Merge pull request #313930 from lootle1/FR44

Freshness Edit: Azure Dev Compute - Container Apps

Author: prmerger-automator[bot]

articles/container-apps/manage-secrets.md

@@ -21,7 +21,7 @@ Azure Container Apps allows your application to securely store sensitive configu
 - Secrets are scoped to an application, outside of any specific revision of an application.
 - New revisions don't get generated through adding, removing, or changing secrets.
 - Each application revision can reference one or more secrets.
-- Multiple revisions can reference the same secret(s).
+- Multiple revisions can reference the same secrets.
 
 An updated or deleted secret doesn't automatically affect existing revisions in your app. When a secret is updated or deleted, you can respond to changes in one of two ways:
 
@@ -39,13 +39,13 @@ Secrets are defined as a set of name/value pairs. The value of each secret is sp
 
 ### Store secret value in Container Apps
 
-When you define secrets through the portal, or via different command line options.
+The following is used when you define secrets through the portal, or via different command line options.
 
 # [Azure portal](#tab/azure-portal)
 
 1. Go to your container app in the [Azure portal](https://portal.azure.com).
 
-1. Under the *Settings* section, select **Secrets**.
+1. Under the *Security* section, select **Secrets**.
 
 1. Select **Add**.
 
@@ -122,7 +122,7 @@ Here, a connection string to a queue storage account is declared. The value for
 
 ---
 
-### <a name="reference-secret-from-key-vault"></a>Reference secret from Key Vault
+## <a name="reference-secret-from-key-vault"></a>Reference secret from Key Vault
 
 When you define a secret, you create a reference to a secret stored in Azure Key Vault. Container Apps automatically retrieves the secret value from Key Vault and makes it available as a secret in your container app.
 
@@ -136,7 +136,7 @@ To grant access to Key Vault secrets, grant the Azure RBAC role [Key Vault Secre
 
 1. Go to your container app in the [Azure portal](https://portal.azure.com).
 
-1. Under the *Settings* section, select **Identity**.
+1. Under the *Security* section, select **Identity**.
 
 1. In the *System assigned* tab, set the *Status* to **On**.
 
@@ -147,7 +147,7 @@ To grant access to Key Vault secrets, grant the Azure RBAC role [Key Vault Secre
 
 1. A popup appears to confirm that you want to enable system assigned managed identity and register your container app with Microsoft Entra ID. Select **Yes**.
 
-1. Under the *Settings* section, select **Secrets**.
+1. Under the *Security* section, select **Secrets**.
 
 1. Select **Add**.
 
@@ -216,14 +216,14 @@ Secrets Key Vault references aren't supported in PowerShell.
 ---
 
 > [!NOTE]
-> If you're using [UDR With Azure Firewall](user-defined-routes.md), you will need to add the `AzureKeyVault` service tag and the *login.microsoft.com* FQDN to the allow list for your firewall. Refer to [configuring UDR with Azure Firewall](use-azure-firewall.md) to decide which additional service tags you need.
+> If you're using [UDR With Azure Firewall](user-defined-routes.md), you'll need to add the `AzureKeyVault` service tag and the *login.microsoft.com* FQDN to the allow list for your firewall. Refer to [configuring UDR with Azure Firewall](use-azure-firewall.md) to decide which additional service tags you need.
 
 #### Key Vault secret URI and secret rotation
 
 The Key Vault secret URI must be in one of the following formats:
 
-* `https://myvault.vault.azure.net/secrets/mysecret/ec96f02080254f109c51a1f14cdb1931`: Reference a specific version of a secret.
-* `https://myvault.vault.azure.net/secrets/mysecret`: Reference the latest version of a secret.
+- `https://myvault.vault.azure.net/secrets/mysecret/ec96f02080254f109c51a1f14cdb1931`: Reference a specific version of a secret.
+- `https://myvault.vault.azure.net/secrets/mysecret`: Reference the latest version of a secret.
 
