Merge pull request #311996 from MicrosoftDocs/main

Auto Publish – main to live - 2026-02-19 12:00 UTC

Author: learn-build-service-prod[bot]

articles/azure-netapp-files/configure-cache-volumes.md

@@ -63,7 +63,10 @@ If you're enabling write-back on the external origin volume:
 
 ### Interoperability considerations 
 
-You can't use cache volumes if the following features are configured on the source or destination: 
+You can't use cache volumes if the following features are configured on the origin or cache: 
+
+>[!NOTE]
+> File Access Logs (FAL) for cache volumes isn't currently supported. Although diagnostic settings might be available for cache volumes, enabling diagnostic settings on a cache volume to configure File Access Logs has no effect.
 
 #### Unsupported features
 

articles/energy-data-services/release-notes.md

@@ -23,6 +23,18 @@ This page is updated with the details about the upcoming release approximately a
 
 <hr width = 100%>
 
+## February 2026
+### OSDU&reg; Reservoir DMS - Generally Available
+OSDU&reg; Reservoir DMS is now generally available on Azure Data Manager for Energy.
+Reservoir DMS provides:
+- Standardized storage and management of reservoir engineering data—including models, grids, and simulation outputs—using OSDU-compliant schemas.
+- Consistent data quality, versioning, and traceability across workflows.
+- Seamless integration with simulation and analytics tools to support faster, more reliable reservoir decisions.
+Reservoir DMS is enabled on all partitions of existing and new Azure Data Manager for Energy instances. The feature is available in all regions where Azure Data Manager for Energy is offered, except Indonesia Central.
+
+### Well Delivery DMS - Deprecation Notice
+OSDU Well Delivery DMS will be deprecated on Azure Data Manager for Energy with the release in the month of March. This follows the decision to deprecate the DMS in OSDU with the M26 milestone release.
+ 
 ## January 2026
 ### External Data Service - Managed identity workflows
 Azure Data Manager for Energy now supports using managed identities for authentication in External Data Services (EDS) workflows. This enhancement allows you to securely connect to OSDU&reg; compliant external data sources without the need for hardcoding credentials, improving security and simplifying management of authentication in your data integration processes. You can use either system-assigned or user-assigned managed identities to authenticate EDS workflows with supported external data sources. For more information, see [How to enable External Data Services (EDS) Preview?](how-to-enable-external-data-services.md)

articles/iot-edge/deploy-confidential-applications.md

@@ -50,7 +50,7 @@ For more information, see [Getting started with Open Enclave for the Scalys Trus
 
 ## Develop and deploy
 
-When you're ready to develop and deploy your confidential application, the [Microsoft Open Enclave](https://marketplace.visualstudio.com/items?itemName=ms-iot.msiot-vscode-openenclave) extension for Visual Studio Code can help. You can use either Linux or Windows as your development machine to develop modules for the TrustBox.
+When you're ready to develop and deploy your confidential application, the [Open Enclave SDK](https://github.com/openenclave/openenclave) can help. You can use either Linux or Windows as your development machine to develop modules for the TrustBox.
 
 ## Next steps
 

articles/iot-edge/how-to-configure-proxy-support.md

@@ -231,34 +231,6 @@ This step takes place once on the IoT Edge device during initial device setup.
     https_proxy = "<proxy URL>"
     ```
 
-3. Add the **https_proxy** parameter to the environment variables section, and set your proxy URL as its value.
-
-    ```toml
-    [agent]
-    name = "edgeAgent"
-    type = "docker"
-    
-    [agent.config]
-    image = "mcr.microsoft.com/azureiotedge-agent:1.5"
-    
-    [agent.env]
-    # RuntimeLogLevel = "debug"
-    # UpstreamProtocol = "AmqpWs"
-    https_proxy = "<proxy URL>"
-    ```
-
-4. The IoT Edge runtime uses AMQP by default to talk to IoT Hub. Some proxy servers block AMQP ports. If that's the case, then you also need to configure edgeAgent to use AMQP over WebSocket. Uncomment the `UpstreamProtocol` parameter.
-
-    ```toml
-    [agent.config]
-    image = "mcr.microsoft.com/azureiotedge-agent:1.5"
-    
-    [agent.env]
-    # RuntimeLogLevel = "debug"
-    UpstreamProtocol = "AmqpWs"
-    https_proxy = "<proxy URL>"
-    ```
-
 5. Save the changes and close the editor. Apply the changes.
 
