Merge pull request #304498 from MicrosoftDocs/main

Auto Publish – main to live - 2025-08-20 22:00 UTC

Author: learn-build-service-prod[bot]

articles/api-management/azure-openai-semantic-cache-lookup-policy.md

@@ -63,7 +63,7 @@ Use the `azure-openai-semantic-cache-lookup` policy to perform cache lookup of r
 
 - [**Policy sections:**](./api-management-howto-policies.md#understanding-policy-configuration) inbound
 - [**Policy scopes:**](./api-management-howto-policies.md#scopes) global, product, API, operation
--  [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption
+-  [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption, self-hosted
 
 ### Usage notes
 

articles/api-management/azure-openai-semantic-cache-store-policy.md

@@ -46,7 +46,7 @@ The `azure-openai-semantic-cache-store` policy caches responses to Azure OpenAI
 
 - [**Policy sections:**](./api-management-howto-policies.md#understanding-policy-configuration) outbound
 - [**Policy scopes:**](./api-management-howto-policies.md#scopes) global, product, API, operation
--  [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption
+-  [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption, self-hosted
 
 ### Usage notes
 

articles/api-management/llm-semantic-cache-lookup-policy.md

@@ -62,7 +62,7 @@ Use the `llm-semantic-cache-lookup` policy to perform cache lookup of responses
 
 - [**Policy sections:**](./api-management-howto-policies.md#understanding-policy-configuration) inbound
 - [**Policy scopes:**](./api-management-howto-policies.md#scopes) global, product, API, operation
--  [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption
+-  [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption, self-hosted
 
 ### Usage notes
 

articles/api-management/llm-semantic-cache-store-policy.md

@@ -45,7 +45,7 @@ The `llm-semantic-cache-store` policy caches responses to chat completion API re
 
 - [**Policy sections:**](./api-management-howto-policies.md#understanding-policy-configuration) outbound
 - [**Policy scopes:**](./api-management-howto-policies.md#scopes) global, product, API, operation
--  [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption
+-  [**Gateways:**](api-management-gateways-overview.md) classic, v2, consumption, self-hosted
 
 ### Usage notes
 

articles/app-service/environment/app-service-app-service-environment-custom-settings.md

@@ -5,21 +5,19 @@ author: seligj95
 
 ms.assetid: 1d1d85f3-6cc6-4d57-ae1a-5b37c642d812
 ms.topic: tutorial
-ms.date: 03/06/2024
+ms.date: 08/20/2025
 ms.author: jordanselig
 ms.custom: mvc, devx-track-arm-template
 ms.service: azure-app-service
 ---
 
 # Custom configuration settings for App Service Environments
 
-## Overview
-
 Because App Service Environments are isolated to a single customer, there are certain configuration settings that can be applied exclusively to App Service Environments. This article documents the various specific customizations that are available for App Service Environments.
 
-If you do not have an App Service Environment, see [How to Create an App Service Environment v3](./creation.md).
+If you don't have an App Service Environment, see [How to Create an App Service Environment v3](./creation.md).
 
-You can store App Service Environment customizations by using an array in the new **clusterSettings** attribute. This attribute is found in the "Properties" dictionary of the *hostingEnvironments* Azure Resource Manager entity.
+You can store App Service Environment customizations by using an array in the **clusterSettings** attribute. This attribute is found in the "Properties" dictionary of the *hostingEnvironments* Azure Resource Manager entity.
 
 The following abbreviated Resource Manager template snippet shows the **clusterSettings** attribute:
 
@@ -43,24 +41,13 @@ The following abbreviated Resource Manager template snippet shows the **clusterS
 }
 ```
 
-The **clusterSettings** attribute can be included in a Resource Manager template to update the App Service Environment.
-
-## Use Azure Resource Explorer to update an App Service Environment
-
-Alternatively, you can update the App Service Environment by using [Azure Resource Explorer](https://resources.azure.com).
-
-1. In Resource Explorer, go to the node for the App Service Environment (**subscriptions** > **{your Subscription}** > **resourceGroups** > **{your Resource Group}** > **providers** > **Microsoft.Web** > **hostingEnvironments**). Then click the specific App Service Environment that you want to update.
-2. In the right pane, click **Read/Write** in the upper toolbar to allow interactive editing in Resource Explorer.  
-3. Click the blue **Edit** button to make the Resource Manager template editable.
-4. Scroll to the bottom of the right pane. The **clusterSettings** attribute is at the very bottom, where you can enter or update its value.
-5. Type (or copy and paste) the array of configuration values you want in the **clusterSettings** attribute.  
-6. Click the green **PUT** button that's located at the top of the right pane to commit the change to the App Service Environment.
+The **clusterSettings** attribute can be included in a Resource Manager template or with the Azure CLI to update the App Service Environment. Certain settings are available in the Azure portal.
 
-However you submit the change, the change is not immediate and it can take up to 24 hours for the change to take full effect. Some settings have specific details on the time and impact of configuring the specific setting.
+However you submit the change, the change isn't immediate and it can take up to 24 hours for the change to take full effect. Some settings have specific details on the time and effect of configuring the specific setting.
 
 ## Enable internal encryption
 
-The App Service Environment operates as a black box system where you cannot see the internal components or the communication within the system. To enable higher throughput, encryption is not enabled by default between internal components. The system is secure as the traffic is inaccessible to being monitored or accessed. If you have a compliance requirement though that requires complete encryption of the data path from end to end, there is a way to enable encryption of the complete data path with a clusterSetting.
+The App Service Environment operates as a black box system where you can't see the internal components or the communication within the system. To enable higher throughput, encryption isn't enabled by default between internal components. The system is secure as the traffic is inaccessible to being monitored or accessed. If you have a compliance requirement though that requires complete encryption of the data path from end to end, there's a way to enable encryption of the complete data path with a clusterSetting.
 
 ```json
 "clusterSettings": [
@@ -71,7 +58,11 @@ The App Service Environment operates as a black box system where you cannot see
 ],
 ```
 
-Setting InternalEncryption to true encrypts internal network traffic in your App Service Environment between the front ends and workers, encrypts the pagefile and also encrypts the worker disks. After the InternalEncryption clusterSetting is enabled, there can be an impact to your system performance. When you make the change to enable InternalEncryption, your App Service Environment will be in an unstable state until the change is fully propagated. Complete propagation of the change can take a few hours to complete, depending on how many instances you have in your App Service Environment. We highly recommend that you do not enable InternalEncryption on an App Service Environment while it is in use. If you need to enable InternalEncryption on an actively used App Service Environment, we highly recommend that you divert traffic to a backup environment until the operation completes.
+You can also enable internal encryption using the Azure portal by going to the **Configuration** page for your App Service Environment.
+
+:::image type="content" source="./media/app-service-app-service-environment-custom-settings/app-service-environment-portal-internal-encryption.png" alt-text="Screenshot of the Configuration page in the Azure portal for an App Service Environment showing where to enable internal encryption." border="false":::
+
+Setting InternalEncryption to true encrypts internal network traffic in your App Service Environment between the front ends and workers, encrypts the pagefile and also encrypts the worker disks. After the InternalEncryption clusterSetting is enabled, there can be an effect to your system performance. When you make the change to enable InternalEncryption, your App Service Environment is in an unstable state until the change is fully propagated. Complete propagation of the change can take a few hours to complete, depending on how many instances you have in your App Service Environment. We highly recommend that you don't enable InternalEncryption on an App Service Environment while it is in use. If you need to enable InternalEncryption on an actively used App Service Environment, we highly recommend that you divert traffic to a backup environment until the operation completes.
 
 ## Disable TLS 1.0 and TLS 1.1
 
@@ -90,9 +81,13 @@ If you want to disable all inbound TLS 1.0 and TLS 1.1 traffic for all of the ap
 
 The name of the setting says 1.0 but when configured, it disables both TLS 1.0 and TLS 1.1.
 
+You can also disable TLS 1.0 and TLS 1.1 using the Azure portal by going to the **Configuration** page for your App Service Environment and unchecking the checkbox.
+
+:::image type="content" source="./media/app-service-app-service-environment-custom-settings/app-service-environment-portal-disable-tls.png" alt-text="Screenshot of the Configuration page in the Azure portal for an App Service Environment showing where to disable TLS 1.0 and TLS 1.1." border="false":::
+
 ## Change TLS cipher suite order
 
-App Service Environment supports changing the cipher suite from the default. The default set of ciphers is the same set that is used in the multi-tenant App Service. Changing the cipher suite is only possible with App Service Environment, the single-tenant offering, not the multi-tenant offering, because changing it affects the entire App Service deployment. There are two cipher suites that are required for an App Service Environment: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. Additionally, you should include the following cipher suites, which are required for TLS 1.3: TLS_AES_256_GCM_SHA384 and TLS_AES_128_GCM_SHA256.
+App Service Environment supports changing the cipher suite from the default. The default set of ciphers is the same set that is used in the multitenant App Service. Changing the cipher suite is only possible with App Service Environment, the single-tenant offering, not the multitenant offering, because changing it affects the entire App Service deployment. There are two cipher suites that are required for an App Service Environment: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. Additionally, you should include the following cipher suites, which are required for TLS 1.3: TLS_AES_256_GCM_SHA384 and TLS_AES_128_GCM_SHA256.
 
 To configure your App Service Environment to use just the ciphers that it requires, modify the **clusterSettings** as shown in the following sample. **Ensure that the TLS 1.3 ciphers are included at the beginning of the list**.
 
@@ -106,7 +101,7 @@ To configure your App Service Environment to use just the ciphers that it requir
 ```
 
