MicrosoftDocs
diff --git a/‎articles/api-management/api-management-gateways-overview.md‎
Lines changed: 2 additions & 2 deletions b/‎articles/api-management/api-management-gateways-overview.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/app-service/configure-linux-open-ssh-session.md‎
Lines changed: 35 additions & 21 deletions b/‎articles/app-service/configure-linux-open-ssh-session.md‎
Lines changed: 35 additions & 21 deletions
diff --git a/‎articles/app-service/media/configure-linux-open-ssh-session/app-service-ssh.png‎
35.3 KB b/‎articles/app-service/media/configure-linux-open-ssh-session/app-service-ssh.png‎
35.3 KB
diff --git a/‎articles/application-gateway/application-gateway-private-deployment.md‎
Lines changed: 3 additions & 0 deletions b/‎articles/application-gateway/application-gateway-private-deployment.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎articles/application-gateway/configuration-infrastructure.md‎
Lines changed: 1 addition & 1 deletion b/‎articles/application-gateway/configuration-infrastructure.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/azure-functions/durable/durable-functions-best-practice-reference.md‎
Lines changed: 8 additions & 6 deletions b/‎articles/azure-functions/durable/durable-functions-best-practice-reference.md‎
Lines changed: 8 additions & 6 deletions
@@ -85,7 +85,7 @@ The following tables compare features available in the following API Management
 | [Managed domain certificates](configure-custom-domain.md?tabs=managed#domain-certificate-options) |  ✔️ | ❌ | ✔️ | ❌ | ❌ |
 | [TLS settings](api-management-howto-manage-protocols-ciphers.md) |  ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
 | **HTTP/2** (Client-to-gateway) | ✔️<sup>4</sup> | ✔️<sup>4</sup> |❌ | ✔️ | ❌ |
-| **HTTP/2** (Gateway-to-backend) |  ❌ | ✔️<sup>5</sup> | ❌ | ✔️<sup>5</sup> | ❌ |
+| **HTTP/2** (Gateway-to-backend) |  ❌ | ❌ | ❌ | ✔️<sup>5</sup> | ❌ |
 | API threat detection with [Defender for APIs](protect-with-defender-for-apis.md) | ✔️ | ✔️ |  ❌ | ❌ | ❌ |
 
 <sup>1</sup> Depends on how the gateway is deployed, but is the responsibility of the customer.<br/>
@@ -126,7 +126,7 @@ Managed and self-hosted gateways support all available [policies](api-management
 | Feature support  | Classic  |  V2  | Consumption | Self-hosted<sup>1</sup>  | Workspace |
 | --- | --- | ----- | ----- | ---------- | ----- |
 | [Dapr integration](api-management-policies.md#integration-and-external-communication) |  ❌ | ❌ |❌ | ✔️ | ❌ |
-| [Service Bus integration](send-service-bus-message-policy.md) (preview) |  ✔️ | ❌ | ❌ | ❌ | ❌ |
+| [Service Bus integration](send-service-bus-message-policy.md) (preview) |  ✔️ | ✔️ | ✔️ | ❌ | ❌ |
 | [GraphQL resolvers](api-management-policies.md#graphql-resolvers) and [GraphQL validation](api-management-policies.md#content-validation)|  ✔️ | ✔️ |✔️ | ❌ | ❌ |
 | [Get authorization context](get-authorization-context-policy.md) |  ✔️ |  ✔️ |✔️ | ❌ | ❌ |
 | [Authenticate with managed identity](authentication-managed-identity-policy.md) |  ✔️ |  ✔️ |✔️ | ✔️ | ❌ |
 
