Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into afd-wildcard

Author: halkazwini

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/backup/backup-azure-enhanced-soft-delete-about.md",
+      "redirect_url": "/azure/backup/secure-by-default",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/migrate/best-practices-assessment.md",
       "redirect_url": "/previous-versions/azure/migrate/best-practices-assessment",

articles/api-management/azure-ai-foundry-api.md

@@ -5,7 +5,7 @@ ms.service: azure-api-management
 author: dlepow
 ms.author: danlep
 ms.topic: how-to
-ms.date: 10/07/2025
+ms.date: 03/24/2026
 ms.update-cycle: 180-days
 ms.collection: ce-skilling-ai-copilot
 ms.custom: template-how-to, build-2024
@@ -21,32 +21,31 @@ Learn more about managing AI APIs in API Management:
 
 * [AI gateway capabilities in Azure API Management](genai-gateway-capabilities.md)
 
-
 ## Client compatibility options
 
 API Management supports two client compatibility options for AI APIs from Microsoft Foundry. When you import the API using the wizard, choose the option suitable for your model deployment. The option determines how clients call the API and how the API Management instance routes requests to the Foundry tool.
 
-* **Azure OpenAI** - Manage Azure OpenAI in Microsoft Foundry model deployments. 
+* **Azure OpenAI**: Manage Azure OpenAI in Microsoft Foundry model deployments.
 
-    Clients call the deployment at an `/openai` endpoint such as `/openai/deployments/my-deployment/chat/completions`. Deployment name is passed in the request path. Use this option if your Foundry tool only includes Azure OpenAI model deployments. 
+    Clients call the deployment at an `/openai` endpoint such as `/openai/deployments/my-deployment/chat/completions`. Deployment name is passed in the request path. Use this option if your Foundry tool only includes Azure OpenAI model deployments.
 
-* **Azure AI** - Manage model endpoints in Microsoft Foundry that are exposed through the [Azure AI Model Inference API](/azure/ai-studio/reference/reference-model-inference-api).
+* **Azure AI**: Manage model endpoints in Microsoft Foundry that are exposed through the [Azure AI Model Inference API](/rest/api/aifoundry/modelinference/).
 
     Clients call the deployment at a `/models` endpoint such as `/my-model/models/chat/completions`. Deployment name is passed in the request body. Use this option if you want flexibility to switch between models exposed through the Azure AI Model Inference API and those deployed in Azure OpenAI in Foundry Models.
 
 ## Prerequisites
 
-- An existing API Management instance. [Create one if you haven't already](get-started-create-service-instance.md).
+* An existing API Management instance. [Create one if you haven't already](get-started-create-service-instance.md).
 
-- A Foundry tool in your subscription with one or more models deployed. Examples include models deployed in Microsoft Foundry or Azure OpenAI.
+* A Foundry tool in your subscription with one or more models deployed. Examples include models deployed in Microsoft Foundry or Azure OpenAI.
 
 ## Import Microsoft Foundry API using the portal
 
-Use the following steps to import an AI API to API Management. 
+Use the following steps to import an AI API to API Management.
 
 When you import the API, API Management automatically configures:
 
-* Operations for each of the API's REST API endpoints
+* Operations for each of the API's REST API endpoints.
 * A system-assigned identity with the necessary permissions to access the Foundry tool deployment.
 * A [backend](backends.md) resource and a [set-backend-service](set-backend-service-policy.md) policy that direct API requests to the Azure AI Services endpoint.
 * Authentication to the backend using the instance's system-assigned managed identity.
@@ -62,37 +61,38 @@ To import a Microsoft Foundry API to API Management:
 1. On the **Select AI Service** tab:
     1. Select the **Subscription** in which to search for Foundry Tools. To get information about the model deployments in a service, select the **deployments** link next to the service name.
        :::image type="content" source="media/azure-ai-foundry-api/deployments.png" alt-text="Screenshot of deployments for an AI service in the portal.":::
-    1. Select a Foundry tool. 
+    1. Select a Foundry tool.
     1. Select **Next**.
 1. On the **Configure API** tab:
     1. Enter a **Display name** and optional **Description** for the API.
     1. In **Base path**, enter a path that your API Management instance uses to access the deployment endpoint.
-    1. Optionally select one or more **Products** to associate with the API.  
+    1. Optionally, select one or more **Products** to associate with the API.  
     1. In **Client compatibility**, select either of the following based on the types of client you intend to support. See [Client compatibility options](#client-compatibility-options) for more information.
-        * **Azure OpenAI** - Select this option if your clients only need to access Azure OpenAI in Microsoft Foundry model deployments.
-        * **Azure AI** - Select this option if your clients need to access other models in Microsoft Foundry. 
+        * **Azure OpenAI**: Select this option if your clients only need to access Azure OpenAI in Microsoft Foundry model deployments.
+        * **Azure AI**: Select this option if your clients need to access other models in Microsoft Foundry.
     1. Select **Next**.
 
