MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json‎
Lines changed: 35 additions & 0 deletions b/‎.openpublishing.redirection.json‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎articles/api-management/api-management-policy-expressions.md‎
Lines changed: 1 addition & 1 deletion b/‎articles/api-management/api-management-policy-expressions.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/api-management/azure-openai-token-limit-policy.md‎
Lines changed: 5 additions & 4 deletions b/‎articles/api-management/azure-openai-token-limit-policy.md‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎articles/api-management/llm-token-limit-policy.md‎
Lines changed: 5 additions & 3 deletions b/‎articles/api-management/llm-token-limit-policy.md‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎articles/application-gateway/overview-v2.md‎
Lines changed: 1 addition & 1 deletion b/‎articles/application-gateway/overview-v2.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/automation/TOC.yml‎
Lines changed: 5 additions & 7 deletions b/‎articles/automation/TOC.yml‎
Lines changed: 5 additions & 7 deletions
diff --git a/‎articles/automation/change-tracking/change-tracking-data-collection-rule-creation.md‎
Lines changed: 2 additions & 2 deletions b/‎articles/automation/change-tracking/change-tracking-data-collection-rule-creation.md‎
Lines changed: 2 additions & 2 deletions
@@ -1,5 +1,40 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/automation/change-tracking/enable-change-tracking-at-scale-machines-blade.md",
+      "redirect_url": "/azure/azure-change-tracking-inventory/enable-change-tracking-at-scale-machines-blade",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/automation/change-tracking/enable-change-tracking-at-scale-policy.md",
+      "redirect_url": "/azure/azure-change-tracking-inventory/enable-change-tracking-at-scale-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/automation/change-tracking/extension-version-details.md",
+      "redirect_url": "/azure/azure-change-tracking-inventory/extension-version-details",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/automation/change-tracking/overview-monitoring-agent.md",
+      "redirect_url": "/azure/azure-change-tracking-inventory/overview-monitoring-agent",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/automation/change-tracking/region-mappings-monitoring-agent.md",
+      "redirect_url": "/azure/azure-change-tracking-inventory/change-tracking-inventory-support-matrix",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/automation/change-tracking/enable-vms-monitoring-agent.md",
+      "redirect_url": "/azure/azure-change-tracking-inventory/quickstart-monitor-changes-collect-inventory-azure-change-tracking-inventory?pivots=single-portal",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/automation/change-tracking/manage-change-tracking-monitoring-agent.md",
+      "redirect_url": "/azure/azure-change-tracking-inventory/tutorial-change-workspace-configure-data-collection-rule",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/defender-for-iot/organizations/custom-columns-sample-script.md",
       "redirect_url": "/previous-versions/azure/defender-for-iot/organizations/custom-columns-sample-script",
 
@@ -142,7 +142,7 @@ The following table lists the .NET Framework types and members allowed in policy
 |`System.Security.Cryptography.SHA384Managed`|All|
 |`System.Security.Cryptography.SHA512`|All|
 |`System.Security.Cryptography.SHA512Managed`|All|
-|`System.Security.Cryptography.SymmetricAlgorithm`|All|
+|`System.Security.Cryptography.SymmetricAlgorithm`|All except parameterless `Create()`|
 |`System.Security.Cryptography.X509Certificates.PublicKey`|All|
 |`System.Security.Cryptography.X509Certificates.RSACertificateExtensions`|All|
 |`System.Security.Cryptography.X509Certificates.X500DistinguishedName`|`Name`|
 
@@ -20,7 +20,7 @@ ms.author: danlep
 
 The `azure-openai-token-limit` policy prevents Azure OpenAI in Foundry Models API usage spikes on a per key basis by limiting consumption of language model tokens to a specified rate (number per minute), a quota over a specified period, or both. When a specified token rate limit is exceeded, the caller receives a `429 Too Many Requests` response status code. When a specified quota is exceeded, the caller receives a `403 Forbidden` response status code.
 
-By relying on token usage metrics returned from the OpenAI endpoint, the policy can accurately monitor and enforce limits in real time. The policy also enables precalculation of prompt tokens by API Management, minimizing unnecessary requests to the OpenAI backend if the limit is already exceeded.
+By relying on token usage metrics returned from the Azure OpenAI endpoint, the policy monitors and enforces limits based on actual token consumption. The policy also enables estimation of prompt tokens in advance by API Management, minimizing unnecessary requests to the Azure OpenAI backend if the limit is already exceeded. However, because the actual number of tokens consumed depends on both the prompt size and the completion size (which varies by request), the policy can't predict total token consumption in advance. This design could allow token limits to be exceeded temporarily when multiple requests are processed concurrently.
 
