Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into patricka-sfi

Author: PatAltimore

articles/azure-arc/kubernetes/cluster-connect.md

@@ -24,6 +24,22 @@ Before you begin, review the [conceptual overview of the cluster connect feature
 - An existing Azure Arc-enabled Kubernetes connected cluster.
   - If you haven't connected a cluster yet, use our [quickstart](quickstart-connect-cluster.md).
   - [Upgrade your agents](agent-upgrade.md#manually-upgrade-agents) to the latest version.
+  
+- Enable the [network requirements for Arc-enabled Kubernetes](network-requirements.md)
+  
+- Enable these endpoints for outbound access:
+
+  | Endpoint | Port |
+  |----------------|-------|
+  |`*.servicebus.windows.net` | 443 |
+  |`guestnotificationservice.azure.com`, `*.guestnotificationservice.azure.com` | 443 |
+
+  > [!NOTE]
+  > To translate the `*.servicebus.windows.net` wildcard into specific endpoints, use the command `\GET https://guestnotificationservice.azure.com/urls/allowlist?api-version=2020-01-01&location=<location>`. Within this command, the region must be specified for the `<location>` placeholder.
+
+[!INCLUDE [arc-region-note](../includes/arc-region-note.md)]
+
+
 
 ### [Azure CLI](#tab/azure-cli)
 
@@ -64,18 +80,6 @@ Before you begin, review the [conceptual overview of the cluster connect feature
 
 ---
 
-- In addition to meeting the [network requirements for Arc-enabled Kubernetes](network-requirements.md), enable these endpoints for outbound access:
-
-  | Endpoint | Port |
-  |----------------|-------|
-  |`*.servicebus.windows.net` | 443 |
-  |`guestnotificationservice.azure.com`, `*.guestnotificationservice.azure.com` | 443 |
-
-  > [!NOTE]
-  > To translate the `*.servicebus.windows.net` wildcard into specific endpoints, use the command `\GET https://guestnotificationservice.azure.com/urls/allowlist?api-version=2020-01-01&location=<location>`. Within this command, the region must be specified for the `<location>` placeholder.
-
-[!INCLUDE [arc-region-note](../includes/arc-region-note.md)]
-
 ## Set up authentication
 
 On the existing Arc-enabled cluster, create the ClusterRoleBinding with either Microsoft Entra authentication or service account token.

articles/azure-netapp-files/understand-guidelines-active-directory-domain-service-site.md

@@ -29,15 +29,18 @@ Azure NetApp Files supports identity-based authentication over SMB through the f
 
 ### <a name="network-requirements"></a>Network requirements 
 
-Azure NetApp Files SMB, dual-protocol, and Kerberos NFSv4.1 volumes require reliable and low-latency network connectivity (less than 10 ms RTT) to AD DS domain controllers. Poor network connectivity or high network latency between Azure NetApp Files and AD DS domain controllers can cause client access interruptions or client timeouts.
+For predictable Active Directory Domain Services operations with Azure NetApp Files volumes, reliable and low-latency network connectivity (equal to or less than 10 ms RTT) to AD DS domain controllers is highly recommended. Poor network connectivity or high network latency between Azure NetApp Files and AD DS domain controllers can cause client access interruptions or client timeouts.
+
+>[!NOTE]
+>The 10ms recommendation adheres to guidance in [Creating a Site Design: Deciding which locations will become sites](/windows-server/identity/ad-ds/plan/creating-a-site-design#deciding-which-locations-will-become-sites).
 
 Ensure that you meet the following requirements about network topology and configurations:
 
 * Ensure that a [supported network topology for Azure NetApp Files](azure-netapp-files-network-topologies.md) is used.
 * Ensure that AD DS domain controllers have network connectivity from the Azure NetApp Files delegated subnet hosting the Azure NetApp Files volumes.
     * Peered virtual network topologies with AD DS domain controllers must have peering configured correctly to support Azure NetApp Files to AD DS domain controller network connectivity.
 * Network Security Groups (NSGs) and AD DS domain controller firewalls must have appropriately configured rules to support Azure NetApp Files connectivity to AD DS and DNS.
-* Ensure that the network latency is less than 10 ms RTT between Azure NetApp Files and AD DS domain controllers.
+* For optimal experience, ensure the network latency is equal to or less than 10ms RTT between Azure NetApp Files and AD DS domain controllers. Any RTT higher than 10ms can lead to degraded application or user experience in latency-sensitive applications/environments. In case RTT is too high for desirable user experience, consider deploying replica domain controllers in your Azure NetApp Files environment. 
 
 For more information on Microsoft Active Directory requirements for network latency over a WAN, see
 [Creating a Site Design](/windows-server/identity/ad-ds/plan/creating-a-site-design).

articles/communication-services/concepts/government.md

@@ -18,9 +18,11 @@ ms.service: azure-communication-services
 
 [!INCLUDE [Public Preview Notice](../includes/public-preview-include.md)]
 
-Azure Communication Services can be used within [Azure Government](https://azure.microsoft.com/global-infrastructure/government/) to provide compliance with US government requirements for cloud services. In addition to enjoying the features and capabilities of Messaging, Voice and Video calling, developers benefit from the following features that are unique to Azure Government:
+Azure Communication Services (ACS) can be used within [Azure Government](https://azure.microsoft.com/global-infrastructure/government/) to provide compliance with US government requirements for cloud services. In addition to enjoying the features and capabilities of Messaging, Voice and Video calling, developers benefit from the following features that are unique to Azure Government:
 - Your personal data is logically segregated from customer content in the commercial Azure cloud.
 - Your resource’s customer content is stored within the United States.
 - Access to your organization's customer content is restricted to screened Microsoft personnel. 
 