    ```bash
@@ -328,7 +300,7 @@ With the environment variables included, the module definition looks like the fo
 }
 ```
 
-If you included the **UpstreamProtocol** environment variable in the config.yaml file on your IoT Edge device, add that to the IoT Edge agent module definition too.
+If you included the **UpstreamProtocol** environment variable in the config.toml file on your IoT Edge device, add that to the IoT Edge agent module definition too.
 
 ```json
 "env": {

articles/iot-edge/how-to-create-transparent-gateway.md

@@ -88,7 +88,6 @@ If you don't have your own certificate authority and want to use demo certificat
 
 1. Check the certificate meets [format requirements](how-to-manage-device-certificates.md#format-requirements).
 1. If you created the certificates on a different machine, copy them to your IoT Edge device. Use a USB drive, a service like [Azure Key Vault](/azure/key-vault/general/overview), or a command like [Secure file copy](https://www.ssh.com/ssh/scp/).
-1. Move the files to the preferred directory for certificates and keys: `/var/aziot/certs` for certificates and `/var/aziot/secrets` for keys.
 1. Create the certificates and keys directories and set permissions. Store your certificates and keys in the preferred `/var/aziot` directory: `/var/aziot/certs` for certificates and `/var/aziot/secrets` for keys.
 
    ```bash
@@ -101,6 +100,7 @@ If you don't have your own certificate authority and want to use demo certificat
    sudo chown aziotks:aziotks /var/aziot/secrets
    sudo chmod 700 /var/aziot/secrets
    ```
+1. Move the files to the preferred directory for certificates and keys: `/var/aziot/certs` for certificates and `/var/aziot/secrets` for keys.
 1. Change the ownership and permissions for the certificates and keys.
 
    ```bash
@@ -112,7 +112,7 @@ If you don't have your own certificate authority and want to use demo certificat
    # Give aziotks ownership to private keys
    # Read and write for aziotks, no permission for others
    sudo chown -R aziotks:aziotks /var/aziot/secrets
-    sudo find /var/aziot/secrets -type f -name "*.*" -exec chmod 600 {} \;
+   sudo find /var/aziot/secrets -type f -name "*.*" -exec chmod 600 {} \;
    ```
 
 # [IoT Edge for Linux on Windows](#tab/eflow)

articles/iot-operations/develop-edge-apps/howto-build-akri-connectors-vscode.md

@@ -85,6 +85,9 @@ Next, build the project to confirm there are no errors. Use the VS Code command
 
 In this example, you create an HTTP/REST connector using the Rust language, build a Docker image, and then run the connector application by using the VS Code extension:
 
+> [!IMPORTANT]
+> The following example code is meant for illustrative purposes only and is not intended to be used in production. In a production connector, you should implement robust error handling and retry logic, and ensure that any credentials used to connect to the asset are stored and used securely. A production quality connector must implement the contract described in the [Akri operator and connector contract](https://github.com/Azure/iot-operations-sdks/blob/main/doc/akri_connector/Akri%20operator%20and%20connector%20contract.md) document in the SDKs repository.
+
 1. Press `Ctrl+Shift+P` to open the command palette and search for the **Azure IoT Operations Akri Connectors: Create a New Akri Connector** command. Create a new folder called `my-connectors` and select it, select **Rust** as the language, and enter a name for the connector like `rest_connector`.
 
