Updated.

Author: MaryMichael-MS

articles/migrate/common-questions-appliance.md

@@ -165,6 +165,25 @@ Azure Migrate will encrypt the communication between Azure Migrate appliance and
 
 If no certificate has been provisioned on the server when it starts up, SQL Server generates a self-signed certificate that is used to encrypt login packets. [Learn more](/sql/database-engine/configure-windows/enable-encrypted-connections-to-the-database-engine).
 
+## How do I extend the validity of Azure Migrate Appliance AD application certificate that’s nearing expiry?
+
+For a newly created Migrate appliance, the default expiry period for the associated AD APP (Entra Application) will be one year.  To extend the validity of the Azure AD app, follow these steps:
+
+1. On the appliance VM, open an elevated privileged PowerShell Command Prompt.
+1. Navigate to the Config Manager installation folder: 
+
+    ```cd C:\’Program Files’\’Microsoft Azure Appliance Configuration Manager’\Scripts\PowerShell\AzureMigrateCertificateRotation ```
+
+1. Execute the following script to rotate the AAD app certificate and extend its validity for an additional 6 months:
+
+    ```PS C:\Program Files\Microsoft Azure Appliance Configuration Manager\Scripts\PowerShell\AzureMigrateCertificateRotation>.\AzureMigrateRotateCertificate.ps1```
+
+1. If you want to further extend the validity, provide the numberOfMonths as a parameter to the script. For example, to extend by 12 months:
+
+    ```PS C:\Program Files\Microsoft Azure Appliance Configuration Manager\Scripts\PowerShell\AzureMigrateCertificateRotation>.\AzureMigrateRotateCertificate.ps1 12``` 
+
+    ```C:\’Program Files’\’Microsoft Azure Appliance Configuration Manager’\Scripts\PowerShell\AzureMigrateCertificateRotation```
+
 ## Next steps
 
 Read the [Azure Migrate overview](migrate-services-overview.md).

articles/migrate/migrate-support-matrix-physical.md

@@ -41,7 +41,10 @@ Assessment | You can add up to 35,000 servers in a single group.<br/><br/> You c
 
 ## Permissions for Windows servers
 
-For Windows servers, use a domain account for domain-joined servers and a local account for servers that aren't domain joined. You can create the user account in one of the following two ways.
+- For Windows servers, use a domain account for domain-joined servers and a local account for servers that aren't domain joined.
+- For physical discovery, specify the username in Down level format (domain\username) and UPN format ([email protected]) is not supported.
+
+You can create the user account in one of the following two ways.
 
 ### Option 1
 

articles/migrate/migrate-support-matrix-vmware-migration.md

@@ -36,15 +36,24 @@ This section summarizes requirements for agentless VMware vSphere VM migration t
 
