Merge pull request #300343 from habibaum/26May-tvm-doc-updates

TVM-doc-updates

Author: v-ccolin

articles/migrate/assessment-properties.md

@@ -26,5 +26,6 @@ This article explains the assessment properties on the **General** tab that you
 | |**Currency** | The billing currency for your account.| 
 | |**Discount (%)** | Any subscription-specific discounts you receive on top of the Azure offer. The default setting is 0%. | 
 | | **VM uptime** | The duration in days per month and hours per day for Azure VMs that won't run continuously. Cost estimates are based on that duration. The default values are 31 days per month and 24 hours per day. | 
-| | **Azure Hybrid Benefit**| Specifies whether you have software assurance and are eligible for [Azure Hybrid Benefit](https://azure.microsoft.com/pricing/hybrid-benefit/) to use your existing OS licenses. For Azure VM assessments, you can bring in both Windows and Linux licenses. If the setting is enabled, Azure prices for selected operating systems aren't considered for VM costing.  |
-|**Security** | **Security** | Specifies whether you want to assess readiness and cost for security tooling on Azure. If the setting has the default value **Yes, with Microsoft Defender for Cloud**, it assesses security readiness and costs for your Azure VM with Microsoft Defender for Cloud. | 
+| | **Azure Hybrid Benefit**| Specifies if you have software assurance and are eligible for [Azure Hybrid Benefit](https://azure.microsoft.com/pricing/hybrid-benefit/) to use your existing OS licenses. For Azure VM assessments, you can bring in both Windows and Linux licenses. If the setting is enabled, Azure prices for selected operating systems aren't considered for VM costing.  |
+|**Security** | **Security** | Specifies if you want to assess readiness and cost for security tooling on Azure. If the setting has the default value **Yes, with Microsoft Defender for Cloud**, it assesses security readiness and costs for your Azure VM with Microsoft Defender for Cloud. | 
+|**VM Security Type** | | Specifies is you want to verify readiness for **Trusted Launch Virtual Machines (TVMs)**, Standard Virtual Machines, or both. By default, readiness is verified for both. We recommend to migrate eligible VMs to **Trusted Launch**, as TVMs provide enhanced security features, such as secure boot and virtual TPM at no extra cost.| 

articles/migrate/media/tutorial-migrate-hyper-v/trusted-vm-migrate.png

@@ -152,4 +152,10 @@ For servers recommended for Azure VM, if they're ready to run Defender for Serve
 
 Costs are displayed in the currency specified in the assessment settings. 
 
-For each on-premises server, you can review if there are any data collection issues that might result in a low confidence score of the overall assessment.  
+For each on-premises server, you can review if there are any data collection issues that might result in a low confidence score of the overall assessment.  
+
+## VM Security type
+
+Azure Migrate determines each VM’s compatibility with **Trusted Launch Virtual Machine (TVM)** requirements and recommends a VM security type, Trusted Launch or Standard. It verifies the supported operating systems, generation type (Gen 2), boot and disk configuration, and other prerequisites defined by Azure for Trusted Launch. If a VM meets the requirements, Azure Migrate recommends **Trusted Launch** by default to provide enhanced security features, such as **secure boot, vTPM**, and integrity monitoring at no extra cost. If the VM doesn't meet the criteria, it is assigned a **Standard security type**, ensuring compatibility while maintaining migration readiness.
+
+For more information on requirements for Trusted Launch Virtual Machines. [Learn more](/azure/virtual-machines/trusted-launch).

articles/migrate/media/tutorial-migrate-physical-virtual-machines/migrate-vm.png

@@ -149,12 +149,16 @@ After discovery is finished, you can begin the replication of Hyper-V VMs to Azu
 1. In **Replicate** > **Source settings** > **Are your machines virtualized?**, select **Yes, with Hyper-V**. Then select **Next: Virtual machines**.
 
 1. In **Virtual machines**, select the machines you want to replicate.
+    - By default, it migrates eligible VMs as TVMs. These VMs provide enhanced security features such as secure boot and virtual TPM at no extra cost. We recommend using them wherever applicable.
+    
+    :::image type="content" source="./media/tutorial-migrate-hyper-v/trusted-vm-migrate.png" alt-text="Screenshot showing standard or trusted launch virtual machines.":::    
+
     - If you ran an assessment for the VMs, you can apply VM sizing and disk type (Premium v2, Ultra SSD, Standard SSD, Standard HDD, or Premium Managed disks) recommendations from the assessment results. To do this step, in **Import migration settings from an Azure Migrate assessment?**, select **Yes**.
     - You can choose to migrate the Standard SSD as a [ZRS Disk](/azure/virtual-machines/disks-deploy-zrs?tabs=portal).
     - If you didn't run an assessment, or you don't want to use the assessment settings, select **No**.
     - If you selected to use the assessment, select the VM group and assessment name.
 
-        ![Screenshot that shows the Select assessment screen.](./media/tutorial-migrate-hyper-v/select-assessment.png)
+    ![Screenshot that shows the Select assessment screen.](./media/tutorial-migrate-hyper-v/select-assessment.png)
 
 1. In **Virtual machines**, search for VMs as needed and check each VM you want to migrate. Then, select **Next: Target settings**.
 
