
+
+Azure managed certificates for new custom domains in API Management will be temporarily turned off from August 15, 2025 to March 15, 2026. Existing managed certificates will be autorenewed and remain unaffected.
+
+In the classic service tiers, Azure API Management offers [free, managed TLS certificates for custom domains](../configure-custom-domain.md#domain-certificate-options), allowing customers to secure their endpoints without purchasing and managing their own certificates. Because of an industry-wide deprecation of CNAME-based Domain Control Validation (DCV), our Certificate Authority (CA), DigiCert, will migrate to a new validation platform to meet Multi-Perspective Issuance Corroboration (MPIC) requirements. This migration requires a temporary suspension of managed certificates for new custom domains.
+
+## Is my service affected by this?
+
+You're affected if you plan to create new managed certificates for new custom domains in Azure API Management between August 15, 2025 and March 15, 2026. Existing managed certificates will be autorenewed before August 15, 2025 and will continue to function normally. There's no impact to existing managed certificates or custom domains already using them.
+
+## What is the deadline for the change?
+
+The suspension of managed certificates for new custom domains will be enforced from August 15, 2025 to March 15, 2026. The capability to create managed certificates will resume after the migration to the new validation platform is complete.
+
+## What do I need to do?
+
+No action is required if you already have managed certificates for your custom domains. If you need to add new managed certificates, plan to do so before August 15, 2025 or after March 15, 2026. During the suspension period, you can still configure custom domains with certificates you manage from other sources.
+
+## Help and support
+
+If you have questions, get answers from community experts in [Microsoft Q&A](https://aka.ms/apim/azureqa/change/captcha-2022). If you have a support plan and need technical help, create a [support request](https://portal.azure.com/#view/Microsoft_Azure_Support/HelpAndSupportBlade/~/overview).
+
+## Related content
+
+See all [upcoming breaking changes and feature retirements](overview.md).

articles/api-management/breaking-changes/overview.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: reference
-ms.date: 05/30/2025
+ms.date: 07/17/2025
 ms.author: danlep
 ---
 
@@ -30,6 +30,7 @@ The following table lists all the upcoming breaking changes and feature retireme
 | [Git repository retirement][git2025] | March 15, 2025 |
 | [Direct management API retirement][mgmtapi2025] | March 15, 2025 |
 | [Workspaces preview breaking changes, part 2][workspaces2025march] | March 31, 2025 |
+| [Managed certificates suspension][managed-certificates-suspension-august-2025] | August 15, 2025 |
 | [ADAL-based Microsoft Entra ID identity provider retirement][msal2025] | September 30, 2025 |
 | [CAPTCHA endpoint update][captcha2025] | September 30, 2025 |
 | [Built-in analytics dashboard retirement][analytics2027] | March 15, 2027 |
@@ -50,3 +51,4 @@ The following table lists all the upcoming breaking changes and feature retireme
 [mgmtapi2025]: ./direct-management-api-retirement-march-2025.md
 [workspaces2024]: ./workspaces-breaking-changes-june-2024.md
 [workspaces2025march]: ./workspaces-breaking-changes-march-2025.md
+[managed-certificates-suspension-august-2025]: ./managed-certificates-suspension-august-2025.md