 [!INCLUDE [api-management-policy-generic-alert](../../includes/api-management-policy-generic-alert.md)]
 
@@ -51,7 +51,7 @@ By relying on token usage metrics returned from the OpenAI endpoint, the policy
 | tokens-per-minute | The maximum number of tokens consumed by prompt and completion per minute.         | Either a rate limit (`tokens-per-minute`), a quota (`token-quota` over a `token-quota-period`), or both must be specified.      | N/A     |
 | token-quota | The maximum number of tokens allowed during the time interval specified in the `token-quota-period`. Policy expressions aren't allowed. | Either a rate limit (`tokens-per-minute`), a quota (`token-quota` over a `token-quota-period`), or both must be specified. | N/A |
 | token-quota-period | The length of the fixed window after which the `token-quota` resets. The value must be one of the following: `Hourly`,`Daily`, `Weekly`, `Monthly`, `Yearly`. The start time of a quota period is calculated using the UTC timestamp truncated to the unit (hour, day, etc.) used for the period. | Either a rate limit (`tokens-per-minute`), a quota (`token-quota` over a `token-quota-period`), or both must be specified.     | N/A |
-| estimate-prompt-tokens | Boolean value that determines whether to estimate the number of tokens required for a prompt: <br> - `true`: estimate the number of tokens based on prompt schema in API; may reduce performance. <br> - `false`: don't estimate prompt tokens. <br><br>When set to `false`, the remaining tokens per `counter-key` are calculated using the actual token usage from the response of the model. This could result in prompts being sent to the model that exceed the token limit. In such case, this will be detected in the response, and all succeeding requests will be blocked by the policy until the token limit frees up again.  | Yes       | N/A     |
+| estimate-prompt-tokens | Boolean value that determines whether to estimate the number of tokens required for a prompt: <br> - `true`: estimate the number of tokens based on prompt schema in API; may reduce performance. <br> - `false`: don't estimate prompt tokens. <br><br>When set to `false`, the remaining tokens per `counter-key` are calculated using the actual token usage from the response of the model. This could result in prompts being sent to the model that exceed the token limit. In such case, this will be detected in the response, and all succeeding requests will be blocked by the policy until the token limit resets.  | Yes       | N/A     |
 | retry-after-header-name    | The name of a custom response header whose value is the recommended retry interval in seconds after the specified `tokens-per-minute` or `token-quota` is exceeded. Policy expressions aren't allowed. |  No | `Retry-After`  |
 | retry-after-variable-name    | The name of a variable that stores the recommended retry interval in seconds after the specified `tokens-per-minute` or `token-quota` is exceeded. Policy expressions aren't allowed. |  No | N/A  |
 | remaining-quota-tokens-header-name | The name of a response header whose value after each policy execution is the estimated number of remaining tokens corresponding to `token-quota` allowed for the `token-quota-period`. Policy expressions aren't allowed. | No | N/A |
@@ -69,9 +69,10 @@ By relying on token usage metrics returned from the OpenAI endpoint, the policy
 
 ### Usage notes
 
-* This policy can be used multiple times per policy definition.
-* This policy can optionally be configured when adding an API from the Azure OpenAI using the portal.
+* This policy can be used multiple times per policy definition
+* This policy can optionally be configured when adding an Azure OpenAI API using the portal.
 * Where available when `estimate-prompt-tokens` is set to `false`, values in the usage section of the response from the Azure OpenAI API are used to determine token usage.
+* When multiple requests are sent concurrently or with slight delays, the policy can allow token consumption that exceeds the configured limit. This happens because the policy can't determine the exact number of tokens consumed until responses are received from the backend. Once responses are processed and token limits are exceeded, subsequent requests are blocked until the limit resets. 
 * Certain Azure OpenAI endpoints support streaming of responses. When `stream` is set to `true` in the API request to enable streaming, prompt tokens are always estimated, regardless of the value of the `estimate-prompt-tokens` attribute. Completion tokens are also estimated when responses are streamed.
 * The value of `remaining-quota-tokens-variable-name` or `remaining-quota-tokens-header-name` is an estimate for informational purposes but could be larger than expected based on actual token consumption. The value is more accurate as the quota is approached.
 * For models that accept image input, image tokens are generally counted by the backend language model and included in limit and quota calculations. However, when streaming is used or `estimate-prompt-tokens` is set to `true`, the policy currently over-counts each image as a maximum count of 1200 tokens.
 
