Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

articles/governance/policy/concepts/policy-for-kubernetes.md

@@ -607,7 +607,7 @@ Finally, to identify the AKS cluster version that you're using, follow the linke
 ### Add-on versions available per each AKS cluster version
 
 #### 1.10.1
-Patch CVE-2025-30204 and CVE-2025-22870.
+Update the `policy-kubernetes-addon-prod` and `policy-kubernetes-webhook` images to patch [CVE-2025-30204](https://nvd.nist.gov/vuln/detail/CVE-2025-30204) and [CVE-2025-22870](https://nvd.nist.gov/vuln/detail/CVE-2025-22870).
 - Released April 2025
 - Kubernetes 1.27+
 - Gatekeeper 3.18.2

articles/iot-edge/index.yml

@@ -1,7 +1,7 @@
 ### YamlMime:Landing
 
 title: Azure IoT Edge documentation
-summary: Azure IoT Edge extends IoT Hub. Analyze device data locally instead of in the cloud to send less data to the cloud, react to events quickly, and operate offline.
+summary: Azure IoT Edge extends IoT Hub. Analyze device data locally to reduce data sent to the cloud, respond to events quickly, and work offline.
 
 metadata:
   title: Azure IoT Edge documentation
@@ -20,19 +20,19 @@ landingContent:
         links:
           - text: What is Azure IoT Edge?
             url: about-iot-edge.md
-          - text: What is Azure IoT Edge for Linux on Windows (EFLOW)?
+          - text: What is Azure IoT Edge for Linux on Windows?
             url: iot-edge-for-linux-on-windows.md
       - linkListType: concept
         links:
           - text: Understand the Azure IoT Edge runtime and its architecture
             url: iot-edge-runtime.md
-          - text: Azure IoT Edge versions and release notes
+          - text: Azure IoT Edge versions and release information
             url: version-history.md
           - text: Azure IoT Edge supported systems
             url: support.md
       - linkListType: how-to-guide
         links:
-          - text: How an IoT Edge device can be used as a gateway
+          - text: Use an IoT Edge device as a gateway
             url: iot-edge-as-gateway.md
   - title: Getting started using Linux devices
     linkLists:
@@ -42,7 +42,7 @@ landingContent:
             url: quickstart-linux.md
       - linkListType: tutorial
         links: 
-          - text: Develop Azure IoT Edge modules using Visual Studio Code
+          - text: Develop Azure IoT Edge modules with Visual Studio Code
             url: tutorial-develop-for-linux.md
       - linkListType: how-to-guide
         links:
@@ -74,5 +74,5 @@ landingContent:
             url: how-to-provision-single-device-linux-on-windows-symmetric.md
       - linkListType: reference
         links:
-          - text: IoT Edge for Linux on Windows open-source repository
+          - text: IoT Edge for Linux on Windows open source repository
             url: https://github.com/Azure/iotedge-eflow

articles/partner-solutions/elastic/manage.md

@@ -85,7 +85,7 @@ You can limit network access to a private link.
 To enable private link access:
 
 1. Select **Configuration** in the left navigation.
-1. 
+
 1. Under **Networking**, select **Private Link** and the name of the private link.
 
