Merge pull request #312710 from MicrosoftDocs/main

Auto Publish – main to live - 2026-03-06 12:00 UTC

Author: learn-build-service-prod[bot]

articles/app-service/environment/index.yml

@@ -1,15 +1,15 @@
 ### YamlMime:Landing
 
 title: App Service Environment documentation
-summary: Azure App Service Environments enables you to host web apps in a fully isolated and dedicated environment for securely running App Service apps at high scale.
+summary: Azure App Service Environments enable you to host web apps in a fully isolated and dedicated environment for securely running App Service apps at high scale.
 
 metadata:
   title: Azure App Service Environment documentation
   description: Host fully isolated websites in a secure and scalable environment. Find quickstarts, tutorials, and read about concepts to help you succeed with App Service Environment.
   ms.topic: landing-page
   ms.author: mijacobs
   ms.service: azure-app-service
-  ms.date: 11/15/2021
+  ms.date: 02/05/2026
 
 landingContent:
   - title: About App Service Environment

articles/firewall/firewall-faq.yml

@@ -112,6 +112,32 @@ sections:
         answer: |
           No, Azure Firewall doesn't natively support BGP peering. However, the [Autolearn SNAT routes feature](../firewall/snat-private-range.md#auto-learn-snat-routes-preview) indirectly uses BGP through Azure Route Server.
 
+
+
+      - question: Can Azure Firewall pass ESP packets (IPSec VPN)?
+        answer: |
+          Azure Firewall does not natively support ESP (Encapsulating Security Payload), but you can allow ESP traffic by configuring a network rule as follows:
+
+          **Azure Firewall configuration (Network Rule):**
+          - Protocol: Any
+          - Source port: * (Any)
+          - Destination port: * (Any)
+          - Source/Destination: Specify IP addresses as needed
+
+          This configuration allows ESP packets (IP protocol number 50) and other non-TCP/UDP traffic to match the rule. However, note that Azure Firewall does not inspect ESP payloads.
+
+          **Reference : If using NSG (Network Security Group) instead of Azure Firewall:**
+          NSG does not provide a direct option to specify ESP (IP protocol number 50), but ESP packets can be allowed by using the following settings:
+          - Protocol: Any
+          - Port: * (Any)
+          - Source/Destination: Specify IP addresses as needed
+
+          **Recommendations:**
+          - For IPsec VPN configurations, using Azure VPN Gateway is recommended.
+          - Consider using an NVA (Network Virtual Appliance) pattern depending on your requirements.
+
+
+
   - name: Management and configuration
     questions: 
       - question: How can I stop and start Azure Firewall?
@@ -268,7 +294,7 @@ sections:
 
       - question: Is forced tunneling/chaining to a Network Virtual Appliance supported?
         answer: |
-          Forced tunneling is supported when you create a new firewall. You can't configure an existing firewall for forced tunneling. For more information, see [Azure Firewall forced tunneling](forced-tunneling.md).
+          Forced tunneling is supported when creating a new firewall, and it is also supported for existing firewalls by adding a management NIC for forced tunneling. For more details about new deployments, see [Azure Firewall forced tunneling](forced-tunneling.md). For existing firewalls, see [Azure Firewall Management NIC](management-nic.md).
 
           Azure Firewall must have direct Internet connectivity. If your AzureFirewallSubnet learns a default route to your on-premises network via BGP, you must override this with a 0.0.0.0/0 UDR with the **NextHopType** value set as **Internet** to maintain direct Internet connectivity.
 

articles/iot-edge/tutorial-deploy-custom-vision.md

@@ -4,7 +4,7 @@ description: Build and deploy an image classifier with Azure IoT Edge and Custom
 services: iot-edge
 author: sethmanheim
 ms.author: sethm
-ms.date: 05/06/2025
+ms.date: 03/05/2026
 ms.topic: tutorial
 
 ms.service: azure-iot-edge
@@ -635,4 +635,4 @@ In this tutorial, you trained a Custom Vision model and deployed it as a module
 Continue to the next tutorials to learn about other ways that Azure IoT Edge can help you turn data into business insights at the edge.
 
