Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into cdnretiretirement

Author: duongau

articles/api-center/manage-apis-azure-cli.md

@@ -39,10 +39,6 @@ az apic api create  --resource-group myResourceGroup \
     --title "Petstore API" --type "rest"
 ```
 
-> [!NOTE]
-> After creating an API, you can update the API's properties by using the [az apic api update](/cli/azure/apic/api#az_apic_api_update) command.
-
-
 ### Create an API version
 
 Use the [az apic api version create](/cli/azure/apic/api/version#az_apic_api_version_create) command to create a version for your API. 
@@ -117,8 +113,26 @@ az apic api register --resource-group myResourceGroup \
 * By default, the command sets the API's **Lifecycle stage** to *design*.
 * It creates an API version named according to the `version` property in the API definition (or *1-0-0* by default), and an API definition named according to the specification format (for example, *openapi*).
 
+## Update API properties
+
 After registering an API, you can update the API's properties by using the [az apic api update](/cli/azure/apic/api#az_apic_api_update), [az apic api version update](/cli/azure/apic/api/version#az_apic_api_version_update), and [az apic api definition update](/cli/azure/apic/api/definition#az_apic_api_definition_update) commands.
 
+The following example updates the title of the *petstore-api* API to *Petstore API v2*.
+
+```azurecli-interactive
+az apic api update --resource-group myResourceGroup \
+    --service-name myAPICenter --api-id petstore-api \
+    --title "Petstore API v2"
+```
+
+The following example sets the API's Boolean *internal* custom property to *false*.
+
+```azurecli-interactive
+az apic api update --resource-group myResourceGroup \
+    --service-name myAPICenter --api-id petstore-api \
+    --set custom_properties.internal=false
+```
+
 ## Delete API resources
 
 Use the [az apic api delete](/cli/azure/apic/api#az_apic_api_delete) command to delete an API and all of its version and definition resources. For example:

articles/application-gateway/configuration-infrastructure.md

@@ -235,6 +235,22 @@ To use the route table to allow kubenet to work:
 
 Any scenario where 0.0.0.0/0 needs to be redirected through a virtual appliance, a hub/spoke virtual network, or on-premises (forced tunneling) isn't supported for v2.
 
+## Additional services
+
+To view roles and permissions for other services, see the following links:
+
+- [Azure ExpressRoute](../expressroute/roles-permissions.md) 
+
+- [Azure Firewall](../firewall/roles-permissions.md) 
+
+- [Azure Route Server](../route-server/roles-permissions.md)
+
+- [Azure Virtual WAN](../virtual-wan/roles-permissions.md)
+
+- [Managed NVA](../virtual-wan/roles-permissions.md#nva-resources)
+
+- [Azure VPN Gateway](../vpn-gateway/roles-permissions.md)
+
 ## Next steps
 
 - [Learn about frontend IP address configuration](configuration-frontend-ip.md)

articles/azure-maps/rest-api-azure-maps.md

@@ -34,7 +34,7 @@ The most recent stable release of the Azure Maps services.
 
 ## Previous releases
 
-There are previous stable releases of an Azure Maps services that are still in use. The services in these lists will generally have a more recent version available, and are slated for retirement. If using a previous release, update to the latest version before it's retired to avoid disruption of service.
+There are previous stable releases of an Azure Maps service that are still in use. The services in these lists will generally have a more recent version available, and are slated for retirement. If using a previous release, update to the latest version before it's retired to avoid disruption of service.
