Merge pull request #287777 from MicrosoftDocs/main

10/2/2024 PM Publish

Author: PhilKang0704

articles/app-service/deploy-staging-slots.md

@@ -547,6 +547,13 @@ Here are some common swap errors:
 
 - Local cache initialization might fail when the app content exceeds the local disk quota specified for the local cache. For more information, see [Local cache overview](overview-local-cache.md).
 
+- During a site update operation, the following error may occur "_The slot cannot be changed because its configuration settings have been prepared for swap_". This can occur if either [swap with preview (multi-phase swap)](#swap-with-preview-multi-phase-swap) phase 1 has been completed but phase 2 has not yet been performed, or a swap has failed. There are two ways resolve the issue:
+
+    1. Cancel the swap operation which will reset the site back to the old state
+    1. Complete the swap operation which will update site to the desired new state
+
+    Refer to [swap with preview (multi-phase swap)](#swap-with-preview-multi-phase-swap) to learn how to cancel or complete the swap operation.
+
 - During [custom warm-up](#Warm-up), the HTTP requests are made internally (without going through the external URL). They can fail with certain URL rewrite rules in *Web.config*. For example, rules for redirecting domain names or enforcing HTTPS can prevent warm-up requests from reaching the app code. To work around this issue, modify your rewrite rules by adding the following two conditions:
 
     ```xml

articles/app-service/includes/deploy-intelligent-apps/deploy-intelligent-apps-linux-node-pivot.md

@@ -12,12 +12,12 @@ You can use Azure App Service to create applications using Azure OpenAI and Open
 
 #### Prerequisites
 
-- An [Azure OpenAI resource](/azure/ai-services/openai/quickstart?pivots=programming-language-csharp&tabs=command-line%2Cpython#set-up) or an [OpenAI account](https://platform.openai.com/overview).
+- An [Azure OpenAI resource](/azure/ai-services/openai/quickstart?pivots=programming-language-csharp&tabs=command-line%2Cpython#set-up) or an [OpenAI account](https://platform.openai.com/overview).
 - A Node.js Express application. Create the sample app using our [quickstart](/azure/app-service/quickstart-nodejs?tabs=linux&pivots=development-environment-vscode).
 
 ### Set up web app
 
-For this application, we’re building off the [quickstart](/azure/app-service/quickstart-nodejs?tabs=linux&pivots=development-environment-vscode) Express app and adding an extra feature to make a request to an Azure OpenAI or OpenAI service. 
+For this application, we're building off the [quickstart](/azure/app-service/quickstart-nodejs?tabs=linux&pivots=development-environment-vscode) Express app and adding an extra feature to make a request to an Azure OpenAI or OpenAI service. 
 
 First, copy and replace the `index.ejs` file with the following code:
 
@@ -48,7 +48,7 @@ The previous code will add an input box to our index page to submit requests to
 
 First, you need to grab the keys and endpoint values from Azure OpenAI, or OpenAI and add them as secrets for use in your application. Retrieve and save the values for later use to build the client.
 
-For Azure OpenAI, see [this documentation](/azure/ai-services/openai/quickstart?pivots=programming-language-csharp&tabs=command-line%2Cpython#retrieve-key-and-endpoint) to retrieve the key and endpoint values. If you’re planning to use managed identity to secure your app you’ll only need the `deploymentName` and `apiVersion` values. 
+For Azure OpenAI, see [this documentation](/azure/ai-services/openai/quickstart?pivots=programming-language-csharp&tabs=command-line%2Cpython#retrieve-key-and-endpoint) to retrieve the key and endpoint values. If you're planning to use managed identity to secure your app you'll only need the `deploymentName` and `apiVersion` values. 
 
 Otherwise, you need each of the following:
 
@@ -63,9 +63,9 @@ For OpenAI, see this documentation to retrieve the API keys. For our application
 
 - `apiKey`
 
-Since we're deploying to App Service, we can secure these secrets in **Azure Key Vault** for protection. Follow the [Quickstart](/azure/key-vault/secrets/quick-create-cli#create-a-key-vault) to set up your Key Vault and add the secrets you saved from earlier.
+Since we're deploying to App Service, we can secure these secrets in **Azure Key Vault** for protection. Follow the [Quickstart](/azure/key-vault/secrets/quick-create-cli#create-a-key-vault) to set up your Key Vault and add the secrets you saved from earlier.
 
-Next, we can use Key Vault references as app settings in our App Service resource to reference in our application. Follow the instructions in the [documentation](../../app-service-key-vault-references.md?source=recommendations&tabs=azure-cli) to grant your app access to your Key Vault and to set up Key Vault references.
+Next, we can use Key Vault references as app settings in our App Service resource to reference in our application. Follow the instructions in the [documentation](../../app-service-key-vault-references.md?source=recommendations&tabs=azure-cli) to grant your app access to your Key Vault and to set up Key Vault references.
 
 Then, go to the portal Environment Variables page in your resource and add the following app settings:
 
@@ -149,7 +149,7 @@ import OpenAI from 'openai';
 
 ### Secure your app with managed identity
 
-Although optional, it's highly recommended to secure your application using [managed identity](../../overview-managed-identity.md) to authenticate your app to your Azure OpenAI resource. Skip this step if you are not using Azure OpenAI. This enables your application to access the Azure OpenAI resource without needing to manage API keys.
+Although optional, it's highly recommended to secure your application using [managed identity](../../overview-managed-identity.md) to authenticate your app to your Azure OpenAI resource. Skip this step if you are not using Azure OpenAI. This enables your application to access the Azure OpenAI resource without needing to manage API keys.
 
 Follow the steps below to secure your application:
 
@@ -177,14 +177,14 @@ Create the Azure OpenAI client with the token provider.
 
 Once the credentials are added to the application, enable managed identity in your application and grant access to the resource:
 
-1. In your web app resource, navigate to the **Identity** blade and turn on **System assigned** and select **Save**.
+1. In your web app resource, navigate to the **Identity** blade and turn on **System assigned** and select **Save**.
 2. Once System assigned identity is turned on, it will register the web app with Microsoft Entra ID and the web app can be granted permissions to access protected resources.
-3. Go to your Azure OpenAI resource and navigate to the **Access control (IAM)** page on the left pane.
-4. Find the **Grant access to this resource** card and select **Add role assignment**.
-5. Search for the **Cognitive Services OpenAI User** role and select **Next**.
-6. On the **Members** tab, find **Assign access to** and choose the **Managed identity** option.
-7. Next, select **+Select Members** and find your web app.
-8. Select **Review + assign**.
+3. Go to your Azure OpenAI resource and navigate to the **Access control (IAM)** page on the left pane.
+4. Find the **Grant access to this resource** card and select **Add role assignment**.
+5. Search for the **Cognitive Services OpenAI User** role and select **Next**.
+6. On the **Members** tab, find **Assign access to** and choose the **Managed identity** option.
+7. Next, select **+Select Members** and find your web app.
+8. Select **Review + assign**.
 
 Your web app is now added as a cognitive service OpenAI user and can communicate to your Azure OpenAI resource.
 
@@ -236,7 +236,7 @@ app.post("/api/completions", async (req, res) => {
 
 This post function will create the OpenAI client and add the message being sent to OpenAI with a returned response. 
 
-Here’s the example in it’s complete form. In this example, use the Azure OpenAI chat completion service OR the OpenAI chat completion service, not both.
+Here's the example in it's complete form. In this example, use the Azure OpenAI chat completion service OR the OpenAI chat completion service, not both.
 
 ```jsx
 var createError = require('http-errors');
@@ -339,6 +339,6 @@ Once the app is deployed, you can visit your site URL and see the text that cont
 
 ### Authentication
 
-Although optional, it's highly recommended that you also add authentication to your web app when using an Azure OpenAI or OpenAI service. This can add a level of security with no other code. Learn how to enable authentication for your web app [here](../../scenario-secure-app-authentication-app-service.md).
+Although optional, it's highly recommended that you also add authentication to your web app when using an Azure OpenAI or OpenAI service. This can add a level of security with no other code. Learn how to enable authentication for your web app [here](../../scenario-secure-app-authentication-app-service.md).
 
-Once deployed, browse to the web app and navigate to the OpenAI tab. Enter a query to the service and you should see a populated response from the server. The tutorial is now complete and you now know how to use OpenAI services to create intelligent applications.
+Once deployed, browse to the web app and navigate to the OpenAI tab. Enter a query to the service and you should see a populated response from the server. The tutorial is now complete and you now know how to use OpenAI services to create intelligent applications.

articles/application-gateway/classic-to-resource-manager.md

@@ -1,27 +1,27 @@
 ---
-title: Application Gateway classic to Resource Manager
-description: Learn about moving Application Gateway resources from the classic deployment model to the Resource Manager deployment model.
+title: Azure Application Gateway classic to Resource Manager
+description: Learn about moving Azure Application Gateway resources from the classic deployment model to the Resource Manager deployment model.
 services: application-gateway
 author: greg-lindsay
 ms.service: azure-application-gateway
 ms.topic: how-to
-ms.date: 06/27/2024
+ms.date: 10/02/2024
 ms.author: greglin
 ---
 
-# Application Gateway classic to Resource Manager migration
+# Application gateway classic to Resource Manager migration
 
 Resource Manager enables deploying complex applications through templates, configures virtual machines by using VM extensions, and incorporates access management and tagging. Azure Resource Manager includes scalable, parallel deployment for virtual machines into availability sets. The new deployment model also provides lifecycle management of compute, network, and storage independently.
 You can read more about Azure Resource Manager [features and benefits](../azure-resource-manager/management/overview.md).
 
-Application Gateway resources will **not** be migrated automatically as part of VNet migration from classic to Resource Manager.
-As part of VNet migration process as documented at [IaaS resources migration page](/azure/virtual-machines/migration-classic-resource-manager-ps), if you have an Application Gateway resource present on the VNet that you're trying to migrate to Resource Manager deployment model, the automatic migration wouldn't be successful. 
+Application gateway resources are **not** migrated automatically as part of VNet migration from classic to Resource Manager.
+As part of VNet migration process as documented at [IaaS resources migration page](/azure/virtual-machines/migration-classic-resource-manager-ps), if you have an application gateway resource present on the VNet that you're trying to migrate to Resource Manager deployment model, the automatic migration wouldn't be successful. 
 
-In order to migrate your Application Gateway resource to Resource Manager deployment model, you'll have to remove the Application Resource from the VNet before beginning migration and then recreate the Application Gateway resource once migration is complete.
+To migrate your application gateway resource to Resource Manager deployment model, you'll have to remove the Application Resource from the VNet before beginning migration and then recreate the application gateway resource once migration is complete.
 
-## Creating a new Application Gateway resource 
+## Creating a new application gateway resource 
 
-For more information on how to set up an Application Gateway resource after VNet migration, you can refer:
+For more information on how to set up an application gateway resource after VNet migration, you can refer:
 
 * [Deployment via portal](quick-create-portal.md)
 * [Deployment via PowerShell](quick-create-powershell.md)
@@ -43,13 +43,38 @@ Azure Resource Manager is the latest control plane of Azure responsible for crea
 
 ### Where can I find more information regarding classic to Azure Resource Manager migration?
 
-Please refer to [Frequently asked questions about classic to Azure Resource Manager migration](/azure/virtual-machines/migration-classic-resource-manager-faq)
+Refer to [Frequently asked questions about classic to Azure Resource Manager migration](/azure/virtual-machines/migration-classic-resource-manager-faq)
+
+### How can I clean up my classic application gateway deployment?
+
+Step 1: Install the old PowerShell version for managing legacy resources.
+
+[Installing the Azure PowerShell Service Management module](/powershell/azure/servicemanagement/install-azure-ps)
+
+> [!NOTE]
+> The cmdlets referenced in this documentation are for managing legacy Azure resources that use Azure Service Manager (ASM) APIs. This legacy PowerShell module isn't recommended for creating new resources since ASM is scheduled for retirement.
+
+Step 2: Run the following command to remove the application gateway.
+ [Remove-AzureApplicationGateway](/powershell/module/servicemanagement/azure/remove-azureapplicationgateway)
+
+ ```
+#Login to account and set proper subscription
+  Add-AzureAccount
+  Get-AzureSubscription
+  Select-AzureSubscription -SubscriptionId <SubscriptionId> -Default
+ 
+  # Get the list of application gateways in the subscription
+  Get-AzureApplicationGateway
+ 
+  #Remove the desired application gateway
+  Remove-AzureApplicationGateway -Name <NameofGateway>
+```
 
 ### How do I report an issue?
 
 Post your issues and questions about migration to our [Microsoft Q&A page](/answers/topics/azure-virtual-network.html). We recommend posting all your questions on this forum. If you have a support contract, you're welcome to log a support ticket as well.
 
