Merge pull request #310079 from MicrosoftDocs/main

Auto Publish – main to live - 2026-01-05 18:00 UTC

Author: learn-build-service-prod[bot]

articles/azure-vmware/architecture-stretched-clusters.md

@@ -67,7 +67,8 @@ Azure VMware Solution stretched clusters are available in the following regions:
 
 - UK South (on AV36, and AV36P)
 - West Europe (on AV36, and AV36P) 
-- Germany West Central (on AV36P and AV48)
+- Germany West Central (on AV48)
+
 - Australia East (on AV36P)
 - East US (on AV36P)
 

articles/container-apps/functions-usage.md

@@ -5,7 +5,7 @@ services: container-apps
 author: craigshoemaker
 ms.service: azure-container-apps
 ms.topic:  how-to
-ms.date: 11/26/2025
+ms.date: 12/19/2025
 ms.author: cshoe
 zone_pivot_groups: azure-cli-or-portal
 ---
@@ -382,6 +382,31 @@ az containerapp function keys set \
   --key-type hostKey
 ```
 
+### Key management with Azure Key Vault
+
+When you use Azure Key Vault to store secrets for Azure Functions on Container Apps, key generation works differently than in traditional Functions hosting.
+
+By default:
+
+- Keys aren't automatically created in Key Vault when the Functions host starts
+
+- If keys already exist in Key Vault, the host retrieves and uses them
+
+- The Functions host starts successfully even without keys, and the key synchronization completes normally
+
+As a result, your application runs correctly, but host-level keys won't appear in Key Vault unless you create them manually.
+
+#### Generate keys manually
+
+To trigger key creation in Azure Key Vault, call the Functions management endpoint using the following CLI command.
+
+```azurecli
+az containerapp function keys list \
+ -n <CONTAINER_APP_NAME> \
+ -g <RESOURCE_GROUP> \
+ --key-type hostKey
+```
+
 :::zone-end
 
 ## Related content

articles/container-apps/sessions.md

@@ -78,9 +78,11 @@ Dynamic sessions are available in the following regions:
 | Region | Code interpreter | Custom container |
 |--------|------------------|------------------|
 | Australia East | ✔ | ✔ |
+| Australia Southeast | ✔ | ✔ |
 | Brazil South | ✔ | ✔ |
 | Canada Central | ✔ | ✔ |
 | Canada East | ✔ | ✔ |
+| Central India | ✔ | ✔ |
 | Central US | ✔ | ✔ |
 | East Asia | ✔ | ✔ |
 | East US | ✔ | ✔ |
@@ -89,17 +91,21 @@ Dynamic sessions are available in the following regions:
 | Germany West Central | ✔ | ✔ |
 | Italy North | ✔ | ✔ |
 | Japan East | ✔ | ✔ |
+| Japan West | ✔ | ✔ |
 | Korea Central | ✔ | ✔ |
 | North Central US | ✔ | ✔ |
 | North Europe | ✔ | ✔ |
 | Norway East | ✔ | ✔ |
 | Poland Central | ✔ | ✔ |
 | South Africa North | ✔ | ✔ |
 | South India | ✔ | ✔ |
+| Southeast Asia | ✔ | ✔ |
 | Sweden Central | ✔ | ✔ |
 | Switzerland North | ✔ | ✔ |
+| Switzerland West | ✔ | ✔ |
 | UAE North | ✔ | ✔ |
 | UK South | ✔ | ✔ |
+| UK West | ✔ | ✔ |
 | West Central US | ✔ | ✔ |
 | West Europe | ✔ | ✔ |
 | West US | ✔ | ✔ |

articles/defender-for-iot/organizations/how-to-manage-individual-sensors.md

@@ -63,7 +63,7 @@ Take action by selecting the **Learn more** option under :::image type="icon" so
 
 ## Download software for OT sensors
 
-You may need to download software for your OT sensor if you're [installing Defender for IoT software](ot-deploy/install-software-ot-sensor.md) on your own appliances, or [updating software versions](update-ot-software.md).
+You might need to download software for your OT sensor if you're [installing Defender for IoT software](ot-deploy/install-software-ot-sensor.md) on your own appliances, or [updating software versions](update-ot-software.md).
 
