Merge pull request #306481 from MicrosoftDocs/main

Auto Publish – main to live - 2025-10-03 17:00 UTC

Author: learn-build-service-prod[bot]

articles/api-management/credentials-configure-common-providers.md

@@ -1,70 +1,70 @@
 ---
-title: Configure credential providers - Azure API Management | Microsoft Docs
-description: Learn how to configure common credential providers in Azure API Management's credential manager. Example providers are Microsoft Entra and generic OAuth 2.0.  
+title: Configure Credential Providers - Azure API Management | Microsoft Docs
+description: Learn how to configure common credential providers in the Azure API Management credential manager. Providers include Microsoft Entra and generic OAuth.  
 services: api-management
 author: dlepow
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 11/10/2023
+ms.date: 10/03/2025
 ms.author: danlep
 ms.custom: sfi-image-nochange
+# Customer intent: As an Azure service administrator, I want to learn how to configure common credential providers in the API Management credential manager.
 ---
 
 # Configure common credential providers in credential manager
 
 [!INCLUDE [api-management-availability-all-tiers](../../includes/api-management-availability-all-tiers.md)]
 
-In this article, you learn about configuring identity providers for managed [connections](credentials-overview.md) in your API Management instance. Settings for the following common providers are shown:
+In this article, you learn about configuring identity providers for managed [connections](credentials-overview.md) in your Azure API Management instance. Settings for the following common providers are shown:
 
-* Microsoft Entra provider
-* Generic OAuth 2.0 provider
+* Microsoft Entra 
+* Generic OAuth 2
 
-You configure a credential provider in your API Management instance's credential manager. For a step-by-step example of configuring a Microsoft Entra provider and connection, see:
-
-* [Configure credential manager - Microsoft Graph API](authorizations-how-to-azure-ad.md)
+You configure a credential provider in the credential manager in your API Management instance. For a step-by-step example of configuring a Microsoft Entra provider and connection, see [Configure credential manager - Microsoft Graph API](authorizations-how-to-azure-ad.md).
 
 ## Prerequisites
 
 To configure any of the supported providers in API Management, first configure an OAuth 2.0 app in the identity provider that will be used to authorize API access. For configuration details, see the provider's developer documentation.
 
-* If you're creating a credential provider that uses the authorization code grant type, configure a **Redirect URL** (sometimes called Authorization Callback URL or a similar name) in the app. For the value, enter `https://authorization-manager.consent.azure-apim.net/redirect/apim/<YOUR-APIM-SERVICENAME>`.
+* If you're creating a credential provider that uses the authorization code grant type, configure a redirect URL (sometimes called an Authorization Callback URL or a similar name) in the app. For the value, enter `https://authorization-manager.consent.azure-apim.net/redirect/apim/<API-management-instance-name>`.
 
-* Depending on your scenario, configure app settings such as scopes (API permissions).
+* Depending on your scenario, configure app settings like scopes (API permissions).
 
 * Minimally, retrieve the following app credentials that will be configured in API Management: the app's **client ID** and **client secret**.
 
-* Depending on the provider and your scenario, you might need to retrieve other settings such as authorization endpoint URLs or scopes.
+* Depending on the provider and your scenario, you might need to retrieve other settings, like authorization endpoint URLs or scopes.
 
 * The provider's authorization endpoints must be reachable over the internet from your API Management instance. If your API Management instance is secured in a virtual network, configure network or firewall rules to allow access to the provider's endpoints.
 
 ## Microsoft Entra provider
 
-API credential manager supports the Microsoft Entra identity provider, which is the identity service in Microsoft Azure that provides identity management and access control capabilities. It allows users to securely sign in using industry-standard protocols.
+API Management credential manager supports the Microsoft Entra identity provider, which is the identity service in Azure that provides identity management and access control capabilities. It enables users to securely sign in via industry-standard protocols.
 
-* **Supported grant types**: authorization code, client credentials
+**Supported grant types**: authorization code, client credentials
 
 > [!NOTE]
->  Currently, the Microsoft Entra credential provider supports only the Azure AD v1.0 endpoints.
+>  Currently, the Microsoft Entra credential provider supports only Azure Active Directory v1.0 endpoints.
  
