Merge pull request #280033 from ecfan/networking

Clarify steps to find Networking page

Author: Jill Grant

articles/connectors/enable-stateful-affinity-built-in-connectors.md

@@ -36,21 +36,21 @@ To run these connector operations in stateful mode, you must enable this capabil
 
 1. In the [Azure portal](https://portal.azure.com), open the Standard logic app resource where you want to enable stateful mode for these connector operations.
 
-1. Enable virtual network integration for your logic app and add your logic app to the previously created subnet:
+1. To enable virtual network integration for your logic app, and add your logic app to the previously created subnet, follow these steps:
 
-   1. On your logic app menu resource, under **Settings**, select **Networking**.
+   1. On the logic app menu resource, under **Settings**, select **Networking**.
 
-   1. In the **Outbound Traffic** section, select **VNET integration** > **Add VNet**.
+   1. In the **Outbound traffic configuration** section, next to **Virtual network integration**, select **Not configured** > **Add virtual network integration**.
 
-   1. On the **Add VNet Integration** pane that opens, select your Azure subscription and your virtual network.
+   1. On the **Add virtual network integration** pane that opens, select your Azure subscription and your virtual network.
 
-   1. Under **Subnet**, select **Select existing**. From the **Subnet** list, select the subnet where you want to add your logic app.
+   1. From the **Subnet** list, select the subnet where you want to add your logic app.
 
-   1. When you're done, select **OK**.
+   1. When you're done, select **Connect**, and return to the **Networking** page.
 
-      On the **Networking** page, the **VNet integration** option now appears set to **On**, for example:
+      The **Virtual network integration** property is now set to the selected virtual network and subnet, for example:
 
-      :::image type="content" source="media/enable-stateful-affinity-built-in-connectors/enable-virtual-network-integration.png" alt-text="Screenshot shows Azure portal, Standard logic app resource, Networking page, VNet integration set to On.":::
+      :::image type="content" source="media/enable-stateful-affinity-built-in-connectors/enable-virtual-network-integration.png" alt-text="Screenshot shows Azure portal, Standard logic app resource, Networking page with selected virtual network and subnet.":::
 
    For general information about enabling virtual network integration with your app, see [Enable virtual network integration in Azure App Service](../app-service/configure-vnet-integration-enable.md).
 
@@ -93,8 +93,8 @@ Updates a resource by using the specified resource ID:
 
 #### Parameter values
 
-| Element | Value  | Description |
-|---------|--------|-------------|
+| Element | Value  |
+|---------|--------|
 | HTTP request method | **PATCH** |
 | <*resourceId*> | **subscriptions/{yourSubscriptionID}/resourcegroups/{yourResourceGroup}/providers/Microsoft.Web/sites/{websiteName}/config/web** |
 | <*yourSubscriptionId*> | The ID for your Azure subscription |
@@ -190,11 +190,13 @@ Resource scale-in events might cause the loss of context for built-in connectors
 
 1. On your logic app resource menu, under **Settings**, select **Scale out**.
 
-1. Under **App Scale Out**, set **Enforce Scale Out Limit** to **Yes**, which shows the **Maximum Scale Out Limit**.
+1. On the **Scale out** page, in the **App Scale out** section, follow these steps:
+
+   1. Set **Enforce Scale Out Limit** to **Yes**, which shows the **Maximum Scale Out Limit**.
 
-1. On the **Scale out** page, under **App Scale out**, set the number for **Always Ready Instances** to the same number as **Maximum Scale Out Limit** and **Maximum Burst**, which appears under **Plan Scale Out**, for example:
+   1. Set **Always Ready Instances** to the same number as **Maximum Scale Out Limit** and **Maximum Burst**, which appears in the **Plan Scale out** section, for example:
 
-   :::image type="content" source="media/enable-stateful-affinity-built-in-connectors/scale-in-settings.png" alt-text="Screenshot shows Azure portal, Standard logic app resource, Scale out page, and Always Ready Instances number set to match Maximum Scale Out Limit and Maximum Burst.":::
+   :::image type="content" source="media/enable-stateful-affinity-built-in-connectors/scale-in-settings.png" alt-text="Screenshot shows Azure portal, Standard logic app resource, Scale out page, and Always Ready Instances number set to match Maximum Burst and Maximum Scale Out Limit.":::
 
