Added Azure China information

rpsqrd · rpsqrd · commit 12690ab59ed7 · 2022-07-26T15:16:42.000-04:00
diff --git a/articles/azure-arc/servers/agent-release-notes.md b/articles/azure-arc/servers/agent-release-notes.md
@@ -2,7 +2,7 @@
 title: What's new with Azure Arc-enabled servers agent
 description: This article has release notes for Azure Arc-enabled servers agent. For many of the summarized issues, there are links to more details.
 ms.topic: overview
-ms.date: 07/05/2022
+ms.date: 07/26/2022
 ms.custom: references_regions
 ---
 
@@ -24,6 +24,7 @@ This page is updated monthly, so revisit it regularly. If you're looking for ite
 
 ### New features
 
+- Added support for connecting the agent to the Azure China cloud
 - Added support for Debian 10
 - Updates to the [instance metadata](agent-overview.md#instance-metadata) collected on each machine:
   - GCP VM OS is no longer collected
diff --git a/articles/azure-arc/servers/network-requirements.md b/articles/azure-arc/servers/network-requirements.md
@@ -1,7 +1,7 @@
 ---
 title: Connected Machine agent network requirements
 description: Learn about the networking requirements for using the Connected Machine agent for Azure Arc-enabled servers.
-ms.date: 06/09/2022
+ms.date: 07/26/2022
 ms.topic: conceptual 
 ---
 
@@ -73,6 +73,28 @@ The table below lists the URLs that must be available in order to install and us
 |`*.blob.core.usgovcloudapi.net`|Download source for Azure Arc-enabled servers extensions|Always, except when using private endpoints| Not used when private link is configured |
 |`dc.applicationinsights.us`|Agent telemetry|Optional| Public |
 
+# [Azure China](#tab/azure-china)
+
+> [!NOTE]
+> Private link is not available for Azure Arc-enabled servers in Azure China regions.
+
+| Agent resource | Description | When required|
+|---------|---------|--------|
+|`aka.ms`|Used to resolve the download script during installation|At installation time, only|
+|`download.microsoft.com`|Used to download the Windows installation package|At installation time, only|
+|`packages.microsoft.com`|Used to download the Linux installation package|At installation time, only|
+|`login.chinacloudapi.cn`|Azure Active Directory|Always|
+|`login.partner.chinacloudapi.cn`|Azure Active Directory|Always|
+|`pas.chinacloudapi.cn`|Azure Active Directory|Always|
+|`management.chinacloudapi.cn`|Azure Resource Manager - to create or delete the Arc server resource|When connecting or disconnecting a server, only|
+|`*.his.arc.azure.cn`|Metadata and hybrid identity services|Always|
+|`*.guestconfiguration.azure.cn`| Extension management and guest configuration services |Always|
+|`guestnotificationservice.azure.cn`, `*.guestnotificationservice.azure.cn`|Notification service for extension and connectivity scenarios|Always|
+|`azgn*.servicebus.chinacloudapi.cn`|Notification service for extension and connectivity scenarios|Always|
+|`*.servicebus.chinacloudapi.cn`|For Windows Admin Center and SSH scenarios|If using SSH or Windows Admin Center from Azure|
+|`*.blob.core.chinacloudapi.cn`|Download source for Azure Arc-enabled servers extensions|Always, except when using private endpoints|
+|`dc.applicationinsights.azure.cn`|Agent telemetry|Optional|
+
 ## Transport Layer Security 1.2 protocol
 
 To ensure the security of data in transit to Azure, we strongly encourage you to configure machine to use Transport Layer Security (TLS) 1.2. Older versions of TLS/Secure Sockets Layer (SSL) have been found to be vulnerable and while they still currently work to allow backwards compatibility, they are **not recommended**.
diff --git a/articles/azure-arc/servers/private-link-security.md b/articles/azure-arc/servers/private-link-security.md
@@ -2,7 +2,7 @@
 title: Use Azure Private Link to securely connect servers to Azure Arc
 description: Learn how to use Azure Private Link to securely connect networks to Azure Arc.
 ms.topic: conceptual
-ms.date: 05/04/2022
+ms.date: 07/26/2022
 ---
 
 # Use Azure Private Link to securely connect servers to Azure Arc
@@ -59,6 +59,7 @@ The Azure Arc-enabled servers Private Link Scope object has a number of limits y
 - The Azure Arc-enabled server and Azure Arc Private Link Scope must be in the same Azure region. The Private Endpoint and the virtual network must also be in the same Azure region, but this region can be different from that of your Azure Arc Private Link Scope and Arc-enabled server.
 - Network traffic to Azure Active Directory and Azure Resource Manager does not traverse the Azure Arc Private Link Scope and will continue to use your default network route to the internet. You can optionally [configure a resource management private link](../../azure-resource-manager/management/create-private-link-access-portal.md) to send Azure Resource Manager traffic to a private endpoint.
 - Other Azure services that you will use, for example Azure Monitor, requires their own private endpoints in your virtual network.
+- Private link for Azure Arc-enabled servers is not currently available in Azure China
 
 ## Planning your Private Link setup
 