 
 ### Microsoft Entra provider settings
 
 [!INCLUDE [api-management-authorization-azure-ad-provider](../../includes/api-management-authorization-azure-ad-provider.md)]
 
 
-## Generic OAuth 2.0 providers
+## Generic OAuth providers
 
-You can use two generic providers for configuring connections:
+You can use three generic providers for configuring connections:
 
 * Generic OAuth 2.0
 * Generic OAuth 2.0 with PKCE 
+* Generic OAuth 2.1 with PKCE with DCR
 
-A generic provider allows you to use your own OAuth 2.0 identity provider based on your specific needs. 
+A generic provider enables you to use your own OAuth identity provider, based on your specific needs. 
 
 > [!NOTE]
-> We recommend using the generic OAuth 2.0 with PKCE provider for improved security if your identity provider supports it. [Learn more](https://oauth.net/2/pkce/)
+> We recommend using a PKCE provider for improved security if your identity provider supports it. For more information, see [Proof Key for Code Exchange](https://oauth.net/2/pkce/).
 
-* **Supported grant types**: authorization code, client credentials
+**Supported grant types**: authorization code, client credentials (depends on provider)
 
 ### Generic credential provider settings
 
@@ -76,9 +76,9 @@ API Management supports several providers for popular SaaS offerings, including
 
 :::image type="content" source="media/credentials-configure-common-providers/saas-providers.png" alt-text="Screenshot of identity providers listed in the portal.":::
 
-**Supported grant types**: authorization code, client credentials (depends on provider)
+**Supported grant types**: authorization code 
 
-Required settings for these providers differ from provider to provider but are similar to those for the [generic OAuth 2.0 providers](#generic-oauth-20-providers). Consult the developer documentation for each provider.
+Required settings for these providers differ, depending on the provider, but are similar to those for the [generic OAuth providers](#generic-oauth-providers). Consult the developer documentation for each provider.
 
 ## Related content
 

articles/api-management/how-to-deploy-self-hosted-gateway-container-apps.md

@@ -257,6 +257,10 @@ date: Wed, 28 Feb 2024 22:45:09 GMT
 > [!TIP]
 > If you've enabled [logging of your API to Application insights](api-management-howto-app-insights.md), you can query the logs to see the requests and responses.
 
+## Limitations
+
+Self-hosted gateway instances rely on the UDP protocol for [heartbeat and rate-limit communications](self-hosted-gateway-settings-reference.md#cross-instance-discovery--synchronization). As Azure Container Apps presently does not support the UDP protocol - neither for ingress nor for internal traffic - the `rate-limit` policy cannot synchronize its counter across instances. Consequently, maintaining three replicas of a self-hosted gateway container app with limit X may well result in three times the traffic until limit X is reached. 
+Azure Container Apps distributes requests linearly across each available and healthy replica. To implement rate limiting, you can divide the desired limit by the number of replicas you wish to run and set the resulting value in configuration. This approach has its own downsides as you may not be able to account for adjusted counters if and when your container apps scale.
 
 ## Related content
 

articles/api-management/media/credentials-configure-common-providers/saas-providers.png

@@ -226,7 +226,6 @@ The following table indicates:
 | Australia Central 2 | | ✅ |
 | Australia East | ✅ | ✅ |
 | Australia Southeast | ✅ | ✅ |
-| Brazil North East | | ✅ |
 | Brazil South | ✅ | ✅ |
 | Brazil Southeast | | ✅ |
 | Canada Central | ✅ | |
@@ -306,4 +305,4 @@ The following table explains the carbon intensity categories used in the traffic
 * [API Management policy reference](api-management-policies.md)
 * [Sustainable workloads in Azure](/azure/well-architected/sustainability/sustainability-get-started)
 * [Carbon optimization in Azure](/azure/carbon-optimization/overview)
-* [Microsoft for sustainability](https://www.microsoft.com/sustainability/cloud)
+* [Microsoft for sustainability](https://www.microsoft.com/sustainability/cloud)