 If a version isn't specified in the URI, then the app uses the latest version that exists in the key vault. When newer versions become available, the app automatically retrieves the latest version within 30 minutes. Any active revisions that reference the secret in an environment variable is automatically restarted to pick up the new value.
 

articles/container-apps/overview.md

@@ -5,7 +5,7 @@ services: container-apps
 author: craigshoemaker
 ms.service: azure-container-apps
 ms.topic: overview
-ms.date: 11/19/2024
+ms.date: 03/31/2026
 ms.author: cshoe
 ms.custom: build-2023
 ---
@@ -26,7 +26,7 @@ Additionally, applications built on Azure Container Apps can dynamically scale b
 - HTTP traffic
 - Event-driven processing
 - CPU or memory load
-- Any [KEDA-supported scaler](https://keda.sh/docs/scalers/)
+- Any [KEDA-supported scaler](https://keda.sh/docs/2.19/scalers/)
 
 :::image type="content" source="media/overview/azure-container-apps-example-scenarios.png" alt-text="Example scenarios for Azure Container Apps.":::
 
@@ -43,13 +43,13 @@ With Azure Container Apps, you can:
 
 - [**Use the Azure CLI extension, Azure portal or ARM templates**](get-started.md) to manage your applications.
 
-- [**Enable HTTPS or TCP ingress**](ingress.md) without having to manage other Azure infrastructure.
+- [**Enable HTTPS or TCP ingress**](ingress-overview.md) without having to manage other Azure infrastructure.
 
 - [**Build microservices with Dapr**](microservices.md) and [access its rich set of APIs](./dapr-overview.md).
 
 - [**Run jobs**](jobs.md) on-demand, on a schedule, or based on events.
 
-- [**Run Azure Functions**](../container-apps/functions-overview.md) for [event-driven scenarios](../azure-functions/functions-scenarios.md) using triggers, bindings and automatic scaling.
+- [**Run Azure Functions**](../container-apps/functions-overview.md) for [event-driven scenarios](../azure-functions/functions-scenarios.md) using triggers, bindings, and automatic scaling.
 
 - Add [**Azure Spring Apps**](https://aka.ms/asaonaca) to your Azure Container Apps environment.
 

articles/container-apps/sessions.md

@@ -14,29 +14,30 @@ ms.custom: references_regions, ignite-2024
 
 Azure Container Apps dynamic sessions provide fast access to secure sandboxed environments that are ideal for running code or applications that require strong isolation from other workloads.
 
-Dynamic sessions offer prewarmed environments through a [session pools](./session-pool.md) that starts the container in milliseconds, scales on demand, and maintains strong isolation. This makes them ideal for interactive workloads, running LLM generated scripts, and secure execution of custom code.
-
+Dynamic sessions offer prewarmed environments through [session pools](./session-pool.md) that start the container in milliseconds, scale on demand, and maintain strong isolation. This makes them ideal for interactive workloads, running LLM generated scripts, and secure execution of custom code.
 
 ## Benefits
+
 With sessions, you get:
 
 - **Secure isolation**: Hyper-V isolation and optional network controls protect your environment. Sessions are isolated from each other and from the host environment, providing enterprise-grade security and isolation.  
 - **Sandboxed environments**: Each session runs in its own isolated environment, ensuring that workloads don't interfere with each other.
 - **Instant Startup**: Prewarmed pools enable subsecond launch times for interactive workloads. New sessions are allocated in milliseconds thanks to pools of ready but unallocated sessions.  
-- **Scalable by Design**: Handle hundreds or thousands of concurrent sessions without manual intervention. 
-- **Managed lifecycle**: Sessions are automatically deprovisioned after use or after a configurable cooldown period, ensuring efficient resource usage. 
-
+- **Scalable by Design**: Handle hundreds or thousands of concurrent sessions without manual intervention.
+- **Managed lifecycle**: Sessions are automatically deprovisioned after use or after a configurable cooldown period, ensuring efficient resource usage.
 
 ## Common Scenarios
-Dynamic sessions are useful in a variety of situations, including:
+
+Dynamic sessions are useful in various situations, including:
+
 - **AI/LLM Workflows**: Safely execute AI-generated code in isolated environments without risking your production systems.
 - **Interactive Development**: Provide developers with fast, disposable environments for testing scripts or prototypes without provisioning full apps.
 - **Secure Code Execution**: Run untrusted or user-submitted code in a sandboxed environment with strong isolation.
 - **Custom Compute Tasks**: Execute short-lived jobs that require custom dependencies or runtime environments without long startup times.
 - **Burst Workloads**: Handle unpredictable spikes in demand by scaling sessions up and down automatically.
 
-
 ## Key Concepts
+
 - **Session Pool**: A session pool is the foundation for dynamic sessions. It contains a set of prewarmed, ready-to-use sessions that enable near instant startup. When a request comes in, the system allocates a session from the pool instead of creating one from scratch, which dramatically reduces latency.  
 
