MicrosoftDocs
diff --git a/‎articles/api-management/api-management-policy-expressions.md‎
Lines changed: 5 additions & 3 deletions b/‎articles/api-management/api-management-policy-expressions.md‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎articles/api-management/backends.md‎
Lines changed: 44 additions & 20 deletions b/‎articles/api-management/backends.md‎
Lines changed: 44 additions & 20 deletions
diff --git a/‎articles/app-service/includes/tutorial-connect-msi-azure-database/code-sql-mi.md‎
Lines changed: 6 additions & 7 deletions b/‎articles/app-service/includes/tutorial-connect-msi-azure-database/code-sql-mi.md‎
Lines changed: 6 additions & 7 deletions
diff --git a/‎articles/app-service/troubleshoot-intermittent-outbound-connection-errors.md‎
Lines changed: 1 addition & 1 deletion b/‎articles/app-service/troubleshoot-intermittent-outbound-connection-errors.md‎
Lines changed: 1 addition & 1 deletion
@@ -7,7 +7,7 @@ author: dlepow
 ms.service: azure-api-management
 ms.custom: devx-track-dotnet
 ms.topic: reference
-ms.date: 03/07/2023
+ms.date: 01/15/2026
 ms.author: danlep
 ---
 # API Management policy expressions
@@ -202,16 +202,18 @@ The `context` variable is implicitly available in every policy [expression](api-
 
