Merge branch 'MicrosoftDocs:main' into nzthiagopatch1

Author: nzthiago

.openpublishing.redirection.json

@@ -1,5 +1,9 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/web-application-firewall/ag/web-application-firewall-troubleshoot.md",
+      "redirect_url": "/troubleshoot/azure/web-application-firewall/web-application-firewall-troubleshoot",
+    },
     {
       "source_path": "articles/healthcare-apis/iot/concepts-machine-learning.md",
       "redirect_url": "/previous-versions/azure/healthcare-apis/iot/concepts-machine-learning",

articles/azure-netapp-files/advanced-ransomware-protection.md

@@ -11,7 +11,7 @@ ms.custom: references_regions
 # Customer intent: "As a data engineer, I want to understand the advanced ransomware protection features of Azure NetApp Files, so that I can safeguard the cloud file data against ransomware attacks."
 ---
 
-# Understand Azure NetApp Files advanced ransomware protection (preview)
+# Understand Azure NetApp Files advanced ransomware protection
 
 Advanced ransomware protection (ARP) in Azure NetApp Files is a built-in capability that helps safeguard your cloud file data against ransomware attacks. It uses intelligent, AI-driven monitoring to detect unusual file activity in real time and automatically creates a secure snapshot of your data when a potential ransomware threat is detected. This approach provides an extra line of defense at the storage layer – preserving clean recovery points and minimizing data loss if ransomware encrypts your files, without requiring any external appliances or software.
 

articles/azure-netapp-files/azure-netapp-files-create-volumes-smb.md

@@ -87,10 +87,10 @@ Before creating an SMB volume, you need to create an Active Directory connection
     * **Availability Zone**   
         This option lets you deploy the new volume in the logical availability zone that you specify. Select an availability zone where Azure NetApp Files resources are present. For details, see [Manage availability zone volume placement](manage-availability-zone-volume-placement.md).
 
-    * **Encryption key source** 
+    * **Encryption key source**  
         Select Microsoft Managed Key or Customer Managed Key.  See [Configure customer-managed keys for Azure NetApp Files volume encryption](configure-customer-managed-keys.md) and [Azure NetApp Files double encryption at rest](double-encryption-at-rest.md) to learn more about this field. 
 
-    * **Advanced Ransomware Protection**
+    * **Advanced Ransomware Protection**  
         Select **Enabled** to configure ransomware threat detection alerts for your volumes. For more information, see [Configure advanced ransomware protection](ransomware-configure.md). 
 
     * If you want to apply an existing snapshot policy to the volume, select **Show advanced section** to expand it, specify whether you want to hide the snapshot path, and select a snapshot policy in the pull-down menu. 

articles/azure-netapp-files/azure-netapp-files-create-volumes.md

@@ -106,10 +106,10 @@ This article shows you how to create an NFS volume. For SMB volumes, see [Create
     * **Availability zone**   
         This option lets you deploy the new volume in the logical availability zone that you specify. Select an availability zone where Azure NetApp Files resources are present. For details, see [Manage availability zone volume placement](manage-availability-zone-volume-placement.md).
 
-    * **Encryption key source** 
+    * **Encryption key source**  
         You can select Microsoft Managed Key or Customer Managed Key. See [Configure customer-managed keys for Azure NetApp Files volume encryption](configure-customer-managed-keys.md) and [Azure NetApp Files double encryption at rest](double-encryption-at-rest.md) about using this field. 
 
-    * **Advanced Ransomware Protection**
+    * **Advanced Ransomware Protection**  
         Select **Enabled** to configure ransomware threat detection alerts for your volumes. For more information, see [Configure advanced ransomware protection](ransomware-configure.md). 
 