articles/api-management/sustainability.md

@@ -1,6 +1,6 @@
 ---
 title: Azure VMware Solution - Host maintenance best practices
-description: Understand the best practices and recommendations to maintain Azure VMware Solution Software-Defined Data Center
+description: Understand the best practices and recommendations to maintain Azure VMware Solution private cloud
 ms.topic: concept-article
 ms.service: azure-vmware
 ms.date: 03/25/2025
@@ -61,13 +61,14 @@ The following actions are always recommended for ensuring host maintenance opera
 |--------------------|---------------------------------|---------------------|
 | EPC_CDROM_EMULATEMODE        | This error is encountered when CD-ROM on the Virtual Machine uses emulate mode, whose ISO image isn't accessible  | Follow [this KB article](https://knowledge.broadcom.com/external/article?legacyId=79306) for the removal of any CDROM mounted on customer's workload Virtual Machines in emulate mode or detach ISO. It's recommended to use "Passthrough mode" for mounting any CD-ROM. |
 | EPC_DRSOVERRIDERULE          | This error is encountered when there's a Virtual Machine with DRS Override set to "Disabled" mode. | VM shouldn't block vMotion while putting host into maintenance. Set Partially Automated DRS rules for the VM. Refer to [this document](/azure/azure-vmware/create-placement-policy#enable-restrict-vm-movement-for-specific-vms) to know more about VM placement policies. |
-| EPC_SCSIDEVICE_SHARINGMODE   | This error is encountered when a Virtual Machine is configured to use a device that prevents a maintenance operation: A device that is a SCSI controller, which is engaged in bus-sharing   | Follow [this KB article](https://knowledge.broadcom.com/external/article?legacyId=79910) for the removal of any SCSI controller engaged in bus-sharing attached to VMs   |
+| EPC_SCSIDEVICE_SHARINGMODE   | This error is encountered when a Virtual Machine is configured to use a device that prevents a maintenance operation: A device that is a SCSI controller, which is engaged in bus-sharing   | Follow [this KB article](https://knowledge.broadcom.com/external/article?legacyId=79910) for the removal of any SCSI controller engaged in bus-sharing attached to VMs.   |
 | EPC_DATASTORE_INACCESSIBLE   | This error is encountered when any external Datastore attached to AVS Private Cloud becomes inaccessible  | Follow [this article](/azure/azure-vmware/attach-azure-netapp-files-to-azure-vmware-solution-hosts?tabs=azure-portal#performance-best-practices) for the removal of any stale Datastore attached to cluster  |
-| EPC_NWADAPTER_STALE          | This error is encountered when connected Network interface on the Virtual Machine uses network adapter, which becomes inaccessible | Follow [this KB article](https://knowledge.broadcom.com/external/article/318738/troubleshooting-the-migration-compatibil.html) for the removal of any stale N/W adapters attached to Virtual Machines   |
+| EPC_NWADAPTER_STALE          | This error is encountered when connected Network interface on the Virtual Machine uses network adapter, which becomes inaccessible | Follow [this KB article](https://knowledge.broadcom.com/external/article/318738/troubleshooting-the-migration-compatibil.html) for the removal of any stale N/W adapters attached to Virtual Machines.   |
 | EPC_SERIAL_PORT              | This error is encountered when a Virtual Machine’s serial port is connected to a device that can't be accessed on the destination host. | If you're using an image file (ISO, FLP, and so on), ensure that it's accessible from all ESXi servers on the cluster. Store the files on a data store that is shared between all ESXi servers that participate in vMotion of the virtual machine. Refer to [this KB article](https://knowledge.broadcom.com/external/article/324829/vmotion-fails-with-the-compatibility-err.html) from Broadcom for more information. |
 | EPC_HARDWARE_DEVICE          | This error is encountered when a Virtual Machine’s parallel Port/USB Device is connected to a device can't be accessed on the destination host. | If you're using an image file (ISO, FLP, and so on), ensure that it's accessible from all ESXi servers of the cluster. Store the files on a data store that is shared between all ESXi servers that participate in the vMotion of the virtual machine. Refer to [this KB article](https://knowledge.broadcom.com/external/article/324829/vmotion-fails-with-the-compatibility-err.html) from Broadcom for more information. |
-| EPC_INVALIDVM / EPC_ORPHANVM | This error is encountered when there's an orphaned or Invalid VM in the inventory | Ensure all your Virtual Machines are accessible to the vCenter. Refer to [this KB article](https://knowledge.broadcom.com/external/article/312831/virtual-machines-appear-as-invalid-or-or.html) for more information |
-
+| EPC_INVALIDVM / EPC_ORPHANVM | This error is encountered when there's an orphaned or Invalid VM in the inventory | Ensure all your Virtual Machines are accessible to the vCenter. Refer to [this KB article](https://knowledge.broadcom.com/external/article/312831/virtual-machines-appear-as-invalid-or-or.html) for more information. |
+| EPC_VMHOSTDRSRULE | This error is encountered when there's a Virtual Machine with Host affinity/anti-affinity DRS rule. | VM shouldn't block VMware vMotion while putting a host into maintenance mode. Set "should rules" for VM-Host affinity. Refer to [this document](/azure/azure-vmware/create-placement-policy#what-is-the-difference-between-the-vm-host-affinity-policy-and-restrict-vm-movement) for more information. |
+| EPC_FTTVIOLATION | This error is encountered when a virtual machine has "Failures to Tolerate" as 0 or "No data redundancy" | Follow [this KB article](https://knowledge.broadcom.com/external/article/391522/the-esxi-host-takes-very-long-time-enter.html) to configure FTT as 1 or 2 for the Virtual Machine. |
 
