Arc updates and refresh

Author: JnHs

articles/lighthouse/concepts/cross-tenant-management-experience.md

@@ -1,7 +1,7 @@
 ---
 title: Cross-tenant management experiences
 description: Azure Lighthouse enables and enhances cross-tenant experiences in many Azure services.
-ms.date: 03/01/2023
+ms.date: 12/01/2023
 ms.topic: conceptual
 ---
 
@@ -14,7 +14,7 @@ As a service provider, you can use [Azure Lighthouse](../overview.md) to manage
 
 ## Understanding tenants and delegation
 
-A Microsoft Entra tenant is a representation of an organization. It's a dedicated instance of Microsoft Entra ID that an organization receives when they create a relationship with Microsoft by signing up for Azure, Microsoft 365, or other services. Each Microsoft Entra tenant is distinct and separate from other Microsoft Entra tenants, and has its own tenant ID (a GUID). For more information, see [What is Microsoft Entra ID?](../../active-directory/fundamentals/active-directory-whatis.md)
+A Microsoft Entra tenant is a representation of an organization. It's a dedicated instance of Microsoft Entra ID that an organization receives when they create a relationship with Microsoft by signing up for Azure, Microsoft 365, or other services. Each Microsoft Entra tenant is distinct and separate from other Microsoft Entra tenants, and has its own tenant ID (a GUID). For more information, see [What is Microsoft Entra ID?](/entra/fundamentals/whatis)
 
 Typically, in order to manage Azure resources for a customer, service providers must sign in to the Azure portal using an account associated with that customer's tenant. In this scenario, an administrator in the customer's tenant must create and manage user accounts for the service provider.
 
@@ -46,6 +46,7 @@ Most Azure tasks and services can be used with delegated resources across manage
 [Azure Arc](../../azure-arc/index.yml):
 
 - Manage hybrid servers at scale - [Azure Arc-enabled servers](../../azure-arc/servers/overview.md):
+  - Onboard servers to delegated customer subscriptions
   - Manage Windows Server or Linux machines outside Azure that are [connected](../../azure-arc/servers/learn/quick-enable-hybrid-vm.md) to delegated subscriptions and/or resource groups in Azure
   - Manage connected machines using Azure constructs, such as Azure Policy and tagging
   - Ensure the same set of [policies are applied](../../azure-arc/servers/learn/tutorial-assign-policy-portal.md) across customers' hybrid environments
@@ -137,7 +138,7 @@ Most Azure tasks and services can be used with delegated resources across manage
 - Integrate VMs with Azure Key Vault for passwords, secrets, or cryptographic keys for disk encryption by using [managed identity through policy](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/create-keyvault-secret), ensuring that secrets are stored in a Key Vault in the managed tenants
 - Note that you can't use Microsoft Entra ID for remote login to VMs
 
-[Microsoft Defender for Cloud](../../security-center/index.yml):
+[Microsoft Defender for Cloud](../../defender-for-cloud/index.yml):
 
 - Cross-tenant visibility
   - Monitor compliance with security policies and ensure security coverage across all tenants' resources

articles/lighthouse/how-to/manage-hybrid-infrastructure-arc.md

@@ -1,7 +1,7 @@
 ---
 title: Manage hybrid infrastructure at scale with Azure Arc
 description: Azure Lighthouse helps you effectively manage customers' machines and Kubernetes clusters outside of Azure.
-ms.date: 12/01/2022
+ms.date: 12/01/2023
 ms.topic: how-to
 ---
 
@@ -20,7 +20,7 @@ With [Azure Arc–enabled servers](../../azure-arc/servers/overview.md), custome
 
 ## Manage hybrid servers at scale with Azure Arc–enabled servers
 
-As a service provider, you can manage on-premises Windows Server or Linux machines outside Azure that your customers have connected to their subscription using the [Azure Connected Machine agent](../../azure-arc/servers/agent-overview.md). When viewing resources for a delegated subscription in the Azure portal, you'll see these connected machines labeled with **Azure Arc**.
+As a service provider, you can connect and disconnect on-premises Windows Server or Linux machines outside Azure to your customer's subscription by using the `--user-tenant-id` parameter with the [`azcmagent connect`](/azure/azure-arc/servers/azcmagent-connect) and [`azcmagent disconnect`](/azure/azure-arc/servers/azcmagent-disconnect) commands. You can also view and manage machines that the customer has already connected. When viewing resources for a delegated subscription in the Azure portal, you'll see these connected machines labeled with **Azure Arc**.
 
 You can manage these connected machines using Azure constructs, such as Azure Policy and tagging, just as you would manage the customer's Azure resources. You can also work across customer tenants to manage all connected machines together.
 
@@ -34,10 +34,10 @@ If your customer has created a service principal account to onboard Kubernetes c
 
 You can deploy [configurations and Helm charts](../../azure-arc/kubernetes/tutorial-use-gitops-flux2.md) using [GitOps for connected clusters](../../azure-arc/kubernetes/conceptual-gitops-flux2.md).
 
-You can also [monitor connected clusters](../..//azure-monitor/containers/container-insights-enable-arc-enabled-clusters.md) with Azure Monitor, and [use Azure Policy to apply cluster configurations at scale](../../azure-arc/kubernetes/use-azure-policy.md).
+You can also [monitor connected clusters](../..//azure-monitor/containers/container-insights-enable-arc-enabled-clusters.md) with Azure Monitor, and [use Azure Policy for Kubernetes](/azure/governance/policy/concepts/policy-for-kubernetes?toc=%2Fazure%2Fazure-arc%2Fkubernetes%2Ftoc.json&bc=%2Fazure%2Fazure-arc%2Fkubernetes%2Fbreadcrumb%2Ftoc.json) to manage and report on compliance state.
 
 ## Next steps
 
-- Explore the [Azure Arc Jumpstart](https://azurearcjumpstart.io/).
+- Explore the [Azure Arc Jumpstart](https://azurearcjumpstart.com/).
 - Learn about [supported cloud operations for Azure Arc-enabled servers](../../azure-arc/servers/overview.md#supported-cloud-operations).
 - Learn about [accessing connected Kubernetes clusters through the Azure portal](../../azure-arc/kubernetes/kubernetes-resource-view.md).