@@ -179,6 +183,7 @@ After discovery is finished, you can begin the replication of Hyper-V VMs to Azu
     - **VM size**: If you're using assessment recommendations, the VM size dropdown list contains the recommended size. Otherwise, Azure Migrate and Modernize picks a size based on the closest match in the Azure subscription. Alternatively, pick a manual size in **Azure VM size**.
     - **OS disk**: Specify the OS (boot) disk for the VM. The OS disk is the disk that has the operating system bootloader and installer.
     - **Availability Set**: If the VM should be in an Azure availability set after migration, specify the set. The set must be in the target resource group you specify for the migration.
+    - **VM Security Type**: Azure Migrate recommends migrating eligible VMs to **Trusted Launch Virtual Machines (TVMs)** for enhanced security. By default, the **VM security type is set to Trusted Launch**. VMs that are not eligible for Trusted Launch are automatically configured as **standard security VMs**. 
 
 1. In **Disks**, specify the VM disks that need to be replicated to Azure. Then select **Next**.
     - You can exclude disks from replication.

articles/migrate/media/tutorial-migrate-physical-virtual-machines/select-vms-inline.png

@@ -369,9 +369,13 @@ Now, select machines for migration.
     :::image type="content" source="./media/tutorial-migrate-physical-virtual-machines/source-settings.png" alt-text="Screenshot that shows source settings.":::
 
 1. In **Virtual machines**, in **Import migration settings from an assessment?**, leave the default setting **No, I'll specify the migration settings manually**.
+1. By default, **VMs that are eligible for Trusted Launch are migrated as TVMs**. Trusted Launch VMs provide enhanced security features such as secure boot and virtual TPM at no additional cost. We recommend using them wherever applicable.
+
+    :::image type="content" source="./media/tutorial-migrate-physical-virtual-machines/select-vms-inline.png" alt-text="Screenshot that shows selecting VMs." lightbox="./media/tutorial-migrate-physical-virtual-machines/select-vms-inline.png":::
+
 1. Check each VM you want to migrate. Then select **Next: Target settings**.
 
-    :::image type="content" source="./media/tutorial-migrate-physical-virtual-machines/select-vms-inline.png" alt-text="Screenshot that shows selecting VMs." lightbox="./media/tutorial-migrate-physical-virtual-machines/select-vms-expanded.png":::
+    :::image type="content" source="./media/tutorial-migrate-physical-virtual-machines/migrate-vm.png" alt-text="Screenshot that shows migrating VMs." lightbox="./media/tutorial-migrate-physical-virtual-machines/migrate-vm.png":::
 
 1. In **Target settings**, select the subscription to which you'll migrate. (The region is set to your selection in the previous step and can't be modified.) Specify the resource group in which the Azure VMs will reside after migration.
 1. In **Virtual Network**, select the Azure virtual network/subnet to which the Azure VMs will be joined after migration.
@@ -405,7 +409,8 @@ Now, select machines for migration.
     - **VM size**: If you're using assessment recommendations, the VM size dropdown list shows the recommended size. Otherwise, Azure Migrate and Modernize picks a size based on the closest match in the Azure subscription. Alternatively, pick a manual size in **Azure VM size**.
     - **OS disk**: Specify the OS (boot) disk for the VM. The OS disk is the disk that has the operating system bootloader and installer.
     - **Availability Zone**: Specify the availability zone to use.
-    - **Availability Set**: Specify the availability set to use.
+    - **Availability Set**: Specify the availability set to use. 
+    - **VM Security Type**: Azure Migrate recommends migrating eligible VMs to **Trusted Launch Virtual Machines (TVMs)** for enhanced security. By default, the **VM security type is set to Trusted Launch**. VMs that are not eligible for Trusted Launch are automatically configured as **standard security VMs**. 
 
 1. In **Disks**, specify whether the VM disks should be replicated to Azure. Select the disk type (standard SSD/HDD or premium managed disks) in Azure. Then select **Next**.
     - You can exclude disks from replication.

articles/migrate/media/tutorial-migrate-vmware/target-vm-security-type.png

@@ -73,9 +73,11 @@ Enable replication as follows:
 
     :::image type="content" source="./media/tutorial-migrate-vmware/source-settings.png" alt-text="Screenshot on source settings.":::
 
-4. In **Virtual machines**, select the machines you want to replicate. To apply VM sizing and disk type from an assessment if you've run one, in **Import migration settings from an Azure Migrate assessment?**, select **Yes**, and select the VM group and assessment name. If you aren't using assessment settings, select **No**.
+4. In **Virtual machines**, select the machines you want to replicate. If you want to use VM sizing and disk type from an assessment select **Yes** under **Import migration settings from an Azure Migrate assessment?**, and then select the VM group and assessment name. If you don't use assessment settings, select **No**. Azure Migrate supports migration to Trusted Launch Virtual Machines (TVMs). By default, it migrates eligible VMs as TVMs. These VMs provide enhanced security features such as secure boot and virtual TPM at no extra cost. We recommend using them wherever applicable.
 
-    :::image type="content" source="./media/tutorial-migrate-vmware/select-assessment.png" alt-text="Screenshot on selecting assessment."::: 
+    :::image type="content" source="./media/tutorial-migrate-vmware/target-vm-security-type.png" alt-text="Screenshot shows the trusted virtual machines." lightbox="./media/tutorial-migrate-vmware/target-vm-security-type.png":::
+    
+    :::image type="content" source="./media/tutorial-migrate-vmware/select-assessment.png" alt-text="Screenshot on selecting assessment.":::  
 
 5. In **Virtual machines**, select VMs you want to migrate. Then select **Next: Target settings**.