 ## Next steps
-To get started see: [platform-supported migration of IaaS resources from classic to Resource Manager](/azure/virtual-machines/migration-classic-resource-manager-ps)
+To get started, see: [platform-supported migration of IaaS resources from classic to Resource Manager](/azure/virtual-machines/migration-classic-resource-manager-ps)
 
-For any concerns around migration, you can contact Azure Support. Learn more about [Azure support here](https://azure.microsoft.com/support/options/).
+For any concerns around migration, you can contact Azure Support. Learn more about [Azure support here](https://azure.microsoft.com/support/options/).

articles/application-gateway/overview-v2.md

@@ -5,7 +5,7 @@ services: application-gateway
 author: greg-lindsay
 ms.service: azure-application-gateway
 ms.topic: overview
-ms.date: 09/06/2024
+ms.date: 10/02/2024
 ms.author: greglin
 ms.custom: references_regions, devx-track-azurepowershell
 ---
@@ -52,7 +52,7 @@ The following table displays a comparison between Basic and Standard_v2.
 |     :---:                | :---                                     |     :---:      |     :---:         |
 | Reliability              | SLA                                      | 99.9           | 99.95             |
 | Functionality - basic    | HTTP/HTTP2/HTTPS<br>Websocket<br>Public/Private IP<br>Cookie Affinity<br>Path-based affinity<br>Wildcard<br>Multisite<br>KeyVault<br>Zone<br>Header rewrite | &#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713; | &#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;|
-| Functionality - advanced | AKS (via AGIC)<br>URL rewrite<br>mTLS<br>Private Link<br>Private-only<sup>1</sup><br>TCP/TLS Proxy |  | &#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713; |
+| Functionality - advanced | AKS (via AGIC)<br>URL rewrite<br>mTLS<br>Private Link<br>Private-only (preview)<br>TCP/TLS Proxy (preview) |  | &#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713; |
 | Scale                    | Max. connections per second<br>Number of listeners<br>Number of backend pools<br>Number of backend servers per pool<br>Number of rules | 200<sup>1</sup><br>5<br>5<br>5<br>5  | 62500<sup>1</sup><br>100<br>100<br>1200<br>400 |
 | Capacity Unit            | Connections per second per compute unit<br>Throughput<br>Persistent new connections  | 10<br>2.22 Mbps<br>2500 | 50<br>2.22 Mbps<br>2500 |
 

articles/azure-cache-for-redis/cache-azure-active-directory-for-authentication.md

@@ -63,9 +63,12 @@ Using Microsoft Entra is the secure way to connect your cache. We recommend that
 
 When you disable access key authentication for a cache, all existing client connections are terminated, whether they use access keys or Microsoft Entra authentication. Follow the recommended Redis client best practices to implement proper retry mechanisms for reconnecting Microsoft Entra-based connections, if any.
 
-Before you disable access keys:
+### Before you disable access keys:
 
-- Microsoft Entra authorization must be enabled.
+- Ensure that Microsoft Entra authentication is enabled and you have at least one Redis User configured.
+- Ensure all applications connecting to your cache instance switch to using Microsoft Entra Authentication.
+- Ensure that the metrics _Connected Clients_ and _Connected Clients Using Microsoft Entra Token_ have the same values. If the values for these two metrics are not the same, that means there are still some connections that were created using access keys and not Entra Token.
+- Consider disabling access during the scheduled maintenance window for your cache instance.
 - Disabling access keys is only available for Basic, Standard, and Premium tier caches.
 - For geo-replicated caches, you must:
 

articles/azure-functions/flex-consumption-plan.md

@@ -145,6 +145,7 @@ Keep these other considerations in mind when using Flex Consumption plan during
 + **Scale**: The lowest maximum scale in preview is `40`. The highest currently supported value is `1000`. 
 + **Managed dependencies**: [Managed dependencies in PowerShell](functions-reference-powershell.md#dependency-management) aren't supported by Flex Consumption. You must instead [define your own custom modules](functions-reference-powershell.md#custom-modules).
 + **Diagnostic settings**: Diagnostic settings are not currently supported.
++ **Certificates**: Loading certificates with the WEBSITE_LOAD_CERTIFICATES app setting is currently not supported.
 
 ## Related articles 
 

articles/azure-government/compliance/azure-services-in-fedramp-auditscope.md

@@ -30,7 +30,7 @@ Microsoft Azure cloud environments meet demanding US government compliance requi
 - [DoD IL4](/azure/compliance/offerings/offering-dod-il4) PA issued by DISA
 - [DoD IL5](/azure/compliance/offerings/offering-dod-il5) PA issued by DISA
 
-For current Azure Government regions and available services, see [Products available by region](https://azure.microsoft.com/global-infrastructure/services/?products=all&regions=non-regional,usgov-non-regional,us-dod-central,us-dod-east,usgov-arizona,usgov-texas,usgov-virginia&rar=true).
+For current Azure Government regions and available services, see [Products available by region](https://go.microsoft.com/fwlink/?linkid=2274941&clcid=0x409).
 
 > [!NOTE]
 >