 > [!div class="nextstepaction"]
-> [Store data at the edge with SQL Server databases](tutorial-store-data-sql-server.md)
+> [Develop Azure IoT Edge modules using Visual Studio Code](tutorial-develop-for-linux.md)

articles/iot-edge/tutorial-deploy-stream-analytics.md

@@ -3,7 +3,7 @@ title: Deploy Azure Stream Analytics as an Azure IoT Edge Module
 description: Deploy Azure Stream Analytics to IoT Edge devices to process data locally, reduce cloud traffic, and react to insights faster. Learn how in this step-by-step guide.
 author: sethmanheim
 ms.author: sethm
-ms.date: 02/25/2026
+ms.date: 03/05/2026
 ms.topic: tutorial
 ms.service: azure-iot-edge
 ms.custom:
@@ -276,7 +276,7 @@ Otherwise, delete the local configurations and Azure resources you used in this
 
 ## Next steps
 
-In this tutorial, you set up an Azure Stream Analytics job to analyze data from your IoT Edge device. You loaded the Azure Stream Analytics module on your IoT Edge device to process and react to temperature increases locally, and sent the aggregated data stream to the cloud. To learn how Azure IoT Edge can help you build more solutions, try next tutorial.
+In this tutorial, you set up an Azure Stream Analytics job to analyze data from your IoT Edge device. You loaded the Azure Stream Analytics module on your IoT Edge device to process and react to temperature increases locally, and sent the aggregated data stream to the cloud. To learn how Azure IoT Edge can help you build more solutions, continue to the next tutorial.
 
 > [!div class="nextstepaction"]
-> [Deploy an Azure Machine Learning model as a module](tutorial-deploy-machine-learning.md)
+> [Develop Azure IoT Edge modules using Visual Studio Code](tutorial-develop-for-linux.md)

articles/migration/migrate-compute-from-aws.md

@@ -1,8 +1,8 @@
 ---
 title: Migrate Compute from Amazon Web Services to Azure
 description: Learn how to migrate AWS compute services to Azure, including maintaining feature parity and exploring scenarios like VMs, web apps, and serverless functions.
-author: robbyatmicrosoft
-ms.author: robbymillsap
+author: reginahack
+ms.author: rhackenberg
 ms.date: 03/25/2025
 ms.topic: concept-article
 ms.service: azure
@@ -33,7 +33,8 @@ Use the following scenarios as examples for your migration process:
 |----------|--------------|-------------|
 | [Migrate AWS event-driven workloads to Azure](/azure/aks/eks-edw-overview) | Amazon Elastic Kubernetes Service (EKS) to Azure Kubernetes Service (AKS) | This scenario involves migrating an EKS event-driven workload that includes Kubernetes Event-Driven Autoscaling (KEDA) and Karpenter to AKS. |
 | [Migrate EKS web application workloads to AKS](/azure/aks/eks-web-overview) | Amazon EKS to AKS | This scenario involves migrating an EKS web application to AKS. |
-| [Migrate Amazon EC2 instances to Azure](/azure/migrate/tutorial-migrate-aws-virtual-machines) | Amazon EC2 instances to Azure VMs | This scenario involves migrating AWS EC2 instances to Azure VMs. |
+| [Migrate Amazon EC2 instances to Azure](/azure/virtual-machines/migration/migrate-from-elastic-compute-cloud-architecture) | Amazon EC2 instances to Azure VMs | This scenario involves migrating AWS EC2 instances to Azure VMs. |
+| [Migrate Amazon EC2 instances to Azure using Azure Migrate](/azure/migrate/tutorial-migrate-aws-virtual-machines) | Amazon EC2 instances to Azure VMs using Azure Migrate | This scenario involves migrating AWS EC2 instances to Azure VMs using Azure Migrate. |
 | [Migrate AWS Lambda to Azure Functions](/azure/azure-functions/migration/lambda-functions-migration-overview) | AWS Lambda to Azure Functions | This scenario involves migrating serverless applications from AWS Lambda to Azure Functions. |
 
 Consider the following articles when you migrate compute services. The platform-agnostic, generic scenarios in these articles can help you deploy services on Azure.