         :::image type="content" source="media/azure-ai-foundry-api/client-compatibility.png" alt-text="Screenshot of Microsoft Foundry API configuration in the portal.":::
 
-1. On the **Manage token consumption** tab, optionally enter settings or accept defaults that define the following policies to help monitor and manage the API:
+1. On the **Manage token consumption** tab, optionally enter settings, or accept defaults that define the following policies to help monitor and manage the API:
     * [Manage token consumption](llm-token-limit-policy.md)
-    * [Track token usage](llm-emit-token-metric-policy.md) 
-1. On the **Apply semantic caching** tab, optionally enter settings or accept defaults that define the policies to help optimize performance and reduce latency for the API:
+    * [Track token usage](llm-emit-token-metric-policy.md)
+1. On the **Apply semantic caching** tab, optionally enter settings, or accept defaults that define the policies to help optimize performance and reduce latency for the API:
     * [Enable semantic caching of responses](azure-openai-enable-semantic-caching.md)
-1. On the **AI content safety**, optionally enter settings or accept defaults to configure the Azure AI Content Safety service to block prompts with unsafe content:
+1. On the **AI content safety**, optionally enter settings, or accept defaults to configure the Azure AI Content Safety service to block prompts with unsafe content:
     * [Enforce content safety checks on LLM requests](llm-content-safety-policy.md)
 1. Select **Review**.
-1. After settings are validated, select **Create**. 
+1. After settings are validated, select **Create**.
 
 ## Test the AI API
 
-To ensure that your AI API is working as expected, test it in the API Management test console. 
+To ensure that your AI API is working as expected, test it in the API Management test console.
+
 1. Select the API you created in the previous step.
 1. Select the **Test** tab.
 1. Select an operation that's compatible with the model deployment.
     The page displays fields for parameters and headers.
-1. Enter parameters and headers as needed. Depending on the operation, you might need to configure or update a **Request body**. Here's a very basic example request body for a chat completions operation:
+1. Enter parameters and headers as needed. Depending on the operation, you might need to configure or update a **Request body**. Here's a basic example request body for a chat completions operation:
 
     ```json
     {
@@ -113,5 +113,4 @@ To ensure that your AI API is working as expected, test it in the API Management
 
     When the test is successful, the backend responds with a successful HTTP response code and some data. Appended to the response is token usage data to help you monitor and manage your language model token consumption.
 
-
 [!INCLUDE [api-management-define-api-topics.md](../../includes/api-management-define-api-topics.md)]

articles/app-service/tutorial-java-tomcat-connect-managed-identity-postgresql-database.md

@@ -3,7 +3,7 @@ title: 'Tutorial: Access data with managed identity in Java'
 description: Secure Azure Database for PostgreSQL connectivity with managed identity from a sample Java Tomcat app, and apply it to other Azure services.
 ms.devlang: java
 ms.topic: tutorial
-ms.date: 06/04/2024
+ms.date: 03/26/2026
 author: KarlErickson
 ms.author: karler
 ms.reviewer: edburns

articles/app-testing/load-testing/troubleshoot-private-endpoint-tests.md

@@ -19,7 +19,7 @@ Azure Load Testing service requires outbound connectivity from the virtual netwo
 | Destination | Need for connectivity |
 | ------------|-------|
 | *.azure.com | Access to this destination is required for the Azure Load Testing service to interact with Azure Batch service. |
-| *.windows.net | Access to this destination is required for the Azure Load Testing service to interact with Azure Service Bus, Azure Event Grids, and Azure Storage. To learn more about firewall configuration in these services, see <li> [Azure Service Bus frequently asked questions](/azure/service-bus-messaging/service-bus-faq#what-ports-do-i-need-to-open-on-the-firewall--) </li> <li> [Azure Event Hubs Firewall Rules](/azure/event-hubs/event-hubs-ip-filtering) </li> <li> [Configure Azure Storage firewalls and virtual networks ](/azure/storage/common/storage-network-security?tabs=azure-portal) </li> |
+| *.windows.net, *.blob.storage.azure.net | Access to this destination is required for the Azure Load Testing service to interact with Azure Service Bus, Azure Event Grids, and Azure Storage. To learn more about firewall configuration in these services, see <li> [Azure Service Bus frequently asked questions](/azure/service-bus-messaging/service-bus-faq#what-ports-do-i-need-to-open-on-the-firewall--) </li> <li> [Azure Event Hubs Firewall Rules](/azure/event-hubs/event-hubs-ip-filtering) </li> <li> [Configure Azure Storage firewalls and virtual networks ](/azure/storage/common/storage-network-security?tabs=azure-portal) </li> |
 | *.azurecr.io | Access to this destination is required for the Azure Load Testing service to interact with Azure Container Registry. To learn more about firewall configuration in Azure Container Registry, see <li> [Firewall access rules - Azure Container Registry ](/azure/container-registry/container-registry-firewall-access-rules) </li> |
 