 |Context Variable|Allowed methods, properties, and parameter values|
 |----------------------|-------------------------------------------------------|
-|`context`|[`Api`](#ref-context-api): [`IApi`](#ref-iapi)<br /><br /> [`Deployment`](#ref-context-deployment)<br /><br /> Elapsed: `TimeSpan` - time interval between the value of `Timestamp` and current time<br /><br /> [`GraphQL`](#ref-context-graphql)<br /><br />[`LastError`](#ref-context-lasterror)<br /><br /> [`Operation`](#ref-context-operation)<br /><br /> [`Request`](#ref-context-request)<br /><br /> `RequestId`: `Guid` - unique request identifier<br /><br /> [`Response`](#ref-context-response)<br /><br /> [`Subscription`](#ref-context-subscription)<br /><br />`Timestamp`: `DateTime` - point in time when request was received<br /><br /> `Tracing`: `bool` - indicates if tracing is on or off <br /><br /> [User](#ref-context-user)<br /><br /> [`Variables`](#ref-context-variables): `IReadOnlyDictionary<string, object>`<br /><br /> `void Trace(message: string)` <br /><br /> [`Workspace`](#ref-context-workspace) |
+|`context`|[`Api`](#ref-context-api): [`IApi`](#ref-iapi)<br /><br /> [`Backend`](#ref-context-backend)<br /><br /> [`Deployment`](#ref-context-deployment)<br /><br /> Elapsed: `TimeSpan` - time interval between the value of `Timestamp` and current time<br /><br /> [`GraphQL`](#ref-context-graphql)<br /><br />[`LastError`](#ref-context-lasterror)<br /><br /> [`Operation`](#ref-context-operation)<br /><br /> [`Request`](#ref-context-request)<br /><br /> `RequestId`: `Guid` - unique request identifier<br /><br /> [`Response`](#ref-context-response)<br /><br /> [`Subscription`](#ref-context-subscription)<br /><br />`Timestamp`: `DateTime` - point in time when request was received<br /><br /> `Tracing`: `bool` - indicates if tracing is on or off <br /><br /> [User](#ref-context-user)<br /><br /> [`Variables`](#ref-context-variables): `IReadOnlyDictionary<string, object>`<br /><br /> `void Trace(message: string)` <br /><br /> [`Workspace`](#ref-context-workspace) |
 |<a id="ref-context-api"></a>`context.Api`|`Id`: `string`<br /><br /> `IsCurrentRevision`: `bool`<br /><br />  `Name`: `string`<br /><br /> `Path`: `string`<br /><br /> `Revision`: `string`<br /><br /> `ServiceUrl`: [`IUrl`](#ref-iurl)<br /><br /> `Version`: `string` |
+|<a id="ref-context-backend"></a>`context.Backend`|`AzureRegion`: `string`<br /><br /> `Id`: `string`<br /><br /> `Type`: `enum BackendType {Single, Pool}`|
 |<a id="ref-context-deployment"></a>`context.Deployment`|[`Gateway`](#ref-context-gateway)<br /><br /> `GatewayId`: `string` (returns 'managed' for managed gateways)<br /><br /> `Region`: `string`<br /><br /> `ServiceId`: `string`<br /><br /> `ServiceName`: `string`<br /><br />[`SustainabilityInfo`](#ref-context-sustainability)<br/><br/> `Certificates`: `IReadOnlyDictionary<string, X509Certificate2>`|
 |<a id="ref-context-gateway"></a>`context.Deployment.Gateway`|`Id`: `string` (returns 'managed' for managed gateways)<br /><br /> `InstanceId`: `string` (returns 'managed' for managed gateways)<br /><br /> `IsManaged`: `bool`|
 |<a id="ref-context-sustainability"></a>`context.Deployment.SustainabilityInfo`| `CurrentCarbonIntensity`: Enum [CarbonIntensityCategory](sustainability.md#carbon-intensity-categories)|
 |<a id="ref-context-graphql"></a>`context.GraphQL`|`GraphQLArguments`: `IGraphQLDataObject`<br /><br /> `Parent`: `IGraphQLDataObject`<br/><br/>[Examples](configure-graphql-resolver.md#graphql-context)|
 |<a id="ref-context-lasterror"></a>`context.LastError`|`Source`: `string`<br /><br /> `Reason`: `string`<br /><br /> `Message`: `string`<br /><br /> `Scope`: `string`<br /><br /> `Section`: `string`<br /><br /> `Path`: `string`<br /><br /> `PolicyId`: `string`<br /><br /> For more information about `context.LastError`, see [Error handling](api-management-error-handling-policies.md).|
 |<a id="ref-context-operation"></a>`context.Operation`|`Id`: `string`<br /><br /> `Method`: `string`<br /><br /> `Name`: `string`<br /><br /> `UrlTemplate`: `string`|
 |<a id="ref-context-product"></a>`context.Product`|`ApprovalRequired`: `bool`<br /><br /> `Groups`: `IEnumerable<`[`IGroup`](#ref-igroup)`>`<br /><br /> `Id`: `string`<br /><br /> `Name`: `string`<br /><br /> `State`: `enum ProductState {NotPublished, Published}`<br /><br /> `SubscriptionsLimit`: `int?`<br /><br /> `SubscriptionRequired`: `bool`|
-|<a id="ref-context-request"></a>`context.Request`|`Body`: [`IMessageBody`](#ref-imessagebody) or `null` if request doesn't have a body.<br /><br /> `Certificate`: `System.Security.Cryptography.X509Certificates.X509Certificate2`<br /><br /> [`Headers`](#ref-context-request-headers): `IReadOnlyDictionary<string, string[]>`<br /><br /> `IpAddress`: `string`<br /><br /> `MatchedParameters`: `IReadOnlyDictionary<string, string>`<br /><br /> `Method`: `string`<br /><br /> `OriginalUrl`: [`IUrl`](#ref-iurl)<br /><br /> `Url`: [`IUrl`](#ref-iurl)<br /><br /> `PrivateEndpointConnection`: [`IPrivateEndpointConnection`](#ref-iprivateendpointconnection) or `null` if request doesn't come from a private endpoint connection.|
+|<a id="ref-context-request"></a>`context.Request`|`Body`: [`IMessageBody`](#ref-imessagebody) or `null` if request doesn't have a body.<br /><br /> `Certificate`: `System.Security.Cryptography.X509Certificates.X509Certificate2`<br /><br /> [`Foundry`](#ref-context-request-foundry)<br /><br /> [`Headers`](#ref-context-request-headers): `IReadOnlyDictionary<string, string[]>`<br /><br /> `IpAddress`: `string`<br /><br /> `MatchedParameters`: `IReadOnlyDictionary<string, string>`<br /><br /> `Method`: `string`<br /><br /> `OriginalUrl`: [`IUrl`](#ref-iurl)<br /><br /> `Url`: [`IUrl`](#ref-iurl)<br /><br /> `PrivateEndpointConnection`: [`IPrivateEndpointConnection`](#ref-iprivateendpointconnection) or `null` if request doesn't come from a private endpoint connection.|
+|<a id="ref-context-request-foundry"></a>`context.Request.Foundry`|`Deployment`: `string` - The model deployment ID in Microsoft Foundry associated with the request.|
 |<a id="ref-context-request-headers"></a>`string context.Request.Headers.GetValueOrDefault(headerName: string, defaultValue: string)`|`headerName`: `string`<br /><br /> `defaultValue`: `string`<br /><br /> Returns comma-separated request header values or `defaultValue` if the header isn't found.|
 |<a id="ref-context-response"></a>`context.Response`|`Body`: [`IMessageBody`](#ref-imessagebody)<br /><br /> [`Headers`](#ref-context-response-headers): `IReadOnlyDictionary<string, string[]>`<br /><br /> `StatusCode`: `int`<br /><br /> `StatusReason`: `string`|
 |<a id="ref-context-response-headers"></a>`string context.Response.Headers.GetValueOrDefault(headerName: string, defaultValue: string)`|`headerName`: `string`<br /><br /> `defaultValue`: `string`<br /><br /> Returns comma-separated response header values or `defaultValue` if the header isn't found.|
 