 1. The extension creates a new workspace named by using the connector name you chose in the previous step. The workspace includes the scaffolding for a connector written in the Rust language. There are `Implement` tags in the comments to help you write your own custom Akri connector. For testing purposes, you can try out the connector with just the scaffolding code. To see logs from your connector crate, replace the tag `sample_connector_scaffolding` with your connector name in the `DEFAULT_LOG_LEVEL` variable in the `main.rs` file.

articles/iot-operations/develop-edge-apps/overview-akri-connectors.md

@@ -21,6 +21,7 @@ For more information about Akri services and how they relate to Azure IoT Operat
 Understanding these core concepts is essential for developing custom Akri connectors:
 
 - **Akri connector**: A custom software component that acts as a protocol adapter, enabling Azure IoT Operations to discover, connect to, and communicate with physical devices. The connector translates between device-specific protocols and the standardized Azure IoT Operations data model.
+- **Akri operator and connector contract**: A defined interface and set of requirements that connectors must implement to ensure compatibility with Akri services and Azure IoT Operations. This contract specifies how connectors should handle configuration, device discovery, data exchange, and communication with other platform components. TO learn more, see the [Akri operator and connector contract](https://github.com/Azure/iot-operations-sdks/blob/main/doc/akri_connector/Akri%20operator%20and%20connector%20contract.md)
 - **Connector metadata**: A JSON file that describes the connector's configuration options, capabilities, and UI schemas. The metadata defines how the connector appears and behaves when you:
     - Create connector template instances in the Azure portal.
     - Configure devices and assets in the operations experience UI.
@@ -43,6 +44,7 @@ The development and deployment of Akri connectors follows a structured workflow
 - **Build the connector**: Use the Azure IoT Operations SDK, templates, or VS Code extension to develop connector logic that implements:
     - Connectivity to a physical device.
     - Authentication to a physical device.
+    - Configuration management based on the connector contract.
     - Data exchange with the physical device.
     - Optionally, device and asset discovery.
     - Delivery of the data to a destination in the cluster.
@@ -97,3 +99,4 @@ Akri connectors integrate seamlessly with the broader Azure IoT Operations envir
 - [What are Akri services?](../discover-manage-assets/overview-akri.md)
 - [Build and deploy Akri connectors](howto-develop-akri-connectors.md)
 - [Build Akri connectors with the VS Code extension](howto-build-akri-connectors-vscode.md)
+- [Akri operator and connector contract](https://github.com/Azure/iot-operations-sdks/blob/main/doc/akri_connector/Akri%20operator%20and%20connector%20contract.md)

articles/iot-operations/troubleshoot/known-issues.md

@@ -93,6 +93,22 @@ If you create a `RegistryEndpoint` resource using bicep and reference it in the
 
 Workaround: Don't use `RegistryEndpoint` resources with Akri connectors. Instead, specify the registry information in the `ContainerRegistry` settings in the `ConnectorTemplate` resource.
 
+### Akri error when updating or deleting an Azure IoT Operations instance
+
+---
+
+Issue ID: 9347
+
+---
+
+Fixed in version 1.2.154 (2512) and later
+
+---
+
+Users may encounter an error regarding expired webhook certificates with Akri when deleting/upgrading instances of Azure IoT Operations or performing CRUD operations on Akri resources such as *Connector* and *ConnectorTemplates* instances. 
+
+Workaround: run `kubectl delete pod -n azure-iot-operations aio-akri-webhook-0 --ignore-not-found` to delete and restart the webhook pods to enable the pod to pick up the new certificate.
+
 ## Connector for OPC UA issues
 
 This section lists current known issues for the connector for OPC UA.

articles/migrate/discovered-metadata.md

@@ -298,8 +298,12 @@ Published date | `apt-get -s dist-upgrade, yum -q check-update, zypper list-upda
 
