Merge branch 'main' into Release_Archive_main_2026-03-26-17-30-05

Author: huypub

.openpublishing.redirection.json

@@ -123,6 +123,10 @@
     {
       "source_path": "articles/iot/tutorial-send-telemetry-iot-hub.md",
       "redirect_url": "/previous-versions/azure/iot/tutorial-send-telemetry-iot-hub",
+    },
+    {
+      "source_path": "articles/backup/backup-azure-enhanced-soft-delete-about.md",
+      "redirect_url": "/azure/backup/secure-by-default",
       "redirect_document_id": false
     },
     {

articles/api-management/api-management-gateways-overview.md

@@ -8,7 +8,7 @@ ms.service: azure-api-management
 ms.custom:
   - build-2024
 ms.topic: concept-article
-ms.date: 02/17/2026
+ms.date: 03/23/2026
 ms.author: danlep
 ---
 
@@ -85,15 +85,16 @@ The following tables compare features available in the following API Management
 | [Managed domain certificates](configure-custom-domain.md?tabs=managed#domain-certificate-options) |  ✔️ | ❌ | ✔️ | ❌ | ❌ |
 | [TLS settings](api-management-howto-manage-protocols-ciphers.md) |  ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
 | **HTTP/2** (Client-to-gateway) | ✔️<sup>4</sup> | ✔️<sup>4</sup> |❌ | ✔️ | ❌ |
-| **HTTP/2** (Gateway-to-backend) |  ❌ | ❌ | ❌ | ✔️<sup>5</sup> | ❌ |
+| **HTTP/2** (Gateway-to-backend) |  ✔️<sup>7</sup> | ❌ | ❌ | ✔️<sup>5</sup> | ❌ |
 | API threat detection with [Defender for APIs](protect-with-defender-for-apis.md) | ✔️ | ✔️ |  ❌ | ❌ | ❌ |
 
 <sup>1</sup> Depends on how the gateway is deployed, but is the responsibility of the customer.<br/>
 <sup>2</sup> Connectivity to the self-hosted gateway v2 [configuration endpoint](self-hosted-gateway-overview.md#fqdn-dependencies) requires DNS resolution of the endpoint hostname.<br/>
 <sup>3</sup> CA root certificates for self-hosted gateway are managed separately per gateway.<br/>
 <sup>4</sup> Client protocol needs to be enabled.<br/>
 <sup>5</sup> Configure using the [forward-request](forward-request-policy.md) policy.<br/>
-<sup>6</sup> Configure CA certificate details for backend certificate authentication in [backend](backends.md) settings.
+<sup>6</sup> Configure CA certificate details for backend certificate authentication in [backend](backends.md) settings.<br/>
+<sup>7</sup> In preview for classic tier instances created starting January 2026. Contact support to enable for existing classic tier instances.
 
 ### Backend APIs
 
@@ -110,7 +111,7 @@ The following tables compare features available in the following API Management
 | [Pass-through GraphQL](graphql-apis-overview.md) |  ✔️ | ✔️ |✔️ | ✔️ | ✔️ |
 | [Synthetic GraphQL](graphql-apis-overview.md)|  ✔️ |  ✔️ | ✔️<sup>1</sup> | ✔️<sup>1</sup> | ❌ |
 | [Pass-through WebSocket](websocket-api.md) |  ✔️ |  ✔️ | ❌ | ✔️ | ✔️ |
-| [Pass-through gRPC](grpc-api.md)  |  ✔️ | ❌ | ❌ | ✔️ | ❌ |
+| [Pass-through gRPC](grpc-api.md)  |  ✔️<sup>1</sup> | ❌ | ❌ | ✔️ | ❌ |
 | [OData](import-api-from-odata.md)  |  ✔️ |  ✔️ | ✔️ | ✔️ | ✔️ |
 | [Azure OpenAI in Microsoft Foundry models and LLMs](azure-ai-foundry-api.md) | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
 | [Pass-through MCP server](expose-existing-mcp-server.md) | ✔️  | ✔️ | ❌ | ✔️ | ❌ |
@@ -119,6 +120,9 @@ The following tables compare features available in the following API Management
 | [Circuit breaker in backend](backends.md#circuit-breaker)  |  ✔️ | ✔️ | ❌ | ✔️ | ✔️ |
 | [Load-balanced backend pool](backends.md#load-balanced-pool)  |  ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
 
