Merge pull request #311473 from TimShererWithAquent/us543933-08

JamesJBarnett · web-flow · commit 1633dc92c198 · 2026-02-06T10:48:15.000-07:00
Freshness Edit: Azure API Management: Support policies for self-hosted gateway
diff --git a/articles/api-management/self-hosted-gateway-support-policies.md b/articles/api-management/self-hosted-gateway-support-policies.md
@@ -5,76 +5,92 @@ author: dlepow
 ms.service: azure-api-management
 ms.topic: concept-article
 ms.author: danlep
-ms.date: 09/25/2024
+ms.date: 02/06/2026
+#customer intent: As a developer responsible for an API using Azure API Management, I need to understand how to support this technology on a self-hosted gateway.
 ---
 
 # Support policies for self-hosted gateway
 
 [!INCLUDE [api-management-availability-premium-dev](../../includes/api-management-availability-premium-dev.md)]
 
-The Azure API Management service, in the Developer and Premium tiers, allows the deployment of the API Management gateway as a container running in on-premises infrastructure, other clouds, and Azure infrastructure options that support containers. This article provides details about technical support policies and limitations for the API Management [self-hosted gateway](self-hosted-gateway-overview.md).  
+The Azure API Management service, in the Developer and Premium tiers, allows the deployment of the API Management gateway as a *self-hosted gateway*. A self-hosted gateway runs on a container in on-premises infrastructure, other clouds, and Azure infrastructure options that support containers.
+
+This article provides details about technical support policies and limitations for the API Management [self-hosted gateway](self-hosted-gateway-overview.md).  
 
 ## Differences between managed gateway and self-hosted gateway
 
-When deploying an instance of the API Management service, you'll always get a managed API gateway as part of the service. This gateway runs in infrastructure managed by Azure, and the software is also managed, updated, and managed by Azure.
+When you deploy an instance of the API Management service, you always get a managed API gateway as part of the service. This gateway runs in infrastructure managed by Azure. Azure manages and updates the software.
 
 In supported service tiers, the self-hosted gateway is an optional deployment option.
 
-While the managed and self-hosted gateways share many common features, there are also [several differences](api-management-gateways-overview.md#feature-comparison-managed-versus-self-hosted-gateways).
+Managed and self-hosted gateways share common features. For more information, see [Feature comparison](api-management-gateways-overview.md#feature-comparison-managed-versus-self-hosted-gateways).
 
 ## Responsibilities
 
 The following table shows Microsoft's responsibilities, shared responsibilities, and customers' responsibilities for managing and supporting the self-hosted gateway.
 
-
 |Microsoft Azure  |Shared responsibilities  |Customers  |
 |---------|---------|---------|
-|▪️ **Configuration endpoint (management plane)** - The self-hosted gateway depends on a configuration endpoint that provides the configuration, APIs, hostnames, and policy information. This configuration endpoint is part of the management plane of every API Management service.<br/><br/>▪️ **Gateway container image maintenance and updates** - Bug fixes, patches, performance improvements, and new features in the self-hosted gateway [container image](self-hosted-gateway-overview.md#packaging).        |▪ **Securing self-hosted gateway communication with configuration endpoint** - The communication between the self-hosted gateway and the configuration endpoint can be secured by two mechanisms: either an access token that expires automatically every 30 days and needs to be updated for the running containers; or authentication with Microsoft Entra ID, which doesn't require token refresh.<br/><br/> ▪ **Keeping the gateway up to date** - The customer oversees regularly updating the gateway to the latest version and latest features. And Microsoft will provide updated images with new features, bug fixes, and patches.      | ▪  **Gateway hosting** - Deploying and operating the gateway infrastructure: virtual machines with container runtime and/or Kubernetes cluster.<br/><br/>▪ **Network configuration** - Necessary to maintain management plane connectivity and API access.<br/><br/>    ▪ **Gateway SLA** - Capacity management, scaling, and uptime.<br/><br/>  ▪ **Providing diagnostics data to support** - Collecting and sharing diagnostics data with support engineers.<br/><br/>▪ **Third party OSS (open-source software) software components** - Combining the self-hosted gateway with other software like Prometheus, Grafana, service meshes, container runtimes, Kubernetes distributions, and proxies are the customer's responsibility.  |
+|▪️ **Configuration endpoint (management plane)**. The self-hosted gateway depends on a configuration endpoint that provides the configuration, APIs, hostnames, and policy information. This configuration endpoint is part of the management plane of every API Management service.<br/><br/>▪️ **Gateway container image maintenance and updates**. Bug fixes, patches, performance improvements, and new features in the self-hosted gateway [container image](self-hosted-gateway-overview.md#packaging).        |▪ **Securing self-hosted gateway communication with configuration endpoint**. The communication between the self-hosted gateway and the configuration endpoint can be secured by two mechanisms: <br/>- An access token that expires automatically every 30 days and needs to be updated for the running containers. <br/>- Authentication with Microsoft Entra ID, which doesn't require token refresh.<br/><br/> ▪ **Keeping the gateway up to date**. The customer oversees regularly updating the gateway to the latest version and latest features. Microsoft provides updated images with new features, bug fixes, and patches.      | ▪  **Gateway hosting**. Deploying and operating the gateway infrastructure: virtual machines with container runtime or Kubernetes cluster.<br/><br/>▪ **Network configuration**. Necessary to maintain management plane connectivity and API access.<br/><br/>    ▪ **Gateway SLA**. Capacity management, scaling, and uptime.<br/><br/>  ▪ **Providing diagnostics data to support**. Collecting and sharing diagnostics data with support engineers.<br/><br/>▪ **Third party OSS (open-source software) software components**. Combining the self-hosted gateway with other software like Prometheus, Grafana, service meshes, container runtimes, Kubernetes distributions, and proxies are the customer's responsibility.  |
 
