Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

articles/app-service/app-service-web-configure-tls-mutual-auth.md

@@ -109,7 +109,7 @@ In the following screenshot, any path for your app that starts with `/public` do
 ![Certificate Exclusion Paths][exclusion-paths]
 
 ## Client certificate and TLS renegotiation
-App Service requires TLS renegotiation to read a request before knowing whether to prompt for a client certificate. Any of the following settings triggers TLS renegotiation:
+For some client certificate settings, App Service requires TLS renegotiation to read a request before knowing whether to prompt for a client certificate. Any of the following settings triggers TLS renegotiation:
 1. Using "Optional Interactive User" client certificate mode.
 1. Using [client certificate exclusion path](#exclude-paths-from-requiring-authentication).
 

articles/app-service/migrate-wordpress.md

@@ -3,6 +3,7 @@ title: Migrate WordPress to App Service on Linux
 description: Migrate WordPress to App Service on Linux.
 author: msangapu-msft
 
+ms.subservice: wordpress
 ms.topic: article
 ms.date: 01/20/2023
 ms.author: msangapu

articles/app-service/overview-wordpress.md

@@ -8,7 +8,7 @@ ms.topic: overview
 ms.date: 12/10/2024
 # ms.devlang: wordpress
 ms.author: msangapu
-ms.service: azure-app-service
+ms.subservice: wordpress
 ms.custom: mvc, linux-related-content
 #customer intent: As a new Azure customer, I want to learn more about WordPress on App Service so that I can build an effective WP site.
 ---

articles/app-service/quickstart-wordpress.md

@@ -3,6 +3,7 @@ title: 'Quickstart: Create a WordPress site'
 description: Create your first WordPress site on Azure App Service in minutes.
 keywords: app service, azure app service, wordpress, preview, app service on linux, plugins, mysql flexible server, wordpress on linux, php
 author: msangapu-msft
+ms.subservice: wordpress
 ms.topic: quickstart
 ms.date: 03/28/2024
 # ms.devlang: wordpress

articles/app-service/toc.yml

@@ -401,7 +401,7 @@
       href: overview-wordpress.md
     - name: WordPress architecture
       displayName: WordPress on App Service architecture
-      href: /azure/architecture/example-scenario/infrastructure/wordpress-app-service
+      href: /azure/architecture/example-scenario/infrastructure/wordpress-app-service?toc=%2Fazure%2Fapp-service%2Ftoc.json&bc=%2Fazure%2Fapp-service%2Fbreadcrumb%2Ftoc.json
     - name: Deploy WordPress
       displayName: Create a WordPress site
       href: quickstart-wordpress.md
@@ -413,7 +413,7 @@
       href: reference-app-settings.md#wordpress
     - name: Customize API Management developer portal
       displayName: API Management and WordPress
-      href: /azure/api-management/developer-portal-wordpress-plugin
+      href: /azure/api-management/developer-portal-wordpress-plugin?toc=%2Fazure%2Fapp-service%2Ftoc.json&bc=%2Fazure%2Fapp-service%2Fbreadcrumb%2Ftoc.json
     - name: WordPress FAQ
       displayName: WordPress frequently asked questions
       href: wordpress-faq.md

articles/app-service/wordpress-faq.md

@@ -4,6 +4,7 @@ description: Use this article to find frequently asked questions and answers abo
 keywords: app service, azure app service, wordpress, preview, app service on linux, plugins, mysql flexible server, wordpress on linux, php
 ai-usage: ai-assisted
 author: reddyabhishek
+ms.subservice: wordpress
 ms.topic: faq
 ms.date: 12/13/2024
 # ms.devlang: wordpress

articles/azure-cache-for-redis/TOC.yml

@@ -131,6 +131,8 @@
       href: managed-redis/managed-redis-best-practices-server-load.md
     - name: Performance testing
       href: managed-redis/managed-redis-best-practices-performance.md
+    - name: Kubernetes-hosted client applications best practices
+      href: managed-redis/managed-redis-best-practices-kubernetes.md
 
   - name: Authentication and authorization
     items:

articles/azure-cache-for-redis/cache-best-practices-kubernetes.md

@@ -24,11 +24,11 @@ A pod running the client application can be affected by other pods running on th
 
 ## Linux-hosted client applications and TCP settings
 
-If your Azure Managed Redis (preview) client application runs on a Linux-based container, we recommend updating some TCP settings. These settings are detailed in [TCP settings for Linux-hosted client applications](cache-best-practices-connection.md#tcp-settings-for-linux-hosted-client-applications).
+If your Azure Cache for Redis client application runs on a Linux-based container, we recommend updating some TCP settings. These settings are detailed in [TCP settings for Linux-hosted client applications](cache-best-practices-connection.md#tcp-settings-for-linux-hosted-client-applications).
 
 ## Potential connection collision with _Istio/Envoy_
 
-Currently, Azure Managed Redis (preview) uses ports 15xxx for clustered caches to expose cluster nodes to client applications. As documented [here](https://istio.io/latest/docs/ops/deployment/application-requirements/#ports-used-by-istio), the same ports are also used by _Istio.io_ sidecar proxy called _Envoy_ and could interfere with creating connections, especially on port 15001 and 15006.
+<!-- Currently, Azure Cache for Redis uses ports 15xxx for clustered caches to expose cluster nodes to client applications. As documented [here](https://istio.io/latest/docs/ops/deployment/application-requirements/#ports-used-by-istio), the same ports are also used by _Istio.io_ sidecar proxy called _Envoy_ and could interfere with creating connections, especially on port 15001 and 15006. -->
 
 When using _Istio_ with an Azure Managed Redis cluster, consider excluding the potential collision ports with an [istio annotation](https://istio.io/latest/docs/reference/config/annotations/).
 
@@ -40,7 +40,7 @@ annotations:
 To avoid connection interference, we recommend:
 
 - Consider using a nonclustered cache or an Enterprise tier cache instead
-- Avoid configuring _Istio_ sidecars on pods running Azure Managed Redis (preview) client code
+- Avoid configuring _Istio_ sidecars on pods running Azure Cache for Redis client code
 
 ## Related content
 

articles/azure-cache-for-redis/cache-remove-tls-10-11.md

@@ -4,10 +4,9 @@ description: Learn how to remove TLS 1.0 and 1.1 from your application when comm
 
 
 ms.topic: conceptual
-ms.date: 09/12/2023
+ms.date: 12/09/2024
 
-ms.devlang: csharp
-# ms.devlang: csharp, golang, java, javascript, php, python
+ms.custom: devx-track-azurepowershell, devx-track-azurecli
 
 ---
 
@@ -23,20 +22,20 @@ TLS versions 1.0 and 1.1 also don't support the modern encryption methods and ci
 >
 
 > [!IMPORTANT]
-> The TLS 1.0/1.1 retirement content in this article does not apply to Azure Cache for Redis Enterprise/Enterprise Flash because the Enterprise tiers only support TLS 1.2.
->
+> The TLS 1.0/1.1 retirement content in this article does not apply to Azure Cache for Redis Enterprise/Enterprise Flash because the Enterprise tiers only support TLS 1.2 or newer.
 
 As a part of this effort, you can expect the following changes to Azure Cache for Redis:
 
 - _Phase 1_: Azure Cache for Redis stops offering TLS 1.0/1.1 as an option for _MinimumTLSVersion_ setting for new cache creates. Existing cache instances won't be updated at this point. You can't set the _MinimumTLSVersion_ to 1.0 or 1.1 for your existing cache.
 - _Phase 2_: Azure Cache for Redis stops supporting TLS 1.1 and TLS 1.0 starting March 1, 2025. After this change, your application must use TLS 1.2 or later to communicate with your cache. The Azure Cache for Redis service remains available while we update the _MinimumTLSVersion_ for all caches to 1.2.
 
-| Date             | Description                                                                                                                                                                                                                                                                    |
-| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| September 2023   | TLS 1.0/1.1 retirement announcement                                                                                                                                                                                                                                            |
-| March 1, 2024    | Beginning March 1, 2024, you can't create new caches with the Minimum TLS version set to 1.0 or 1.1 and you can't set the _MinimumTLSVersion_ to 1.0 or 1.1 for your existing cache. The minimum TLS version won't be updated automatically for existing caches at this point. |
-| October 31, 2024 | Ensure that all your applications are connecting to Azure Cache for Redis using TLS 1.2 and Minimum TLS version on your cache settings is set to 1.2.                                                                                                                          |
-| Starting March 1, 2025 | Minimum TLS version for all cache instances is updated to 1.2. This means Azure Cache for Redis instances reject connections using TLS 1.0 or 1.1 at this point.                                                                                                               |
+
+| Date | Description |
+|--|--|
+| September 2023 | TLS 1.0/1.1 retirement announcement |
+| March 1, 2024 | Beginning March 1, 2024, you can't create new caches with the Minimum TLS version set to 1.0 or 1.1 and you can't set the _MinimumTLSVersion_ to 1.0 or 1.1 for your existing cache. The minimum TLS version aren't updated automatically for existing caches at this point. |
+| October 31, 2024 | Ensure that all your applications are connecting to Azure Cache for Redis using TLS 1.2 and Minimum TLS version on your cache settings is set to 1.2. |
+| Starting March 1, 2025 | Minimum TLS version for all cache instances is updated to 1.2. This means Azure Cache for Redis instances reject connections using TLS 1.0 or 1.1 at this point. |
 
   > [!IMPORTANT]
   > The content in this article does not apply to Azure Cache for Redis Enterprise/Enterprise Flash because the Enterprise tiers only support TLS 1.2.
@@ -49,30 +48,107 @@ As part of this change, Azure Cache for Redis removes support for older cipher s
 
 The following sections provide guidance about how to detect dependencies on these earlier TLS versions and remove them from your application.
 
