Merge pull request #309759 from MicrosoftDocs/main

Saisang · web-flow · commit 6ea155910964 · 2025-12-19T13:32:31.000+08:00
12/19 11:00 AM IST Publish
diff --git a/articles/azure-netapp-files/manage-file-access-logs.md b/articles/azure-netapp-files/manage-file-access-logs.md
@@ -5,7 +5,7 @@ services: azure-netapp-files
 author: b-ahibbard
 ms.service: azure-netapp-files
 ms.topic: how-to
-ms.date: 11/12/2025
+ms.date: 12/19/2025
 ms.author: anfdocs
 ms.custom: references_regions
 # Customer intent: As a storage administrator, I want to enable file access logs on Azure NetApp Files volumes so that I can monitor file access operations and troubleshoot access issues effectively.
@@ -92,7 +92,8 @@ Availability for file access log is limited to the following regions:
 - East US
 - East US 2
 - France Central 
-- Germany North 
+- Germany North
+- Italy North
 - Japan East
 - Japan West
 - Korea Central
@@ -105,6 +106,7 @@ Availability for file access log is limited to the following regions:
 - South Central US
 - Southeast Asia
 - South India
+- Spain Central
 - Sweden Central
 - Switzerland North
 - Switzerland West
diff --git a/articles/data-factory/TOC.yml b/articles/data-factory/TOC.yml
@@ -18,35 +18,31 @@ items:
   - name: Compare Azure Data Factory to Data Factory in Fabric
     href: /fabric/data-factory/compare-fabric-data-factory-and-azure-data-factory?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
   - name: Pipeline assessment tool
-    href: how-to-assess-your-azure-data-factory-to-fabric-data-factory-migration.md  
+    href: how-to-assess-your-azure-data-factory-to-fabric-data-factory-migration.md
   - name: Connector capability comparison
     href: /fabric/data-factory/connector-parity?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
+  - name: Migration planning
+    href: /fabric/data-factory/migrate-planning-azure-data-factory?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
   - name: Migration best practices
     href: /fabric/data-factory/migration-best-practices?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
-  - name: Pipelines
+  - name: Bring your Azure Data Factory to Fabric
+    href: /fabric/data-factory/migrate-pipelines-azure-data-factory-item?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json 
+  - name: Migrate pipelines with PowerShell
     items:
-    - name: Migrate from Azure Data Factory to Data Factory in Microsoft Fabric
-      href: /fabric/data-factory/migrate-from-azure-data-factory?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
-    - name: Bring your Azure Data Factory to Fabric
-      href: /fabric/data-factory/migrate-pipelines-azure-data-factory-item?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
-    - name: Planning your migration from Azure Data Factory to Fabric
-      href: /fabric/data-factory/migrate-planning-azure-data-factory?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
-    - name: Migrate pipelines with PowerShell
-      items: 
-      - name: Pipeline migration with PowerShell overview
-        href: /fabric/data-factory/migrate-pipelines-powershell-upgrade-module-for-azure-data-factory-to-fabric?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
-      - name: Tutorial PowerShell pipeline migration
-        href: /fabric/data-factory/migrate-pipelines-powershell-upgrade-module-tutorial?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
-      - name: Build your resolutions file
-        href: /fabric/data-factory/migrate-pipelines-how-to-add-connections-to-resolutions-file?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
-      - name: Find your Fabric workspace ID
-        href: /fabric/data-factory/migrate-pipelines-how-to-find-your-fabric-workspace-id?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
-    - name: Fabric dataflows for mapping data flow users
-      href: /fabric/data-factory/guide-to-dataflows-for-mapping-data-flow-users?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
-    - name: How to ingest data from Azure Data Factory to Fabric
-      href: how-to-ingest-data-into-fabric-from-azure-data-factory.md
+    - name: Pipeline migration with PowerShell overview
