minor updates

Author: mumian

articles/azure-resource-manager/management/relocation/relocation-app-service.md

@@ -39,7 +39,7 @@ Identify all the App Service resources that you're currently using. For example:
 - [Managed identities](../../../app-service/overview-managed-identity.md)
 - [Backup settings](../../../app-service/manage-backup.md)
 
-Certain resources, such as imported certificates or hybrid connections, contain integration with other Azure services. For information on how to move those resources across regions, see the [documentation for the respective services](./move-resource-overview.md).
+Certain resources, such as imported certificates or hybrid connections, contain integration with other Azure services. For information on how to move those resources across regions, see the [documentation for the respective services](../move-resource-overview.md).
 
 ## Plan
 

articles/azure-resource-manager/management/relocation/relocation-backup.md

@@ -86,7 +86,7 @@ In order to continue to protect your resources, you must register and back them
 
 ### Back up Azure Virtual Machine
 
-When an Azure Virtual Machine (VM) protected by a Recovery Services vault is moved from one region to another, it can no longer be backed up to the older vault. The backups in the old vault may start failing with the errors **BCMV2VMNotFound** or [**ResourceNotFound**](../../../backup/backup-azure-vms-troubleshoot.md#320001-resourcenotfound---could-not-perform-the-operation-as-vm-no-longer-exists--400094-bcmv2vmnotfound---the-virtual-machine-doesnt-exist--an-azure-virtual-machine-wasnt-found). 
+When an Azure Virtual Machine (VM) protected by a Recovery Services vault is moved from one region to another, it can no longer be backed up to the older vault. The backups in the old vault may start failing with the errors **BCMV2VMNotFound** or [**ResourceNotFound**](../../../backup/backup-azure-vms-troubleshoot.md#320001-resourcenotfound---could-not-perform-the-operation-as-vm-no-longer-exists--400094-bcmv2vmnotfound---the-virtual-machine-doesnt-exist--an-azure-virtual-machine-wasnt-found).
 
 You can also choose to write a customized script for bulk VM protection:
 
@@ -98,22 +98,22 @@ https://management.azure.com/Subscriptions/{subscriptionId}/resourceGroups/{vaul
 
 1. Prepare Azure Virtual Machines (VMs) for relocation:
 
-  1. See the [prerequisites associated with VM relocation](../../../resource-mover/tutorial-move-region-virtual-machines.md#prerequisites) and ensure that the VM is eligible for relocation.
-  1. [Select the VM on the **Backup Items** tab](../../../backup/backup-azure-delete-vault.md#delete-protected-items-in-the-cloud) of existing vault’s dashboard and select **Stop protection** followed by retain/delete data as per your requirement. When the backup data for a VM is stopped with retain data, the recovery points remain forever and don’t adhere to any policy.
-
-      >[!Note]
-      >Retaining data in the older vault will incur backup charges. If you no longer wish to retain data to avoid billing, you need to delete the retained backup data using the  [Delete data option](../../../backup/backup-azure-manage-vms.md#delete-backup-data).
-
-  1. Ensure that the VMs are turned on. All VMs’ disks that need to be available in the destination region are attached and initialized in the VMs.
-  1. Ensure that VMs have the latest trusted root certificates, and an updated certificate revocation list (CRL). To do so:
-
-      - On Windows VMs, install the latest Windows updates.
-      - On Linux VMs, refer to distributor guidance to ensure that machines have the latest certificates and CRL.
-
-  1. Allow outbound connectivity from VMs:
-
-      - If you're using a URL-based firewall proxy to control outbound connectivity, allow access to [these URLs](../../../resource-mover/support-matrix-move-region-azure-vm.md#url-access).
-      - If you're using network security group (NSG) rules to control outbound connectivity, create [these service tag rules](../../../resource-mover/support-matrix-move-region-azure-vm.md#nsg-rules).
+    1. See the [prerequisites associated with VM relocation](../../../resource-mover/tutorial-move-region-virtual-machines.md#prerequisites) and ensure that the VM is eligible for relocation.
+    1. [Select the VM on the **Backup Items** tab](../../../backup/backup-azure-delete-vault.md#delete-protected-items-in-the-cloud) of existing vault’s dashboard and select **Stop protection** followed by retain/delete data as per your requirement. When the backup data for a VM is stopped with retain data, the recovery points remain forever and don’t adhere to any policy.
+  
+        >[!Note]
+        >Retaining data in the older vault will incur backup charges. If you no longer wish to retain data to avoid billing, you need to delete the retained backup data using the  [Delete data option](../../../backup/backup-azure-manage-vms.md#delete-backup-data).
+  
+    1. Ensure that the VMs are turned on. All VMs’ disks that need to be available in the destination region are attached and initialized in the VMs.
+    1. Ensure that VMs have the latest trusted root certificates, and an updated certificate revocation list (CRL). To do so:
+  
+        - On Windows VMs, install the latest Windows updates.
+        - On Linux VMs, refer to distributor guidance to ensure that machines have the latest certificates and CRL.
+  
+    1. Allow outbound connectivity from VMs:
+  
+        - If you're using a URL-based firewall proxy to control outbound connectivity, allow access to [these URLs](../../../resource-mover/support-matrix-move-region-azure-vm.md#url-access).
+        - If you're using network security group (NSG) rules to control outbound connectivity, create [these service tag rules](../../../resource-mover/support-matrix-move-region-azure-vm.md#nsg-rules).
 