     * If you want to apply an existing snapshot policy to the volume, select **Show advanced section** to expand it, specify whether you want to hide the snapshot path, and select a snapshot policy in the pull-down menu. 

articles/azure-netapp-files/azure-netapp-files-introduction.md

@@ -93,7 +93,7 @@ Azure NetApp Files provides built-in data management and security capabilities t
 | Azure platform integration and compliance certifications | Compliance with regulatory requirements and Azure platform integration. | Adheres to Azure standards and regulatory compliance and ensures audit and governance completion.
 | Azure Identity & Access Management (IAM) | Azure role-based access control (RBAC) allows you to manage permissions for resources at any level. | Simplifies access management and improves compliance with Azure-native RBAC, empowering you to easily control user access to configuration management.
 | AD/LDAP authentication, export policies, and access control lists (ACLs) | Authenticate and authorize access to data by using existing AD/LDAP credentials and allow for the creation of export policies and ACLs to govern data access and usage. | Prevents data breaches and ensures compliance with data security regulations, with enhanced granular control over access to data volumes, directories, and files. |
-| Built-in ransomware protection | Azure NetApp Files advanced ransomware protection can be enabled at the volume level, using machine learning to observe deviations in your volume behaviors that resemble ransomware attacks. | Ransomware protection enables you to stay vigilant and attuned to aberrations in your workloads, improving the resiliency of your applications with alerts customized to the specific patterns of your volumes. | 
+| Ransomware protection | Azure NetApp Files advanced ransomware protection can be enabled at the volume level, using machine learning to observe deviations in your volume behaviors that resemble ransomware attacks. | Ransomware protection enables you to stay vigilant and attuned to aberrations in your workloads, improving the resiliency of your applications with alerts customized to the specific patterns of your volumes. | 
 
 These features work together to provide a comprehensive data management solution that helps to ensure that your data is always available, recoverable, and secure.
 

articles/azure-netapp-files/create-volumes-dual-protocol.md

@@ -114,13 +114,12 @@ To create NFS volumes, see [Create an NFS volume](azure-netapp-files-create-volu
     * **Availability zone**   
         This option lets you deploy the new volume in the logical availability zone that you specify. Select an availability zone where Azure NetApp Files resources are present. For details, see [Manage availability zone volume placement](manage-availability-zone-volume-placement.md).
 
-    * **Encryption key source** 
+    * **Encryption key source**     
         You can select `Microsoft Managed Key` or `Customer Managed Key`. See [Configure customer-managed keys for Azure NetApp Files volume encryption](configure-customer-managed-keys.md) and [Azure NetApp Files double encryption at rest](double-encryption-at-rest.md) about using this field. 
 
-    * **Advanced Ransomware Protection**
+    * **Advanced Ransomware Protection**   
         Select **Enabled** to configure ransomware threat detection alerts for your volumes. For more information, see [Configure advanced ransomware protection](ransomware-configure.md). 
 
-
     * If you want to apply an existing snapshot policy to the volume, select **Show advanced section** to expand it, specify whether you want to hide the snapshot path, and select a snapshot policy in the pull-down menu. 
 
         For information about creating a snapshot policy, see [Manage snapshot policies](snapshots-manage-policy.md).

articles/azure-netapp-files/ransomware-configure.md

@@ -8,47 +8,43 @@ ms.topic: how-to
 ms.date: 03/05/2026
 ms.author: anfdocs
 ---
-# Configure advanced ransomware protection for Azure NetApp Files volumes (preview)
+# Configure advanced ransomware protection for Azure NetApp Files volumes 
 
 Ransomware attacks pose a huge threat to the integrity and reliability of data. Azure NetApp Files' advanced ransomware protection adds a line of defense at the storage level for your data. Advanced ransomware protection uses machine learning to develop a profile of your volumes, alerting you of perceived threats. Advanced ransomware protection is available to Azure NetApp Files at no additional cost. 
 
-Advanced ransomware protection builds its profile based on three inputs: 
+Advanced ransomware protection builds its profile based on many inputs, including but not limited to: 
 
 * File extension types in the volume
 * Data entropy patterns in the volume
-* I/OPS patterns in the volume
+* IOPS patterns in the volume
 
-With this data, advanced ransomware protection monitors your volumes for patterns and extension types that deviate from observed pattern, marking them as ransomware threats. Advanced ransomware protection builds a profile from machine learning and continues to refine its understanding of your workloads based on usage patterns. Advanced ransomware protection hones this profile based on your inputs, learning as you respond to threats.
+With this data, advanced ransomware protection monitors your volumes for patterns and extension types that deviate from observed patterns, marking them as ransomware threats. Advanced ransomware protection builds a profile from machine learning and continues to refine its understanding of your workloads based on usage patterns. Advanced ransomware protection hones this profile based on your inputs, learning as you respond to threats.
 