+Azure Communication Services in Azure Government is currently In Process for the FedRAMP High accreditation as part of the [M365 GCC-High service offering](https://marketplace.fedramp.gov/products/FR1824057433). Once the FedRAMP High certification process is completed and the authorization is granted, Azure Communication Services in the Azure Government cloud will GA and be officially recognized as meeting the requirements set forth by the FedRAMP, providing government customers with the confidence that the service is secure and compliant with federal standards.
+
 You can find more information about the Office 365 Government – GCC High offering for US Government customers at [Office 365 Government plans](https://products.office.com/government/compare-office-365-government-plans). Please see [eligibility requirements](https://azure.microsoft.com/global-infrastructure/government/how-to-buy/) for Azure Government. 

articles/container-apps/firewall-integration.md

@@ -17,9 +17,7 @@ You can lock down a network via NSGs with more restrictive rules than the defaul
 
 In the workload profiles environment, user-defined routes (UDRs) and [securing outbound traffic with a firewall](./networking.md#configuring-udr-with-azure-firewall) are supported. When using an external workload profiles environment, inbound traffic to Azure Container Apps is routed through the public IP that exists in the [managed resource group](./networking.md#workload-profiles-environment-2) rather than through your subnet. This means that locking down inbound traffic via NSG or Firewall on an external workload profiles environment isn't supported. For more information, see [Networking in Azure Container Apps environments](./networking.md#user-defined-routes-udr).
 
-In the Consumption only environment, custom user-defined routes (UDRs).
-
-In the Consumption only environment, express routes are not supported, and custom user-defined routes (UDRs) have limited support. For more details on what level of UDR support is available on Consumption only environment, see the [FAQ](faq.yml).
+In the Consumption only environment, custom user-defined routes (UDRs). In the Consumption only environment, express routes are not supported, and custom user-defined routes (UDRs) have limited support. For more details on what level of UDR support is available on Consumption only environment, see the [FAQ](faq.yml#do-consumption-only-environments-support-custom-user-defined-routes-).
 
 ## NSG allow rules
 

articles/iot-central/core/howto-control-devices-with-rest-api.md

@@ -27,8 +27,6 @@ Every IoT Central REST API call requires an authorization header. To learn more,
 
 For the reference documentation for the IoT Central REST API, see [Azure IoT Central REST API reference](/rest/api/iotcentral/).
 
-[!INCLUDE [iot-central-postman-collection](../../../includes/iot-central-postman-collection.md)]
-
 To learn how to control devices by using the IoT Central UI, see
 
 - [Use properties in an Azure IoT Central solution](../core/howto-use-properties.md).

articles/iot-central/core/howto-manage-data-export-with-rest-api.md

@@ -19,8 +19,6 @@ Every IoT Central REST API call requires an authorization header. To learn more,
 
 For the reference documentation for the IoT Central REST API, see [Azure IoT Central REST API reference](/rest/api/iotcentral/).
 
-[!INCLUDE [iot-central-postman-collection](../../../includes/iot-central-postman-collection.md)]
-
 To learn how to manage data export by using the IoT Central UI, see [Export IoT data to Blob Storage.](../core/howto-export-to-blob-storage.md)
 
 ## Data export

articles/iot-central/core/howto-manage-deployment-manifests-with-rest-api.md

@@ -20,8 +20,6 @@ Every IoT Central REST API call requires an authorization header. To learn more,
 
 For the reference documentation for the IoT Central REST API, see [Azure IoT Central REST API reference](/rest/api/iotcentral/).
 
-[!INCLUDE [iot-central-postman-collection](../../../includes/iot-central-postman-collection.md)]
-
 To learn how to manage deployment manifests by using the IoT Central UI, see [Manage IoT Edge deployment manifests in your IoT Central application](howto-manage-deployment-manifests.md).
 
 ## Deployment manifests REST API

articles/iot-central/core/howto-manage-device-templates-with-rest-api.md

@@ -18,8 +18,6 @@ Every IoT Central REST API call requires an authorization header. To learn more,
 
 For the reference documentation for the IoT Central REST API, see [Azure IoT Central REST API reference](/rest/api/iotcentral/).
 
-[!INCLUDE [iot-central-postman-collection](../../../includes/iot-central-postman-collection.md)]
-
 To learn how to manage device templates by using the IoT Central UI, see [How to set up device templates](../core/howto-set-up-template.md) and [How to edit device templates](../core/howto-edit-device-template.md)
 
 ## Device templates

articles/iot-central/core/howto-manage-devices-with-rest-api.md

@@ -18,8 +18,6 @@ Every IoT Central REST API call requires an authorization header. To learn more,
 
 For the reference documentation for the IoT Central REST API, see [Azure IoT Central REST API reference](/rest/api/iotcentral/).
 
-[!INCLUDE [iot-central-postman-collection](../../../includes/iot-central-postman-collection.md)]
-
 To learn how to manage devices by using the IoT Central UI, see [Manage individual devices in your Azure IoT Central application.](../core/howto-manage-devices-individually.md)
 
 ## Devices REST API

articles/iot-central/core/howto-manage-jobs-with-rest-api.md

@@ -29,8 +29,6 @@ For the reference documentation for the IoT Central REST API, see [Azure IoT Cen
 
 To learn how to create and manage jobs in the UI, see [Manage devices in bulk in your Azure IoT Central application](howto-manage-devices-in-bulk.md).
 
-[!INCLUDE [iot-central-postman-collection](../../../includes/iot-central-postman-collection.md)]
-
 ## Job payloads
 
 Many of the APIs described in this article include a definition that looks like the following JSON snippet: