MicrosoftDocs
diff --git a/‎articles/app-service/monitor-app-service.md‎
Lines changed: 322 additions & 7 deletions b/‎articles/app-service/monitor-app-service.md‎
Lines changed: 322 additions & 7 deletions
diff --git a/‎articles/bastion/bastion-connect-vm-rdp-windows.md‎
Lines changed: 1 addition & 1 deletion b/‎articles/bastion/bastion-connect-vm-rdp-windows.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/bastion/connect-ip-address.md‎
Lines changed: 39 additions & 71 deletions b/‎articles/bastion/connect-ip-address.md‎
Lines changed: 39 additions & 71 deletions
diff --git a/‎articles/batch/create-pool-ephemeral-os-disk.md‎
Lines changed: 90 additions & 18 deletions b/‎articles/batch/create-pool-ephemeral-os-disk.md‎
Lines changed: 90 additions & 18 deletions
diff --git a/‎articles/batch/disk-encryption.md‎
Lines changed: 46 additions & 6 deletions b/‎articles/batch/disk-encryption.md‎
Lines changed: 46 additions & 6 deletions
@@ -31,7 +31,7 @@ Before you begin, verify that you meet the following criteria:
   |---|---|---|
   | Azure portal (browser) | Basic | None |
   | Azure portal with custom ports | Standard | None |
-  | IP-based connection | Standard | [IP-based connection](connect-ip-address.md#configure-bastion) enabled |
+  | IP-based connection | Standard | [IP-based connection](connect-ip-address.md#sku-requirements) enabled |
   | Native client (RDP) | Standard | [Native client support](native-client.md) enabled |
 
 * Users connecting via RDP must have rights on the target virtual machine. If the user isn't a local administrator, add them to the **Remote Desktop Users** group.
 
@@ -1,101 +1,69 @@
 ---
-title: 'Connect to a VM - specified private IP address: Azure portal'
+title: 'About Azure Bastion IP-based connection'
 titleSuffix: Azure Bastion
-description: Learn how to connect to your virtual machines using a specified private IP address via Azure Bastion.
+description: Learn about IP-based connection in Azure Bastion, including supported scenarios, SKU requirements, and limitations.
 author: abell
 ms.service: azure-bastion
-ms.topic: how-to
-ms.date: 03/03/2025
+ms.topic: concept-article
+ms.date: 03/09/2026
 ms.author: abell
-ms.custom: sfi-image-nochange
 
-# Customer intent: As a network administrator, I want to configure and connect to virtual machines using a specified private IP address via Bastion, so that I can securely manage resources in my network environment.
+# Customer intent: As a network administrator, I want to understand how IP-based connection works with Azure Bastion, so that I can determine whether it's the right approach for securely connecting to on-premises, non-Azure, or Azure virtual machines.
 ---
 
-# Connect to a VM via specified private IP address
+# About Azure Bastion IP-based connection
 
-IP-based connection lets you connect to your on-premises, non-Azure, and Azure virtual machines via Azure Bastion over ExpressRoute or a VPN site-to-site connection using a specified private IP address. The steps in this article show you how to configure your Bastion deployment, and then connect to an on-premises resource using IP-based connection. For more information about Azure Bastion, see the [Overview](bastion-overview.md).
+IP-based connection lets you connect to your on-premises, non-Azure, and Azure virtual machines via Azure Bastion using a specified IP address. Unlike standard Bastion connections that use the Azure Resource Manager resource ID of a target virtual machine, IP-based connections target a virtual machine by its IP address. This makes it possible to connect to machines that aren't registered as Azure resources, such as on-premises servers or VMs running in other cloud environments.
 
-:::image type="content" source="./media/connect-ip-address/architecture.png" alt-text="Diagram that shows the Azure Bastion architecture." lightbox="./media/connect-ip-address/architecture.png":::
+## Architecture
 
-> [!NOTE]
-> This configuration requires the Standard SKU or higher for Azure Bastion. To upgrade, see [Upgrade a SKU](upgrade-sku.md).
->
+The following diagram shows the IP-based connection architecture. Azure Bastion, deployed in its virtual network, connects to a target virtual machine using the virtual machine's IP address over an ExpressRoute circuit or VPN site-to-site connection. The connection doesn't require the target virtual machine to have a public IP address or to be an Azure resource.
 
-**Limitations**
+:::image type="content" source="./media/connect-ip-address/architecture.png" alt-text="Diagram that shows how IP-based connections work over Azure ExpressRoute private peering or VPN site-to-site connections, extending Azure Bastion secure connectivity beyond Azure-hosted workloads." lightbox="./media/connect-ip-address/architecture.png":::
 
-* IP-based connection won’t work with force tunneling over VPN, or when a default route is advertised over an ExpressRoute circuit. Azure Bastion requires access to the Internet and force tunneling, or the default route advertisement will result in traffic blackholing.
+In this scenario:
+* Azure Bastion routes the RDP or SSH traffic through the ExpressRoute or VPN connection to reach the target virtual machine at the specified IP address.
+* The connection is secured through the Bastion host, so the target virtual machine doesn't need to be exposed to the public internet.
 
-* Microsoft Entra authentication isn't supported for RDP connections. Microsoft Entra authentication is supported for SSH connections via native client.
+## Supported scenarios
 
-* Custom ports and protocols aren't currently supported when connecting to a VM via native client.
+IP-based connection supports the following scenarios:
 
-* UDR isn't supported on Bastion subnet, including with IP-based connection.
+* **On-premises virtual machines:** Connect to virtual machines running in your on-premises datacenter through an [ExpressRoute private peering](../expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering.md) or [VPN site-to-site connection](../vpn-gateway/add-remove-site-to-site-connections.md).
+* **Non-Azure virtual machines:** Connect to virtual machines hosted in other cloud environments that are reachable from the Azure virtual network through ExpressRoute or VPN.
+* **Azure virtual machines:** Connect to Azure virtual machines by specifying an IP address instead of selecting the virtual machine resource in the portal. This is useful when the target virtual machine is in a peered or connected virtual network.
 
-## Prerequisites
+## Supported connection methods
 
-Before you begin these steps, verify that you have the following environment set up:
+The following table summarizes the connection methods available with IP-based connection:
 
-* A VNet with Bastion already deployed.
+| Connection method | Protocol | Details |
+|---|---|---|
+| Azure portal (browser) | RDP, SSH | Provides browser-based RDP or SSH sessions from the Bastion **Connect** page by targeting an IP address. For step-by-step guidance, see [Connect to a Windows VM using RDP](bastion-connect-vm-rdp-windows.md). |
+| Native client (Azure CLI) | RDP | Provides RDP connectivity from a Windows client using `az network bastion rdp` with the `--target-ip-address` parameter. For connection steps, see [Connect from a Windows native client](connect-vm-native-client-windows.md). |
+| Native client (Azure CLI) | SSH | Provides SSH connectivity from Windows or Linux clients using `az network bastion ssh` with the `--target-ip-address` parameter. For connection steps, see [Connect from a Windows native client](connect-vm-native-client-windows.md) or [Connect from a Linux native client](connect-vm-native-client-linux.md). |
+| Native client (Azure CLI) | Tunnel | Creates an IP-based TCP tunnel using `az network bastion tunnel` with the `--target-ip-address` parameter. For configuration steps, see [Configure Bastion native client support](native-client.md). |
 
-  * Make sure that you have deployed Bastion to the virtual network. Once the Bastion service is provisioned and deployed in your virtual network, you can use it to connect to any VM deployed in any of the virtual networks that is reachable from Bastion.
-  * To deploy Bastion, see [Quickstart: Deploy Bastion with default settings and the Standard SKU](quickstart-host-portal.md).
+## SKU requirements
 
-* A virtual machine in any reachable virtual network. This is the virtual machine to which you'll connect.
+IP-based connection requires the **Standard** SKU tier or higher for Azure Bastion. The Basic and Developer SKUs don't support this feature. You must also enable the **IP-based connection** setting on the Bastion **Configuration** page.
 
