Merge branch 'main' of https://github.com/microsoftdocs/azure-docs-pr into iot7

Author: v-thepet

articles/bastion/media/diagnostic-logs/3-resource-location.png

@@ -24,6 +24,10 @@ You can also find the latest Azure Load Balancer updates and subscribe to the RS
 
 | Type |Name |Description  |Date added  |
 | ------ |---------|---------|---------|
+| Feature | [Azure Load Balancer health status general availability](https://azure.microsoft.com/updates?id=467610) | Announcing the general availability of Azure Load Balancer Health Status, a powerful feature designed to provide detailed information about the health of backend instances in your Azure Load Balancer backend pool. The Health Status feature offers valuable insights into the state of health of your backend instances and specific reasons for their health status. Learn more [here](https://go.microsoft.com/fwlink/?linkid=2296757). | November 2024 |
+| Feature | [Azure Load Balancer Admin State general availability](https://azure.microsoft.com/updates?id=467625) | Admin State enables you to override the health probe behavior for each instance without additional configuration changes to your Load Balancer such as changing network security rules or closing ports. This makes management, especially during maintenance easy, allowing you to set instances as up or down and control connection behavior with no additional overhead. Learn more [here](https://go.microsoft.com/fwlink/?linkid=2296089). | November 2024 |
+| Feature | [Azure cross-subscription Load Balancer general availability](https://azure.microsoft.com/updates?id=467605) | Cross-subscription load balancing enables the load balancers components to be located in different subscriptions. For example, the frontend IP address or the backend instances could be located in a different subscription from the one that the load balancer belongs to. Learn more [here](https://go.microsoft.com/fwlink/?linkid=2277544). | November 2024 |
+| Feature | [Azure Load Balancer health event logs public preview](https://azure.microsoft.com/updates/?id=public-preview-azure-load-balancer-health-event-logs) | With health event logs, you can collect, store, and analyze information to help understand the health of your Azure Load Balancer resource. These built-in logs help you troubleshoot specific scenarios and allow you to identify and alert on availability issues affecting your load balancer. Learn more [here](https://aka.ms/lbhealthoverview). | May 2024|
 | Feature | [Gateway Load Balancer IPv6 support is now generally available](https://azure.microsoft.com/updates/?id=general-availability-gateway-load-balancer-ipv6-support/) | Azure Gateway Load Balancer now supports IPv6 traffic, enabling you to distribute IPv6 traffic through Gateway Load Balancer before it reaches your dual-stack applications. Now you can add IPv6 frontend IP addresses and backend pools to Gateway Load Balancer. This allows you to inspect, protect, or mirror both IPv4 and IPv6 traffic flows using third-party or custom network virtual appliances (NVAs). Both internet inbound and outbound IPv6 traffic flows can now be routed through Gateway Load Balancer. Learn more about [Gateway Load Balancer](gateway-overview.md) or our supported [third-party partners](gateway-partners.md). | September 2023 |
 | Feature | [Azure’s cross-region Load Balancer is now generally available](https://azure.microsoft.com/updates/azure-s-crossregion-load-balancer-is-now-generally-available/) | Azure Load Balancer’s Global tier is a cloud-native global network load balancing solution. With cross-region Load Balancer, you can distribute traffic across multiple Azure regions with ultra-low latency and high performance. Azure cross-region Load Balancer provides customers a static globally anycast IP address. Through this global IP address, you can easily add or remove regional deployments without interruption. Learn more about [cross-region load balancer](cross-region-overview.md) | July 2023 | 
 | Feature | [Inbound ICMPv6 pings and traceroute are now supported on Azure Load Balancer (General Availability)](https://azure.microsoft.com/updates/general-availability-inbound-icmpv6-pings-and-traceroute-are-now-supported-on-azure-load-balancer/) | Azure Load Balancer now supports ICMPv6 pings to its frontend and inbound traceroute support to both IPv4 and IPv6 frontends. Learn more about [how to test reachability of your load balancer](load-balancer-test-frontend-reachability.md). | June 2023 |

articles/bastion/media/diagnostic-logs/3add-storage-account.png

@@ -5,13 +5,13 @@ description: Learn how to transition to OpenVPN protocol or IKEv2 from SSTP to o
 author: cherylmc
 ms.service: azure-vpn-gateway
 ms.topic: how-to
-ms.date: 08/08/2024
+ms.date: 01/23/2025
 ms.author: cherylmc
 