-### Check whether your application is already compliant
+## Check TLS versions supported by your Azure Cache for Redis
+
+You can use this PowerShell script to verify the TLS versions supported by your Azure Cache for Redis endpoint. If your Redis instance is virtual network (VNet) injected, you have to run this script from a Virtual Machine in your VNet that has access to the Azure Cache for Redis endpoint.
+
+If the result shows `Tls Enabled` and/or `Tls 11 Enabled`, then ensure you follow the instructions to [Configure your Azure Cache for Redis to use TLS 1.2](#configure-your-azure-cache-for-redis-to-use-tls-12). If the result shows only `Tls12 Enabled` and your client application is able to connect without any errors, then no action is needed.
+
+```powershell
+    param(
+    [Parameter(Mandatory=$true)]
+    [string]$redisCacheName,
+    [Parameter(Mandatory=$false)]
+    [string]$dnsSuffix = ".redis.cache.windows.net",
+    [Parameter(Mandatory=$false)]
+    [int]$connectionPort = 6380,
+    [Parameter(Mandatory=$false)]
+    [int]$timeoutMS = 2000
+    )
+    $redisEndpoint = "$redisCacheName$dnsSuffix"
+    $protocols = @(
+        [System.Security.Authentication.SslProtocols]::Tls,
+        [System.Security.Authentication.SslProtocols]::Tls11,
+        [System.Security.Authentication.SslProtocols]::Tls12
+    )
+    $protocols | % {
+        $ver = $_
+        $tcpClientSocket = New-Object Net.Sockets.TcpClient($redisEndpoint, $connectionPort )
+        if(!$tcpClientSocket)
+        {
+            Write-Error "$ver- Error Opening Connection: $port on $computername Unreachable"
+            exit 1;
+        }
+        else
+        {
+            $tcpstream = $tcpClientSocket.GetStream()
+            $sslStream = New-Object System.Net.Security.SslStream($tcpstream,$false)
+            $sslStream.ReadTimeout = $timeoutMS
+            $sslStream.WriteTimeout = $timeoutMS
+            try
+            {
+                $sslStream.AuthenticateAsClient($redisEndpoint, $null, $ver, $false)
+                Write-Host "$ver Enabled"
+            }
+            catch [System.IO.IOException]
+            {
+                $null = $_
+                #Write-Host "$ver Disabled"
+            }
+            catch
+            {
+                $null = $_
+                #Write-Error "Unexpected exception $_"
+            }
+        }
+    }
+```
+
+## Configure your Azure Cache for Redis to use TLS 1.2
+
+You can configure TLS 1.2 on the cache by setting the **Minimum TLS version** value to TLS 1.2 in the [Advanced settings](cache-configure.md#advanced-settings) of your cache in the Azure portal.
+
+1. To configure your cache to use TLS 1.2, first select **Advanced settings** from the Resource menu of your cache.
+
+1. Select **1.2** in the **Minimum TLS version** in the working pane. Then, select **Save**.
+
+  :::image type="content" source="media/cache-remove-tls-10-11/change-redis-tls-version.png" alt-text="Screenshot showing the Set TLS 1.2 for cache on Azure portal":::
 
-You can find out whether your application works with TLS 1.2 by setting the **Minimum TLS version** value to TLS 1.2 on a test or staging cache, then running tests. The **Minimum TLS version** setting is in the [Advanced settings](cache-configure.md#advanced-settings) of your cache instance in the Azure portal. If the application continues to function as expected after this change, then your app is using TLS 1.2 or newer.
+You can also do the same using PowerShell. You need the Az.RedisCache module already installed before running the command.
 
-### Configure your application to use TLS 1.2 or later
+```powershell
+   Set-AzRedisCache -Name <YourRedisCacheName> -MinimumTlsVersion "1.2"
+```
+
+For setting the TLS version through CLI, the `--minimum-tls-version` is available only at Redis creation time and changing `minimum-tls-version` on an existing Redis instance isn't supported.
+
+> [!NOTE]
+> The Azure Cache for Redis service should be available during the migration TLS 1.2 or later.
+
+## Check whether your client application is already compliant
 
-Most applications use Redis client libraries to handle communication with their caches. Here are instructions for configuring some of the popular client libraries, in various programming languages and frameworks, to use TLS 1.2 or later.
+You can find out whether your application works with TLS 1.2 by setting the **Minimum TLS version** value to TLS 1.2 as explained earlier, on a test or staging cache and then running tests. If the application continues to function as expected after this change, it's probably compliant. It's possible you might need to [configure the Redis client library](#configure-your-client-application-to-use-tls-12) used by your application to specifically enable TLS 1.2 to connect to Azure Cache for Redis.
 
