Merge pull request #18159 from sethmanheim/fixes26-9

Fix another AKS Arc submission

Author: prmerger-automator[bot]

azure-local/manage/configure-proxy-settings-23h2.md

@@ -4,7 +4,7 @@ description: Learn how to configure proxy settings for Azure Local, version 23H2
 author: alkohli
 ms.author: alkohli
 ms.topic: how-to
-ms.date: 03/20/2025
+ms.date: 06/09/2025
 ---
 
 # Configure proxy settings for Azure Local
@@ -20,14 +20,14 @@ For information about firewall requirements for outbound endpoints and internal
 Before you begin to configure proxy settings, make sure that:
 
 - You have access to an Azure Local for which you want to configure the proxy settings. You also have the local administrator credentials to access the machines in your Azure Local.
-- You know the proxy server name or IP address and port (optional). If you don’t have this information, contact your network administrator.
+- You know the proxy server name or IP address and port (optional). If you don't have this information, contact your network administrator.
 
 Here are some important considerations to keep in mind before you configure proxy settings:
 
 - Understand that proxy settings are separate for different components and features of Azure Local (`WinInet`,`WinHTTP`, and `Environment Variables`). You must configure the proxy settings for all the required components and any other features that you plan on using.
 - Although each component has specific command parameters and proxy bypass list string requirements, we recommend keeping the same proxy configuration across the different component and features.
 - Authenticated proxies using username and password aren't supported due to security constraints.
-- Proxy server endpoints with a `.local` domain aren't supported. For example - `http://proxy.contosos.local`.
+- Proxy server endpoints with a `.local` domain aren't supported; for example, `http://proxy.contosos.local`.
 - If you're using SSL inspection in your proxy, you need to bypass the required Azure Local and its components (Arc Resource Bridge, Azure Kubernetes Service (AKS), etc.) outbound URLs.
 - Each of the three proxy components on the operating system has specific proxy bypass list string requirements. Don't use the same string for all three components.
 - Proxy Auto-Configuration (PAC) files aren't supported.
@@ -55,7 +55,7 @@ To configure the proxy settings for the Azure Stack HCI operating system, run th
     |---|---|
     | ProxySettingsPerUser | Specifies if the proxy settings are per machine or per user: <br><br>- 0 - Proxy settings are per machine.<br>- 1 (default) - Proxy settings are per user.<br>- If no value is provided, the `ProxySettingsPerUser` environment variable is used instead, if present.|
     | ProxyServer | Specifies the proxy server endpoint in the format `http://[Proxy_Server_Address]:[Proxy_Port]`. For example, `http://proxy.contoso.com:8080`.|
-    | ProxyBypass | Specifies the list of host URLs that bypass proxy server set by the `-ProxyServer` parameter. For example, you can set `-ProxyBypass “localhost”` to bypass local intranet URLs. On your Azure Local the list must include:<br><br>- At least the IP address of each machine.<br>- At least the IP address of system.<br>- At least the IPs you defined for your infrastructure network. Arc Resource Bridge, AKS, and future infrastructure services using these IPs require outbound connectivity.<br>- Or you can bypass the entire infrastructure subnet.<br>- NetBIOS name of each machine.<br>- NetBIOS name of the system.<br>- Domain name or domain name with asterisk `*` wildcard for any host or subdomain. |
+    | ProxyBypass | Specifies the list of host URLs that bypass proxy server set by the `-ProxyServer` parameter. For example, you can set `-ProxyBypass "localhost"` to bypass local intranet URLs. On your Azure Local the list must include:<br><br>- At least the IP address of each machine.<br>- At least the IP address of system.<br>- At least the IPs you defined for your infrastructure network. Arc Resource Bridge, AKS, and future infrastructure services using these IPs require outbound connectivity.<br>- Or you can bypass the entire infrastructure subnet.<br>- NetBIOS name of each machine.<br>- NetBIOS name of the system.<br>- Domain name or domain name with asterisk `*` wildcard for any host or subdomain. |
 
 Here's an example of the command usage:
 
@@ -166,7 +166,7 @@ When configuring the `WinHTTP` proxy bypass list string, keep the following poin
 
 ## Configure proxy settings for Environment Variables
 
-You must configure the proxy for Azure Resource Bridge, AKS and Arc enabled Kubernetes agents before you [Register the machines with Azure Arc](../deploy/deployment-arc-register-server-permissions.md).
+You must configure the proxy for Azure Resource Bridge, AKS, and Arc enabled Kubernetes agents before you [Register the machines with Azure Arc](../deploy/deployment-arc-register-server-permissions.md).
 
 To set the proxy server Environment Variable, run the following commands as administrator on each machine in the system:
 
@@ -187,7 +187,7 @@ The parameters are described in the following table:
 |---|---|
 | HTTPS_PROXY variable | Specifies the proxy server endpoint in the format `http://[Proxy_Server_Address]:[Proxy_Port]`. For example, `http://proxy.contoso.com:8080`. |
 | HTTP_PROXY variable | Specifies the proxy server endpoint in the format `http://[Proxy_Server_Address]:[Proxy_Port]`. For example, `http://proxy.contoso.com:8080`. |
-| NO_PROXY variable | String to bypass local intranet URLs, domains, and subnets. On your Azure Local the list must include: <br><br>- At least the IP address of each machine. <br>- At least the IP address of system. <br>- NetBIOS name of each machine. <br>- NetBIOS name of the system. <br>- Domain name or domain name with dot `.` wildcard for any host or subdomain. <br>- At least the IPs you defined for your infrastructure network. Arc Resource Bridge, and future infrastructure services using these IPs require outbound connectivity. <br>- Or you can bypass the entire infrastructure subnet. <br>- The subnets on which you plan on deploying your AKS clusters. <br>- `.svc`, `kubernetes.default.svc` and `.svc.cluster.local` for internal Kubernetes service traffic. <br>- `10.0.0.0/8`, `172.16.0.0/12` and `192.168.0.0/16`. These subnets are required for creating AKS clusters and Azure Arc agents. |
+| NO_PROXY variable | String to bypass local intranet URLs, domains, and subnets. On Azure Local, the list must include: <br><br>- At least the IP address of each machine. <br>- At least the IP address of the system. <br>- NetBIOS name of each machine. <br>- NetBIOS name of the system. <br>- Domain name or domain name with dot `.` wildcard for any host or subdomain. <br>- At least the IPs you defined for your infrastructure network. Arc Resource Bridge, and future infrastructure services using these IPs require outbound connectivity. <br>- Or, you can bypass the entire infrastructure subnet. <br>- The subnets on which you plan on deploying your AKS clusters. <br>- `.svc`, `kubernetes.default.svc` and `.svc.cluster.local` for internal Kubernetes service traffic. <br>- `10.0.0.0/8`, `172.16.0.0/12` and `192.168.0.0/16`. These subnets are required for creating AKS clusters and Azure Arc agents. |
 
 Here's an example of the command usage:
 
@@ -210,8 +210,8 @@ When configuring the Environment Variables proxy bypass list string, keep the fo
 - Asterisk `*` as wildcards to bypass subnets or domain names isn't supported.
 - Dots `.` Should be used as wildcards to bypass domain names or local services. For example `.contoso.com` or `.svc`.
 - Proxy name must be specified with `http://` and the port for both HTTP_PROXY and HTTPS_PROXY variables. For example, `http://192.168.1.250:8080`.
-- `.svc`, `kubernetes.default.svc` and `.svc.cluster.local` bypass is for AKS internal services communication in Linux notation. This is required for Arc Resource Bridge and AKS.
-- AKS requires to bypass the following subnets. `10.0.0.0/8`, `172.16.0.0/12` and `192.168.0.0/16`. These subnets will be added to the Environment Variables bypass list automatically if they aren't defined.
+- `.svc`, `kubernetes.default.svc`, and `.svc.cluster.local` bypass are for AKS internal services communication in Linux notation. These values are required for Arc Resource Bridge and AKS.
+- AKS requires the following subnets to be bypassed: `10.0.0.0/8`, `172.16.0.0/12`, and `192.168.0.0/16`. These subnets are added to the environment variables bypass list automatically if they aren't defined.
 
 ### Confirm and remove the Environment Variables proxy configuration