MicrosoftDocs
diff --git a/‎articles/azure-arc/servers/overview.md
Lines changed: 71 additions & 114 deletions b/‎articles/azure-arc/servers/overview.md
Lines changed: 71 additions & 114 deletions
@@ -1,58 +1,73 @@
 ---
 title: Azure Arc for servers Overview
-description: Learn how to use Azure Arc for servers to automate the lifecycle of infrastructure and applications.
+description: Learn how to use Azure Arc for servers to manage machines that are hosted outside of Azure as if it is an Azure resource.
 services: azure-arc
 ms.service: azure-arc
 ms.subservice: azure-arc-servers
-author: bobbytreed
-ms.author: robreed
+author: mgoedtel
+ms.author: magoedte
 keywords: azure automation, DSC, powershell, desired state configuration, update management, change tracking, inventory, runbooks, python, graphical, hybrid
-ms.date: 11/04/2019
+ms.date: 01/29/2020
 ms.custom: mvc
 ms.topic: overview
 ---
 
-# What is Azure Arc for servers
+# What is Azure Arc for servers (preview)
 
-Azure Arc for servers allows you to manage machines which are outside of Azure.
-When a non-Azure machine is connected to Azure, it becomes a **Connected Machine** and is treated as a resource in Azure. Each **Connected Machine**
-has a Resource ID, is managed as part of a Resource Group inside a subscription, and benefits from standard Azure constructs such as Azure Policy and tagging.
+Azure Arc for servers (preview) allows you to manage your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud provider, similarly to how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Each connected machine has a Resource ID, is managed as part of a resource group inside a subscription, and benefits from standard Azure constructs such as Azure Policy and applying tags.
 
-An agent package needs to be installed on each machine to connect it to Azure. The rest of this document explains the process in more detail.
+To deliver this experience with your hybrid machines hosted outside of Azure, the Azure Connected Machine agent needs to be installed on each machine that you plan on connecting to Azure. This agent does not deliver any other functionality, and it doesn't replace the Azure [Log Analytics agent](../../azure-monitor/platform/log-analytics-agent.md). The Log Analytics agent for Windows and Linux is required when you want to proactively monitor the OS and workloads running on the machine, manage it using Automation runbooks or solutions like Update Management, or use other Azure services like [Azure Security Center](../../security-center/security-center-intro.md).
 
-Machines will have a status of **Connected** or **Disconnected** based on how recently the agent has checked in. Each check-in is called a heartbeat. If a machine has not checked-in within the past 5 minutes, it will show as offline until connectivity is restored.  <!-- For more information on troubleshooting agent connectivity, see [Troubleshooting Azure Arc for servers](troubleshoot/arc-for-servers.md). -->
+>[!NOTE]
+>This preview release is intended for evaluation purposes and we recommend you don't manage critical production machines.
+>
 
-![Connected servers](./media/overview/arc-for-servers-onboarded-servers.png)
+## Supported scenarios
 
-## Clients
+Azure Arc for servers (preview) supports the following scenarios with connected machines:
 
-### Supported Operating Systems
+- Assign [Azure Policy guest configurations](../../governance/policy/concepts/guest-configuration.md) using the same experience as policy assignment for Azure virtual machines.
+- Log data collected by the Log Analytics agent and stored in the Log Analytics workspace the machine is registered with now contains properties specific to the machine, such as Resource ID, which can be used to support [resource-context](../../azure-monitor/platform/design-logs-deployment.md#access-mode) log access.
 
-In Public Preview, we support:
+## Supported regions
 
-- Windows Server 2012 R2 and newer
+With Azure Arc for servers (preview), only certain regions are supported:
+
+- WestUS2
+- WestEurope
+- WestAsia
+
+## Prerequisites
+
+### Supported operating systems
+
+The following versions of the Windows and Linux operating system are officially supported for the Azure Connected Machine agent: 
+
+- Windows Server 2012 R2 and higher
 - Ubuntu 16.04 and 18.04
 
-The Public Preview release is designed for evaluation purposes and should not be used to manage critical production resources.
+>[!NOTE]
+>This preview release of the Connected Machine agent for Windows only supports Windows Server configured to use the English language.
+>
 
-## Azure Subscription and Service Limits
+### Azure subscription and service limits
 
-Please make sure you read the Azure Resource Manager limits, and plan for the number of the machines to be connected according to the guideline listed for the [subscription](../../azure-resource-manager/management/azure-subscription-service-limits.md#subscription-limits---azure-resource-manager), and for the [resource groups](../../azure-resource-manager/management/azure-subscription-service-limits.md#resource-group-limits). In particular, by default there is a limit of 800 servers per resource group.
+Before configuring your machines with Azure Arc for servers (preview), you should review the Azure Resource Manager [subscription limits](../../azure-resource-manager/management/azure-subscription-service-limits.md#subscription-limits---azure-resource-manager) and [resource group limits](../../azure-resource-manager/management/azure-subscription-service-limits.md#resource-group-limits) to plan for the number of machines to be connected.
 