 - **Session**: A session is the actual execution environment where your code or container runs. Sessions are ephemeral and isolated, designed for short-lived tasks. When you create a session, it's allocated from the session pool, ensuring fast startup. After the task completes or the cooldown period expires, the session is destroyed and resources are cleaned up.  
@@ -49,8 +50,7 @@ Dynamic sessions are useful in a variety of situations, including:
   - **Code interpreter session pools**: These use platform built-in containers that provide preconfigured environments for running code, including AI-generated scripts. Ideal for scenarios like LLM-driven workflows or secure code execution.
   - **Custom container session pools**: Bring-your-own-container for custom workloads that require specific dependencies or runtime environments.
 
-
-#### Session pool types comparison
+### Session pool types comparison
 
 | | **Code interpreter session pool** | **Custom container session pool** |
 |---------------|------------------------------|------------------------------|
@@ -63,7 +63,6 @@ Dynamic sessions are useful in a variety of situations, including:
 
 For more information, see [Usage](./sessions-usage.md).
 
-
 ## Supported regions
 
 Dynamic sessions are available in the following regions. Both code interpreter and custom container sessions are supported in all listed regions.
@@ -89,12 +88,13 @@ Dynamic sessions are available in the following regions. Both code interpreter a
 > Regional availability may change. To verify current availability, check the **Location** dropdown when creating a session pool in the Azure portal.
 
 ## Security
-Dynamic sessions are designed to run untrusted code in isolated environments. For information about securing your sessions, see [Security](./sessions-usage.md#security).
 
+Dynamic sessions are designed to run untrusted code in isolated environments. For information about securing your sessions, see [Security](./sessions-usage.md#security).
 
 ## Billing
-Custom container sessions are billed based on the resources consumed by the session pool. For more information, see [Azure Container Apps billing](./billing.md#dynamic-sessions).
 
+Custom container sessions are billed based on the resources consumed by the session pool. For more information, see [Azure Container Apps billing](./billing.md#dynamic-sessions).
 
 ## Related content
+
 - Learn how to configure [session pools](./session-pool.md)

articles/container-apps/vnet-custom.md

@@ -6,7 +6,7 @@ author: craigshoemaker
 ms.service: azure-container-apps
 ms.custom: devx-track-azurepowershell, devx-track-azurecli
 ms.topic:  how-to
-ms.date: 02/03/2025
+ms.date: 04/02/2026
 ms.author: cshoe
 zone_pivot_groups: azure-cli-or-portal
 ---
@@ -20,23 +20,23 @@ The following example shows you how to create a Container Apps environment in an
 <!-- Create -->
 [!INCLUDE [container-apps-create-portal-steps.md](../../includes/container-apps-create-portal-steps.md)]
 
-You also have the option of deploying a private DNS for your Container Apps environment. For more information see [Create and configure an Azure Private DNS zone](waf-app-gateway.md#create-and-configure-an-azure-private-dns-zone).
+You also have the option of deploying a private DNS for your Container Apps environment. For more information, see [Create and configure an Azure Private DNS zone](waf-app-gateway.md#create-and-configure-an-azure-private-dns-zone).
 
-#### Create a virtual network
+## Create a virtual network
 
 > [!NOTE]
 > To use a VNet with Container Apps, the VNet must have a dedicated subnet with a CIDR range of `/27` or larger when using the default workload profiles environment, or a CIDR range of `/23` or larger when using the legacy Consumption only environment. To learn more about subnet sizing, see the [networking architecture overview](./custom-virtual-networks.md#subnet).
 
 1. Select the **Networking** tab.
 1. Select **Yes** next to *Use your own virtual network*.
-1. Next to the *Virtual network* box, select the **Create new** link and enter the following value.
+1. Next to the *Virtual network* box, select the **Create new** link and enter the following value:
 
     | Setting | Value |
     |--|--|
     | Name | Enter **my-custom-vnet**. |
 
 1. Select the **OK** button.
-1. Next to the *Infrastructure subnet* box, select the **Create new** link and enter the following values:
+1. Next to the *Subnet* box, select the **Create new** link and enter the following values:
 
     | Setting | Value |
     |---|---|
@@ -146,7 +146,7 @@ $vnet = New-AzVirtualNetwork @VnetArgs
 
 ---
 
-When using the Workload profiles environment, you need to update the VNet to delegate the subnet to `Microsoft.App/environments`. Do not delegate the subnet when using the Consumption-only environment.
+When using the Workload profiles environment, you need to update the VNet to delegate the subnet to `Microsoft.App/environments`. Don't delegate the subnet when using the Consumption-only environment.
 
