Add note to prevent misleading in use-trusted-launch.md

JoeyC-Dev · web-flow · commit 231b15c027d3 · 2024-03-26T17:46:40.000+08:00
diff --git a/articles/aks/use-trusted-launch.md b/articles/aks/use-trusted-launch.md
@@ -142,7 +142,10 @@ Update a node pool with trusted launch enabled using the [az aks nodepool update
    * **--enable-vtpm**: Enables vTPM and performs attestation by measuring the entire boot chain of your VM.
 
 > [!NOTE]
-> The existing nodepool must be using a trusted launch image in order to enable on an existing node pool. By default, creating a node pool with a TL-compatible configuration and the feature flag registered results in a trusted launch image. Without specifying `--enable-vtpm` or `--enable-secure-boot` parameters, they are disabled by default and you can enable later using `az aks nodepool update` command.
+> The existing nodepool must be using a trusted launch image in order to enable on an existing node pool. Hence, for the nodepools created before registering the `TrustedLaunchPreview` feature, you cannot update them with trusted launch enabled.
+> 
+> By default, creating a node pool with a TL-compatible configuration and the feature flag registered results in a trusted launch image. Without specifying `--enable-vtpm` or `--enable-secure-boot` parameters, they are disabled by default and you can enable later using `az aks nodepool update` command.
+
 
 > [!NOTE]
 > Secure Boot requires signed boot loaders, OS kernels, and drivers. If after enabling Secure Boot your nodes don't start, you can verify which boot components are responsible for Secure Boot failures within an Azure Linux Virtual Machine. See [verify Secure Boot failures][verify-secure-boot-failures].
