Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-rbac-roles-deid-healthdataaiservices

Author: rolyon

articles/application-gateway/parameter-based-path-selection-portal.md

@@ -0,0 +1,59 @@
+---
+title: Route traffic using parameter based path selection in portal - Azure Application Gateway
+description: Learn how to use the Azure portal to configure an Azure Application Gateway to choose the backend pool based on the value of a header, part of URL, or query string in the request.
+services: application-gateway
+author: greg-lindsay
+ms.service: azure-application-gateway
+ms.topic: how-to
+ms.date: 09/10/2024
+ms.author: greglin
+ms.custom: mvc
+---
+# Perform parameter based path selection with Azure Application Gateway - Azure portal
+
+This article describes how to use the Azure portal to configure an [Application Gateway v2 SKU](./application-gateway-autoscaling-zone-redundant.md) instance to perform parameter based path selection by combining the capabilities of URL Rewrite with path-based routing.
+
+If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+
+## Before you begin
+
+You need to have an Application Gateway v2 SKU instance to complete the steps in this article. URL rewrite and rewriting headers aren't supported in the v1 SKU. If you don't have the v2 SKU, create an [Application Gateway v2 SKU](./tutorial-autoscale-ps.md) instance before you begin.
+
+
+## Sign in to Azure
+
+Sign in to the [Azure portal](https://portal.azure.com/) with your Azure account.
+
+## Configure parameter based path selection
+
+For this example, you have a shopping website and the product category is passed as query string in the URL, and you want to route the request to backend based on the query string, then:
+
+**Step 1:**  Create a path-map as shown in the following image:
+
+:::image type="content" source="./media/rewrite-http-headers-url/url-scenario1-1.png" alt-text="A screenshot of URL rewrite scenario 1-1.":::
+
+**Step 2 (a):** Create a rewrite set which has 3 rewrite rules: 
+
+* The first rule has a condition that checks the *query_string* variable for *category=shoes* and has an action that rewrites the URL path to /*listing1* and has **Reevaluate path map** enabled
+
+* The second rule has a condition that checks the *query_string* variable for *category=bags* and has an action that rewrites the URL path to /*listing2*  and has **Reevaluate path map** enabled
+
+* The third rule has a condition that checks the *query_string* variable for *category=accessories* and has an action that rewrites the URL path to /*listing3* and has **Reevaluate path map** enabled
+
+    :::image type="content" source="./media/rewrite-http-headers-url/url-scenario1-2.png" alt-text="A screenshot of URL rewrite scenario 1-2.":::
+
+ 
+**Step 2 (b):** Associate this rewrite set with the default path of the previous path-based rule:
+
+:::image type="content" source="./media/rewrite-http-headers-url/url-scenario1-3.png" alt-text="A screenshot of URL rewrite scenario 1-3.":::
+
+If the user requests *contoso.com/listing?category=any*, then it's matched with the default path since none of the path patterns in the path map (/listing1, /listing2, /listing3) are matched. Since you associated the previous rewrite set with this path, this rewrite set is evaluated. Because the query string doesn't match the condition in any of the 3 rewrite rules in this rewrite set, no rewrite action takes place. Therefore, the request is routed unchanged to the backend associated with the default path (which is *GenericList*).
+
+If the user requests *contoso.com/listing?category=shoes*, then the default path is matched. However, in this case, the condition in the first rule matches. Therefore, the action associated with the condition is executed, which rewrites the URL path to /*listing1*  and reevaluates the path-map. When the path-map is reevaluated, the request matches the path associated with pattern */listing1* and the request is routed to the backend associated with this pattern (ShoesListBackendPool).
+
+> [!NOTE]
+> This scenario can be extended to any header or cookie value, URL path, query string or server variables based on the conditions defined and essentially enables you to route requests based on those conditions.
+
+## Next steps
+
+To learn more about how to set up some common use cases, see [common header rewrite scenarios](./rewrite-http-headers-url.md).

articles/application-gateway/rewrite-http-headers-url.md

@@ -4,7 +4,7 @@ description: This article provides an overview of rewriting HTTP headers and URL
 author: greg-lindsay
 ms.service: azure-application-gateway
 ms.topic: conceptual
-ms.date: 09/06/2024
+ms.date: 09/10/2024
 ms.author: greglin
 ---
 
@@ -203,7 +203,7 @@ Here are the steps for replacing the hostname:
 1. Create a rewrite rule with a condition that evaluates if the location header in the response contains azurewebsites.net. Enter the pattern `(https?):\/\/.*azurewebsites\.net(.*)$`.
 2. Perform an action to rewrite the location header so that it has the application gateway's hostname. Do this by entering `{http_resp_Location_1}://contoso.com{http_resp_Location_2}` as the header value. Alternatively, you can also use the server variable `host` to set the hostname to match the original request.
 
