Merge pull request #311436 from MicrosoftDocs/main

Auto Publish – main to live - 2026-02-05 18:00 UTC

Author: learn-build-service-prod[bot]

articles/active-directory-b2c/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory business-to-customer (B2C)"
 description: "New and updated documentation for the Azure Active Directory business-to-customer (B2C)."
-ms.date: 11/13/2025
+ms.date: 02/03/2026
 ms.service: azure-active-directory
 ms.subservice: b2c
 ms.topic: whats-new
@@ -19,6 +19,14 @@ ms.custom: sfi-ropc-nochange
 
 Welcome to what's new in Azure Active Directory B2C documentation. This article lists new and significantly updated docs from the past three months. To learn what's new with the B2C service, see [What's new in Microsoft Entra ID](../active-directory/fundamentals/whats-new.md), [Azure AD B2C developer release notes](custom-policy-developer-notes.md) and [What's new in Microsoft Entra External ID](/entra/external-id/whats-new-docs).
 
+## January 2026
+
+### Updated articles
+
+- [OAuth 2.0 authorization code flow in Azure Active Directory B2C](authorization-code-flow.md) - Added security guidance on using the `state` parameter
+- [Azure Active Directory B2C service limits and restrictions](service-limits.md) - Updated region specific service limits
+- [Securing phone-based multifactor authentication](phone-based-mfa.md) - Updated the XML code snippets
+
 ## October 2025
 
 ### Updated articles
@@ -33,9 +41,3 @@ Welcome to what's new in Azure Active Directory B2C documentation. This article
 
 - [Azure Active Directory B2C service limits and restrictions](service-limits.md) - Added new object limits
 - [StringCollection claims transformations](stringcollection-transformations.md) - Updated claim type information
-
-## July 2025
-
-### Updated articles
-
-- [Azure Active Directory B2C service limits and restrictions](service-limits.md) - Added new region limits

articles/api-management/breaking-changes/trusted-service-connectivity-retirement-march-2026.md

@@ -54,6 +54,8 @@ If your API Management service has an established networking line of sight to th
 
 For backup and restore and custom hostname certificates, you need to ensure the target key vault or storage account is publicly accessible or you need to preserve its trusted connectivity setting to allow traffic from API Management resources, even if your API Management service has a networking line of sight established with it.
 
+APIs in workspaces aren't affect by this change, since they [do not support managed identity](../workspaces-overview.md).
+
 ### Step 1: Does my API Management gateway rely on trusted service connectivity? 
 
 Your API Management gateway should no longer rely on trusted service connectivity to Azure services. Instead, it should establish a networking line of sight.

articles/application-gateway/migrate-v1-v2.md

@@ -38,9 +38,13 @@ This article primarily helps with the configuration migration. Client traffic mi
 * Make sure you have the latest PowerShell modules, or you can use Azure Cloud Shell in the portal.
 * If you're running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.
 * Ensure that there's no existing Application gateway with the provided AppGW V2 Name and Resource group name in V1 subscription. This rewrites the existing resources.
+* Ensure that no other operation is planned on the V1 gateway or any associated resources during migration.
 * If a public IP address is provided, ensure that it's in a succeeded state. If not provided and AppGWResourceGroupName is provided ensure that public IP resource with name AppGWV2Name-IP  doesn’t  exist in a resource group with the name AppGWResourceGroupName in the V1 subscription.
 * For the V1 SKU, authentication certificates are required to set up TLS connections with backend servers. The V2 SKU requires uploading [trusted root certificates](./certificates-for-backend-authentication.md) for the same purpose. While V1 allows the use of self-signed certificates as authentication certificates, V2 mandates [generating and uploading a self-signed Root certificate](./self-signed-certificates.md) if self-signed certificates are used in the backend.
-* Ensure that no other operation is planned on the V1 gateway or any associated resources during migration.
+
+> [!NOTE]
+> Application Gateway V2 includes [customer controlled Backend TLS Relaxation](configuration-http-settings.md#backend-https-validation-settings), a capability that streamlines backend certificate validation during migration. This feature allows you to temporarily relax TLS checks by skipping certificate‑chain , expiry validation or overriding SNI validation, aligning behavior with what is already permitted in the V1 SKU. When the [enhanced migration script](migrate-v1-v2.md#1-enhanced-cloning-script) runs, these relaxation settings are enabled by default for HTTPS backends to prevent disruptions caused by the stricter certificate enforcement in V2. After completing the migration, you can upload the appropriate trusted root certificates and disable Backend TLS Relaxation to align with the recommended security posture for V2.
+  
 
 [!INCLUDE [cloud-shell-try-it.md](~/reusable-content/ce-skilling/azure/includes/cloud-shell-try-it.md)]
 

articles/azure-vmware/azure-vmware-solution-private-cloud-maintenance.md

@@ -1,5 +1,5 @@
 ---
-title: Azure VMware Solution - private cloud maintenance
+title: Private Cloud Maintenance
 description: Ensuring seamless, reliably maintaintenance of Azure VMware Solution private cloud
 ms.topic: concept-article
 ms.service: azure-vmware

articles/backup/manage-backup-vault.md

@@ -2,7 +2,7 @@
 title: Manage Backup vaults
 description: Learn how to manage the Backup vaults.
 ms.topic: how-to
-ms.date: 07/22/2025
+ms.date: 02/05/2026
 ms.custom: references_regions
 ms.service: azure-backup
 author: AbhishekMallick-MS
@@ -15,7 +15,7 @@ This article describes how to manage Backup vaults once they're created.
 
 A Backup vault is a storage entity in Azure that houses backup data for certain newer workloads that Azure Backup supports. You can use Backup vaults to hold backup data for various Azure services, such Azure Database for PostgreSQL servers and newer workloads that Azure Backup will support. Backup vaults make it easy to organize your backup data, while minimizing management overhead. Backup vaults are based on the Azure Resource Manager model of Azure, which provides the **Azure role-based access control (Azure RBAC)** feature. Azure RBAC provides fine-grained access management control in Azure. [Azure provides various built-in roles](../role-based-access-control/built-in-roles.md), and Azure Backup has three [built-in roles to manage recovery points](backup-rbac-rs-vault.md). Backup vaults are compatible with Azure RBAC, which restricts backup and restore access to the defined set of user roles. [Learn more](backup-rbac-rs-vault.md).
 
-Learn [how to create a Backup vault using Azure Business Continuity Center](../business-continuity-center/backup-vaults.md).
+Learn [how to create a Backup vault using Resiliency](../resiliency/backup-vaults.md).
 
 ## Monitor and manage the Backup vault
 
@@ -35,17 +35,17 @@ In the **Jobs** tile, you get a summarized view of all backup and restore relate
 
 :::image type="content" source="./media/backup-vault-overview/backup-jobs.png" alt-text="Screenshot shows the Backup jobs.":::
 
-## Optimize backup and recovery with Azure Business Continuity Center Copilot
+## Optimize backup and recovery with Resiliency Copilot
 
-Azure Business Continuity Center Copilot introduces new capabilities in the Backup vaults pane, enabling you to configure/manage a secure, resilient backup and recovery environment:
+Resiliency Copilot introduces new capabilities in the Backup vaults pane, enabling you to configure/manage a secure, resilient backup and recovery environment:
 
-- [Increase security level](../business-continuity-center/tutorial-manage-data-using-copilot.md#increase-security-level-of-recovery-service-vault-and-backup-vault) to strengthen protection for backup data and disaster recovery operations.
-- [Analyze job failures](../business-continuity-center/tutorial-manage-data-using-copilot.md#analyze-job-failures-for-recovery-service-vault-and-backup-vault) to gain insights into failures for precise analysis and faster resolution.
-- [Configure protection for unprotected resources](..\business-continuity-center\tutorial-manage-data-using-copilot.md#configure-protection-for-resources-in-recovery-services-vault-and-backup-vault).
-- [Delete a vault](..\business-continuity-center\tutorial-manage-data-using-copilot.md#delete-recovery-services-vault-and-backup-vault-using-copilot).
-- [Troubleshoot common errors efficiently](../business-continuity-center/tutorial-manage-data-using-copilot.md#troubleshoot-error-codes-for-recovery-service-vaults-and-backup-vaults).
+- [Increase security level](../resiliency/tutorial-manage-data-using-copilot.md#increase-security-level-of-recovery-service-vault-and-backup-vault) to strengthen protection for backup data and disaster recovery operations.
+- [Analyze job failures](../resiliency/tutorial-manage-data-using-copilot.md#analyze-job-failures-for-recovery-service-vault-and-backup-vault) to gain insights into failures for precise analysis and faster resolution.
+- [Configure protection for unprotected resources](..\resiliency\tutorial-manage-data-using-copilot.md#configure-protection-for-resources-in-recovery-services-vault-and-backup-vault).
+- [Delete a vault](..\resiliency\tutorial-manage-data-using-copilot.md#delete-recovery-services-vault-and-backup-vault-using-copilot).
+- [Troubleshoot common errors efficiently](../resiliency/tutorial-manage-data-using-copilot.md#troubleshoot-error-codes-for-recovery-service-vaults-and-backup-vaults).
 
