Merge branch 'main' of https://github.com/MicrosoftDocs/azure-stack-docs-pr into amlfs-monitor-ref

Author: pauljewellmsft

AKS-Hybrid/TOC.yml

@@ -146,7 +146,7 @@
       href: cluster-k8s-version.md
     - name: Deleted cluster still visible in portal
       href: deleted-cluster-visible.md
-    - name: Can't fully remove workload cluster with PodDisruptionBudget (PDB) resources
+    - name: Can't fully delete AKS Arc cluster with PodDisruptionBudget (PDB) resources
       href: delete-cluster-pdb.md
     - name: Kubernetes version x.x.x is not available
       href: webhook-denied-request.md

AKS-Hybrid/aks-create-clusters-cli.md

@@ -58,7 +58,7 @@ After a few minutes, the command completes and returns JSON-formatted informatio
 > - If you already have an SSH key on your local machine, the AKS cluster reuses that key. In this case, specifying `--generate-ssh-keys`, or omitting that parameter, has no effect.
 
 > [!IMPORTANT]
-> To use Azure RBAC or workload identity for an AKS cluster, you must pass the required parameters during cluster creation using Azure CLI. Currently, updating an existing AKS cluster to enable workload identity and/or Azure RBAC is not supported. For more information, see [Use Azure RBAC for Kubernetes authorization](/azure/aks/hybrid/azure-rbac-23h2) or [Deploy and configure Workload Identity for your cluster}(workload-identity.md).
+> To use Azure RBAC or workload identity for an AKS cluster, you must pass the required parameters during cluster creation using Azure CLI. Currently, updating an existing AKS cluster to enable workload identity and/or Azure RBAC is not supported. For more information, see [Use Azure RBAC for Kubernetes authorization](/azure/aks/hybrid/azure-rbac-23h2) or [Deploy and configure Workload Identity for your cluster](workload-identity.md).
 
 ## Connect to the Kubernetes cluster
 

AKS-Hybrid/aks-edge-workload-identity.md

@@ -17,6 +17,8 @@ Azure Kubernetes Service (AKS) Edge Essentials is an on-premises Kubernetes impl
 - Deploy your application.
 - Example: Grant a pod in the cluster access to secrets in an Azure key vault.
 
+For a conceptual overview of Workload identity federation, see [Workload identity federation in Azure Arc-enabled Kubernetes (preview)](/azure/azure-arc/kubernetes/conceptual-workload-identity).
+
 > [!IMPORTANT]
 > These preview features are available on a self-service, opt-in basis. Previews are provided "as is" and "as available," and they're excluded from the service-level agreements and limited warranty. Azure Kubernetes Service Edge Essentials previews are partially covered by customer support on a best-effort basis.
 

AKS-Hybrid/delete-cluster-pdb.md

@@ -9,17 +9,17 @@ ms.reviewer: leslielin
 
 ---
 
-# Can't fully remove workload cluster with PodDisruptionBudget (PDB) resources
+# Can't fully delete AKS Arc cluster with PodDisruptionBudget (PDB) resources
 
 [!INCLUDE [hci-applies-to-23h2](includes/hci-applies-to-23h2.md)]
 
-When you delete a workload cluster that has [PodDisruptionBudget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) (PDB) resources, the deletion might fail to remove the PDB resources. By default, PDB is installed in the Workload Identity-enabled AKS Arc cluster.
+When you delete an AKS Arc cluster that has [PodDisruptionBudget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) (PDB) resources, the deletion might fail to remove the PDB resources. By default, PDB is installed in the workload identity-enabled AKS Arc cluster.
 
 ## Workaround
 
-Before you delete the AKS Arc cluster, access the target cluster's **kubeconfig** and delete the PDB:
+Before you delete the AKS Arc cluster, access the AKS Arc cluster's **kubeconfig** and delete all PDBs:
 
-1. Access the target cluster:
+1. Access the AKS Arc cluster:
 
    ```azurecli
    az connectedk8s proxy -n $aks_cluster_name -g $resource_group_name 
@@ -31,13 +31,13 @@ Before you delete the AKS Arc cluster, access the target cluster's **kubeconfig*
    kubectl get pdb -A 
    ```
 
-1. Delete PDB:
+1. Delete all PDBs. Here's an example of deleting PDB generated from workload identity enablement:
 
     ```bash
     kubectl delete pdb azure-wi-webhook-controller-manager -n arc-workload-identity 
     ```
 
-1. Delete cluster:
+1. Delete the AKS Arc cluster:
 
     ```azurecli
     az aksarc delete -n $aks_cluster_name -g $resource_group_name