Merge pull request #266518 from ChaseCrum/CEOL-22

batch insert EOL even notice

Author: v-dirichards

includes/virtual-machines-common-mitigate-se.md

@@ -10,7 +10,10 @@ ms.author: jushiman
  ms.custom: include file
 ---
 
-This article provides guidance for a new class of silicon based micro-architectural and speculative execution side-channel vulnerabilities that affect many modern processors and operating systems. This includes Intel, AMD, and ARM. Specific details for these silicon-based vulnerabilities can be found in the following security advisories and CVEs: 
+> [!CAUTION]
+> This article references CentOS, a Linux distribution that is nearing End Of Life (EOL) status. Please consider your use and planning accordingly.
+
+This article provides guidance for a new class of silicon based micro-architectural and speculative execution side-channel vulnerabilities that affect many modern processors and operating systems. This includes Intel, AMD, and ARM. Specific details for these silicon-based vulnerabilities can be found in the following security advisories and CVEs:
 - [ADV180002 - Guidance to mitigate speculative execution side-channel vulnerabilities](https://msrc.microsoft.com/update-guide/vulnerability/ADV180002)
 - [ADV180012 - Microsoft Guidance for Speculative Store Bypass](https://msrc.microsoft.com/update-guide/vulnerability/ADV180012)
 - [ADV180013 - Microsoft Guidance for Rogue System Register Read](https://msrc.microsoft.com/update-guide/vulnerability/ADV180013)
@@ -22,57 +25,57 @@ This article provides guidance for a new class of silicon based micro-architectu
 - [CVE-2022-21123 - AMD CPU Branch Type Confusion](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23825)
 
 
-The disclosure of these CPU vulnerabilities has resulted in questions from customers seeking more clarity.  
+The disclosure of these CPU vulnerabilities has resulted in questions from customers seeking more clarity.
 
 Microsoft has deployed mitigations across all our cloud services. The infrastructure that runs Azure and isolates customer workloads from each other is protected. This means that a potential attacker using the same infrastructure can't attack your application using these vulnerabilities.
 
 Azure is using [memory preserving maintenance](../articles/virtual-machines/maintenance-and-updates.md?bc=%2fazure%2fvirtual-machines%2fwindows%2fbreadcrumb%2ftoc.json%252c%2fazure%2fvirtual-machines%2fwindows%2fbreadcrumb%2ftoc.json&toc=%2fazure%2fvirtual-machines%2fwindows%2ftoc.json%253ftoc%253d%2fazure%2fvirtual-machines%2fwindows%2ftoc.json#maintenance-that-doesnt-require-a-reboot) whenever possible, to minimize customer impact and eliminate the need for reboots. Azure will continue utilizing these methods when making systemwide updates to the host and protect our customers.
 
-More information about how security is integrated into every aspect of Azure is available on the [Azure Security Documentation](../articles/security/index.yml) site. 
+More information about how security is integrated into every aspect of Azure is available on the [Azure Security Documentation](../articles/security/index.yml) site.
 
-> [!NOTE] 
-> Since this document was first published, multiple variants of this vulnerability class have been disclosed. Microsoft continues to be heavily invested in protecting our customers and providing guidance. This page will be updated as we continue to release further fixes. 
+> [!NOTE]
+> Since this document was first published, multiple variants of this vulnerability class have been disclosed. Microsoft continues to be heavily invested in protecting our customers and providing guidance. This page will be updated as we continue to release further fixes.
 >
 > **Customers that are running untrusted code within their VM** need to take action to protect against these vulnerabilities by reading below for more guidance on all vulnerabilities.
 >
 > Other customers should evaluate these vulnerabilities from a Defense in Depth perspective and consider the security and performance implications of their chosen configuration.
-> 
+>
 
 
 
 ## Keeping your operating systems up-to-date
 
-While an OS update is not required to isolate your applications running on Azure from other Azure customers, it is always a best practice to keep your software up-to-date. The latest Security Updates for Windows contain mitigations for these vulnerabilities. Similarly, Linux distributions have released multiple updates to address these vulnerabilities. Here are our recommended actions to update your operating system:
+While an OS update isn't required to isolate your applications running on Azure from other Azure customers, it is always a best practice to keep your software up-to-date. The latest Security Updates for Windows contain mitigations for these vulnerabilities. Similarly, Linux distributions have released multiple updates to address these vulnerabilities. Here are our recommended actions to update your operating system:
 
 | Offering | Recommended Action  |
 |----------|---------------------|
 | Azure Cloud Services  | Enable [auto update](../articles/cloud-services/cloud-services-how-to-configure-portal.md) or ensure you're running the newest Guest OS. |
 | Azure Linux Virtual Machines | Install updates from your operating system provider. For more information, see [Linux](#linux) later in this document. |
 | Azure Windows Virtual Machines  | Install the latest security rollup.
-| Other Azure PaaS Services | There is no action needed for customers using these services. Azure automatically keeps your OS versions up-to-date. |
+| Other Azure PaaS Services | There's no action needed for customers using these services. Azure automatically keeps your OS versions up-to-date. |
 