@@ -1,12 +1,12 @@
 ---
 title: SSH Access for Linux and Windows Containers
-description: You can open an SSH session to a Linux or a Windows container in Azure App Service. Custom Linux containers are supported with some modifications to your custom image.  Custom Windows containers require no modifications to your custom image.
+description: Learn how to open an SSH session to a Linux or a Windows container in Azure App Service. Custom Linux containers are supported with some modifications to your custom image.
 keywords: azure app service, web app, linux, windows, oss
 author: msangapu-msft
 
 ms.assetid: 66f9988f-8ffa-414a-9137-3a9b15a5573c
 ms.topic: how-to
-ms.date: 01/28/2025
+ms.date: 02/12/2026
 ms.author: msangapu
 ms.custom: devx-track-azurecli, linux-related-content
 zone_pivot_groups: app-service-containers-windows-linux
@@ -21,21 +21,29 @@ ms.service: azure-app-service
 
 [Secure Shell (SSH)](https://wikipedia.org/wiki/Secure_Shell) can be used to execute administrative commands remotely to a container. App Service provides SSH support directly into an app hosted in a Windows custom container. 
 
-Windows custom containers don't require any special settings for the [browser SSH session](#open-ssh-session-in-browser) to work. SSH sessions through Azure CLI are not supported.
-
-![Linux App Service SSH](./media/configure-linux-open-ssh-session/app-service-linux-ssh.png)
+Windows custom containers don't require any special settings for the [browser SSH session](#open-ssh-session-in-browser) to work.
 
 ::: zone-end
 
 ::: zone pivot="container-linux"
 
 [Secure Shell (SSH)](https://wikipedia.org/wiki/Secure_Shell) can be used to execute administrative commands remotely to a container. App Service provides SSH support directly into an app hosted in a Linux container (built-in or custom). 
 
-The built-in Linux containers already have the necessary configuration to enable SSH sessions. Linux custom containers require additional configurations to enable SSH sessions. See [Enable SSH](configure-custom-container.md?pivots=container-linux#enable-ssh).
+The built-in Linux containers already have the necessary configuration to enable SSH sessions. Linux custom containers require additional configurations to enable SSH sessions. To learn more, see [Enable SSH](configure-custom-container.md?pivots=container-linux#enable-ssh).
+
+::: zone-end
+
+:::image type="content" source="./media/configure-linux-open-ssh-session/app-service-ssh.png" alt-text="Screenshot that shows the App Service SSH.":::
+
+::: zone pivot="container-windows"
+
+SSH sessions through the Azure CLI aren't supported for Windows App Service plans. Only Linux App Service plans are supported.
 
-![Linux App Service SSH](./media/configure-linux-open-ssh-session/app-service-linux-ssh.png)
+::: zone-end
+
+::: zone pivot="container-linux"
 
-You can also connect to the container directly from your local development machine using SSH and SFTP.
+You can also connect to the container directly from your local development machine by using SSH and SFTP.
 
 ::: zone-end
 
@@ -47,21 +55,21 @@ You can also connect to the container directly from your local development machi
 
 ## Open SSH session with Azure CLI
 
-Using TCP tunneling you can create a network connection between your development machine and Linux containers over an authenticated WebSocket connection. It enables you to open an SSH session with your container running in App Service from the client of your choice.
+By using TCP tunneling, you can create a network connection between your development machine and Linux containers over an authenticated WebSocket connection. You can then open an SSH session with your container running in App Service from the client of your choice.
 
-To get started, you need to install [Azure CLI](/cli/azure/install-azure-cli). To see how it works without installing Azure CLI, open [Azure Cloud Shell](../cloud-shell/overview.md).
+To get started, you need to install the [Azure CLI](/cli/azure/install-azure-cli). To see how it works without installing the Azure CLI, open [Azure Cloud Shell](../cloud-shell/overview.md).
 
-Open a remote connection to your app using the [az webapp create-remote-connection](/cli/azure/webapp#az-webapp-create-remote-connection) command. Specify _\<subscription-id>_, _\<group-name>_ and _\<app-name>_ for your app.
+Open a remote connection to your app by using the [az webapp create-remote-connection](/cli/azure/webapp#az-webapp-create-remote-connection) command. Specify _\<subscription-id>_, _\<resource-group-name>_, and _\<app-name>_ for your app.
 
 ```azurecli-interactive
 az webapp create-remote-connection --subscription <subscription-id> --resource-group <resource-group-name> -n <app-name> &
 ```
 
 > [!TIP]
-> `&` at the end of the command is just for convenience if you are using Cloud Shell. It runs the process in the background so that you can run the next command in the same shell.
+> `&` at the end of the command is just for convenience if you're using Cloud Shell. It runs the process in the background so that you can run the next command in the same shell.
 