@@ -1,11 +1,11 @@
 ---
-title: Azure API Management backends | Microsoft Docs
+title: Azure API Management Backends | Microsoft Docs
 description: Learn about backends in Azure API Management. Backend entities encapsulate information about backend services, promoting reusability across APIs and governance.
 services: api-management
 author: dlepow
 ms.service: azure-api-management
 ms.topic: concept-article
-ms.date: 11/20/2025
+ms.date: 01/15/2026
 ms.author: danlep
 ms.custom:
   - build-2024
@@ -23,28 +23,28 @@ When you import certain APIs, API Management automatically configures the API ba
 * A [SOAP API](import-soap-api.md).
 
 For other APIs, such as APIs from Azure services, you import an Azure resource without specifying the backend service explicitly. Examples include: 
-* An HTTP-triggered [Azure Function App](import-function-app-as-api.md) 
+* An HTTP-triggered [Azure Function App](import-function-app-as-api.md). 
 * A [Logic App](import-logic-app-as-api.md).
 
 API Management also supports using other resources as an API backend, such as:
 * A [Service Fabric cluster](how-to-configure-service-fabric-backend.yml).
-* AI services
-* A custom service
+* AI services.
+* A custom service.
 
 For these backends, you can create a *backend entity* in API Management and reference it in your APIs.  
 
 ## Benefits of backends
 
-API Management supports backend entities so you can manage the backend services of your API. A backend entity encapsulates information about the backend service, promoting reusability across APIs and improved governance.
+API Management supports backend entities so you can manage the backend services of your API. A backend entity encapsulates information about the backend service, which promotes reusability across APIs and improves governance.
 
-Use backends for one or more of the following:
+Use backends for one or more of the following tasks:
 
-* Authorize the credentials of requests to the backend service
-* Take advantage of API Management functionality to maintain secrets in Azure Key Vault if [named values](api-management-howto-properties.md) are configured for header or query parameter authentication
-* Define circuit breaker rules to protect your backend from too many requests
-* Route or load-balance requests to multiple backends
+* Authorize the credentials of requests to the backend service.
+* Take advantage of API Management functionality to maintain secrets in Azure Key Vault if [named values](api-management-howto-properties.md) are configured for header or query parameter authentication.
+* Define circuit breaker rules to protect your backend from too many requests.
+* Route or load-balance requests to multiple backends.
 
-Configure and manage backend entities in the Azure portal, or by using Azure APIs or tools.
+You can configure and manage backend entities in the Azure portal, or by using Azure APIs or tools.
 
 ## Create a backend
 
@@ -98,7 +98,7 @@ If the backend service is secured with a certificate issued by a well-known CA,
 
 ### Configure CA certificate
 
-If the backend service uses a custom CA certificate, you can reference the custom CA certificate in the backend entity. You might need to do this step to establish trust for the backend server certificate - for example, with self-signed certificates, untrusted root certificates, or partial certificate chains.
+If the backend service uses a custom CA certificate, you can reference the custom CA certificate in the backend entity. You might need to add a custom CA certificate to establish trust for the backend server certificate - for example, with self-signed certificates, untrusted root certificates, or partial certificate chains.
 
