Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into pr/296761

Author: greg-lindsay

articles/active-directory-b2c/partner-eid-me.md

@@ -250,7 +250,7 @@ You can add more identity claims that eID-Me supports.
 2. Find the `BuildingBlocks` element. 
 
 > [!NOTE]
-> Find supported eID-Me identity claims lists on [OID repository](https://oid-rep.orange-labs.fr/get/1.3.6.1.4.1.50715) with OIDC identifiers on [well-known/openid-configuration](https://eid-me.bluink.ca/.well-known/openid-configuration).
+> Find supported eID-Me identity claims lists on [OID repository](https://oid-base.com/get/1.3.6.1.4.1.12356.101.2.0.1102) with OIDC identifiers on [well-known/openid-configuration](https://eid-me.bluink.ca/.well-known/openid-configuration).
 
    ```xml
    <BuildingBlocks>

articles/api-management/inject-vnet-v2.md

@@ -5,7 +5,7 @@ author: dlepow
 ms.author: danlep
 ms.service: azure-api-management
 ms.topic: how-to 
-ms.date: 11/18/2024
+ms.date: 03/20/2025
 ---
 
 # Inject an Azure API Management instance in a private virtual network - Premium v2 tier
@@ -14,6 +14,9 @@ ms.date: 11/18/2024
 
 This article guides you through the requirements to inject your Azure API Management Premium v2 (preview) instance in a virtual network. 
 
+> [!NOTE]
+> The Premium v2 tier is currently in limited preview. To sign up, fill [this form](https://aka.ms/premiumv2).
+
 > [!NOTE]
 > To inject a classic Developer or Premium tier instance in a virtual network, the requirements and configuration are different. [Learn more](virtual-network-injection-resources.md).
 
@@ -54,7 +57,7 @@ If you want to enable *public* inbound access to an API Management instance in t
 
 ### Network security group
 
-A network security group must be associated with the subnet.
+A network security group must be associated with the subnet. No specific rules are required. To set up a network security group, see [Create a network security group](../virtual-network/manage-network-security-group.md).
 
 ### Subnet delegation
 

articles/api-management/integrate-vnet-outbound.md

@@ -5,7 +5,7 @@ author: dlepow
 ms.author: danlep
 ms.service: azure-api-management
 ms.topic: how-to 
-ms.date: 11/18/2024
+ms.date: 03/20/2025
 ---
 
 # Integrate an Azure API Management instance with a private virtual network for outbound connections 
@@ -48,7 +48,7 @@ If you want to inject a Premium v2 API Management instance into a virtual networ
 
 ### Network security group
 
-A network security group must be associated with the subnet. 
+A network security group must be associated with the subnet. No specific rules are required. To set up a network security group, see [Create a network security group](../virtual-network/manage-network-security-group.md).
 
 ### Subnet delegation
 

articles/app-service/configure-language-python.md

@@ -7,7 +7,7 @@ ms.reviewer: astay
 ms.author: msangapu
 author: msangapu-msft
 ms.devlang: python
-ms.custom: mvc, devx-track-python, devx-track-azurecli, mode-other, py-fresh-zinc, linux-related-content
+ms.custom: mvc, devx-track-python, devx-track-azurecli, mode-other, py-fresh-zinc, linux-related-content, innovation-engine
 adobe-target: true
 ---
 

articles/azure-netapp-files/configure-customer-managed-keys.md

@@ -6,7 +6,7 @@ author: b-ahibbard
 ms.service: azure-netapp-files
 ms.topic: how-to
 ms.custom: references_regions, devx-track-azurecli, devx-track-azurepowershell
-ms.date: 01/28/2025
+ms.date: 03/21/2025
 ms.author: anfdocs
 ---
 
@@ -31,7 +31,6 @@ The following diagram demonstrates how customer-managed keys work with Azure Net
 * To create a volume using customer-managed keys, you must select the *Standard* network features. You can't use customer-managed key volumes with volume configured using Basic network features. Follow instructions in to [Set the Network Features option](configure-network-features.md#set-the-network-features-option) in the volume creation page.
 * For increased security, you can select the **Disable public access** option within the network settings of your key vault. When selecting this option, you must also select **Allow trusted Microsoft services to bypass this firewall** to permit the Azure NetApp Files service to access your encryption key.
 * Customer-managed keys support automatic Managed System Identity (MSI) certificate renewal. If your certificate is valid, you don't need to manually update it. 
-* Applying Azure network security groups on the private link subnet to Azure Key Vault isn't supported for Azure NetApp Files customer-managed keys. Network security groups don't affect connectivity to Private Link unless `Private endpoint network policy` is enabled on the subnet. It's _required_ to keep this option disabled.
 * If Azure NetApp Files fails to create a customer-managed key volume, error messages are displayed. For more information, see [Error messages and troubleshooting](#error-messages-and-troubleshooting).
 * Do not make any changes to the underlying Azure Key Vault or Azure Private Endpoint after creating a customer-managed keys volume. Making changes can make the volumes inaccessible.
 * Azure NetApp Files supports the ability to [transition existing volumes from platform-managed keys (PMK) to customer-managed keys (CMK) without data migration](#transition-volumes). This provides flexibility with the encryption key lifecycle (renewals, rotations) and extra security for regulated industry requirements.

articles/azure-netapp-files/configure-network-features.md

@@ -20,7 +20,7 @@ Two settings are available for network features:
 * ***Standard***  
     This setting enables VNet features for the volume.  
 