 1. Redeploy Azure VMs by using [Azure Resource Mover](../../../resource-mover/tutorial-move-region-virtual-machines.md) to relocate your VM to the new region.
 

articles/azure-resource-manager/management/relocation/relocation-event-grid-custom-topics.md

@@ -27,7 +27,7 @@ The high-level steps are:
 
 ## Prerequisites
 
-- Complete the [Quickstart: Route custom events to web endpoint](../../../event-grid/custom-event-quickstart-portal.md) in the source region. Do this step so that you can test steps in this article. 
+- Complete the [Quickstart: Route custom events to web endpoint](../../../event-grid/custom-event-quickstart-portal.md) in the source region. Do this step so that you can test steps in this article.
 - Ensure that the Event Grid service is available in the target region. See [Products available by region](https://azure.microsoft.com/global-infrastructure/services/?products=event-grid&regions=all).
 
 ## Prepare

articles/azure-resource-manager/management/relocation/relocation-event-hub.md

@@ -68,7 +68,7 @@ To get started, export a Resource Manager template. This template contains setti
 
 Modify the template by changing the Event Hubs namespace name and region.
 
-# [portal](#tab/azure-portal)
+### [portal](#tab/azure-portal)
 
 1. Select **Template deployment**.
 1. In the Azure portal, select **Create**.
@@ -224,7 +224,7 @@ Modify the template by changing the Event Hubs namespace name and region.
 
 1. Select **Save** to save the template.
 
-# [PowerShell](#tab/azure-powershell)
+### [PowerShell](#tab/azure-powershell)
 
 1. In the **template.json** file, name the Event Hubs namespace by setting the default value of the namespace name. This example sets the default value of the Event Hubs namespace name to `namespace-name`.
 

articles/azure-resource-manager/management/relocation/relocation-firewall.md

@@ -43,7 +43,7 @@ To prepare for relocation, you need to first export and modify the template from
 
 ### Export template
 
-# [portal](#tab/azure-portal)
+#### [portal](#tab/azure-portal)
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 2. Select **All resources** and then select your Azure Firewall resource.
@@ -54,7 +54,7 @@ To prepare for relocation, you need to first export and modify the template from
 
    This zip file contains the .json files that include the template and scripts to deploy the template.
 
-# [PowerShell](#tab/azure-powershell)
+#### [PowerShell](#tab/azure-powershell)
 
 1. Sign in to your Azure subscription with the `Connect-AzAccount` command and follow the on-screen directions:
 
@@ -92,7 +92,7 @@ In this section, you learn how to modify the template that you generated in the
 
 If you're running classic firewall rules without Firewall policy, migrate to Firewall policy before proceeding with the steps in this section. To learn how to migrate from classic firewall rules to Firewall policy, see [Migrate Azure Firewall configuration to Azure Firewall policy using PowerShell](/azure/firewall-manager/migrate-to-policy).
 
-# [Azure portal](#tab/azure-portal)
+#### [Azure portal](#tab/azure-portal)
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
@@ -145,7 +145,7 @@ To find the location code for your target region, see [Data residency in Azure](
 
 1. Save the `template.json` file.
 
-# [PowerShell](#tab/azure-powershell)
+#### [PowerShell](#tab/azure-powershell)
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
@@ -191,7 +191,7 @@ To find the location code for your target region, see [Data residency in Azure](
 
 Deploy the template to create a new Azure Firewall in the target region.
 
-# [Azure portal](#tab/azure-portal)
+### [Azure portal](#tab/azure-portal)
 
 1. Enter or select the property values:
 
@@ -202,7 +202,7 @@ Deploy the template to create a new Azure Firewall in the target region.
 1. The Azure Firewall is now deployed with the adopted configuration to reflect the needed changes in the target region.
 1. Verify configuration and functionality.
 
