Merge pull request #314705 from MicrosoftDocs/main

Auto Publish – main to live - 2026-04-14 17:00 UTC

Author: learn-build-service-prod[bot]

.openpublishing.redirection.json

@@ -1,5 +1,9 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/web-application-firewall/ag/web-application-firewall-troubleshoot.md",
+      "redirect_url": "/troubleshoot/azure/web-application-firewall/web-application-firewall-troubleshoot",
+    },
     {
       "source_path": "articles/healthcare-apis/iot/concepts-machine-learning.md",
       "redirect_url": "/previous-versions/azure/healthcare-apis/iot/concepts-machine-learning",

articles/azure-netapp-files/advanced-ransomware-protection.md

@@ -11,7 +11,7 @@ ms.custom: references_regions
 # Customer intent: "As a data engineer, I want to understand the advanced ransomware protection features of Azure NetApp Files, so that I can safeguard the cloud file data against ransomware attacks."
 ---
 
-# Understand Azure NetApp Files advanced ransomware protection (preview)
+# Understand Azure NetApp Files advanced ransomware protection
 
 Advanced ransomware protection (ARP) in Azure NetApp Files is a built-in capability that helps safeguard your cloud file data against ransomware attacks. It uses intelligent, AI-driven monitoring to detect unusual file activity in real time and automatically creates a secure snapshot of your data when a potential ransomware threat is detected. This approach provides an extra line of defense at the storage layer – preserving clean recovery points and minimizing data loss if ransomware encrypts your files, without requiring any external appliances or software.
 

articles/azure-netapp-files/azure-netapp-files-create-volumes-smb.md

@@ -87,10 +87,10 @@ Before creating an SMB volume, you need to create an Active Directory connection
     * **Availability Zone**   
         This option lets you deploy the new volume in the logical availability zone that you specify. Select an availability zone where Azure NetApp Files resources are present. For details, see [Manage availability zone volume placement](manage-availability-zone-volume-placement.md).
 
-    * **Encryption key source** 
+    * **Encryption key source**  
         Select Microsoft Managed Key or Customer Managed Key.  See [Configure customer-managed keys for Azure NetApp Files volume encryption](configure-customer-managed-keys.md) and [Azure NetApp Files double encryption at rest](double-encryption-at-rest.md) to learn more about this field. 
 
-    * **Advanced Ransomware Protection**
+    * **Advanced Ransomware Protection**  
         Select **Enabled** to configure ransomware threat detection alerts for your volumes. For more information, see [Configure advanced ransomware protection](ransomware-configure.md). 
 
     * If you want to apply an existing snapshot policy to the volume, select **Show advanced section** to expand it, specify whether you want to hide the snapshot path, and select a snapshot policy in the pull-down menu. 

articles/azure-netapp-files/azure-netapp-files-create-volumes.md

@@ -106,10 +106,10 @@ This article shows you how to create an NFS volume. For SMB volumes, see [Create
     * **Availability zone**   
         This option lets you deploy the new volume in the logical availability zone that you specify. Select an availability zone where Azure NetApp Files resources are present. For details, see [Manage availability zone volume placement](manage-availability-zone-volume-placement.md).
 
-    * **Encryption key source** 
+    * **Encryption key source**  
         You can select Microsoft Managed Key or Customer Managed Key. See [Configure customer-managed keys for Azure NetApp Files volume encryption](configure-customer-managed-keys.md) and [Azure NetApp Files double encryption at rest](double-encryption-at-rest.md) about using this field. 
 
-    * **Advanced Ransomware Protection**
+    * **Advanced Ransomware Protection**  
         Select **Enabled** to configure ransomware threat detection alerts for your volumes. For more information, see [Configure advanced ransomware protection](ransomware-configure.md). 
 
     * If you want to apply an existing snapshot policy to the volume, select **Show advanced section** to expand it, specify whether you want to hide the snapshot path, and select a snapshot policy in the pull-down menu. 

articles/azure-netapp-files/azure-netapp-files-introduction.md

@@ -93,7 +93,7 @@ Azure NetApp Files provides built-in data management and security capabilities t
 | Azure platform integration and compliance certifications | Compliance with regulatory requirements and Azure platform integration. | Adheres to Azure standards and regulatory compliance and ensures audit and governance completion.
 | Azure Identity & Access Management (IAM) | Azure role-based access control (RBAC) allows you to manage permissions for resources at any level. | Simplifies access management and improves compliance with Azure-native RBAC, empowering you to easily control user access to configuration management.
 | AD/LDAP authentication, export policies, and access control lists (ACLs) | Authenticate and authorize access to data by using existing AD/LDAP credentials and allow for the creation of export policies and ACLs to govern data access and usage. | Prevents data breaches and ensures compliance with data security regulations, with enhanced granular control over access to data volumes, directories, and files. |
-| Built-in ransomware protection | Azure NetApp Files advanced ransomware protection can be enabled at the volume level, using machine learning to observe deviations in your volume behaviors that resemble ransomware attacks. | Ransomware protection enables you to stay vigilant and attuned to aberrations in your workloads, improving the resiliency of your applications with alerts customized to the specific patterns of your volumes. | 
+| Ransomware protection | Azure NetApp Files advanced ransomware protection can be enabled at the volume level, using machine learning to observe deviations in your volume behaviors that resemble ransomware attacks. | Ransomware protection enables you to stay vigilant and attuned to aberrations in your workloads, improving the resiliency of your applications with alerts customized to the specific patterns of your volumes. | 
 
 These features work together to provide a comprehensive data management solution that helps to ensure that your data is always available, recoverable, and secure.
 

articles/azure-netapp-files/azure-netapp-files-resource-limits.md

@@ -5,7 +5,7 @@ services: azure-netapp-files
 author: b-hchen
 ms.service: azure-netapp-files
 ms.topic: concept-article
-ms.date: 01/29/2026
+ms.date: 04/14/2026
 ms.author: anfdocs
 # Customer intent: As an IT administrator managing Azure NetApp Files, I want to understand the resource limits and how to request limit increases, so that I can effectively plan and allocate storage resources for my organization’s needs.
 ---
@@ -57,6 +57,7 @@ The following table describes resource limits for the Flexible, Standard, Premiu
 |  Maximum number of volumes supported for cool access per subscription per region |  500  |  Yes  |
 | Maximum number of [short-term clones](create-short-term-clone.md) per volume | 5 | No | 
 | Maximum number of [short-term clones](create-short-term-clone.md) per subscription | 16 | No | 
+| Advanced ransomware protection volumes per subscription | 10 | Yes | 
 
 \* [!INCLUDE [Limitations for capacity pool minimum of 1 TiB](includes/2-tib-capacity-pool.md)]
 

articles/azure-netapp-files/create-volumes-dual-protocol.md

@@ -114,13 +114,12 @@ To create NFS volumes, see [Create an NFS volume](azure-netapp-files-create-volu
     * **Availability zone**   
         This option lets you deploy the new volume in the logical availability zone that you specify. Select an availability zone where Azure NetApp Files resources are present. For details, see [Manage availability zone volume placement](manage-availability-zone-volume-placement.md).
 
-    * **Encryption key source** 
+    * **Encryption key source**     
         You can select `Microsoft Managed Key` or `Customer Managed Key`. See [Configure customer-managed keys for Azure NetApp Files volume encryption](configure-customer-managed-keys.md) and [Azure NetApp Files double encryption at rest](double-encryption-at-rest.md) about using this field. 
 
-    * **Advanced Ransomware Protection**
+    * **Advanced Ransomware Protection**   
         Select **Enabled** to configure ransomware threat detection alerts for your volumes. For more information, see [Configure advanced ransomware protection](ransomware-configure.md). 
 
-
     * If you want to apply an existing snapshot policy to the volume, select **Show advanced section** to expand it, specify whether you want to hide the snapshot path, and select a snapshot policy in the pull-down menu. 
 
         For information about creating a snapshot policy, see [Manage snapshot policies](snapshots-manage-policy.md).

articles/azure-netapp-files/generate-user-group-quota-reports.md

@@ -9,7 +9,7 @@ ms.topic: how-to
 ms.date: 11/11/2025
 # Customer intent: As a cloud storage administrator, I want to generate  user and group quota reports for Azure NetApp Files volumes.
 ---
-# Generate user and group quota reports for a volume (preview)
+# Generate user and group quota reports for a volume
 
 To help with capacity management on volumes shared among multiple users, individual user and group quotas restrict capacity usage on NFS, SMB, and dual-protocol volumes. 
 