@@ -8,7 +8,7 @@ ms.service: azure-api-management
 ms.collection: ce-skilling-ai-copilot
 ms.custom:
 ms.topic: reference
-ms.date: 08/14/2025
+ms.date: 11/17/2025
 ms.update-cycle: 180-days
 ms.author: danlep
 ---
@@ -19,7 +19,7 @@ ms.author: danlep
 
 The `llm-token-limit` policy prevents large language model (LLM) API usage spikes on a per key basis by limiting consumption of language model tokens to either a specified rate (number per minute), a quota over a specified period, or both. When a specified token rate limit is exceeded, the caller receives a `429 Too Many Requests` response status code. When a specified quota is exceeded, the caller receives a `403 Forbidden` response status code.
 
-By relying on token usage metrics returned from the LLM endpoint, the policy can accurately monitor and enforce limits in real time. The policy also enables precalculation of prompt tokens by API Management, minimizing unnecessary requests to the LLM backend if the limit is already exceeded.
+By relying on token usage metrics returned from the LLM endpoint, the policy monitors and enforces limits based on actual token consumption. The policy also enables estimation of prompt tokens in advance by API Management, minimizing unnecessary requests to the LLM backend if the limit is already exceeded. However, because the actual number of tokens consumed depends on both the prompt size and the completion size (which varies by request), the policy can't predict total token consumption in advance. This design could allow token limits to be exceeded temporarily when multiple requests are processed concurrently.
 
 [!INCLUDE [api-management-policy-generic-alert](../../includes/api-management-policy-generic-alert.md)]
 
@@ -50,7 +50,7 @@ By relying on token usage metrics returned from the LLM endpoint, the policy can
 | tokens-per-minute | The maximum number of tokens consumed by prompt and completion per minute.         | Either a rate limit (`tokens-per-minute`), a quota (`token-quota` over a `token-quota-period`), or both must be specified.      | N/A     |
 | token-quota | The maximum number of tokens allowed during the time interval specified in the `token-quota-period`. Policy expressions aren't allowed. | Either a rate limit (`tokens-per-minute`), a quota (`token-quota` over a `token-quota-period`), or both must be specified. | N/A |
 | token-quota-period | The length of the fixed window after which the `token-quota` resets. The value must be one of the following: `Hourly`,`Daily`, `Weekly`, `Monthly`, `Yearly`. The start time of a quota period is calculated as the UTC timestamp truncated to the unit (hour, day, etc.) used for the period.  | Either a rate limit (`tokens-per-minute`), a quota (`token-quota` over a `token-quota-period`), or both must be specified.   | N/A |
-| estimate-prompt-tokens | Boolean value that determines whether to estimate the number of tokens required for a prompt: <br> - `true`: estimate the number of tokens based on prompt schema in API; may reduce performance. <br> - `false`: don't estimate prompt tokens. <br><br>When set to `false`, the remaining tokens per `counter-key` are calculated using the actual token usage from the response of the model. This could result in prompts being sent to the model that exceed the token limit. In such case, this will be detected in the response, and all succeeding requests will be blocked by the policy until the token limit frees up again.  | Yes       | N/A     |
+| estimate-prompt-tokens | Boolean value that determines whether to estimate the number of tokens required for a prompt: <br> - `true`: estimate the number of tokens based on prompt schema in API; may reduce performance. <br> - `false`: don't estimate prompt tokens. <br><br>When set to `false`, the remaining tokens per `counter-key` are calculated using the actual token usage from the response of the model. This could result in prompts being sent to the model that exceed the token limit. In such case, this will be detected in the response, and all succeeding requests will be blocked by the policy until the token limit resets.  | Yes       | N/A     |
 | retry-after-header-name    | The name of a custom response header whose value is the recommended retry interval in seconds after the specified `tokens-per-minute` or `token-quota` is exceeded. Policy expressions aren't allowed. |  No | `Retry-After`  |
 | retry-after-variable-name    | The name of a variable that stores the recommended retry interval in seconds after the specified `tokens-per-minute` or `token-quota` is exceeded. Policy expressions aren't allowed. |  No | N/A  |
 | remaining-quota-tokens-header-name | The name of a response header whose value after each policy execution is the estimated number of remaining tokens corresponding to `token-quota` allowed for the `token-quota-period`. Policy expressions aren't allowed. | No | N/A |
@@ -69,7 +69,9 @@ By relying on token usage metrics returned from the LLM endpoint, the policy can
 ### Usage notes
 
 * This policy can be used multiple times per policy definition.
+* This policy can optionally be configured when adding an LLM API using the portal.
 * Where available when `estimate-prompt-tokens` is set to `false`, values in the usage section of the response from the LLM API are used to determine token usage.
+* When multiple requests are sent concurrently or with slight delays, the policy can allow token consumption that exceeds the configured limit. This happens because the policy can't determine the exact number of tokens consumed until responses are received from the backend. Once responses are processed and token limits are exceeded, subsequent requests are blocked until the limit resets. 
 * Certain LLM endpoints support streaming of responses. When `stream` is set to `true` in the API request to enable streaming, prompt tokens are always estimated, regardless of the value of the `estimate-prompt-tokens` attribute.
 * The value of `remaining-quota-tokens-variable-name` or `remaining-quota-tokens-header-name` is an estimate for informational purposes but could be larger than expected based on actual token consumption. The value is more accurate as the quota is approached.
 * For models that accept image input, image tokens are generally counted by the backend language model and included in limit and quota calculations. However, when streaming is used or `estimate-prompt-tokens` is set to `true`, the policy currently over-counts each image as a maximum count of 1200 tokens.
 
