Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into patricka-gateway-diagram

Author: Pat Altimore

articles/application-gateway/configure-web-app.md

@@ -7,7 +7,7 @@ author: mbender-ms
 ms.service: azure-appgw-for-containers
 ms.custom: devx-track-azurecli
 ms.topic: quickstart
-ms.date: 5/2/2025
+ms.date: 7/9/2025
 ms.author: mbender
 # Customer intent: As a Kubernetes administrator, I want to install the Application Gateway for Containers ALB Controller on my AKS cluster, so that I can efficiently manage load balancing rules and enhance application traffic handling.
 ---
@@ -181,7 +181,6 @@ You need to complete the following tasks before deploying Application Gateway fo
    
     | NAME                                     | READY | STATUS  | RESTARTS | AGE  |
     | ---------------------------------------- | ----- | ------- | -------- | ---- |
-    | alb-controller-bootstrap-6648c5d5c-hrmpc | 1/1   | Running | 0        | 4d6h |
     | alb-controller-6648c5d5c-sdd9t           | 1/1   | Running | 0        | 4d6h |
     | alb-controller-6648c5d5c-au234           | 1/1   | Running | 0        | 4d6h |
 

articles/application-gateway/for-containers/quickstart-deploy-application-gateway-for-containers-alb-controller.md

@@ -2,7 +2,7 @@
 title: Support Matrix for Azure files backup by using Azure Backup
 description: Provides a summary of support settings and limitations when backing up Azure files.
 ms.topic: reference
-ms.date: 07/03/2025
+ms.date: 07/10/2025
 ms.custom: references_regions, engagement-fy24
 ms.service: azure-backup
 author: jyothisuri
@@ -33,7 +33,7 @@ Vaulted backup for Azure Files is available in the following regions: UK South,
 
 Cross Region Restore is supported in all preceding regions, except Italy North.
 
-Migration of  File Shares protected with snapshot backup to vaulted backup is supported in the following regions: UK South, UK West, Southeast Asia, East Asia, West Central US, and India Central.
+Migration of  File Shares protected with snapshot backup to vaulted backup is supported in the following regions: UK South, UK West, Southeast Asia, East Asia, West Central US, India Central, Spain Central, Jio India West, Israel Central, Australia Central 2 and Germany North. 
 
 >[!Note]
 >Cross Subscription Backup and Restore are supported for vaulted backup.

articles/application-gateway/tutorial-url-redirect-powershell.md

@@ -57,7 +57,7 @@ The list below mentions the Azure and corresponding OCI regions with the regiona
 | West US | US West (San Jose)  | ✓  | ✓  | ✓| | Preview available | Single |
 | Central US | US Midwest (Chicago)  | ✓  |   ✓  | ✓ | | | Dual |
 | East US 2 | US East (Ashburn) | ✓  |   | | | | Dual |
-| South Central US | ✓  | |  | | | | Dual |
+| South Central US |Dallas| ✓  | |  | |  | Dual |
 
 > [!NOTE]
 > To provision Oracle Database@Azure resources in a supported region, your tenancy must be subscribed to the target region. Learn how to [manage regions](https://docs.oracle.com/iaas/Content/Identity/regions/managingregions.htm#Managing_Regions) and [subscribe to an infrastructure region](https://docs.oracle.com/iaas/Content/Identity/regions/To_subscribe_to_an_infrastructure_region.htm#subscribe).

articles/backup/azure-file-share-support-matrix.md

@@ -39,9 +39,142 @@ Access logs categories for a network security perimeter are based on the results
 > [!NOTE]
 > The available access modes for a network security perimeter are **Transition** and **Enforced**. The **Transition** mode was previously named **Learning** mode. You may continue to see references to **Learning** mode in some instances. 
 