 Advanced ransomware protection's alert mechanisms enable you to stay vigilant in preventing ransomware attacks on your data and maintaining the resiliency of your workload. If a threat is detected, Azure NetApp Files creates a point-in-time snapshot of the volume. You can then evaluate the threat and, if necessary, restore the volume based on the snapshot, ensuring the continuity and safety of your data.  
 
-## Register the feature 
+## Considerations 
 
-Advanced ransomware protection is currently in preview. You must register the feature before using it for the first time. 
+* Attack reports are retained for 30 days.  
+* Ransomware threat notifications are sent in the Azure Activity log.  
+* It’s recommended that you enable no more than 10 volumes per Azure subscription with advanced ransomware protection to mitigate performance issues. If you want to enable more than 10 volumes per Azure subscription, raise an Azure support request. For more information, see [Request limit increase](azure-netapp-files-resource-limits.md#request-limit-increase).
+* It's recommended you increase QoS capacity by 5 to 10 percent due to potential performance impacts of advanced ransomware protection. The scale of the impact can vary based on the configurations across your Azure NetApp Files deployment.  
+* Azure NetApp Files advanced ransomware protection is suited for the following workloads:
+    * Images and video
+    * Windows or Linux home directories   
+    You can create files with extensions that weren't detected in the learning period. This increases the possibility of false positives in this workload. Examples of this are extensions involving health care records and Electronic Design Automation (EDA) data.
+* Azure NetApp Files advanced ransomware protection is not suited for the following workloads:
+    * Test/Development workloads – these have a high frequency of file create/delete (hundreds of thousands of files in few seconds)
+    * Threat detection recognizes an unusual surge in file create, rename, or delete activity as ransomware activity.  If a legitimate application displays this type of file activity, it will likely be identified as ransomware activity.
+    * Workloads where the application/host encrypts data.  Advanced ransomware protection analyzes incoming data as encrypted or unencrypted. If the application itself is encrypting the data, then the effectiveness of advanced ransomware protection is reduced. However, it can still detect ransomware based on file activity (delete, overwrite, or create, or create or rename with a new file extension) and file type.
 
-1.  Register the feature:
-
-    ```azurepowershell-interactive
-    Register-AzProviderFeature -ProviderNamespace Microsoft.NetApp -FeatureName ANFAntiRansomware
-    ```
-
-2. Check the status of the feature registration: 
-
-    > [!NOTE]
-    > The **RegistrationState** may be in the `Registering` state for up to 60 minutes before changing to `Registered`. Wait until the status is `Registered` before continuing.
-
-    ```azurepowershell-interactive
-    Get-AzProviderFeature -ProviderNamespace Microsoft.NetApp -FeatureName ANFAntiRansomware
-    ```
-
-You can also use [Azure CLI commands](/cli/azure/feature) `az feature register` and `az feature show` to register the feature and display the registration status. 
 
 ## Enable advanced ransomware protection on a new volume
 
 1. Follow the workflow to create a new [NFS](azure-netapp-files-create-volumes.md), [SMB](azure-netapp-files-create-volumes-smb.md), or [dual-protocol](create-volumes-dual-protocol.md) volume.
 1. In the **Advanced Ransomware Protection** field of the Basics tab, select **Enabled**.
 1. After you create the volume, you can confirm your settings in the volume overview. If you've enabled ransomware protection, the **Advanced Ransomware Protection** shows as enabled. 
 
+
 ## Enable advanced ransomware protection for existing volumes
 
 1. Navigate to the volume for which you want to enable advanced ransomware protection.

articles/azure-resource-manager/management/relocation/relocation-firewall.md

@@ -111,7 +111,7 @@ If you're running classic firewall rules without Firewall policy, migrate to Fir
     - `firewallPolicy.id` with your policy ID.
 
