MicrosoftDocs
diff --git a/‎articles/azure-government/compare-azure-government-global-azure.md‎
Lines changed: 16 additions & 0 deletions b/‎articles/azure-government/compare-azure-government-global-azure.md‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎articles/bastion/bastion-nsg.md‎
Lines changed: 4 additions & 4 deletions b/‎articles/bastion/bastion-nsg.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎articles/container-apps/microservices-dapr.md‎
Lines changed: 51 additions & 44 deletions b/‎articles/container-apps/microservices-dapr.md‎
Lines changed: 51 additions & 44 deletions
diff --git a/‎articles/firmware-analysis/automate-firmware-analysis-service-principals.md‎
Lines changed: 1 addition & 0 deletions b/‎articles/firmware-analysis/automate-firmware-analysis-service-principals.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/firmware-analysis/firmware-analysis-faq.md‎
Lines changed: 1 addition & 0 deletions b/‎articles/firmware-analysis/firmware-analysis-faq.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/firmware-analysis/firmware-analysis-rbac.md‎
Lines changed: 1 addition & 0 deletions b/‎articles/firmware-analysis/firmware-analysis-rbac.md‎
Lines changed: 1 addition & 0 deletions
@@ -313,6 +313,22 @@ Azure Active Directory B2C is **not available** in Azure Government.
 
 The Microsoft Authentication Library (MSAL) enables developers to acquire security tokens from the Microsoft identity platform to authenticate users and access secured web APIs. For feature variations and limitations, see [National clouds and MSAL](../active-directory/develop/msal-national-cloud.md).
 
+## Internet of Things
+
+This section outlines variations and considerations when using Internet of Things services in the Azure Government environment. For service availability, see [Products available by region](https://azure.microsoft.com/global-infrastructure/services/?products=notification-hubs,azure-maps,iot-hub,iot-central&regions=usgov-non-regional,us-dod-central,us-dod-east,usgov-arizona,usgov-texas,usgov-virginia&rar=true).
+
+### [Azure IoT Hub](../iot-hub/index.yml)
+
+When you use Microsoft Entra ID to authenticate requests to IoT Hub service APIs in Azure Government, you need to use a different audience URI than in global Azure. The audience URI is the OAuth 2.0 resource endpoint that you use when requesting Microsoft Entra tokens for IoT Hub service APIs.
+
+For Azure Government, use the following audience URI when authenticating to IoT Hub service APIs:
+
+`https://iothubs.azure.us`
+
+In comparison, global Azure uses `https://iothubs.azure.net` as the audience URI.
+
+For more information about authenticating to IoT Hub with Microsoft Entra ID, see [Control access to IoT Hub by using Microsoft Entra ID](../iot-hub/authenticate-authorize-azure-ad.md).
+
 ## Management and governance
 
 This section outlines variations and considerations when using Management and Governance services in the Azure Government environment. For service availability, see [Products available by region](https://azure.microsoft.com/global-infrastructure/services/?products=managed-applications,azure-policy,network-watcher,monitor,traffic-manager,automation,scheduler,site-recovery,cost-management,backup,blueprints,advisor&regions=usgov-non-regional,us-dod-central,us-dod-east,usgov-arizona,usgov-texas,usgov-virginia&rar=true).
 
@@ -105,7 +105,7 @@ $rules = @(
         SourcePortRange = "*"
         DestinationAddressPrefix = "VirtualNetwork"
         DestinationPortRange = 8080,5701
-        Protocol = "Ah"
+        Protocol = "Tcp"
     }
     @{
         Name = "AllowSshRdpOutbound"
@@ -116,7 +116,7 @@ $rules = @(
         SourcePortRange = "*"
         DestinationAddressPrefix = "VirtualNetwork"
         DestinationPortRange = 22,3389
-        Protocol = "Ah"
+        Protocol = "Tcp"
     },
     @{
         Name = "AllowAzureCloudOutbound"
@@ -138,7 +138,7 @@ $rules = @(
         SourcePortRange = "*"
         DestinationAddressPrefix = "VirtualNetwork"
         DestinationPortRange = 8080,5701
-        Protocol = "Ah"
+        Protocol = "Tcp"
     },
     @{
         Name = "AllowHttpOutbound"
@@ -149,7 +149,7 @@ $rules = @(
         SourcePortRange = "*"
         DestinationAddressPrefix = "Internet"
         DestinationPortRange = "80"
-        Protocol = "Ah"
+        Protocol = "Tcp"
     }
  )
 foreach ($rule in $rules) {
 
@@ -1,21 +1,21 @@
 ---
-title: "Quickstart: Deploy a Dapr application to Azure Container Apps using the Azure CLI"
-description: Deploy a Dapr application to Azure Container Apps using the Azure CLI.
+title: "Quickstart: Deploy a Dapr App using the Azure CLI"
+description: Learn how to deploy a Dapr application to Azure Container Apps by using the Azure CLI.
 services: container-apps
 author: greenie-msft
 ms.service: azure-container-apps
 ms.subservice: dapr
 ms.topic: quickstart
-ms.date: 02/03/2025
+ms.date: 02/10/2026
 ms.author: nigreenf
 ms.reviewer: hannahhunter
 ms.custom: devx-track-azurecli, devx-track-azurepowershell
 ms.devlang: azurecli
 ---
 
-# Quickstart: Deploy a Dapr application to Azure Container Apps using the Azure CLI
+# Quickstart: Deploy a Dapr application to Azure Container Apps by using the Azure CLI
 
-[Dapr](./dapr-overview.md) (Distributed Application Runtime) helps developers build resilient, reliable microservices. In this quickstart, you learn how to enable Dapr sidecars to run alongside your microservices container apps. You'll:
+[Distributed Application Runtime (Dapr)](./dapr-overview.md) helps developers build resilient, reliable microservices. In this quickstart, you learn how to enable Dapr sidecars to run alongside your microservices container apps. You'll:
 
 > [!div class="checklist"]
 > * Create a Container Apps environment and Azure Blog Storage state store for your container apps.
@@ -27,6 +27,13 @@ ms.devlang: azurecli
 
 This quickstart mirrors the applications you deploy in the open-source Dapr [Hello World](https://github.com/dapr/quickstarts/tree/master/tutorials/hello-world) quickstart.
 
+## Prerequisites
+
+- An Azure account with an active subscription. If you don't have one, [create an account for free](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
+- A GitHub account. If you don't have one, [sign up for free](https://github.com/join).
+- Install [Azure CLI](/cli/azure/install-azure-cli).
+- Install [Git](https://git-scm.com/downloads).
+
 [!INCLUDE [container-apps-create-cli-steps.md](../../includes/container-apps-create-cli-steps.md)]
 
 [!INCLUDE [container-apps-set-environment-variables.md](../../includes/container-apps-set-environment-variables.md)]
@@ -39,18 +46,20 @@ This quickstart mirrors the applications you deploy in the open-source Dapr [Hel
 
 ### Create an Azure Blob Storage account
 
-With the environment deployed, deploy an Azure Blob Storage account that is used by the Node.js container app to store data. Before deploying the service, choose a name for the storage account. Storage account names must be _unique within Azure_, from 3 to 24 characters in length and must contain numbers and lowercase letters only.
+With the environment deployed, deploy an Azure Blob Storage account that is used by the Node.js container app to store data. Before deploying the service, choose a name for the storage account.
+
+Storage account names must be _unique within Azure_, from 3 to 24 characters in length and must contain numbers and lowercase letters only.
 
 # [Bash](#tab/bash)
 
 ```azurecli
-STORAGE_ACCOUNT_NAME="<storage account name>"
+STORAGE_ACCOUNT_NAME="<storage-account-name>"
 ```
 
 # [PowerShell](#tab/powershell)
 
 ```azurepowershell
-$StorageAcctName = '<storage account name>'
+$StorageAcctName = '<storage-account-name>'
 ```
 
 ---
@@ -63,7 +72,7 @@ Use the following command to create the Azure Storage account.
 az storage account create \
   --name $STORAGE_ACCOUNT_NAME \
   --resource-group $RESOURCE_GROUP \
-  --location "$LOCATION" \
+  --location $LOCATION \
   --sku Standard_RAGRS \
   --kind StorageV2
 ```
@@ -80,6 +89,7 @@ $StorageAcctArgs = @{
     SkuName = 'Standard_RAGRS'
     Kind = 'StorageV2'
 }
+
 $StorageAccount = New-AzStorageAccount @StorageAcctArgs
 ```
 
@@ -94,16 +104,15 @@ While Container Apps supports both user-assigned and system-assigned managed ide
     # [Bash](#tab/bash)
 
     ```azurecli
-    az identity create --resource-group $RESOURCE_GROUP --name "nodeAppIdentity"     --output json
+    az identity create --resource-group $RESOURCE_GROUP --name "nodeAppIdentity" --output json
     ```
     
     # [PowerShell](#tab/powershell)
     
     ```azurepowershell
     Install-Module -Name AZ.ManagedServiceIdentity
     
-    New-AzUserAssignedIdentity -ResourceGroupName $ResourceGroupName -Name     'nodeAppIdentity' -Location $Location
-    
+    New-AzUserAssignedIdentity -ResourceGroupName $ResourceGroupName -Name 'nodeAppIdentity' -Location $Location
     ```
     
     ---
@@ -113,17 +122,17 @@ While Container Apps supports both user-assigned and system-assigned managed ide
     # [Bash](#tab/bash)
     
     ```azurecli
-    PRINCIPAL_ID=$(az identity show -n "nodeAppIdentity" --resource-group     $RESOURCE_GROUP --query principalId | tr -d \")
-    IDENTITY_ID=$(az identity show -n "nodeAppIdentity" --resource-group     $RESOURCE_GROUP --query id | tr -d \")
-    CLIENT_ID=$(az identity show -n "nodeAppIdentity" --resource-group $RESOURCE_GROUP     --query clientId | tr -d \")
+    PRINCIPAL_ID=$(az identity show -n "nodeAppIdentity" --resource-group $RESOURCE_GROUP --query principalId | tr -d \")
+    IDENTITY_ID=$(az identity show -n "nodeAppIdentity" --resource-group $RESOURCE_GROUP --query id | tr -d \")
+    CLIENT_ID=$(az identity show -n "nodeAppIdentity" --resource-group $RESOURCE_GROUP --query clientId | tr -d \")
     ```
     
     # [PowerShell](#tab/powershell)
     
     ```azurepowershell
-    $PrincipalId = (Get-AzUserAssignedIdentity -ResourceGroupName $ResourceGroupName     -Name 'nodeAppIdentity').PrincipalId
-    $IdentityId = (Get-AzUserAssignedIdentity -ResourceGroupName $ResourceGroupName     -Name 'nodeAppIdentity').Id
-    $ClientId = (Get-AzUserAssignedIdentity -ResourceGroupName $ResourceGroupName -Name     'nodeAppIdentity').ClientId
+    $PrincipalId = (Get-AzUserAssignedIdentity -ResourceGroupName $ResourceGroupName -Name 'nodeAppIdentity').PrincipalId
+    $IdentityId = (Get-AzUserAssignedIdentity -ResourceGroupName $ResourceGroupName -Name 'nodeAppIdentity').Id
+    $ClientId = (Get-AzUserAssignedIdentity -ResourceGroupName $ResourceGroupName -Name 'nodeAppIdentity').ClientId
     ```
     
     ---
@@ -151,15 +160,15 @@ While Container Apps supports both user-assigned and system-assigned managed ide
     ```azurecli
     az role assignment create --assignee $PRINCIPAL_ID  \
     --role "Storage Blob Data Contributor" \
-    --scope "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/    Microsoft.Storage/storageAccounts/$STORAGE_ACCOUNT_NAME"
+    --scope "subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.Storage/storageAccounts/$STORAGE_ACCOUNT_NAME"
     ```
     
     # [PowerShell](#tab/powershell)
     
     ```azurepowershell
     Install-Module Az.Resources
     
-    New-AzRoleAssignment -ObjectId $PrincipalId -RoleDefinitionName 'Storage Blob Data     Contributor' -Scope "/subscriptions/$SubscriptionId/resourceGroups/    $ResourceGroupName/providers/Microsoft.Storage/storageAccounts/$StorageAcctName"
+    New-AzRoleAssignment -ObjectId $PrincipalId -RoleDefinitionName 'Storage Blob Data Contributor' -Scope "/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroupName/providers/Microsoft.Storage/storageAccounts/$StorageAcctName"
     ```
     
     ---
@@ -168,24 +177,24 @@ While Container Apps supports both user-assigned and system-assigned managed ide
 
 While you have multiple options for authenticating to external resources via Dapr. This example uses an Azure-based state store, so you can provide direct access from the Node.js app to the Blob store using Managed Identity. 
 