 > [!WARNING]
-> If incorrect values are set for the cipher suite that SChannel cannot understand, all TLS communication to your server might stop functioning. In such a case, you will need to remove the *FrontEndSSLCipherSuiteOrder* entry from **clusterSettings** and submit the updated Resource Manager template to revert back to the default cipher suite settings. Please use this functionality with caution.
+> If incorrect values are set for the cipher suite that SChannel can't understand, all TLS communication to your server might stop functioning. In such a case, you'll need to remove the *FrontEndSSLCipherSuiteOrder* entry from **clusterSettings** and submit the updated Resource Manager template to revert back to the default cipher suite settings. Use this functionality with caution.
 
 ## Get started
 

articles/app-service/environment/media/app-service-app-service-environment-custom-settings/app-service-environment-portal-disable-tls.png

@@ -186,7 +186,7 @@ sections:
         answer: |
           Updates initiated to Application Gateway are applied one [update domain](/azure/virtual-machines/availability-set-overview#how-do-availability-sets-work) at a time. As each update domain's instances are being updated, the remaining instances in other update domains continue to serve traffic. Active connections are gracefully drained from the instances being updated for up to 5 minutes to help establish connectivity to instances in a different update domain before the update begins. The update process proceeds to the next set of instances only if the current set of instances were upgraded successfully. 
           
-          Azure Application Gateway also supports MaxSurge ([Rolling Upgrades with MaxSurge](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-maxsurge)), a capability within Azure Virtual Machine Scale Sets (VMSS) that enables new instances to be provisioned during rolling upgrades without taking existing ones offline. By integrating MaxSurge into the upgrade process, customers can transition to newer gateway versions without any capacity degradation. MaxSurge is automatically enabled on Application Gateway and requires no configuration. 
+          Azure Application Gateway also supports MaxSurge, a capability that enables new instances to be provisioned during rolling upgrades without taking existing ones offline. It allows customers to transition to newer gateway versions without any capacity degradation. MaxSurge is automatically enabled on Application Gateway and requires no configuration. 
           
           **Note:** Additional IP space is required to provision the temporary instances used by MaxSurge. If sufficient IP space is not available during an update, Application Gateway will fall back to the traditional upgrade method, which may result in reduced maximum capacity based on the number of instances. 
   

articles/app-service/environment/media/app-service-app-service-environment-custom-settings/app-service-environment-portal-internal-encryption.png

@@ -5,7 +5,7 @@ services: azure-netapp-files
 author: Phil-Jensen
 ms.service: azure-netapp-files
 ms.topic: reference
-ms.date: 02/20/2025
+ms.date: 08/20/2025
 ms.author: phjensen
 # Customer intent: "As a cloud administrator, I want to use the runbefore and runafter capabilities of the Application Consistent Snapshot tool, so that I can automate command execution for backup and restoration processes with Azure NetApp Files."
 ---
@@ -105,6 +105,7 @@ if [ -r "${SAS_KEY_FILE}" ]; then
   source "${SAS_KEY_FILE}"
 else
   echo "Credential file '${SAS_KEY_FILE}' not found, exiting!"
+  exit 2
 fi
 
 

articles/application-gateway/application-gateway-faq.yml

@@ -70,9 +70,7 @@ You can edit the network features option of existing volumes from *Basic* to *St
 
 ### Register the feature
 
-Before editing network features on an existing volume, you need to register the feature. Ensure you are using the correct feature name for the change in network features you want to perform.
-
-* To upgrade to Standard network features from Basic, use the feature name `ANFBasicToStdNetworkFeaturesUpgrade`.
+Before upgradeing from Basic to Standard network features, you need to register the feature.
 
 1.  Register the feature: