Merge pull request #312237 from MicrosoftDocs/main

Auto Publish – main to live - 2026-02-24 23:00 UTC

Author: learn-build-service-prod[bot]

.openpublishing.redirection.json

@@ -6845,6 +6845,11 @@
       "redirect_url": "/azure/reliability/reliability-nat-gateway",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/iot-operations/connect-to-cloud/howto-configure-opentelemetry-endpoint.md",
+      "redirect_url": "/azure/iot-operations/connect-to-cloud/open-telemetry",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/synapse-analytics/sql/get-started-azure-data-studio.md",
       "redirect_url": "/azure/synapse-analytics/sql/get-started-ssms",

articles/api-management/azure-openai-semantic-cache-lookup-policy.md

@@ -9,7 +9,7 @@ ms.collection: ce-skilling-ai-copilot
 ms.custom:
   - build-2024
 ms.topic: reference
-ms.date: 10/27/2025
+ms.date: 02/23/2026
 ms.update-cycle: 180-days
 ms.author: danlep
 ---
@@ -23,6 +23,8 @@ Use the `azure-openai-semantic-cache-lookup` policy to perform cache lookup of r
 > [!NOTE]
 > * This policy must have a corresponding [Cache responses to Azure OpenAI API requests](azure-openai-semantic-cache-store-policy.md) policy. 
 > * For prerequisites and steps to enable semantic caching, see [Enable semantic caching for LLM APIs in Azure API Management](azure-openai-enable-semantic-caching.md).
+> * Because semantic caching returns responses based on similarity (not exact match), it can surface responses that are incorrect, outdated, or unsafe for the current request. Evaluate this feature carefully for your workload and include safeguards.
+
 
 [!INCLUDE [api-management-policy-generic-alert](../../includes/api-management-policy-generic-alert.md)]
 

articles/api-management/azure-openai-semantic-cache-store-policy.md

@@ -9,7 +9,7 @@ ms.collection: ce-skilling-ai-copilot
 ms.custom:
   - build-2024
 ms.topic: reference
-ms.date: 12/13/2024
+ms.date: 02/23/2026
 ms.update-cycle: 180-days
 ms.author: danlep
 ---
@@ -23,6 +23,8 @@ The `azure-openai-semantic-cache-store` policy caches responses to Azure OpenAI
 > [!NOTE]
 > * This policy must have a corresponding [Get cached responses to Azure OpenAI API requests](azure-openai-semantic-cache-lookup-policy.md) policy. 
 > * For prerequisites and steps to enable semantic caching, see [Enable semantic caching for Azure OpenAI APIs in Azure API Management](azure-openai-enable-semantic-caching.md).
+> * Because semantic caching returns responses based on similarity (not exact match), it can surface responses that are incorrect, outdated, or unsafe for the current request. Evaluate this feature carefully for your workload and include safeguards.
+
 
 [!INCLUDE [api-management-policy-generic-alert](../../includes/api-management-policy-generic-alert.md)]
 

articles/api-management/ip-filter-policy.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: reference
-ms.date: 07/23/2024
+ms.date: 02/23/2026
 ms.author: danlep
 ---
 # Restrict caller IPs
@@ -49,7 +49,9 @@ The `ip-filter` policy filters (allows/denies) calls from specific IP addresses
 
 ### Usage notes
 
-If you configure this policy at more than one scope, IP filtering is applied in the order of [policy evaluation](set-edit-policies.md#use-base-element-to-set-policy-evaluation-order) in your policy definition. 
+- If you configure this policy at more than one scope, IP filtering is applied in the order of [policy evaluation](set-edit-policies.md#use-base-element-to-set-policy-evaluation-order) in your policy definition. 
+
+- If `action` is set to `allow`, requests that don't match any `address` or `address-range` are denied. If `action` is set to `forbid`, requests that don't match any `address` or `address-range` are allowed.
 
 ## Example
 

articles/api-management/llm-semantic-cache-lookup-policy.md

@@ -9,7 +9,7 @@ ms.collection: ce-skilling-ai-copilot
 ms.custom:
   - build-2024
 ms.topic: reference
-ms.date: 10/27/2025
+ms.date: 02/23/2026
 ms.update-cycle: 180-days
 ms.author: danlep
 ---
@@ -23,6 +23,7 @@ Use the `llm-semantic-cache-lookup` policy to perform cache lookup of responses
 > [!NOTE]
 > * This policy must have a corresponding [Cache responses to large language model API requests](llm-semantic-cache-store-policy.md) policy. 
 > * For prerequisites and steps to enable semantic caching, see [Enable semantic caching for LLM APIs in Azure API Management](azure-openai-enable-semantic-caching.md).
+> * Because semantic caching returns responses based on similarity (not exact match), it can surface responses that are incorrect, outdated, or unsafe for the current request. Evaluate this feature carefully for your workload and include safeguards.
 
 [!INCLUDE [api-management-policy-generic-alert](../../includes/api-management-policy-generic-alert.md)]
 

articles/api-management/llm-semantic-cache-store-policy.md

@@ -8,7 +8,7 @@ ms.service: azure-api-management
 ms.collection: ce-skilling-ai-copilot
 ms.custom:
 ms.topic: reference
-ms.date: 12/13/2024
+ms.date: 02/23/2026
 ms.update-cycle: 180-days
 ms.author: danlep
 ---
@@ -22,6 +22,7 @@ The `llm-semantic-cache-store` policy caches responses to chat completion API re
 > [!NOTE]
 > * This policy must have a corresponding [Get cached responses to large language model API requests](llm-semantic-cache-lookup-policy.md) policy. 
 > * For prerequisites and steps to enable semantic caching, see [Enable semantic caching for Azure OpenAI APIs in Azure API Management](azure-openai-enable-semantic-caching.md). 
+> * Because semantic caching returns responses based on similarity (not exact match), it can surface responses that are incorrect, outdated, or unsafe for the current request. Evaluate this feature carefully for your workload and include safeguards.
 
 [!INCLUDE [api-management-policy-generic-alert](../../includes/api-management-policy-generic-alert.md)]
 

articles/api-management/validate-content-policy.md

@@ -6,15 +6,15 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: reference
-ms.date: 08/30/2024
+ms.date: 02/23/2026
 ms.author: danlep
 ---
 
 # Validate content
 
 [!INCLUDE [api-management-availability-all-tiers](../../includes/api-management-availability-all-tiers.md)]
 
-The `validate-content` policy validates the size or content of a request or response body against one or more [supported schemas](#schemas-for-content-validation).
+The `validate-content` policy validates the size or content (or both) of a request or response body against one or more [supported schemas](#schemas-for-content-validation).
 
 The following table shows the schema formats and request or response content types that the policy supports. Content type values are case insensitive. 
 
@@ -161,6 +161,74 @@ In the following example, API Management interprets any request as a request wit
 </validate-content>
 ```
 
+### Complete policy example with content validation
+
+The following example shows a complete policy document for a customer order API that uses `validate-content` to validate incoming requests and outgoing responses. The policy validates that customer order payloads conform to the `customer-order-schema` (added to API Management) before forwarding them to the backend, and also validates that the backend's order confirmation matches the expected schema, but only detects issues rather than blocking them.
+
+
+```xml
+<policies>
+    <inbound>
+        <base />
+        <!-- Authenticate the request -->
+        <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized">
+            <openid-config url="https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration" />
+            <audiences>
+                <audience>api://customer-orders</audience>
+            </audiences>
+        </validate-jwt>
+        
+        <!-- Rate limit per subscription -->
+        <rate-limit-by-key calls="100" renewal-period="60" counter-key="@(context.Subscription.Id)" />
+        
+        <!-- Validate incoming order request -->
+        <validate-content unspecified-content-type-action="prevent" max-size="524288" size-exceeded-action="prevent" errors-variable-name="requestValidationErrors">
+            <content type="application/json" validate-as="json" schema-id="customer-order-schema" action="prevent" allow-additional-properties="false" />
+        </validate-content>
+        
+        <!-- Set backend URL -->
+        <set-backend-service base-url="https://orders-backend.contoso.com/api" />
+    </inbound>
+    <backend>
+        <base />
+    </backend>
+    <outbound>
+        <base />
+        
+        <!-- Validate backend response -->
+        <validate-content unspecified-content-type-action="detect" max-size="1048576" size-exceeded-action="detect" errors-variable-name="responseValidationErrors">
+            <content type="application/json" validate-as="json" schema-id="order-confirmation-schema" action="detect" />
+        </validate-content>
+        
+        <!-- Add custom header to indicate validation passed -->
+        <set-header name="X-Content-Validated" exists-action="override">
+            <value>true</value>
+        </set-header>
+    </outbound>
+    <on-error>
+        <base />
+        <!-- Return validation errors in a structured format -->
+        <choose>
+            <when condition="@(context.Variables.ContainsKey("requestValidationErrors"))">
+                <return-response>
+                    <set-status code="400" reason="Bad Request" />
+                    <set-header name="Content-Type" exists-action="override">
+                        <value>application/json</value>
+                    </set-header>
+                    <set-body>@{
+                        var errors = (IEnumerable<object>)context.Variables["requestValidationErrors"];
+                        return JsonConvert.SerializeObject(new {
+                            error = "Request validation failed",
+                            details = errors
+                        });
+                    }</set-body>
+                </return-response>
+            </when>
+        </choose>
+    </on-error>
+</policies>
+```
+
 [!INCLUDE [api-management-validation-policy-error-reference](../../includes/api-management-validation-policy-error-reference.md)]
 
 ## Related policies

articles/application-gateway/json-web-token-overview.md

@@ -30,6 +30,8 @@ Application Gateway doesn't maintain any session or cookie-based state. This app
 - **Multitenant support**: Supports common organizations and consumers' tenant configurations.
 - **HTTPS only**: Requires HTTPS listeners. HTTP isn't supported.
 
+ :::image type="content" source="media/json-web-token-overview/jwt-validation.png" alt-text="Diagram showing JWT Validation for Application Gateway.":::
+
 ## Prerequisites
 
 - Application Gateway requirements:

articles/application-gateway/media/json-web-token-overview/jwt-validation.png

@@ -4,7 +4,7 @@ description: Use Azure Event Grid to publish Azure Cache for Redis events.
 ms.date: 12/21/2020
 appliesto:
   - ✅ Azure Cache for Redis
-ms.topic: conceptual
+ms.topic: concept-article
 
 ---