Merge pull request #289562 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: Taojunshen

articles/app-service/configure-language-dotnetcore.md

@@ -72,6 +72,9 @@ az webapp config set --name <app-name> --resource-group <resource-group-name> --
 
 ## Customize build automation
 
+> [!NOTE]
+> Building .NET 9 (STS) apps with Windows App Service using MSBuild or SCM_DO_BUILD is not yet supported. Support for these build scenarios will come after the initial GA date and by December 4th, 2024. Deployments that build outside of App Service through Visual Studio, Visual Studio Code, GitHub Actions and Azure DevOps are fully supported.
+
 If you deploy your app using Git, or zip packages [with build automation enabled](deploy-zip.md#enable-build-automation-for-zip-deploy), the App Service build automation steps through the following sequence:
 
 1. Run custom script if specified by `PRE_BUILD_SCRIPT_PATH`.

articles/app-service/quickstart-dotnetcore.md

@@ -44,6 +44,9 @@ Alternatively, you can deploy an ASP.NET web app as part of a [Windows or Linux
 > [!TIP]
 > Find GitHub Copilot tips in the Visual Studio, Visual Studio Code, and Azure portal steps.
 
+> [!NOTE]
+> Building .NET 9 (STS) apps with Windows App Service using MSBuild or SCM_DO_BUILD is not yet supported. Support for these build scenarios will come after the initial GA date and by December 4th, 2024. Deployments that build outside of App Service through Visual Studio, Visual Studio Code, GitHub Actions and Azure DevOps are fully supported.
+
 ## Prerequisites
 
 :::zone target="docs" pivot="development-environment-vs"

articles/defender-for-iot/organizations/TOC.yml

@@ -373,6 +373,8 @@
           href: appliance-catalog/dell-poweredge-r360-e1800.md
       - name: Production line
         items:
+        - name: Heptagon YB3x
+          href: appliance-catalog/heptagon-yb3x.md
         - name: HPE ProLiant DL20 Gen11 Plus (NHP 2LFF)
           href: appliance-catalog/hpe-proliant-dl20-gen-11-nhp-2lff.md
         - name: DELL XE4 SFF

