MicrosoftDocs
diff --git a/‎articles/aks/azure-cni-overlay.md
Lines changed: 4 additions & 2 deletions b/‎articles/aks/azure-cni-overlay.md
Lines changed: 4 additions & 2 deletions
diff --git a/‎articles/communications-gateway/configure-test-customer-teams-direct-routing.md
Lines changed: 18 additions & 23 deletions b/‎articles/communications-gateway/configure-test-customer-teams-direct-routing.md
Lines changed: 18 additions & 23 deletions
diff --git a/‎articles/communications-gateway/connect-teams-direct-routing.md
Lines changed: 10 additions & 7 deletions b/‎articles/communications-gateway/connect-teams-direct-routing.md
Lines changed: 10 additions & 7 deletions
diff --git a/‎articles/communications-gateway/deploy.md
Lines changed: 1 addition & 1 deletion b/‎articles/communications-gateway/deploy.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/communications-gateway/interoperability-teams-direct-routing.md
Lines changed: 1 addition & 1 deletion b/‎articles/communications-gateway/interoperability-teams-direct-routing.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/communications-gateway/reliability-communications-gateway.md
Lines changed: 1 addition & 1 deletion b/‎articles/communications-gateway/reliability-communications-gateway.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/expressroute/index.yml
Lines changed: 13 additions & 0 deletions b/‎articles/expressroute/index.yml
Lines changed: 13 additions & 0 deletions
diff --git a/‎articles/iot-operations/get-started/media/quickstart-add-assets/mqttui-output.png
-46.1 KB b/‎articles/iot-operations/get-started/media/quickstart-add-assets/mqttui-output.png
-46.1 KB
diff --git a/‎articles/iot-operations/get-started/quickstart-add-assets.md
Lines changed: 21 additions & 16 deletions b/‎articles/iot-operations/get-started/quickstart-add-assets.md
Lines changed: 21 additions & 16 deletions
@@ -143,8 +143,10 @@ az aks nodepool add  -g $resourceGroup --cluster-name $clusterName \
 
 > [!NOTE]
 > Because Routing domain is not yet supported for ARM, CNI Overlay is not yet supported on ARM-based (ARM64) processor nodes.
->
- 
+
+> [!NOTE]
+> Upgrading an existing cluster to CNI Overlay is a non-reversible process.
+
 > [!WARNING]
 > Prior to Windows OS Build 20348.1668, there was a limitation around Windows Overlay pods incorrectly SNATing packets from host network pods, which had a more detrimental effect for clusters upgrading to Overlay. To avoid this issue, **use Windows OS Build greater than or equal to 20348.1668**.
 
 
@@ -35,34 +35,29 @@ You must be able to sign in to the Microsoft 365 admin center for your test cust
 
 ## Choose a DNS subdomain label to use to identify the customer
 
-Azure Communications Gateway has per-region domain names. You need to set up subdomains of these domain names for your test customer. Microsoft Phone System and Azure Communications Gateway use these subdomains to match calls to tenants.
+Azure Communications Gateway has _per-region domain names_ for connecting to Microsoft Teams Direct Routing. You need to set up subdomains of these domain names for your test customer. Microsoft Phone System and Azure Communications Gateway use these subdomains to match calls to tenants.
 
+1. Work out the per-region domain names for connecting to Microsoft Teams Direct Routing. These use the form `1-r<region-number>.<base-domain-name>`. The base domain name is the **Domain** on your Azure Communications Gateway resource in the [Azure portal](https://azure.microsoft.com/).
 1. Choose a DNS label to identify the test customer.
-    * The label must be up to **eight** characters in length and can only contain letters, numbers, underscores, and dashes.
-    * You must not use wildcard subdomains or subdomains with multiple labels.
-    * For example, you could allocate the label `test`.
+    - The label must be up to **eight** characters in length and can only contain letters, numbers, underscores, and dashes.
+    - You must not use wildcard subdomains or subdomains with multiple labels.
+    - For example, you could allocate the label `test`.
     > [!IMPORTANT]
-    > The full customer subdomains (including the per-region domain names) must be a maximum of 48 characters. Microsoft Entra ID does not support domain names of more than 48 characters. For example,  the customer subdomain `contoso1.1-r1.a1b2c3d4e5f6g7h8.commsgw.azure.com` is 48 characters.
+    > The full customer subdomains (including the per-region domain names) must be a maximum of 48 characters. Microsoft Entra ID does not support domain names of more than 48 characters. For example, the customer subdomain `contoso1.1-r1.a1b2c3d4e5f6g7h8.commsgw.azure.com` is 48 characters.
 1. Use this label to create a subdomain of each per-region domain name for your Azure Communications Gateway.
 1. Make a note of the label you choose and the corresponding subdomains.
 
-> [!TIP]
-> To find your deployment's per-region domain names:
-> 1. Sign in to the [Azure portal](https://azure.microsoft.com/).
-> 1. Search for your Communications Gateway resource and select it.
-> 1. Check that you're on the **Overview** of your Azure Communications Gateway resource.
-> 1. Select **Properties**.
-> 1. In each **Service Location** section, find the **Hostname** field.
-
-For example, your per-region domain names might be as follows, where the `<deployment_id>` subdomain is autogenerated and unique to the deployment:
-
-* `r1.<deployment_id>.commsgw.azure.com`
-* `r2.<deployment_id>.commsgw.azure.com`
+For example:
+- Your base domain name might be `<deployment-id>.commsgw.azure.com`, where `<deployment-id>` is autogenerated and unique to the deployment.
+- Your per-region domain names are therefore:
+    - `1-r1.<deployment-id>.commsgw.azure.com`
+    - `1-r2.<deployment-id>.commsgw.azure.com`
+- If you allocate the label `test`, this label combined with the per-region domain names creates the following domain names for your test customer:
+    - `test.1-r1.<deployment-id>.commsgw.azure.com`
+    - `test.1-r2.<deployment-id>.commsgw.azure.com`
 
-If you allocate the label `test`, this label combined with the per-region domain names creates the following domain names for your test customer:
-
-* `test.r1.<deployment_id>.commsgw.azure.com`
-* `test.r2.<deployment_id>.commsgw.azure.com`
+> [!IMPORTANT]
+> The per-region domain names for connecting to Microsoft Teams Direct Routing are different to the per-region domain names for connecting to your network.
 
 > [!TIP]
 > Lab deployments have one per-region domain name. Your test customer therefore also only has one customer-specific per-region domain name.
@@ -73,7 +68,7 @@ To route calls to a customer tenant, the customer tenant must be configured with
 
 1. Sign into the Microsoft 365 admin center for the customer tenant as a Global Administrator.
 1. Using [Add a subdomain to the customer tenant and verify it](/microsoftteams/direct-routing-sbc-multiple-tenants#add-a-subdomain-to-the-customer-tenant-and-verify-it):
-    1. Register the first customer-specific per-region domain name (for example `test.r1.<deployment_id>.commsgw.azure.com`).
+    1. Register the first customer-specific per-region domain name (for example `test.1-r1.<deployment-id>.commsgw.azure.com`).
     1. Start the verification process using TXT records.
     1. Note the TXT value that Microsoft 365 provides.
 1. (Production deployments only) Repeat the previous step for the second customer-specific per-region domain name.
@@ -104,7 +99,7 @@ When you have used Azure Communications Gateway to generate the DNS records for
 ## Configure the customer tenant's call routing to use Azure Communications Gateway
 
 In the customer tenant, [configure a call routing policy](/microsoftteams/direct-routing-voice-routing) (also called a voice routing policy) with a voice route that routes calls to Azure Communications Gateway.
-- Set the PSTN gateway to the customer-specific per-region domain names for Azure Communications Gateway (for example, `test.r1.<deployment_id>.commsgw.azure.com` and `test.r2.<deployment_id>.commsgw.azure.com`).
+- Set the PSTN gateway to the customer-specific per-region domain names for Azure Communications Gateway (for example, `test.1-r1.<deployment-id>.commsgw.azure.com` and `test.1-r2.<deployment-id>.commsgw.azure.com`).
 - Don't configure any users to use the call routing policy yet.
 
 ## Next step
 
@@ -31,7 +31,7 @@ You must be able to sign in to the Microsoft 365 admin center for your tenant as
 ## Enable Microsoft Teams Direct Routing support
 
 > [!NOTE]
-> If you selected Microsoft Teams Direct Routing when you [deployed Azure Communications Gateway](deploy.md), skip this step and go to [Find your Azure Communication Gateway's domain names](#find-your-azure-communication-gateways-domain-names).
+> If you selected Microsoft Teams Direct Routing when you [deployed Azure Communications Gateway](deploy.md), skip this step and go to [Find your Azure Communication Gateway's domain names for connecting to Microsoft Teams Direct Routing](#find-your-azure-communication-gateways-domain-names-for-connecting-to-microsoft-teams-direct-routing).
 
 1. Sign in to the [Azure portal](https://azure.microsoft.com/).
 1. In the search bar at the top of the page, search for your Communications Gateway resource and select it.
@@ -41,7 +41,7 @@ You must be able to sign in to the Microsoft 365 admin center for your tenant as
 1. Select the **Overview** page for your resource.
 1. Wait for your resource to be updated. When your resource is ready, the **Provisioning Status** field on the resource overview changes to "Complete." We recommend that you check in periodically to see if the Provisioning Status field is "Complete." This step might take up to two weeks.
 
-## Find your Azure Communication Gateway's domain names
+## Find your Azure Communication Gateway's domain names for connecting to Microsoft Teams Direct Routing
 
 Before starting this step, check that the **Provisioning Status** field for your resource is "Complete".
 
@@ -52,11 +52,14 @@ Microsoft Teams only sends traffic to domains that you confirm that you own. You
 1. Select your Communications Gateway resource. Check that you're on the **Overview** of your Azure Communications Gateway resource.
 1. Select **Properties**.
 1. Find the field named **Domain**. This name is your deployment's _base domain name_.
-1. In each **Service Location** section, find the **Hostname** field. This field provides the _per-region domain name_.
-    - A production deployment has two service regions and therefore two per-region domain names.
-    - A lab deployment has one service region and therefore one per-region domain name.
+1. Work out the _per-region domain names_ for connecting to Microsoft Teams Direct Routing. These use the form `1-r<region-number>.<base-domain-name>`.
+    - A production deployment has two service regions and therefore two per-region domain names: `1-r1.<base-domain-name>` and `1-r2.<base-domain-name>`
+    - A lab deployment has one service region and therefore one per-region domain name: `1-r1.<base-domain-name>`.
 1. Note down the base domain name and the per-region domain name(s). You'll need these values in the next steps.
 
+> [!IMPORTANT]
+> The domain names for connecting to Microsoft Teams Direct Routing are different to the domain names for connecting to your network.
+
 ## Register the base domain name for Azure Communications Gateway in your tenant
 
 You need to register the base domain for Azure Communications Gateway in your tenant and verify it. Registering and verifying the base domain proves that you control the domain.
@@ -66,7 +69,7 @@ You need to register the base domain for Azure Communications Gateway in your te
 > - You must register Azure Communications Gateway's base domain name.
 > - Microsoft 365 automatically verifies the base domain name.
 
-Follow the instructions [to add a base domain to your tenant](/microsoftteams/direct-routing-sbc-multiple-tenants#add-a-base-domain-to-the-tenant-and-verify-it). Use the base domain name that you found in [Find your Azure Communication Gateway's domain names](#find-your-azure-communication-gateways-domain-names).
+Follow the instructions [to add a base domain to your tenant](/microsoftteams/direct-routing-sbc-multiple-tenants#add-a-base-domain-to-the-tenant-and-verify-it). Use the base domain name that you found in [Find your Azure Communication Gateway's domain names for connecting to Microsoft Teams Direct Routing](#find-your-azure-communication-gateways-domain-names-for-connecting-to-microsoft-teams-direct-routing).
 
 If Microsoft 365 prompts you to verify the domain name:
 
@@ -105,7 +108,7 @@ To activate the base domain in Microsoft 365, you must have at least one user or
 
 ## Connect your tenant to Azure Communications Gateway
 
-You must configure your Microsoft 365 tenant with SIP trunks to Azure Communications Gateway. Each trunk connects to one of the per-region domain names that you found in [Find your Azure Communication Gateway's domain names](#find-your-azure-communication-gateways-domain-names).
+You must configure your Microsoft 365 tenant with SIP trunks to Azure Communications Gateway. Each trunk connects to one of the per-region domain names that you found in [Find your Azure Communication Gateway's domain names for connecting to Microsoft Teams Direct Routing](#find-your-azure-communication-gateways-domain-names-for-connecting-to-microsoft-teams-direct-routing).
 