-## Additional guidance if you're running untrusted code 
+## Additional guidance if you're running untrusted code
 
 Customers who allow untrusted users to execute arbitrary code may wish to implement some extra security features inside their Azure Virtual Machines or Cloud Services. These features protect against the intra-process disclosure vectors that several speculative execution vulnerabilities describe.
 
 Example scenarios where more security features are recommended:
 
-- You allow code that you do not trust to run inside your VM.  
-    - *For example, you allow one of your customers to upload a binary or script that you then execute within your application*. 
-- You allow users that you do not trust to log into your VM using low privileged accounts.   
-    - *For example, you allow a low-privileged user to log into one of your VMs using remote desktop or SSH*.  
-- You allow untrusted users access to virtual machines implemented via nested virtualization.  
-    - *For example, you control the Hyper-V host, but allocate the VMs to untrusted users*. 
+- You allow code that you don't trust to run inside your VM.
+    - *For example, you allow one of your customers to upload a binary or script that you then execute within your application*.
+- You allow users that you don't trust to log into your VM using low privileged accounts.
+    - *For example, you allow a low-privileged user to log into one of your VMs using remote desktop or SSH*.
+- You allow untrusted users access to virtual machines implemented via nested virtualization.
+    - *For example, you control the Hyper-V host, but allocate the VMs to untrusted users*.
 
-Customers who do not implement a scenario involving untrusted code do not need to enable these extra security features. 
+Customers who don't implement a scenario involving untrusted code don't need to enable these extra security features.
 
-## Enabling additional security 
+## Enabling additional security
 
 You can enable more security features inside your VM or Cloud Service if you're running untrusted code. In parallel, ensure your operating system is up-to-date to enable security features inside your VM or Cloud Service
 
-### Windows 
+### Windows
 
-Your target operating system must be up-to-date to enable these extra security features. While numerous mitigations are enabled by default, the extra features described here must be enabled manually and may cause a performance impact. 
+Your target operating system must be up-to-date to enable these extra security features. While numerous mitigations are enabled by default, the extra features described here must be enabled manually and may cause a performance impact.
 
 
 
@@ -87,7 +90,7 @@ Your target operating system must be up-to-date to enable these extra security f
 
 To validate enabled protections against these vulnerabilities, see [Understanding Get-SpeculationControlSettings PowerShell script output](https://support.microsoft.com/topic/understanding-get-speculationcontrolsettings-powershell-script-output-fd70a80a-a63f-e539-cda5-5be4c9e67c04).
 
-If protections are not enabled, please [contact Azure Support](https://aka.ms/microcodeenablementrequest-supporttechnical) to enable additional controls on your Azure VM.
+If protections aren't enabled, please [contact Azure Support](https://aka.ms/microcodeenablementrequest-supporttechnical) to enable additional controls on your Azure VM.
 
 **Step 2:** To enable Kernel Virtual Address Shadowing (KVAS) and Branch Target Injection (BTI) OS support, follow the instructions in [KB4072698](https://support.microsoft.com/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution) to enable protections using the `Session Manager` registry keys. A reboot is required.
 
@@ -120,14 +123,14 @@ For [CVE-2022-23816](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2
 Enabling the set of extra security features inside requires that the target operating system be fully up-to-date. Some mitigations will be enabled by default. The following section describes the features which are off by default and/or reliant on hardware support (microcode). Enabling these features may cause a performance impact. Reference your operating system provider's documentation for further instructions
 
 
-**Step 1: Disable hyper-threading on the VM** - Customers running untrusted code on a hyper-threaded VM will need to disable hyper-threading or move to a non-hyper-threaded VM.  Reference [this doc](../articles/virtual-machines/acu.md) for a list of hyper-threaded VM sizes (where ratio of vCPU to Core is 2:1). To check if you're running a hyper-threaded VM, run the `lscpu` command in the Linux VM. 
+**Step 1: Disable hyper-threading on the VM** - Customers running untrusted code on a hyper-threaded VM will need to disable hyper-threading or move to a non-hyper-threaded VM.  Reference [this doc](../articles/virtual-machines/acu.md) for a list of hyper-threaded VM sizes (where ratio of vCPU to Core is 2:1). To check if you're running a hyper-threaded VM, run the `lscpu` command in the Linux VM.
 
-If `Thread(s) per core = 2`, then hyper-threading has been enabled. 
+If `Thread(s) per core = 2`, then hyper-threading has been enabled.
 
-If `Thread(s) per core = 1`, then hyper-threading has been disabled. 
+If `Thread(s) per core = 1`, then hyper-threading has been disabled.
 
- 
-Sample output for a VM with hyper-threading enabled: 
+
+Sample output for a VM with hyper-threading enabled:
 
 ```console
 CPU Architecture:      x86_64
@@ -146,17 +149,17 @@ If you're running a hyper-threaded VM, [contact Azure Support](https://aka.ms/Mi
 
 
 
-**Step 2:** To mitigate against any of the below CPU based memory vulnerabilities, refer to your operating system provider's documentation:   
- 
-- [Redhat and CentOS](https://access.redhat.com/security/vulnerabilities) 
-- [SUSE](https://www.suse.com/support/kb/?doctype%5B%5D=DT_SUSESDB_PSDB_1_1&startIndex=1&maxIndex=0) 
-- [Ubuntu](https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/) 
+**Step 2:** To mitigate against any of the below CPU based memory vulnerabilities, refer to your operating system provider's documentation:
+
+- [Redhat and CentOS](https://access.redhat.com/security/vulnerabilities)
+- [SUSE](https://www.suse.com/support/kb/?doctype%5B%5D=DT_SUSESDB_PSDB_1_1&startIndex=1&maxIndex=0)
+- [Ubuntu](https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/)
 
 
 ### Core count
 
-When a hyper-threaded VM is created, Azure allocates 2 threads per core - these are called vCPUs. When hyper-threading is disabled, Azure removes a thread and surfaces up single threaded cores (physical cores). The ratio of vCPU to CPU is 2:1, so once hyper-threading is disabled, the CPU count in the VM will appear to have decreased by half. For example, a D8_v3 VM is a hyper-threaded VM running on 8 vCPUs (2 threads per core x 4 cores).  When hyper-threading is disabled, CPUs will drop to 4 physical cores with 1 thread per core. 
+When a hyper-threaded VM is created, Azure allocates 2 threads per core - these are called vCPUs. When hyper-threading is disabled, Azure removes a thread and surfaces up single threaded cores (physical cores). The ratio of vCPU to CPU is 2:1, so once hyper-threading is disabled, the CPU count in the VM will appear to have decreased by half. For example, a D8_v3 VM is a hyper-threaded VM running on 8 vCPUs (2 threads per core x 4 cores).  When hyper-threading is disabled, CPUs will drop to 4 physical cores with 1 thread per core.
 
 ## Next steps
 
-For more information about how security is integrated into every aspect of Azure, see [Azure Security Documentation](../articles/security/index.yml). 
+For more information about how security is integrated into every aspect of Azure, see [Azure Security Documentation](../articles/security/index.yml).

includes/virtual-machines-n-series-linux-support.md

@@ -12,6 +12,9 @@ ms.author: jushiman
 
 ## Supported distributions and drivers
 
+> [!CAUTION]
+> This article references CentOS, a Linux distribution that is nearing End Of Life (EOL) status. Please consider your use and planning accordingly.
+
 ### NVIDIA CUDA drivers
 
 For the latest CUDA drivers and supported operating systems, visit the [NVIDIA](https://developer.nvidia.com/cuda-zone) website. Ensure that you install or upgrade to the latest supported CUDA drivers for your distribution. 

includes/virtual-network-multiple-ip-addresses-os-config.md

@@ -12,6 +12,9 @@
 
 ## <a name="os-config"></a>Add IP addresses to a VM operating system
 
+> [!CAUTION]
+> This article references CentOS, a Linux distribution that is nearing End Of Life (EOL) status. Please consider your use and planning accordingly.
+
 Connect and sign in to a VM you created with multiple private IP addresses. You must manually add all the private IP addresses, including the primary, that you added to the VM. Complete the following steps for your VM operating system.
 
 ### Windows Server