Multitenant in only v1 tiers

Author: dlepow

.openpublishing.redirection.json

@@ -6559,6 +6559,11 @@
       "source_path": "articles/dns/dns-sdk.md",
       "redirect_url": "https://learn.microsoft.com/dotnet/api/overview/azure/resourcemanager.dns-readme",
       "redirect_document_id": false
+    },
+    { 
+      "source_path": "articles/oracle/oracle-db/exadata-vm-clusters.md",
+      "redirect_url": "/azure/oracle/oracle-db/database-overview",
+      "redirect_document_id": false
     }
 
   ]

articles/api-management/api-management-howto-aad.md

@@ -6,7 +6,7 @@ description: Learn how to enable user sign-in to the API Management developer po
 author: dlepow
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 12/08/2025
+ms.date: 12/12/2025
 ms.author: danlep
 ms.custom:
   - engagement-fy23
@@ -70,10 +70,13 @@ For steps, see [Switch redirect URIs to the single-page application type](../act
 
 ## Configure access by users in more than one Microsoft Entra tenant
 
+> [!NOTE]
+> Support for access to the developer portal by users from multiple Microsoft Entra ID tenants is currently available in the API Management Developer, Standard, and Premium tiers.
+
 You can enable access to the developer portal by users from more than one Microsoft Entra ID tenant. To do this:
 
 * Configure app registration for multiple tenants.
-* Update the identity provider configuration for the developer portal to add another tenant.
+* Update the Microsoft Entra ID identity provider configuration for the developer portal to add another tenant.
 
 ### Configure app registration for multiple tenants
 
@@ -82,7 +85,7 @@ The app registration you configure for the identity provider must support multip
 * When creating the app registration, set **Supported account types** to **Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)**. 
 * If you previously configured an app registration for a single tenant, update the **Supported account types** setting on the **Manage** > **Authentication** page of the app registration.
 
-### Update identity provider configuration for multiple tenants
+### Update Microsoft Entra ID identity provider configuration for multiple tenants
 
 Update the identity provider configuration to add another tenant:
 

articles/api-management/api-management-howto-create-subscriptions.md

@@ -6,34 +6,41 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 09/30/2025
+ms.date: 12/09/2025
 ms.author: danlep
 ---
+
 # Create subscriptions in Azure API Management
 
 [!INCLUDE [api-management-availability-all-tiers](../../includes/api-management-availability-all-tiers.md)]
 
-When you publish APIs through Azure API Management, it's easy and common to secure access to those APIs by using subscription keys. Client applications that need to consume the published APIs must include a valid subscription key in HTTP requests when they make calls to those APIs. To get a subscription key for accessing APIs, a subscription is required. For more information about subscriptions, see [Subscriptions in Azure API Management](api-management-subscriptions.md).
+When you publish APIs through Azure API Management, you can secure access to those APIs by using subscription keys. Client applications that need to consume the published APIs must then include a valid subscription key in HTTP requests when they make calls to those APIs. To get a subscription key for accessing APIs, you need a subscription. For more information about subscriptions, see [Subscriptions in Azure API Management](api-management-subscriptions.md).
 
-This article walks through the steps for creating subscriptions in the Azure portal.
+This article walks you through the steps for creating subscriptions in the Azure portal.
 
 > [!IMPORTANT]
-> The **Allow tracing** setting in subscriptions to enable debug traces is deprecated. To improve security, tracing can now be enabled for specific API requests to API Management. To learn more, see [Enable tracing for an API](api-management-howto-api-inspector.md#enable-tracing-for-an-api).
+> The **Allow tracing** setting in subscriptions to enable debug traces is deprecated. To improve security, you can now enable tracing for specific API requests to API Management. To learn more, see [Enable tracing for an API](api-management-howto-api-inspector.md#enable-tracing-for-an-api).
 
 ## Prerequisites
 
-To take the steps in this article, the prerequisites are as follows:
+To complete the steps in this article, you need the following prerequisites:
 
 * [Create an API Management instance](get-started-create-service-instance.md).
 * Understand [subscriptions in API Management](api-management-subscriptions.md).
 
 ## Create a new subscription
 
-1. Navigate to your API Management instance in the [Azure portal](https://portal.azure.com).
+> [!NOTE]
+> API publishers (administrators or users with appropriate permissions to the API Management instance) create and manage subscriptions. API consumers typically request subscriptions through the developer portal or receive them directly from API publishers.
+
+1. Go to your API Management instance in the [Azure portal](https://portal.azure.com).
 1. Under **APIs** in the sidebar menu, select **Subscriptions**, then choose **Add subscription**.
-1. Provide a **Name** and optional **Display name** for the subscription.
-1. Select a **Scope** of the subscription from the dropdown list. To learn more, see [Scope of subscriptions](api-management-subscriptions.md#scope-of-subscriptions).
-1. Optionally, choose if the subscription should be associated with a **User** and whether to send a notification for use with the developer portal.
+1. Enter a **Name** and optional **Display name** for the subscription.
+1. Select a **Scope** of the subscription from the dropdown list. For more information, see [Scope of subscriptions](api-management-subscriptions.md#scope-of-subscriptions).
+1. Optionally, choose if the subscription should be associated with a **User**. 
+    * If you don't associate the subscription with a specific user, it becomes a standalone subscription that can be shared among multiple developers or teams.
+    * You can't directly assign subscriptions to Microsoft Entra ID security groups. To provide access to group members, create a standalone subscription and distribute the keys, or use Microsoft Entra ID authentication with policies for group-based access control.
+1. Optionally, choose whether to send a notification for use with the developer portal.
 1. Select **Create**.
 
 :::image type="content" source="media/api-management-howto-create-subscriptions/create-subscription.png" alt-text="Screenshot showing how to create an API Management subscription in the portal." lightbox="media/api-management-howto-create-subscriptions/create-subscription.png":::
@@ -45,3 +52,4 @@ After you create the subscription, it appears in the list on the **Subscriptions
 * [Azure API Management terminology](api-management-terminology.md)
 * [Tutorial: Import and publish your first API](import-and-publish.md)
 * [Azure API Management FAQs](api-management-faq.yml)
+* [Securely access products and APIs with Microsoft Entra applications](applications.md)

articles/api-management/api-management-howto-entra-external-id.md

@@ -21,7 +21,7 @@ ms.custom:
 
 For an overview of options to secure access to the developer portal, see [Secure access to the API Management developer portal](secure-developer-portal-access.md).
 
-Currently, API Management supports external identity providers in Microsoft Entra External ID when configured in your Microsoft Entra ID *workforce tenant*. For example, if you're enabling access to the developer portal by users in your workforce tenant, such as the Contoso organization, you might want to configure Google or Facebook as an external identity provider so that these external users can also sign in using their accounts. [Learn more about workforce and external tenant configurations in Microsoft External ID](/entra/external-id/tenant-configurations).
+Currently, API Management supports external identity providers in Microsoft Entra External ID when configured in a Microsoft Entra ID *workforce tenant*. For example, if you're enabling access to the developer portal by users in your workforce tenant, such as the Contoso organization, you might want to configure Google or Facebook as an external identity provider so that these external users can also sign in using their accounts. [Learn more about workforce and external tenant configurations in Microsoft External ID](/entra/external-id/tenant-configurations).
 
 [!INCLUDE [api-management-developer-portal-entra-tenants.md](../../includes/api-management-developer-portal-entra-tenants.md)]