 
 ### Version 2022-08-01
 
@@ -55,7 +55,7 @@ Prerelease version of an Azure Maps service. Preview releases contain new functi
 
 | API | API version | Description |
 |-----|-------------|-------------|
-| [Route][Route-2023-10-01-preview] | 2023-10-01-preview | Returns the ideal route in GeoJSON between locations for multiple modes of transportation.<BR><BR>Some of the updates in this version of the Route service include:<ul><li>Routes with "via" waypoints that the route must pass through.</li><li>More geographies</li><li>More languages available for localized travel instructions.</li></ul> |
+| [Route][Route-2024-07-01-preview] | 2024-07-01-preview | Returns the ideal route in GeoJSON between locations for multiple modes of transportation.<BR><BR>Some of the updates in this version of the Route service include:<ul><li>New Snap to Roads API that snaps GPS data to road aligned coordinates.</li><li>Support for up to 50,000 cells in Route Matrix async.</li><li>High-definition route range polygon.</li><li>Routes with "via" waypoints that the route must pass through.</li><li>More geographies</li><li>More languages available for localized travel instructions.</li> |
 
 <!--- Links to latest versions of each service ---------------------------------->
 [Data Registry]: /rest/api/maps/data-registry
@@ -74,6 +74,6 @@ Prerelease version of an Azure Maps service. Preview releases contain new functi
 [Render v1]: /rest/api/maps/render?view=rest-maps-1.0
 [Search-v1]: /rest/api/maps/search?view=rest-maps-1.0
 
-<!--- 2023-10-01-preview is the latest preview release of the Route service,
+<!--- 2024-07-01-preview is the latest preview release of the Route service,
       currently the only Azure Maps service in Preview -------------------------->
-[Route-2023-10-01-preview]: /rest/api/maps/route?view=rest-maps-2023-10-01-preview
+[Route-2024-07-01-preview]: /rest/api/maps/route?view=rest-maps-2024-07-01-preview

articles/cost-management-billing/manage/understand-mca-roles.md

@@ -6,7 +6,7 @@ ms.reviewer: amberb
 ms.service: cost-management-billing
 ms.subservice: billing
 ms.topic: how-to
-ms.date: 08/21/2024
+ms.date: 12/20/2024
 ms.author: banders
 ---
 
@@ -144,10 +144,12 @@ The following tables show what role you need to complete tasks in the context of
 |Task|Billing profile owner|Billing profile contributor|Billing profile reader|Invoice manager|Billing account owner|Billing account contributor|Billing account reader
 |---|---|---|---|---|---|---|---|
 |View all Azure subscriptions for the billing profile|✔|✔|✔|✔|✔|✔|✔|
-|Create new Azure subscriptions|✔|✔|✘|✘|✔|✔|✘|
-|Cancel Azure subscriptions|✘|✘|✘|✘|✘|✘|✘|
+|Create new Azure subscriptions|✔|✔|✘|✔|✔|✔|✘|
+|Cancel Azure subscriptions|✘|✘|✘|✔¹|✘|✘|✘|
 |Change billing profile for the Azure subscriptions|✔|✔|✘|✘|✔|✔|✘|
 
+¹ Invoice manager can only cancel the subscriptions they created.
+
 ## Invoice section roles and tasks
 
 Each billing profile contains one invoice section by default. You can create more invoice sections to group cost on the billing profile's invoice. Users with roles on an invoice section can control who creates Azure subscriptions and make other purchases. Assign these roles to users who set up Azure environment for teams in our organization like engineering leads and technical architects. For more information, see [Understand invoice section](../understand/mca-overview.md#invoice-sections).

articles/data-factory/data-movement-security-considerations.md

@@ -133,27 +133,27 @@ By default, when remote access from intranet is enabled, PowerShell uses port 80
 
 All data transfers are via secure channel HTTPS and TLS over TCP to prevent man-in-the-middle attacks during communication with Azure services.
 
-You can also use [IPSec VPN](../vpn-gateway/vpn-gateway-about-vpn-devices.md) or [Azure ExpressRoute](../expressroute/expressroute-introduction.md) to further secure the communication channel between your on-premises network and Azure.
+You can also use [IPsec VPN](../vpn-gateway/vpn-gateway-about-vpn-devices.md) or [Azure ExpressRoute](../expressroute/expressroute-introduction.md) to further secure the communication channel between your on-premises network and Azure.
 
-Azure Virtual Network is a logical representation of your network in the cloud. You can connect an on-premises network to your virtual network by setting up IPSec VPN (site-to-site) or ExpressRoute (private peering).
+Azure Virtual Network is a logical representation of your network in the cloud. You can connect an on-premises network to your virtual network by setting up IPsec VPN (site-to-site) or ExpressRoute (private peering).
 
 The following table summarizes the network and self-hosted integration runtime configuration recommendations based on different combinations of source and destination locations for hybrid data movement.
 
 | Source      | Destination                              | Network configuration                    | Integration runtime setup                |
 | ----------- | ---------------------------------------- | ---------------------------------------- | ---------------------------------------- |
-| On-premises | Virtual machines and cloud services deployed in virtual networks | IPSec VPN (point-to-site or site-to-site) | The self-hosted integration runtime should be installed on an Azure virtual machine in the virtual network.  |
+| On-premises | Virtual machines and cloud services deployed in virtual networks | IPsec VPN (point-to-site or site-to-site) | The self-hosted integration runtime should be installed on an Azure virtual machine in the virtual network.  |
 | On-premises | Virtual machines and cloud services deployed in virtual networks | ExpressRoute (private peering)           | The self-hosted integration runtime should be installed on an Azure virtual machine in the virtual network.  |
 | On-premises | Azure-based services that have a public endpoint | ExpressRoute (Microsoft peering)            | The self-hosted integration runtime can be installed on-premises or on an Azure virtual machine. |
 
-The following images show the use of self-hosted integration runtime for moving data between an on-premises database and Azure services by using ExpressRoute and IPSec VPN (with Azure Virtual Network):
+The following images show the use of self-hosted integration runtime for moving data between an on-premises database and Azure services by using ExpressRoute and IPsec VPN (with Azure Virtual Network):
 
 #### Express Route
 
 :::image type="content" source="media/data-movement-security-considerations/express-route-for-gateway.png" alt-text="Use ExpressRoute with gateway"::: 
 
-#### IPSec VPN
+#### IPsec VPN
 
-:::image type="content" source="media/data-movement-security-considerations/ipsec-vpn-for-gateway.png" alt-text="IPSec VPN with gateway":::
+:::image type="content" source="media/data-movement-security-considerations/ipsec-vpn-for-gateway.png" alt-text="IPsec VPN with gateway":::
 
 ### Firewall configurations and allow list setting up for IP addresses
 

articles/expressroute/roles-permissions.md

@@ -57,6 +57,22 @@ For more information, see [Scope levels](../role-based-access-control/scope-over
 > [!NOTE]
 > Allow sufficient time for [Azure Resource Manager cache](../role-based-access-control/troubleshooting.md) to refresh after role assignment changes.
 
+## Additional services
+
+To view roles and permissions for other services, see the following links:
+
+- [Azure Application Gateway](../application-gateway/configuration-infrastructure.md)
+
+- [Azure Firewall](../firewall/roles-permissions.md) 
+
+- [Azure Route Server](../route-server/roles-permissions.md)
+
+- [Azure Virtual WAN](../virtual-wan/roles-permissions.md)
+
+- [Managed NVA](../virtual-wan/roles-permissions.md#nva-resources)
+
+- [Azure VPN Gateway](../vpn-gateway/roles-permissions.md)
+  
 ## Next steps
 
 [What is Azure Role Based Access](../role-based-access-control/overview.md)

articles/firewall/roles-permissions.md

@@ -38,12 +38,13 @@ Depending on whether you're creating new resources or using existing ones, add t
 | Subnet | Use existing| Microsoft.Network/virtualNetworks/subnets/read<br>Microsoft.Network/virtualNetworks/subnets/join/action |
 | IP addresses| Create new| Microsoft.Network/publicIPAddresses/write<br>Microsoft.Network/publicIPAddresses/join/action |
 | IP addresses  | Use existing| Microsoft.Network/publicIPAddresses/read<br>Microsoft.Network/publicIPAddresses/join/action |
+| Azure Firewall | Create new/Update existing| Microsoft.Network/virtualNetworks/subnets/join/action<br>Microsoft.Network/publicIPAddresses/join/action<br>Microsoft.Network/virtualHubs/read |
 
 If you are creating an Azure Firewall in Azure Virtual WAN, add the following permission:
 
 |Resource | Resource status | Required Azure permissions |
 |---|---|---|
-| virtualHubs | Create new | Microsoft.Network/virtualHubs/read
+| virtualHubs | Create new/Update existing | Microsoft.Network/virtualHubs/read
 
 For more information, see [Azure permissions for Networking](../role-based-access-control/permissions/networking.md) and [Virtual network permissions](../virtual-network/virtual-network-manage-subnet.md#permissions).