+## Access log schema
+
+Every PaaS resource associated with the network security perimeter, generates access log(s) with unified log schema when enabled.
+> [!NOTE]
+> Network security perimeter access logs may have been aggregated. If the fields 'count' and 'timeGeneratedEndTime' are missing, consider the aggregation count as 1.
+
+| **Value** | **Description** |
+| --- | --- |
+| **time** | The timestamp (UTC) of the first event in log aggregation window. |
+| **timeGeneratedEndTime** | The timestamp (UTC) of the last event in the log aggregation window. |
+| **count** | Number of logs aggregated. |
+| **resourceId** | The resource Id of the network security perimeter.|
+| **location** | The region of network security perimeter.|
+| **operationName** | The name of the PaaS resource operation represented by this event. |
+| **operationVersion** | The api-version associated with the operation. |
+| **category** | Log categories defined for Access logs. |
+| **properties** | Network security perimeter specific extended properties related to this category of events.|
+| **resultDescription** | The static text description of this operation on the PaaS resource, e.g. “Get storage file.” |
+
+## Network security perimeter specific properties
+
+This section describes the network security perimeter specific properties in the log schema. 
+> [!NOTE]
+> Application of the properties is subjected to log category type. Do refer respective log category schemas for applicability.
+
+| **Value** | **Description** |
+| --- | --- |
+| **serviceResourceId** | Resource ID of PaaS resource emitting network security perimeter access logs. |
+| **serviceFqdn** | Fully Qualified Domain Name of PaaS resource emitting network security perimeter access logs. |
+| **profile** | Name of the network security perimeter profile associated to the resource. |
+| **parameters** | List of optional PaaS resource properties in JSON string format. E.g., { {Param1}: {value1}, {Param2}: {value2}, ...}. |
+| **appId** | Unique GUID representing the app ID of resource in the Azure Active Directory. |
+| **matchedRule** | JSON property bag containing matched accessRule name, {"accessRule" : "{ruleName}"}. It can be either network security perimeter access rule Name or resource rule name (not the ArmId). |
+| **source** | JSON property bag describing source of the inbound connection. |
+| **destination** | JSON property bag describing destination of the outbound connection. |
+| **accessRulesVersion** | JSON property bag containing access rule version of the resource. |
+	
+## Source properties
+
+Properties describing source of inbound connection.
+
+| **Value** | **Description** |
+| --- | --- |
+| **resourceId** | Resource ID of source PaaS resource for an inbound connection. Will exist if applicable. |
+| **ipAddress** | IP address of source making inbound connection. Will exist if applicable. |
+| **port** | Port number of inbound connection. May not exist for all resource types. |
+| **protocol** | Application & transport layer protocols for inbound connection in format {AppProtocol}:{TptProtocol}. E.g., HTTPS:TCP. May not exist for all resource types. |
+| **perimeterGuids** | List of perimeter GUIDs of source resource. It should be specified only if allowed based on perimeter GUID. |
+| **appId** | Unique GUID representing the app ID of source in the Azure Active Directory. |
+| **parameters** | List of optional source properties in JSON string format. E.g., { {Param1}: {value1}, {Param2}: {value2}, ...}. |
+
+## Destination properties
+Properties describing destination of outbound connection.
+
+| **Value** | **Description** |
+| --- | --- |
+| **resourceId** | Resource ID of destination PaaS resource for an outbound connection. Will exist if applicable. |
+| **fullyQualifiedDomainName** | Fully Qualified Domain (FQDN) name of the destination. |