 In [Defender for IoT](https://portal.azure.com/#view/Microsoft_Azure_IoT_Defender/IoTDefenderDashboard/~/Getting_started) in the Azure portal, use one of the following options:
 
@@ -193,15 +193,15 @@ When you're done, use the following procedures to validate your certificate file
 
 ## Update the OT sensor network configuration
 
-You'd configured your OT sensor network configuring during [installation](ot-deploy/install-software-ot-sensor.md). You may need to make changes as part of OT sensor maintenance, such as to modify network values or setting up a proxy configuration.
+After configuring your OT sensor network during [installation](ot-deploy/install-software-ot-sensor.md), you might need to make changes as part of OT sensor maintenance, such as modifying network values or setting up a proxy configuration.
 
 **To update the OT sensor configuration:**
 
 1. Sign into the OT sensor and select **System Settings** > **Basic** > **Sensor network settings**.
 
 1. In the **Sensor network settings** pane, update the following details for your OT sensor as needed:
 
-    - **IP address**. Changing the IP address may require users to sign into your OT sensor again.
+    - **IP address**. Changing the IP address might require users to sign into your OT sensor again.
     - **Subnet mask**
     - **Default gateway**
     - **DNS**. Make sure to use the same hostname that's configured in your organization's DNS server.
@@ -250,6 +250,10 @@ For more information, see [ERSPAN ports](best-practices/traffic-mirroring-method
 
 > [!NOTE]
 > This procedure restarts your sensor software to implement any changes made.
+>
+> Defender for IoT ERSPAN monitoring is tested, certified, and supported **only when the ERSPAN tunnel originates from Cisco devices.**
+>
+> ERSPAN tunnels from non-Cisco vendors are **not supported** and might fail due to differences in ERSPAN implementations.
 
 **To update your sensor's monitoring interfaces**:
 
@@ -269,7 +273,7 @@ For more information, see [ERSPAN ports](best-practices/traffic-mirroring-method
         |Name  |Description  |
         |---------|---------|
         |**Mode**     | Select one of the following: <br><br>- **SPAN Traffic (no encapsulation)** to use the default SPAN port mirroring. <br>- **Tunneling** if you're using ERSPAN mirroring. <br><br>For more information, see [Choose a traffic mirroring method for OT sensors](best-practices/traffic-mirroring-methods.md).       |
-        |**Description**     |  Enter an optional description for the interface. You'll see this later on in the sensor's **System settings > Interface configurations** page, and these descriptions may be helpful in understanding the purpose of each interface.  |
+        |**Description**     |  Enter an optional description for the interface. You'll see this later on in the sensor's **System settings > Interface configurations** page, and these descriptions might be helpful in understanding the purpose of each interface.  |
         |**Interface IP**     | The ERSPAN IP on the sensor side. <br> - The management interface IP and the ERSPAN interface IP must be configured on separate network subnets. <br>  - Configuring both the management and ERSPAN IP addresses on the same subnet might lead to asymmetric routing issues.   |
         | **Subnet** | The subnet mask of the ERSPAN interface IP. |
         |**Name**     | Enter a unique name for the virtual ERSPAN interface.|
@@ -286,7 +290,7 @@ For more information, see [ERSPAN ports](best-practices/traffic-mirroring-method
 
 ## Synchronize time zones on an OT sensor
 
-You may want to configure your OT sensor with a specific time zone so that all users see the same times regardless of the user's location.
+You might want to configure your OT sensor with a specific time zone so that all users see the same times regardless of the user's location.
 
 Time zones are used in [alerts](how-to-view-alerts.md), [trends and statistics widgets](how-to-create-trends-and-statistics-reports.md), [data mining reports](how-to-create-data-mining-queries.md), [risk assessment reports](how-to-create-risk-assessment-reports.md), and [attack vector reports](how-to-create-attack-vector-reports.md).
 
@@ -337,7 +341,7 @@ Make sure you can reach the SMTP server from the [sensor's management port](./be
 
 ## Upload and play PCAP files
 
-When troubleshooting your OT sensor, you may want to examine data recorded by a specific PCAP file. To do so, you can upload a PCAP file to your OT sensor and replay the data recorded.
+When troubleshooting your OT sensor, you might want to examine data recorded by a specific PCAP file. To do so, you can upload a PCAP file to your OT sensor and replay the data recorded.
 
 The **Play PCAP** option is enabled by default in the sensor console's settings.
 
@@ -370,7 +374,7 @@ The **Play PCAP** option is now available in the sensor console's settings, unde
 
 By default, each OT network sensor analyzes ingested data using [built-in analytics engines](architecture.md#defender-for-iot-analytics-engines), and triggers alerts based on both real-time and prerecorded traffic.
 
-While we recommend that you keep all analytics engines on, you may want to turn off specific analytics engines on your OT sensors to limit the type of anomalies and risks monitored by that OT sensor.
+While we recommend that you keep all analytics engines on, you might want to turn off specific analytics engines on your OT sensors to limit the type of anomalies and risks monitored by that OT sensor.
 
 > [!IMPORTANT]
 > When you disable a policy engine, information that the engine generates won't be available to the sensor. For example, if you disable the Anomaly engine, you won't receive alerts on network anomalies. If you'd created a [forwarding alert rule](how-to-forward-alert-information-to-partners.md), anomalies that the engine learns won't be sent.
@@ -418,7 +422,7 @@ After clearing data on a cloud-connected sensor:
 - Some actions on corresponding alerts in the Azure portal are no longer supported, such as downloading PCAP files or learning alerts.
 
 > [!NOTE]
-> Network settings such as IP/DNS/GATEWAY will not be changed by clearing system data.
+> Network settings such as IP/DNS/GATEWAY won't be changed by clearing system data.
 
 **To clear system data**:
 

articles/governance/machine-configuration/whats-new/migrating-from-dsc-extension.md

@@ -42,10 +42,15 @@ resources
     | where type == 'microsoft.compute/virtualmachines/extensions'
     | extend 
         VMId = toupper(substring(id, 0, indexof(id, '/extensions'))),
-        ExtensionName = tolower(name)
-    | where ExtensionName == 'microsoft.powershell.dsc'
+        ExtensionName = tolower(name),
+        ExtensionType = tolower(tostring(properties.type)),
+        ExtensionPublisher = tolower(tostring(properties.publisher)),
+        ExtensionVersion = tostring(properties.typeHandlerVersion),
+        ExtensionState = tolower(tostring(properties.provisioningState))
+    | where ExtensionPublisher == 'microsoft.powershell'
+    | where ExtensionType == 'dsc'
 ) on $left.JoinID == $right.VMId
-| project OSName, OSType, ExtensionName, ['id']
+| project OSName, OSType, ExtensionName, ExtensionType, ExtensionPublisher, ExtensionVersion, ExtensionState, ['id']
 | order by tolower(OSName) asc
 ```
 