-![A screenshow of the modify location header action.](./media/rewrite-http-headers-url/app-service-redirection.png)
+   ![A screenshot of the modify location header action.](./media/rewrite-http-headers-url/app-service-redirection.png)
 
 #### Implement security HTTP headers to prevent vulnerabilities
 
@@ -229,34 +229,14 @@ You can evaluate an HTTP request or response header for the presence of a header
 
 #### Parameter based path selection
 
-To accomplish scenarios where you want to choose the backend pool based on the value of a header, part of the URL, or query string in the request, you can use the combination of URL Rewrite capability and path-based routing. For example, if you have a shopping website and the product category is passed as query string in the URL, and you want to route the request to backend based on the query string, then:
+To accomplish scenarios where you want to choose the backend pool based on the value of a header, part of the URL, or query string in the request, you can use a combination of URL Rewrite capability and path-based routing. 
 
-**Step1:**  Create a path-map as shown in the image below
+To do this, create a rewrite set with a condition that checks for a specific parameter (query string, header, etc.) and then performs an action where it changes the URL path (ensure **Reevaluate path map** is enabled). The rewrite set must then be associated to a path based rule. The path based rule must contain the same URL paths specified in the rewrite set and their corresponding backend pool. 
 
-:::image type="content" source="./media/rewrite-http-headers-url/url-scenario1-1.png" alt-text="URL rewrite scenario 1-1.":::
+Thus, the rewrite set allows users to check for a specific parameter and assign it a new path, and the path based rule allows users to assign backend pools to those paths. As long as "Reevaluate path map" is enabled, traffic routs based on the path specified in the rewrite set. 
 
-**Step 2 (a):** Create a rewrite set which has 3 rewrite rules: 
+For a use case example using query strings, see [Route traffic using parameter based path selection in portal](parameter-based-path-selection-portal.md).
 
-* The first rule has a condition that checks the *query_string* variable for *category=shoes* and has an action that rewrites the URL path to /*listing1* and has **Reevaluate path map** enabled
-
-* The second rule has a condition that checks the *query_string* variable for *category=bags* and has an action that rewrites the URL path to /*listing2*  and has **Reevaluate path map** enabled
-
-* The third rule has a condition that checks the *query_string* variable for *category=accessories* and has an action that rewrites the URL path to /*listing3* and has **Reevaluate path map** enabled
-
-:::image type="content" source="./media/rewrite-http-headers-url/url-scenario1-2.png" alt-text="URL rewrite scenario 1-2.":::
-
- 
-
-**Step 2 (b):** Associate this rewrite set with the default path of the above path-based rule
-
-:::image type="content" source="./media/rewrite-http-headers-url/url-scenario1-3.png" alt-text="URL rewrite scenario 1-3.":::
-
-If the user requests *contoso.com/listing?category=any*, then it's matched with the default path since none of the path patterns in the path map (/listing1, /listing2, /listing3) are matched. Since you associated the previous rewrite set with this path, this rewrite set is evaluated. Because the query string won't match the condition in any of the 3 rewrite rules in this rewrite set, no rewrite action takes place. Therefore, the request is routed unchanged to the backend associated with the default path (which is *GenericList*).
-
-If the user requests *contoso.com/listing?category=shoes*, then the default path is matched. However, in this case the condition in the first rule matches. Therefore, the action associated with the condition is executed, which rewrites the URL path to /*listing1*  and reevaluates the path-map. When the path-map is reevaluated, the request matches the path associated with pattern */listing1* and the request is routed to the backend associated with this pattern (ShoesListBackendPool).
-
-> [!NOTE]
-> This scenario can be extended to any header or cookie value, URL path, query string or server variables based on the conditions defined and essentially enables you to route requests based on those conditions.
 
 #### Rewrite query string parameters based on the URL
 

articles/application-gateway/toc.yml

@@ -271,6 +271,10 @@
       items:
         - name: Azure portal
           href: rewrite-url-portal.md
+    - name: Parameter based path selection
+      items:
+        - name: Azure portal
+          href: parameter-based-path-selection-portal.md
   - name: Configure custom probes
     items:
       - name: Portal

articles/azure-cache-for-redis/includes/cache-entra-access.md

@@ -10,7 +10,7 @@ ms.topic: include
 
 ### Enable Microsoft Entra ID authentication on your cache
 
-If you have a cache already, you first want to check to see if Microsoft Entra Authentication has been enabled. If not, then enable it. We recommend using Microsoft Entra ID for your applications.
+If you have a cache, check to see if Microsoft Entra Authentication has been enabled. If not, then enable it. We recommend using Microsoft Entra ID for your apps.
 