 ## Traffic filters

articles/role-based-access-control/built-in-roles.md

@@ -377,6 +377,9 @@ The following table provides a brief description of each built-in role. Click th
 > | <a name='deid-realtime-data-user'></a>[DeID Realtime Data User](./built-in-roles/integration.md#deid-realtime-data-user) | Execute requests against DeID realtime endpoint. This role is in preview and subject to change. | bb6577c4-ea0a-40b2-8962-ea18cb8ecd4e |
 > | <a name='dicom-data-owner'></a>[DICOM Data Owner](./built-in-roles/integration.md#dicom-data-owner) | Full access to DICOM data. | 58a3b984-7adf-4c20-983a-32417c86fbc8 |
 > | <a name='dicom-data-reader'></a>[DICOM Data Reader](./built-in-roles/integration.md#dicom-data-reader) | Read and search DICOM data. | e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a |
+> | <a name='durable-task-data-contributor'></a>[Durable Task Data Contributor](./built-in-roles/integration.md#durable-task-data-contributor) | Durable Task role for all data access operations. | 0ad04412-c4d5-4796-b79c-f76d14c8d402 |
+> | <a name='durable-task-data-reader'></a>[Durable Task Data Reader](./built-in-roles/integration.md#durable-task-data-reader) | Read all Durable Task Scheduler data. | d6a5505f-6ebb-45a4-896e-ac8274cfc0ac |
+> | <a name='durable-task-worker'></a>[Durable Task Worker](./built-in-roles/integration.md#durable-task-worker) | Used by worker applications to interact with the Durable Task service | 80d0d6b0-f522-40a4-8886-a5a11720c375 |
 > | <a name='eventgrid-contributor'></a>[EventGrid Contributor](./built-in-roles/integration.md#eventgrid-contributor) | Lets you manage EventGrid operations. | 1e241071-0855-49ea-94dc-649edcd759de |
 > | <a name='eventgrid-data-sender'></a>[EventGrid Data Sender](./built-in-roles/integration.md#eventgrid-data-sender) | Allows send access to event grid events. | d5a91429-5739-47e2-a06b-3470a27159e7 |
 > | <a name='eventgrid-eventsubscription-contributor'></a>[EventGrid EventSubscription Contributor](./built-in-roles/integration.md#eventgrid-eventsubscription-contributor) | Lets you manage EventGrid event subscription operations. | 428e0ff0-5e57-4d9c-a221-2c70d0e0a443 |

articles/role-based-access-control/built-in-roles/integration.md

@@ -1690,6 +1690,131 @@ Read and search DICOM data.
 }
 ```
 
+## Durable Task Data Contributor
+
+Durable Task role for all data access operations.
+
+[Learn more](/azure/azure-functions/durable/durable-task-scheduler/develop-with-durable-task-scheduler)
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | *none* |  |
+> | **NotActions** |  |
+> | *none* |  |
+> | **DataActions** |  |
+> | [Microsoft.DurableTask](../permissions/integration.md#microsoftdurabletask)/* |  |
+> | **NotDataActions** |  |
+> | *none* |  |
+
+```json
+{
+  "assignableScopes": [
+    "/"
+  ],
+  "description": "Durable Task role for all data access operations.",
+  "id": "/providers/Microsoft.Authorization/roleDefinitions/0ad04412-c4d5-4796-b79c-f76d14c8d402",
+  "name": "0ad04412-c4d5-4796-b79c-f76d14c8d402",
+  "permissions": [
+    {
+      "actions": [],
+      "notActions": [],
+      "dataActions": [
+        "Microsoft.DurableTask/*"
+      ],
+      "notDataActions": []
+    }
+  ],
+  "roleName": "Durable Task Data Contributor",
+  "roleType": "BuiltInRole",
+  "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
+
+## Durable Task Data Reader
+
+Read all Durable Task Scheduler data.
+
+[Learn more](/azure/azure-functions/durable/durable-task-scheduler/develop-with-durable-task-scheduler)
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | *none* |  |
+> | **NotActions** |  |
+> | *none* |  |
+> | **DataActions** |  |
+> | [Microsoft.DurableTask](../permissions/integration.md#microsoftdurabletask)/schedulers/taskhubs/orchestrations/read | Gets or list orchestrations metadata, including payloads |
+> | [Microsoft.DurableTask](../permissions/integration.md#microsoftdurabletask)/schedulers/taskhubs/orchestrations/metadata/read | Gets or lists orchestration metadata, but not payloads |
+> | **NotDataActions** |  |
+> | *none* |  |
+
+```json
+{
+  "assignableScopes": [
+    "/"
+  ],
+  "description": "Read all Durable Task Scheduler data.",
+  "id": "/providers/Microsoft.Authorization/roleDefinitions/d6a5505f-6ebb-45a4-896e-ac8274cfc0ac",
+  "name": "d6a5505f-6ebb-45a4-896e-ac8274cfc0ac",
+  "permissions": [
+    {
+      "actions": [],
+      "notActions": [],
+      "dataActions": [
+        "Microsoft.DurableTask/schedulers/taskhubs/orchestrations/read",
+        "Microsoft.DurableTask/schedulers/taskhubs/orchestrations/metadata/read"
+      ],
+      "notDataActions": []
+    }
+  ],
+  "roleName": "Durable Task Data Reader",
+  "roleType": "BuiltInRole",
+  "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
+
+## Durable Task Worker
+
+Used by worker applications to interact with the Durable Task service
+
+[Learn more](/azure/azure-functions/durable/durable-task-scheduler/develop-with-durable-task-scheduler)
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | *none* |  |
+> | **NotActions** |  |
+> | *none* |  |
+> | **DataActions** |  |
+> | [Microsoft.DurableTask](../permissions/integration.md#microsoftdurabletask)/schedulers/taskhubs/orchestrations/execute/action | Get orchestration and activity work-items and post results |
+> | **NotDataActions** |  |
+> | *none* |  |
+
+```json
+{
+  "assignableScopes": [
+    "/"
+  ],
+  "description": "Used by worker applications to interact with the Durable Task service",
+  "id": "/providers/Microsoft.Authorization/roleDefinitions/80d0d6b0-f522-40a4-8886-a5a11720c375",
+  "name": "80d0d6b0-f522-40a4-8886-a5a11720c375",
+  "permissions": [
+    {
+      "actions": [],
+      "notActions": [],
+      "dataActions": [
+        "Microsoft.DurableTask/schedulers/taskhubs/orchestrations/execute/action"
+      ],
+      "notDataActions": []
+    }
+  ],
+  "roleName": "Durable Task Worker",
+  "roleType": "BuiltInRole",
+  "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
+
 ## EventGrid Contributor
 
 Lets you manage EventGrid operations.

articles/role-based-access-control/permissions/integration.md

@@ -721,6 +721,30 @@ Azure service: [Azure Communication Services](/azure/communication-services/over
 > | Microsoft.Communication/Operations/read | Reads operations |
 > | Microsoft.Communication/RegisteredSubscriptions/read | Reads registered subscriptions |
 
+## Microsoft.DurableTask
+
+Azure service: [Durable Functions](/azure/azure-functions/durable/durable-functions-overview)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | --- | --- |
+> | Microsoft.DurableTask/register/action | Register Microsoft.DurableTask resource provider for the subscription |
+> | Microsoft.DurableTask/unregister/action | Unregister Microsoft.DurableTask resource provider for the subscription |
+> | Microsoft.DurableTask/locations/operationStatuses/read | OperationStatuses read |
+> | Microsoft.DurableTask/locations/operationStatuses/write | OperationStatuses write |
+> | Microsoft.DurableTask/schedulers/write | Create or Update Durable Task Scheduler |
+> | Microsoft.DurableTask/schedulers/delete | Delete Durable Task Scheduler |
+> | Microsoft.DurableTask/schedulers/read | Read Durable Task Scheduler Namespace |
+> | Microsoft.DurableTask/schedulers/taskhubs/write | Create or Update Durable Task Scheduler Task Hub |
+> | Microsoft.DurableTask/schedulers/taskhubs/delete | Delete Durable Task Scheduler Task Hub |
+> | Microsoft.DurableTask/schedulers/taskhubs/read | Read Durable Task Scheduler Task Hub |
+> | **DataAction** | **Description** |
+> | Microsoft.DurableTask/schedulers/taskhubs/orchestrations/read | Gets or list orchestrations metadata, including payloads |
+> | Microsoft.DurableTask/schedulers/taskhubs/orchestrations/manage/action | Manages orchestrations |
+> | Microsoft.DurableTask/schedulers/taskhubs/orchestrations/execute/action | Get orchestration and activity work-items and post results |
+> | Microsoft.DurableTask/schedulers/taskhubs/orchestrations/raiseevents/action | Can invoke RaiseEvent |
+> | Microsoft.DurableTask/schedulers/taskhubs/orchestrations/metadata/read | Gets or lists orchestration metadata, but not payloads |
+
 ## Microsoft.EventGrid
 
 Get reliable event delivery at massive scale.

articles/role-based-access-control/whats-new.md

@@ -18,6 +18,7 @@ This article provides information about new features and documentation improveme
 
 | Date | Area | Description |
 | --- | --- | --- |
+| March 2025 | Roles | Added Durable Task roles. See [Durable Task Data Contributor](built-in-roles/integration.md#durable-task-data-contributor), [Durable Task Data Reader](built-in-roles/integration.md#durable-task-data-reader), and [Durable Task Worker](built-in-roles/integration.md#durable-task-worker). |
 | March 2025 | Security | Updates about classic administrators access. See [Azure classic subscription administrators](classic-administrators.md). |
 | February 2025 | Limits | Updates to [Azure RBAC limits](../azure-resource-manager/management/azure-subscription-service-limits.md#azure-rbac-limits). |
 | February 2025 | Roles | Added [Chaos Studio Target Contributor](built-in-roles/devops.md#chaos-studio-target-contributor) role. |