Merge pull request #178128 from nwashburn-ms/niwashbu-10-21

Automanage for Windows Server edits for Ignite

Author: denrea

articles/automanage/TOC.yml

@@ -13,10 +13,12 @@
   - name: Automanage for Windows Server
     href: automanage-windows-server.md
     items:
-      - name: Automanage for Windows Server Services (preview)
+      - name: Automanage for Windows Server services
         href: automanage-windows-server-services-overview.md
       - name: Hotpatch for new virtual machines
         href: automanage-hotpatch.md
+      - name: SMB over QUIC
+        href: automanage-smb-over-quic.md
   - name: Automanage for Azure Arc-enabled servers
     href: automanage-arc.md
 - name: How to

articles/automanage/automanage-hotpatch.md

@@ -14,13 +14,10 @@ ms.custom: devx-track-azurepowershell
 # Hotpatch for new virtual machines (Preview)
 
 > [!IMPORTANT]
-> Automanage for Windows Server Services is currently in Public Preview. An opt-in procedure is needed to use the Hotpatch capability described below.
-> This preview version is provided without a service level agreement, and is not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
+> Hotpatch is currently in Public Preview. An opt-in procedure is needed to use the Hotpatch capability described below.
+> This preview is provided without a service level agreement, and is not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
 > For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
-> [!NOTE]
-> Hotpatch can be evaluated on _Windows Server 2022 Datacenter: Azure Edition (Core) Preview_.  Hotpatch on _Windows Server 2019 Datacenter: Azure Edition Preview_ is no longer available to evaluate.
-
 Hotpatching is a new way to install updates on supported _Windows Server Azure Edition_ virtual machines (VMs) that doesn’t require a reboot after installation. This article covers information about Hotpatch for supported _Windows Server Azure Edition_ VMs, which has the following benefits:
 * Lower workload impact with less reboots
 * Faster deployment of updates as the packages are smaller, install faster, and have easier patch orchestration with Azure Update Manager
@@ -44,18 +41,19 @@ Hotpatch is available in all global Azure regions in preview. Azure Government r
 ## How to get started
 
 > [!NOTE]
-> During the preview phase you can get started in the Azure portal using [this link](https://aka.ms/AutomanageWindowsServerPreview).
+> During the preview phase you can get started in the Azure portal using [this link](https://aka.ms/ws2022ae-portal-preview).
 
 To start using Hotpatch on a new VM, follow these steps:
 1.  Enable preview access
     * One-time preview access enablement is required per subscription.
-    * Preview access can be enabled through API, PowerShell, or CLI as described in the following section.
-1.  Create a VM from the Azure portal
-    * During the preview, you'll need to get started using [this link](https://aka.ms/AutomanageWindowsServerPreview).
-1.  Supply VM details
-    * Ensure that the supported _Windows Server Azure Edition_ image that you would like to use is selected in the Image dropdown.  Supported images are listed at the top of this article.
-    * On the Management tab step, scroll down to the ‘Guest OS updates’ section. You'll see Hotpatching set to On and Patch installation defaulted to Azure-orchestrated patching.
-    * Automanage VM Best Practices will be enabled by default
+    * Preview access can be enabled through API, PowerShell, or CLI as described in the 'Enabling preview access' section below.
+1.  Start creating a new VM from the Azure portal
+    * During the preview, you'll need to get started using [this link](https://aka.ms/ws2022ae-portal-preview).
+1.  Supply  details during VM creation
+    * Ensure that a supported _Windows Server Azure Edition_ image is selected in the Image dropdown.  Use [this guide](automanage-windows-server-services-overview.md#getting-started-with-windows-server-azure-edition) to determine which images are supported.
+    * On the Management tab under section ‘Guest OS updates’, select the checkbox for 'Enable hotpatch' to evaluate hotpatch while in preview.  Patch orchestration options will be set to 'Azure-orchestrated'. 
+    * On the Management tab under section 'Azure Automanage', select 'Dev/Test' or 'Production' for 'Azure Automanage environment' to evaluate Automanage machine best practices while in preview.
+    
 1. Create your new VM
 
 ## Enabling preview access
@@ -229,5 +227,6 @@ There are some important considerations to running a supported _Windows Server A
 
 ## Next steps
 
-* Learn about Azure Update Management [here](../automation/update-management/overview.md).
-* Learn more about Automatic VM Guest Patching [here](../virtual-machines/automatic-vm-guest-patching.md)
+* Learn about [Azure Update Management](../automation/update-management/overview.md)
+* Learn more about [Automatic VM Guest Patching](../virtual-machines/automatic-vm-guest-patching.md)
+* Learn more about [Automanage for Windows Server](automanage-windows-server-services-overview.md)

articles/automanage/automanage-smb-over-quic.md

@@ -0,0 +1,57 @@
+---
+title: SMB over QUIC with Azure Automanage machine best practices
+description: Overview of managing SMB over QUIC with Azure Automanage machine best practices 
+author: daniellee-microsoft
+ms.service: virtual-machines
+ms.subservice: automanage
+ms.workload: infrastructure
+ms.topic: conceptual
+ms.date: 11/1/2021
+ms.author: jol 
+---
+
+# SMB over QUIC with Automanage machine best practices
+
+SMB over QUIC offers an "SMB VPN" for telecommuters, mobile device users, and branch offices, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. To learn more about SMB over QUIC and how to configure SMB over QUIC, see [SMB over QUIC](https://aka.ms/smboverquic).
+
+Additionally, SMB over QUIC is integrated with Automanage machine best practices to help make SMB over QUIC management easier. QUIC uses certificates to provide its encryption and organizations often struggle to maintain complex public key infrastructures. Automanage machine best practices ensures that certificates do not expire without warning and that SMB over QUIC stays enabled for maximum continuity of service.
+
+## How to get started
+
+> [!NOTE]
+> For prerequisites on using Automanage machine best practices, see [Enable on VMs in the Azure portal](quick-create-virtual-machines-portal.md). 
+
+> [!NOTE]
+> During the preview phase, you can get started in the Azure portal using [this link](https://aka.ms/automanage-ws-portal-preview).
+
+## Enable Automanage best practices when creating a new VM
+
+To enable Automanage machine best practices for SMB over QUIC on a VM, follow these steps:
+
+1. Sign in to the Azure portal using the preview link above.
+2. Create an Azure VM with the _Windows Server 2022 Datacenter: Azure Edition_ image to get the Automanage for Windows Server capabilities, including SMB over QUIC.
+3. In the **Management** tab, for the Azure Automanage Environment setting, either choose **Dev/Test** or **Production** to enable Automanage machine best practices.
+
+:::image type="content" source="media\automanage-smb-over-quic\create-vm-automanage-setting.png" alt-text="Enable Automanage when creating a VM.":::
+
+4. Configure any additional settings as needed and create the VM.
+
+## Enable Automanage best practices on existing VMs
+
+You can also enable Automanage machine best practices for a VM you have previously created. Note that the VM must have been created with the _Windows Server 2022 Datacenter: Azure Edition_ image to get the Automanage for Windows Server capabilities, including SMB over QUIC.
+
+1. Navigate to the VM you have previously created.
+2. Select the Automanage menu, choose either the **Dev/Test** or **Production** environment, then click **Enable**.
+
+:::image type="content" source="media\automanage-smb-over-quic\vm-enable-automanage.png" alt-text="Enable Automanage for an existing VM.":::
+
+## Viewing Automanage best practice compliance
+
+It may take a couple of hours for machine best practices to be configured and then the best practice policies to be assigned and assessed on the VM. Once it is complete, you will see the SMB over QUIC policies and their status as shown below. These policies will continuously be assessed automatically to ensure SMB over QUIC is configured properly and that the certificates used are valid and healthy.
+
+:::image type="content" source="media\automanage-smb-over-quic\vm-automanage-configured.png" alt-text="View SMB over QUIC policies for a VM.":::
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Learn more about SMB over QUIC](https://aka.ms/smboverquic)

articles/automanage/automanage-windows-server-services-overview.md

@@ -1,6 +1,6 @@
 ---
-title: Automanage for Windows Server Services (preview)
-description: Overview of Automanage for Windows Server Services and capabilities with Windows Server Azure Edition 
+title: Automanage for Windows Server 
+description: Overview of Azure Automanage for Windows Server capabilities with Windows Server Azure Edition 
 author: nwashburn-ms
 ms.service: virtual-machines
 ms.subservice: automanage
@@ -10,21 +10,18 @@ ms.date: 07/09/2021
 ms.author: niwashbu 
 ---
 
-# Automanage for Windows Server Services (preview)
+# Azure Automanage for Windows Server
 
-Automanage for Windows Server Services brings new capabilities specifically to _Windows Server Azure Edition_.  These capabilities include:
-- Hotpatch
+Azure Automanage for Windows Server brings new capabilities specifically to _Windows Server Azure Edition_.  These capabilities include:
+- Hotpatch (preview)
 - SMB over QUIC
-- Extended Network
+- Extended network for Azure
 
 > [!IMPORTANT]
-> Automanage for Windows Server Services is currently in Public Preview. An opt-in procedure is needed to use the Hotpatch capability described below.
-> This preview version is provided without a service level agreement, and is not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
+> Hotpatch is currently in Public Preview. An opt-in procedure is needed to use the Hotpatch capability described below.
+> This preview is provided without a service level agreement, and is not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
 > For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
-> [!NOTE]
-> Hotpatch can be evaluated on _Windows Server 2022 Datacenter: Azure Edition (Core) Preview_.  Hotpatch on _Windows Server 2019 Datacenter: Azure Edition Preview_ is no longer available to evaluate.
-
 Automanage for Windows Server capabilities can be found in one or more of these _Windows Server Azure Edition_ images: 
 
 - Windows Server 2022 Datacenter: Azure Edition (Desktop Experience)
@@ -34,7 +31,7 @@ Capabilities vary by image, see [getting started](#getting-started-with-windows-
 
 ## Automanage for Windows Server capabilities
 
-### Hotpatch
+### Hotpatch (preview)
 
 Hotpatch is available in public preview on the following images:
 
@@ -49,11 +46,16 @@ SMB over QUIC is available in public preview on the following images:
 - Windows Server 2022 Datacenter: Azure Edition (Desktop experience)
 - Windows Server 2022 Datacenter: Azure Edition (Core)
 
-SMB over QUIC enables users to access files when working remotely without a VPN, by tunneling SMB traffic over the QUIC protocol.  To learn more, see [SMB over QUIC](/windows-server/storage/file-server/smb-over-quic).  
+SMB over QUIC offers an "SMB VPN" for telecommuters, mobile device users, and branch offices, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. [QUIC](https://datatracker.ietf.org/doc/rfc9000/) is an IETF-standardized protocol used in HTTP/3, designed for maximum data protection with TLS 1.3 and requires encryption that cannot be disabled. SMB behaves normally within the QUIC tunnel, meaning the user experience doesn't change. SMB features like multichannel, signing, compression, continuous availability, and directory leasing work normally. 
+
+SMB over QUIC is also integrated with [Automanage machine best practices for Windows Server](automanage-windows-server.md) to help make SMB over QUIC management easier. QUIC uses certificates to provide its encryption and organizations often struggle to maintain complex public key infrastructures. Automanage machine best practices ensure that certificates do not expire without warning and that SMB over QUIC stays enabled for maximum continuity of service.
+
+To learn more, see [SMB over QUIC](https://aka.ms/smboverquic) and [SMB over QUIC management with Automanage machine best practices](automanage-smb-over-quic.md).
+ 
 
-### Azure Extended Network
+### Extended network for Azure
 
-Azure Extended Network is available in public preview on the following images:
+Extended Network for Azure is available on the following images:
 
 - Windows Server 2022 Datacenter: Azure Edition (Desktop experience)
 - Windows Server 2022 Datacenter: Azure Edition (Core)
@@ -69,12 +71,15 @@ It's important to consider up front, which Automanage for Windows Server capabil
 
 |Image|Capabilities|
 |--|--|
-|Windows Server 2022  Datacenter: Azure Edition (Desktop experience) | SMB over QUIC, Extended Network | 
-| Windows Server 2022 Datacenter: Azure Edition (Core) | Hotpatch, SMB over QUIC, Extended Network | 
+|Windows Server 2022  Datacenter: Azure Edition (Desktop experience) | SMB over QUIC, Extended network for Azure | 
+| Windows Server 2022 Datacenter: Azure Edition (Core) | Hotpatch, SMB over QUIC, Extended network for Azure | 
 
 ### Creating a VM
 
-To start using Automanage for Windows Server capabilities on a new VM, use your preferred method to create an Azure VM, and select the _Windows Server Azure Edition_ image that corresponds to the set of [capabilities](#getting-started-with-windows-server-azure-edition) that you would like to use.  Configuration of those capabilities may be needed during VM creation. You can learn more about VM configuration in the individual capability topics (such as [Hotpatch](automanage-hotpatch.md)).
+To start using Automanage for Windows Server capabilities on a new VM, use your preferred method to create an Azure VM, and select the _Windows Server Azure Edition_ image that corresponds to the set of [capabilities](#getting-started-with-windows-server-azure-edition) that you would like to use.  
+
+> [!IMPORTANT]
+> Some capabilities have specific configuration steps to perform during VM creation, and some capabilities that are in preview have specific opt-in and portal viewing requirements.  See the individual capability topics above to learn more about using that capability with your VM.
 
 ## Next steps