 1. In the Azure portal, select the Azure Cache for Redis instance where you'd like to use Microsoft Entra token-based authentication.
 

articles/azure-functions/create-first-function-vs-code-python.md

@@ -2,7 +2,7 @@
 title: Create a Python function using Visual Studio Code - Azure Functions
 description: Learn how to create a Python function, then publish the local project to serverless hosting in Azure Functions using the Azure Functions extension in Visual Studio Code.
 ms.topic: quickstart
-ms.date: 06/03/2024
+ms.date: 09/10/2024
 ms.devlang: python
 ms.custom: devx-track-python, mode-api, devdivchpfy22, vscode-azure-extension-update-complete, ai-video-demo
 ai-usage: ai-assisted
@@ -47,9 +47,9 @@ In this section, you use Visual Studio Code to create a local Azure Functions pr
 
 1. In Visual Studio Code, press <kbd>F1</kbd> to open the command palette and search for and run the command `Azure Functions: Create New Project...`.
 
-2. Choose the directory location for your project workspace and choose **Select**. You should either create a new folder or choose an empty folder for the project workspace. Don't choose a project folder that is already part of a workspace.
+1. Choose the directory location for your project workspace and choose **Select**. You should either create a new folder or choose an empty folder for the project workspace. Don't choose a project folder that is already part of a workspace.
 
-3. Provide the following information at the prompts:
+1. Provide the following information at the prompts:
 
     |Prompt|Selection|
     |--|--|
@@ -60,24 +60,21 @@ In this section, you use Visual Studio Code to create a local Azure Functions pr
     |**Authorization level**| Choose `ANONYMOUS`, which lets anyone call your function endpoint. For more information, see [Authorization level](functions-bindings-http-webhook-trigger.md#http-auth).|
     |**Select how you would like to open your project** | Choose `Open in current window`.|
 
-4. Visual Studio Code uses the provided information and generates an Azure Functions project with an HTTP trigger. You can view the local project files in the Explorer. The generated `function_app.py` project file contains your functions.   
-<!--- Remove these last steps after the next Core Tools version is released (4.28.0)---> 
-5. Open the local.settings.json project file and verify that the `AzureWebJobsFeatureFlags` setting has a value of `EnableWorkerIndexing`. This is required for Functions to interpret your project correctly as the Python v2 model when running locally.  
+1. Visual Studio Code uses the provided information and generates an Azure Functions project with an HTTP trigger. You can view the local project files in the Explorer. The generated `function_app.py` project file contains your functions.
 
-6. In the local.settings.json file, update the `AzureWebJobsStorage` setting as in the following example:
+1. In the local.settings.json file, update the `AzureWebJobsStorage` setting as in the following example:
 
     ```json
     "AzureWebJobsStorage": "UseDevelopmentStorage=true",
     ```
-
-    This tells the local Functions host to use the storage emulator for the storage connection currently required by the Python v2 model. When you publish your project to Azure, you need to instead use the default storage account. If you're instead using an Azure Storage account, set your storage account connection string here.
+    
+    This tells the local Functions host to use the storage emulator for the storage connection required by the Python v2 model. When you publish your project to Azure, this setting uses the default storage account instead. If you're using an Azure Storage account during local development, set your storage account connection string here.
 
 ## Start the emulator
 
 1. In Visual Studio Code, press <kbd>F1</kbd> to open the command palette. In the command palette, search for and select `Azurite: Start`.
 
-1. Check the bottom bar and verify that Azurite emulation services are running. If so, you can now run your function locally.
-::: zone-end
+1. Check the bottom bar and verify that Azurite emulation services are running. If so, you can now run your function locally.  
 
