Merge pull request #311269 from MicrosoftDocs/main

Auto Publish – main to live - 2026-02-03 12:00 UTC

Author: learn-build-service-prod[bot]

articles/active-directory-b2c/phone-based-mfa.md

@@ -1,13 +1,13 @@
 ---
-title: Securing phone-based MFA in Azure AD B2C
+title: Secure phone-based MFA in Azure AD B2C
 titleSuffix: Azure AD B2C
 description: Learn tips for securing phone-based multifactor authentication in your Azure AD B2C tenant by using Azure Monitor Log Analytics reports and alerts. Use our workbook to identify fraudulent phone authentications and mitigate fraudulent sign-ups. =
 
 author: kengaderdus
 manager: CelesteDG
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 1/23/2025
+ms.date: 02/03/2026
 ms.author: kengaderdus
 ms.subservice: b2c
 ms.custom: sfi-image-nochange
@@ -17,7 +17,7 @@ ms.custom: sfi-image-nochange
 #Customer intent: As an Azure AD B2C administrator, I want to monitor phone authentication failures and mitigate fraudulent sign-ups, so that I can protect against malicious use of the telephony service and ensure a secure authentication process.
 
 ---
-# Securing phone-based multifactor authentication
+# Secure phone-based multifactor authentication
 [!INCLUDE [active-directory-b2c-end-of-sale-notice-b](../../includes/active-directory-b2c-end-of-sale-notice-b.md)]
 
 With Microsoft Entra multifactor authentication, users can choose to receive an automated voice call at a phone number they register for verification. Malicious users could take advantage of this method by creating multiple accounts and placing phone calls without completing the MFA registration process. These numerous failed sign-ups could exhaust the allowed sign-up attempts, preventing other users from signing up for new accounts in your Azure AD B2C tenant. To help protect against these attacks, you can use Azure Monitor to monitor phone authentication failures and mitigate fraudulent sign-ups.
@@ -144,8 +144,8 @@ To help prevent fraudulent sign-ups, remove any country/region codes that do not
       </RelyingParty>
     </TrustFrameworkPolicy>
     ```
-  > [!IMPORTANT]
-  >Add the code in step 2 to the _relying party policy_ to enforce country/region code restrictions on the server side. You must not define these elements only in parent policies; put them in the relying party policy.
+      > [!IMPORTANT]
+      >Add the code in step 2 to the _relying party policy_ to enforce country/region code restrictions on the server side. You must not define these elements only in parent policies; put them in the relying party policy.
 
 1. In the `BuildingBlocks` section of this policy file, add the following code. Make sure to include only the country/region codes relevant to your organization:
 

articles/azure-netapp-files/azure-netapp-files-solution-architectures.md

@@ -8,7 +8,7 @@ ms.custom:
   - linux-related-content
   - build-2025
 ms.topic: concept-article
-ms.date: 01/21/2026
+ms.date: 02/03/2026
 ms.author: anfdocs
 # Customer intent: As a cloud architect, I want to implement Azure NetApp Files to migrate and run mission-critical applications, so that I can ensure high performance, scalability, and security for diverse workloads in the cloud.
 ---
@@ -136,6 +136,8 @@ This section provides references to SAP on Azure solutions.
 * [Azure NetApp Files Backup for SAP Solutions](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/anf-backup-for-sap-solutions/ba-p/3717977)
 * [SAP HANA Disaster Recovery with Azure NetApp Files](https://docs.netapp.com/us-en/netapp-solutions-sap/pdfs/sidebar/SAP_HANA_Disaster_Recovery_with_Azure_NetApp_Files.pdf)
 * [Running SAP Applications on the Microsoft Platform](https://techcommunity.microsoft.com/blog/sapapplications/designing-migrating-and-managing-a-151-node-sap-bw-scale-out-landscape-on-micros/3715003)
+* [SAP HANA data protection on Azure NetApp Files with SnapCenter](https://techcommunity.microsoft.com/blog/sapapplications/sap-hana-data-protection-on-azure-netapp-files-with-snapcenter/3510031)
+* [SAP System Refresh and Cloning operations on Azure NetApp Files with SnapCenter](https://techcommunity.microsoft.com/blog/sapapplications/sap-system-refresh-and-cloning-operations-on-azure-netapp-files-with-snapcenter/4356389)
 
 ### SAP AnyDB
 

articles/azure-netapp-files/snapshots-restore-new-volume.md

@@ -20,14 +20,12 @@ ms.author: anfdocs
 
 * To avoid extensive restore times, only perform one "restore snapshot to new volume" operation at a time. For this reason, chained restore operations, such as restoring a snapshot to a new volume while the originating volume itself is being restored from a snapshot, should be avoided as well. Alternatively, consider using [cross-zone replication within the same zone](cross-zone-region-replication-configure.md) to create an independent volume copy.
 
-* Only enable backup, snapshots, and replication (cross-region or cross-zone) on the new volume _after_ it's fully restored from the snapshot. To ensure the volume is fully restored, check the progress indicator in the volume details.
+* Cross-region replication and cross-zone replication operations are suspended and cannot be added while restoring a snapshot to a new volume.
 
-* Depending on the size of the volume being restored, the restore operation may take a few minutes to multiple hours to complete.
+* Only enable backup, snapshots, and replication (cross-region or cross-zone) on the new volume _after_ it's fully restored from the snapshot. To ensure the volume is fully restored, check the progress indicator in the volume details.
 
 * If you use the cool access feature, see [Manage Azure NetApp Files storage with cool access](manage-cool-access.md#considerations) for more considerations.
 
-* Cross-region replication and cross-zone replication operations are suspended and cannot be added while restoring a snapshot to a new volume.
-
 ### Considerations for the Elastic service level 
 
 * The new volume must be in the same Elastic capacity pool that contains the source snapshot. 

articles/azure-vmware/azure-vmware-solution-private-cloud-maintenance.md

@@ -56,7 +56,7 @@ The following actions are necessary for ensuring host maintenance operations are
     - Consult with your solution vendor and update in advance if necessary to maintain compatibility post-upgrade.
 
 >[!IMPORTANT]
-> If any of these maintenance blocking configurations exist on an Azure VMware Solution host, you'll receive alerts on your Resource Health for AVS dashboard. To ensure unhealthy hosts are replaced and upgrades succeed, such blocking configurations will be mitigated by taking appropriate remediation steps to maintain the availability of your private cloud. In some cases, these remediation steps would include powering off a VM and migrating it to another host and then powering it on, which might briefly disrupt the application running on the VM
+> If any of these maintenance blocking configurations exist on an Azure VMware Solution host, you'll receive alerts on your Resource Health dashboard. To ensure unhealthy hosts are replaced and upgrades succeed, such blocking configurations will be mitigated by taking appropriate remediation steps to maintain the availability of your private cloud. In some cases, these remediation steps would include powering off a VM and migrating it to another host and then powering it on, which might briefly disrupt the application running on the VM.
 
 ## Alert Codes and Remediation Table
 |  Error Code         |        Error Details              |  Recommended Action     |

articles/firewall/compliance-certifications.md

@@ -12,7 +12,8 @@ ms.author: duau
 
 # Azure Firewall certifications
 
-To help you meet your own compliance obligations across regulated industries and markets worldwide, Azure maintains the largest compliance portfolio in the industry both in terms of breadth (total number of offerings) and depth (number of [customer-facing services](https://azure.microsoft.com/services/) in assessment scope). For service availability, see [Products available by region](https://azure.microsoft.com/global-infrastructure/services/).
+To help you meet your own compliance obligations across regulated industries and markets worldwide, Azure maintains the largest compliance portfolio in the industry both in terms of breadth (total number of offerings) and depth (number of [customer-facing services](https://azure.microsoft.com/services/) in assessment scope). 
+For service availability, see [Products available by region](https://azure.microsoft.com/global-infrastructure/services/).
 