 ---
 # Transition to OpenVPN protocol or IKEv2 from SSTP
 
-A point-to-site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client computer. This article applies to the [Resource Manager deployment model](../azure-resource-manager/management/deployment-models.md) and talks about ways to overcome the 128 concurrent connection limit of SSTP by transitioning to OpenVPN protocol or IKEv2.
+A point-to-site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client computer. This article talks about ways to overcome the 128 concurrent connection limit of SSTP by transitioning to OpenVPN protocol or IKEv2.
 
 ## <a name="protocol"></a>What protocol does P2S use?
 
@@ -24,38 +24,40 @@ Point-to-site VPN can use one of the following protocols:
 * IKEv2 VPN, a standards-based IPsec VPN solution. IKEv2 VPN can be used to connect from Mac devices (macOS versions 10.11 and above).
 
 > [!NOTE]
-> IKEv2 and OpenVPN for P2S are available for the [Resource Manager deployment model](../azure-resource-manager/management/deployment-models.md) only. They are not available for the classic deployment model. The Basic gateway SKU does not support IKEv2 or OpenVPN protocols. If you are using the Basic SKU, you will have to delete and recreate a production SKU virtual network gateway.
+> The Basic gateway SKU doesn't support IKEv2 or OpenVPN protocols. If you're using the Basic SKU, you'll have to delete and recreate a production SKU virtual network gateway.
 
 ## <a name="migrate"></a>Migrating from SSTP to IKEv2 or OpenVPN
 
-There might be cases when you want to support more than 128 concurrent P2S connection to a VPN gateway but are using SSTP. In such a case, you need to move to IKEv2 or OpenVPN protocol.
+There might be cases when you want to support more than 128 concurrent P2S connections to a VPN gateway, but are using SSTP. In such a case, you need to move to IKEv2 or OpenVPN protocol.
 
-### Option 1 - Add IKEv2 in addition to SSTP on the Gateway
+### Option 1 - Add IKEv2 in addition to SSTP on the gateway
 
-This is the simplest option. SSTP and IKEv2 can coexist on the same gateway and give you a higher number of concurrent connections. You can simply enable IKEv2 on the existing gateway and redownload the client.
+This is the simplest option. SSTP and IKEv2 can coexist on the same gateway and give you a higher number of concurrent connections. You can enable IKEv2 on the existing gateway and download the client configuration package containing the updated settings.
 
 Adding IKEv2 to an existing SSTP VPN gateway won't affect existing clients and you can configure them to use IKEv2 in small batches or just configure the new clients to use IKEv2. If a Windows client is configured for both SSTP and IKEv2, it tries to connect using IKEV2 first and if that fails, it falls back to SSTP.
 
 **IKEv2 uses non-standard UDP ports so you need to ensure that these ports are not blocked on the user's firewall. The ports in use are UDP 500 and 4500.**
 
-To add IKEv2 to an existing gateway, go to the "point-to-site configuration" tab under the Virtual Network Gateway in portal, and select **IKEv2 and SSTP (SSL)** from the drop-down box.
-
-:::image type="content" source="./media/ikev2-openvpn-from-sstp/add-tunnel-type.png" alt-text="Screenshot that shows the Point-to-site configuration page with the Tunnel type drop-down open, and IKEv2 and SSTP(SSL) selected." lightbox="./media/ikev2-openvpn-from-sstp/add-tunnel-type.png":::
+1. To add IKEv2 to an existing gateway, go your virtual network gateway in the portal.
+1. In the left pane, select **Point-to-site configuration**.
+1. On the Point-to-site configuration page, for **tunnel type**,  select **IKEv2 and SSTP (SSL)** from the drop-down box.
+1. Apply your changes.
 