 1. [Create a new firewall policy](/azure/firewall-manager/create-policy-powershell) using the configuration of the source region and reflect changes introduced by the new target region (IP Address Ranges, Public IP, Rule Collections).
-1. If you're using Premium SKU and you want to enable TLS Inspection, update the newly created firewall policy and enable TLS inspection by following [the instructions here](https://techcommunity.microsoft.com/t5/azure-network-security-blog/building-a-poc-for-tls-inspection-in-azure-firewall/ba-p/3676723).
+1. If you're using Premium SKU and you want to enable TLS Inspection, update the newly created firewall policy and enable TLS inspection by following [the instructions here](https://techcommunity.microsoft.com/blog/azurenetworksecurityblog/building-a-poc-for-tls-inspection-in-azure-firewall/3676723).
 1. Review and update the following settings to reflect the changes required for the target region.
 
     - **IP Groups.** To include IP addresses from the target region, if different from the source, *IP Groups* should be reviewed. The IP addresses included in the groups must be modified.

articles/container-apps/authentication-openid.md

@@ -5,7 +5,7 @@ services: container-apps
 author: craigshoemaker
 ms.service: azure-container-apps
 ms.topic: how-to
-ms.date: 10/14/2024
+ms.date: 03/30/2026
 ms.author: cshoe
 ---
 
@@ -15,19 +15,17 @@ This article shows you how to configure Azure Container Apps to use a custom aut
 
 You can configure your app to use one or more OIDC providers. Each must be given a unique alphanumeric name in the configuration, and only one can serve as the default redirect target.
 
-## <a name="openid-register"> </a>Register your application with the identity provider
+## Register your application with the identity provider
 
 Your provider requires you to register the details of your application with it. One of these steps involves specifying a redirect URI. This redirect URI is of the form `<app-url>/.auth/login/<provider-name>/callback`. Each identity provider should provide more instructions on how to complete these steps.
 
 > [!NOTE]
-> Some providers may require additional steps for their configuration and how to use the values they provide. For example, Apple provides a private key which is not itself used as the OIDC client secret, and you instead must use it craft a JWT which is treated as the secret you provide in your app config (see the "Creating the Client Secret" section of the [Sign in with Apple documentation](https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens))
->
+> Some providers require further steps for their configuration and different guidance on how to use the values they provide. For example, Apple provides a private key, which isn't used as the OIDC client secret. Instead, you must use it to craft a JSON Web Token (JWT), which is treated as the secret you provide in your app config. For more information, see the "Creating the Client Secret" section of the [Sign in with Apple documentation](https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens).
 
 You need to collect a **client ID** and **client secret** for your application.
 
 > [!IMPORTANT]
-> The client secret is a critical security credential. Do not share this secret with anyone or distribute it within a client application.
->
+> The client secret is a critical security credential. Don't share this secret with anyone or distribute it within a client application.
 
 Additionally, you need the OpenID Connect metadata for the provider. This information is often exposed via a [configuration metadata document](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig), which is the provider's Issuer URL suffixed with `/.well-known/openid-configuration`. Make sure to gather this configuration URL.
 
@@ -38,7 +36,7 @@ If you're unable to use a configuration metadata document, you need to gather th
 - The [OAuth 2.0 Token endpoint](https://tools.ietf.org/html/rfc6749#section-3.2) (sometimes shown as `token_endpoint`)
 - The URL of the [OAuth 2.0 JSON Web Key Set](https://tools.ietf.org/html/rfc8414#section-2) document (sometimes shown as `jwks_uri`)
 
-## <a name="openid-configure"> </a>Add provider information to your application
+## Add provider information to your application
 
 1. Sign in to the [Azure portal] and navigate to your app.
 
@@ -60,8 +58,8 @@ If you're unable to use a configuration metadata document, you need to gather th
 
 Use the following guides for details on working with authenticated users.
 
-* [Customize sign-in and sign-out](authentication.md#customize-sign-in-and-sign-out)
-* [Access user claims in application code](authentication.md#access-user-claims-in-application-code)
+- [Customize sign-in and sign out](authentication.md#customize-sign-in-and-sign-out)
+- [Access user claims in application code](authentication.md#access-user-claims-in-application-code)
 
 ## Next steps