 ## Azure Firewall audit scope
 

articles/iot-operations/secure-iot-ops/howto-manage-certificates.md

@@ -208,4 +208,30 @@ You can delete synced certificates as well. When you delete a synced certificate
 The previous sections explained how to manage certificates using the operations experience web UI and the Azure portal. You can also use the Azure CLI to manage the certificates in the connector for OPC UA trust and issuer lists. For more information, see [az iot ops connector opcua trust](/cli/azure/iot/ops/connector/opcua/trust) and [az iot ops connector opcua issuer](/cli/azure/iot/ops/connector/opcua/issuer) commands.
 
 > [!TIP]
-> Remember, these certificates must be stored as secrets in Azure Key Vault.
+> Remember, these certificates must be stored as secrets in Azure Key Vault.
+
+## Add certificates as secrets to Azure Key Vault
+
+If you use the operations experience to select existing certificates that were previously added to Azure Key Vault, make sure that the secrets are in a format and encoding that's supported by Azure IoT Operations.
+
+To add a PEM certificate secret to Azure Key Vault, you can use a command like the following example:
+
+```azcli
+az keyvault secret set \
+  --vault-name <your-key-vault-name> \
+  --name my-cert-pem \
+  --file ./my-cert.pem \
+  --encoding hex \
+  --content-type 'application/x-pem-file'
+```
+
+To add a binary DER certificate secret to Azure Key Vault, you can use a command like the following example:
+
+```azcli
+az keyvault secret set \
+  --vault-name <your-key-vault-name> \
+  --name my-cert-der \
+  --file ./my-cert.der \
+  --encoding hex \
+  --content-type 'application/pkix-cert'
+```

articles/iot-operations/secure-iot-ops/howto-manage-secrets.md

@@ -77,3 +77,29 @@ The previous sections explained how to manage secrets using the operations exper
 1. Use `kubectl` to create an `AKVSync` custom resource to configure the synchronization of a secret from Azure Key Vault to the Kubernetes cluster.
 
 1. Use `az iot ops ns device endpoint inbound add` to configure an endpoint that references the synced secrets.
+
+## Add secrets to Azure Key Vault
+
+If you use the operations experience to select existing secrets that were previously added to Azure Key Vault, make sure that the secrets are in a format and encoding that's supported by Azure IoT Operations.
+
+To add a PEM certificate secret to Azure Key Vault, you can use a command like the following example:
+
+```azcli
+az keyvault secret set \
+  --vault-name <your-key-vault-name> \
+  --name client-cert-pem \
+  --file ./client-cert.pem \
+  --encoding hex \
+  --content-type 'application/x-pem-file'
+```
+
+To add a binary DER certificate secret to Azure Key Vault, you can use a command like the following example:
+
+```azcli
+az keyvault secret set \
+  --vault-name <your-key-vault-name> \
+  --name cert-file-der \
+  --file ./cert-file.der \
+  --encoding hex \
+  --content-type 'application/pkix-cert'
+```