-1. In a text editor, create a file named *statestore.yaml* with the properties that you sourced from the previous steps. 
+1. In a text editor, create a file named *statestore.yaml* with the properties that you sourced from the previous steps. Replace the `<placeholders>` with your values.
 
     ```yaml
     # statestore.yaml for Azure Blob storage component
     componentType: state.azure.blobstorage
     version: v1
     metadata:
       - name: accountName
-        value: "<STORAGE_ACCOUNT_NAME>"
+        value: "<storage-account-name>"
       - name: containerName
         value: mycontainer
       - name: azureClientId
-        value: "<MANAGED_IDENTITY_CLIENT_ID>"
+        value: "<managed-identity-client-ID>"
     scopes:
       - nodeapp
     ```
 
-    This file helps enable your Dapr app to access your state store. 
+    This file helps enable your Dapr app to access your state store.
 
 1. Navigate to the directory in which you stored the yaml file and run the following command to configure the Dapr component in the Container Apps environment. 
 
@@ -201,12 +210,11 @@ While you have multiple options for authenticating to external resources via Dap
     # [PowerShell](#tab/powershell)
     
     ```azurepowershell
+    $AcctName = New-AzContainerAppDaprMetadataObject -Name "accountName" -Value $StorageAcctName
     
-    $AcctName = New-AzContainerAppDaprMetadataObject -Name "accountName" -Value     $StorageAcctName
-    
-    $ContainerName = New-AzContainerAppDaprMetadataObject -Name "containerName" -Value     'mycontainer'
+    $ContainerName = New-AzContainerAppDaprMetadataObject -Name "containerName" -Value 'mycontainer'
     
-    $ClientId = New-AzContainerAppDaprMetadataObject -Name "azureClientId" -Value     $ClientId
+    $ClientId = New-AzContainerAppDaprMetadataObject -Name "azureClientId" -Value $ClientId
     
     $DaprArgs = @{
         EnvName = $ContainerAppsEnvironment
@@ -242,7 +250,7 @@ az containerapp create \
   --env-vars 'APP_PORT=3000'
 ```
 
-If you're using an Azure Container Registry, include the `--registry-server <REGISTRY_NAME>.azurecr.io` flag in the command.
+If you're using an Azure Container Registry, include the `--registry-server <registry-name>.azurecr.io` flag in the command.
 
 # [PowerShell](#tab/powershell)
 
@@ -256,6 +264,7 @@ $TemplateArgs = @{
   Image = 'dapriosamples/hello-k8s-node:latest'
   Env = $EnvVars
 }
+
 $ServiceTemplateObj = New-AzContainerAppTemplateObject @TemplateArgs
 
 $ServiceArgs = @{
@@ -274,10 +283,11 @@ $ServiceArgs = @{
         $IdentityId = @{}
     }
 }
+
 New-AzContainerApp @ServiceArgs
 ```
 
-If you're using an Azure Container Registry, include the `RegistryServer = '<REGISTRY_NAME>.azurecr.io'` flag in the command.
+If you're using an Azure Container Registry, include the `RegistryServer = '<registry-name>.azurecr.io'` flag in the command.
 
 ---
 
@@ -299,20 +309,18 @@ az containerapp create \
   --dapr-app-id pythonapp
 ```
 
-If you're using an Azure Container Registry, include the `--registry-server <REGISTRY_NAME>.azurecr.io` flag in the command.
+If you're using an Azure Container Registry, include the `--registry-server <registry-name>.azurecr.io` flag in the command.
 
 # [PowerShell](#tab/powershell)
 
 ```azurepowershell
-
 $TemplateArgs = @{
   Name = 'pythonapp'
   Image = 'dapriosamples/hello-k8s-python:latest'
 }
 