+| **parameters** | List of optional destination properties in JSON string format. E.g., { {Param1}: {value1}, {Param2}: {value2}, ...}. |
+| **port** | Port number of outbound connection. May not exist for all resource types. |
+| **protocol** | Application & transport layer protocols for outbound connection in the format {AppProtocol}:{TptProtocol}. E.g., HTTPS:TCP. May not exist for all resource types. |
+
+## Sample log entry For inbound categories
+
+``` json
+{
+  "time" : "{timestamp}",
+  "timeGeneratedEndTime" : "{timestamp}",
+  "count" : "{countOfAggregatedLogs}",
+  "resourceId" : "/SUBSCRIPTIONS/{subsId}/RESOURCEGROUPS/{resourceGroupName}/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYPERIMETERS/{perimeterName}",
+  "operationName" : "{PaaSOperationName}" ,
+  "operationVersion" : "{api-version}",
+  "category" : "{inboundCategory}",
+  "location" : "{networksecurityperimeterRegion}",
+  "properties" : {
+    "serviceResourceId" : "/subscriptions/{paasSubsId}/resourceGroups/{paasResourceGroupName}/providers/{provider}/{resourceType}/{resourceName}",
+    "serviceFqdn": "{PaaSResourceFQDN}",
+    "accessRulesVersion" : "{accessRulesVersion}",
+    "profile" : "{networksecurityperimeterProfileName}",
+    "appId" : "{resourceAppId}",
+    "parameters" : "{ {ParameterType1}: {value1}, {ParameterType2}: {value2}, ...}", // Parsable JSON 
+    "matchedRule" : {
+      "accessRule" : "{matchedRuleName}",
+      },
+    "source" : {
+      "resourceId" : "/subscriptions/{sourceSubscriptionId}/resourceGroups/{sourceResourceGroupName}/providers/{sourceProvider}/{sourceResourceType}/{sourceResourceName}",
+      "ipAddress": "{sourceIPAddress}",
+      "perimeterGuids" : ["{sourcePerimeterGuid}"], // Only included if request comes from perimeter
+      "appId" : "{sourceAppId}",
+      "port" : "{Port}",
+      "protocol" : "{Protocol}",
+      "parameters" : "{ {ParameterType1}: {value1}, {ParameterType2}: {value2}, ...}", // Parsable JSON 
+    },
+  },
+  "resultDescription" : "The static text description of this operation on the PaaS resource. For example, \"Get storage file.\""
+}
+```
+
+## Sample log entry for outbound categories
+
+``` json
+{
+  "time" : "{timestamp}",
+  "timeGeneratedEndTime" : "{timestamp}",
+  "count" : "{countOfAggregatedLogs}",
+  "resourceId" : "/SUBSCRIPTIONS/{subsId}/RESOURCEGROUPS/{resourceGroupName}/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYPERIMETERS/{perimeterName}",
+  "operationName" : "{PaaSOperationName}" ,
+  "operationVersion" : "{api-version}",
+  "category" : "{outboundCategory}",
+  "location" : "{networksecurityperimeterRegion}",
+  "properties" : {
+    "serviceResourceId" : "/subscriptions/{paasSubsId}/resourceGroups/{paasResourceGroupName}/providers/{provider}/{resourceType}/{resourceName}",
+    "serviceFqdn": "{PaaSResourceFQDN}",
+    "accessRulesVersion" : "{accessRulesVersion}",
+    "profile" : "{networksecurityperimeterProfileName}",
+    "appId" : "{resourceAppId}",
+    "parameters" : "{{ParameterType1}: {value1}, {ParameterType2}: {value2}, ...}", // Parsable JSON 
+    "matchedRule" : {
+      "accessRule" : "{matchedRuleName}",
+      },
+    "destination" : {
+      "resourceId" : "/subscriptions/{destSubsId}/resourceGroups/{destResourceGroupName}/providers/{destProvider}/{destResourceType}/{destResourceName}",
+      "fullyQualifiedDomainName" : "{destFQDN}",
+      "appId" : "{destAppId}",
+      "port" : "{Port}",
+      "protocol" : "{Protocol}",
+      "parameters" : "{ {ParameterType1}: {value1}, {ParameterType2}: {value2}, ...}", // Parsable JSON 
+    },
+  },
+  "resultDescription" : "The static text description of this operation on the PaaS resource. For example, \"Get storage file.\""
+}
+```
+
 ## Logging destination options for access logs  
 