 Use [Connect your Session Border Controller (SBC) to Direct Routing](/microsoftteams/direct-routing-connect-the-sbc) and the following configuration settings to set up the trunks.
 
 
@@ -174,7 +174,7 @@ When your resource has been provisioned, you can connect Azure Communications Ga
         1. In the search bar at the top of the page, search for your Communications Gateway resource.
         1. Go to the **Overview** page for your Azure Communications Gateway resource.
         1. In each **Service Location** section, find the **Hostname** field. You need to validate TLS connections against this hostname to ensure secure connections.
-    * We recommend configuring an SRV lookup for each region, using `_sip._tls.<regional-FQDN-from-portal>`. Replace *`<regional-FQDN-from-portal>`* with the per-region FQDNs that you found in the **Overview** page for your resource.
+    * We recommend configuring an SRV lookup for each region, using `_sip._tls.<regional-FQDN-from-portal>`. Replace *`<regional-FQDN-from-portal>`* with the per-region FQDNs from the **Hostname** fields on the **Overview** page for your resource.
 1. If your Azure Communications Gateway includes integrated MCP, configure the connection to MCP:
     1. Go to the **Overview** page for your Azure Communications Gateway resource.
     1. In each **Service Location** section, find the **MCP hostname** field.
 
@@ -159,7 +159,7 @@ If you believe that media bypass support (preview) would be useful for your depl
 
 ## Topology hiding with domain delegation
 
-The domain for your Azure Communications Gateway deployment is visible to customer administrators in their Microsoft 365 admin center. By default, each Azure Communications Gateway deployment receives an automatically generated domain name in the form `<deployment_id>.commsgw.azure.com`, where `<deployment_id>` is autogenerated and unique to the deployment. For example, the domain name might be `a1b2c3d4e5f6g7h8.commsgw.azure.com`.
+The domain for your Azure Communications Gateway deployment is visible to customer administrators in their Microsoft 365 admin center. By default, each Azure Communications Gateway deployment receives an automatically generated domain name in the form `<deployment-id>.commsgw.azure.com`, where `<deployment-id>` is autogenerated and unique to the deployment. For example, the domain name might be `a1b2c3d4e5f6g7h8.commsgw.azure.com`.
 
 To hide the details of your deployment, you can configure Azure Communications Gateway to use a subdomain of your own base domain. Customer administrators see subdomains of this domain in their Microsoft 365 admin center. This process uses [DNS delegation with Azure DNS](../dns/dns-domain-delegation.md). You must configure DNS delegation as part of deploying Azure Communications Gateway.
 
 
@@ -61,7 +61,7 @@ Each site in your network must:
 > [!div class="checklist"]
 > - Send traffic to its local Azure Communications Gateway service region by default.
 > - Locate Azure Communications Gateway peers within a region using DNS SRV, as outlined in RFC 3263.
->     - Make a DNS SRV lookup on the domain name for the service region, for example `r1.<deployment_id>.commsgw.azure.com`, where `<deployment_id>` is autogenerated and unique to the deployment.
+>     - Make a DNS SRV lookup on the domain name for the service region's connection to your network, for example `pstn-region1.<deployment-id>.commsgw.azure.com` (where `<deployment-id>` is autogenerated and unique to the deployment). You can find these domain names from the **Hostname** fields on the ***Overview** of your resource in the Azure portal.
 >     - If the SRV lookup returns multiple targets, use the weight and priority of each target to select a single target.
 > - Send new calls to available Azure Communications Gateway peers.
 
