Merge pull request #304322 from MicrosoftDocs/main

Auto Publish – main to live - 2025-08-18 17:00 UTC

Author: learn-build-service-prod[bot]

articles/application-gateway/secure-application-gateway.md

@@ -6,7 +6,7 @@ ms.author: mbender
 ms.service: azure-application-gateway
 ms.topic: concept-article
 ms.custom: security
-ms.date: 07/29/2025
+ms.date: 08/15/2025
 ai-usage: ai-assisted
 ---
 
@@ -54,7 +54,7 @@ Proper authentication and authorization controls ensure only authorized users an
 
 Data protection for Application Gateway focuses on securing data in transit and managing certificates and secrets properly.
 
-* **Enable TLS encryption**: Configure TLS termination to encrypt data in transit between clients and your Application Gateway. Use TLS v1.2 or later and disable legacy versions like SSL 3.0 and TLS v1.0 to protect against known vulnerabilities. For more information, see [Overview of TLS termination and end to end TLS with Application Gateway](./ssl-overview.md).
+* **Enable TLS encryption**: Configure TLS termination to encrypt data in transit between clients and your Application Gateway. Ensure you are using the latest version to protect against known vulnerabilities. For more information, see [Overview of TLS termination and end to end TLS with Application Gateway](./ssl-overview.md).
 
 * **Store certificates in Azure Key Vault**: Use Azure Key Vault to securely store and manage your TLS certificates instead of embedding them in configuration files. This enables automatic certificate rotation and centralized management of secrets. For more information, see [TLS termination with Key Vault certificates](./key-vault-certs.md).
 
@@ -90,4 +90,4 @@ Asset management ensures your Application Gateway configurations are properly mo
 
 - Learn more about [Azure security architecture and design](/azure/well-architected/security/)
 - Review [Security in the Microsoft Cloud Adoption Framework](/azure/cloud-adoption-framework/secure/overview)
-- Explore [Web Application Firewall on Azure Application Gateway](/azure/web-application-firewall/ag/ag-overview)
+- Explore [Web Application Firewall on Azure Application Gateway](/azure/web-application-firewall/ag/ag-overview)

articles/application-gateway/toc.yml

@@ -80,8 +80,6 @@
       href: understanding-pricing.md
 - name: Security
   items:
-    - name: Security baseline
-      href: /security/benchmark/azure/baselines/application-gateway-security-baseline?toc=/azure/application-gateway/toc.json
     - name: Secure your Application Gateway
       href: secure-application-gateway.md
     - name: Private Deployment
@@ -102,6 +100,8 @@
       href: ssl-certificate-management.md
     - name: TLS 1.0 and 1.1 retirement
       href: application-gateway-tls-version-retirement.md
+    - name: Security baseline
+      href: /security/benchmark/azure/baselines/application-gateway-security-baseline?toc=/azure/application-gateway/toc.json
     - name: Network security blog
       href: https://techcommunity.microsoft.com/category/azure-network-security/blog/azurenetworksecurityblog
 - name: Reliability

articles/azure-resource-manager/management/overview.md

@@ -137,6 +137,11 @@ Resource Manager is designed for resiliency and continuous availability. Resourc
 
 This resiliency applies to services that receive requests through Resource Manager. Azure Key Vault is one service that benefits from this consistency.
 
+
+Using the global endpoint `management.azure.com` is recommended for Azure Resource Manager routing because it enables DNS-based traffic distribution, automatic failover, and optimal routing to the closest or healthiest region, which improves latency and reliability for users worldwide.
+Global endpoints typically result in faster response times, as users are directed to the nearest available region, reducing network hops and delays.
+
+
 ## Resolve concurrent operations
 
 Concurrent resource updates can cause unexpected results. When two or more operations try to update the same resource at the same time, Resource Manager detects the conflict, allows only one operation to complete successfully, blocks the other operations, and returns an error. This resolution ensures that your updates are conclusive and reliable; you know the status of your resources and avoid any inconsistency or data loss.  

articles/backup/offline-backup-azure-data-box-dpm-mabs.md

@@ -2,7 +2,7 @@
 title: Offline Backup with Azure Data Box for DPM and MABS
 description: You can use Azure Data Box to seed initial Backup data offline from DPM and MABS.
 ms.topic: how-to
-ms.date: 09/11/2024
+ms.date: 12/03/2024
 ms.service: azure-backup
 author: AbhishekMallick-MS
 ms.author: v-mallicka

articles/communication-services/concepts/sms/messaging-connect.md

@@ -265,7 +265,7 @@ Here’s how the Marketplace flow works:
 
 This setup simplifies procurement and allows Messaging Connect usage to count toward your Azure MACC commitment.
 
-Learn more: [Azure Marketplace](https://learn.microsoft.com/marketplace/azure-marketplace-overview)
+Learn more: [Azure Marketplace](/marketplace/azure-marketplace-overview)
 
 > [!TIP] 
 > Whether you choose Partner or Marketplace billing, the technical experience in Azure remains exactly the same.

articles/communication-services/quickstarts/identity/includes/entra-id/support-entra-id-users-js.md

@@ -134,13 +134,13 @@ From the project directory:
 
     export default App;
     ```
-    You can import any implementation of the [TokenCredential](https://learn.microsoft.com/javascript/api/%40azure/core-auth/tokencredential) interface from the [Azure Identity SDK for JavaScript](https://www.npmjs.com/package/@azure/identity) to authenticate with Microsoft Entra ID. In this quickstart, we use the `InteractiveBrowserCredential` class, which is suitable for browser basic authentication scenarios. For a full list of the credentials offered, see [Credential Classes](https://learn.microsoft.com/javascript/api/overview/azure/identity-readme#credential-classes).
+    You can import any implementation of the [TokenCredential](/javascript/api/%40azure/core-auth/tokencredential) interface from the [Azure Identity SDK for JavaScript](https://www.npmjs.com/package/@azure/identity) to authenticate with Microsoft Entra ID. In this quickstart, we use the `InteractiveBrowserCredential` class, which is suitable for browser basic authentication scenarios. For a full list of the credentials offered, see [Credential Classes](/javascript/api/overview/azure/identity-readme#credential-classes).
 
 <a name='step-1-obtain-entra-user-token-via-the-identity-library'></a>
 
 ### Step 1: Initialize implementation of TokenCredential from Azure Identity SDK
 
-The first step in obtaining Communication Services access token for Entra ID user is getting  an Entra ID access token for your Entra ID user by using [Azure Identity](https://learn.microsoft.com/javascript/api/overview/azure/identity-readme) SDK. To enable authentication for users across multiple tenants, initialize the `InteractiveBrowserCredential` class with the authority set to `https://login.microsoftonline.com/organizations`. For more information, see [Authority](https://learn.microsoft.com//entra/identity-platform/msal-client-application-configuration#authority).
+The first step in obtaining Communication Services access token for Entra ID user is getting  an Entra ID access token for your Entra ID user by using [Azure Identity](/javascript/api/overview/azure/identity-readme) SDK. To enable authentication for users across multiple tenants, initialize the `InteractiveBrowserCredential` class with the authority set to `https://login.microsoftonline.com/organizations`. For more information, see [Authority](/entra/identity-platform/msal-client-application-configuration#authority).
 
 ```javascript
 // Initialize InteractiveBrowserCredential for use with AzureCommunicationTokenCredential.

articles/communication-services/quickstarts/identity/includes/entra-id/support-entra-id-users-net.md

@@ -77,7 +77,7 @@ namespace EntraIdUsersSupportQuickstart
 
 ### Step 1: Initialize implementation of TokenCredential from Azure Identity SDK
 
-The first step in obtaining Communication Services access token for Entra ID user is getting an Entra ID access token for your Entra ID user by using [Azure.Identity](https://learn.microsoft.com/dotnet/api/overview/azure/identity-readme?view=azure-dotnet) SDK. The code below retrieves the Contoso Entra client ID and the Fabrikam tenant ID from environment variables named `ENTRA_CLIENT_ID` and `ENTRA_TENANT_ID`. To enable authentication for users across multiple tenants, initialize the `InteractiveBrowserCredential` class with the authority set to `https://login.microsoftonline.com/organizations`. For more information, see [Authority](https://learn.microsoft.com/entra/identity-platform/msal-client-application-configuration#authority).
+The first step in obtaining Communication Services access token for Entra ID user is getting an Entra ID access token for your Entra ID user by using [Azure.Identity](/dotnet/api/overview/azure/identity-readme) SDK. The code below retrieves the Contoso Entra client ID and the Fabrikam tenant ID from environment variables named `ENTRA_CLIENT_ID` and `ENTRA_TENANT_ID`. To enable authentication for users across multiple tenants, initialize the `InteractiveBrowserCredential` class with the authority set to `https://login.microsoftonline.com/organizations`. For more information, see [Authority](/entra/identity-platform/msal-client-application-configuration#authority).
 