 [!INCLUDE [functions-run-function-test-local-vs-code](../../includes/functions-run-function-test-local-vs-code.md)]
 

articles/azure-functions/functions-reference-python.md

@@ -470,8 +470,7 @@ As an example, the following code demonstrates how to define a Blob Storage inpu
   "Values": {
     "FUNCTIONS_WORKER_RUNTIME": "python",
     "STORAGE_CONNECTION_STRING": "<AZURE_STORAGE_CONNECTION_STRING>",
-    "AzureWebJobsStorage": "<azure-storage-connection-string>",
-    "AzureWebJobsFeatureFlags": "EnableWorkerIndexing"
+    "AzureWebJobsStorage": "<azure-storage-connection-string>"
   }
 }
 ```
@@ -1154,16 +1153,7 @@ def main(req: func.HttpRequest) -> func.HttpResponse:
   logging.info(f'My app setting value:{my_app_setting_value}')
 ```
 
-For local development, application settings are [maintained in the *local.settings.json* file](functions-develop-local.md#local-settings-file).
-
-When you're using the new programming model, enable the following app setting in the *local.settings.json* file, as shown here:
-
-```json
-"AzureWebJobsFeatureFlags": "EnableWorkerIndexing"
-```
-
-When you're deploying the function, this setting isn't created automatically. You must explicitly create this setting in your function app in Azure for it to run by using the v2 model.
-
+For local development, application settings are [maintained in the *local.settings.json* file](functions-develop-local.md#local-settings-file).  
 ::: zone-end
 
 ## Python version

articles/expressroute/traffic-collector.md

@@ -109,7 +109,7 @@ Note: If your desired region is not yet supported, you can deploy ExpressRoute T
 
 ## Pricing
 
-| Zone | Gateway per hour | Data processed per GB |
+| Zone | Collector Instance Uptime | Data processed per GB |
 | ---- | ---------------- | --------------------- |
 | Zone 1 | $0.60/hour | $0.10/GB |
 | Zone 2 | $0.80/hour | $0.20/GB |

articles/partner-solutions/datadog/prerequisites.md

@@ -17,8 +17,8 @@ This article describes how to set up your environment before deploying your firs
 To set up the Datadog - An Azure Native ISV Service, you must have **Owner** access on the Azure subscription. [Confirm that you have the appropriate access](../../role-based-access-control/check-access.md) before starting the setup.
 
 ## Add enterprise application
- 
-To use the Security Assertion Markup Language (SAML) single sign-on (SSO) feature within the Datadog resource, you must set up an enterprise application. To add an enterprise application, you need one of these roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
+
+To use the Security Assertion Markup Language (SAML) single sign-on (SSO) feature within the Datadog resource, you must set up an enterprise application. To add an enterprise application, you need one of these roles: Cloud Application Administrator, Application Administrator, or owner of the service principal.
 
 Use the following steps to set up the enterprise application:
 

articles/partner-solutions/dynatrace/dynatrace-create.md

@@ -102,7 +102,7 @@ Use the Azure portal to find Azure Native Dynatrace Service application.
 
     - **Send Azure resource logs for all defined sources** - Azure resource logs provide insight into operations that were taken on an Azure resource at the [data plane](../../azure-resource-manager/management/control-plane-and-data-plane.md). For example, getting a secret from a Key Vault is a data plane operation. Or, making a request to a database is also a data plane operation. The content of resource logs varies by the Azure service and resource type.
 
-   - **Send Microsoft Entra logs** – Microsoft Entra logs allow you to route the audit, sign-in, and provisioning logs to Dynatrace. The details are listed in [Microsoft Entra activity logs in Azure Monitor](../../active-directory/reports-monitoring/concept-activity-logs-azure-monitor.md). The global administrator or security administrator for your Microsoft Entra tenant can enable Microsoft Entra logs.
+   - **Send Microsoft Entra logs** – Microsoft Entra logs allow you to route the audit, sign-in, and provisioning logs to Dynatrace. The details are listed in [Microsoft Entra activity logs in Azure Monitor](../../active-directory/reports-monitoring/concept-activity-logs-azure-monitor.md). The administrator or security administrator for your Microsoft Entra tenant can enable Microsoft Entra logs.
 
 1. To send subscription level logs to Dynatrace, select **Send subscription activity logs**. If this option is left unchecked, none of the subscription level logs are sent to Dynatrace.
 

articles/partner-solutions/dynatrace/dynatrace-how-to-configure-prereqs.md

@@ -17,7 +17,7 @@ To set up Dynatrace for Azure, you must have **Owner** or **Contributor** access
 
 ## Add enterprise application
 
-To use the Security Assertion Markup Language (SAML) based single sign-on (SSO) feature within the Dynatrace resource, you must set up an enterprise application. To add an enterprise application, you need one of these roles: Global administrator, Cloud Application Administrator, or Application Administrator.
+To use the Security Assertion Markup Language (SAML) based single sign-on (SSO) feature within the Dynatrace resource, you must set up an enterprise application. To add an enterprise application, you need one of these roles: Cloud Application Administrator, or Application Administrator.
 
 1. Go to Azure portal. Select **Microsoft Entra ID,** then **Enterprise App** and then **New Application**.