 > [!NOTE]
-> If this command fails, make sure [remote debugging](https://medium.com/@auchenberg/introducing-remote-debugging-of-node-js-apps-on-azure-app-service-from-vs-code-in-public-preview-9b8d83a6e1f0) is *disabled* with the following command:
+> If this command fails, make sure [remote debugging](https://medium.com/@auchenberg/introducing-remote-debugging-of-node-js-apps-on-azure-app-service-from-vs-code-in-public-preview-9b8d83a6e1f0) is *disabled* by using the following command:
 >
 > ```azurecli-interactive
 > az webapp config set --resource-group <resource-group-name> -n <app-name> --remote-debugging-enabled=false
@@ -78,26 +86,26 @@ SSH is available { username: root, password: Docker! }
 Ctrl + C to close
 ```
 
-Open an SSH session with your container with the client of your choice, using the local port provided in the output (`<port-output>`). For example, with the linux [ssh](https://ss64.com/bash/ssh.html) command, you can run a single command like `java -version`:
+Open an SSH session with your container using the client of your choice, through the local port provided in the output (`<port-output>`). For example, with the Linux [ssh](https://ss64.com/bash/ssh.html) command, you can run a single command like `java -version`:
 
 ```bash
 ssh [email protected] -m hmac-sha1 -p <port-output> java -version
 ```
      
-Or, to enter a full SSH session, just run:
+Or, to enter a full SSH session, run:
 