 ```csharp
 // This code demonstrates how to fetch your Microsoft Entra client ID and tenant ID from environment variables.

articles/communication-services/quickstarts/identity/microsoft-entra-id-authentication-integration.md

@@ -23,7 +23,7 @@ This quickstart demonstrates how to use the Communication Services Common SDK al
 ## Prerequisites
 - An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 - An active Azure Communication Services resource and endpoint URI. For more information, see [Create an Azure Communication Services resource](../create-communication-resource.md).
-- A Microsoft Entra ID instance.  For more information, see [Microsoft Entra ID overview](https://learn.microsoft.com/entra/fundamentals/whatis?source=docs).
+- A Microsoft Entra ID instance.  For more information, see [Microsoft Entra ID overview](/entra/fundamentals/whatis?source=docs).
 
 ## Introduction
 
@@ -49,7 +49,7 @@ The Administrator role has extended permissions in Microsoft Entra ID. Members o
 To enable the Contoso application to access Azure Communication Services Clients application API permissions, the Contoso Administrator must create a service principal for Azure Communication Services Clients application in the Contoso Microsoft Entra ID tenant.
 The Contoso Administrator can create a service principal in Contoso tenant by one of the following methods:
 
-- Use the [Microsoft Graph REST API](https://learn.microsoft.com/graph/api/serviceprincipal-post-serviceprincipals?view=graph-rest-1.0&tabs=http#request) to run the following request:
+- Use the [Microsoft Graph REST API](/graph/api/serviceprincipal-post-serviceprincipals#request) to run the following request:
 
 ```http
 POST https://graph.microsoft.com/v1.0/servicePrincipals
@@ -62,7 +62,7 @@ Content-Type: application/json
 
   This request can also be executed in [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer/). Make sure to include your full tenant domain in the URL `https://developer.microsoft.com/graph/graph-explorer?tenant={tenant domain}`, sign in, and provide consent for `Application.ReadWrite.All` permission.
 
-- Use the [Azure CLI](https://learn.microsoft.com/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-create) to run the following command:
+- Use the [Azure CLI](/cli/azure/ad/sp#az-ad-sp-create) to run the following command:
 
 ```azurecli-interactive
 az ad sp create --id 2a04943b-b6a7-4f65-8786-2bb6131b59f6
@@ -205,4 +205,4 @@ In this quickstart, you learned how to:
 Learn about the following concepts:
 
 - [Support Microsoft Entra ID users in Azure Communication Services](../../concepts/identity-model.md#microsoft-entra-id-integrating-with-entra-id)
-- [Tenancy in Microsoft Entra ID](https://learn.microsoft.com/entra/identity-platform/single-and-multi-tenant-apps)
+- [Tenancy in Microsoft Entra ID](/entra/identity-platform/single-and-multi-tenant-apps)

articles/event-grid/troubleshoot-subscription-validation.md

@@ -11,8 +11,8 @@ During event subscription creation, if you're seeing an error message such as `T
 
 - Do an HTTP POST to your webhook url with a [sample SubscriptionValidationEvent](end-point-validation-event-grid-events-schema.md#validation-details) request body using curl or similar tool.
 - If your webhook is implementing synchronous validation handshake mechanism, verify that the ValidationCode is returned as part of the response.
-- If your webhook is implementing asynchronous validation handshake mechanism, verify that you're the HTTP POST is returning 200 OK.
-- If your webhook is returning `403 (Forbidden)` in the response, check if your webhook is behind an Azure Application Gateway or Web Application Firewall. If it is, then your need to disable these firewall rules and do an HTTP POST again:
+- If your webhook is implementing asynchronous validation handshake mechanism, verify that your POST endpoint is returning 200 OK.
+- If your webhook is returning `403 (Forbidden)` in the response, check if your webhook is behind an Azure Application Gateway or Web Application Firewall. If it is, then you need to disable these firewall rules and do an HTTP POST again:
     - 920300 (Request missing an accept header)
     - 942430 (Restricted SQL character anomaly detection (args): # of special characters exceeded (12))
     - 920230 (Multiple URL encoding detected)

articles/iot-operations/connect-to-cloud/concept-dataflow-conversions.md

@@ -1,8 +1,8 @@
 ---
 title: Convert data by using data flow conversions
 description: Learn about data flow conversions for transforming data in Azure IoT Operations.
-author: PatAltimore
-ms.author: patricka
+author: SoniaLopezBravo
+ms.author: sonialopez
 ms.subservice: azure-data-flows
 ms.topic: concept-article
 ms.date: 11/11/2024