Merge pull request #247143 from bwren/patch-67

prmerger-automator[bot] · web-flow · commit d7c360ad1532 · 2023-08-02T18:35:29.000Z
Update container-insights-enable-arc-enabled-clusters.md
diff --git a/articles/azure-monitor/containers/container-insights-enable-arc-enabled-clusters.md b/articles/azure-monitor/containers/container-insights-enable-arc-enabled-clusters.md
@@ -1,6 +1,6 @@
 ---
 title: Monitor Azure Arc-enabled Kubernetes clusters
-ms.date: 05/24/2022
+ms.date: 08/02/2023
 ms.topic: article
 description: Collect metrics and logs of Azure Arc-enabled Kubernetes clusters using Azure Monitor.
 ms.reviewer: aul
@@ -108,6 +108,9 @@ This option uses the following defaults:
 - Creates or uses existing default log analytics workspace corresponding to the region of the cluster
 - Auto-upgrade is enabled for the Azure Monitor cluster extension
 
+>[!NOTE]
+> Managed identity authentication is the default in k8s-extension version 1.43.0 or higher.
+
 ```azurecli
 az k8s-extension create --name azuremonitor-containers --cluster-name <cluster-name> --resource-group <resource-group> --cluster-type connectedClusters --extension-type Microsoft.AzureMonitor.Containers
 ```
@@ -118,6 +121,24 @@ To use [managed identity authentication](container-insights-onboard.md#authentic
 az k8s-extension create --name azuremonitor-containers --cluster-name <cluster-name> --resource-group <resource-group> --cluster-type connectedClusters --extension-type Microsoft.AzureMonitor.Containers --configuration-settings amalogs.useAADAuth=true
 ```
 
+>[!NOTE]
+> Managed identity authentication is not supported for Arc-enabled Kubernetes clusters with **ARO**.
+>
+
+To use legacy/non-managed identity authentication to create an extension instance on **Arc K8S connected clusters with ARO**, use the commands below that don't use managed identity. Non-cli onboarding is not supported for Arc-enabled Kubernetes clusters with **ARO**. Currently, only k8s-extension version 1.3.7 or below is supported. 
+
+If you are using k8s-extension version above 1.3.7, downgrade the version.
+
+```azurecli
+Install the extension with **amalogs.useAADAuth=false**.
+az extension add --name k8s-extension --version 1.3.7
+```
+
+Install the extension with **amalogs.useAADAuth=false**.
+
+```azurecli
+az k8s-extension create --name azuremonitor-containers --cluster-name <cluster-name> --resource-group <resource-group> --cluster-type connectedClusters --extension-type Microsoft.AzureMonitor.Containers --configuration-settings amalogs.useAADAuth=false
+```
 
 ### Option 2 - With existing Azure Log Analytics workspace
 
@@ -228,6 +249,9 @@ az k8s-extension show --name azuremonitor-containers --cluster-name <cluster-nam
 ## Migrate to managed identity authentication
 Use the flowing guidance to migrate an existing extension instance to managed identity authentication.
 
+>[!NOTE]
+> Managed identity authentication is not supported for Arc-enabled Kubernetes clusters with **ARO**.
+
 ## [CLI](#tab/migrate-cli)
 First retrieve the Log Analytics workspace configured for Container insights extension.
 