-    If you need higher IP limits or VNet features such as [network security groups (NSGs)](../virtual-network/network-security-groups-overview.md), [user-defined routes](../virtual-network/virtual-networks-udr-overview.md#user-defined), or additional connectivity patterns, you should set **Network Features** to *Standard*.
+    If you need higher IP limits or VNet features such as [network security groups (NSGs)](../virtual-network/network-security-groups-overview.md), [user-defined routes](../virtual-network/virtual-networks-udr-overview.md#user-defined), or additional connectivity patterns, set **Network Features** to *Standard*.
 
 * ***Basic***  
     This setting provides reduced IP limits (<1000) and no additional VNet features for the volumes.

articles/azure-netapp-files/data-plane-security.md

@@ -146,7 +146,7 @@ Private endpoints are specialized network interfaces that facilitate a secure an
 
 ### Network security groups (NSGs)
 
-NSGs are collections of security rules that govern inbound and outbound traffic to network interfaces, virtual machines (VMs), and subnets within Azure. These rules are instrumental in defining the access controls and traffic patterns within your network. NSGs are only supported when using the Standard network feature in Azure NetApp Files.
+NSGs are collections of security rules that govern inbound and outbound traffic to network interfaces, virtual machines (VMs), and subnets within Azure. These rules are instrumental in defining the access controls and traffic patterns within your network. NSGs are only supported when using Standard network features in Azure NetApp Files.
 
 #### Security benefits
 

articles/azure-netapp-files/default-individual-user-group-quotas-introduction.md

@@ -5,7 +5,7 @@ services: azure-netapp-files
 author: b-hchen
 ms.service: azure-netapp-files
 ms.topic: conceptual
-ms.date: 02/23/2023
+ms.date: 03/21/2025
 ms.author: anfdocs
 ---
 # Understand default and individual user and group quotas  
@@ -110,7 +110,7 @@ In the following scenario, users `user4` and `user5` are members of `group2`. Th
 :::image type="content" source="./media/default-individual-user-group-quotas-introduction/exceed-disk-quota.png" alt-text="Example showing a scenario of exceeding disk quota.":::
 
 > [!IMPORTANT] 
-> For quota reporting to work, the client needs access to port 4049/UDP on the Azure NetApp Files volumes’ storage endpoint. When using NSGs with standard network features on the Azure NetApp Files delegated subnet, make sure that access is enabled.
+> For quota reporting to work, the client needs access to port 4049/UDP on the Azure NetApp Files volumes’ storage endpoint. When using NSGs with Standard network features on the Azure NetApp Files delegated subnet, ensure access is enabled.
 
 ## Next steps
 

articles/azure-vmware/configure-external-identity-source-nsx-t.md

@@ -58,7 +58,7 @@ You can set up NSX to use an external Lightweight Directory Access Protocol (LDA
     | **Port**     | Leave the default secure LDAP port. |
     | **Enabled**              | Leave as **Yes**. |
     | **Use Start TLS**        | Required only if you use standard (unsecured) LDAP. |
-    | **Bind Identity**        | Use your account that has domain Administrator permissions. For example, `<[email protected]>`. |
+    | **Bind Identity**        | Use your account that has read permissions to directory. For example, `<[email protected]>`. |
     | **Password**            | Enter the password for the LDAP server. This password is the one that you use with the example `<[email protected]>` account. |
     | **Certificate**          | Leave empty (see step 6). |
 

articles/backup/backup-azure-database-postgresql.md

@@ -182,5 +182,5 @@ Azure Backup service creates a job for scheduled backups or if you trigger on-de
 
 ## Next steps
 
-- [Azure Backup pricing information for PostgreSQ](https://azure.microsoft.com/pricing/details/backup/)
-- [Troubleshoot PostgreSQL database backup by using Azure Backup](backup-azure-database-postgresql-troubleshoot.md)
+- [Azure Backup pricing information for PostgreSQL](https://azure.microsoft.com/pricing/details/backup/)
+- [Troubleshoot PostgreSQL database backup by using Azure Backup](backup-azure-database-postgresql-troubleshoot.md)