-## Networking Configuration
+### Networking Configuration
 
-During installation and runtime, the agent requires connectivity to **Azure Arc service endpoints**. If outbound connectivity is blocked by Firewalls, make sure that the following URLs are not blocked by default. All connections are outbound from the agent to Azure, and are secured with **SSL**. All traffic can be routed via an **HTTPS** proxy. If you allow the IP ranges or domain names that the servers are allowed to connect to, you must allow port 443 access to the following Service Tags and DNS Names.
+The Connected Machine agent for Linux and Windows communicates outbound securely to Azure Arc over TCP port 443. If the machine connects through a firewall or proxy server to communicate over the Internet, review requirements below to understand the network configuration requirements.
 
-Service Tags:
+If outbound connectivity is restricted by your firewall or proxy server, make sure the URLs listed below are not blocked. If you only allow the IP ranges or domain names required for the agent to communicate with the service, you must also allow access to the following Service Tags and URLs.
 
-* AzureActiveDirectory
-* AzureTrafficManager
+Service Tags:
 
-For a list of IP addresses for each service tag/region, see the JSON file - [Azure IP Ranges and Service Tags – Public Cloud](https://www.microsoft.com/download/details.aspx?id=56519). Microsoft publishes weekly updates containing each Azure Service and the IP ranges it uses. See [Service tags](https://docs.microsoft.com/azure/virtual-network/security-overview#service-tags), for more details.
+- AzureActiveDirectory
+- AzureTrafficManager
 
-These DNS Names are provided in addition to the Service Tag IP range information because the majority of services do not currently have a Service Tag registration and, as such, the IPs are subject to change. If IP ranges are required for your firewall configuration, then the **AzureCloud** Service Tag should be used to allow access to all Azure services. Do not disable security monitoring or inspection of these URLs, but allow them as you would other internet traffic.
+URLs:
 
-| Domain Environment | Required Azure service endpoints |
+| Agent resource | Description |
 |---------|---------|
 |management.azure.com|Azure Resource Manager|
 |login.windows.net|Azure Active Directory|
@@ -61,116 +76,58 @@ These DNS Names are provided in addition to the Service Tag IP range information
 |*-agentservice-prod-1.azure-automation.net|Guest Configuration|
 |*.his.hybridcompute.azure-automation.net|Hybrid Identity Service|
 
-### Installation Network Requirements
-
-Download the [Azure Connected Machine Agent package](https://aka.ms/AzureConnectedMachineAgent) from our official distribution servers the below sites must be accessible from your environment. You may choose to download the package to a file share and have the agent installed from there. In this case, the onboarding script generated from the Azure portal may need to be modified.
-
-Windows:
+For a list of IP addresses for each service tag/region, see the JSON file - [Azure IP Ranges and Service Tags – Public Cloud](https://www.microsoft.com/download/details.aspx?id=56519). Microsoft publishes weekly updates containing each Azure Service and the IP ranges it uses. For more information, review [Service tags](https://docs.microsoft.com/azure/virtual-network/security-overview#service-tags).
 
-* `aka.ms`
-* `download.microsoft.com`
+The URLs in the previous table are required in addition to the Service Tag IP address range information because the majority of services do not currently have a Service Tag registration. As such, the IP addresses are subject to change. If IP address ranges are required for your firewall configuration, then the **AzureCloud** Service Tag should be used to allow access to all Azure services. Do not disable security monitoring or inspection of these URLs, allow them as you would other Internet traffic.
 
-Linux:
+### Register Azure resource providers
 
-* `aka.ms`
-* `packages.microsoft.com`
+Azure Arc for servers depends on the following Azure resource providers in your subscription in order to use this service:
 
-See the section [Proxy server configuration](quickstart-onboard-powershell.md#proxy-server-configuration), for information on how to configure the agent to use your proxy.
+- **Microsoft.HybridCompute**
+- **Microsoft.GuestConfiguration**
 
-## Register the required Resource Providers
+If they are not registered, you can register them using the following commands:
 
-In order to use Azure Arc for Servers, you must register the required Resource Providers.
-
-* **Microsoft.HybridCompute**
-* **Microsoft.GuestConfiguration**
-
-You can register the resource providers with the following commands:
-
-Azure PowerShell:
+Azure PowerShell:
 
 ```azurepowershell-interactive
 Login-AzAccount
-Set-AzContext -SubscriptionId [subscription you want to onboard]
-Register-AzResourceProvider -ProviderNamespace Microsoft.HybridCompute
-Register-AzResourceProvider -ProviderNamespace Microsoft.GuestConfiguration
+Set-AzContext -SubscriptionId [subscription you want to onboard]
+Register-AzResourceProvider -ProviderNamespace Microsoft.HybridCompute
+Register-AzResourceProvider -ProviderNamespace Microsoft.GuestConfiguration
 ```
 
-Azure CLI:
+Azure CLI:
 
 ```azurecli-interactive
-az account set --subscription "{Your Subscription Name}"
-az provider register --namespace 'Microsoft.HybridCompute'
-az provider register --namespace 'Microsoft.GuestConfiguration'
+az account set --subscription "{Your Subscription Name}"
+az provider register --namespace 'Microsoft.HybridCompute'
+az provider register --namespace 'Microsoft.GuestConfiguration'
 ```
 
-You can also register the Resource Providers using the portal by following the steps under [Azure portal](../../azure-resource-manager/management/resource-providers-and-types.md#azure-portal).
-
-## Machine changes after installing the agent
-
-If you have a change tracking solution deployed in your environment, you can use the list below to track, identify, and allow the changes made by the **Azure Connected Machine Agent (AzCMAgent)** installation package.
-
-After you install the agent you see the following changes made to your servers.
-
-### Windows
-
-Services installed:
-
-* `Himds` - The **Azure Connected Machine Agent** service.
-* `Dscservice` or `gcd` - The **Guest Configuration** service.
-
-Files added to the server:
-
-* `%ProgramFiles%\AzureConnectedMachineAgent\*.*` - Location of **Azure Connected Machine Agent** files.
-* `%ProgramData%\GuestConfig\*.*` - **Guest Configuration** logs.
-
-Registry key locations:
-
-* `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Azure Connected Machine Agent` - Registry keys for **Azure Connected Machine Agent**.
-
-### Linux
-
-Services installed:
-
-* `Himdsd` - The **Azure Connected Machine Agent** service.
-* `dscd` or `gcd` - The **Guest Configuration** service.
-
-Files added to the server:
-
-* `/var/opt/azcmagent/**` - Location of **Azure Connected Machine Agent** files.
-* `/var/lib/GuestConfig/**` - **Guest Configuration** logs.
-
-## Supported Scenarios
-
-After you register a node you can start managing your nodes using other Azure services.
-
-In Public Preview, the following scenarios are supported for **Connected Machines**.
-
-## Guest Configuration
-
-After connect the machine to Azure, you can assign Azure policies to **Connected Machines** using the same experience as policy assignment to Azure virtual machines.
-
-For more information, see [Understand Azure Policy's Guest Configuration](../../governance/policy/concepts/guest-configuration.md).
+You can also register the resource providers in the Azure portal by following the steps under [Azure portal](../../azure-resource-manager/management/resource-providers-and-types.md#azure-portal).
 
-The Guest Configuration Agent logs for a **Connected Machine** are in the following locations:
+## Connected Machine agent
 
-* Windows - `%ProgramFiles%\AzureConnectedMachineAgent\logs\dsc.log`
-* Linux: - `/opt/logs/dsc.log`
+You can download the Azure Connected Machine Agent package for Windows and Linux from the locations listed below.
 
-## Log Analytics
+- [Windows agent Windows Installer package](https://aka.ms/AzureConnectedMachineAgent) from the Microsoft Download Center.
+- Linux agent package is distributed from Microsoft's [package repository](https://packages.microsoft.com/) using the preferred package format for the distribution (.RPM or .DEB).
 
-Log data collected by the [Microsoft Monitoring Agent (MMA)](https://docs.microsoft.com/azure/azure-monitor/log-query/log-query-overview) and stored in Log Analytics workspace will now contain properties specific to the machine such as **ResourceId**, which can be used for the Resource centric log access.
+>[!NOTE]
+>During this preview, only one package has been released, which is suitable for Ubuntu 16.04 or 18.04.
 
-- Machines that already have the MMA agent installed, will have **Azure Arc** functionality enabled via updated Management Packs.
-- [MMA agent version 10.20.18011 or above](https://docs.microsoft.com/azure/virtual-machines/extensions/oms-windows#agent-and-vm-extension-version) is required for Azure Arc for servers integration.
-- When querying for log data in [Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/log-query/log-query-overview), the returned data schema will contain the Hybrid **ResourceId** in the form `/subscriptions/<SubscriptionId/resourceGroups/<ResourceGroup>/providers/Microsoft.HybridCompute/machines/<MachineName>`.
+## Install and configure agent
 
-For more information, see [Get started with Log Analytics in Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/log-query/get-started-portal).
+Connecting machines in your hybrid environment directly with Azure can be accomplished using different methods depending on your requirements. The following table highlights each method to determine which works best for your organization.
 
-<!-- MMA agent version 10.20.18011 and later -->
+| Method | Description |
+|--------|-------------|
+| Interactively | Manually install the agent on a single or small number of machines following the steps in [Connect machines from Azure portal](quickstart-onboard-portal.md).<br> From the Azure portal, you can generate a script and execute it on the machine to automate the install and configuration steps of the agent.|
+| At scale | Install and configure the agent for multiple machines following the [Connect machines using a Service Principal](quickstart-onboard-powershell.md).<br> This method creates a service principal to connect machines non-interactively.|
 
-## Next Steps
 
-There are two methods to connect machines using Azure Arc for servers.
+## Next steps
 
-* **Interactively** - Follow the [Portal Quickstart](quickstart-onboard-portal.md) to generate a script from the portal and execute it on the machine. This is the best option if you are connecting one machine at a time.
-* **At Scale** - Follow the [PowerShell Quickstart](quickstart-onboard-powershell.md) to create a Service Principal to connect machines non-interactively.
+- To begin evaluating Azure Arc for servers, follow the article [Connect hybrid machines to Azure from the Azure portal](quickstart-onboard-portal.md).