 
@@ -86,6 +86,19 @@ landingContent:
             url: designing-for-high-availability-with-expressroute.md
           - text: Design for Disaster Recovery with private peering
             url: designing-for-disaster-recovery-with-expressroute-privatepeering.md
+    # Card
+  - title: Resiliency
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Create maximum resiliency with ExpressRoute circuits
+            url: expressroute-howto-circuit-portal-resource-manager.md?pivots=expressroute-preview
+          - text: Create maximum resiliency with ExpressRoute gateways
+            url: expressroute-howto-linkvnet-portal-resource-manager.md?pivots=expressroute-preview
+      - linkListType: architecture
+        links:
+          - text: ExpressRoute reliability - Azure Well-Architected Framework
+            url: /azure/well-architected/service-guides/azure-expressroute#reliability
   # Card
   - title: Learn about ExpressRoute architecture
     linkLists:
 
@@ -55,7 +55,7 @@ When you deployed Azure IoT Operations, you chose to include a built-in OPC PLC
 
 To add an asset endpoint:
 
-1. Select **Asset endpoints** and then **Create asset endpoint**:
+1. Select **Manage asset endpoints** and then **Create asset endpoint**:
 
     :::image type="content" source="media/quickstart-add-assets/asset-endpoints.png" alt-text="Screenshot that shows the asset endpoints page in the Azure IoT Operations portal.":::
 
@@ -84,22 +84,27 @@ To add an asset endpoint:
 
     When the OPC PLC simulator is running, data flows from the simulator, to the connector, to the OPC UA broker, and finally to the MQ broker.
 
-To enable the asset endpoint to use an untrusted certificate:
+The following step lowers the security level for the OPC PLC so that it accepts connections from any client without an explicit peer certificate trust operation. To enable the asset endpoint to use an untrusted certificate:
 
 > [!CAUTION]
-> Don't use untrusted certificates in production environments.
-
-1. Run the following command on the machine where your cluster is running to apply the configuration to use an untrusted certificate:
-
-    ```console
-    kubectl apply -f https://raw.githubusercontent.com/Azure-Samples/explore-iot-operations/main/samples/quickstarts/opc-ua-connector-0.yaml
+> Don't use untrusted certificates in production environments. To learn more, see [Configure an OPC PLC simulator](../manage-devices-assets/howto-configure-opc-plc-simulator.md).
+
+1. Run the following command to enable the use of an untrusted certificate. Replace the two placeholders with your cluster name and resource group name:
+
+    ```azurecli
+    az k8s-extension update \
+    --version 0.3.0-preview \
+    --name opc-ua-broker \
+    --release-train preview \
+    --cluster-name <cluster-name> \
+    --resource-group <azure-resource-group> \
+    --cluster-type connectedClusters \
+    --auto-upgrade-minor-version false \
+    --config opcPlcSimulation.deploy=true \
+    --config opcPlcSimulation.autoAcceptUntrustedCertificates=true
     ```
 
-    The following snippet shows the YAML file that you applied:
-
-    :::code language="yaml" source="~/azure-iot-operations-samples/samples/quickstarts/opc-ua-connector-0.yaml":::
-
-1. Find the name of your `aio-opc-supervisor` pod by using the following command:
+1. To enable the configuration change to take effect immediately, first find the name of your `aio-opc-supervisor` pod by using the following command:
 
     ```console
     kubectl get pods -n azure-iot-operations
@@ -177,7 +182,7 @@ Review your asset and tag details and make any adjustments you need before you s
 
 To verify that the thermostat asset you added is publishing data, view the telemetry in the `azure-iot-operations/data` topic:
 
-:::image type="content" source="media/quickstart-add-assets/mqttui-output.png" alt-text="Screenshot of the mqttui topic display showing the temperature telemetry.":::
+:::image type="content" source="media/quickstart-add-assets/mqttui-output.png" alt-text="Screenshot of the mqttui topic display showing the temperature telemetry." lightbox="media/quickstart-add-assets/mqttui-output.png":::
 
 If there's no data flowing, restart the `aio-opc-opc.tcp-1` pod:
 
@@ -199,7 +204,7 @@ The sample tags you added in the previous quickstart generate messages from your
 
 ```json
 {
-    "Timestamp": "2023-08-10T00:54:58.6572007Z", 
+    "Timestamp": "2024-03-08T00:54:58.6572007Z", 
     "MessageType": "ua-deltaframe",
     "payload": {
       "temperature": {
@@ -211,7 +216,7 @@ The sample tags you added in the previous quickstart generate messages from your
         "Value": 7109
       }
     },
-    "DataSetWriterName": "oven",
+    "DataSetWriterName": "thermostat",
     "SequenceNumber": 4660
 }
 ```