articles/security/develop/index.yml

@@ -10,7 +10,7 @@ metadata:
   ms.topic: landing-page
   author: msmbaldwin
   ms.author: mbaldwin
-  ms.date: 10/20/2024
+  ms.date: 02/05/2026
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | whats-new
 

articles/site-recovery/azure-to-azure-common-questions.md

@@ -228,7 +228,7 @@ Because of extra content, app-consistent snapshots are the most involved, and ta
 
 #### Do app-consistent recovery points impact performance?
 
- Because app-consistent recovery points capture all data in memory and process, if they capture frequently, it can affect performance when the workload is already busy. We don't recommend that you capture too often for nondatabase workloads. Even for database workloads, one hour should be enough.
+Because app-consistent recovery points capture all data in memory and process, if they capture frequently, it can affect performance when the workload is already busy. We don't recommend that you capture too often for nondatabase workloads. Depending on your workload and its RPO requirements, you can evaluate whether to capture app-consistent points and their frequency.
 
 #### What's the minimum frequency for generating app-consistent recovery points?
 

articles/vpn-gateway/whats-new.md

@@ -1,4 +1,4 @@
----
+---
 title: What's new in Azure VPN Gateway?
 description: Learn what's new with Azure VPN Gateway such as the latest release notes, known issues, bug fixes, deprecated functionality, and upcoming changes.
 author: cherylmc

includes/expressroute-gateway-performance-include.md

@@ -25,7 +25,15 @@ This table applies to both the Azure Resource Manager and classic deployment mod
 | **ErGwScale (per scale unit 1-10)** | 1,000 per scale unit | 100,000 per scale unit | 2,000 per scale unit | 100,000 per scale unit | 9,500 total per gateway
 | **ErGwScale (per scale unit 11-40)** | 1,000 per scale unit | 200,000 per scale unit | 1,000 per scale unit | 100,000 per scale unit | 9,500 total per gateway
 
-<sup>1</sup> The values in the table are estimates and vary depending on the CPU utilization of the gateway. If the CPU utilization is high and the number of supported VMs is exceeded, the gateway will start to drop packets.
+<sup>1</sup> "Supported number of VMs in the virtual network" refers to the count of resources that communicate through the gateway. This includes:
+
+- Virtual Machines in the hub virtual network
+- Virtual Machines in peered spoke virtual networks (Hub-Spoke topology)
+- Private Endpoints
+- Network Virtual Appliances (such as Application Gateway, Azure Firewall)
+- Backend instances of PaaS services deployed in virtual networks (such as SQL Managed Instance, App Service Environment, Azure API Management in VNet mode)
+
+The values in the table are estimates and vary depending on the CPU utilization of the gateway. If the CPU utilization is high and the number of supported VMs is exceeded, the gateway will start to drop packets.
 > [!NOTE]
 > ExpressRoute can facilitate up to 11,000 routes that span virtual network address spaces, on-premises networks, and any relevant virtual network peering connections. To ensure stability of your ExpressRoute connection, refrain from advertising more than 11,000 routes to ExpressRoute. The maximum number of routes advertised by gateway is 1,000 routes.
 

includes/vpn-gateway-table-gwtype-aggtput-include.md

@@ -24,3 +24,10 @@
 |**Generation2**|**VpnGw3AZ**| Max. 30   | Max. 128  | Max. 1000      | 2.5 Gbps  | Supported | Yes | 3300 |
 |**Generation2**|**VpnGw4AZ**| Max. 100*   | Max. 128  | Max. 5000      | 5 Gbps    | Supported | Yes | 4400 |
 |**Generation2**|**VpnGw5AZ**| Max. 100*   | Max. 128  | Max. 10000      | 10 Gbps   | Supported | Yes | 9000 |
+
+> [!NOTE]
+> "Supported Number of VMs in the Virtual Network" refers to the count of resources that communicate through the gateway. This includes:
+> - Virtual Machines in the hub and peered spoke virtual networks
+> - Private Endpoints
+> - Network Virtual Appliances (such as Application Gateway, Azure Firewall)
+> - Backend instances of PaaS services deployed in virtual networks (such as SQL Managed Instance, App Service Environment)