+<sup>1</sup> In preview for classic tier instances created starting January 2026. Contact support to enable for existing classic tier instances.
+
+
 ### Policies
 
 Managed and self-hosted gateways support all available [policies](api-management-policies.md) in policy definitions with the following exceptions. See the policy reference for details about each policy.

articles/api-management/azure-ai-foundry-api.md

@@ -5,7 +5,7 @@ ms.service: azure-api-management
 author: dlepow
 ms.author: danlep
 ms.topic: how-to
-ms.date: 10/07/2025
+ms.date: 03/24/2026
 ms.update-cycle: 180-days
 ms.collection: ce-skilling-ai-copilot
 ms.custom: template-how-to, build-2024
@@ -21,32 +21,31 @@ Learn more about managing AI APIs in API Management:
 
 * [AI gateway capabilities in Azure API Management](genai-gateway-capabilities.md)
 
-
 ## Client compatibility options
 
 API Management supports two client compatibility options for AI APIs from Microsoft Foundry. When you import the API using the wizard, choose the option suitable for your model deployment. The option determines how clients call the API and how the API Management instance routes requests to the Foundry tool.
 
-* **Azure OpenAI** - Manage Azure OpenAI in Microsoft Foundry model deployments. 
+* **Azure OpenAI**: Manage Azure OpenAI in Microsoft Foundry model deployments.
 
-    Clients call the deployment at an `/openai` endpoint such as `/openai/deployments/my-deployment/chat/completions`. Deployment name is passed in the request path. Use this option if your Foundry tool only includes Azure OpenAI model deployments. 
+    Clients call the deployment at an `/openai` endpoint such as `/openai/deployments/my-deployment/chat/completions`. Deployment name is passed in the request path. Use this option if your Foundry tool only includes Azure OpenAI model deployments.
 
-* **Azure AI** - Manage model endpoints in Microsoft Foundry that are exposed through the [Azure AI Model Inference API](/azure/ai-studio/reference/reference-model-inference-api).
+* **Azure AI**: Manage model endpoints in Microsoft Foundry that are exposed through the [Azure AI Model Inference API](/rest/api/aifoundry/modelinference/).
 
     Clients call the deployment at a `/models` endpoint such as `/my-model/models/chat/completions`. Deployment name is passed in the request body. Use this option if you want flexibility to switch between models exposed through the Azure AI Model Inference API and those deployed in Azure OpenAI in Foundry Models.
 
 ## Prerequisites
 
-- An existing API Management instance. [Create one if you haven't already](get-started-create-service-instance.md).
+* An existing API Management instance. [Create one if you haven't already](get-started-create-service-instance.md).
 
-- A Foundry tool in your subscription with one or more models deployed. Examples include models deployed in Microsoft Foundry or Azure OpenAI.
+* A Foundry tool in your subscription with one or more models deployed. Examples include models deployed in Microsoft Foundry or Azure OpenAI.
 
 ## Import Microsoft Foundry API using the portal
 
-Use the following steps to import an AI API to API Management. 
+Use the following steps to import an AI API to API Management.
 