articles/storage/container-storage/TOC.yml

@@ -11,28 +11,34 @@
     href: install-container-storage-aks.md
   - name: Use with local NVMe
     href: use-container-storage-with-local-disk.md
-  - name: Use with Elastic SAN
+  - name: Use with Azure Elastic SAN
     href: use-container-storage-with-elastic-san.md
   - name: Remove Azure Container Storage
     href: remove-container-storage.md
 - name: Concepts
   items:
+  - name: Frequently asked questions
+    href: container-storage-faq.md
   - name: Enable zone-redundant storage
     href: enable-multi-zone-redundancy.md
-  - name: Configure encryption
-    href: configure-encryption-for-elastic-san.md
   - name: Resize persistent volumes
     href: resize-volume.md
   - name: Volume snapshots
     href: volume-snapshot-restore.md
+  - name: Configure encryption
+    href: configure-encryption-for-elastic-san.md
   - name: Connect with Prometheus
     href: enable-monitoring.md
   - name: Connect with Grafana
     href: use-grafana-dashboard.md
-  - name: Billing
+  - name: Understand billing
     href: container-storage-billing.md 
-  - name: Frequently asked questions
-    href: container-storage-faq.md
+- name: Resources
+  items:
+  - name: Pricing for Azure Container Storage
+    href: https://azure.microsoft.com/pricing/details/container-storage/
+  - name: Release notes for Azure Container Storage
+    href: container-storage-release-notes.md
 - name: Reference
   items:
   - name: Storage pool parameters (version 1.x.x)
@@ -64,12 +70,6 @@
   - name: Resource Manager template
     displayName: arm
     href: /azure/templates/microsoft.storage/allversions
-- name: Resources
-  items:
-  - name: Pricing for Azure Container Storage
-    href: https://azure.microsoft.com/pricing/details/container-storage/
-  - name: Release notes for Azure Container Storage
-    href: container-storage-release-notes.md
 - name: Azure Container Storage (version 1.x.x)
   items:
   - name: What is Azure Container Storage (version 1.x.x)?

articles/storage/container-storage/container-storage-introduction.md

@@ -54,13 +54,13 @@ The following table lists key features of Azure Container Storage and indicates
 
 | Feature | Local NVMe | Elastic SAN |
 |---|---|---|
-| Ephemeral volumes | Supported | Not supported |
-| Persistent volumes | Supported<sup>1</sup> | Supported |
-| PV expansion/resize | Supported | Supported |
-| Snapshots | Not supported | Supported |
+| Ephemeral volumes | [Supported](./use-container-storage-with-local-disk.md) | Not supported |
+| Persistent volumes | [Supported<sup>1</sup>](./use-container-storage-with-local-disk.md) | [Supported](./use-container-storage-with-elastic-san.md) |
+| PV expansion/resize | [Supported](./resize-volume.md) | [Supported](./resize-volume.md) |
+| Snapshots | Not supported | [Supported](./volume-snapshot-restore.md) |
 | Replication | Not supported | Supported (LRS and ZRS) |
-| ZRS option | N/A | Supported |
-| Encryption | N/A | Supported |
+| ZRS option | N/A | [Supported](./enable-multi-zone-redundancy.md) |
+| Encryption | N/A | [Supported](./configure-encryption-for-elastic-san.md) |
 
 <sup>1</sup> By default, Azure Container Storage uses generic ephemeral volumes for local NVMe disks, which means data isn't retained after pod deletion. To enable persistent volumes that aren't linked to the lifecycle of the pod, add the appropriate annotation to your persistent volume claim (PVC). For details, see [Create persistent volumes with local NVMe disks](use-container-storage-with-local-disk.md).
 

articles/storage/container-storage/container-storage-release-notes.md

@@ -149,7 +149,7 @@ Azure Container Storage follows a transparent and predictable support lifecycle,
 
 | Release version | Release Date  | End of Life | Supported Kubernetes Versions |
 |-----------------|---------------|-------------|-------------------------------|
-|2.1.9 - Minor Release | 02/03/2026 | 02/02/2027 | 1.33, 1.32, 1.31 |
+|2.1.0 - Minor Release | 02/03/2026 | 02/02/2027 | 1.33, 1.32, 1.31 |
 |2.0.1 - Patch Release | 12/16/2025 | 09/09/2026 | 1.33, 1.32, 1.31 |
 |1.4.0 - Minor Release | 12/16/2025 | 12/15/2026 | 1.33, 1.32, 1.31 |
 |2.0.0 - Major Release | 09/10/2025 | 09/09/2026 | 1.33, 1.32, 1.31 |