Merge pull request #304471 from MicrosoftDocs/main

Auto Publish – main to live - 2025-08-20 17:00 UTC

Author: learn-build-service-prod[bot]

articles/api-management/azure-openai-token-limit-policy.md

@@ -9,7 +9,7 @@ ms.collection: ce-skilling-ai-copilot
 ms.custom:
   - build-2024
 ms.topic: reference
-ms.date: 02/18/2025
+ms.date: 08/14/2025
 ms.update-cycle: 180-days
 ms.author: danlep
 ---
@@ -54,8 +54,8 @@ By relying on token usage metrics returned from the OpenAI endpoint, the policy
 | estimate-prompt-tokens | Boolean value that determines whether to estimate the number of tokens required for a prompt: <br> - `true`: estimate the number of tokens based on prompt schema in API; may reduce performance. <br> - `false`: don't estimate prompt tokens. <br><br>When set to `false`, the remaining tokens per `counter-key` are calculated using the actual token usage from the response of the model. This could result in prompts being sent to the model that exceed the token limit. In such case, this will be detected in the response, and all succeeding requests will be blocked by the policy until the token limit frees up again.  | Yes       | N/A     |
 | retry-after-header-name    | The name of a custom response header whose value is the recommended retry interval in seconds after the specified `tokens-per-minute` or `token-quota` is exceeded. Policy expressions aren't allowed. |  No | `Retry-After`  |
 | retry-after-variable-name    | The name of a variable that stores the recommended retry interval in seconds after the specified `tokens-per-minute` or `token-quota` is exceeded. Policy expressions aren't allowed. |  No | N/A  |
-| remaining-quota-tokens-header-name | The name of a response header whose value after each policy execution is the number of remaining tokens corresponding to `token-quota` allowed for the `token-quota-period`. Policy expressions aren't allowed. | No | N/A |
-| remaining-quota-tokens-variable-name | The name of a variable that after each policy execution stores the number of remaining tokens corresponding to `token-quota` allowed for the `token-quota-period`. Policy expressions aren't allowed.	 | No | N/A |
+| remaining-quota-tokens-header-name | The name of a response header whose value after each policy execution is the estimated number of remaining tokens corresponding to `token-quota` allowed for the `token-quota-period`. Policy expressions aren't allowed. | No | N/A |
+| remaining-quota-tokens-variable-name | The name of a variable that after each policy execution stores the estimated number of remaining tokens corresponding to `token-quota` allowed for the `token-quota-period`. Policy expressions aren't allowed.	 | No | N/A |
 | remaining-tokens-header-name    | The name of a response header whose value after each policy execution is the number of remaining tokens corresponding to `tokens-per-minute` allowed for the time interval. Policy expressions aren't allowed.|  No | N/A  |
 | remaining-tokens-variable-name    | The name of a variable that after each policy execution stores the number of remaining tokens corresponding to `tokens-per-minute` allowed for the time interval. Policy expressions aren't allowed.|  No | N/A  |
 | tokens-consumed-header-name    | The name of a response header whose value is the number of tokens consumed by both prompt and completion. The header is added to response only after the response is received from backend. Policy expressions aren't allowed.|  No | N/A  |
@@ -73,6 +73,7 @@ By relying on token usage metrics returned from the OpenAI endpoint, the policy
 * This policy can optionally be configured when adding an API from the Azure OpenAI using the portal.
 * Where available when `estimate-prompt-tokens` is set to `false`, values in the usage section of the response from the Azure OpenAI API are used to determine token usage.
 * Certain Azure OpenAI endpoints support streaming of responses. When `stream` is set to `true` in the API request to enable streaming, prompt tokens are always estimated, regardless of the value of the `estimate-prompt-tokens` attribute. Completion tokens are also estimated when responses are streamed.
+* The value of `remaining-quota-tokens-variable-name` or `remaining-quota-tokens-header-name` is an estimate for informational purposes but could be larger than expected based on actual token consumption. The value is more accurate as the quota is approached.
 * For models that accept image input, image tokens are generally counted by the backend language model and included in limit and quota calculations. However, when streaming is used or `estimate-prompt-tokens` is set to `true`, the policy currently over-counts each image as a maximum count of 1200 tokens.
 * [!INCLUDE [api-management-rate-limit-key-scope](../../includes/api-management-rate-limit-key-scope.md)]
 * [!INCLUDE [api-management-token-limit-gateway-counts](../../includes/api-management-token-limit-gateway-counts.md)]