 > [!NOTE]
 > Currently, you can only configure CA certificate details in a backend entity in the [v2 tiers](v2-service-tiers-overview.md).
@@ -123,7 +123,7 @@ To add CA certificate details, follow these steps:
 
 ## Reference backend using set-backend-service policy
 
-After creating a backend, you can reference the backend identifier (name) in your APIs. Use the [`set-backend-service`](set-backend-service-policy.md) policy to direct an incoming API request to the backend. If you already configured a backend web service for an API, you can use the `set-backend-service` policy to redirect the request to a backend entity instead. For example:
+After creating a backend, reference the backend identifier (name) in your APIs. Use the [`set-backend-service`](set-backend-service-policy.md) policy to direct an incoming API request to the backend. If you already configured a backend web service for an API, use the `set-backend-service` policy to redirect the request to a backend entity instead. For example:
 
 ```xml
 <policies>
@@ -135,11 +135,11 @@ After creating a backend, you can reference the backend identifier (name) in you
 <policies/>
 ```
 > [!NOTE]
-> Alternatively, you can use `base-url`. Usually, the format is `https://backend.com/api`. Avoid adding a slash at the end to prevent misconfigurations. Typically, the `base-url` and HTTP(S) endpoint value in the backend should match to enable seamless integration between frontend and backend. Note that API Management instances append the backend service name to the `base-url`.
+> Alternatively, you can use `base-url`. Usually, the format is `https://backend.com/api`. Avoid adding a slash at the end to prevent misconfigurations. Typically, the `base-url` and HTTP(S) endpoint value in the backend should match to enable seamless integration between frontend and backend. API Management instances append the backend service name to the `base-url`.
 
-You can use conditional logic with the `set-backend-service` policy to change the effective backend based on location, gateway that was called, or other expressions.
+Use conditional logic with the `set-backend-service` policy to change the effective backend based on location, gateway that was called, or other expressions.
 
-For example, here is a policy to route traffic to another backend based on the gateway that was called:
+For example, the following policy routes traffic to another backend based on the gateway that was called:
 
 ```xml
 <policies>
@@ -275,7 +275,7 @@ Include a JSON snippet similar to the following in your ARM template for a backe
 
 ## Load-balanced pool
 
-API Management supports backend *pools* when you want to implement multiple backends for an API and load-balance requests across those backends. A pool is a collection of backends that are treated as a single entity for load balancing.
+API Management supports backend *pools* when you want to implement multiple backends for an API and load-balance requests across those backends. A pool is a collection of backends that the service treats as a single entity for load balancing.
 
 Use a backend pool for scenarios such as the following scenarios:
 
@@ -303,7 +303,7 @@ API Management supports the following load balancing options for backend pools:
 
 ### Session awareness
 
-With any of the preceding load balancing options, you can enable **session awareness** (session affinity) to ensure that all requests from a specific user during a session go to the same backend in the pool. API Management sets a session ID cookie to maintain session state. This option is useful, for example, in scenarios with backends such as AI chat assistants or other conversational agents to route requests from the same session to the same endpoint.
+By using any of the preceding load balancing options, you can enable **session awareness** (session affinity) to ensure that all requests from a specific user during a session go to the same backend in the pool. API Management sets a session ID cookie to maintain session state. This option is useful, for example, in scenarios with backends such as AI chat assistants or other conversational agents to route requests from the same session to the same endpoint.
 
 > [!NOTE]
 > Session awareness in load-balanced pools is being released first to the **AI Gateway Early** [update group](configure-service-update-settings.md).
@@ -312,7 +312,7 @@ With any of the preceding load balancing options, you can enable **session aware
 
 When you use session awareness, the client must handle cookies appropriately. The client needs to store the `Set-Cookie` header value and send it with subsequent requests to maintain session state.
 
-You can use API Management policies to help set cookies for session awareness. For example, for the case of the Assistants API (a feature of [Azure OpenAI in Microsoft Foundry Models](/azure/ai-services/openai/concepts/models)), the client needs to keep the session ID, extract the thread ID from the body, and keep the pair and send the right cookie for each call. Moreover, the client needs to know when to send a cookie or when not to send a cookie header. These requirements can be handled appropriately by defining the following example policies:
+You can use API Management policies to help set cookies for session awareness. For example, in the case of the Assistants API (a feature of [Azure OpenAI in Microsoft Foundry Models](/azure/ai-services/openai/concepts/models)), the client needs to keep the session ID, extract the thread ID from the body, and keep the pair and send the right cookie for each call. Moreover, the client needs to know when to send a cookie or when not to send a cookie header. These requirements can be handled appropriately by defining the following example policies:
 
 
 ```xml
@@ -440,6 +440,30 @@ This example includes an optional `sessionAffinity` pool configuration for sessi
 
