Merge pull request #236451 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/aks/faq.md

@@ -60,7 +60,7 @@ Microsoft provides guidance for other actions you can take to secure your worklo
 
 ## How does the managed Control Plane communicate with my Nodes?
 
-AKS uses a secure tunnel communication to allow the api-server and individual node kubelets to communicate even on separate virtual networks. The tunnel is secured through TLS encryption. The current main tunnel that is used by AKS is [Konnectivity, previously known as apiserver-network-proxy](https://kubernetes.io/docs/tasks/extend-kubernetes/setup-konnectivity/). Verify all network rules follow the [Azure required network rules and FQDNs](limit-egress-traffic.md).
+AKS uses a secure tunnel communication to allow the api-server and individual node kubelets to communicate even on separate virtual networks. The tunnel is secured through mTLS encryption. The current main tunnel that is used by AKS is [Konnectivity, previously known as apiserver-network-proxy](https://kubernetes.io/docs/tasks/extend-kubernetes/setup-konnectivity/). Verify all network rules follow the [Azure required network rules and FQDNs](limit-egress-traffic.md).
 
 ## Why are two resource groups created with AKS?
 

articles/azure-vmware/includes/vmware-software-versions.md

@@ -19,7 +19,7 @@ The VMware solution software versions used in new deployments of Azure VMware So
 | VMware ESXi                  |    [7.0 U3c](https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3c-release-notes.html)   |
 | VMware vSAN                  |    [7.0 U3c](https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vmware-vsan-703-release-notes.html)   |
 | VMware vSAN on-disk format   |    [10](https://kb.vmware.com/s/article/2148493)        |
-| VMware HCX                   |    [4.5.0](https://docs.vmware.com/en/VMware-HCX/4.5/rn/vmware-hcx-45-release-notes/index.html)     |
+| VMware HCX                   |    [4.5.2](https://docs.vmware.com/en/VMware-HCX/4.5/rn/vmware-hcx-45-release-notes/index.html)     |
 | VMware NSX-T Data Center <br />**NOTE:** VMware NSX-T Data Center is the only supported version of NSX Data Center.                     |    [!INCLUDE [nsxt-version](nsxt-version.md)]   |
 
 The current running software version is applied to new clusters added to an existing private cloud.

articles/cognitive-services/Speech-Service/speech-container-howto-on-premises.md

@@ -76,7 +76,7 @@ textToSpeech:
   optimizeForTurboMode: true
   image:
     registry: mcr.microsoft.com
-    repository: azure-cognitive-services/speechservices/speech-to-text
+    repository: azure-cognitive-services/speechservices/text-to-speech
     tag: latest
     pullSecrets:
       - mcr # Or an existing secret

articles/firewall/enable-top-ten-and-flow-trace.md

@@ -112,7 +112,7 @@ To check the status of the AzResourceProvider registration, you can run the Azur
 
 1. In the Diagnostic settings tab, select **Add diagnostic setting**.
 2. Type a Diagnostic setting name.
-3. Select **Azure Firewall Fat Flow Log** under **Categories** and any other logs you want to be supported in the firewall.
+3. Select **Azure Firewall Flow Trace Log** under **Categories** and any other logs you want to be supported in the firewall.
 4. In Destination details, select  **Send to Log Analytics** workspace
    1. Choose your desired Subscription and preconfigured Log Analytics workspace.
    1. Enable **Resource specific**.

articles/firewall/integrate-with-nat-gateway.md

@@ -25,7 +25,7 @@ There’s no double NAT with this architecture. Azure Firewall instances send th
 > [!NOTE]
 > Deploying NAT gateway with a [zone redundant firewall](deploy-availability-zone-powershell.md) is not recommended deployment option, as the NAT gateway does not support zonal deployment at this time. In order to use NAT gateway with Azure Firewall, a zonal Firewall deployment is required. 
 >
-> In addition, Azure NAT Gateway integration is not currently supported in secured virtual hub network architectures. You must deploy using a hub virtual network architecture. For detailed guidance on integrating NAT gateway with Azure Firewall in a hub and spoke network architecture refer to the [NAT gateway and Azure Firewall integration tutorial](../virtual-network/nat-gateway/tutorial-hub-spoke-nat-firewall.md). For more information about Azure Firewall architecture options, see [What are the Azure Firewall Manager architecture options?](../firewall-manager/vhubs-and-vnets.md).
+> In addition, Azure NAT Gateway integration is not currently supported in secured virtual hub network (vWAN) architectures. You must deploy using a hub virtual network architecture. For detailed guidance on integrating NAT gateway with Azure Firewall in a hub and spoke network architecture refer to the [NAT gateway and Azure Firewall integration tutorial](../virtual-network/nat-gateway/tutorial-hub-spoke-nat-firewall.md). For more information about Azure Firewall architecture options, see [What are the Azure Firewall Manager architecture options?](../firewall-manager/vhubs-and-vnets.md).
 
 ## Associate a NAT gateway with an Azure Firewall subnet - Azure PowerShell
 

articles/web-application-firewall/cdn/cdn-overview.md

@@ -57,8 +57,8 @@ You can choose one of the following actions when a request matches a rule's cond
 
 A WAF policy can consist of two types of security rules:
 
-- *custom rules*: rules you create yourself 
-- *managed rule sets*: Azure managed pre-configured set of rules
+- *custom rules*: rules that you can create yourself. 
+- *managed rule sets*: Azure managed pre-configured set of rules that you can enable.
 
 ### Custom rules
 

includes/active-directory-service-limits-include.md

@@ -26,3 +26,4 @@ Here are the usage constraints and other service limits for the Azure AD service
 | Administrative units | <ul><li>An Azure AD resource can be a member of no more than 30 administrative units.</li><li>An Azure AD organization can have a maximum of 5,000 dynamic groups and dynamic administrative units combined.</li></ul> |
 | Azure AD roles and permissions | <ul><li>A maximum of 100 [Azure AD custom roles](/azure/active-directory//users-groups-roles/roles-custom-overview?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context) can be created in an Azure AD organization.</li><li>A maximum of 150 Azure AD custom role assignments for a single principal at any scope.</li><li>A maximum of 100 Azure AD built-in role assignments for a single principal at non-tenant scope (such as an administrative unit or Azure AD object). There is no limit to Azure AD built-in role assignments at tenant scope. For more information, see [Assign Azure AD roles at different scopes](../articles/active-directory/roles/assign-roles-different-scopes.md).</li><li>A group can't be added as a [group owner](../articles/active-directory/fundamentals/users-default-permissions.md?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context#object-ownership).</li><li>A user's ability to read other users' tenant information can be restricted only by the Azure AD organization-wide switch to disable all non-admin users' access to all tenant information (not recommended). For more information, see [To restrict the default permissions for member users](../articles/active-directory/fundamentals/users-default-permissions.md?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context#restrict-member-users-default-permissions).</li><li>It might take up to 15 minutes or you might have to sign out and sign back in before admin role membership additions and revocations take effect.</li></ul> |
 |Conditional Access Policies|A maximum of 195 policies can be created in a single Azure AD organization (tenant).|
+|Terms of use|You can add no more than 40 terms to a single Azure AD organization (tenant).|