 Optionally, outbound connectivity is needed to *.maven.org and *.github.com to download any plugins that are included in your test configuration. 

articles/azure-maps/private-endpoints.md

@@ -3,15 +3,15 @@ title: Use private endpoints with Azure Maps
 description: Learn how to use private endpoints with Azure Maps. 
 author: pbrasil
 ms.author: peterbr 
-ms.date: 02/27/2026
-ms.topic: how-to
+ms.date: 03/26/2026
+ms.topic: article
 ms.service: azure-maps
 ms.subservice: authentication
 ---
 
-# Use private endpoints with Azure Maps
+# Use private endpoints with Azure Maps (preview)
 
-Azure Maps supports [Azure Private Link](/../private-link/private-link-overview.md), enabling secure access to Azure Maps services through a private endpoint in your virtual network. A private endpoint assigns a private IP address from your virtual network to the Azure Maps service, so traffic between your applications and Azure Maps stays on the Microsoft backbone network instead of the public internet. This provides improved security and network isolation. You can create a private endpoint when you create an Azure Maps account or add one to an existing account.
+Azure Maps supports [Azure Private Link](../private-link/private-link-overview.md), enabling secure access to Azure Maps services through a private endpoint in your virtual network. A private endpoint assigns a private IP address from your virtual network to the Azure Maps service, so traffic between your applications and Azure Maps stays on the Microsoft backbone network instead of the public internet. This provides improved security and network isolation. You can create a private endpoint when you create an Azure Maps account or add one to an existing account.
 
 ## Benefits of private endpoints for Azure Maps
 
@@ -82,7 +82,7 @@ Within this zone, a DNS record maps your Azure Maps account's unique ID and regi
 Clients inside the virtual network resolve the hostname to a private IP address for private connectivity, while clients outside the network resolve the same hostname to the Azure Maps public endpoint. This split‑horizon DNS approach lets you use a single endpoint URL both inside and outside the virtual network.
 
 If you don't use automatic DNS integration, configure DNS manually so the Azure Maps account hostname  
-(`<maps-account-client-id>.<location>.privatelink.account.maps.azure.com`) resolves to the private endpoint IP address within your network. For more information, see [Azure Private Endpoint DNS documentation](/../private-link/private-endpoint-dns.md).
+(`<maps-account-client-id>.<location>.account.maps.azure.com`) resolves to the private endpoint IP address within your network. For more information, see [Azure Private Endpoint DNS documentation](../private-link/private-endpoint-dns.md).
 
 ### 3. Use the private endpoint in your applications
 
@@ -92,7 +92,7 @@ To use the private endpoint, configure your applications to call the **Azure Map
 
 The access pattern is:
 
-`https://{maps-account-client-id}.{location}.privatelink.account.maps.azure.com`
+`https://{maps-account-client-id}.{location}.account.maps.azure.com`
 
 > [!Important]
 > If your application continues to use the default Azure Maps endpoint (such as `atlas.microsoft.com`), requests won't be routed through the private endpoint. Azure Maps SDKs support overriding the default endpoint, so configure your SDK or connection code to use your Azure Maps account–specific hostname. When configured, requests from within your network are automatically routed through Private Link.
@@ -118,5 +118,5 @@ Ask Copilot
 
 ## Related content
 
-- [Azure Private Endpoint private DNS zone values](/../private-link/private-endpoint-dns.md)
-- [Azure Private Link availability](/../private-link/availability.md)
+- [Azure Private Endpoint private DNS zone values](../private-link/private-endpoint-dns.md)
+- [Azure Private Link availability](../private-link/availability.md)

articles/azure-resource-manager/management/async-operations.md

@@ -29,7 +29,7 @@ After getting the 201 or 202 response code, you're ready to monitor the status o
 
 ## URL to monitor status
 
-There are two different ways to monitor the status the asynchronous operation. You determine the correct approach by examining the header values that are returned from your original request. First, look for:
+There are two different ways to monitor the status of the asynchronous operation. You determine the correct approach by examining the header values that are returned from your original request. First, look for:
 
 * `Azure-AsyncOperation` - URL for checking the ongoing status of the operation. If your operation returns this value, use it to track the status of the operation.
 * `Retry-After` - The number of seconds to wait before checking the status of the asynchronous operation.
@@ -213,7 +213,7 @@ GET
 https://management.azure.com/subscriptions/{subscription-id}/providers/Microsoft.Storage/operations/{operation-id}?monitor=true&api-version=2019-06-01
 ```
 
-If the request is still running, you receive a status code 202. If the request is completed, your receive a status code 200. The body of the response contains the properties of the storage account that was created.
+If the request is still running, you receive a status code 202. If the request is completed, you receive a status code 200. The body of the response contains the properties of the storage account that was created.
 
 ## Next steps