-# [PowerShell](#tab/azure-powershell)
+### [PowerShell](#tab/azure-powershell)
 
 1. Obtain the subscription ID where you want to deploy the target public IP by running the following command:
 

articles/azure-resource-manager/management/relocation/relocation-key-vault.md

@@ -12,19 +12,19 @@ ms.custom: subject-relocation, devx-track-azurepowershell
 
 [!INCLUDE [relocate-reasons](./includes/service-relocation-reason-include.md)]
 
-Azure Key Vault doesn't support key vault relocation to another region. 
+Azure Key Vault doesn't support key vault relocation to another region.
 
 Instead of relocation, you need to:
 
-- Create a new key vault with the relocation of the associated Azure services. 
+- Create a new key vault with the relocation of the associated Azure services.
 - Regenerate any required [keys](/azure/key-vault/keys/about-keys), [secrets](/azure/key-vault/secrets/about-secrets), or [certificates](/azure/key-vault/certificates/about-certificates). In some cases, you may need to transfer the secrets or certificates from your existing key vault to the relocated key vault.
 
 :::image type="content" source="./media/relocation/keyvault/akv-pattern-design.png" alt-text="Diagram showing Azure Key vault relocation pattern.":::
 
 ## Prerequisites
 
 - Verify that your Azure subscription allows you to create key vaults in the target region.
-- Create a dependency map with all the Azure services used by the Key Vault. For the services that are in scope of the relocation, you must choose the appropriate relocation strategy. 
+- Create a dependency map with all the Azure services used by the Key Vault. For the services that are in scope of the relocation, you must choose the appropriate relocation strategy.
 - Depending on your Key Vault design, you may need to deploy and configure the [Virtual Network](./relocation-virtual-network.md) in the target region.
 - Document and plan to re-configure in the Key Vault in the target region:
   - Access Policies and Network configuration settings.
@@ -166,7 +166,7 @@ To deploy the template by using Azure portal:
    }
    ```
 
-1. In case you configured a service endpoint in your key vault, in the _networkAcl_ section, under _virtualNetworkRules_, add the rule for the target subnet. Ensure that the _ignoreMissingVnetServiceEndpoint_ flag is set to False, so that the IaC fails to deploy the Key Vault in case the service endpoint isn’t configured in the target region. 
+1. In case you configured a service endpoint in your key vault, in the _networkAcl_ section, under _virtualNetworkRules_, add the rule for the target subnet. Ensure that the _ignoreMissingVnetServiceEndpoint_ flag is set to False, so that the IaC fails to deploy the Key Vault in case the service endpoint isn’t configured in the target region.
 
     **parameter.json**
 
@@ -338,7 +338,7 @@ Deploy the template to create a new key vault in the target region.
 1. For [certificates](/azure/key-vault/certificates/about-certificates):
     1. Export the certificate into a PFX file.
     1. Import the PFX file into the target key vault. If you can't export the private key (`exportable` is not set) you must generate certificate a new certificate and import it into the target key vault.
-1. With the relocation of the associated Azure service the [keys](/azure/key-vault/keys/about-keys) are regenerated. 
+1. With the relocation of the associated Azure service the [keys](/azure/key-vault/keys/about-keys) are regenerated.
 1. Confirm that the keys have been generated for the associated service.
 
 ## Verify

articles/azure-resource-manager/management/relocation/relocation-kubernetes-service.md

@@ -34,30 +34,30 @@ Before you begin the relocation planning stage, first review the following prere
 - Capture any IP addresses defined in the AKS API service allowlist.
 - Understand all dependent resources. Some of the resources could be:
 
-    - Queues, Message Buses, Cache engines
-    - [Azure Key Vault](./relocation-key-vault.md)
-    - [Managed Identity](/entra/identity/managed-identities-azure-resources/how-to-managed-identity-regional-move)
-    - [Virtual Network configuration](./relocation-virtual-network.md). Define sufficient subnet sizes to allow container IP growth if using the Azure advanced networking model
-    - Public IP address
-    - Virtual Network Gateway (VNG). If site-to-site communication is required to an on-premises environment in the target region, a VNG must be created in the target virtual network.
-    - Azure Private Endpoint. Azure PaaS resources utilizing private link endpoints must be reviewed, and new private link instances created in the target region such as ACR, Azure SQL DB, KeyVault, etc.
-    - [Azure Application Gateway](./relocation-app-gateway.md)
-    - Azure DNS
-    - [Azure Firewall](./relocation-firewall.md)
-    - [Azure Monitor (Container Insights)](./relocation-log-analytics.md)
-    - [Azure Container registry](relocation-container-registry.md) can replicate images between ACR instances. For optimal performance when pulling images, the registry should exist in the target region.
-
-        >[!NOTE]
-        >If you use Azure Container Registry to authenticate to the container registry, the new AKS cluster’s managed identity can be the granted `AcrPull` RBAC role.
-
-    - Azure Managed Disks
-    - Azure Files
+  - Queues, Message Buses, Cache engines
+  - [Azure Key Vault](./relocation-key-vault.md)
+  - [Managed Identity](/entra/identity/managed-identities-azure-resources/how-to-managed-identity-regional-move)
+  - [Virtual Network configuration](./relocation-virtual-network.md). Define sufficient subnet sizes to allow container IP growth if using the Azure advanced networking model
+  - Public IP address
+  - Virtual Network Gateway (VNG). If site-to-site communication is required to an on-premises environment in the target region, a VNG must be created in the target virtual network.
+  - Azure Private Endpoint. Azure PaaS resources utilizing private link endpoints must be reviewed, and new private link instances created in the target region such as ACR, Azure SQL DB, KeyVault, etc.
+  - [Azure Application Gateway](./relocation-app-gateway.md)
+  - Azure DNS
+  - [Azure Firewall](./relocation-firewall.md)
+  - [Azure Monitor (Container Insights)](./relocation-log-analytics.md)
+  - [Azure Container registry](relocation-container-registry.md) can replicate images between ACR instances. For optimal performance when pulling images, the registry should exist in the target region.
+
+      >[!NOTE]
+      >If you use Azure Container Registry to authenticate to the container registry, the new AKS cluster’s managed identity can be the granted `AcrPull` RBAC role.
+
+  - Azure Managed Disks
+  - Azure Files
 