 > [!NOTE]
-> When you have both SSTP and IKEv2 enabled on the gateway, the point-to-site address pool will be statically split between the two, so clients using different protocols will be assigned IP addresses from either sub-range. Note that the maximum amount of SSTP clients is always 128, even if the address range is larger than /24 resulting in a bigger amount of addresses available for IKEv2 clients. For smaller ranges, the pool will be equally halved. Traffic Selectors used by the gateway may not include the point-to-site address range CIDR, but the two sub-range CIDRs.
+> When you have both SSTP and IKEv2 enabled on the gateway, the point-to-site address pool will be statically split between the two, so clients using different protocols will be assigned IP addresses from either subrange. Note that the maximum number of SSTP clients is always 128. This applies even if the address range is larger than /24, resulting in a larger amount of addresses available for IKEv2 clients. For smaller ranges, the pool is equally halved. Traffic Selectors used by the gateway might not include the point-to-site address range CIDR, but the two subrange CIDRs.
 
-### Option 2 - Remove SSTP and enable OpenVPN on the Gateway
+### Option 2 - Remove SSTP and enable OpenVPN on the gateway
 
 Since SSTP and OpenVPN are both TLS-based protocol, they can't coexist on the same gateway. If you decide to move away from SSTP to OpenVPN, you'll have to disable SSTP and enable OpenVPN on the gateway. This operation causes the existing clients to lose connectivity to the VPN gateway until the new profile has been configured on the client.
 
-You can enable OpenVPN along side with IKEv2 if you desire. OpenVPN is TLS-based and uses the standard TCP 443 port. To switch to OpenVPN, go to the "point-to-site configuration" tab under the Virtual Network Gateway in portal, and select **OpenVPN (SSL)** or **IKEv2 and OpenVPN (SSL)** from the drop-down box.
-
-:::image type="content" source="./media/ikev2-openvpn-from-sstp/change-tunnel-type.png" alt-text="Screenshot that shows the Point-to-site configuration page with Open VPN selected." lightbox="./media/ikev2-openvpn-from-sstp/change-tunnel-type.png":::
+You can enable OpenVPN along side with IKEv2 if you desire. OpenVPN is TLS-based and uses the standard TCP 443 port.
 
-Once the gateway has been configured, existing clients won't be able to connect until you [deploy and configure the OpenVPN clients](point-to-site-vpn-client-certificate-windows-openvpn-client.md).
+1. To switch to OpenVPN, go your virtual network gateway in the portal.
+1. In the left pane, select **Point-to-site configuration**.
+1. On the Point-to-site configuration page, for **tunnel type**, select **OpenVPN (SSL)** or **IKEv2 and OpenVPN (SSL)** from the drop-down box.
+1. Apply your changes.
 
-If you're using Windows 10 or later, you can also use the [Azure VPN Client](point-to-site-vpn-client-certificate-windows-azure-vpn-client.md).
+Once the gateway has been configured, existing clients won't be able to connect until you [deploy and configure the OpenVPN clients](point-to-site-vpn-client-certificate-windows-openvpn-client.md). If you're using Windows 10 or later, you can also use the [Azure VPN Client](point-to-site-vpn-client-certificate-windows-azure-vpn-client.md).
 
 ## <a name="faq"></a>Frequently asked questions
 
@@ -81,7 +83,7 @@ The following table shows gateway SKUs by tunnel, connection, and throughput. Fo
 [!INCLUDE [aggregate throughput sku](../../includes/vpn-gateway-table-gwtype-aggtput-include.md)]
 
 > [!NOTE]
-> The Basic SKU has limitations and does not support IKEv2, or RADIUS authentication.
+> The Basic SKU has limitations and doesn't support IKEv2, or RADIUS authentication.
 
 ### <a name="IKE/IPsec policies"></a>What IKE/IPsec policies are configured on VPN gateways for P2S?