 
@@ -56,6 +57,22 @@ These scopes are structured in a parent-child relationship, with each level of h
 For example, a role assigned at the subscription level can cascade down to all resources within that subscription, while a role assigned at the resource group level will only apply to resources within that specific group. Learn more about scope level
 For more information, see [Scope levels](../role-based-access-control/scope-overview.md#scope-levels).
 
+## Additional services
+
+To view roles and permissions for other services, see the following links:
+
+- [Azure Application Gateway](../application-gateway/configuration-infrastructure.md)
+
+- [Azure ExpressRoute](../expressroute/roles-permissions.md) 
+
+- [Azure Route Server](../route-server/roles-permissions.md)
+
+- [Azure Virtual WAN](../virtual-wan/roles-permissions.md)
+
+- [Managed NVA](../virtual-wan/roles-permissions.md#nva-resources)
+
+- [Azure VPN Gateway](../vpn-gateway/roles-permissions.md)
+
 > [!NOTE]
 > Allow sufficient time for [Azure Resource Manager cache](../role-based-access-control/troubleshooting.md) to refresh after role assignment changes.
 

articles/frontdoor/troubleshoot-issues.md

@@ -168,6 +168,20 @@ Azure Front Door users the origin host name as the SNI header during SSL handsha
 
 Change the origin from an IP address to an FQDN to which a valid certificate is issued that matches the origin certificate.
 
+## 429 responses from Azure Front Door 
+
+### Symptom
+
+* A percentage of requests start showing errors with the response 429: Too many requests.
+
+### Cause
+
+* Azure Front Door has default platform rate limits. If your traffic exceeds the limit, AFD will start rate limiting the traffic and return 429 responses.
+
+### Troubleshooting steps
+
+* If you start seeing 429s for your legitimate traffic and a higher quota limited is need, create an [Azure support request](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest).
+
 ## Next steps
 
 * Learn how to [create a Front Door](quickstart-create-front-door.md).

articles/route-server/roles-permissions.md

@@ -51,6 +51,22 @@ For more information, see [Scope levels](../role-based-access-control/scope-over
 > [!NOTE]
 > Allow sufficient time for [Azure Resource Manager cache](../role-based-access-control/troubleshooting.md) to refresh after role assignment changes.
 
+## Additional services
+
+To view roles and permissions for other services, see the following links:
+
+- [Azure Application Gateway](../application-gateway/configuration-infrastructure.md)
+
+- [Azure ExpressRoute](../expressroute/roles-permissions.md) 
+
+- [Azure Firewall](../firewall/roles-permissions.md) 
+
+- [Azure Virtual WAN](../virtual-wan/roles-permissions.md)
+
+- [Managed NVA](../virtual-wan/roles-permissions.md#nva-resources)
+
+- [Azure VPN Gateway](../vpn-gateway/roles-permissions.md)
+
 ## Next steps
 
 - [What is Azure Role Based Access](../role-based-access-control/overview.md)

articles/sap/.openpublishing.redirection.sap.json

@@ -5,6 +5,11 @@
       "redirect_url": "/azure/sap/automation/bash/deploy-controlplane",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/sap/workloads/cal-s4h.md",
+      "redirect_url": "/azure/sap/sap-on-azure-overview",
+      "redirect_document_id": true
+    },
     {
       "source_path_from_root": "/articles/sap/automation/bash/remove-region.md",
       "redirect_url": "/azure/sap/automation/bash/remove-controlplane",
@@ -96,4 +101,4 @@
       "redirect_document_id": false
     }
   ]
-}
+}