Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into fwtoc

Author: duongau

.openpublishing.redirection.json

@@ -30,6 +30,11 @@
       "redirect_url": "/previous-versions/azure/partner-solutions/logzio/troubleshoot",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/event-grid/event-schema-storage-actions.md",
+      "redirect_url": "/azure/storage-actions/overview",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/hdinsight-aks/index.yml",
       "redirect_url": "/previous-versions/azure/hdinsight-aks",
@@ -5935,6 +5940,11 @@
       "redirect_url": "/azure/reliability/overview-reliability-guidance",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/reliability/sovereign-cloud-china.md",
+      "redirect_url": "/azure/china/concepts-service-availability",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/managed-grafana/concept-role-based-access-control.md",
       "redirect_url": "/azure/managed-grafana/how-to-manage-access-permissions-users-identities",

articles/active-directory-b2c/faq.yml

@@ -163,6 +163,18 @@ sections:
           * **Audit reports** include both admin activity and application activity.
           * **Usage reports** include the number of users, number of logins, and volume of MFA.
 
+      - question: |
+          Why does my Azure AD B2C bill show phone charges named "Microsoft Entra External ID?"
+        answer: |
+          Following the new [billing model](https://azure.microsoft.com/pricing/details/active-directory-b2c/) for Azure AD External Identities SMS Phone Authentication, you may notice a new name on your bill. Previously, Phone MFA was billed as "Azure Active Directory B2C - Basic 1 Multi-Factor Authentication." Now you’ll see the following names based on your [country or region pricing tier](https://aka.ms/B2CSMSCountries):
+          
+          * Microsoft Entra External ID - Phone Authentication Low Cost 1 Transaction
+          * Microsoft Entra External ID - Phone Authentication Mid Low Cost 1 Transaction
+          * Microsoft Entra External ID - Phone Authentication Mid High Cost 1 Transaction
+          * Microsoft Entra External ID - Phone Authentication High Cost 1 Transaction
+          
+          Although the new bill mentions Microsoft Entra External ID, **you’re still billed for Azure AD B2C based on your core MAU count**.
+          
       - question: |
           Can end users use a time-based one-time password (TOTP) with an authenticator app to authenticate to my Azure AD B2C app?
         answer: |
@@ -271,7 +283,7 @@ sections:
       - question: |
           I am using rolling refresh tokens for my application and I am getting an invalid_grant error on redeeming newly acquired refresh tokens well within their set validity period. Why does this happen? 
         answer: |
-          While determining validity for rolling refresh tokens, B2C will consider the initial login time of the user in the application also to calculate the token validity skew. If the user haven't logged out of the application for a very long time, this skew value will exceed the validity period of the token and hence for security reasons the tokens will be considered as invalid. Hence the error. Inform the user to perform a proper logout and login back into the application and this should reset the skew. This scenario is not applicable if refresh token rolling is set as infinite rolling.
+          While determining validity for rolling refresh tokens, B2C will consider the initial login time of the user in the application also to calculate the token validity skew. If the user hasn't logged out of the application for a very long time, this skew value will exceed the validity period of the token and hence for security reasons the tokens will be considered as invalid. Hence the error. Inform the user to perform a proper logout and login back into the application and this should reset the skew. This scenario is not applicable if refresh token rolling is set as infinite rolling.
              
           
       - question: |

articles/active-directory-b2c/localization-string-ids.md

@@ -496,18 +496,18 @@ The following IDs are used for a [time-based one-time password (TOTP) display co
       </LocalizedResources>
 ```
 
-## Restful service error messages
+## RESTful service error messages
 
-The following IDs are used for [Restful service technical profile](restful-technical-profile.md) error messages:
+The following IDs are used for [RESTful service technical profile](restful-technical-profile.md) error messages:
 
 | ID | Default value |
 | --- | ------------- |
-| `DefaultUserMessageIfRequestFailed` | Failed to establish connection to restful service end point. Restful service URL: {0} |
-| `UserMessageIfCircuitOpen` | {0} Restful Service URL: {1} |
-| `UserMessageIfDnsResolutionFailed` | Failed to resolve the hostname of the restful service endpoint. Restful service URL: {0} |
-| `UserMessageIfRequestTimeout` | Failed to establish connection to restful service end point within timeout limit {0} seconds. Restful service URL: {1} |
+| `DefaultUserMessageIfRequestFailed` | Failed to establish connection to restful service end point. RESTful service URL: {0} |
+| `UserMessageIfCircuitOpen` | {0} RESTful Service URL: {1} |
+| `UserMessageIfDnsResolutionFailed` | Failed to resolve the hostname of the restful service endpoint. RESTful service URL: {0} |
+| `UserMessageIfRequestTimeout` | Failed to establish connection to restful service end point within timeout limit {0} seconds. RESTful service URL: {1} |
 
-### Restful service example
+### RESTful service example
 
 ```xml
 <LocalizedResources Id="api.localaccountsignup.en">

articles/api-management/breaking-changes/stv1-platform-retirement-august-2024.md

@@ -5,7 +5,7 @@ services: api-management
 author: dlepow
 ms.service: azure-api-management
 ms.topic: reference
-ms.date: 08/28/2024
+ms.date: 02/19/2025
 ms.author: danlep
 ---
 
@@ -54,9 +54,8 @@ As of 1 September 2024, API Management will no longer provide any service level
 
 Through continued use of an instance hosted on the `stv1` platform beyond the retirement date, you acknowledge that Azure does not commit to the SLA of 99.95% for the retired instances.
 