-## Configure Bastion
+For information about SKU capabilities, see [Choose the right Azure Bastion SKU](bastion-sku-comparison.md). To upgrade your Bastion deployment, see [Upgrade a SKU](upgrade-sku.md).
 
-1. Sign in to the [Azure portal](https://portal.azure.com/).
+## Limitations
 
-1. In the Azure portal, go to your Bastion deployment.
+* **Force tunneling:** IP-based connection doesn't work with force tunneling over VPN, or when a default route is advertised over an ExpressRoute circuit. Azure Bastion requires access to the internet. Force tunneling or default route advertisement results in traffic being dropped.
 
-1. IP based connection requires the Standard SKU or higher. On the **Configuration** page, for **SKU**, verify the SKU is set to the **Standard** SKU or higher. If the SKU is set to the Basic SKU, select a higher SKU from the dropdown.
+* **Microsoft Entra ID authentication:** Microsoft Entra authentication isn't supported for RDP connections via IP address. Microsoft Entra authentication is supported for SSH connections via native client. For more information, see [Microsoft Entra ID authentication](bastion-entra-id-authentication.md).
 
-1. To enable **IP based connection**, select **IP based connection**.
+* **Custom ports and protocols:** Custom ports and protocols aren't currently supported when connecting to a virtual machine via native client with IP-based connections.
 
-1. Select **Apply** to apply the changes. It takes a few minutes for the Bastion configuration to complete.
-
-## Connect to VM - Azure portal
-
-1. To connect to a VM using a specified private IP address, you make the connection from Bastion to the VM, not directly from the VM page. On your Bastion page, select **Connect** to open the Connect page.
-
-1. On the Bastion **Connect** page, for **IP address**, enter the private IP address of the target VM.
-
-    :::image type="content" source="./media/connect-ip-address/ip-address.png" alt-text="Screenshot of the Connect using Azure Bastion page." lightbox="./media/connect-ip-address/ip-address.png":::
-
-1. Adjust your connection settings to the desired **Protocol** and **Port**.
-
-1. Enter your credentials in **Username** and **Password**.
-
-1. Select **Connect** to connect to your virtual machine.  
-
-## Connect to VM - native client
-
-You can connect to VMs using a specified IP address with native client via SSH, RDP, or tunneling. To learn more about configuring native client support, see [Configure Bastion native client support](native-client.md).
-
-> [!NOTE]
-> This feature does not currently support Microsoft Entra authentication or custom port and protocol.
-
-Use the following commands as examples:
-
-**RDP:**
-
-```azurecli
-az network bastion rdp --name "<BastionName>" --resource-group "<ResourceGroupName>" --target-ip-address "<VMIPAddress>
-```
-
-**SSH:**
-
-```azurecli
-az network bastion ssh --name "<BastionName>" --resource-group "<ResourceGroupName>" --target-ip-address "<VMIPAddress>" --auth-type "ssh-key" --username "<Username>" --ssh-key "<Filepath>"
-```
-
-**Tunnel:**
-
-```azurecli
-az network bastion tunnel --name "<BastionName>" --resource-group "<ResourceGroupName>" --target-ip-address "<VMIPAddress>" --resource-port "<TargetVMPort>" --port "<LocalMachinePort>"
-```
+* **UDR:** User-defined routes (UDR) aren't supported on the Bastion subnet, including with IP-based connections.
 
 ## Next steps
 
-Read the [Bastion FAQ](bastion-faq.md) for additional information.
+* [Create an RDP connection to a Windows VM](bastion-connect-vm-rdp-windows.md)
+* [Connect from a Windows native client](connect-vm-native-client-windows.md)
+* [Connect from a Linux native client](connect-vm-native-client-linux.md)
+* [Configure Bastion native client support](native-client.md)
+* [Azure Bastion FAQ](bastion-faq.md)
@@ -2,7 +2,7 @@
 title: Use ephemeral OS disk nodes for Azure Batch pools
 description: Learn how and why to create a Batch pool that uses ephemeral OS disk nodes.
 ms.topic: how-to
-ms.date: 03/27/2025
+ms.date: 03/06/2026
 ms.devlang: csharp
 # Customer intent: "As a cloud architect, I want to configure Azure Batch pools with ephemeral OS disks, so that I can reduce costs and improve application performance for stateless workloads."
 ---
@@ -40,30 +40,102 @@ The following example shows how to create a Batch pool where the nodes use ephem
 