 When you import the API, API Management automatically configures:
 
-* Operations for each of the API's REST API endpoints
+* Operations for each of the API's REST API endpoints.
 * A system-assigned identity with the necessary permissions to access the Foundry tool deployment.
 * A [backend](backends.md) resource and a [set-backend-service](set-backend-service-policy.md) policy that direct API requests to the Azure AI Services endpoint.
 * Authentication to the backend using the instance's system-assigned managed identity.
@@ -62,37 +61,38 @@ To import a Microsoft Foundry API to API Management:
 1. On the **Select AI Service** tab:
     1. Select the **Subscription** in which to search for Foundry Tools. To get information about the model deployments in a service, select the **deployments** link next to the service name.
        :::image type="content" source="media/azure-ai-foundry-api/deployments.png" alt-text="Screenshot of deployments for an AI service in the portal.":::
-    1. Select a Foundry tool. 
+    1. Select a Foundry tool.
     1. Select **Next**.
 1. On the **Configure API** tab:
     1. Enter a **Display name** and optional **Description** for the API.
     1. In **Base path**, enter a path that your API Management instance uses to access the deployment endpoint.
-    1. Optionally select one or more **Products** to associate with the API.  
+    1. Optionally, select one or more **Products** to associate with the API.  
     1. In **Client compatibility**, select either of the following based on the types of client you intend to support. See [Client compatibility options](#client-compatibility-options) for more information.
-        * **Azure OpenAI** - Select this option if your clients only need to access Azure OpenAI in Microsoft Foundry model deployments.
-        * **Azure AI** - Select this option if your clients need to access other models in Microsoft Foundry. 
+        * **Azure OpenAI**: Select this option if your clients only need to access Azure OpenAI in Microsoft Foundry model deployments.
+        * **Azure AI**: Select this option if your clients need to access other models in Microsoft Foundry.
     1. Select **Next**.
 
         :::image type="content" source="media/azure-ai-foundry-api/client-compatibility.png" alt-text="Screenshot of Microsoft Foundry API configuration in the portal.":::
 
-1. On the **Manage token consumption** tab, optionally enter settings or accept defaults that define the following policies to help monitor and manage the API:
+1. On the **Manage token consumption** tab, optionally enter settings, or accept defaults that define the following policies to help monitor and manage the API:
     * [Manage token consumption](llm-token-limit-policy.md)
-    * [Track token usage](llm-emit-token-metric-policy.md) 
-1. On the **Apply semantic caching** tab, optionally enter settings or accept defaults that define the policies to help optimize performance and reduce latency for the API:
+    * [Track token usage](llm-emit-token-metric-policy.md)
+1. On the **Apply semantic caching** tab, optionally enter settings, or accept defaults that define the policies to help optimize performance and reduce latency for the API:
     * [Enable semantic caching of responses](azure-openai-enable-semantic-caching.md)
-1. On the **AI content safety**, optionally enter settings or accept defaults to configure the Azure AI Content Safety service to block prompts with unsafe content:
+1. On the **AI content safety**, optionally enter settings, or accept defaults to configure the Azure AI Content Safety service to block prompts with unsafe content:
     * [Enforce content safety checks on LLM requests](llm-content-safety-policy.md)
 1. Select **Review**.
-1. After settings are validated, select **Create**. 
+1. After settings are validated, select **Create**.
 
 ## Test the AI API
 
-To ensure that your AI API is working as expected, test it in the API Management test console. 
+To ensure that your AI API is working as expected, test it in the API Management test console.
+
 1. Select the API you created in the previous step.
 1. Select the **Test** tab.
 1. Select an operation that's compatible with the model deployment.
     The page displays fields for parameters and headers.
-1. Enter parameters and headers as needed. Depending on the operation, you might need to configure or update a **Request body**. Here's a very basic example request body for a chat completions operation:
+1. Enter parameters and headers as needed. Depending on the operation, you might need to configure or update a **Request body**. Here's a basic example request body for a chat completions operation:
 
     ```json
     {
@@ -113,5 +113,4 @@ To ensure that your AI API is working as expected, test it in the API Management
 
     When the test is successful, the backend responds with a successful HTTP response code and some data. Appended to the response is token usage data to help you monitor and manage your language model token consumption.
 
