Merge pull request #292130 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: Taojunshen

articles/application-gateway/configuration-infrastructure.md

@@ -78,6 +78,24 @@ Check your [Azure role-based access control](../role-based-access-control/role-a
 
 You can use the built-in roles, such as [Network contributor](../role-based-access-control/built-in-roles.md#network-contributor), which already support these permissions. If a built-in role doesn't provide the right permission, you can [create and assign a custom role](../role-based-access-control/custom-roles-portal.md). Learn more about [managing subnet permissions](../virtual-network/virtual-network-manage-subnet.md#permissions).
 
+## Permissions
+Depending on whether you're creating new resources or using existing ones, add the appropriate permissions from the following list:
+
+|Resource | Resource status | Required Azure permissions |
+|---|---|---|
+| Subnet | Create new| Microsoft.Network/virtualNetworks/subnets/write<br>Microsoft.Network/virtualNetworks/subnets/join/action |
+| Subnet | Use existing| Microsoft.Network/virtualNetworks/subnets/read<br>Microsoft.Network/virtualNetworks/subnets/join/action |
+| IP addresses| Create new| Microsoft.Network/publicIPAddresses/write<br>Microsoft.Network/publicIPAddresses/join/action |
+| IP addresses  | Use existing| Microsoft.Network/publicIPAddresses/read<br>Microsoft.Network/publicIPAddresses/join/action |
+| ApplicationGatewayWebApplicationFirewallPolicies | Create new / Update existing | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/write Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/join/action |
+
+For more information, see [Azure permissions for Networking](../role-based-access-control/permissions/networking.md) and [Virtual network permissions](../virtual-network/virtual-network-manage-subnet.md#permissions).
+## Roles scope
+In the process of custom role definition, you can specify a role assignment scope at four levels: management group, subscription, resource group, and resources. To grant access, you assign roles to users, groups, service principals, or managed identities at a particular scope.
+These scopes are structured in a parent-child relationship, with each level of hierarchy making the scope more specific. You can assign roles at any of these levels of scope, and the level you select determines how widely the role is applied.
+For example, a role assigned at the subscription level can cascade down to all resources within that subscription, while a role assigned at the resource group level will only apply to resources within that specific group. Learn more about scope level
+For more information, see [Scope levels](../role-based-access-control/scope-overview.md#scope-levels).
+
 > [!NOTE]
 > You might have to allow sufficient time for [Azure Resource Manager cache refresh](../role-based-access-control/troubleshooting.md?tabs=bicep#symptom---role-assignment-changes-are-not-being-detected) after role assignment changes.
 
@@ -221,3 +239,5 @@ Any scenario where 0.0.0.0/0 needs to be redirected through a virtual appliance,
 
 - [Learn about frontend IP address configuration](configuration-frontend-ip.md)
 - [Learn about private Application Gateway deployment](application-gateway-private-deployment.md)
+- [What is Azure Role Based Access](../role-based-access-control/overview.md)
+- [Azure Role Based Access Control](../role-based-access-control/role-assignments-list-portal.yml)

articles/azure-netapp-files/azure-netapp-files-network-topologies.md

@@ -111,7 +111,7 @@ Configuring UDRs on the source VM subnets with the address prefix of delegated s
 > To access an Azure NetApp Files volume from an on-premises network via a VNet gateway (ExpressRoute or VPN) and firewall, configure the route table assigned to the VNet gateway to include the `/32` IPv4 address of the Azure NetApp Files volume listed and point to the firewall as the next hop. Using an aggregate address space that includes the Azure NetApp Files volume IP address will not forward the Azure NetApp Files traffic to the firewall. 
 
 >[!NOTE]
-> If you want to configure a route table (UDR route) to control the routing of packets through a network virtual alliance or firewall destined to an Azure NetApp Files standard volume from a source in the same VNet or a peered VNet, the UDR prefix must be more specific or equal to the delegated subnet size of the Azure NetApp Files volume. If the UDR prefix is less specific than the delegated subnet size, it isn't be effective. 
+> If you want to configure a route table (UDR route) to control the routing of packets through a network virtual appliance or firewall destined to an Azure NetApp Files standard volume from a source in the same VNet or a peered VNet, the UDR prefix must be more specific or equal to the delegated subnet size of the Azure NetApp Files volume. If the UDR prefix is less specific than the delegated subnet size, it isn't be effective. 
 >
 > For example, if your delegated subnet is `x.x.x.x/24`, you must configured your UDR to `x.x.x.x/24` (equal) or `x.x.x.x/32` (more specific). If you configure the UDR route to be `x.x.x.x/16`, undefined behaviors such as asymmetric routing can cause a network drop at the firewall. 
 

articles/backup/backup-azure-diagnostic-events.md

@@ -17,6 +17,9 @@ Azure Backup sends diagnostics events that can be collected and used for the pur
 
 You can configure diagnostics settings for a Recovery Services vault via the Azure portal by going to the vault and selecting **Diagnostics settings**. Selecting **+ Add Diagnostic Setting** lets you send one or more diagnostic events to a storage account, an event hub, or a Log Analytics workspace.
 
+> [!NOTE]
+> Recovery Services vaults can send diagnostic logs to a storage account located in the same region. They can also send these logs to a Log Analytics workspace that may be situated in either the same or a different region.
+
 ![Diagnostics settings pane](./media/backup-azure-diagnostics-events/diagnostics-settings-blade.png)
 
 ## Diagnostics events available for Azure Backup users

articles/migrate/vmware/prepare-for-agentless-migration.md

@@ -88,7 +88,7 @@ The preparation script executes the following changes based on the OS type of th
 
       - IntelIde.sys
       - Atapi
-      - Storfit
+      - Storflt
       - Storvsc
       - VMbus
 

articles/oracle/oracle-db/oracle-database-network-plan.md

@@ -55,7 +55,7 @@ The following table describes required configurations of supported network featu
 |Dual stack (IPv4 and IPv6) virtual network|Only IPv4 is supported|
 
 >[!NOTE]
-> If you want to configure a route table (UDR route) to control the routing of packets through a network virtual alliance or firewall destined to an Oracle Database@Azure instance from a source in the same VNet or a peered VNet, the UDR prefix must be more specific or equal to the delegated subnet size of the Oracle Database@Azure instance. If the UDR prefix is less specific than the delegated subnet size, it isn't be effective. 
+> If you want to configure a route table (UDR route) to control the routing of packets through a network virtual appliance or firewall destined to an Oracle Database@Azure instance from a source in the same VNet or a peered VNet, the UDR prefix must be more specific or equal to the delegated subnet size of the Oracle Database@Azure instance. If the UDR prefix is less specific than the delegated subnet size, it isn't be effective. 
 >
 > For example, if your delegated subnet is `x.x.x.x/24`, you must configured your UDR to `x.x.x.x/24` (equal) or `x.x.x.x/32` (more specific). If you configure the UDR route to be `x.x.x.x/16`, undefined behaviors such as asymmetric routing can cause a network drop at the firewall.