 ### Code examples
 
-This code snippet shows how to create a pool with ephemeral OS disks using Azure Batch Python SDK with the Ephemeral OS disk using the temporary disk (cache).
+This code snippet shows how to create a pool with ephemeral OS disks using the azure-mgmt-batch Python SDK with the ephemeral OS disk using the temporary disk (cache).
 
 ```python
-virtual_machine_configuration=batch.models.VirtualMachineConfiguration(
-    image_reference=image_ref_to_use,
-    node_agent_sku_id=node_sku_id,
-    os_disk=batch.models.OSDisk(
-        ephemeral_os_disk_settings=batch.models.DiffDiskSettings(
-            placement=batch.models.DiffDiskPlacement.cache_disk
-        )
-    )
+from azure.identity import DefaultAzureCredential
+from azure.mgmt.batch import BatchManagementClient
+from azure.mgmt.batch.models import (
+    BatchAccountPoolData,
+    DeploymentConfiguration,
+    VirtualMachineConfiguration,
+    ImageReference,
+    OSDisk,
+    DiffDiskSettings,
+    DiffDiskPlacement,
 )
+
+
+def create_pool_with_ephemeral_os_disk():
+    client = BatchManagementClient(
+        credential=DefaultAzureCredential(),
+        subscription_id="subscriptionId",
+    )
+
+    pool = client.pool.create(
+        resource_group_name="resourceGroupName",
+        account_name="accountName",
+        pool_name="ephemeralOSDiskPool",
+        parameters=BatchAccountPoolData(
+            vm_size="standard_ds1_v2",
+            deployment_configuration=DeploymentConfiguration(
+                virtual_machine_configuration=VirtualMachineConfiguration(
+                    image_reference=ImageReference(
+                        publisher="Canonical",
+                        offer="UbuntuServer",
+                        sku="22.04-LTS",
+                    ),
+                    node_agent_sku_id="batch.node.ubuntu 22.04",
+                    os_disk=OSDisk(
+                        ephemeral_os_disk_settings=DiffDiskSettings(
+                            placement=DiffDiskPlacement.CACHE_DISK
+                        )
+                    ),
+                )
+            ),
+        ),
+    )
 ```
 
-This is the same code snippet but for creating a pool with ephemeral OS disks using the Azure Batch .NET SDK and C#. 
+This is the same code snippet but for creating a pool with ephemeral OS disks using the Azure.ResourceManager.Batch SDK and C#.
 
 ```csharp
-VirtualMachineConfiguration virtualMachineConfiguration = new VirtualMachineConfiguration(
-        imageReference: imageReference,
-        nodeAgentSkuId: nodeAgentSku
-        );
-virtualMachineConfiguration.OSDisk = new OSDisk();
-virtualMachineConfiguration.OSDisk.EphemeralOSDiskSettings = new DiffDiskSettings();
-virtualMachineConfiguration.OSDisk.EphemeralOSDiskSettings.Placement = DiffDiskPlacement.CacheDisk;
+using Azure;
+using Azure.Identity;
+using Azure.ResourceManager;
+using Azure.ResourceManager.Batch;
+using Azure.ResourceManager.Batch.Models;
+
+//...
+
+public async Task SetEphemeralOSDisk()
+{
+    ArmClient client = new ArmClient(new DefaultAzureCredential());
+
+    ResourceIdentifier batchAccountResourceId =
+        BatchAccountResource.CreateResourceIdentifier("subscriptionId", "resourceGroupName", "accountName");
+    BatchAccountResource batchAccount = client.GetBatchAccountResource(batchAccountResourceId);
+
+    BatchAccountPoolCollection poolCollection = batchAccount.GetBatchAccountPools();
+
+    BatchAccountPoolData poolData = new BatchAccountPoolData()
+    {
+        VmSize = "standard_ds1_v2",
+        DeploymentConfiguration = new BatchDeploymentConfiguration()
+        {
+            VmConfiguration = new BatchVmConfiguration(
+                imageReference: new BatchImageReference()
+                {
+                    Publisher = "Canonical",
+                    Offer = "UbuntuServer",
+                    Sku = "22.04-LTS"
+                },
+                nodeAgentSkuId: "batch.node.ubuntu 22.04")
+            {
+                OSDisk = new BatchOSDisk()
+                {
+                    EphemeralOSDiskSettings = new DiffDiskSettings()
+                    {
+                        Placement = BatchDiffDiskPlacement.CacheDisk
+                    }
+                }
+            }
+        }
+    };
+
+    ArmOperation<BatchAccountPoolResource> pool = await poolCollection.CreateOrUpdateAsync(
+        WaitUntil.Completed, "ephemeralOSDiskPool", poolData);
+}
 ```
 
 ## Next steps
 
@@ -2,7 +2,7 @@
 title: Create a pool with disk encryption enabled
 description: Learn how to use disk encryption configuration to encrypt nodes with a platform-managed key.
 ms.topic: how-to
-ms.date: 07/01/2025
+ms.date: 03/06/2026
 ms.devlang: csharp
 ms.custom: devx-track-azurecli
 # Customer intent: "As a cloud administrator, I want to create a Batch pool with disk encryption enabled, so that I can safeguard data on the compute nodes while reducing management overhead."
@@ -46,14 +46,54 @@ After the pool is created, you can see the disk encryption configuration targets
 
 ## Examples
 
-The following examples show how to encrypt the OS and temporary disks on a Batch pool using the Batch .NET SDK, the Batch REST API, and the Azure CLI.
+The following examples show how to encrypt the OS and temporary disks on a Batch pool using the Azure.ResourceManager.Batch SDK, the Batch REST API, and the Azure CLI.
 
-### Batch .NET SDK
+### Azure.ResourceManager.Batch SDK
 
 ```csharp
-pool.VirtualMachineConfiguration.DiskEncryptionConfiguration = new DiskEncryptionConfiguration(
-    targets: new List<DiskEncryptionTarget> { DiskEncryptionTarget.OsDisk, DiskEncryptionTarget.TemporaryDisk }
-    );
+using Azure;
+using Azure.Identity;
+using Azure.ResourceManager;
+using Azure.ResourceManager.Batch;
+using Azure.ResourceManager.Batch.Models;
+
+//...
+
+public async Task SetDiskEncryption()
+{
+    ArmClient client = new ArmClient(new DefaultAzureCredential());
+
+    ResourceIdentifier batchAccountResourceId =
+        BatchAccountResource.CreateResourceIdentifier("subscriptionId", "resourceGroupName", "accountName");
+    BatchAccountResource batchAccount = client.GetBatchAccountResource(batchAccountResourceId);
+
+    BatchAccountPoolCollection poolCollection = batchAccount.GetBatchAccountPools();
+
+    BatchAccountPoolData poolData = new BatchAccountPoolData()
+    {
+        VmSize = "standard_ds1_v2",
+        DeploymentConfiguration = new BatchDeploymentConfiguration()
+        {
+            VmConfiguration = new BatchVmConfiguration(
+                imageReference: new BatchImageReference()
+                {
+                    Publisher = "Canonical",
+                    Offer = "UbuntuServer",
+                    Sku = "22.04-LTS"
+                },
+                nodeAgentSkuId: "batch.node.ubuntu 22.04")
+            {
+                 DiskEncryptionConfiguration = new BatchDiskEncryptionConfiguration()
+                 {
+                     Targets = { BatchDiskEncryptionTarget.OSDisk, BatchDiskEncryptionTarget.TemporaryDisk }
+                 }
+            }
+        }
+    };
+
+    ArmOperation<BatchAccountPoolResource> pool = await poolCollection.CreateOrUpdateAsync(
+        WaitUntil.Completed, "diskencryptionPool", poolData);
+}
 ```
 
 ### Batch REST API