articles/defender-for-iot/organizations/appliance-catalog/heptagon-yb3x.md

@@ -0,0 +1,74 @@
+---
+title: Heptagon YB3x for OT monitoring in L100 deployments - Microsoft Defender for IoT
+description: Learn about the YB3x appliance when used for OT monitoring with Microsoft Defender for IoT in L100 deployments.
+ms.date: 04/01/2024
+ms.topic: reference
+---
+
+# Heptagon YB3x
+
+This article describes the **Heptagon YB3x** appliance deployment and installation for OT sensors.
+
+| Appliance characteristic |Details |
+|---------|---------|
+|**Hardware profile** | L100 |
+|**Performance** | Max bandwidth: 20-25 Mbps <br> Max devices: 200 |
+|**Physical specifications** | Ports: 6 x 1-GbE ports|
+|**Status** | Supported, available as preconfigured |
+
+The following image shows a view of the Heptagon YB3x front panel:
+
+:::image type="content" source="media/yb3x.png" alt-text="Picture of the front view of the Heptagon YB3x." border="false":::
+
+## Specifications
+
+|Component|Technical specifications|
+|----|----|
+|Construction |Fanless cooling  |
+|Dimensions |1U, 209x187x37.5mm  |
+|Weight | 1.1 kg |
+|CPU |Intel C3708 – 8 cores  |
+|Memory |16 GB |
+|Storage |500 GB |
+|Network controller |Intel I210, Intel x553  |
+|Device access | 4x USB 3.0, TPM 2.0, 2x Serial ports |
+|Power Adapter |12 VDC or optional 9-28 VDC with reverse polarity, <br>Over/under voltage protection  |
+|BMC |BMC AST2600, OpenBMC, IPMI 2.0, iKVM, Virtual Media  |
+|Temperature |-40 °C to +75 °C |
+|Humidity |95% @ 40°C (noncondensing)  |
+|Shock & Vibration  | ETSI standard ETS 300 019-1-5, 5M2 |
+|Safety |IEC 60950-1, AS/NZS  |
+|EMC |CE, FCC, AS/NZS |
+
+## Heptagon YB3x - Bill of Materials
+
+|Description| PN|Quantity|
+|--------------|--------------|---------|
+|CPU: Atom-C3708, 8C, 16 MB Cache, 1.7Ghz, 17 W, Embedded/Ind. Temp <br> DRAM - Not installed <br> COMM1: COM-4X1: Quad 1G Base-T <br> COMM2: No Comm Module <br> BMC: BMC, based on Aspeed AST2600, with Display port video  |YB3708-0-4T0B |1|
+|500G NV2 M.2 2280 PCIe 4.0 NVMe SSD  |SNV2S/500G |1 |
+|Intel X710 Dual Port 10 GbE SFP+ Adapter | 540-BDQZ |1|
+|8 GB 2,666 MT/s DDR4 ECC Reg CL19 DIMM 1Rx8 Hynix D IDT  | KSM26RS8/8HDI  | 2|
+|Power supply, 110-220 VAC to 12 VDC, 100 W, IP 67, Industrial temp   | PS100-12-IP67  | 1 |
+
+## Heptagon YB3x software setup
+
+This procedure describes how to install Defender for IoT software on the Heptagon YB3x. The installation process takes about 20 minutes. After the installation, the system restarts several times.
+
+To install Defender for IoT software:
+
+1. Connect the screen and keyboard to the appliance, and then connect to the CLI.
+
+1. Connect an external CD or disk-on-key that contains the software you downloaded from the Azure portal.
+
+1. Start the appliance.
+
+1. Continue by installing your Defender for IoT software. For more information, see [Defender for IoT software installation](../ot-deploy/install-software-ot-sensor.md#install-defender-or-iot-software-on-ot-sensors).
+
+## Next steps
+
+Continue understanding system requirements for physical or virtual appliances. For more information, see [Which appliances do I need?](../ot-appliance-sizing.md)
+
+Then, use any of the following procedures to continue:
+
+- [Download software for an OT sensor](../ot-deploy/install-software-ot-sensor.md#download-software-files-from-the-azure-portal)
+- [Download software files for an on-premises management console](../legacy-central-management/install-software-on-premises-management-console.md#download-software-files-from-the-azure-portal)

articles/defender-for-iot/organizations/appliance-catalog/index.yml

@@ -42,6 +42,8 @@ landingContent:
     linkLists:
       - linkListType: deploy
         links:
+          - text: Heptagon YB3x
+            url: heptagon-yb3x.md
           - text: HPE ProLiant DL20 Gen11 Plus (NHP 2LFF)
             url: hpe-proliant-dl20-gen-11-nhp-2lff.md
           - text: Dell XE4 SFF

articles/defender-for-iot/organizations/appliance-catalog/media/yb3x.png

@@ -21,11 +21,23 @@ These features shouldn't be confused with Availability Zones. Both geographic re
 > - This feature is currently in public preview, and as such shouldn't be used in production scenarios.
 > - The following regions are currently supported in the public preview.
 >
-> | US               | Europe        | APAC          |
-> |------------------|---------------|---------------| 
-> | Central US EUAP  | Italy North   | Australia Central |
-> | Canada Central   | Spain Central | Australia East |
-> | Canada East      | Norway East   ||
+> | Region              | Region               | Region             |
+> |--------------------|--------------------|------------------|
+> | AustraliaCentral   | GermanyNorth       | NorwayWest       |
+> | AustraliaCentral2  | GermanyWestCentral | PolandCentral    |
+> | AustraliaEast      | IsraelCentral      | SouthAfricaNorth |
+> | AustraliaSoutheast | ItalyNorth         | SouthAfricaWest  |
+> | BrazilSoutheast    | JapanEast          | SoutheastAsia    |
+> | CanadaCentral      | JapanWest          | SouthIndia       |
+> | CanadaEast         | JioIndiaCentral    | SpainCentral     |
+> | CentralIndia       | JioIndiaWest       | SwedenCentral    |
+> | CentralUS          | KoreaCentral       | SwitzerlandNorth |
+> | CentralUSEUAP      | KoreaSouth         | SwitzerlandWest  |
+> | EastAsia           | MexicoCentral      | UAECentral       |
+> | EastUS2            | NorthCentralUS     | UAENorth         |
+> | FranceCentral      | NorthEurope        | UKSouth          |
+> | FranceSouth        | NorwayEast         | UKWest           |
+>
 