-Learn more about [managing the Business Continuity and Disaster Recovery estate using Copilot (preview)](../business-continuity-center/tutorial-manage-data-using-copilot.md).
+Learn more about [managing the Business Continuity and Disaster Recovery estate using Copilot (preview)](../resiliency/tutorial-manage-data-using-copilot.md).
 
 ## Move a Backup vault across Azure subscriptions/resource groups
 
@@ -146,7 +146,7 @@ The Cross Region Restore option allows you to restore data in a secondary Azur
 
 1. Once the backup is complete in the primary region, it can take up to *12 hours* for the recovery point in the primary region to get replicated to the secondary region.
 
-   To check the availability of recovery point in the secondary region, go to the **Backup center** > **Backup Instances** > **Filter  to Azure Database for PostgreSQL servers**, filter **Instance Region** as *Secondary Region*, and then select the required Backup Instance.
+   To check the availability of recovery point in the secondary region, go to the **Backup vault** > **Backup Instances** > **Filter  to Azure Database for PostgreSQL servers**, filter **Instance Region** as *Secondary Region*, and then select the required Backup Instance.
 
    :::image type="content" source="./media/backup-vault-overview/check-availability-of-recovery-point-in-secondary-region.png" alt-text="Screenshot shows how to check availability for the recovery points in the secondary region." lightbox="./media/backup-vault-overview/check-availability-of-recovery-point-in-secondary-region.png":::
 

articles/backup/media/backup-vault-overview/check-availability-of-recovery-point-in-secondary-region.png

@@ -2,7 +2,7 @@
 title: Save and manage MARS agent passphrase securely in Azure Key Vault
 description: Learn how to save MARS agent passphrase securely in Azure Key Vault and retrieve them during restore.
 ms.topic: how-to
-ms.date: 10/10/2025
+ms.date: 02/05/2026
 ms.reviewer: sooryar
 ms.service: azure-backup
 ms.custom: devx-track-azurecli, devx-track-azurepowershell
@@ -125,7 +125,7 @@ To assign the permissions, follow these steps:
 
 3. The Recovery Services vault identity requires the **Set permission on Secret** to create and add the passphrase as a Secret to the Key Vault. 
 
-   You can select a *built-in role* such as **Key Vault Secrets Officer** that has the permission (along with other permissions not required for this feature) or [create a custom role](/azure/key-vault/general/rbac-guide?tabs=azurepowershell#creating-custom-roles) with only Set permission on Secret. 
+   You can select a *built-in role* such as [**Key Vault Secrets Officer**](/azure/role-based-access-control/built-in-roles/security#key-vault-secrets-officer) that has the permission (along with other permissions not required for this feature) or [create a custom role](/azure/key-vault/general/rbac-guide?tabs=azurepowershell#creating-custom-roles) with only Set permission on Secret. 
 
    Under **Details**, select **View** to view the permissions granted by the role and ensure *Set* permission on *Secret* is available.
 

articles/backup/media/backup-vault-overview/initiate-restore-to-secondary-region.png

@@ -33,6 +33,7 @@ To use manual jobs, you first create a job with a trigger type of `Manual` and t
         --name "$JOB_NAME" --resource-group "$RESOURCE_GROUP"  --environment "$ENVIRONMENT" \
         --trigger-type "Manual" \
         --replica-timeout 1800 \
+        --replica-retry-limit 1 \
         --image "mcr.microsoft.com/k8se/quickstart-jobs:latest" \
         --cpu "0.25" --memory "0.5Gi"
     ```
@@ -64,6 +65,7 @@ az containerapp job create \
     --name "$JOB_NAME" --resource-group "$RESOURCE_GROUP"  --environment "$ENVIRONMENT" \
     --trigger-type "Schedule" \
     --replica-timeout 1800 \
+    --replica-retry-limit 1 \
     --image "mcr.microsoft.com/k8se/quickstart-jobs:latest" \
     --cpu "0.25" --memory "0.5Gi" \
     --cron-expression "*/1 * * * *"