 > [!NOTE]
 > If your Red Hat Enterprise Linux (RHEL) servers use `yum` and aren't patched regularly, pending updates data can consume storage in the cache under `var\tmp\yum\-<username>`. To manage disk space, it is recommended to clear the cache regularly.
->
-> To disable discovery of pending updates, visit 'HKLM:\SOFTWARE\Microsoft\AzureAppliance' and set the registry of type 'REG_DWORD EnablePendingUpdatesDiscovery' to 0. You must restart the appliance after setting the registry to ensure changes are reflected. To re-enable discovery of pending updates, set the registry 'EnablePendingUpdatesDiscovery' to 1.
+> [!NOTE]
+> To disable discovery of pending updates:
+> 1. Go to `HKLM:\SOFTWARE\Microsoft\AzureAppliance`.
+> 1. Set the `EnablePendingUpdatesDiscovery` registry value (type `REG_DWORD`) to `0`.
+> 1. Restart the appliance for the change to take effect. </be></br>
+> To re-enable discovery of pending updates, set the `EnablePendingUpdatesDiscovery` registry value to `1` and restart the appliance.
 
 ## SQL Server instance and database data
 

articles/sentinel/aws-disruption.md

@@ -10,11 +10,11 @@ ms.topic: how-to
 
 # Enable attack disruption actions on AWS with Microsoft Sentinel (preview)
 
-This article describes how to configure your AWS environment so that Microsoft Sentinel can take automated actions on a user that assumes a SAML role, or on an AWS IAM account when an alert is triggered. Attack disruption uses high-confidence signals to contain compromised assets and limit the impact of attacks, including actions on identities in AWS.
+This article describes how to configure your AWS environment so that Microsoft Sentinel can take automated actions on a user that assumes a SAML role, or on an AWS IAM account when an alert is triggered. Attack disruption uses high-confidence signals to contain compromised assets and limit the damage from attacks, including actions on identities in AWS.
 
 ## Prerequisites
 
-Before you begin, ensure the following:
+Before you begin, you need the following prerequisites in place:
 
 - You have an active AWS account with administrative privileges.
 - Your Microsoft Sentinel analytic workspace is connected to the unified security operations portal.
@@ -27,13 +27,11 @@ Before you begin, ensure the following:
 
 ### 1.1 Create a dedicated IAM role for Microsoft Sentinel
 
-1. In the AWS console, go to **IAM \> Roles**.
+1. [Create a new IAM role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html) in the AWS Management Console.
 
-1. Select **Create role**.
+- Select **AWS service** as the trusted entity and choose **EC2** (you'll update the trust relationship [next](#12-configure-trust-relationship)).
 
-1. Select **AWS service** as the trusted entity and choose **EC2** (you'll update the trust relationship later).
-
-1. Attach the following policy to the role (replace \<YOUR_ACCOUNT_ID\> as needed):
+- Attach the following policy to the role (replace \<YOUR_ACCOUNT_ID\> as needed):
 
     ```json
     {
@@ -50,7 +48,6 @@ Before you begin, ensure the following:
             "iam:RemoveUserFromGroup",
             "iam:ResetServiceSpecificCredential",
             "iam:ResyncMFADevice",
-            "iam:RevokeSession",
             "iam:DeleteUserPermissionsBoundary",
             "iam:DeleteUserPolicy",
             "iam:DetachUserPolicy"
@@ -61,15 +58,11 @@ Before you begin, ensure the following:
     }
     ```
 
-1. Name the role (for example, SentinelAttackDisruptionRole) and create it.
-
 ### 1.2 Configure trust relationship
 
-1. In the IAM role you created, go to the **Trust relationships** tab.
-
-1. Select **Edit trust relationship**.
+Create a [custom trust policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-custom.html#roles-creatingrole-custom-trust-policy-console) for the IAM role.
 
-1. Replace the trust policy with the following, specifying the Microsoft Sentinel integration principal (replace `<YOUR_AZURE_SUBSCRIPTION_ID>` with your actual Azure subscription ID):
+Use the following trust policy, specifying the Microsoft Sentinel integration principal (replace `<YOUR_AZURE_SUBSCRIPTION_ID>` with your actual Azure subscription ID):
 
 ```json
 {