articles/reliability/availability-zones-service-support.md

@@ -58,7 +58,7 @@ The following table lists zonal and zone-redundant Azure services. Some services
 | [Azure Event Grid](reliability-event-grid.md#availability-zone-support) | :::image type="content" source="media/icon-checkmark.svg" alt-text="Yes" border="false"::: | |
 | [Azure Event Hubs](./reliability-event-hubs.md#resilience-to-availability-zone-failures) | :::image type="content" source="media/icon-checkmark.svg" alt-text="Yes" border="false"::: | |
 | [Azure ExpressRoute gateway](reliability-virtual-network-gateway.md?pivot=expressroute#resilience-to-availability-zone-failures) | :::image type="content" source="media/icon-checkmark.svg" alt-text="Yes" border="false"::: | |
-| [Azure Files](./reliability-storage-files.md#resilience-to-availability-zone-failures) | :::image type="content" source="media/icon-checkmark.svg" alt-text="Yes" border="false"::: | |
+| [Azure Files](./reliability-storage-files.md#resilience-to-availability-zone-failures) | :::image type="content" source="media/icon-checkmark.svg" alt-text="Yes" border="false"::: | :::image type="content" source="media/icon-checkmark.svg" alt-text="Yes" border="false"::: |
 | [Azure Firewall](reliability-firewall.md#resilience-to-availability-zone-failures) | :::image type="content" source="media/icon-checkmark.svg" alt-text="Yes" border="false"::: | :::image type="content" source="media/icon-checkmark.svg" alt-text="Yes" border="false"::: |
 | [Azure Firewall Manager](../firewall-manager/quick-firewall-policy.md) | :::image type="content" source="media/icon-checkmark.svg" alt-text="Yes" border="false"::: ||
 | [Azure Functions](./reliability-functions.md#availability-zone-support) | :::image type="content" source="media/icon-checkmark.svg" alt-text="Yes" border="false"::: ||

articles/reliability/includes/storage/reliability-storage-availability-zone-down-experience-active-requests-include.md

@@ -0,0 +1,12 @@
+---
+ title: Description of Azure Storage availability zone zone-down experience - active requests
+ description: Description of Azure Storage availability zone zone-down experience - active requests
+ author: anaharris-ms
+ ms.service: azure
+ ms.topic: include
+ ms.date: 07/02/2024
+ ms.author: anaharris
+ ms.custom: include file
+---
+
+In-flight requests might be dropped during the recovery process and should be retried. Applications should [implement retry logic](#resilience-to-transient-faults) to handle these temporary interruptions.

articles/reliability/includes/storage/reliability-storage-availability-zone-down-experience-detection-response-include.md

@@ -0,0 +1,14 @@
+---
+ title: Description of Azure Storage availability zone zone-down experience - detection and response
+ description: Description of Azure Storage availability zone zone-down experience - detection and response
+ author: anaharris-ms
+ ms.service: azure
+ ms.topic: include
+ ms.date: 07/02/2024
+ ms.author: anaharris
+ ms.custom: include file
+---
+
+Microsoft automatically detects zone failures and initiates recovery processes. No customer action is required for zone-redundant storage (ZRS) accounts.
+
+If a zone becomes unavailable, Azure undertakes networking updates such as Domain Name System (DNS) repointing.

articles/reliability/includes/storage/reliability-storage-availability-zone-down-experience-expected-data-loss-include.md

@@ -0,0 +1,12 @@
+---
+ title: Description of Azure Storage availability zone zone-down experience - expected data loss
+ description: Description of Azure Storage availability zone zone-down experience - expected data loss
+ author: anaharris-ms
+ ms.service: azure
+ ms.topic: include
+ ms.date: 07/02/2024
+ ms.author: anaharris
+ ms.custom: include file
+---
+
+No data loss occurs during zone failures because data is synchronously replicated across multiple zones before write operations complete.

articles/reliability/includes/storage/reliability-storage-availability-zone-down-experience-expected-downtime-include.md

@@ -0,0 +1,12 @@
+---
+ title: Description of Azure Storage availability zone zone-down experience - expected downtime
+ description: Description of Azure Storage availability zone zone-down experience - expected downtime
+ author: anaharris-ms
+ ms.service: azure
+ ms.topic: include
+ ms.date: 07/02/2024
+ ms.author: anaharris
+ ms.custom: include file
+---
+
+A small amount of downtime, typically, a few seconds, might occur during automatic recovery as traffic is redirected to healthy zones. When you design applications for ZRS, follow practices for [transient fault handling](#resilience-to-transient-faults), including implementing retry policies with exponential back-off.