 ---
 
+## Context.Backend variable
+When you configure a backend entity in API Management, you can access backend properties in policies by using the `context.Backend` [context variable](api-management-policy-expressions.md#ContextVariables).
+
+The following table lists the properties of the `context.Backend` variable.
+
+| Property | Description |
+|----------|-------------|
+| `Id` | The resource identifier of the backend entity. |
+| `Type` | The type of the backend: `Single` or `Pool`.|
+| `AzureRegion` | The backend region, if specified. |
+
+### Example
+
+The following example shows how to set a custom header with the backend type in an inbound policy:
+
+```xml
+<inbound>
+  <base />
+  <set-backend-service backend-id="my-backend" />
+  <set-header name="X-Backend-Type" exists-action="override">
+    <value>@(context.Backend?.Type ?? "n/a")</value>
+  </set-header>
+</inbound>
+```
 
 ## Limitations
 
 
@@ -79,28 +79,27 @@ For more information, see [Connect using Microsoft Entra authentication](/sql/co
 
 1. Install dependencies.
     ```bash
-    python -m pip install pyodbc
+    python -m pip install mssql-python python-dotenv
     ```
 
 1. Get the Azure SQL Database connection configurations from the environment variable added by Service Connector. Uncomment the part of the code snippet for the authentication type you want to use.
     ```python
-    import os;
-    import pyodbc
+    import os
+    from mssql_python import connect
     
     server = os.getenv('AZURE_SQL_SERVER')
     port = os.getenv('AZURE_SQL_PORT')
     database = os.getenv('AZURE_SQL_DATABASE')
-    authentication = os.getenv('AZURE_SQL_AUTHENTICATION')  # The value should be 'ActiveDirectoryMsi'
     
     # Uncomment the following lines according to the authentication type.
     # For system-assigned managed identity.
-    # connString = f'Driver={{ODBC Driver 18 for SQL Server}};Server={server},{port};Database={database};Authentication={authentication};Encrypt=yes;'
+    # connection_string = f'Server={server},{port};Database={database};Authentication=ActiveDirectoryMSI;Encrypt=yes;'
     
     # For user-assigned managed identity.
     # client_id = os.getenv('AZURE_SQL_USER')
-    # connString = f'Driver={{ODBC Driver 18 for SQL Server}};Server={server},{port};Database={database};UID={client_id};Authentication={authentication};Encrypt=yes;'
+    # connection_string = f'Server={server},{port};Database={database};UID={client_id};Authentication=ActiveDirectoryMSI;Encrypt=yes;'
     
-    conn = pyodbc.connect(connString)
+    conn = connect(connection_string)
     ```
     For an alternative method, you can also connect to Azure SQL Database using an access token, refer to [Migrate a Python application to use passwordless connections with Azure SQL Database](/azure/azure-sql/database/azure-sql-passwordless-migration-python).
 
 
@@ -103,7 +103,7 @@ Although PHP doesn't support connection pooling, you can try using persistent da
 * [MySQL](https://dev.mysql.com/doc/connector-python/en/connector-python-connection-pooling.html)
 * [MariaDB](https://mariadb.com/docs/connectors/mariadb-connector-python/api/pool/)
 * [PostgreSQL](https://www.psycopg.org/docs/pool.html)
-* [Pyodbc](https://github.com/mkleehammer/pyodbc/wiki/The-pyodbc-Module#pooling)
+* [mssql-python](https://github.com/microsoft/mssql-python) (recommended for SQL Server)
 * [SQLAlchemy](https://docs.sqlalchemy.org/en/20/core/pooling.html)
 
 HTTP connection pooling