 ```bash
 ssh [email protected] -m hmac-sha1 -p <port-output>
 ```
 
-When being prompted, type `yes` to continue connecting. You are then prompted for the password. Use `Docker!`, which was shown to you earlier.
+When prompted, type `yes` to continue connecting. You're then prompted for the password. Use `Docker!`, which was shown to you earlier.
 
 <pre>
 Warning: Permanently added '[127.0.0.1]:21382' (ECDSA) to the list of known hosts.
 [email protected]'s password:
 </pre>
 
-Once you're authenticated, you should see the session welcome screen.
+After you're authenticated, you should see the session welcome screen.
 
 <pre>
   _____
@@ -111,9 +119,15 @@ A P P   S E R V I C E   O N   L I N U X
 0e690efa93e2:~#
 </pre>
 
-You are now connected to your connector.  
+You're now connected to your connector.  
+
+Try running the [top](https://ss64.com/bash/top.html) command. 
+
+```bash
+top
+```
 
-Try running the [top](https://ss64.com/bash/top.html) command. You should be able to see your app's process in the process list. In the example output below, it's the one with `PID 263`.
+You should be able to see your app's process in the process list. In the example output, it's the one with `PID 263`.
 
 <pre>
 Mem: 1578756K used, 127032K free, 8744K shrd, 201592K buff, 341348K cached
@@ -143,8 +157,8 @@ Load average: 0.07 0.04 0.08 4/765 45738
 
 You can post questions and concerns on the [Azure forum](/answers/tags/436/azure-app-service).
 
-For more information on Web App for Containers, see:
+To learn more about App Service for containers, see:
 
 * [Introducing remote debugging of Node.js apps on Azure App Service from VS Code](https://medium.com/@auchenberg/introducing-remote-debugging-of-node-js-apps-on-azure-app-service-from-vs-code-in-public-preview-9b8d83a6e1f0)
 * [Quickstart: Run a custom container on App Service](quickstart-custom-container.md?pivots=container-linux)
-* [Azure App Service Web App for Containers FAQ](faq-app-service-linux.yml)
+* [Azure App Service on Linux FAQ](faq-app-service-linux.yml)
@@ -32,6 +32,9 @@ Application Gateway v2 can now address each of these items to further eliminate
 * Ability to override the default route to the Internet (0.0.0.0/0)
 * DNS resolution via defined resolvers on the virtual network [Learn more](../virtual-network/manage-virtual-network.yml#change-dns-servers), including private link private DNS zones.
 
+>[!Tip]
+> See [Application Gateway DNS resolution](application-gateway-dns-resolution.md) for detailed guidance on configuring DNS for Application Gateway.
+
 Each of these features can be configured independently. For example, a public IP address can be used to allow traffic inbound from the Internet and you can define a **_Deny All_** outbound rule in the network security group configuration to prevent data exfiltration.
 
 ## Onboard to the feature
 
@@ -84,7 +84,7 @@ Depending on whether you're creating new resources or using existing ones, add t
 
 | Resource | Resource status | Required Azure permissions |
 | --- | --- | --- |
-| Subnet | Create new | `Microsoft.Network/virtualNetworks/subnets/write' <br> 'Microsoft.Network/virtualNetworks/subnets/join/action` |
+| Subnet | Create new | `Microsoft.Network/virtualNetworks/subnets/write` <br> 'Microsoft.Network/virtualNetworks/subnets/join/action` |
 | Subnet | Use existing | `Microsoft.Network/virtualNetworks/subnets/read` <br> `Microsoft.Network/virtualNetworks/subnets/join/action` |
 | IP addresses | Create new | `Microsoft.Network/publicIPAddresses/write` <br> `Microsoft.Network/publicIPAddresses/join/action` |
 | IP addresses | Use existing | `Microsoft.Network/publicIPAddresses/read` <br> `Microsoft.Network/publicIPAddresses/join/action` |
 
@@ -15,7 +15,7 @@ This article details some best practices when using Durable Functions. It also d
 
 ### Use the latest version of the Durable Functions extension and SDK
 
-There are two components that a function app uses to execute Durable Functions. One is the *Durable Functions SDK* that allows you to write orchestrator, activity, and entity functions using your target programming language. The other is the *Durable extension*, which is the runtime component that actually executes the code. With the exception of .NET in-process apps, the SDK and the extension are versioned independently.
+There are two components that a function app uses to execute Durable Functions. One is the *Durable Functions SDK* that allows you to write orchestrator, activity, and entity functions using your target programming language. The other is the *Durable extension*, which is the runtime component that actually executes the code. Except for .NET in-process apps, the SDK and the extension are versioned independently.
 
 Staying up to date with the latest extension and SDK ensures your application benefits from the latest performance improvements, features, and bug fixes. Upgrading to the latest versions also ensures that Microsoft can collect the latest diagnostic telemetry to help accelerate the investigation process when you open a support case with Azure.
 
@@ -31,17 +31,17 @@ The [replay](durable-functions-orchestrations.md#reliability) behavior of orches
 
 ### Familiarize yourself with your programming language's Azure Functions performance settings
 
-_Using default settings_, the language runtime you select may impose strict concurrency restrictions on your functions. For example: only allowing 1 function to execute at a time on a given VM. These restrictions can usually be relaxed by _fine tuning_ the concurrency and performance settings of your language. If you're looking to optimize the performance of your Durable Functions application, you will need to familiarize yourself with these settings.
