Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

articles/active-directory-b2c/phone-based-mfa.md

@@ -7,7 +7,7 @@ author: kengaderdus
 manager: CelesteDG
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 10/23/2024
+ms.date: 11/05/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 ms.custom: sfi-image-nochange
@@ -93,7 +93,7 @@ Take the following actions to help mitigate fraudulent sign-ups.
    - [Configure a Conditional Access policy](conditional-access-user-flow.md) to block sign-ins based on location (applies to sign-in flows only, not sign-up flows).
    - To prevent automated attacks on your consumer-facing apps, [enable CAPTCHA](add-captcha.md). Azure AD B2C’s CAPTCHA supports both audio and visual CAPTCHA challenges, and applies to both sign-up and sign-in flows for your local accounts.
 
-- Remove country codes that aren't relevant to your organization from the drop-down menu where the user verifies their phone number (this change will apply to future sign-ups):
+- Remove country/region codes that aren't relevant to your organization from the drop-down menu where the user verifies their phone number (this change will apply to future sign-ups):
 
    1. Sign in to the [Azure portal](https://portal.azure.com) as the [External ID User Flow Administrator](/entra/identity/role-based-access-control/permissions-reference#external-id-user-flow-administrator) of your Azure AD B2C tenant.
    1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
@@ -104,9 +104,9 @@ Take the following actions to help mitigate fraudulent sign-ups.
 
    1. Open the JSON file that was downloaded in the previous step. In the file, search for `DEFAULT`, and replace the line with `"Value": "{\"DEFAULT\":\"Country/Region\",\"US\":\"United States\"}"`. Be sure to set `Overrides` to `true`.
 
- To implement SMS blocking effectively, make sure the Overrides setting is enabled (set to true) only for your organization’s primary or default language. Do not enable Overrides for any secondary or non-primary languages, as this can cause unexpected SMS blocking. Since the countryList in the JSON file acts as an allow list, be sure to include all countries that should be permitted to send SMS in this list for the primary language configuration when Overrides is true.
+ To implement SMS blocking effectively, make sure the Overrides setting is enabled (set to true) only for your organization’s primary or default language. Do not enable Overrides for any secondary or non-primary languages, as this can cause unexpected SMS blocking. Since the countryList in the JSON file acts as an allow list, be sure to include all countries/regions that should be permitted to send SMS in this list for the primary language configuration when Overrides is true.
    > [!NOTE]
-   > You can customize the list of allowed country codes in the `countryList` element (see the [Phone factor authentication page example](localization-string-ids.md#phone-factor-authentication-page-example)).
+   > You can customize the list of allowed country/region codes in the `countryList` element (see the [Phone factor authentication page example](localization-string-ids.md#phone-factor-authentication-page-example)).
 
    1. Save the JSON file. In the language details panel, under **Upload new overrides**, select the modified JSON file to upload it.
    1. Close the panel and select **Run user flow**. For this example, confirm that **United States** is the only country code available in the dropdown:
@@ -115,11 +115,32 @@ Take the following actions to help mitigate fraudulent sign-ups.
 
 ## Mitigate fraudulent sign-ups for custom policy
 
-To help prevent fraudulent sign-ups, remove any country codes that do not apply to your organization by following these steps:
+To help prevent fraudulent sign-ups, remove any country/region codes that do not apply to your organization by following these steps:
 
-1. Locate the policy file that defines the `RelyingParty`. For example, in the [Starter Pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack), this is usually the SignUpOrSignin.xml file.
+1. Locate the policy file that defines the `RelyingParty`. For example, in the [Starter Pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack), this is usually the SignUpOrSignin.xml file. See the following snippet.
 
-1. In the `BuildingBlocks` section of this policy file, add the following code. Make sure to include only the country codes relevant to your organization:
+     ```xml
+    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+    <TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+      xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="yourtenant.onmicrosoft.com" PolicyId="B2C_1A_signup_signin" PublicPolicyUri="http://yourtenant.onmicrosoft.com/B2C_1A_signup_signin">
+    
+      <BasePolicy>
+        <TenantId>yourtenant.onmicrosoft.com</TenantId>
+        <PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>
+      </BasePolicy>
+    
+      <BuildingBlocks>
+         <!-- Add the XML code outlined in Step 2 if this section. -->
+      </BuildingBlocks>
+    
+      <RelyingParty>
+        ...
+      </RelyingParty>
+    </TrustFrameworkPolicy>
+    ```
+
+1. In the `BuildingBlocks` section of this policy file, add the following code. Make sure to include only the country/region codes relevant to your organization:
 
    ```xml
     <BuildingBlocks>
@@ -155,10 +176,13 @@ To help prevent fraudulent sign-ups, remove any country codes that do not apply
      </BuildingBlocks>
     ```
 
-The countryList acts as an allow list. Only the countries you specify in this list (for example, Japan, Bulgaria, and the United States) are permitted to use MFA. All other countries are blocked.
+    The countryList acts as an allow list. Only the countries/regions you specify in this list (for example, Japan, Bulgaria, and the United States) are permitted to use MFA. All other countries/regions are blocked.
+
+  > [!IMPORTANT]
+  > This code must be added to the relying party policy to ensure the country/region code restrictions are properly enforced on the server side. 
 
 ## Related content
 
 - Learn about [Identity Protection and Conditional Access for Azure AD B2C](conditional-access-identity-protection-overview.md) 
 
-- Apply [Conditional Access to user flows in Azure Active Directory B2C](conditional-access-user-flow.md)
+- Apply [Conditional Access to user flows in Azure Active Directory B2C](conditional-access-user-flow.md)

articles/application-gateway/private-link-configure.md

@@ -6,7 +6,7 @@ services: application-gateway
 author: mbender-ms
 ms.service: azure-application-gateway
 ms.topic: how-to
-ms.date: 07/09/2025
+ms.date: 11/5/2025
 ms.author: mbender
 ms.custom:
   - devx-track-azurecli, devx-track-azurepowershell
@@ -72,6 +72,9 @@ Follow these steps to create the Private Link configuration:
 6. Select **Add** to create the configuration.
 7. From your Application Gateway settings, copy and save the **Resource ID**. This identifier is required when setting up Private Endpoints from different Microsoft Entra tenants.
 
+>[!CAUTION]
+>Private link configuration will momentarily cause traffic disruption (less than 1 minute) while the change is applied. Changes are recommended to be conducted during a maintenance window or period of low-traffic.  During this time, you may see connection timeouts or 4XX http status codes returned on request.  Add/Remove/Approval/Rejection of private endpoints will not cause traffic disruption.
+
 ## Configure Private Endpoint
 
 A Private Endpoint is a network interface that uses a private IP address from your virtual network to connect securely to Azure Application Gateway. Clients use the Private Endpoint's private IP address to establish connections to the Application Gateway through a secure tunnel.

articles/backup/backup-azure-monitoring-alerts.md

@@ -2,7 +2,7 @@
 title: Manage Azure Monitor based alerts for Azure Backup
 description: Learn about the new and improved alerting capabilities via Azure Monitor and the process to configure Azure Monitor.
 ms.topic: how-to
-ms.date: 11/30/2024
+ms.date: 07/03/2025
 ms.service: azure-backup
 author: AbhishekMallick-MS
 ms.author: v-mallicka
@@ -263,4 +263,4 @@ To configure the same, run the following commands:
    ```
 
 ## Next steps
-Learn more about [Azure Backup monitoring and reporting](monitoring-and-alerts-overview.md).
+Learn more about [Azure Backup monitoring and reporting](monitoring-and-alerts-overview.md).

articles/backup/backup-azure-mysql-flexible-server-about.md

@@ -2,7 +2,7 @@
 title: Overview - Retention of Azure Database for MySQL - Flexible Server for the Long Term by Using Azure Backup
 description: This article provides an overview of Azure Database for MySQL - Flexible Server retention for the long term.
 ms.topic: overview
-ms.date: 11/21/2024
+ms.date: 01/27/2025
 ms.service: azure-backup
 ms.custom: engagement-fy23
 author: AbhishekMallick-MS

articles/cost-management-billing/troubleshoot-billing/troubleshoot-account-not-found.md