+      href: /fabric/data-factory/migrate-pipelines-powershell-upgrade-module-for-azure-data-factory-to-fabric?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
+    - name: Tutorial PowerShell pipeline migration
+      href: /fabric/data-factory/migrate-pipelines-powershell-upgrade-module-tutorial?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
+    - name: Build your resolutions file
+      href: /fabric/data-factory/migrate-pipelines-how-to-add-connections-to-resolutions-file?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
+    - name: Find your Fabric workspace ID
+      href: /fabric/data-factory/migrate-pipelines-how-to-find-your-fabric-workspace-id?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
+  - name: How to ingest data from Azure Data Factory to Fabric
+    href: how-to-ingest-data-into-fabric-from-azure-data-factory.md
   - name: Dataflows
-    items:    
+    items:
+    - name: Fabric dataflows for mapping data flow users
+      href: /fabric/data-factory/guide-to-dataflows-for-mapping-data-flow-users?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json    
     - name: Migrate from Dataflow Gen1 to Dataflow Gen2
       href: /fabric/data-factory/dataflow-gen2-migrate-from-dataflow-gen1?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
     - name: Migrate to Dataflow Gen2 scenarios
@@ -55,6 +51,8 @@ items:
       href: /fabric/data-factory/move-dataflow-gen1-to-dataflow-gen2?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
     - name: Migrate to Dataflow Gen2 using Save As
       href: /fabric/data-factory/migrate-to-dataflow-gen2-using-save-as?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
+    - name: How to ingest data from ADF to Fabric
+      href: /fabric/data-factory/how-to-ingest-data-into-fabric-from-azure-data-factory?toc=/azure/data-factory/TOC.json&bc=/azure/data-factory/breadcrumb/toc.json
 - name: Quickstarts
   expanded: true
   items:
diff --git a/articles/storage/container-storage/container-storage-release-notes.md b/articles/storage/container-storage/container-storage-release-notes.md
@@ -141,7 +141,7 @@ Azure Container Storage follows a transparent and predictable support lifecycle,
 | Release version | Release Date  | End of Life | Supported Kubernetes Versions |
 |-----------------|---------------|-------------|-------------------------------|
 |2.0.1 - Patch Release | 12/16/2025 | 09/09/2026 | 1.33, 1.32, 1.31 |
-|1.4.0 - Minor Release | 12/16/2025 | 12/15/2026 | 1.32, 1.31, 1.30 |
+|1.4.0 - Minor Release | 12/16/2025 | 12/15/2026 | 1.33, 1.32, 1.31 |
 |2.0.0 - Major Release | 09/10/2025 | 09/09/2026 | 1.33, 1.32, 1.31 |
 |1.3.2 - Patch Release | 09/15/2025 | 04/27/2026 | 1.32, 1.31, 1.30 |
 |1.3.1 - Patch Release | 07/02/2025 | 04/27/2026 | 1.32, 1.31, 1.30 |
diff --git a/articles/storage/files/storage-files-identity-ad-ds-enable.md b/articles/storage/files/storage-files-identity-ad-ds-enable.md
@@ -4,7 +4,7 @@ description: Learn how to enable Active Directory Domain Services authentication
 author: khdownie
 ms.service: azure-file-storage
 ms.topic: how-to
-ms.date: 06/24/2025
+ms.date: 12/18/2025
 ms.author: kendownie 
 ms.custom: engagement-fy23, devx-track-azurepowershell
 # Customer intent: As an IT administrator, I want to enable Active Directory Domain Services authentication for Azure file shares, so that our domain-joined Windows virtual machines can securely access and manage file shares using existing AD credentials.
@@ -26,7 +26,7 @@ To enable AD DS authentication over SMB for Azure file shares, you need to regis
 The AzFilesHybrid PowerShell module provides cmdlets for deploying and configuring Azure Files. It includes cmdlets for domain joining storage accounts to your on-premises Active Directory and configuring your DNS servers. The cmdlets make the necessary modifications and enable the feature for you. Because some parts of the cmdlets interact with your on-premises AD DS, we explain what the cmdlets do, so you can determine if the changes align with your compliance and security policies, and ensure you have the proper permissions to execute the cmdlets. Although we recommend using the AzFilesHybrid module, if you're unable to do so, we provide [manual steps](#option-two-manually-perform-the-enablement-actions).
 
 > [!IMPORTANT]
-> AES-256 Kerberos encryption is now the only encryption method supported by the AzFilesHybrid module. If you prefer to use RC4 encryption, see [Option two: Manually perform the enablement actions](#option-two-manually-perform-the-enablement-actions). If you previously enabled the feature with an old AzFilesHybrid version (below v0.2.2) that used RC4 as the default encryption method and want to update to support AES-256, see [troubleshoot Azure Files SMB authentication](/troubleshoot/azure/azure-storage/files-troubleshoot-smb-authentication?toc=/azure/storage/files/toc.json#azure-files-on-premises-ad-ds-authentication-support-for-aes-256-kerberos-encryption).
+> AES-256 Kerberos encryption is the only encryption method the AzFilesHybrid module supports. If you previously enabled the feature with an old AzFilesHybrid version (below v0.2.2) that used RC4 as the default encryption method, we recommend updating to AES-256 immediately. See [Troubleshoot Azure Files SMB authentication](/troubleshoot/azure/azure-storage/files-troubleshoot-smb-authentication?toc=/azure/storage/files/toc.json#azure-files-on-premises-ad-ds-authentication-support-for-aes-256-kerberos-encryption).
 
 ### Prerequisites
 
@@ -201,7 +201,7 @@ Set-AzStorageAccount `
 
 #### Enable AES-256 encryption (recommended)
 
-To enable AES-256 encryption, follow the steps in this section. If you plan to use RC4 encryption, skip this section.
+To enable AES-256 encryption, follow the steps in this section.
 
 > [!IMPORTANT]
 > In order to enable AES-256 encryption, the domain object that represents your storage account must be a computer account (default) or service logon account in the on-premises AD domain. If your domain object doesn't meet this requirement, delete it and create a new domain object that does. Also, you must have write access to the `msDS-SupportedEncryptionTypes` attribute of the object.
@@ -232,7 +232,7 @@ Set-ADAccountPassword -Identity <domain-object-identity> -Reset -NewPassword $Ne
 ```
 
 > [!IMPORTANT]
-> If you were previously using RC4 encryption and update the storage account to use AES-256, you should run `klist purge` on the client and then remount the file share to get new Kerberos tickets with AES-256.
+> If you were previously using RC4 encryption and updated the storage account to use AES-256 (recommended), you should run `klist purge` on the client and then remount the file share to get new Kerberos tickets with AES-256.
 
 ### Debugging
 
diff --git a/articles/storage/files/storage-files-identity-ad-ds-overview.md b/articles/storage/files/storage-files-identity-ad-ds-overview.md
@@ -4,7 +4,7 @@ description: Learn about Active Directory Domain Services (AD DS) authentication
 author: khdownie
 ms.service: azure-file-storage
 ms.topic: how-to
-ms.date: 10/16/2025
+ms.date: 12/18/2025
 ms.author: kendownie
 # Customer intent: "As a system administrator, I want to enable on-premises Active Directory Domain Services authentication for Azure file shares, so that I can manage access permissions seamlessly while leveraging existing AD credentials for secure file access."
 ---
@@ -21,12 +21,11 @@ If you're new to Azure Files, we recommend reading the [planning guide](storage-
 
 ## Supported scenarios and restrictions
 
-- To use identity-based authentication with Azure Files, share-level RBAC permissions must be assigned. You can do this in two ways:
+- To use identity-based authentication with Azure Files, you must assign share-level RBAC permissions. You can do this in two ways:
   - **[Default share-level permission](storage-files-identity-assign-share-level-permissions.md#share-level-permissions-for-all-authenticated-identities):** This option applies RBAC at the share level for all authenticated users. With this configuration, you don't need to sync your on-premises AD DS identities to Microsoft Entra ID.
   - **[Granular share-level permissions](storage-files-identity-assign-share-level-permissions.md#share-level-permissions-for-specific-microsoft-entra-users-or-groups):** If you want to assign RBAC at the share level to specific users or groups, the corresponding identities must be synchronized from your on-premises AD DS to Microsoft Entra ID using [Microsoft Entra Connect](/entra/identity/hybrid/connect/whatis-azure-ad-connect) or [Microsoft Entra Cloud Sync](/entra/identity/hybrid/cloud-sync/what-is-cloud-sync). Groups created only in Microsoft Entra ID won't work unless they contain synced user accounts. Password hash synchronization isn't required.
 - Client OS requirements: Windows 8 / Windows Server 2012 or later, or Linux VMs such as Ubuntu 18.04+ and equivalent RHEL/SLES distributions.
-- You can manage Azure file shares with Azure File Sync.
-- Kerberos authentication is available with Active Directory using [AES 256 encryption](/troubleshoot/azure/azure-storage/files-troubleshoot-smb-authentication?toc=/azure/storage/files/toc.json#azure-files-on-premises-ad-ds-authentication-support-for-aes-256-kerberos-encryption) (recommended) and RC4-HMAC. AES 128 Kerberos encryption isn't yet supported.
+- Kerberos authentication is available with Active Directory using [AES 256 encryption](/troubleshoot/azure/azure-storage/files-troubleshoot-smb-authentication?toc=/azure/storage/files/toc.json#azure-files-on-premises-ad-ds-authentication-support-for-aes-256-kerberos-encryption) (recommended). AES 128 Kerberos encryption isn't yet supported.
 - Single sign-on (SSO) is supported.
 - By default, access is limited to the Active Directory forest where the storage account is registered. Users from any domain in that forest can access the file share contents, provided they have the appropriate permissions. To enable access from additional forests, you must configure a forest trust. For details, see [Use Azure Files with multiple Active Directory forests](storage-files-identity-multiple-forests.md).
 - Identity-based authentication isn't currently supported for NFS file shares.
@@ -49,17 +48,17 @@ Before you enable AD DS authentication for Azure file shares, make sure you comp
 
     You can enable the feature on a new or existing on-premises AD DS environment. Identities used for access must be synced to Microsoft Entra ID or use a default share-level permission. The Microsoft Entra tenant and the file share that you're accessing must be associated with the same subscription.
 
-- Domain-join an on-premises machine or an Azure VM to on-premises AD DS. For information about how to domain-join, see [Join a Computer to a Domain](/windows-server/identity/ad-fs/deployment/join-a-computer-to-a-domain).
+- Domain-join an on-premises machine or an Azure VM to on-premises AD DS. See [Join a Computer to a Domain](/windows-server/identity/ad-fs/deployment/join-a-computer-to-a-domain).
 
     If a machine isn't domain joined, you can still use AD DS for authentication if the machine has unimpeded network connectivity to the on-premises AD domain controller and the user provides explicit credentials. For more information, see [Mount the file share from a non-domain-joined VM or a VM joined to a different AD domain](storage-files-identity-mount-file-share.md#mount-the-file-share-from-a-non-domain-joined-vm-or-a-vm-joined-to-a-different-ad-domain).
 
 - Select or create an Azure storage account. For optimal performance, we recommend that you deploy the storage account in the same region as the client from which you plan to access the share.
 
-    Make sure that the storage account containing your file shares isn't already configured for identity-based authentication. If an AD source is already enabled on the storage account, you must disable it before enabling on-premises AD DS.
+    Make sure that the storage account containing your file shares isn't already configured for identity-based authentication. If an identity source is already enabled on the storage account, you must disable it before enabling on-premises AD DS.
 
     If you experience issues in connecting to Azure Files, see [troubleshoot Azure Files mounting errors on Windows](https://azure.microsoft.com/blog/new-troubleshooting-diagnostics-for-azure-files-mounting-errors-on-windows/).
 
-- If you plan to enable any networking configurations on your file share, we recommend you read the [networking considerations](./storage-files-networking-overview.md) article and complete the related configuration before enabling AD DS authentication.
+- If you plan to enable any networking configurations on your file share, read the [networking considerations](./storage-files-networking-overview.md) article and complete the related configuration before enabling AD DS authentication.
 
 ## Regional availability
 
diff --git a/articles/storage/files/storage-files-identity-auth-domain-services-enable.md b/articles/storage/files/storage-files-identity-auth-domain-services-enable.md
