Merge branch 'main' into release-durable-task

Author: v-alje

articles/active-directory-b2c/partner-onfido.md

@@ -113,7 +113,7 @@ REST API settings:
 #### Upload your files
 
 1. Store the UI folder files in your blob container.
-2. [Use Azure Storage Explorer to manage Azure Managed Disks](/azure/virtual-machines/disks-use-storage-explorer-managed-disks) and access permissions.
+2. [Use Azure Storage Explorer to manage Azure managed disks](/azure/virtual-machines/disks-use-storage-explorer-managed-disks) and access permissions.
 
 ### Configure Azure AD B2C
 

articles/application-gateway/json-web-token-overview.md

@@ -11,7 +11,7 @@ ms.date: 11/18/2025
 
 # JSON Web Token (JWT) validation in Azure Application Gateway (preview)
 
-[Azure Application Gateway](/azure/application-gateway/) validates JSON Web Tokens (JWTs) issued by [Microsoft Entra ID](https://docs.azure.cn/en-us/entra/fundamentals/what-is-entra) (formerly Azure Active Directory) in incoming HTTPS requests. This capability provides first-hop authentication enforcement for web APIs or any protected resource without requiring custom code in your backend applications.
+[Azure Application Gateway](/azure/application-gateway/) validates JSON Web Tokens (JWTs) issued by [Microsoft Entra ID](/entra/fundamentals/what-is-entra) (formerly Azure Active Directory) in incoming HTTPS requests. This capability provides first-hop authentication enforcement for web APIs or any protected resource without requiring custom code in your backend applications.
 
 This capability verifies the integrity and authenticity of tokens in incoming requests. It then determines whether to allow or deny access before forwarding traffic to backend services. Upon successful validation, the gateway injects the `x-msft-entra-identity` header into the request and forwards it to the backend. Downstream applications can then securely consume verified identity information.
 

articles/azure-functions/functions-cli-samples.md

@@ -3,14 +3,14 @@ title: Azure CLI samples for Azure Functions
 description: Find links to bash scripts for Azure Functions that use the Azure CLI. Learn how to create a function app that allows integration and deployment.
 ms.assetid: 577d2f13-de4d-40d2-9dfc-86ecc79f3ab0
 ms.topic: sample
-ms.date: 02/27/2026
+ms.date: 04/01/2026
 ms.custom: mvc, devx-track-azurecli, seo-azure-cli
 keywords: functions, azure cli samples, azure cli examples, azure cli code samples
 ---
 
 # Azure CLI Samples
 
-These end-to-end Azure CLI scripts are provided to help you learn how to provision and manage the Azure resources required by Azure Functions. You must use the [Azure Functions Core Tools](functions-run-local.md) to create actual Azure Functions code projects from the command line on your local computer and deploy code to these Azure resources. For a complete end-to-end example of developing and deploying from the command line using both Core Tools and the Azure CLI, see one of these language-specific command line quickstarts: 
+These end-to-end Azure CLI scripts help you learn how to create and manage the Azure resources required by Azure Functions. You must use the [Azure Functions Core Tools](functions-run-local.md) to create actual Azure Functions code projects from the command line on your local computer and deploy code to these Azure resources. For a complete end-to-end example of developing and deploying from the command line using both Core Tools and the Azure CLI, see one of these language-specific command line quickstarts:
 
 + [C#](how-to-create-function-azure-cli.md?pivots=programming-language-csharp)
 + [Java](how-to-create-function-azure-cli.md?pivots=programming-language-java)
@@ -30,13 +30,18 @@ The following table includes links to bash scripts that you can use to create an
 | [create-function-app-premium-plan.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/create-function-app-premium-plan) | Creates a function app in a Premium (Elastic Premium) plan. |
 | [create-function-app-app-service-plan.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/create-function-app-app-service-plan) | Creates a function app in a dedicated App Service plan. |
 
-| Connect to services | Description|
+| Connect to services | Description |
 |---|---|
 | [create-function-app-connect-to-storage-account.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/create-function-app-connect-to-storage) | Creates a function app in a Flex Consumption plan and connects it to a storage account using managed identity. |
 | [create-function-app-connect-to-cosmos-db.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/create-function-app-connect-to-cosmos-db) | Creates a function app in a Flex Consumption plan and connects it to Azure Cosmos DB using managed identity and RBAC. |
 | [connect-azure-openai-resources.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/connect-azure-openai-resources) | Creates a function app in a Flex Consumption plan and connects it to Azure OpenAI using managed identity. |
 | [functions-cli-mount-files-storage-linux.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/functions-cli-mount-files-storage-linux) | Creates a Linux function app and mounts an Azure Files share, which lets you leverage existing data or machine learning models in your functions. |
 
-| Deploy code | Description|
+| Secure networking | Description |
+|---|---|
+| [create-function-app-vnet-storage.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/create-function-app-vnet-storage) | Creates a function app in a Flex Consumption plan with VNet integration and restricts the storage account behind private endpoints so it's only accessible from inside the virtual network. |
+| [create-function-app-private-endpoint.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/create-function-app-private-endpoint) | Creates a function app in a Flex Consumption plan with an inbound private endpoint, restricting the function app's HTTP endpoints to only be callable from inside the virtual network. |
+
+| Deploy code | Description |
 |---|---|
 | [deploy-function-app-with-function-github-continuous.sh](https://github.com/Azure-Samples/azure-cli-samples/tree/master/azure-functions/deploy-function-app-with-function-github-continuous) | Creates a function app in a Consumption plan and deploys code from a public GitHub repository. |

articles/azure-government/azure-secure-isolation-guidance.md

@@ -772,7 +772,7 @@ The DEK, encrypted with the KEK, is stored separately and only an entity with ac
 For [Windows VMs](/azure/virtual-machines/windows/disk-encryption-faq), Azure Disk encryption selects the encryption method in BitLocker based on the version of Windows, for example, XTS-AES 256 bit for Windows Server 2012 or greater. These crypto modules are FIPS 140 validated as part of the Microsoft [Windows FIPS validation program](/windows/security/threat-protection/fips-140-validation#modules-used-by-windows-server). For [Linux VMs](/azure/virtual-machines/linux/disk-encryption-faq), Azure Disk encryption uses the decrypt default of aes-xts-plain64 with a 256-bit volume master key that is FIPS 140 validated as part of DM-Crypt validation obtained by suppliers of Linux IaaS VM images in Microsoft Azure Marketplace.
 
 ##### *Server-side encryption for managed disks*
-[Azure Managed Disks](/azure/virtual-machines/managed-disks-overview) are block-level storage volumes that are managed by Azure and used with Azure Windows and Linux virtual machines. They simplify disk management for Azure IaaS VMs by handling storage account management transparently for you. Azure Managed Disks automatically encrypt your data by default using [256-bit AES encryption](/azure/virtual-machines/disk-encryption) that is FIPS 140 validated. For encryption key management, you have the following choices:
+[Azure managed disks](/azure/virtual-machines/managed-disks-overview) are block-level storage volumes that are managed by Azure and used with Azure Windows and Linux virtual machines. They simplify disk management for Azure IaaS VMs by handling storage account management transparently for you. Azure managed disks automatically encrypt your data by default using [256-bit AES encryption](/azure/virtual-machines/disk-encryption) that is FIPS 140 validated. For encryption key management, you have the following choices:
 
 - [Platform-managed keys](/azure/virtual-machines/disk-encryption#platform-managed-keys) is the default choice that provides transparent data encryption at rest for managed disks whereby keys are managed by Microsoft.
 - [Customer-managed keys](/azure/virtual-machines/disk-encryption#customer-managed-keys) enables you to have control over your own keys that can be imported into or generated inside Azure Key Vault or Managed HSM. This approach relies on two sets of keys as described previously: DEK and KEK. DEK encrypts the data using an AES-256 based encryption and is in turn encrypted by an RSA KEK that is stored in Azure Key Vault or Managed HSM.

articles/azure-government/documentation-government-product-roadmap.md

@@ -2,11 +2,11 @@
 title: Azure Government product General Availability (GA) roadmap
 description: Overview of Azure Government product General Availability (GA) by authorization level
 ms.service: azure-government
-ms.topic: feature-availability
+ms.topic: conceptual
 ms.author: russellkirk
 author: krussell09
 recommendations: false
-ms.date: 03/19/2026
+ms.date: 04/02/2026
 ---
 # Microsoft Azure Government Product General Availability(GA) Roadmap
 
@@ -54,7 +54,7 @@ For comprehensive information about compliance in Azure Government clouds, see [
 | Application Gateway | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: |
 |       Application Gateway v2 | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: |
 | Automation | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: |
-|       Change Tracking | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | Forecasted |
+|       Change Tracking | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: |
 | Azure Advisor | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: |
 | Azure AI Search | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: |
 |       AI Enrichment | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: |
@@ -67,7 +67,7 @@ For comprehensive information about compliance in Azure Government clouds, see [
 | Azure Automanage Machine Configuration | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | Planned |
 | Azure Bastion | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: |
 | Azure Bot Service | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | Planned | n/a |
-| Azure Cloud HSM | n/a | n/a | n/a | Forecasted |
+| Azure Cloud HSM | Planned | n/a | n/a | Forecasted |
 | Azure Cosmos DB | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: |
 | Azure Data Box | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: |
 |       Data Box | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: | :::image alt-text="GA" type="content" source="media/check-mark.svg" border="false"::: |

articles/azure-netapp-files/azacsnap-preview.md

@@ -18,7 +18,7 @@ This article provides a guide on setup and usage of the new features in preview
 The preview features provided with AzAcSnap 11 are:
 
 - Azure NetApp Files backup
-- Azure Managed Disks
+- Azure managed disks
 
 > [!NOTE]
 > Previews are provided "as is," "with all faults," and "as available," and are excluded from the service-level agreements and may not be covered by customer support.
@@ -51,7 +51,7 @@ You can also enable this feature by using `azacsnap -c configure --configuration
 
 For more information about this feature, see [Configure the Azure Application Consistent Snapshot tool](azacsnap-cmd-ref-configure.md).
 
