diff --git a/.github/workflows/azure-preview-env-deploy.yml b/.github/workflows/azure-preview-env-deploy.yml
index a2c0b5a9803e..f5cfb866e9b8 100644
--- a/.github/workflows/azure-preview-env-deploy.yml
+++ b/.github/workflows/azure-preview-env-deploy.yml
@@ -198,6 +198,8 @@ jobs:
             dockerRegistryUrl="${{ secrets.NONPROD_REGISTRY_SERVER }}"
             dockerRegistryUsername="${{ secrets.NONPROD_REGISTRY_USERNAME }}"
             dockerRegistryPassword="${{ secrets.NONPROD_REGISTRY_PASSWORD }}"
+            storageAccountName="${{ secrets.AZURE_STORAGE_ACCOUNT_NAME }}"
+            storageAccountKey="${{ secrets.AZURE_STORAGE_ACCOUNT_KEY }}"
           # this shows warnings in the github actions console, because the flag is passed through a validation run,
           # but it *is* functional during the actual execution
           additionalArguments: --no-wait
diff --git a/assets/images/enterprise/3.2/repository/secret-scanning-create-custom-pattern.png b/assets/images/enterprise/3.2/repository/secret-scanning-create-custom-pattern.png
new file mode 100644
index 000000000000..c92015c8d240
Binary files /dev/null and b/assets/images/enterprise/3.2/repository/secret-scanning-create-custom-pattern.png differ
diff --git a/assets/images/help/repository/secret-scanning-create-custom-pattern.png b/assets/images/help/repository/secret-scanning-create-custom-pattern.png
index c92015c8d240..16f4801f13dc 100644
Binary files a/assets/images/help/repository/secret-scanning-create-custom-pattern.png and b/assets/images/help/repository/secret-scanning-create-custom-pattern.png differ
diff --git a/assets/images/help/repository/secret-scanning-publish-pattern.png b/assets/images/help/repository/secret-scanning-publish-pattern.png
new file mode 100644
index 000000000000..281f05edc105
Binary files /dev/null and b/assets/images/help/repository/secret-scanning-publish-pattern.png differ
diff --git a/azure-preview-env-template.json b/azure-preview-env-template.json
index ca9eb90a56aa..82667ab87b94 100644
--- a/azure-preview-env-template.json
+++ b/azure-preview-env-template.json
@@ -32,6 +32,12 @@
     },
     "dockerRegistryPassword": {
       "type": "SecureString"
+    },
+    "storageAccountName": {
+      "type": "String"
+    },
+    "storageAccountKey": {
+      "type": "SecureString"
     }
   },
   "resources": [
@@ -109,12 +115,8 @@
               },
               "volumeMounts": [
                 {
-                  "name": "data",
+                  "name": "caddy-data",
                   "mountPath": "/data"
-                },
-                {
-                  "name": "config",
-                  "mountPath": "/config"
                 }
               ]
             }
@@ -122,12 +124,12 @@
         ],
         "volumes": [
           {
-            "name": "data",
-            "emptyDir": {}
-          },
-          {
-            "name": "config",
-            "emptyDir": {}
+            "name": "caddy-data",
+            "azureFile": {
+                "shareName": "caddy",
+                "storageAccountName": "[parameters('storageAccountName')]",
+                "storageAccountKey": "[parameters('storageAccountKey')]"
+            }
           }
         ],
         "imageRegistryCredentials": [
diff --git a/content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md b/content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md
index 947533b214bf..6e7ae7a841ae 100644
--- a/content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md
+++ b/content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md
@@ -67,7 +67,14 @@ Before defining a custom pattern, you must ensure that {% data variables.product
 {% data reusables.repositories.navigate-to-security-and-analysis %}
 {% data reusables.repositories.navigate-to-ghas-settings %}
 {% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
-{% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
+{% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5499 %}
+1. When you're ready to test your new custom pattern, to identify matches in the repository without creating alerts, click **Save and dry run**.
+1. When the dry run finishes, you'll see a sample of results (up to 1000) from the repository. Review the results and identify any false positive results.
+   ![Screenshot showing results from dry run](/assets/images/help/repository/secret-scanning-publish-pattern.png)
+1. Edit the new custom pattern to fix any problems with the results, then click **Save and dry run** to test your changes.
+{% indented_data_reference reusables.secret-scanning.beta-dry-runs spaces=3 %}
+{% endif %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 
 After your pattern is created, {% data reusables.secret-scanning.secret-scanning-process %} For more information on viewing {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 
@@ -116,6 +123,7 @@ Before defining a custom pattern, you must ensure that you enable {% data variab
 {% data reusables.repositories.navigate-to-ghas-settings %}
 {% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
 {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 
 After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in {% ifversion fpt or ghec %}private{% endif %} repositories in your organization, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found, and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 
@@ -139,6 +147,7 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
 {% data reusables.enterprise-accounts.advanced-security-security-features %}
 1. Under "Secret scanning custom patterns", click {% ifversion ghes = 3.2 %}**New custom pattern**{% else %}**New pattern**{% endif %}.
 {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 
 After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in {% ifversion fpt or ghec %}private{% endif %} repositories within your enterprise's organizations with {% data variables.product.prodname_GH_advanced_security %} enabled, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found, and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 
diff --git a/data/reusables/advanced-security/secret-scanning-add-custom-pattern-details.md b/data/reusables/advanced-security/secret-scanning-add-custom-pattern-details.md
index 708257ab9edc..43018f4392ce 100644
--- a/data/reusables/advanced-security/secret-scanning-add-custom-pattern-details.md
+++ b/data/reusables/advanced-security/secret-scanning-add-custom-pattern-details.md
@@ -2,6 +2,8 @@
    1. You must at least provide the name for your pattern, and a regular expression for the format of your secret pattern.
    1. You can click **More options {% octicon "chevron-down" aria-label="down" %}** to provide other surrounding content or additional match requirements for the secret format.
    1. Provide a sample test string to make sure your configuration is matching the patterns you expect.
-
+   {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5499 %}
    ![Create a custom {% data variables.product.prodname_secret_scanning %} pattern form](/assets/images/help/repository/secret-scanning-create-custom-pattern.png)
-1. When you are satisfied with your new custom pattern, click {% ifversion fpt or ghes > 3.2 or ghae or ghec %}**Create pattern**{% elsif ghes = 3.2 %}**Create custom pattern**{% endif %}.
+   {% else %}
+   ![Create a custom {% data variables.product.prodname_secret_scanning %} pattern form](/assets/images/enterprise/3.2/repository/secret-scanning-create-custom-pattern.png)
+   {% endif %}
diff --git a/data/reusables/advanced-security/secret-scanning-create-custom-pattern.md b/data/reusables/advanced-security/secret-scanning-create-custom-pattern.md
new file mode 100644
index 000000000000..8f4453f9fcd3
--- /dev/null
+++ b/data/reusables/advanced-security/secret-scanning-create-custom-pattern.md
@@ -0,0 +1 @@
+1. When you're satisfied with your new custom pattern, click {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5499 %}**Publish pattern**{% elsif  ghes > 3.2 or ghae %}**Create pattern**{% elsif ghes = 3.2 %}**Create custom pattern**{% endif %}.
diff --git a/data/reusables/secret-scanning/beta-dry-runs.md b/data/reusables/secret-scanning/beta-dry-runs.md
new file mode 100644
index 000000000000..2d3121b0cdc3
--- /dev/null
+++ b/data/reusables/secret-scanning/beta-dry-runs.md
@@ -0,0 +1,6 @@
+
+{% note %}
+
+**Note:** The dry run feature is currently in beta and subject to change.
+
+{% endnote %}