 # [Bash](#tab/bash)
 
@@ -204,7 +204,7 @@ The following table describes the parameters used with `containerapp env create`
 |---|---|
 | `name` | Name of the Container Apps environment. |
 | `resource-group` | Name of the resource group. |
-| `logs-workspace-id` | (Optional) The ID of an existing Log Analytics workspace.  If omitted, a workspace is created for you. |
+| `logs-workspace-id` | (Optional) The ID of an existing Log Analytics workspace. If omitted, a workspace is created for you. |
 | `logs-workspace-key` | The Log Analytics client secret. Required if using an existing workspace. |
 | `location` | The Azure location where the environment is to deploy. |
 | `infrastructure-subnet-resource-id` | Resource ID of a subnet for infrastructure components and user application containers. |
@@ -351,9 +351,9 @@ New-AzPrivateDnsRecordSet @DnsRecordArgs
 When using the legacy Consumption-only environment, there are three optional networking parameters you can choose to define when calling `containerapp env create`. Use these options when you have a peered VNet with separate address ranges. Explicitly configuring these ranges ensures the addresses used by the Container Apps environment don't conflict with other ranges in the network infrastructure.
 
 > [!NOTE]
-> These parameters are only applicable to the legacy Consumption-only environment type. The default workload profiles environment type does not require these parameters.
+> These parameters are only applicable to the legacy Consumption-only environment type. The default workload profiles environment type doesn't require these parameters.
 
-You must either provide values for all three of these properties, or none of them. If they aren’t provided, the values are generated for you.
+You must either provide values for all three of these properties or none of them. If they aren’t provided, the values are generated for you.
 
 # [Bash](#tab/bash)
 
@@ -363,7 +363,7 @@ You must either provide values for all three of these properties, or none of the
 | `platform-reserved-dns-ip` | An IP address from the `platform-reserved-cidr` range that is used for the internal DNS server. The address can't be the first address in the range, or the network address. For example, if `platform-reserved-cidr` is set to `10.2.0.0/16`, then `platform-reserved-dns-ip` can't be `10.2.0.0` (the network address), or `10.2.0.1` (infrastructure reserves use of this IP). In this case, the first usable IP for the DNS would be `10.2.0.2`. |
 | `docker-bridge-cidr` | The address range assigned to the Docker bridge network. This range must have a size between `/28` and `/12`. |
 
-- The `platform-reserved-cidr` and `docker-bridge-cidr` address ranges can't conflict with each other, or with the ranges of either provided subnet. Further, make sure these ranges don't conflict with any other address range in the VNet.
+- The `platform-reserved-cidr` and `docker-bridge-cidr` address ranges can't conflict with each other or with the ranges of either provided subnet. Further, make sure these ranges don't conflict with any other address range in the VNet.
 
 - If these properties aren’t provided, the CLI autogenerates the range values based on the address range of the VNet to avoid range conflicts.
 
@@ -390,7 +390,7 @@ If you're not going to continue to use this application, you can delete the **my
 ::: zone pivot="azure-cli"
 
 >[!CAUTION]
-> The following command deletes the specified resource group and all resources contained within it. If resources outside the scope of this guide exist in the specified resource group, they will also be deleted.
+> The following command deletes the specified resource group and all resources contained within it. If resources outside the scope of this guide exist in the specified resource group, they'll also be deleted.
 
 # [Bash](#tab/bash)
 

includes/container-apps-create-portal-steps.md

@@ -39,13 +39,12 @@ Next, create an environment for your container app.
     |--|--|
     | Region | Select **Central US**. |
 
-1. In the *Create Container Apps environment* field, select the **Create new** link.
+1. In the *Container Apps environment* field, select the **Create new environment** link.
 1. In the *Create Container Apps environment* page on the *Basics* tab, enter the following values:
 
     | Setting | Value |
     |--|--|
     | Environment name | Enter **my-environment**. |
-    | Environment type | Select **Workload profiles**. |
     | Zone redundancy | Select **Disabled** |
 
 1. Select the **Monitoring** tab to create a Log Analytics workspace.