+_Using default settings_, the language runtime you select may impose strict concurrency restrictions on your functions. For example: only allowing one function to execute at a time on a given VM. These restrictions can usually be relaxed by _fine tuning_ the concurrency and performance settings of your language. If you're looking to optimize the performance of your Durable Functions application, you need to familiarize yourself with these settings.
 
-Below is a non-exhaustive list of some of the languages that often benefit from fine tuning their performance and concurrency settings, and their guidelines for doing so.
+Below is a nonexhaustive list of some of the languages that often benefit from fine tuning their performance and concurrency settings, and their guidelines for doing so.
 
 * [JavaScript](../functions-reference-node.md#scaling-and-concurrency)
 * [PowerShell](../functions-reference-powershell.md#concurrency)
 * [Python](../python-scale-performance-reference.md)
 
 ### Guarantee unique Task Hub names per app
 
-Multiple Durable Function apps can share the same storage account. By default, the name of the app is used as the task hub name, which ensures that accidental sharing of task hubs won't happen. If you need to explicitly configure task hub names for your apps in host.json, you must ensure that the names are [*unique*](durable-functions-task-hubs.md#multiple-function-apps). Otherwise, the multiple apps will compete for messages, which could result in undefined behavior, including orchestrations getting unexpectedly "stuck" in the Pending or Running state. 
+Multiple Durable Function apps can share the same storage account. By default, the name of the app is used as the task hub name, which ensures that accidental sharing of task hubs won't happen. If you need to explicitly configure task hub names for your apps in host.json, you must ensure that the names are [*unique*](durable-functions-task-hubs.md#multiple-function-apps). Otherwise, the multiple apps compete for messages, which could result in undefined behavior, including orchestrations getting unexpectedly "stuck" in the Pending or Running state. 
 
 The only exception is if you deploy *copies* of the same app in [multiple regions](durable-functions-disaster-recovery-geo-distribution.md); in this case, you can use the same task hub for the copies. 
 
@@ -55,13 +55,15 @@ You can run into memory issues if you provide large inputs and outputs to and fr
 
 Inputs and outputs to Durable Functions APIs are serialized into the orchestration history. This means that large inputs and outputs can, over time, greatly contribute to an orchestrator history growing unbounded, which risks causing memory exceptions during [replay](durable-functions-orchestrations.md#reliability).
 
+Activity functions returning complex API responses (such as Microsoft Graph result sets) can cause extreme memory usage during serialization. Selecting only required fields and returning a simple DTO avoids this issue.
+
 To mitigate the impact of large inputs and outputs to APIs, you may choose to delegate some work to sub-orchestrators. This helps load balance the history memory burden from a single orchestrator to multiple ones, therefore keeping the memory footprint of individual histories small.
 
 That said the best practice for dealing with _large_ data is to keep it in external storage and to only materialize that data inside Activities, when needed. When taking this approach, instead of communicating the data itself as inputs and/or outputs of Durable Functions APIs, you can pass in some lightweight identifier that allows you to retrieve that data from external storage when needed in your Activities.
 
 ### Keep Entity data small
 
-Just like for inputs and outputs to Durable Functions APIs, if an entity's explicit state is too large, you may run into memory issues. In particular, an Entity state needs to be serialized and de-serialized from storage on any request, so large states add serialization latency to each invocation. Therefore, if an Entity needs to track large data, it's recommended to offload the data to external storage and track some lightweight identifier in the entity that allows you to materialize the data from storage when needed.
+Just like for inputs and outputs to Durable Functions APIs, if an entity's explicit state is too large, you may run into memory issues. In particular, an Entity state needs to be serialized and deserialized from storage on any request, so large states add serialization latency to each invocation. Therefore, if an Entity needs to track large data, it's recommended to offload the data to external storage and track some lightweight identifier in the entity that allows you to materialize the data from storage when needed.
 
 
 ### Fine tune your Durable Functions concurrency settings
@@ -110,7 +112,7 @@ Starting in v2.3.0 of the Durable extension, logs emitted by the underlying Dura
 Azure Function App Diagnostics is a useful resource on Azure portal for monitoring and diagnosing potential issues in your application. It also provides suggestions to help resolve problems based on the diagnosis. See [Azure Function App Diagnostics](function-app-diagnostics.md). 
 
 #### Durable Functions Orchestration traces
-Azure portal provides orchestration trace details to help you understand the status of each orchestration instance and trace the end-to-end execution. When you look at the list of functions inside your Azure Functions app, you'll see a **Monitor** column that contains links to the traces. You need to have Applications Insights enabled for your app to get this information. 
+Azure portal provides orchestration trace details to help you understand the status of each orchestration instance and trace the end-to-end execution. When you look at the list of functions inside your Azure Functions app, you see a **Monitor** column that contains links to the traces. You need to have Applications Insights enabled for your app to get this information. 
 
 ### Durable Functions Monitor Extension