-#### .NET
+## Configure your client application to use TLS 1.2
+
+Most applications use Redis client libraries to handle communication with their caches. Here are instructions for configuring some of the popular client libraries, in various programming languages and frameworks, to use TLS 1.2.
+
+### .NET
 
 Redis .NET clients use the earliest TLS version by default on .NET Framework 4.5.2 or earlier, and use the latest TLS version on .NET Framework 4.6 or later. If you're using an older version of .NET Framework, enable TLS 1.2 manually:
 
 - _StackExchange.Redis_: Set `ssl=true` and `sslProtocols=tls12` in the connection string.
 - _ServiceStack.Redis_: Follow the [ServiceStack.Redis](https://github.com/ServiceStack/ServiceStack.Redis#servicestackredis-ssl-support) instructions and requires ServiceStack.Redis v5.6 at a minimum.
 
-#### .NET Core
+### .NET Core
 
 Redis .NET Core clients default to the OS default TLS version, which depends on the OS itself.
 
 Depending on the OS version and any patches that were applied, the effective default TLS version can vary. For more information, see [Transport Layer Security (TLS) best practices with the .NET Framework](/dotnet/framework/network-programming/tls).
 
 However, if you're using an old OS or just want to be sure, we recommend configuring the preferred TLS version manually through the client.
 
-#### Java
+### Java
 
 Redis Java clients use TLS 1.0 on Java version 6 or earlier. Jedis, Lettuce, and Redisson can't connect to Azure Cache for Redis if TLS 1.0 is disabled on the cache. Upgrade your Java framework to use new TLS versions.
 
@@ -98,31 +174,32 @@ In Java 8, TLS 1.2 is used by default and shouldn't require updates to your clie
 
 As of Java 17, TLS 1.3 is used by default.
 
-#### Node.js
+### Node.js
 
 Node Redis and ioredis both support TLS 1.2 and 1.3.
 
-#### PHP
+### PHP
 
-- Versions earlier than PHP 7: Predis supports only TLS 1.0. These versions don't work with TLS 1.2; you must upgrade to use TLS 1.2.
+Versions earlier than PHP 7: Predis supports only TLS 1.0. These versions don't work with TLS 1.2; you must upgrade to use TLS 1.2.
 
-- PHP 7.0 to PHP 7.2.1: Predis uses only TLS 1.0 or 1.1 by default. You can use the following workaround to use TLS 1.2. Specify TLS 1.2 when you create the client instance:
+PHP 7.0 to PHP 7.2.1: Predis uses only TLS 1.0 or 1.1 by default. You can use the following workaround to use TLS 1.2. Specify TLS 1.2 when you create the client instance:
 
-  ``` PHP
-  $redis=newPredis\Client([
-      'scheme'=>'tls',
-      'host'=>'host',
-      'port'=>6380,
-      'password'=>'password',
-      'ssl'=>[
-          'crypto_type'=>STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
-      ],
-  ]);
-  ```
+``` PHP
+$redis=newPredis\Client([
+    'scheme'=>'tls',
+    'host'=>'host',
+    'port'=>6380,
+    'password'=>'password',
+    'ssl'=>[
+        'crypto_type'=>STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
+    ],
+]);
+
+```
 
-- PHP 7.3 and later versions: Predis uses the latest TLS version.
+PHP 7.3 and later versions: Predis uses the latest TLS version.
 
-#### PhpRedis
+### PhpRedis
 
 PhpRedis doesn't support TLS on any PHP version.
 
@@ -134,6 +211,6 @@ Redis-py uses TLS 1.2 by default.
 
 Redigo uses TLS 1.2 by default.
 
-## Additional information
+## Related content
 
 - [How to configure Azure Cache for Redis](cache-configure.md)

articles/azure-cache-for-redis/managed-redis/managed-redis-best-practices-kubernetes.md

@@ -26,7 +26,7 @@ A pod running the client application can be affected by other pods running on th
 
 ## Linux-hosted client applications and TCP settings
 
-If your Azure Managed Redis  (preview) client application runs on a Linux-based container, we recommend updating some TCP settings. These settings are detailed in [TCP settings for Linux-hosted client applications](managed-redis-best-practices-connection.md#tcp-settings-for-linux-hosted-client-applications).
+If your Azure Managed Redis (preview) client application runs on a Linux-based container, we recommend updating some TCP settings. These settings are detailed in [TCP settings for Linux-hosted client applications](managed-redis-best-practices-connection.md#tcp-settings-for-linux-hosted-client-applications).
 
 ## Related content