-## Azure Managed Disks
+## Azure managed disks
 
 Microsoft provides many storage options for deploying databases such as SAP HANA. For details about some of these options, see [Azure Storage types for SAP workload](/azure/virtual-machines/workloads/sap/planning-guide-storage). There's also a [cost-conscious solution with Azure premium storage](/azure/virtual-machines/workloads/sap/hana-vm-premium-ssd-v1#cost-conscious-solution-with-azure-premium-storage).
 
@@ -62,13 +62,13 @@ AzAcSnap can take application-consistent database snapshots when you deploy it o
 
 Here's the architecture at a high level:
 
-1. Attach Azure Managed Disks to the VM by using the Azure portal.
+1. Attach Azure managed disks to the VM by using the Azure portal.
 1. Create a logical volume from these managed disks.
 1. Mount the logical volume to a Linux directory.
 1. Enable communication in the same way as for Azure NetApp Files in the [AzAcSnap installation](azacsnap-configure-storage.md?tabs=azure-netapp-files#enable-communication-with-storage).
 1. Install and configure AzAcSnap.
 
-For more information about using Azure Managed Disks as a storage back end, see [Configure the Azure Application Consistent Snapshot tool](azacsnap-cmd-ref-configure.md).
+For more information about using Azure managed disks as a storage back end, see [Configure the Azure Application Consistent Snapshot tool](azacsnap-cmd-ref-configure.md).
 
 ### Example configuration file
 
@@ -168,7 +168,7 @@ The storage hierarchy looks like the following example for SAP HANA:
   VG Size               1023.99 GiB
   ```
 
-- Physical volumes (attached Azure Managed Disks):
+- Physical volumes (attached Azure managed disks):
 
   ```bash
   pvdisplay
@@ -197,17 +197,17 @@ The storage hierarchy looks like the following example for SAP HANA:
   PV UUID               RNCylW-F3OG-G93c-1XL3-W6pw-M0XB-2mYFGV
   ```
 
-Installing and setting up the Azure VM and Azure Managed Disks in this way follows Microsoft guidance to create Logical Volume Manager (LVM) stripes of the managed disks on the VM.
+Installing and setting up the Azure VM and Azure managed disks in this way follows Microsoft guidance to create Logical Volume Manager (LVM) stripes of the managed disks on the VM.
 
-With the Azure VM set up as prescribed, AzAcSnap can take snapshots of Azure Managed Disks. The snapshot operations are similar to those for other storage back ends that AzAcSnap supports; for example, Azure NetApp Files or Azure Large Instances (bare metal). Because AzAcSnap communicates with Azure Resource Manager to take snapshots, it also needs a service principal with the correct permissions to take managed disk snapshots.
+With the Azure VM set up as prescribed, AzAcSnap can take snapshots of Azure managed disks. The snapshot operations are similar to those for other storage back ends that AzAcSnap supports; for example, Azure NetApp Files or Azure Large Instances (bare metal). Because AzAcSnap communicates with Azure Resource Manager to take snapshots, it also needs a service principal with the correct permissions to take managed disk snapshots.
 
 This capability allows customers to test AzAcSnap on a smaller system and scale up to Azure NetApp Files and/or Azure Large Instances (bare metal).
 
-Supported `azacsnap` command functionality with Azure Managed Disks is `configure`, `test`, `backup`, `delete`, and `details`, but not yet `restore`.
+Supported `azacsnap` command functionality with Azure managed disks is `configure`, `test`, `backup`, `delete`, and `details`, but not yet `restore`.
 
-### Restore from an Azure Managed Disk snapshot
+### Restore from an Azure managed disk snapshot
 
-Although `azacsnap` is currently missing the `-c restore` option for Azure Managed Disks, it's possible to restore manually as follows:
+Although `azacsnap` is currently missing the `-c restore` option for Azure managed disks, it's possible to restore manually as follows:
 
 1. Create disks from the snapshots via the Azure portal.
 

articles/azure-netapp-files/azure-government.md

@@ -28,6 +28,7 @@ All [Azure NetApp Files features](whats-new.md) available on Azure public cloud
 | Customer-managed keys with managed Hardware Security Module | Generally available | No |
 | Elastic zone-redundant storage service level | Preview | No |
 | File access logs | Generally available | [Partial support](manage-file-access-logs.md#supported-regions) |
+| Storage with cool access enhancement for Premium and Ultra service levels | Preview | No |
 
 ## Portal access