 ### VMware vSphere requirements (agentless)
 
-The table summarizes VMware vSphere hypervisor requirements.
-
-**VMware** | **Details**
---- | ---
-**VMware vCenter Server** | Version 5.5, 6.0, 6.5, 6.7, 7.0, 8.0.
-**VMware vSphere ESXi host** | Version 5.5, 6.0, 6.5, 6.7, 7.0, 8.0.
-**vCenter Server permissions** | Agentless migration uses the [Migrate Appliance](migrate-appliance.md). The appliance needs these permissions in vCenter Server:<br/><br/> - **Datastore.Browse** (Datastore -> Browse datastore): Allow browsing of VM log files to troubleshoot snapshot creation and deletion.<br/><br/> - **Datastore.FileManagement** (Datastore -> Low level file operations): Allow read/write/delete/rename operations in the datastore browser, to troubleshoot snapshot creation and deletion.<br/><br/> - **VirtualMachine.Config.ChangeTracking** (Virtual machine -> Disk change tracking): Allow enable or disable change tracking of VM disks, to pull changed blocks of data between snapshots.<br/><br/> - **VirtualMachine.Config.DiskLease** (Virtual machine -> Disk lease): Allow disk lease operations for a VM, to read the disk using the VMware vSphere Virtual Disk Development Kit (VDDK).<br/><br/> - **VirtualMachine.Provisioning.DiskRandomRead** (Virtual machine -> Provisioning -> Allow read-only disk access): Allow opening a disk on a VM, to read the disk using the VDDK.<br/><br/> - **VirtualMachine.Provisioning.DiskRandomAccess** (Virtual machine -> Provisioning -> Allow disk access): Allow opening a disk on a VM, to read the disk using the VDDK.<br/><br/> - **VirtualMachine.Provisioning.GetVmFiles** (Virtual machine -> Provisioning -> Allow virtual machine download): Allows read operations on files associated with a VM, to download the logs and troubleshoot if failure occurs.<br/><br/> - **VirtualMachine.State.\*** (Virtual machine -> Snapshot management): Allow creation and management of VM snapshots for replication.<br/><br/> - **VirtualMachine.GuestOperations.\*** (Virtual machine -> Guest operations): Allow Discovery, Software Inventory, and Dependency Mapping on VMs.<br/><br/> -**VirtualMachine.Interact.PowerOff** (Virtual machine > Interaction > Power off): Allow the VM to be powered off during migration to Azure.
-**Multiple vCenter Servers** | A single appliance can connect to up to 10 vCenter Servers.
-
+The VMware vSphere hypervisor requirements are:
+- **VMware vCenter Server** - Version 5.5, 6.0, 6.5, 6.7, 7.0, 8.0.
+- **VMware vSphere ESXi host** - Version 5.5, 6.0, 6.5, 6.7, 7.0, 8.0.
+- **Multiple vCenter Servers** - A single appliance can connect to up to 10 vCenter Servers.
+- **vCenter Server permissions** - Agentless migration uses the [Migrate Appliance](migrate-appliance.md). The appliance needs these permissions in vCenter Server:
+
+    **Privilege Name in the vSphere Client** | **The purpose for the privilege** | **Required On** | **Privilege Name in the API**
+    --- | --- | --- | --- 
+    **Browse datastore** | Allow browsing of VM log files to troubleshoot snapshot creation and deletion. | Data stores | Datastore.Browse
+    **Low level file operations** | Allow read/write/delete/rename operations in the datastore browser, to troubleshoot snapshot creation and deletion. | Data stores | Datastore.FileManagement
+    **Change Configuration** - Toggle disk change tracking | Allow enable or disable change tracking of VM disks, to pull changed blocks of data between snapshots. | Virtual machines | VirtualMachine.Config.ChangeTracking
+    **Change Configuration** - Acquire disk lease | Allow disk lease operations for a VM, to read the disk using the VMware vSphere Virtual Disk Development Kit (VDDK). | Virtual machines | VirtualMachine.Config.DiskLease
+    **Provisioning** - Allow read-only disk access | Allow read-only disk access: Allow opening a disk on a VM, to read the disk using the VDDK. | Virtual machines | VirtualMachine.Provisioning.DiskRandomRead
+    **Provisioning** - Allow disk access | Allow opening a disk on a VM, to read the disk using the VDDK. | Virtual machines | VirtualMachine.Provisioning.DiskRandomAccess
+    **Provisioning** - Allow virtual machine download | Allow virtual machine download: Allows read operations on files associated with a VM, to download the logs and troubleshoot if failure occurs. | Root host or vCenter Server | VirtualMachine.Provisioning.GetVmFiles
+    **Snapshot management** | Allow Discovery, Software Inventory, and Dependency Mapping on VMs. | Virtual machines | VirtualMachine.State.*
+    **Guest operations** | Allow creation and management of VM snapshots for replication. | Virtual machines | VirtualMachine.GuestOperations.*
+    **Interaction Power Off** | Allow the VM to be powered off during migration to Azure. | Virtual machines | VirtualMachine.Interact.PowerOff
 
 ### VM requirements (agentless)
 

articles/migrate/tutorial-discover-physical.md

@@ -79,7 +79,10 @@ If you just created a free Azure account, you're the owner of your subscription.
 
 ## Prepare Windows server
 
-For Windows servers, use a domain account for domain-joined servers, and a local account for servers that aren't domain-joined. The user account can be created in one of the two ways:
+- For Windows servers, use a domain account for domain-joined servers, and a local account for servers that aren't domain-joined.
+- For physical discovery, specify the username in Down level format (domain\username) and UPN format ([email protected]) is not supported. 
+
+The user account can be created in one of the two ways:
 
 ### Option 1