 ## Self-hosted gateway container image support coverage 
 
-We have the following tagging strategy for the [self-hosted gateway container image](self-hosted-gateway-overview.md#packaging), following the major, minor, patch convention: `{major}.{minor}.{patch}`. You can find a full list of [available tags](https://mcr.microsoft.com/product/azure-api-management/gateway/tags). As a best practice, we recommend that customers run the latest stable version of our container image. Given the continuous releases of our container image, we'll provide official support for the following versions: 
+Microsoft has the following tagging strategy for the [self-hosted gateway container image](self-hosted-gateway-overview.md#packaging), following the major, minor, patch convention: `{major}.{minor}.{patch}`. For a full list of available tags, see [available tags](https://mcr.microsoft.com/product/azure-api-management/gateway/tags).
+
+We recommend that you run the latest stable version of our container image. Given the continuous releases of our container image, Microsoft provides official support for the following versions.
 
 > [!TIP]
-> We highly encourage customers to upgrade to a newer self-hosted gateway by following [Safe Deployment Practices (SDP)](https://azure.microsoft.com/blog/advancing-safe-deployment-practices/).
+> We highly encourage you to upgrade to a newer self-hosted gateway by following [Safe Deployment Practices (SDP)](https://azure.microsoft.com/blog/advancing-safe-deployment-practices/).
 
 ### Supported versions 
 
-* **Last major version and the last three minor releases**   
+- **Last major version and the last three minor releases**   
 
-    For example, if the latest version is 2.2.0, we'll support all 2.2.x, 2.1.x, and 2.0.x minor releases. For all previous versions, we'll ask you to update to a supported version. 
+    For example, if the latest version is 2.2.0, we support all 2.2.x, 2.1.x, and 2.0.x minor releases. For all previous versions, we ask you to update to a supported version. 
 
-* **Fixes** 
+- **Fixes** 
 
-    If we discover a bug, CVE, or performance issue in a supported version - for example, a bug is found in the container image 2.0.0 - the fix will land as a patch in the latest minor version, for example 2.2.x. 
+    If we discover a bug, CVE, or performance issue in a supported version, the fix appears as a patch in the latest minor version. For example, if a bug is found in the container image 2.0.0, the fix lands in 2.2.x. 
 
 ### Unsupported versions 
 
-* Container images with the `beta` tag.
+- Container images with the `beta` tag.
 
-* Any version with the `preview` suffix. 
+- Any version with the `preview` suffix. 
 
 ## Self-hosted gateway support scenarios
 
-### Microsoft provides technical support for the following examples
+Microsoft provides technical support for the following situations:
+
+- Configuration endpoint and management plane uptime and configuration for the supported tiers. 
+
+- Self-hosted gateway container image bugs, performance issues, and improvements. 
 