-
 [!INCLUDE [api-management-define-api-topics.md](../../includes/api-management-define-api-topics.md)]

articles/app-service/tutorial-java-tomcat-connect-managed-identity-postgresql-database.md

@@ -3,7 +3,7 @@ title: 'Tutorial: Access data with managed identity in Java'
 description: Secure Azure Database for PostgreSQL connectivity with managed identity from a sample Java Tomcat app, and apply it to other Azure services.
 ms.devlang: java
 ms.topic: tutorial
-ms.date: 06/04/2024
+ms.date: 03/26/2026
 author: KarlErickson
 ms.author: karler
 ms.reviewer: edburns

articles/azure-maps/private-endpoints.md

@@ -3,15 +3,15 @@ title: Use private endpoints with Azure Maps
 description: Learn how to use private endpoints with Azure Maps. 
 author: pbrasil
 ms.author: peterbr 
-ms.date: 02/27/2026
-ms.topic: how-to
+ms.date: 03/26/2026
+ms.topic: article
 ms.service: azure-maps
 ms.subservice: authentication
 ---
 
-# Use private endpoints with Azure Maps
+# Use private endpoints with Azure Maps (preview)
 
-Azure Maps supports [Azure Private Link](/../private-link/private-link-overview.md), enabling secure access to Azure Maps services through a private endpoint in your virtual network. A private endpoint assigns a private IP address from your virtual network to the Azure Maps service, so traffic between your applications and Azure Maps stays on the Microsoft backbone network instead of the public internet. This provides improved security and network isolation. You can create a private endpoint when you create an Azure Maps account or add one to an existing account.
+Azure Maps supports [Azure Private Link](../private-link/private-link-overview.md), enabling secure access to Azure Maps services through a private endpoint in your virtual network. A private endpoint assigns a private IP address from your virtual network to the Azure Maps service, so traffic between your applications and Azure Maps stays on the Microsoft backbone network instead of the public internet. This provides improved security and network isolation. You can create a private endpoint when you create an Azure Maps account or add one to an existing account.
 
 ## Benefits of private endpoints for Azure Maps
 
@@ -82,7 +82,7 @@ Within this zone, a DNS record maps your Azure Maps account's unique ID and regi
 Clients inside the virtual network resolve the hostname to a private IP address for private connectivity, while clients outside the network resolve the same hostname to the Azure Maps public endpoint. This split‑horizon DNS approach lets you use a single endpoint URL both inside and outside the virtual network.
 
 If you don't use automatic DNS integration, configure DNS manually so the Azure Maps account hostname  
-(`<maps-account-client-id>.<location>.privatelink.account.maps.azure.com`) resolves to the private endpoint IP address within your network. For more information, see [Azure Private Endpoint DNS documentation](/../private-link/private-endpoint-dns.md).
+(`<maps-account-client-id>.<location>.account.maps.azure.com`) resolves to the private endpoint IP address within your network. For more information, see [Azure Private Endpoint DNS documentation](../private-link/private-endpoint-dns.md).
 
 ### 3. Use the private endpoint in your applications
 
@@ -92,7 +92,7 @@ To use the private endpoint, configure your applications to call the **Azure Map
 
 The access pattern is:
 
-`https://{maps-account-client-id}.{location}.privatelink.account.maps.azure.com`
+`https://{maps-account-client-id}.{location}.account.maps.azure.com`
 
 > [!Important]
 > If your application continues to use the default Azure Maps endpoint (such as `atlas.microsoft.com`), requests won't be routed through the private endpoint. Azure Maps SDKs support overriding the default endpoint, so configure your SDK or connection code to use your Azure Maps account–specific hostname. When configured, requests from within your network are automatically routed through Private Link.
@@ -118,5 +118,5 @@ Ask Copilot
 
 ## Related content
 
-- [Azure Private Endpoint private DNS zone values](/../private-link/private-endpoint-dns.md)
-- [Azure Private Link availability](/../private-link/availability.md)
+- [Azure Private Endpoint private DNS zone values](../private-link/private-endpoint-dns.md)
+- [Azure Private Link availability](../private-link/availability.md)