 1. When you're done, on the **Scale out** toolbar, select **Save**.
 

articles/connectors/media/enable-stateful-affinity-built-in-connectors/enable-virtual-network-integration.png

@@ -6,7 +6,7 @@ ms.suite: integration
 ms.reviewer: estfan, azla
 ms.topic: how-to
 ms.custom: engagement-fy23, devx-track-arm-template
-ms.date: 10/09/2023
+ms.date: 07/04/2024
 # Customer intent: As a developer, I want to deploy Standard logic apps to Azure storage accounts that use private endpoints.
 ---
 
@@ -30,6 +30,7 @@ For more information, review the following documentation:
 This deployment method requires that temporary public access to your storage account. If you can't enable public access due to your organization's policies, you can still deploy your logic app to a private storage account. However, you have to [deploy with an Azure Resource Manager template (ARM template)](#deploy-arm-template), which is described in a later section. 
 
 > [!NOTE]
+>
 > An exception to the previous rule is that you can use the Azure portal to deploy your logic app to an App Service Environment, 
 > even if the storage account is protected with a private endpoint. However, you'll need connectivity between the 
 > subnet used by the App Service Environment and the subnet used by the storage account's private endpoint. 
@@ -46,17 +47,25 @@ This deployment method requires that temporary public access to your storage acc
 
 1. Deploy your logic app resource by using either the Azure portal or Visual Studio Code.
 
-1. After deployment finishes, enable virtual network integration between your logic app and the private endpoints on the virtual network that connects to your storage account.
+1. After deployment finishes, enable virtual network integration between your logic app and the private endpoints on the virtual network connected to your storage account.
 
    1. In the [Azure portal](https://portal.azure.com), open your logic app resource.
 
    1. On the logic app resource menu, under **Settings**, select **Networking**.
 
-   1. Select **VNet integration** on **Outbound Traffic** card to enable integration with a virtual network connecting to your storage account.
+   1. In the **Outbound traffic configuration** section, next to **Virtual network integration**, select **Not configured** > **Add virtual network integration** .
 
-   1. To access your logic app workflow data over the virtual network, in your logic app resource settings, set the `WEBSITE_CONTENTOVERVNET` setting to `1`.
+   1. On the **Add virtual network integration** pane that opens, select your Azure subscription and your virtual network.
 
-   If you use your own domain name server (DNS) with your virtual network, set your logic app resource's `WEBSITE_DNS_SERVER` app setting to the IP address for your DNS. If you have a secondary DNS, add another app setting named `WEBSITE_DNS_ALT_SERVER`, and set the value also to the IP for your secondary DNS.
+   1. From the **Subnet** list, select the subnet where you want to add your logic app. When you're done, select **Connect**.
+
+1. To access your logic app workflow data over the virtual network, follow these steps:
+
+   1. On the logic app resource menu, under **Settings**, select **Environment variables**.
+
+   1. On the **App settings** tab, add the **WEBSITE_CONTENTOVERVNET** app setting, if none exist, and set the value to **1**.
+
+   1. If you use your own domain name server (DNS) with your virtual network, add the **WEBSITE_DNS_SERVER** app setting, if none exist, and set the value to the IP address for your DNS. If you have a secondary DNS, add another app setting named **WEBSITE_DNS_ALT_SERVER**, and set the value to the IP for your secondary DNS.
 
 1. After you apply these app settings, you can remove public access from your storage account.
 
@@ -67,6 +76,7 @@ This deployment method requires that temporary public access to your storage acc
    1. On the **Networking** pane, on the **Firewalls and virtual networks** tab, under **Allow access from**, clear **Selected networks**, and add virtual networks as necessary.
 
    > [!NOTE]
+   >
    > Your logic app might experience an interruption because the connectivity switch between public and private endpoints might take time. 
    > This disruption might result in your workflows temporarily disappearing. If this behavior happens, you can try to reload your workflows 
    > by restarting the logic app and waiting several minutes.
@@ -92,7 +102,6 @@ The following errors commonly happen with a private storage account that's behin
 |---------|-------|
 | Access to the `host.json` file is denied | `"System.Private.CoreLib: Access to the path 'C:\\home\\site\\wwwroot\\host.json' is denied."` |
 | Can't load workflows in the logic app resource | `"Encountered an error (ServiceUnavailable) from host runtime."` |
-|||
 
 As the logic app isn't running when these errors occur, you can't use the Kudu console debugging service on the Azure platform to troubleshoot these errors. However, you can use the following methods instead:
 

articles/connectors/media/enable-stateful-affinity-built-in-connectors/scale-in-settings.png

@@ -87,29 +87,31 @@ You can limit access to the inputs and outputs in the run history for your logic
 
 For example, to block anyone from accessing inputs and outputs, specify an IP address range such as `0.0.0.0-0.0.0.0`. Only a person with administrator permissions can remove this restriction, which provides the possibility for "just-in-time" access to data in your logic app workflows. A valid IP range uses these formats: *x.x.x.x/x* or *x.x.x.x-x.x.x.x*
 
-To specify the allowed IP ranges, follow these steps for either the Azure portal or your Azure Resource Manager template:
+To specify the allowed IP ranges, follow these steps for your Consumption or Standard logic app in the Azure portal or your Azure Resource Manager template:
 
 #### [Portal](#tab/azure-portal)
 
 ##### Consumption workflows
 
-1. In the [Azure portal](https://portal.azure.com), open your logic app workflow in the designer.
+1. In the [Azure portal](https://portal.azure.com), open your Consumption logic app workflow in the designer.
 
 1. On your logic app's menu, under **Settings**, select **Workflow settings**.
 
-1. Under **Access control configuration** > **Allowed inbound IP addresses**, select **Specific IP ranges**.
+1. In the **Access control configuration** section, under **Allowed inbound IP addresses**, from the **Trigger access option** list, select **Specific IP ranges**.
 
-1. Under **IP ranges for contents**, specify the IP address ranges that can access content from inputs and outputs.
+1. In the **IP ranges for contents** box, specify the IP address ranges that can access content from inputs and outputs.
 
 ##### Standard workflows
 
-1. In the [Azure portal](https://portal.azure.com), open your logic app resource.
+1. In the [Azure portal](https://portal.azure.com), open your Standard logic app resource.
 
 1. On the logic app menu, under **Settings**, select **Networking**.
 
-1. In the **Inbound Traffic** section, select **Access restriction**.
+1. In the **Inbound traffic configuration** section, next to **Public network access**, select **Enabled with no access restriction**.
 
-1. Create one or more rules to either **Allow** or **Deny** requests from specific IP ranges. You can also use the HTTP header filter settings and forwarding settings.
+1. On the **Access restrictions** page, under **App access**, select **Enabled from select virtual networks and IP addresses**.
+
+1. Under **Site access and rules**, on the **Main site** tab, add one or more rules to either **Allow** or **Deny** requests from specific IP ranges. You can also use the HTTP header filter settings and forwarding settings. A valid IP range uses these formats: *x.x.x.x/x* or *x.x.x.x-x.x.x.x*
 
    For more information, see [Blocking inbound IP addresses in Azure Logic Apps (Standard)](https://www.serverlessnotes.com/docs/block-inbound-ip-addresses-in-azure-logic-apps-standard).
 
@@ -979,13 +981,15 @@ In the Azure portal, IP address restriction affects both triggers *and* actions,
 
 ##### Standard workflows
 
-1. In the [Azure portal](https://portal.azure.com), open your logic app resource.
+1. In the [Azure portal](https://portal.azure.com), open your Standard logic app resource.
 
 1. On the logic app menu, under **Settings**, select **Networking**.
 
-1. In the **Inbound Traffic** section, select **Access restriction**.
+1. In the **Inbound traffic configuration** section, next to **Public network access**, select **Enabled with no access restriction**.
+
+1. On the **Access restrictions** page, under **App access**, select **Enabled from select virtual networks and IP addresses**.
 