-### Automatic migration
+[!INCLUDE [api-management-automatic-migration](../../../includes/api-management-automatic-migration.md)]
 
-Starting 1 September 2024, we'll automatically migrate remaining `stv1` service instances to the `stv2` compute platform. All affected customers will be notified of the upcoming automatic migration a week in advance. Automatic migration might cause downtime for your upstream API consumers. You may still migrate your own instances before automatic migration takes place.
 
 [!INCLUDE [api-management-migration-support](../../../includes/api-management-migration-support.md)]
 

articles/api-management/breaking-changes/stv1-platform-retirement-sovereign-clouds-february-2025.md

@@ -52,6 +52,7 @@ As of 1 September 2024, API Management will no longer provide any service level
 
 Through continued use of an instance hosted on the `stv1` platform beyond 1 September 2024, you acknowledge that Azure does not commit to the SLA of 99.95%.
 
+[!INCLUDE [api-management-automatic-migration](../../../includes/api-management-automatic-migration.md)]
 
 [!INCLUDE [api-management-migration-support](../../../includes/api-management-migration-support.md)]
 

articles/api-management/graphql-apis-overview.md

@@ -21,7 +21,7 @@ API Management helps you import, manage, protect, test, publish, and monitor Gra
 
 |Pass-through GraphQL   |Synthetic GraphQL  |
 |---------|---------|
-| ▪️ Pass-through API to existing GraphQL service endpoint<br><br/>▪️ Support for GraphQL queries, mutations, and subscriptions  |   ▪️ API based on a custom GraphQL schema<br></br>▪️ Support for GraphQL queries, mutations, and subscriptions<br/><br/>▪️  Configure custom resolvers, for example, to HTTP data sources<br/><br/>▪️ Develop GraphQL schemas and GraphQL-based clients while consuming data from legacy APIs     |
+| ▪️ Pass-through API to existing GraphQL service endpoint<br><br/>▪️ Support for GraphQL queries, mutations, and subscriptions  |   ▪️ API based on a custom GraphQL schema<br></br>▪️ Support for GraphQL queries, mutations, and subscriptions<br/><br/>▪️  Configure custom resolvers, for example, to HTTP data sources<br/><br/>▪️ Develop GraphQL schemas and GraphQL-based clients while consuming data from legacy APIs<br/><br/>▪️ Synthetic subscriptions do not require resolvers. See [publish-event](publish-event-policy.md) policy.    |
 
 ## Availability
 

articles/api-management/media/visual-studio-code-tutorial/test-api.png

@@ -6,7 +6,7 @@ author: dlepow
 ms.service: azure-api-management
 ms.custom:
 ms.topic: how-to
-ms.date: 11/04/2024
+ms.date: 02/19/2025
 ms.author: danlep
 ---
 
@@ -241,6 +241,9 @@ Under certain conditions, [Option 1: Migrate and keep same subnet](#option-1-mig
 
 * **Azure Key Vault blocked** - If access to Azure Key Vault is currently blocked, you must migrate using Option 2, including setting up NSG rules in the new subnet for access to Azure Key Vault.
 
+[!INCLUDE [api-management-automatic-migration](../../includes/api-management-automatic-migration.md)]
+
+
 [!INCLUDE [api-management-migration-support](../../includes/api-management-migration-support.md)]
 
 ## Frequently asked questions

articles/api-management/migrate-stv1-to-stv2-vnet.md

@@ -53,6 +53,7 @@ The `publish-event` policy publishes an event to one or more subscriptions speci
 ### Usage notes
 
 * This policy is invoked only when a related GraphQL query or mutation is executed.
+* Resolver *should not* be defined for the corresponding subscription. Defining a `publish-event` policy on a source query or mutation is sufficient to trigger subscription events.
 
 ## Example
 

articles/api-management/publish-event-policy.md

@@ -87,7 +87,7 @@ NSG rules allowing outbound connectivity to Storage, SQL, and Azure Event Hubs s
 
 ## TLS functionality  
 
-To enable TLS/SSL certificate chain building and validation, the API Management service needs outbound network connectivity on ports `80` and `443` to `ocsp.msocsp.com`, `oneocsp.msocsp.com`, `mscrl.microsoft.com`, `crl.microsoft.com`, and `csp.digicert.com`. This dependency is not required if any certificate you upload to API Management contains the full chain to the CA root.
+To enable TLS/SSL certificate chain building and validation, the API Management service needs outbound network connectivity on ports `80` and `443` to `ocsp.msocsp.com`, `oneocsp.msocsp.com`, `mscrl.microsoft.com`, `crl.microsoft.com`, `cacerts.digicert.com`, `crl3.digicert.com` and `csp.digicert.com`. 
 
 
 ## DNS access