@@ -34,32 +34,14 @@ For more information and considerations related to capacity management, see [Und
 * If the quota report is an empty list or the quota report API calls fail on a volume with quota rules, retry generating the quota report after five minutes.
 * If quota rules aren't aligned with 4 KiB, the quota limit is incorrectly reported in the quota report. This happens because the field is always rounded up to the nearest multiple of 4 KiB to match disk space limits, which are translated into 4-KiB chunks. 
 
-## Register  the feature
-
-The feature must be registered on your subscription before using it for the first time. After confirmation by the product team, the feature is enabled on your subscription. 
-
-1. Register the feature:
-
-	```azurepowershell-interactive
-	Register-AzProviderFeature -ProviderNamespace Microsoft.NetApp -FeatureName ANFFetchQuotaReport
-	```
-
-2. Check the status of the feature registration: 
-
-	> [!NOTE]
-	> The **RegistrationState** can remain in the `Registering` state for up to 60 minutes before changing to `Registered`. Wait until the status is **Registered** before continuing.
-
-	```azurepowershell-interactive
-	Get-AzProviderFeature -ProviderNamespace Microsoft.NetApp -FeatureName ANFFetchQuotaReport
-	```
-
-You can also use [Azure CLI commands](/cli/azure/feature) `az feature register` and `az feature show` to register the feature and display the registration status.
-
 ## Generate a quota report for a volume
 
 1. From the Azure portal, select the volume for which you want to generate a quota report.
 2. Navigate to **User and group quotas**. Select the **Quota Report and Management** tab from the actions menu to generate the report. 
 
+	> [!NOTE]
+	> Only the top 1000 quota report records will be downloaded in CSV format. The complete quota report is not available for download.
+
 	![Screenshot that shows the generate quota report and management option.](./media/manage-default-individual-user-group-quotas/generate-quota-reports.png) 
 
 	The quota report is retrieved in the background. Remain on the page  until the quota report has been successfully retrieved. Retrieval takes an average of five seconds, but can take longer. The quota report lists one entry per user. The following fields are available:
@@ -90,17 +72,23 @@ You can also use [Azure CLI commands](/cli/azure/feature) `az feature register`
 
 3. You can apply filters for **Quota Target**, **Quota Type**, and **% Used** to view a specific subset of the quota report.
 
-> [!IMPORTANT]
-> When using the quota target filter, you must first select a quota type value. The quota target is dependent on the quota type and can't be applied independently.
+	> [!IMPORTANT]
+	> When using the quota target filter, you must first select a quota type value. The quota target is dependent on the quota type and can't be applied independently.
+
+	> [!NOTE]
+	> You can add a new quota only for derived quotas. You can only edit non-derived quotas.
 
-> [!NOTE]
-> You can add a new quota only for derived quotas. You can only edit non-derived quotas.
+4. You can edit individual user/group quota rules for a quota target directly from the report. To edit a quota, select `…` at the end of the quota rule row, then select **Edit**.
 
-4. To edit a quota, select `…` at the end of the quota rule row, then select **Edit**.
+	> [!NOTE]
+	> This option is not available for derived quotas or quota targets from default user or default group quota rules.
 
 ![Screenshot that shows the edit option for non-derived quotas.](./media/manage-default-individual-user-group-quotas/edit-report-quota.png) 
 
-5. To add a new quota for the default user and group quota, select `…` at the end of the quota rule row then **Add**.
+5. You can add individual user/group quota rules from derived quotes in the report. To add a new quota for the default user and group quota, select `…` at the end of the quota rule row then **Add**.
+
+	> [!NOTE]
+	> This option is only available for derived quotas or quota targets that are subject to a default user or default group quota rule.
 
 ![Screenshot that shows the add option for derived quotas.](./media/manage-default-individual-user-group-quotas/add-derived-quota.png) 
 

articles/azure-netapp-files/media/manage-default-individual-user-group-quotas/generate-quota-reports.png

@@ -8,47 +8,43 @@ ms.topic: how-to
 ms.date: 03/05/2026
 ms.author: anfdocs
 ---
-# Configure advanced ransomware protection for Azure NetApp Files volumes (preview)
+# Configure advanced ransomware protection for Azure NetApp Files volumes 
 
 Ransomware attacks pose a huge threat to the integrity and reliability of data. Azure NetApp Files' advanced ransomware protection adds a line of defense at the storage level for your data. Advanced ransomware protection uses machine learning to develop a profile of your volumes, alerting you of perceived threats. Advanced ransomware protection is available to Azure NetApp Files at no additional cost. 
 
-Advanced ransomware protection builds its profile based on three inputs: 
+Advanced ransomware protection builds its profile based on many inputs, including but not limited to: 
 
 * File extension types in the volume
 * Data entropy patterns in the volume
-* I/OPS patterns in the volume
+* IOPS patterns in the volume
 
-With this data, advanced ransomware protection monitors your volumes for patterns and extension types that deviate from observed pattern, marking them as ransomware threats. Advanced ransomware protection builds a profile from machine learning and continues to refine its understanding of your workloads based on usage patterns. Advanced ransomware protection hones this profile based on your inputs, learning as you respond to threats.
+With this data, advanced ransomware protection monitors your volumes for patterns and extension types that deviate from observed patterns, marking them as ransomware threats. Advanced ransomware protection builds a profile from machine learning and continues to refine its understanding of your workloads based on usage patterns. Advanced ransomware protection hones this profile based on your inputs, learning as you respond to threats.
 
 Advanced ransomware protection's alert mechanisms enable you to stay vigilant in preventing ransomware attacks on your data and maintaining the resiliency of your workload. If a threat is detected, Azure NetApp Files creates a point-in-time snapshot of the volume. You can then evaluate the threat and, if necessary, restore the volume based on the snapshot, ensuring the continuity and safety of your data.  
 
-## Register the feature 
+## Considerations 
 
-Advanced ransomware protection is currently in preview. You must register the feature before using it for the first time. 
+* Attack reports are retained for 30 days.  
+* Ransomware threat notifications are sent in the Azure Activity log.  
+* It’s recommended that you enable no more than 10 volumes per Azure subscription with advanced ransomware protection to mitigate performance issues. If you want to enable more than 10 volumes per Azure subscription, raise an Azure support request. For more information, see [Request limit increase](azure-netapp-files-resource-limits.md#request-limit-increase).
+* It's recommended you increase QoS capacity by 5 to 10 percent due to potential performance impacts of advanced ransomware protection. The scale of the impact can vary based on the configurations across your Azure NetApp Files deployment.  
+* Azure NetApp Files advanced ransomware protection is suited for the following workloads:
+    * Images and video
+    * Windows or Linux home directories   
+    You can create files with extensions that weren't detected in the learning period. This increases the possibility of false positives in this workload. Examples of this are extensions involving health care records and Electronic Design Automation (EDA) data.
+* Azure NetApp Files advanced ransomware protection is not suited for the following workloads:
+    * Test/Development workloads – these have a high frequency of file create/delete (hundreds of thousands of files in few seconds)
+    * Threat detection recognizes an unusual surge in file create, rename, or delete activity as ransomware activity.  If a legitimate application displays this type of file activity, it will likely be identified as ransomware activity.
+    * Workloads where the application/host encrypts data.  Advanced ransomware protection analyzes incoming data as encrypted or unencrypted. If the application itself is encrypting the data, then the effectiveness of advanced ransomware protection is reduced. However, it can still detect ransomware based on file activity (delete, overwrite, or create, or create or rename with a new file extension) and file type.
 
-1.  Register the feature:
-
-    ```azurepowershell-interactive
-    Register-AzProviderFeature -ProviderNamespace Microsoft.NetApp -FeatureName ANFAntiRansomware
-    ```
-
-2. Check the status of the feature registration: 
-
-    > [!NOTE]
-    > The **RegistrationState** may be in the `Registering` state for up to 60 minutes before changing to `Registered`. Wait until the status is `Registered` before continuing.
-
-    ```azurepowershell-interactive
-    Get-AzProviderFeature -ProviderNamespace Microsoft.NetApp -FeatureName ANFAntiRansomware
-    ```
-
-You can also use [Azure CLI commands](/cli/azure/feature) `az feature register` and `az feature show` to register the feature and display the registration status. 
 
 ## Enable advanced ransomware protection on a new volume
 
 1. Follow the workflow to create a new [NFS](azure-netapp-files-create-volumes.md), [SMB](azure-netapp-files-create-volumes-smb.md), or [dual-protocol](create-volumes-dual-protocol.md) volume.
 1. In the **Advanced Ransomware Protection** field of the Basics tab, select **Enabled**.
 1. After you create the volume, you can confirm your settings in the volume overview. If you've enabled ransomware protection, the **Advanced Ransomware Protection** shows as enabled. 
 
+
 ## Enable advanced ransomware protection for existing volumes
 
 1. Navigate to the volume for which you want to enable advanced ransomware protection.