articles/api-management/llm-token-limit-policy.md

@@ -8,7 +8,7 @@ ms.service: azure-api-management
 ms.collection: ce-skilling-ai-copilot
 ms.custom:
 ms.topic: reference
-ms.date: 02/18/2025
+ms.date: 08/14/2025
 ms.update-cycle: 180-days
 ms.author: danlep
 ---
@@ -53,8 +53,8 @@ By relying on token usage metrics returned from the LLM endpoint, the policy can
 | estimate-prompt-tokens | Boolean value that determines whether to estimate the number of tokens required for a prompt: <br> - `true`: estimate the number of tokens based on prompt schema in API; may reduce performance. <br> - `false`: don't estimate prompt tokens. <br><br>When set to `false`, the remaining tokens per `counter-key` are calculated using the actual token usage from the response of the model. This could result in prompts being sent to the model that exceed the token limit. In such case, this will be detected in the response, and all succeeding requests will be blocked by the policy until the token limit frees up again.  | Yes       | N/A     |
 | retry-after-header-name    | The name of a custom response header whose value is the recommended retry interval in seconds after the specified `tokens-per-minute` or `token-quota` is exceeded. Policy expressions aren't allowed. |  No | `Retry-After`  |
 | retry-after-variable-name    | The name of a variable that stores the recommended retry interval in seconds after the specified `tokens-per-minute` or `token-quota` is exceeded. Policy expressions aren't allowed. |  No | N/A  |
-| remaining-quota-tokens-header-name | The name of a response header whose value after each policy execution is the number of remaining tokens corresponding to `token-quota` allowed for the `token-quota-period`. Policy expressions aren't allowed. | No | N/A |
-| remaining-quota-tokens-variable-name | The name of a variable that after each policy execution stores the number of remaining tokens corresponding to `token-quota` allowed for the `token-quota-period`. Policy expressions aren't allowed.	 | No | N/A |
+| remaining-quota-tokens-header-name | The name of a response header whose value after each policy execution is the estimated number of remaining tokens corresponding to `token-quota` allowed for the `token-quota-period`. Policy expressions aren't allowed. | No | N/A |
+| remaining-quota-tokens-variable-name | The name of a variable that after each policy execution stores the estimated number of remaining tokens corresponding to `token-quota` allowed for the `token-quota-period`. Policy expressions aren't allowed.	 | No | N/A |
 | remaining-tokens-header-name    | The name of a response header whose value after each policy execution is the number of remaining tokens corresponding to `tokens-per-minute` allowed for the time interval. Policy expressions aren't allowed.|  No | N/A  |
 | remaining-tokens-variable-name    | The name of a variable that after each policy execution stores the number of remaining tokens corresponding to `tokens-per-minute` allowed for the time interval. Policy expressions aren't allowed.|  No | N/A  |
 | tokens-consumed-header-name    | The name of a response header whose value is the number of tokens consumed by both prompt and completion. The header is added to response only after the response is received from backend. Policy expressions aren't allowed.|  No | N/A  |
@@ -71,6 +71,7 @@ By relying on token usage metrics returned from the LLM endpoint, the policy can
 * This policy can be used multiple times per policy definition.
 * Where available when `estimate-prompt-tokens` is set to `false`, values in the usage section of the response from the LLM API are used to determine token usage.
 * Certain LLM endpoints support streaming of responses. When `stream` is set to `true` in the API request to enable streaming, prompt tokens are always estimated, regardless of the value of the `estimate-prompt-tokens` attribute.
+* The value of `remaining-quota-tokens-variable-name` or `remaining-quota-tokens-header-name` is an estimate for informational purposes but could be larger than expected based on actual token consumption. The value is more accurate as the quota is approached.
 * For models that accept image input, image tokens are generally counted by the backend language model and included in limit and quota calculations. However, when streaming is used or `estimate-prompt-tokens` is set to `true`, the policy currently over-counts each image as a maximum count of 1200 tokens.
 * [!INCLUDE [api-management-rate-limit-key-scope](../../includes/api-management-rate-limit-key-scope.md)]
 * [!INCLUDE [api-management-token-limit-gateway-counts](../../includes/api-management-token-limit-gateway-counts.md)]

articles/application-gateway/application-gateway-faq.yml

@@ -121,12 +121,6 @@ sections:
           
           Most deployments that use the v2 SKU take around 6 minutes to provision. However, the process can take longer depending on the type of deployment. For example, deployments across multiple availability zones with many instances can take more than 6 minutes. 
           