 ## Prepare
 
 Before you begin the cluster relocation process, make sure to complete the following preparations:
 
-1. To accommodate the AKS cluster nodes and pods, if using Azure CNI networking, deploy the virtual network with many subnets of sufficient size. 
+1. To accommodate the AKS cluster nodes and pods, if using Azure CNI networking, deploy the virtual network with many subnets of sufficient size.
 1. If you're using Azure Key Vault, [Deploy the Key Vault](./relocation-key-vault.md).
 1. Ensure that the relevant TLS ingress certificates are available for deployment, ideally in a secure store such as Azure Key Vault.
 1. Deploy a container registry. Either sync the source registry images automatically or rebuild and push new images to the target registry using a CI/CD pipeline or script.
@@ -97,4 +97,4 @@ AKS workloads that use local storage, such as persistent volumes, to store data
 - [Cluster creation - Terraform](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster)
 - [Baseline architecture for an Azure Kubernetes Service (AKS) cluster](/azure/architecture/reference-architectures/containers/aks/secure-baseline-aks)
 - [Azure Kubernetes Services (AKS) day-2 operations guide](/azure/architecture/operator-guides/aks/day-2-operations-guide)
-- [Best practices for storage and backups in Azure Kubernetes Service (AKS)](/azure/aks/operator-best-practices-storage)
+- [Best practices for storage and backups in Azure Kubernetes Service (AKS)](/azure/aks/operator-best-practices-storage)

articles/azure-resource-manager/management/relocation/relocation-log-analytics.md

@@ -30,7 +30,7 @@ If you want to relocate your Log Analytics workspace to a region that supports a
 - To export the workspace configuration to a template that can be deployed to another region, you need the [Log Analytics Contributor](../../../role-based-access-control/built-in-roles.md#log-analytics-contributor) or [Monitoring Contributor](../../../role-based-access-control/built-in-roles.md#monitoring-contributor) role, or higher.
 
 - Identify all the resources that are currently associated with your workspace, including:
- 
+
   - *Connected agents*: Enter **Logs** in your workspace and query a [heartbeat](/azure/azure-monitor/insights/solution-agenthealth#azure-monitor-log-records) table to list connected agents.
 
     ```kusto

articles/azure-resource-manager/management/relocation/relocation-netapp.md

@@ -38,10 +38,10 @@ Before you begin the relocation process, complete the following preparations:
 
 - Understand the following considerations in regards to replication:
 
-    - SMB, NFS, and dual-protocol volumes are supported. Replication of SMB volumes requires a Microsoft Entra ID connection in the source and target NetApp accounts.
-    - The replication destination volume is read-only until the entire move is complete.
-    - Azure NetApp Files replication doesn't currently support multiple subscriptions. All replications must be performed under a single subscription.
-    - There are resource limits for the maximum number of cross-region replication destination volumes. For more information, see [Resource limits for Azure NetApp Files](../../../azure-netapp-files/azure-netapp-files-resource-limits.md).
+  - SMB, NFS, and dual-protocol volumes are supported. Replication of SMB volumes requires a Microsoft Entra ID connection in the source and target NetApp accounts.
+  - The replication destination volume is read-only until the entire move is complete.
+  - Azure NetApp Files replication doesn't currently support multiple subscriptions. All replications must be performed under a single subscription.
+  - There are resource limits for the maximum number of cross-region replication destination volumes. For more information, see [Resource limits for Azure NetApp Files](../../../azure-netapp-files/azure-netapp-files-resource-limits.md).
 
 ## Redeploy