Merge pull request #280852 from greg-lindsay/appgw-freshness

replace pull 279457

Author: prmerger-automator[bot]

articles/application-gateway/application-gateway-faq.yml

@@ -6,7 +6,7 @@ metadata:
   author: greg-lindsay
   ms.service: application-gateway
   ms.topic: faq
-  ms.date: 06/27/2024
+  ms.date: 07/15/2024
   ms.author: greglin
   ms.custom: references_regions, devx-track-azurepowershell
 title: Frequently asked questions about Application Gateway
@@ -284,31 +284,33 @@ sections:
           Application Gateway v1 SKUs can run in a FIPS 140-2 approved mode of operation, which is commonly referred to as "FIPS mode." FIPS mode calls a FIPS 140-2 validated cryptographic module that ensures FIPS-compliant algorithms for encryption, hashing, and signing when enabled. To ensure FIPS mode is enabled, the `FIPSMode` setting must be configured via PowerShell, Azure Resource Manager template, or REST API after the subscription has been enrolled to enable configuration of `FIPSmode`.
 
           **Note:** As part of the FedRAMP compliance, US Government mandates that systems operate in a [FIPS-approved mode](/azure/compliance/offerings/offering-fips-140-2) after August 2024. 
-          **Steps to enable FIPS Mode in V1 SKU**
           
-          * Register the **‘AllowApplicationGatewayEnableFIPS’** feature to enroll the subscription for FIPS mode configuration.
+          **Steps to enable FIPS Mode in V1 SKU**:
           
-          ```azurepowershell-interactive
-          Register-AzProviderFeature -FeatureName AllowApplicationGatewayEnableFIPS -ProviderNamespace Microsoft.Network
-          ```
-          Use the following steps to enroll for FIPS Mode in Application Gateway V1 using the **Azure portal**
-          1.	Sign in to the Azure portal.
-          1.	In the search box, enter subscriptions and select **Subscriptions**.
-          1.	Select the link for your subscription's name.
-          1.	From the left menu, under **Settings** select **Preview features**.
-          1.	You see a list of available features and your current registration status.
-          1.	From Preview features type into the filter box **AllowApplicationGatewayEnableFIPS**, select the feature, and then select Register.
+          **Step 1**: Register the **‘AllowApplicationGatewayEnableFIPS’** feature to enroll the subscription for FIPS mode configuration.
+          
+            To register using Azure PowerShell, open a Cloud Shell prompt and enter the following:
+          
+            ```azurepowershell-interactive
+            Register-AzProviderFeature -FeatureName AllowApplicationGatewayEnableFIPS -ProviderNamespace Microsoft.Network
+            ```
+            
+            To register using the **Azure portal**:
 
-          * Once **step 1** is complete, the **enableFips** property needs to be set to True through PowerShell, Azure Resource Manager template, or REST API.
+           - Sign in to the Azure portal and search for **Preview features**.
+           - Enter **AllowApplicationGatewayEnableFIPS** into the filter box. Select **Application Gateway V1 Allow FIPS Mode**, and then select **Register**.
 
-          ```azurepowershell-interactive
-          # Get the application gateway
-          $appgw = Get-AzApplicationGateway -Name <ApplicationGatewayName> -ResourceGroupName <ResourceGroupName>
-          # Set the EnableFips property
-          $appgw.EnableFips = $true
-          # Update the application gateway
-          Set-AzApplicationGateway -ApplicationGateway $appgw
-          ```
+          **Step 2**: Set the **enableFips** property to **True** using PowerShell, Azure Resource Manager template, or REST API.
+
+            ```azurepowershell-interactive
+            # Get the application gateway
+            $appgw = Get-AzApplicationGateway -Name <ApplicationGatewayName> -ResourceGroupName <ResourceGroupName>
+            # Set the EnableFips property
+            $appgw.EnableFips = $true
+            # Update the application gateway
+            Set-AzApplicationGateway -ApplicationGateway $appgw
+            ```
+          
           Changing FIPS mode doesn't affect the overall availability of cipher suites on V1 gateways. However, when using [elliptic curve cryptography](/windows/win32/secauthn/tls-elliptic-curves-in-windows-10-1607-and-later) for ciphers, with FIPS mode disabled  you can use curve25519, NistP256, and NistP384 whereas with FIPS mode enabled only NistP256 and NistP384 are allowed and curve25519 is disabled. Since curve25519 becomes unavailable in FIPS mode, make sure your clients support NistP256 or NistP384 for secure communication before enabling FIPS. 
           
       - question: How do I use Application Gateway v2 with only a private frontend IP address?

articles/application-gateway/migrate-v1-v2.md

@@ -6,7 +6,7 @@ author: greg-lindsay
 ms.service: application-gateway
 ms.custom: devx-track-azurepowershell
 ms.topic: how-to
-ms.date: 02/26/2024
+ms.date: 07/15/2024
 ms.author: greglin
 ---
 
@@ -33,6 +33,7 @@ This article primarily helps with the configuration migration. Client traffic mi
 * If you're running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.
 * Ensure that there's no existing Application gateway with the provided AppGW V2 Name and Resource group name in V1 subscription. This rewrites the existing resources.
 * If a public IP address is provided, ensure that it's in a succeeded state. If not provided and AppGWResourceGroupName is provided ensure that public IP resource with name AppGWV2Name-IP  doesn’t  exist in a resource group with the name AppGWResourceGroupName in the V1 subscription.
+* For the V1 SKU, authentication certificates are required to set up TLS connections with backend servers. The V2 SKU requires uploading [trusted root certificates](./certificates-for-backend-authentication.md) for the same purpose. While V1 allows the use of self-signed certificates as authentication certificates, V2 mandates [generating and uploading a self-signed Root certificate](./self-signed-certificates.md) if self-signed certificates are used in the backend.
 * Ensure that no other operation is planned on the V1 gateway or any associated resources during migration.
 
 [!INCLUDE [cloud-shell-try-it.md](~/reusable-content/ce-skilling/azure/includes/cloud-shell-try-it.md)]