Merge pull request #231044 from b-ahibbard/anf-netlogon

CVE-2022-38023 faq

Author: v-regandowner

articles/azure-netapp-files/create-active-directory-connections.md

@@ -15,6 +15,8 @@ ms.author: anfdocs
 
 Several features of Azure NetApp Files require that you have an Active Directory connection. For example, you need to have an Active Directory connection before you can create an [SMB volume](azure-netapp-files-create-volumes-smb.md), a [NFSv4.1 Kerberos volume](configure-kerberos-encryption.md), or a [dual-protocol volume](create-volumes-dual-protocol.md). This article shows you how to create and manage Active Directory connections for Azure NetApp Files.
 
+[!INCLUDE [April 2023 Netlogon notice](includes/netlogon-april-2023.md)]
+
 ## <a name="requirements-for-active-directory-connections"></a>Requirements and considerations for Active Directory connections
 
 > [!IMPORTANT]

articles/azure-netapp-files/faq-smb.md

@@ -6,7 +6,7 @@ ms.workload: storage
 ms.topic: conceptual
 author: b-hchen
 ms.author: anfdocs
-ms.date: 03/13/2023
+ms.date: 04/6/2023
 ---
 # SMB FAQs for Azure NetApp Files
 
@@ -32,6 +32,16 @@ Both [Azure Active Directory Domain Services (Azure AD DS)](../active-directory-
 
 If you're using Azure NetApp Files with Azure Active Directory Domain Services, the organizational unit path is `OU=AADDC Computers` when you configure Active Directory for your NetApp account.
 
+## How do the Netlogon protocol changes in the April 2023 Windows Update affect Azure NetApp Files? 
+
+The Windows April 2023 update will include a patch for Netlogon protocol changes, however these changes are not enforced at this time.
+ 
+You should not modify the `RequireSeal` value to 2 at this time. Azure NetApp Files adds support for setting `RequireSeal` to 2 in May 2023.
+
+The enforcement of setting `RequireSeal` value to 2 will occur by default with the June 2023 Azure update.
+
+For more information, see [KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023](https://support.microsoft.com/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25#timing5021130).
+
 ## What versions of Windows Server Active Directory are supported?
 
 Azure NetApp Files supports Windows Server 2008r2SP1-2019 versions of Active Directory Domain Services.
@@ -108,6 +118,7 @@ Yes, Azure NetApp Files supports [Alternate Data Streams (ADS)](/openspecs/windo
 
 SMB/CIFS oplocks (opportunistic locks) enable the redirector on a SMB/CIFS client in certain file-sharing scenarios to perform client-side caching of read-ahead, write-behind, and lock information. A client can then work with a file (read or write it) without regularly reminding the server that it needs access to the file. This improves performance by reducing network traffic. SMB/CIFS oplocks are enabled on Azure NetApp Files SMB and dual-protocol volumes.
 
+
 ## Next steps  
 
 - [FAQs about SMB performance for Azure NetApp Files](azure-netapp-files-smb-performance.md)

articles/azure-netapp-files/includes/netlogon-april-2023.md

@@ -0,0 +1,17 @@
+---
+title: include file
+description: include file
+author: b-ahibbard
+ms.service: azure-netapp-files
+ms.topic: include
+ms.date: 04/06/2023
+ms.author: anfdocs
+ms.custom: include file
+
+# azure-netapp-files/create-active-directory-connections.md
+# azure-netapp-files/understand-guidelines-active-directory-domain-service-site.md
+# azure-netapp-files/modify-active-directory-connections.md
+---
+
+>[!IMPORTANT]
+>The April 2023 Windows Update includes an update to Netlogon Secure Channel. For more information about this update, see [How do the Netlogon protocol changes in the April 2023 Windows Update affect Azure NetApp Files?](../faq-smb.md#how-do-the-netlogon-protocol-changes-in-the-april-2023-windows-update-affect-azure-netapp-files)

articles/azure-netapp-files/modify-active-directory-connections.md

@@ -13,6 +13,8 @@ ms.author: anfdocs
 
 Once you've [created an Active Directory connection](create-active-directory-connections.md) in Azure NetApp Files, you can modify it. When you're modifying an Active Directory connection, not all configurations are modifiable.
 
+[!INCLUDE [April 2023 Netlogon notice](includes/netlogon-april-2023.md)]
+
 ## Modify Active Directory connections
 
 1. Select **Active Directory connections**. Then, select **Edit** to edit an existing AD connection. 

articles/azure-netapp-files/understand-guidelines-active-directory-domain-service-site.md

@@ -21,6 +21,8 @@ Proper Active Directory Domain Services (AD DS) design and planning are key to s
 
 This article provides recommendations to help you develop an AD DS deployment strategy for Azure NetApp Files. Before reading this article, you need to have a good understanding about how AD DS works on a functional level.  
 
+[!INCLUDE [April 2023 Netlogon notice](includes/netlogon-april-2023.md)]
+
 ## <a name="ad-ds-requirements"></a> Identify AD DS requirements for Azure NetApp Files
 
 Before you deploy Azure NetApp Files volumes, you must identify the AD DS integration requirements for Azure NetApp Files to ensure that Azure NetApp Files is well connected to AD DS. _Incorrect or incomplete AD DS integration with Azure NetApp Files might cause client access interruptions or outages for SMB, dual-protocol, or Kerberos NFSv4.1 volumes_.