Merge pull request #292747 from MicrosoftDocs/main

Publish to live, Wednesday 4AM PST, 1/8

Author: PMEds28

articles/backup/backup-azure-files-faq.yml

@@ -2,7 +2,7 @@
 metadata:
   title: Back up Azure Files FAQ
   description: In this article, discover answers to common questions about how to protect your Azure file shares with the Azure Backup service.
-  ms.date: 12/11/2024
+  ms.date: 01/08/2025
   ms.topic: faq
   ms.service: azure-backup
   author: AbhishekMallick-MS
@@ -74,6 +74,11 @@ sections:
           | **Daily**  | Add the retention values configured for daily, weekly, monthly, and yearly backups. For example, you configure a backup policy with the following values: <br><br> - Daily retention: 30 days <br> - Weekly retention: 40 weeks <br> - Monthly retention: 4 months <br> - Yearly retention: 6 years | This corresponds to 80 snapshots (30+40+4+6).
           | **Hourly** | There's a buffer allocated for any delay in pruning the expired snapshots. For example, you configure a backup policy with: <br><br> - Number of daily snapshots as per your schedule: 6 <br> - Daily retention: 30 days <br> - Monthly retention: 11 months <br> - Yearly retention: 8 years | Considering 1 day buffer for each daily snapshot, the daily retention of 30 days is considered as 31 days for each of the 6 daily snapshots. So, this configuration corresponds to 205 [(6X31)+11+8] snapshots.
 
+      - question: |
+          What is the maximum delay expected in backup start time from the scheduled backup time I have set in my backup policy?
+        answer: |
+          The scheduled backup is triggered within 2 hours of the scheduled backup time. For example, If 100 File Shares have their backup start time scheduled at 2:00 AM, then by 4:00 AM at the latest all the 100 File Shares will have their backup job in progress. If scheduled backups are paused because of an outage and resumed or retried, then the backup can start outside of this scheduled two-hour window.
+
 
 
   - name: Restore
@@ -98,6 +103,13 @@ sections:
         answer: |
           If a recovery point isn't listed, it must have expired. We recommend you checking the retention configured in the backup policy to understand the retention duration for recovery points of your backed-up file share.
 
+      - question: |
+          Why is my restore operation taking long time to complete?
+        answer: |
+          If you are restoring from snapshot backup, for Original Location Recovery (OLR) the total restore time depends on number of files and directories in the share. When you restore to alternate location, the restore time depends on number of files and directories in the share to be restored and  available IOPS on source and target storage account.
+
+
+
   - name: Manage backup
     questions:
       - question: |
@@ -280,7 +292,7 @@ sections:
       - question: |
           Why the expiry time for latest recovery points doesn't appear in the Azure portal?
         answer: |
-          Expiry Time of recovery points are updated when Garbage Collector (GC) runs, which is every 24 hours. After you update the backup policy, it can take up to 24 hours to show the updates in the Expiry Time, if there're no delays in GC jobs.
+          Expiry Time of recovery points is updated when Garbage Collector (GC) runs, which is every 24 hours. After you update the backup policy, it can take up to 24 hours to show the updates in the Expiry Time, if there're no delays in GC jobs.
 
       - question: |
           How is the expiry date shown when both snapshot and vaulted backups are configured?

articles/hdinsight/hdinsight-restrict-outbound-traffic.md

@@ -3,7 +3,7 @@ title: Configure outbound network traffic restriction - Azure HDInsight
 description: Learn how to configure outbound network traffic restriction for Azure HDInsight clusters.
 ms.service: azure-hdinsight
 ms.topic: how-to
-ms.date: 10/01/2024
+ms.date: 01/08/2025
 ---
 
 # Configure outbound network traffic for Azure HDInsight clusters using Firewall
@@ -72,7 +72,7 @@ Create an application rule collection that allows the cluster to send and receiv
     | Rule_3 | * | https:443 | login.microsoftonline.com | Allows Windows login activity |
     | Rule_4 | * | https:443 | storage_account_name.blob.core.windows.net | Replace `storage_account_name` with your actual storage account name. Make sure ["secure transfer required"](../storage/common/storage-require-secure-transfer.md) is enabled on the storage account. If you're using Private endpoint to access storage accounts, this step isn't needed and storage traffic isn't forwarded to the firewall.|
     | Rule_5 | * | http:80 | azure.archive.ubuntu.com | Allows Ubuntu security updates to be installed on the cluster |
-    | Rule_6 | * | https:433 | pypi.org, pypi.python.org, files.pythonhosted.org | Allows Python package installations for Azure monitoring |
+    | Rule_6 | * | https:443 | pypi.org, pypi.python.org, files.pythonhosted.org | Allows Python package installations for Azure monitoring |
 