-* Configuration endpoint and management plane uptime and configuration for the supported tiers. 
+- Self-hosted gateway container image security patches (CVEs) are fixed as soon as possible. 
 
-* Self-hosted gateway container image bugs, performance issues, and improvements. 
+- Supported non-Microsoft open-source projects, for example: Open Telemetry and Distributed Application Runtime (DAPR). 
 
-* Self-hosted gateway container image security patches (CVEs) will be fixed as soon as possible. 
+Microsoft Support doesn't provide technical support for the following issues:
 
-* Supported third-party open-source projects, for example: Open Telemetry and DAPR (Distributed Application Runtime). 
+- Questions about how to use the self-hosted gateway inside Kubernetes. For example, Microsoft Support doesn't provide advice on how to:
 
-### Microsoft does not provide technical support for the following examples 
+  - Create custom ingress controllers
+  - Create service mesh
+  - Use application workloads
+  - Apply non-Microsoft or open-source software packages or tools
 
-* Questions about how to use the self-hosted gateway inside Kubernetes. For example, Microsoft Support doesn't provide advice on how to create custom ingress controllers, service mesh, use application workloads, or apply third-party or open-source software packages or tools. 
+- Non-Microsoft open-source projects combined with our self-hosted gateway, except for specific supported projects, for example: Open Telemetry and DAPR.
 
-* Third-party open-source projects combined with our self-hosted gateway, except for specific supported projects, for example: Open Telemetry and DAPR (Distributed Application Runtime). 
+- Non-Microsoft closed-source software, including security scanning tools and networking devices or software. 
 
-* Third-party closed-source software, including security scanning tools and networking devices or software. 
+- Microsoft Support checks only that the communication between self-hosted gateway and the configuration endpoint works. Microsoft Support doesn't troubleshoot:
 
-* Troubleshooting network customizations, CNIs, service meshes, network policies, firewalls, and complex networking circuits. Microsoft will only  check that the communication between self-hosted gateway and the configuration endpoint is working. 
+  - Network customization
+  - Container Network Interfaces (CNIs)
+  - Service meshes
+  - Network policies
+  - Firewalls
+  - Complex networking circuits
 
 ## Bugs and issues
 
@@ -92,10 +108,10 @@ If you have a support plan and you need technical help, create a [support requ
 
 1. For **Problem type**, select **Self-Hosted Gateway**. 
 
-You can also get help from our communities. You can file an issue on [GitHub](https://aka.ms/apim/sputnik/repo) or ask questions on [Stack  Overflow](https://aka.ms/apimso) and tag them with "azure-api-management".
+You can also get help from our communities. You can file an issue on [GitHub](https://aka.ms/apim/sputnik/repo) or ask questions on [Stack  Overflow](https://aka.ms/apimso) and tag them with `azure-api-management`.
 
 ## Related content
 
-* Learn how to deploy the API Management self-hosted gateway to [Azure Arc-enabled Kubernetes clusters](how-to-deploy-self-hosted-gateway-azure-arc.md), [Azure Kubernetes Service](how-to-deploy-self-hosted-gateway-azure-kubernetes-service.md), or a Kubernetes cluster using [YAML](how-to-deploy-self-hosted-gateway-kubernetes.md) or a [Helm chart](how-to-deploy-self-hosted-gateway-kubernetes-helm.md).
+- Learn how to deploy the API Management self-hosted gateway to [Azure Arc-enabled Kubernetes clusters](how-to-deploy-self-hosted-gateway-azure-arc.md), [Azure Kubernetes Service](how-to-deploy-self-hosted-gateway-azure-kubernetes-service.md), or a Kubernetes cluster using [YAML](how-to-deploy-self-hosted-gateway-kubernetes.md) or a [Helm chart](how-to-deploy-self-hosted-gateway-kubernetes-helm.md).
 
-* Review guidance for running the self-hosted gateway on [Kubernetes in production](how-to-self-hosted-gateway-on-kubernetes-in-production.md).
+- Review guidance for running the self-hosted gateway on [Kubernetes in production](how-to-self-hosted-gateway-on-kubernetes-in-production.md).