-1. Create one or more rules to either **Allow** or **Deny** requests from specific IP ranges. You can also use the HTTP header filter settings and forwarding settings. A valid IP range uses these formats: *x.x.x.x/x* or *x.x.x.x-x.x.x.x*
+1. Under **Site access and rules**, on the **Main site** tab, add one or more rules to either **Allow** or **Deny** requests from specific IP ranges. A valid IP range uses these formats: *x.x.x.x/x* or *x.x.x.x-x.x.x.x*
 
    For more information, see [Blocking inbound IP addresses in Azure Logic Apps (Standard)](https://www.serverlessnotes.com/docs/block-inbound-ip-addresses-in-azure-logic-apps-standard).
 

articles/logic-apps/deploy-single-tenant-logic-apps-private-storage-account.md

@@ -95,13 +95,15 @@ For more information, review [Create single-tenant logic app workflows in Azure
 
 ### Set up private endpoint connection
 
-1. On your logic app menu, under **Settings**, select **Networking**.
+1. On the logic app resource menu, under **Settings**, select **Networking**.
 
-1. On the **Networking** page, on the **Inbound traffic** card, select **Private endpoints**.
+1. On the **Networking** page, in the **Inbound traffic configuration** section, select the link next to **Private endpoints**.
 
-1. On the **Private Endpoint connections**, select **Add**.
+1. On the **Private Endpoint connections** page, select **Add** > **Express** or **Advanced**.
 
-1. On the **Add Private Endpoint** pane that opens, provide the requested information about the endpoint.
+   For more information about the **Advanced** option, see [Create a private endpoint](../private-link/create-private-endpoint-portal.md#create-a-private-endpoint).
+
+1. On the **Add Private Endpoint** pane, provide the requested information about the endpoint.
 
    For more information, review [Private Endpoint properties](../private-link/private-endpoint-overview.md#private-endpoint-properties).
 
@@ -154,17 +156,19 @@ For more information, review the following documentation:
 
 ### Set up virtual network integration
 
-1. In the Azure portal, on the logic app resource menu, under **Settings**, select **Networking**.
+1. In the [Azure portal](https://portal.azure.com), on the logic app resource menu, under **Settings**, select **Networking**.
+
+1. On the **Networking** page, in the **Outbound traffic configuration** section, select the link next to **Virtual network integration**.
 
-1. On the **Networking** pane, on the **Outbound traffic** card, select **VNet integration**.
+1. On the **Virtual network integration** page, select **Add virtual network integration**.
 
-1. On the **VNet Integration** pane, select **Add Vnet**.
+1. On the **Add virtual network integration** pane, select the subscription, the virtual network that connects to your internal service, and the subnet where to add the logic app. When you finish, select **Connect**.
 
-1. On the **Add VNet Integration** pane, select the subscription and the virtual network that connects to your internal service.
+   On the **Virtual Network Integration** page, by default, the **Outbound internet traffic** setting is selected, which routes all outbound traffic through the virtual network. In this scenario, the app setting named **WEBSITE_VNET_ROUTE_ALL** is ignored.
 
-   After you add virtual network integration, on the **VNet Integration** pane, the **Route All** setting is enabled by default. This setting routes all outbound traffic through the virtual network. When this setting is enabled, the `WEBSITE_VNET_ROUTE_ALL` app setting is ignored.
+   To find this app setting, on the logic app resource menu, under **Settings**, select **Environment variables**.
 
-1. If you use your own domain name server (DNS) with your virtual network, set your logic app resource's `WEBSITE_DNS_SERVER` app setting to the IP address for your DNS. If you have a secondary DNS, add another app setting named `WEBSITE_DNS_ALT_SERVER`, and set the value also to the IP for your DNS.
+1. If you use your own domain name server (DNS) with your virtual network, add the **WEBSITE_DNS_SERVER** app setting, if none exist, and set the value to the IP address for your DNS. If you have a secondary DNS, add another app setting named **WEBSITE_DNS_ALT_SERVER**, and set the value to the IP for your secondary DNS.
 
 1. After Azure successfully provisions the virtual network integration, try to run the workflow again.