 
    :::image type="content" source="./media/hdinsight-restrict-outbound-traffic/hdinsight-restrict-outbound-traffic-add-app-rule-collection-details.png" alt-text="Title: Enter application rule collection details.":::

articles/operator-nexus/TOC.yml

@@ -330,6 +330,8 @@
           href: troubleshoot-memory-limits.md
         - name: Troubleshoot LACP Bonding
           href: troubleshoot-lacp-bonding.md
+        - name: Troubleshoot DNS Issues
+          href: troubleshoot-dns-issues.md
         - name: Troubleshoot NAKS Cluster Node Packet Loss
           href: troubleshoot-packet-loss.md
         - name: Troubleshoot TWAMP (UDP) not working

articles/operator-nexus/troubleshoot-dns-issues.md

@@ -0,0 +1,56 @@
+---
+title: "Azure Operator Nexus: DNS Issues"
+description: Learn how to troubleshoot cluster DNS issues.
+author: papadeltasierra
+ms.author: pauldsmith
+ms.service: azure-operator-nexus
+ms.custom: azure-operator-nexus
+ms.topic: troubleshooting
+ms.date: 12/10/2024
+# ms.custom: template-include
+---
+
+# Troubleshoot Nexus DNS Issues
+
+NNF (Nexus Network Fabric) provides a bridge between Nexus resources hosted by a Kubernetes
+cluster running on Azure VMs (Virtual Machines) and Azure, accessing Azure resources via their
+domain names. However a DNS (Domain Name System) error in NNF can mean that Azure resources
+can't be contacted which impacts deployment or management of Nexus resources.
+
+The DNS proxy that causes this error is an [Envoy DNS Proxy](https://www.envoyproxy.io/docs/envoy/latest/)
+running via a Kubernetes deployment in either an infrastructure or tenant Kubernetes cluster.
+The precise location of the DNS proxy is determined when the customer
+deploys their NAKS (Nexus Azure Kubernetes Service) cluster or during some other
+deployment. 
+
+## Diagnosis
+
+* Deployment or management of remote Nexus resources fails with "DeploymentFailed."
+* Azure portal shows no errors being generated for the Azure resources that are unreachable; there are no errors because the failing operations aren't reaching the Azure resources at all.
+
+## Mitigation steps
+
+### Trigger a DNS cache refresh for the NNF Workload Proxy
+
+- Identify the Infrastructure or Tenant Kubernetes Cluster on which the DNS proxy is running from the initial configuration and deployment process
+- Log in to the Kubernetes cluster
+  - Using the Azure portal, find your cluster
+  - From the _Overview_ blade, click the _Connect_ command (between _Refresh_ and _Delete_)
+  - Follow the instructions from the resulting pop-up window that explain how to connect to the Kubernetes cluster
+- Identify the DNS proxy deployment using this command
+  ```bash
+  $ kubectl get deployments --all-namespaces=true | grep envoy
+  ```
+- Restart the deployment, which causes the DNS caching to be reset, using this command:
+  ```bash
+  kubectl rollout restart deployment <your-envoy-deployment-name> --namespace <namespace-where-envoy-pod-exists>
+  ```
+
+## Verification
+
+After the DNS cache is refreshed, create or manage operations are successful.
+
+## Related content
+
+- If you still have questions, contact [Azure support](https://portal.azure.com/?#blade/Microsoft_Azure_Support/HelpAndSupportBlade).
+- For more information about support plans, see [Azure support plans](https://azure.microsoft.com/support/plans/response/).

articles/sentinel/dynamics-365/deploy-dynamics-365-finance-operations-solution.md

@@ -11,9 +11,9 @@ ms.date: 11/14/2024
 
 ---
 
-# Deploy Microsoft Sentinel solution for Dynamics 365 Finance and Operations
+# Deploy for Dynamics 365 Finance and Operations
 
-This article describes how to deploy the Microsoft Sentinel solution for Dynamics 365 Finance and Operations. The solution monitors and protects your Dynamics 365 Finance and Operations system: It collects audits and activity logs from the Dynamics 365 Finance and Operations environment, and detects threats, suspicious activities, illegitimate activities, and more. [Read more about the solution](dynamics-365-finance-operations-solution-overview.md).
+This article describes how to deploy the Dynamics 365 Finance and Operations content within the Microsoft Sentinel solution for Microsoft Business Applications. The solution monitors and protects your Dynamics 365 Finance and Operations system: It collects audits and activity logs from the Dynamics 365 Finance and Operations environment, and detects threats, suspicious activities, illegitimate activities, and more. [Read more about the solution](dynamics-365-finance-operations-solution-overview.md).
 
 > [!IMPORTANT]
 > - The Microsoft Sentinel solution for Dynamics 365 Finance and Operations is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
@@ -23,7 +23,8 @@ This article describes how to deploy the Microsoft Sentinel solution for Dynamic
 
 Before you begin, verify that:
 
-- The Microsoft Sentinel solution is enabled. 
+- The Microsoft Sentinel solution for Microsoft Business Applications solution is enabled. 
+
 - You have a defined Microsoft Sentinel workspace and have read and write permissions to the workspace.
 - [Microsoft Dynamics 365 Finance version 10.0.33 or above](/dynamics365/finance/get-started/whats-new-changed-changed-10-0-33) is enabled and you have administrative access to the monitored environments.  
 - You can create [Data Collection Rules/Endpoints](/azure/azure-monitor/essentials/data-collection-rule-overview) with the permissions:
@@ -46,8 +47,8 @@ Before you begin, verify that:
 ## Deploy the solution and enable the data connector
 
 1. Navigate to the **Microsoft Sentinel** service.
-1. Select **Content hub**, and in the search bar, search for *Dynamics 365 Finance and Operations*.
-1. Select **Dynamics 365 Finance and Operations**.
+1. Select **Content hub**, and in the search bar, search for *Microsoft Business Applications*.
+1. Select **Microsoft Business Applications**.
 1. Select **Install**.
 
     For more information about how to manage the solution components, see [Discover and deploy out-of-the-box content](../sentinel-solutions-deploy.md).
@@ -153,8 +154,8 @@ To verify that log ingestion is working:
 
 ## Related content
 
-In this article, you learned how to deploy the Microsoft Sentinel solution for Dynamics 365 Finance and Operations.
- 
+In this article, you learned how to deploy Dynamics 365 Finance and Operations features included in the Microsoft Sentinel solution for Microsoft Business Applications.
+
 - [Learn how to enable the security content](../sentinel-solutions-deploy.md#analytics-rule)
 - [Review the solution's security content](dynamics-365-finance-operations-security-content.md)
 

articles/virtual-network/service-tags-overview.md

@@ -108,7 +108,7 @@ By default, service tags reflect the ranges for the entire cloud. Some service t
 | **[M365ManagementActivityApi](/office/office-365-management-api/office-365-management-activity-api-reference#working-with-the-office-365-management-activity-api)** | The Office 365 Management Activity API provides information about various user, admin, system, and policy actions and events from Office 365 and Microsoft Entra activity logs. Customers and partners can use this information to create new or enhance existing operations, security, and compliance-monitoring solutions for the enterprise.<br/><br/>**Note**: This tag has a dependency on the **AzureActiveDirectory** tag. | Outbound | Yes | Yes |
 | **[M365ManagementActivityApiWebhook](/office/office-365-management-api/office-365-management-activity-api-reference#working-with-the-office-365-management-activity-api)** | Notifications are sent to the configured webhook for a subscription as new content becomes available. | Inbound | Yes | Yes |
 | **MicrosoftAzureFluidRelay** | This tag represents the IP addresses used for Azure Microsoft Fluid Relay Server. </br> **Note**: This tag has a dependency on the **AzureFrontDoor.Frontend** tag. | Outbound | No | Yes |
-| **MicrosoftCloudAppSecurity** | Microsoft Defender for Cloud Apps. | Outbound | No | Yes |
+| **[MicrosoftCloudAppSecurity](/defender-cloud-apps/network-requirements)** | Microsoft Defender for Cloud Apps. | Both | No | Yes |
 | **[MicrosoftDefenderForEndpoint](/defender-endpoint/configure-device-connectivity)** | Microsoft Defender for Endpoint core services.<br/><br/>**Note**: Devices need to be onboarded with streamlined connectivity and meet requirements in order to use this service tag. Defender for Endpoint/Server require additional service tags, like OneDSCollector, to support all functionality.<br/></br> For more information, see [Onboarding devices using streamlined connectivity for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-device-connectivity) | Both | No | Yes |
 | **[PowerBI](/power-bi/enterprise/service-premium-service-tags)** | Power BI platform backend services and API endpoints.<br/><br/> | Both | No | Yes |
 | **[PowerPlatformInfra](/power-platform/admin/online-requirements)** | This tag represents the IP addresses used by the infrastructure to host Power Platform services. | Both | Yes | Yes |