 
 ## Metadata disaster recovery vs. Geo-replication of metadata and data

articles/event-hubs/geo-replication.md

@@ -29,8 +29,6 @@ landingContent:
         links:
           - text: Azure Firewall rule processing logic
             url: rule-processing.md
-          - text: Frequently asked questions
-            url: firewall-faq.yml
       - linkListType: concept
         links:
           - text: Azure Firewall NAT behaviors
@@ -43,14 +41,7 @@ landingContent:
         links:
           - text: What's new
             url: https://azure.microsoft.com/updates/?category=networking&query=Firewall
-      - linkListType: deploy
-        links: 
-          - text: Provision and configure Azure Firewall and Application Gateway
-            url: https://mslabs.cloudguides.com/en-us/guides/Azure%20Networking%20Solutions%20-%20Exercise%204
-          - text: Secure your network infrastructure with Azure Firewall and Azure DDoS Protection
-            url: https://mslearn.cloudguides.com/guides/Secure%20your%20network%20infrastructure%20with%20Azure%20Firewall%20and%20Azure%20DDoS%20Protection
-          - text: Enhance network visibility and threat detection through Azure network security integrations with Microsoft Sentinel
-            url: https://mslearn.cloudguides.com/guides/Enhance%20network%20visibility%20and%20threat%20detection%20through%20Azure%20network%20security%20integrations%20with%20Microsoft%20Sentinel
+
 
   # Card
   - title: Learn about Azure Firewall Premium
@@ -84,6 +75,24 @@ landingContent:
         links:
           - text: Deploy Firewall Basic
             url: deploy-firewall-basic-portal-policy.md
+      - linkListType: deploy
+        links: 
+          - text: Provision and configure Azure Firewall and Application Gateway
+            url: https://mslabs.cloudguides.com/en-us/guides/Azure%20Networking%20Solutions%20-%20Exercise%204
+          - text: Secure your network infrastructure with Azure Firewall and Azure DDoS Protection
+            url: https://mslearn.cloudguides.com/guides/Secure%20your%20network%20infrastructure%20with%20Azure%20Firewall%20and%20Azure%20DDoS%20Protection
+          - text: Enhance network visibility and threat detection through Azure network security integrations with Microsoft Sentinel
+            url: https://mslearn.cloudguides.com/guides/Enhance%20network%20visibility%20and%20threat%20detection%20through%20Azure%20network%20security%20integrations%20with%20Microsoft%20Sentinel
+
+  # Card
+  - title: Troubleshoot Azure Firewall
+    linkLists:
+      - linkListType: reference
+        links:
+          - text: Azure Firewall known issues and limitations
+            url: firewall-known-issues.md
+          - text: Frequently asked questions
+            url: firewall-faq.yml
 
   # Card
   - title: Learn about Azure Firewall integration in Copilot for Security

articles/firewall/index.yml

@@ -0,0 +1,146 @@
+---
+title: Hotpatching (preview) on Azure Arc-enabled machines
+description: This article details how to manage hotpatching (preview) on Azure Arc-enabled machines.
+ms.service: azure-update-manager
+ms.date: 10/30/2024
+ms.topic: how-to
+author: SnehaSudhirG
+ms.author: sudhirsneha
+---
+
+# Manage hotpatches (preview) on Arc-enabled machines
+
+**Applies to:** :heavy_check_mark: Windows VMs :heavy_check_mark: Linux VMs :heavy_check_mark: On-premises environment :heavy_check_mark: Azure Arc-enabled servers.
+
+Azure Update Manager enables you to install hotpatches (preview) on Windows Server Azure Editions and Arc-enabled machines. For more information, see [Hotpatch for virtual machines](https://learn.microsoft.com/windows-server/get-started/hotpatch). 
+
+This article explains how to install hotpatches (preview) on compatible Arc-enabled machines. For hotpatches (preview) being non-intrusive on availability, you can create faster schedules and update your services immediately after release, with less planning to maintain reliability of your machines at-scale.  
+
+## Supported operating systems
+
+- Windows Server 2025 Standard Edition 
+- Windows Server 2025 Datacenter Edition 
+
+
+## Prerequisites
+
+- Verify that the machine has a supported OS SKU. [Learn more](#supported-operating-systems).
+- Ensure that Virtualization Based Security (VBS) is enabled. [Learn more](https://techcommunity.microsoft.com/t5/windows-server-news-and-best/how-to-preview-azure-arc-connected-hotpatching-for-windows/ba-p/4246895).
+- Ensure the machine is Arc-enabled. 
+
+## Manage Hotpatches (preview)
+
+### Enroll hotpatch (preview) license
+
+To enroll hotpatch (preview) license, follow these steps:
+
+1. Sign in to the [Azure portal](https://portal.azure.com) and go to **Azure Update Manager**.
+1. Under **Resources**, select **Machines** and then select the specific *Arc-enabled server*.
+1. Under the **Recommended updates** section, in **Hotpatch**, select **Change**.
+1. In the Hotpatch (preview), select **I want to license this Windows Server to receive monthly patches** option.
+1. Select **Enable Hotpatching** and then select **Confirm**.
+       
+   :::image type="content" source="./media/manage-hot-patching-arc-machines/enroll-hot-patch-license.png" alt-text="Screenshot showing how to enroll hotpatch license." lightbox="./media/manage-hot-patching-arc-machines/enroll-hot-patch-license.png"::: 
+       
+### Manage hotpatch (preview) updates
+
+After you enroll to hotpatch (preview) license, your machine automatically receives hotpatch updates.
+
+#### [At scale](#tab/manage-scale)
+
+To enable or disable hotpaching at scale, follow these steps:
+
+1. Sign in to the [Azure portal](https://portal.azure.com) and go to **Azure Update Manager**.
+1. Under **Resources**, select **Machines** and in the **Azure Update Manager | Machines** page, under **Settings**, select **Update settings**.
+1. In **Change update settings** page, select **+Add machine**, to select the machine to which you want to change the update settings.
+1. In **Select resources** page, select the machines and then select **Add** to view the machines in **Change update settings** page.
+1. In the **Hotpatch (preview)** dropdown, select **Enable (current)** and then select **Save**.
+
+   :::image type="content" source="./media/manage-hot-patching-arc-machines/manage-hot-patch-updates.png" alt-text="Screenshot showing how to manage hotpatch updates." lightbox="./media/manage-hot-patching-arc-machines/manage-hot-patch-updates.png"::: 
+
+#### [On single VM](#tab/manage-single)
+
+To re-enable or disable updates on a single VM, follow these steps:
+
+1. Sign in to the [Azure portal](https://portal.azure.com) and go to **Azure Update Manager**.
+1. Under **Resources**, select **Machines** and then select the specific Arc-enabled machine.
+1. In the **Arc-enabled machine | Updates** page, 
+under the **Recommended updates** section, in **Hotpatch**, select **Change**.
+1. In the Hotpatch (preview), select **Enable hotpatching** and then select **Confirm**.
+
+   :::image type="content" source="./media/manage-hot-patching-arc-machines/manage-hot-patch-single-vm.png" alt-text="Screenshot showing how to manage hotpatch updates on a single vm." lightbox="./media/manage-hot-patching-arc-machines/manage-hot-patch-single-vm.png":::
+---
+
+### View hotpatch (preview) status 
+
+#### [At scale](#tab/hotpatch-scale)
+
+To view the hotpatch (preview) status at scale on your machines, follow these steps:
+
+1. Sign in to the [Azure portal](https://portal.azure.com) and go to **Azure Update Manager**.
+1. Under **Resources**, select **Machines** and then select **Edit columns**.
+1. In **Choose columns** pane, select **Hotpatch status** and then select **Save**.
+   
+   The **Hotpatch status** column appears in the machines grid and displays the status for all Azure machines and Arc-enabled machines. To view only Arc related details, you can filter Resource Type as **Arc-enabled server**. 
+
+    :::image type="content" source="./media/manage-hot-patching-arc-machines/view-status-at-scale.png" alt-text="Screenshot showing how to view hotpatching status at scale." lightbox="./media/manage-hot-patching-arc-machines/view-status-at-scale.png":::
+
+#### [On single VM](#tab/hotpatch-single)
+
+To view the hotpatch (preview) status on a single machine, follow these steps:
+
+1. Sign in to the [Azure portal](https://portal.azure.com) and go to **Azure Update Manager**.
+1. Under **Resources**, select **Machines** and then select the specific Arc-enabled machine.
+1. In the **Arc-enabled machine | Updates** page, under the **Recommended updates** section, you can view the Hotpatch status for your VM.
+
+   :::image type="content" source="./media/manage-hot-patching-arc-machines/view-status-single-machine.png" alt-text="Screenshot showing how to view hotpatching status on single virtual machine." lightbox="./media/manage-hot-patching-arc-machines/view-status-single-machine.png":::
+
+---
+
+### Hotpatch (preview) statuses
+
+| Status |  Meaning    |
+|------|-----|
+| Not enrolled| License is available but not enrolled on this machine. |
+| Enabled     | License is enrolled and machine is enabled for receiving hotpatch updates.|
+| Canceled | License has been canceled on the machine.   |
+| Disabled | License is enrolled but the machine is disabled for receiving hotpatch updates. |
+| Pending | Interim status while enrollment is in progress. |
+
+### Check hotpatch (preview) updates
+
+For latest hotpatch updates, enable either [periodic assessment](assessment-options.md#periodic-assessment) or a [one-time update](assessment-options.md#check-for-updates-nowon-demand-assessment).
+
+Periodic assessment automatically assesses for available updates and ensures that available patches are detected. You can view the results of the assessment on the **Recommended updates** tab, including the time of the last assessment. 
+
+You can also choose to trigger an *on-demand patch assessment* for your VM at any time using the **Check for updates** option and review the results after assessment completes. In this assessment result, you can view the reboot status of the given update under **Reboot required** column. 
+
+:::image type="content" source="./media/manage-hot-patching-arc-machines/check-hot-patch-updates.png" alt-text="Screenshot showing how to check hotpatching updates." lightbox="./media/manage-hot-patching-arc-machines/check-hot-patch-updates.png":::
+
+
+### Install hotpatch (preview) updates
+
+To install, you can create a [user-defined schedule](scheduled-patching.md#schedule-recurring-updates-on-a-single-vm) or [one-time update](quickstart-on-demand.md#install-updates). You can install it immediately after it's available, allowing your machine to get secure faster. 
+
+Using either of these options you can choose to install all available update classifications or only security updates. You can also specify updates to include or exclude by providing the individual hotpatch (preview) knowledge base IDs. You can enter more than one knowledge base ID in this flow.
+
+:::image type="content" source="./media/manage-hot-patching-arc-machines/include-knowledge-base-id.png" alt-text="Screenshot showing how to include knowledge base ID." lightbox="./media/manage-hot-patching-arc-machines/include-knowledge-base-id.png":::
+
+This ensures that the hotpatch (preview) update which doesn't require reboots is installed in the same schedule or one-time update schedule, making patch installation window predictable. 
+
+### View history
+
+You can view the history of update deployments on your VM through the [history](deploy-updates.md#view-update-history-for-a-single-vm) option. 
+
+**Update history** displays the history for the past 30 days, along with patch installation details such as reboot status. 
+
+:::image type="content" source="./media/manage-hot-patching-arc-machines/history-update-deployments.png" alt-text="Screenshot showing how to view the history of update deployments on your VM." lightbox="./media/manage-hot-patching-arc-machines/history-update-deployments.png":::
+ 
+
+## Next steps
+
+* Learn more about [hotpatching on Azure VMs](updates-maintenance-schedules.md#hotpatching).
+* Learn more about [configure update settings](manage-update-settings.md) on your machines.
+* Learn more on how to perform an [on-demand update](deploy-updates.md).
+
+