-      - question: How does Application Gateway handle routine maintenance?
-        answer: |
-          Updates initiated to Application Gateway are applied one [update domain](/azure/virtual-machines/availability-set-overview#how-do-availability-sets-work) at a time. As each update domain's instances are being updated, the remaining instances in other update domains continue to serve traffic<sup>1</sup>. Active connections are gracefully drained from the instances being updated for up to 5 minutes to help establish connectivity to instances in a different update domain before the update begins. During update, Application Gateway temporarily runs at reduced maximum capacity, which is determined by the number of instances configured. The update process proceeds to the next set of instances only if the current set of instances were upgraded successfully.
-          
-          <sup>1</sup> We recommend a minimum instance count of 2 to be configured for Application Gateway v1 SKU deployments to ensure at least one instance can serve traffic while updates are applied.
-          
       - question: Can I use Exchange Server as a backend with Application Gateway?
         answer: |
           Application Gateway supports [TLS/TCP protocol proxy](tcp-tls-proxy-overview.md) through its Layer 4 proxy in **Preview**.
@@ -186,6 +180,16 @@ sections:
       - question: Can I change instance size from medium to large without disruption?
         answer: Yes.
 
+  - name: Maintenance
+    questions:
+      - question: How does Application Gateway handle routine maintenance?
+        answer: |
+          Updates initiated to Application Gateway are applied one [update domain](/azure/virtual-machines/availability-set-overview#how-do-availability-sets-work) at a time. As each update domain's instances are being updated, the remaining instances in other update domains continue to serve traffic. Active connections are gracefully drained from the instances being updated for up to 5 minutes to help establish connectivity to instances in a different update domain before the update begins. The update process proceeds to the next set of instances only if the current set of instances were upgraded successfully. 
+          
+          Azure Application Gateway also supports MaxSurge ([Rolling Upgrades with MaxSurge](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-maxsurge)), a capability within Azure Virtual Machine Scale Sets (VMSS) that enables new instances to be provisioned during rolling upgrades without taking existing ones offline. By integrating MaxSurge into the upgrade process, customers can transition to newer gateway versions without any capacity degradation. MaxSurge is automatically enabled on Application Gateway and requires no configuration. 
+          
+          **Note:** Additional IP space is required to provision the temporary instances used by MaxSurge. If sufficient IP space is not available during an update, Application Gateway will fall back to the traditional upgrade method, which may result in reduced maximum capacity based on the number of instances. 
+  
   - name: Configuration
     questions:
       - question: Is Application Gateway always deployed in a virtual network?

articles/azure-app-configuration/concept-app-configuration-event.md

@@ -6,7 +6,7 @@ author: jimmyca
 ms.custom: devdivchpfy22
 ms.author: jimmyca
 ms.date: 08/30/2022
-ms.topic: article
+ms.topic: concept-article
 ms.service: azure-app-configuration
 
 ---

articles/azure-app-configuration/concept-customer-managed-keys.md

@@ -5,7 +5,7 @@ author: maud-lv
 ms.author: malev
 ms.date: 02/20/2024
 ms.custom: devdivchpfy22, devx-track-azurecli
-ms.topic: conceptual
+ms.topic: concept-article
 ms.service: azure-app-configuration
 ---
 # Use customer-managed keys to encrypt your App Configuration data

articles/azure-app-configuration/concept-disaster-recovery.md

@@ -4,7 +4,7 @@ description: Learn how to implement resiliency and disaster recovery with Azure
 author: avanigupta
 ms.author: avgupta
 ms.service: azure-app-configuration
-ms.topic: conceptual
+ms.topic: concept-article
 ms.date: 02/16/2024
 ---
 

articles/azure-app-configuration/concept-enable-rbac.md

@@ -4,7 +4,7 @@ description: Use Microsoft Entra ID and Azure role-based access control (RBAC) t
 author: zhenlan
 ms.author: zhenlwa
 ms.date: 10/05/2024
-ms.topic: conceptual
+ms.topic: concept-article
 ms.service: azure-app-configuration
 
 ---

articles/azure-app-configuration/concept-experimentation.md

@@ -6,7 +6,7 @@ ms.author: malev
 ms.service: azure-app-configuration
 ms.custom:
   - build-2024
-ms.topic: conceptual
+ms.topic: concept-article
 ms.date: 07/09/2025
 ms.update-cycle: 180-days
 ms.collection: ce-skilling-ai-copilot

articles/azure-app-configuration/concept-feature-management.md

@@ -5,7 +5,7 @@ author: maud-lv
 ms.author: malev
 ms.service: azure-app-configuration
 ms.custom: devdivchpfy22
-ms.topic: conceptual
+ms.topic: concept-article
 ms.date: 03/24/2025
 ---
 

articles/azure-app-configuration/concept-geo-replication.md

@@ -4,7 +4,7 @@ description: Details of the geo-replication feature in Azure App Configuration.
 author: maud-lv
 ms.author: malev
 ms.service: azure-app-configuration
-ms.topic: conceptual
+ms.topic: concept-article
 ms.date: 06/04/2025
 ---