@@ -22,7 +22,7 @@ Application Gateway v2 is the latest version of Application Gateway. It provides
 
 The v2 SKU includes the following enhancements:
 
-- **TCP/TLS proxy (Preview)**: Azure Application Gateway now also supports Layer 4 (TCP protocol) and TLS (Transport Layer Security) proxying. This feature is currently in public preview. For more information, see [Application Gateway TCP/TLS proxy overview](tcp-tls-proxy-overview.md).
+- **TCP/TLS proxy**: Azure Application Gateway now also supports Layer 4 (TCP protocol) and TLS (Transport Layer Security) proxying. This feature is currently in public preview. For more information, see [Application Gateway TCP/TLS proxy overview](tcp-tls-proxy-overview.md).
 - **Autoscaling**: Application Gateway or WAF deployments under the autoscaling SKU can scale out or in based on changing traffic load patterns. Autoscaling also removes the requirement to choose a deployment size or instance count during provisioning. This SKU offers true elasticity. In the Standard_v2 and WAF_v2 SKU, Application Gateway can operate both in fixed capacity (autoscaling disabled) and in autoscaling enabled mode. Fixed capacity mode is useful for scenarios with consistent and predictable workloads. Autoscaling mode is beneficial in applications that see variance in application traffic.
 - **Zone redundancy**: Application Gateway or WAF deployments span multiple Availability Zones by default, removing the need to provision separate Application Gateway instances in each zone with a Traffic Manager. Application Gateway instances are deployed (by default) in a minimum of two availability zones, which makes it more resilient to zone failure. The backend pool for applications can be similarly distributed across availability zones.
 
 
@@ -1,4 +1,4 @@
-- name: Azure Automation User Documentation
+- name: Azure Automation Documentation
   href: index.yml
 - name: Overview
   items:
@@ -261,8 +261,6 @@
     items:
     - name: About Change tracking and inventory
       href: change-tracking/overview-monitoring-agent.md
-    - name: Change tracking extension version
-      href: change-tracking/extension-version-details.md
     - name: Supported regions
       href: change-tracking/region-mappings-monitoring-agent.md
     - name: Enable change tracking and inventory
@@ -271,10 +269,10 @@
         href: change-tracking/enable-change-tracking-at-scale-machines-blade.md
       - name: At scale using Azure Policy
         href: change-tracking/enable-change-tracking-at-scale-policy.md
-      - name: At scale using Azure portal - Virtual machines
-        href: change-tracking/enable-vms-monitoring-agent.md
-    - name: Manage change tracking and inventory
-      href: change-tracking/manage-change-tracking-monitoring-agent.md
+      - name: Quickstart - Enable Azure Change Tracking and Inventory
+        href: /azure/azure-change-tracking-inventory/quickstart-monitor-changes-collect-inventory-azure-change-tracking-inventory?pivots=single-portal
+    - name: Tutorial - Change a workspace and configure Data Collection Rule
+      href: /azure/azure-change-tracking-inventory/tutorial-change-workspace-configure-data-collection-rule?tabs=windows%2Csa-mi
   - name: Migration from Change Tracking and Inventory using LA to Change Tracking using AMA
     items:
     - name: Migration from Log Analytics to Azure Monitoring Agent version
 
@@ -2,7 +2,7 @@
 title: Script sample - Create a data collection rule in change tracking.
 description: Learn about how to create a data collection rule
 ms.topic: sample
-ms.date: 11/15/2024
+ms.date: 11/14/2025
 ms.author: v-jasmineme
 author: jasminemehndir
 ---
@@ -404,5 +404,5 @@ Save the above script on your machine with a name as *CtDcrCreation.json*. For m
 
 ## Next steps
 
-[Learn more](manage-change-tracking-monitoring-agent.md) on Manage change tracking and inventory using Azure Monitoring Agent (Preview).
+Learn more about [Tutorials - Change a workspace and configure Data Collection Rule](/azure/azure-change-tracking-inventory/tutorial-change-workspace-configure-data-collection-rule?tabs=windows%2Csa-mi).