Merge pull request #216828 from b-ahibbard/smb-connection-dc

prmerger-automator[bot] · web-flow · commit a56698385eda · 2022-11-02T16:19:45.000Z
smb encryption connecting to dc
diff --git a/articles/azure-netapp-files/create-active-directory-connections.md b/articles/azure-netapp-files/create-active-directory-connections.md
@@ -12,7 +12,7 @@ ms.service: azure-netapp-files
 ms.workload: storage
 ms.tgt_pltfrm: na
 ms.topic: how-to
-ms.date: 11/01/2022
+ms.date: 11/02/2022
 ms.author: anfdocs
 ---
 # Create and manage Active Directory connections for Azure NetApp Files
@@ -168,11 +168,11 @@ Several features of Azure NetApp Files require that you have an Active Directory
 
         See [Configure AD DS LDAP with extended groups for NFS volume access](configure-ldap-extended-groups.md#ldap-search-scope) for information about these options.
 
-    * **Encrypted SMB connections to Domain Controller**
+    * <a name="encrypted-smb-dc"></a> **Encrypted SMB connections to Domain Controller**
         
-        **Encrypted SMB connections to Domain Controller** specifies whether encryption should be used for communication between SMB server and domain controller. When enabled, only SMB3 will be used for encrypted domain controller connections.
+        **Encrypted SMB connections to Domain Controller** specifies whether encryption should be used for communication between an SMB server and domain controller. When enabled, only SMB3 will be used for encrypted domain controller connections.
 
-        If this is your first time using this feature, you must register it: 
+        This feature is currently in preview. If this is your first time using Encrypted SMB connections to domain controller, you must register it: 
 
         ```azurepowershell-interactive
         Register-AzProviderFeature -ProviderNamespace Microsoft.NetApp -FeatureName  ANFEncryptedSMBConnectionsToDC 
diff --git a/articles/azure-netapp-files/modify-active-directory-connections.md b/articles/azure-netapp-files/modify-active-directory-connections.md
@@ -5,7 +5,7 @@ author: b-hchen
 ms.service: azure-netapp-files
 ms.workload: storage
 ms.topic: how-to
-ms.date: 07/22/2022
+ms.date: 11/02/2022
 ms.author: anfdocs
 ---
 
@@ -34,6 +34,7 @@ Once you have [created an Active Directory connection](create-active-directory-c
 | Allow local NFS users with LDAP | If enabled, this option will manage access for local users and LDAP users. | Yes | This option will allow access to local users. It is not recommended and, if enabled, should only be used for a limited time and later disabled. | If enabled, this option will allow access to local users and LDAP users. If access is needed for only LDAP users, this option must be disabled. |
 | LDAP over TLS | If enabled, LDAP over TLS will be configured to support secure LDAP communication to active directory. | Yes | None | If LDAP over TLS is enabled and if the server root CA certificate is already present in the database, then LDAP traffic is secured using the CA certificate. If a new certificate is passed in, that certificate will be installed. |
 | Server root CA Certificate | When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64-encoded Active Directory Certificate Service's self-signed root CA certificate. | Yes | None* | LDAP traffic secured with new certificate only if LDAP over TLS is enabled |
+| Encrypted SMB connections to Domain Controller | This specifies whether encryption should be used for communication between SMB server and domain controller. See [Create Active Directory connections](create-active-directory-connections.md#encrypted-smb-dc) for more details on using this feature. | Yes | SMB, Kerberos, and LDAP enabled volume creation cannot be used if the domain controller does not support SMB3 | Only SMB3 will be used for encrypted domain controller connections. |
 | Backup policy users | You can include additional accounts that require elevated privileges to the computer account created for use with Azure NetApp Files. See [Create and manage Active Directory connections](create-active-directory-connections.md#create-an-active-directory-connection) for more information. | Yes | None* | The specified accounts will be allowed to change the NTFS permissions at the file or folder level. |
 | Administrators | Specify users or groups that will be given administrator privileges on the volume | Yes | None | User account will receive administrator privileges |
 | Username | Username of the Active Directory domain administrator | Yes | None* | Credential change to contact DC |
diff --git a/articles/azure-netapp-files/whats-new.md b/articles/azure-netapp-files/whats-new.md
@@ -12,13 +12,19 @@ ms.service: azure-netapp-files
 ms.workload: storage
 ms.tgt_pltfrm: na
 ms.topic: overview
-ms.date: 10/25/2022
+ms.date: 11/02/2022
 ms.author: anfdocs
 ---
 # What's new in Azure NetApp Files
 
 Azure NetApp Files is updated regularly. This article provides a summary about the latest new features and enhancements. 
 
+## November 2022 
+
+* [Encrypted SMB connections to Domain Controller](create-active-directory-connections.md#encrypted-smb-dc) (Preview)
+
+    With the Encrypted SMB connections to Active Directory Domain Controller capability you can now specify whether encryption should be used for communication between SMB server and domain controller in Active Directory connections. When enabled, only SMB3 will be used for encrypted domain controller connections.
+
 ## October 2022
 
 * [Availability zone volume placement](manage-availability-zone-volume-placement.md) (Preview) 