-The destinations for storing diagnostic logs for a network security perimeter include services like Log Analytic workspace, Azure Storage account, and Azure Event Hubs. For the full list and details of supported destinations, see [Supported destinations for diagnostic logs](/azure/azure-monitor/essentials/diagnostic-settings).
+The destinations for storing diagnostic logs for a network security perimeter include services like Log Analytic workspace (**Table name: NSPAccessLogs**), Azure Storage account, and Azure Event Hubs. For the full list and details of supported destinations, see [Supported destinations for diagnostic logs](/azure/azure-monitor/essentials/diagnostic-settings).
 
 ## Enable logging through the Azure portal
 

articles/oracle/oracle-db/oracle-database-regions.md

@@ -103,6 +103,32 @@ Further, here are some prompts you can use to help you interact with your agent:
 - List [Container Apps/Web Apps/etc.] that you’re managing across all subscriptions.
 - Visualize split of Container Apps vs Web Apps vs AKS clusters managed across all subscriptions as a pie chart.
 
+## Supported services
+
+While Azure SRE Agent can help you manage and report on all Azure services, the agent features specialized tools for managing the following services:
+
+- Azure API Management
+- Azure App Service
+- Azure Cache for Redis
+- Azure Container Apps
+- Azure Cosmos DB
+- Azure Database for PostgreSQL
+- Azure Functions
+- Azure Kubernetes Service
+- Azure SQL
+- Azure Storage
+- Azure Virtual Machines
+
+To get the latest list of services with custom agent tooling, you can submit the following prompt to the agent:
+
+```text
+Which Azure services do you have specialized tooling available for?
+```
+
+### Identifying resource groups
+
+As you create an agent, the resource group picker indicates groups that have instances of services with specialized tooling. From the resource group picker you'll see a checkmark (:::image type="icon" source="media/blue-check.png" border="false":::) next to the group name indicating the group includes services with specialized support.
+
 ## Preview access
 
 Access to an SRE Agent is only available as in preview. To sign up for access, fill out the [SRE Agent application](https://go.microsoft.com/fwlink/?linkid=2319540).

articles/private-link/network-security-perimeter-diagnostic-logs.md

@@ -82,9 +82,7 @@ Azure File Sync is supported with the following versions of Windows Server:
 | Windows Server 2022 | Azure, Datacenter, Essentials, Standard, and IoT | Full and Core |
 | Windows Server 2019 | Datacenter, Essentials, Standard, and IoT | Full and Core |
 | Windows Server 2016 | Datacenter, Essentials, Standard, and Storage Server | Full and Core |
-| Windows Server 2012 R2* | Datacenter, Essentials, Standard, and Storage Server | Full and Core |
 
-*Requires downloading and installing [Windows Management Framework (WMF) 5.1](https://www.microsoft.com/download/details.aspx?id=54616). The appropriate package to download and install for Windows Server 2012 R2 is **Win8.1AndW2K12R2-KB\*\*\*\*\*\*\*-x64.msu**.
 
 > [!IMPORTANT]  
 > We recommend keeping all servers that you use with Azure File Sync up to date with the latest updates from Windows Update. 

articles/sre-agent/media/blue-check.png

@@ -47,7 +47,7 @@ EiT is now Generally Available (GA) in all regions that support Azure Premium Fi
 
 ### Register for preview (not needed for GA regions)
 
-To enable encryption in transit for your storage accounts and NFS shares in the preview regions (China North3, New Zealand North, West Europe, US East2, US Central, US South, and Korea Central), you must register for the preview. **No registration is needed in the GA regions.**
+To enable encryption in transit for your storage accounts and NFS shares in the preview regions (China North3, New Zealand North, West Europe, US Central, US South, and Korea Central), you must register for the preview. **No registration is needed in the GA regions.**
 
 ### [Portal](#tab/azure-portal)