Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into awp-mdb-enable-guest-accounts

Author: RoseHJM

articles/active-directory-b2c/partner-onfido.md

@@ -113,7 +113,7 @@ REST API settings:
 #### Upload your files
 
 1. Store the UI folder files in your blob container.
-2. [Use Azure Storage Explorer to manage Azure Managed Disks](/azure/virtual-machines/disks-use-storage-explorer-managed-disks) and access permissions.
+2. [Use Azure Storage Explorer to manage Azure managed disks](/azure/virtual-machines/disks-use-storage-explorer-managed-disks) and access permissions.
 
 ### Configure Azure AD B2C
 

articles/application-gateway/json-web-token-overview.md

@@ -11,7 +11,7 @@ ms.date: 11/18/2025
 
 # JSON Web Token (JWT) validation in Azure Application Gateway (preview)
 
-[Azure Application Gateway](/azure/application-gateway/) validates JSON Web Tokens (JWTs) issued by [Microsoft Entra ID](https://docs.azure.cn/en-us/entra/fundamentals/what-is-entra) (formerly Azure Active Directory) in incoming HTTPS requests. This capability provides first-hop authentication enforcement for web APIs or any protected resource without requiring custom code in your backend applications.
+[Azure Application Gateway](/azure/application-gateway/) validates JSON Web Tokens (JWTs) issued by [Microsoft Entra ID](/entra/fundamentals/what-is-entra) (formerly Azure Active Directory) in incoming HTTPS requests. This capability provides first-hop authentication enforcement for web APIs or any protected resource without requiring custom code in your backend applications.
 
 This capability verifies the integrity and authenticity of tokens in incoming requests. It then determines whether to allow or deny access before forwarding traffic to backend services. Upon successful validation, the gateway injects the `x-msft-entra-identity` header into the request and forwards it to the backend. Downstream applications can then securely consume verified identity information.
 

articles/artifact-signing/quickstart.md

@@ -273,11 +273,11 @@ To create an identity validation request for an Organization or a DBA:
 
 | Requirements         | Details     |
 | :------------------- | :------------------- |
-| Onboarding           | Artifact Signing at this time can onboard only legal business entities that have verifiable tax history of three or more years. For a quicker onboarding process, ensure that public records for the legal business entity that you're validated are up to date. |
+| Onboarding           | For a quicker onboarding process, ensure that public records for the legal business entity that you're validated are up to date. |
 | Accuracy             | Ensure that you provide the correct information for public identity validation. If you need to make any changes after it's created, you must complete a new identity validation request. This change affects the associated certificates that are being used for signing. |
 | Failed email verification            | If email verification fails, you must initiate a new identity validation request. |
 | Identity validation status            | You're notified through email when there's an update to the identity validation status. You can also check the status in the Azure portal at any time. |
-| Processing time            | Processing your identity validation request takes from 1 to 7 business days (possibly longer if we need to request more documentation from you). |
+| Processing time            | Processing your identity validation request takes from 1 to 15 business days (possibly longer if we need to request more documentation from you). |
 | More documentation            | If we need more documentation to process the identity validation request, you're notified through email. You can upload the documents in the Azure portal. For documentation upload, there are three attempts. The documentation request email contains information about file size requirements. Ensure that any documents you provide are the most current. <br> - All documents submitted must be issued within the previous 12 months and where the expiration date is a future date that is at least two months away. <br>  - If it isn't possible to provide additional documentation, update your account information to match any legal documents already provided or your official Company registration details. <br>  - When providing official business document, such as business registration form, business charter, or articles of incorporation that list the company name and address as it is provided at the time of Identity Validation request creation. <br>  - Ensure the domain registration or domain invoice from registration or renewal that lists the entity and contact name and all the domains that are included/mentioned in the request.|
 
 # [Identity Validation - Individual Developer](#tab/indiedevvalidation)

articles/automation/disable-local-authentication.md

@@ -15,8 +15,7 @@ author: RochakSingh-blr
 # Disable local authentication in Automation
 
 > [!IMPORTANT]
-> - Update Management patching will not work when local authentication is disabled. 
-> - When you disable local authentication, it impacts starting a runbook using a webhook, source control auto sync, Automation Desired State Configuration, and agent-based Hybrid Runbook Workers. For more information, see the [available alternatives](#compatibility).
+> When you disable local authentication, it impacts starting a runbook using a webhook, source control auto sync, and Automation Desired State Configuration. For more information, see the [available alternatives](#compatibility).
 
 Azure Automation provides Microsoft Entra authentication support for all Automation service public endpoints. This critical security enhancement removes certificate dependencies and gives organizations control to disable local authentication methods. This feature provides you with seamless integration when centralized control and management of identities and resource credentials through Microsoft Entra ID is required.
 
@@ -59,7 +58,6 @@ The following table describes the behaviors or features that are prevented from
 |Starting a runbook using a webhook. | Start a runbook job using Azure Resource Manager template, which uses Microsoft Entra authentication. |
 |Using Automation Desired State Configuration.| Use [Azure Policy Guest configuration](../governance/machine-configuration/overview.md).  |
 |Using agent-based Hybrid Runbook Workers.| Use [extension-based Hybrid Runbook Workers](./extension-based-hybrid-runbook-worker-install.md).|
-|Using Automation Update Management |Use [Azure Update Manager](../update-manager/overview.md)|
 
 
 ## Next steps

articles/azure-app-configuration/concept-snapshot-references.md

@@ -124,7 +124,7 @@ If a snapshot reference is added that points to the aforementioned snapshot, the
 | Java                | Work in progress         |
 | JavaScript          | 2.3.0+                   |
 | Python              | 2.4.0+                   |
-| Go                  | Work in progress         |
+| Go                  | 1.6.0+                   |
 | Kubernetes          | 2.6.0+                   |
 
 ## Next steps

articles/azure-app-configuration/configuration-provider-overview.md

@@ -69,7 +69,7 @@ Replica Auto Discovery | [GA](./reference-dotnet-provider.md#geo-replication) |
 Replica Failover | [GA](./reference-dotnet-provider.md#geo-replication) | [GA](/azure/developer/java/spring-framework/app-configuration-support#geo-replication) | GA | [GA](./reference-python-provider.md#geo-replication) | [GA](./reference-javascript-provider.md#geo-replication) | [GA](./reference-go-provider.md#geo-replication)
 Replica Load Balancing | [GA](./reference-dotnet-provider.md#geo-replication) | GA | GA | [GA](./reference-python-provider.md#geo-replication) | [GA](./reference-javascript-provider.md#geo-replication) | [GA](./reference-go-provider.md#geo-replication)
 Snapshots | [GA](./reference-dotnet-provider.md#snapshot) | [GA](/azure/developer/java/spring-framework/app-configuration-support#selecting-configurations) | GA | [GA](./reference-python-provider.md#load-configuration-from-snapshots) | [GA](./reference-javascript-provider.md#snapshot) | [GA](./reference-go-provider.md#snapshot)
-Snapshot Reference | [GA](./reference-dotnet-provider.md#snapshot-reference) | WIP | [GA](./reference-kubernetes-provider.md#snapshot-reference) | WIP | [GA](./reference-javascript-provider.md#snapshot-reference) | WIP
+Snapshot Reference | [GA](./reference-dotnet-provider.md#snapshot-reference) | WIP | [GA](./reference-kubernetes-provider.md#snapshot-reference) | WIP | [GA](./reference-javascript-provider.md#snapshot-reference) | [GA](./reference-go-provider.md#snapshot-reference)
 Distributed Tracing | [GA](./reference-dotnet-provider.md#distributed-tracing) | WIP | WIP | WIP | WIP | N/A
 Health Check | [GA](./reference-dotnet-provider.md#health-check) | [GA](/azure/developer/java/spring-framework/app-configuration-support#health-indicator) | WIP | WIP | WIP | N/A 
 Select by Tag Filters | [GA](./reference-dotnet-provider.md#load-specific-key-values-using-selectors) | WIP | GA | [GA](./reference-python-provider.md#tag-filters) | [GA](./reference-javascript-provider.md#tag-filters) | [GA](./reference-go-provider.md#tag-filters)

articles/azure-app-configuration/reference-go-provider.md

@@ -566,6 +566,15 @@ options := &azureappconfiguration.Options{
 appConfig, err := azureappconfiguration.Load(ctx, authOptions, options)
 ```
 
+### Snapshot reference
+
+A snapshot reference is a configuration setting that references a snapshot in the same App Configuration store. When loaded, the provider resolves it and adds all key-values from that snapshot. Using snapshot references enables switching between snapshots at runtime, unlike adding a snapshot selector, which requires code changes and/or restarts to switch to a new snapshot.
+
+For more information about creating a snapshot reference, go to [snapshot reference concept](./concept-snapshot-references.md).
+
+> [!NOTE] 
+> To use snapshot references, use the version *1.6.0* or later of `azureappconfiguration`.
+
 ## Geo-replication
 
 For information about using geo-replication, go to [Enable geo-replication](./howto-geo-replication.md).

articles/azure-functions/functions-cli-samples.md

@@ -3,14 +3,14 @@ title: Azure CLI samples for Azure Functions
 description: Find links to bash scripts for Azure Functions that use the Azure CLI. Learn how to create a function app that allows integration and deployment.
 ms.assetid: 577d2f13-de4d-40d2-9dfc-86ecc79f3ab0
 ms.topic: sample
-ms.date: 02/27/2026
+ms.date: 04/01/2026
 ms.custom: mvc, devx-track-azurecli, seo-azure-cli
 keywords: functions, azure cli samples, azure cli examples, azure cli code samples
 ---
 
 # Azure CLI Samples
 
-These end-to-end Azure CLI scripts are provided to help you learn how to provision and manage the Azure resources required by Azure Functions. You must use the [Azure Functions Core Tools](functions-run-local.md) to create actual Azure Functions code projects from the command line on your local computer and deploy code to these Azure resources. For a complete end-to-end example of developing and deploying from the command line using both Core Tools and the Azure CLI, see one of these language-specific command line quickstarts: 
+These end-to-end Azure CLI scripts help you learn how to create and manage the Azure resources required by Azure Functions. You must use the [Azure Functions Core Tools](functions-run-local.md) to create actual Azure Functions code projects from the command line on your local computer and deploy code to these Azure resources. For a complete end-to-end example of developing and deploying from the command line using both Core Tools and the Azure CLI, see one of these language-specific command line quickstarts:
 
 + [C#](how-to-create-function-azure-cli.md?pivots=programming-language-csharp)
 + [Java](how-to-create-function-azure-cli.md?pivots=programming-language-java)
@@ -30,13 +30,18 @@ The following table includes links to bash scripts that you can use to create an
 | [create-function-app-premium-plan.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/create-function-app-premium-plan) | Creates a function app in a Premium (Elastic Premium) plan. |
 | [create-function-app-app-service-plan.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/create-function-app-app-service-plan) | Creates a function app in a dedicated App Service plan. |
 
-| Connect to services | Description|
+| Connect to services | Description |
 |---|---|
 | [create-function-app-connect-to-storage-account.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/create-function-app-connect-to-storage) | Creates a function app in a Flex Consumption plan and connects it to a storage account using managed identity. |
 | [create-function-app-connect-to-cosmos-db.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/create-function-app-connect-to-cosmos-db) | Creates a function app in a Flex Consumption plan and connects it to Azure Cosmos DB using managed identity and RBAC. |
 | [connect-azure-openai-resources.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/connect-azure-openai-resources) | Creates a function app in a Flex Consumption plan and connects it to Azure OpenAI using managed identity. |
 | [functions-cli-mount-files-storage-linux.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/functions-cli-mount-files-storage-linux) | Creates a Linux function app and mounts an Azure Files share, which lets you leverage existing data or machine learning models in your functions. |
 
-| Deploy code | Description|
+| Secure networking | Description |
+|---|---|
+| [create-function-app-vnet-storage.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/create-function-app-vnet-storage) | Creates a function app in a Flex Consumption plan with VNet integration and restricts the storage account behind private endpoints so it's only accessible from inside the virtual network. |
+| [create-function-app-private-endpoint.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/create-function-app-private-endpoint) | Creates a function app in a Flex Consumption plan with an inbound private endpoint, restricting the function app's HTTP endpoints to only be callable from inside the virtual network. |
+
+| Deploy code | Description |
 |---|---|
 | [deploy-function-app-with-function-github-continuous.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/deploy-function-app-with-function-github-continuous) | Creates a function app in a Consumption plan and deploys code from a public GitHub repository. |

articles/azure-government/azure-secure-isolation-guidance.md

@@ -772,7 +772,7 @@ The DEK, encrypted with the KEK, is stored separately and only an entity with ac
 For [Windows VMs](/azure/virtual-machines/windows/disk-encryption-faq), Azure Disk encryption selects the encryption method in BitLocker based on the version of Windows, for example, XTS-AES 256 bit for Windows Server 2012 or greater. These crypto modules are FIPS 140 validated as part of the Microsoft [Windows FIPS validation program](/windows/security/threat-protection/fips-140-validation#modules-used-by-windows-server). For [Linux VMs](/azure/virtual-machines/linux/disk-encryption-faq), Azure Disk encryption uses the decrypt default of aes-xts-plain64 with a 256-bit volume master key that is FIPS 140 validated as part of DM-Crypt validation obtained by suppliers of Linux IaaS VM images in Microsoft Azure Marketplace.
 
 ##### *Server-side encryption for managed disks*
-[Azure Managed Disks](/azure/virtual-machines/managed-disks-overview) are block-level storage volumes that are managed by Azure and used with Azure Windows and Linux virtual machines. They simplify disk management for Azure IaaS VMs by handling storage account management transparently for you. Azure Managed Disks automatically encrypt your data by default using [256-bit AES encryption](/azure/virtual-machines/disk-encryption) that is FIPS 140 validated. For encryption key management, you have the following choices:
+[Azure managed disks](/azure/virtual-machines/managed-disks-overview) are block-level storage volumes that are managed by Azure and used with Azure Windows and Linux virtual machines. They simplify disk management for Azure IaaS VMs by handling storage account management transparently for you. Azure managed disks automatically encrypt your data by default using [256-bit AES encryption](/azure/virtual-machines/disk-encryption) that is FIPS 140 validated. For encryption key management, you have the following choices:
 
 - [Platform-managed keys](/azure/virtual-machines/disk-encryption#platform-managed-keys) is the default choice that provides transparent data encryption at rest for managed disks whereby keys are managed by Microsoft.
 - [Customer-managed keys](/azure/virtual-machines/disk-encryption#customer-managed-keys) enables you to have control over your own keys that can be imported into or generated inside Azure Key Vault or Managed HSM. This approach relies on two sets of keys as described previously: DEK and KEK. DEK encrypts the data using an AES-256 based encryption and is in turn encrypted by an RSA KEK that is stored in Azure Key Vault or Managed HSM.