 $ClientTemplateObj = New-AzContainerAppTemplateObject @TemplateArgs
 
-
 $ClientArgs = @{
     Name = 'pythonapp'
     ResourceGroupName = $ResourceGroupName
@@ -324,10 +332,11 @@ $ClientArgs = @{
     DaprEnabled = $true
     DaprAppId = 'pythonapp'
 }
+
 New-AzContainerApp @ClientArgs
 ```
 
-If you're using an Azure Container Registry, include the `RegistryServer = '<REGISTRY_NAME>.azurecr.io'` flag in the command.
+If you're using an Azure Container Registry, include the `RegistryServer = '<registry-name>.azurecr.io'` flag in the command.
 
 ---
 
@@ -339,7 +348,7 @@ You can confirm that the services are working correctly by viewing data in your
 
 1. Open the [Azure portal](https://portal.azure.com) in your browser and navigate to your storage account.
 
-1. Select **Data Storage** > **Containers** in the left side menu.
+1. Select **Data Storage** > **Containers** in the sidebar menu.
 
 1. Select the container app.
 
@@ -351,9 +360,9 @@ You can confirm that the services are working correctly by viewing data in your
 
 1. Select the **Refresh** button to observe how the data automatically updates.
 
-### View Logs
+### View logs
 
-Logs from container apps are stored in the `ContainerAppConsoleLogs_CL` custom table in the Log Analytics workspace. You can view logs through the Azure portal or via the CLI. There may be a small delay initially for the table to appear in the workspace.
+Logs from container apps are stored in the `ContainerAppConsoleLogs_CL` custom table in the Log Analytics workspace. You can view logs through the Azure portal or via the CLI. There might be a small delay initially for the table to appear in the workspace.
 
 View logs using the command line using the following CLI command.
 
@@ -371,10 +380,9 @@ az monitor log-analytics query \
 # [PowerShell](#tab/powershell)
 
 ```azurepowershell
+$queryResults = Invoke-AzOperationalInsightsQuery -WorkspaceId $WorkspaceId -Query "ContainerAppConsoleLogs_CL | where ContainerAppName_s == 'nodeapp' and (Log_s contains 'persisted' or Log_s contains 'order') | project ContainerAppName_s, Log_s, TimeGenerated | take 5 "
 
-$queryResults = Invoke-AzOperationalInsightsQuery -WorkspaceId $WorkspaceId  -Query "ContainerAppConsoleLogs_CL | where ContainerAppName_s == 'nodeapp' and (Log_s contains 'persisted' or Log_s contains 'order') | project ContainerAppName_s, Log_s, TimeGenerated | take 5 "
 $queryResults.Results
-
 ```
 
 ---
@@ -393,12 +401,12 @@ nodeapp               Got a new order! Order ID: 63    PrimaryResult  2021-10-22
 
 ## Clean up resources
 
-Since `pythonapp` continuously makes calls to `nodeapp` with messages that get persisted into your configured state store, it is important to complete these cleanup steps to avoid ongoing billable operations.
+Since `pythonapp` continuously makes calls to `nodeapp` with messages that get persisted into your configured state store, it's important to complete these cleanup steps to avoid ongoing billable operations.
 
 If you'd like to delete the resources created as a part of this walkthrough, run the following command.
 
 > [!CAUTION]
-> This command deletes the specified resource group and all resources contained within it. If resources outside the scope of this tutorial exist in the specified resource group, they will also be deleted.
+> This command deletes the specified resource group and all resources contained within it. If resources outside the scope of this tutorial exist in the specified resource group, they're also deleted.
 
 # [Bash](#tab/bash)
 
@@ -414,11 +422,10 @@ Remove-AzResourceGroup -Name $ResourceGroupName -Force
 
 ---
 
-
 > [!TIP]
 > Having issues? Let us know on GitHub by opening an issue in the [Azure Container Apps repo](https://github.com/microsoft/azure-container-apps).
 
-## Next steps
+## Next step
 
 > [!div class="nextstepaction"]
-> [Learn more about Dapr components in Azure Container Apps](dapr-components.md)
+> [Learn about Dapr components in Azure Container Apps](dapr-components.md)
@@ -6,6 +6,7 @@ ms.author: karenguo
 ms.topic: conceptual
 ms.date: 09/12/2025
 ms.service: azure
+ms.subservice: azure-firmware-analysis
 ---
 
 # How to Use Service Principals to Automate Workflows in firmware analysis
 
@@ -7,6 +7,7 @@ ms.topic: conceptual
 ms.custom: devx-track-azurecli, devx-track-azurepowershell
 ms.date: 09/12/2025
 ms.service: azure
+ms.subservice: azure-firmware-analysis
 ---
 
 # Frequently asked questions about firmware analysis 
 
@@ -6,6 +6,7 @@ ms.author: karenguo
 ms.topic: conceptual
 ms.date: 09/12/2025
 ms.service: azure
+ms.subservice: azure-firmware-analysis
 ---
 
 # Overview of Azure Role-Based Access Control for firmware analysis