 > [!NOTE]
 > Azure VMware Solution tenant admins must not edit or delete the previously defined VMware vCenter Server alarms because they're managed by the Azure VMware Solution control plane on vCenter Server. These alarms are used by Azure VMware Solution monitoring to trigger the Azure VMware Solution host remediation process.

articles/azure-vmware/azure-vmware-solution-private-cloud-maintenance-best-practices.md

@@ -1,13 +1,13 @@
 ---
 title: View your Azure usage summary details and download reports for EA enrollments
 description: This article explains how enterprise administrators of direct and indirect Enterprise Agreement (EA) enrollments can view a summary of their usage data, Azure Prepayment consumed, and charges associated with other usage in the Azure portal.
-author: SandeepReddyAcc
-ms.author: v-salin@microsoft.com
+author: SPathak16
+ms.author: v-salin
 ms.date: 09/22/2025
 ms.topic: how-to
 ms.service: cost-management-billing
 ms.subservice: enterprise
-ms.reviewer: v-salin@microsoft.com
+ms.reviewer: v-salin
 ms.custom: sfi-image-nochange
 ---
 

articles/cost-management-billing/manage/direct-ea-azure-usage-charges-invoices.md

@@ -1,13 +1,13 @@
 ---
 title: Direct EA billing invoice documents
 description: Learn how to understand the invoice files associated with your direct enterprise agreement.
-author: SandeepReddyAcc
-ms.reviewer: v-salin@microsoft.com
+author: SPathak16
+ms.reviewer: v-salin
 ms.service: cost-management-billing
 ms.subservice: enterprise
 ms.topic: conceptual
 ms.date: 09/23/2025
-ms.author: v-salin@microsoft.com
+ms.author: v-salin
 ---
 
 # Direct EA billing invoice documents

articles/cost-management-billing/manage/direct-ea-billing-invoice-documents.md

@@ -1,13 +1,13 @@
 ---
 title: Azure Marketplace
 description: Describes how EA customers can use Azure Marketplace.
-author: SandeepReddyAcc
-ms.reviewer: v-salin@microsoft.com
+author: SPathak16
+ms.reviewer: v-salin
 ms.service: cost-management-billing
 ms.subservice: enterprise
 ms.topic: conceptual
 ms.date: 09/23/2025
-ms.author: v-salin@microsoft.com
+ms.author: v-salin
 ---
 
 # Azure Marketplace

articles/cost-management-billing/manage/ea-azure-marketplace.md

@@ -1,13 +1,13 @@
 ---
 title: EA billing administration for partners in the Azure portal
 description: This article explains the common tasks that a partner administrator accomplishes in the Azure portal to manage indirect enterprise agreements.
-author: SandeepReddyAcc
-ms.author: v-salin@microsoft.com
+author: SPathak16
+ms.author: v-salin
 ms.date: 09/24/2025
 ms.topic: conceptual
 ms.service: cost-management-billing
 ms.subservice: enterprise
-ms.reviewer: v-salin@microsoft.com
+ms.reviewer: v-salin
 ms.custom: sfi-image-nochange
 ---
 

articles/cost-management-billing/manage/ea-billing-administration-partners.md

@@ -1,13 +1,13 @@
 ---
 title: Review your Azure Enterprise Agreement bill
 description: Learn how to read and understand your usage and bill for Azure Enterprise Agreements.
-author: SandeepReddyAcc
-ms.reviewer: v-salin@microsoft.com
+author: SPathak16
+ms.reviewer: v-salin
 ms.service: cost-management-billing
 ms.subservice: enterprise
 ms.topic: tutorial
 ms.date: 09/22/2025
-ms.author: v-salin@microsoft.com
+ms.author: v-salin
 ---
 # Understand your Azure Enterprise Agreement bill