@@ -6,7 +6,7 @@ ms.reviewer: jkinma
 ms.service: cost-management-billing
 ms.subservice: billing
 ms.topic: troubleshooting
-ms.date: 04/29/2025
+ms.date: 11/03/2025
 ms.author: jkinma
 ---
 

articles/cost-management-billing/troubleshoot-billing/troubleshoot-threshold-billing.md

@@ -6,7 +6,7 @@ ms.reviewer: Jkinma
 ms.service: cost-management-billing
 ms.subservice: billing
 ms.topic: troubleshooting
-ms.date: 04/30/2025
+ms.date: 11/03/2025
 ms.author: Jkinma
 ---
 

articles/cost-management-billing/understand/mca-download-tax-document.md

@@ -5,7 +5,7 @@ author: jkinma39
 ms.reviewer: jkinma
 ms.service: cost-management-billing
 ms.topic: conceptual
-ms.date: 04/29/2025
+ms.date: 11/03/2025
 ms.subservice: billing
 ms.author: jkinma
 ---

articles/cost-management-billing/understand/mca-overview.md

@@ -39,7 +39,7 @@ Roles on the billing profiles have permissions to view and manage invoices and p
 
 ### Each billing profile gets a monthly invoice
 
-A monthly invoice is generated at the beginning of the month for each billing profile. The invoice contains all charges from the previous month.
+A monthly invoice is generated at the beginning of the month for each billing profile. The invoice contains all usage charges from the previous month.  Seat-based subscriptions will be billed separately.
 
 You can view the invoice, download documents, and the change setting to get future invoices by email, in the Azure portal. For more information, see [download invoices for a Microsoft Customer Agreement](../manage/download-azure-invoice-daily-usage-date.md#download-invoices-for-a-microsoft-customer-agreement).
 

articles/cost-management-billing/understand/mpa-overview.md

@@ -6,7 +6,7 @@ ms.reviewer: jkinma
 ms.service: cost-management-billing
 ms.subservice: billing
 ms.topic: concept-article
-ms.date: 04/28/2025
+ms.date: 11/03/2025
 ms.author: jkinma
 # customer intent: As a Partner billing administrator, I want manage and use my Microsoft Partner Agreement to manage my customer's billing accounts.
 ---

articles/defender-for-iot/organizations/billing.md

@@ -2,19 +2,25 @@
 title: Microsoft Defender for IoT billing
 description: Learn how you're billed for the Microsoft Defender for IoT service.
 ms.topic: concept-article
-ms.date: 03/25/2024
+ms.date: 11/05/2025
 ms.custom: enterprise-iot
 #CustomerIntent: As a Defender for IoT customer, I want to understand how I'm billed for Defender for IoT services so that I can best plan my deployment.
 ---
 
 # Defender for IoT billing
 
+> [!NOTE]
+> This article is relevant for commercial Defender for IoT customers.
+> If you're a government customer, see [government customers trial license](getting-started.md#government-customers-trial-license) or contact your Microsoft sales representative for more information.
+
+
 As you plan your Microsoft Defender for IoT deployment, you typically want to understand the Defender for IoT pricing plans and billing models so you can optimize your costs.
 
 **OT monitoring** is billed using site-based licenses, where each license applies to an individual site, based on the site size. A site is a physical location, such as a facility, campus, office building, hospital, rig, and so on. Each site can contain any number of network sensors, all of which monitor devices detected in connected networks.
 
 **Enterprise IoT monitoring** supports 5 devices per Microsoft 365 E5 (ME5) or E5 Security license, or is available as standalone, per-device licenses for Microsoft Defender for Endpoint P2 customers.
 
+
 ## Free trial
 
 To evaluate Defender for IoT, start a free trial as follows: