Merge pull request #15906 from MicrosoftDocs/main

9/24/2024 AM Publish

Author: Taojunshen

azure-stack/asdk/media/asdk-register/admin1.png

@@ -130,9 +130,6 @@ With all the prerequisite and preparation steps complete, you're ready to deploy
 
     :::image type="content" source="./media/deployment-azure-resource-manager-template/deploy-arm-template-5.png" alt-text="Screenshot showing parameters filled out for the template." lightbox="./media/deployment-azure-resource-manager-template/deploy-arm-template-5.png":::
 
-    > [!TIP]
-    > [Download a sample parameters file](https://databoxupdatepackages.blob.core.windows.net/documentation/EXAMPLE-cl-Parameters-2Node-Switchless-Compute_Management_withAdapterOverride.json) to understand the format in which you must provide the inputs.
-
 1. Select the appropriate resource group for your environment.
 
 1. Scroll to the bottom, and confirm that **Deployment Mode = Validate**.

azure-stack/asdk/media/asdk-register/admin1sm.png

@@ -49,7 +49,3 @@ Here are the known issues that have carried over from the previous releases in A
 |10|Security |In this release, when you run `Get-AsWDACPolicy` cmdlet on a two-node Azure Stack HCI cluster, the cmdlet returns `Unable to determine` as opposed to an integer (0, 1 or 2). |The `Get-ASWDACPolicyMode` cmdlet fetches information related to WDAC policy from the CodeIntegrity events and is unable to get the information as the CodeIntegrity event logs are flushed with 3114 events. <br> A workaround is provided in the output of the cmdlet that instructs you to run `Invoke-RefreshWDACPolicyTool` to refresh the policy on the nodes to generate new CodeIntegrity events.|
 |11|Azure Arc|After update, the Azure Stack HCI cluster servers show as not registered with Azure Arc.|To mitigate this issue, follow these steps: <br> 1. *Azcmamnet.exe* connect on each **Not registered** server <br>2. Register the servers again. Run this cmdlet on each server that isn't registered: <br>`Register-AzStackHCI`   |
 |12|Arc Resource Bridge  |In this release, a custom location isn't created during Arc Resource Bridge deployment.|This issue is seen in switchless configurations only.|
-
-## Next steps
-
-- Read the [Deployment and management guide](https://databoxupdatepackages.blob.core.windows.net/documentation/AzureStackHCI-22H2-Supplemental-Package-deployment-and-management-guide.pdf).

azure-stack/hci/deploy/deployment-azure-resource-manager-template.md

@@ -50,7 +50,3 @@ Here are the known issues that have carried over from the previous releases in A
 |11|Azure Arc|After update, the Azure Stack HCI cluster servers show as not registered with Azure Arc.|To mitigate this issue, follow these steps: <br> 1. *Azcmamnet.exe* connect on each **Not registered** server <br>2. Register the servers again. Run this cmdlet on each server that isn't registered: <br>`Register-AzStackHCI`   |
 |12|Arc Resource Bridge  |In this release, a custom location isn't created during Arc Resource Bridge deployment.|This issue is seen in switchless configurations only.|
 |13|Update |The update may fail at the ‘UpdateOtherAgent’ step if the remote support agent’s Cluster discovery cache file becomes corrupt due to an unclean shutdown of the service. |Delete the Cluster discovery file on all failed nodes from <br> C:\programdata\Microsoft\AzureStack\RemoteSupport\Cluster\ClusterDiscoveryState. <br><br> Restart the agent with this command:<br>`Start-Service -Name "AzureStack Observability RemoteSupportAgent"`|
-
-## Next steps
-
-- Read the [Deployment and management guide](https://databoxupdatepackages.blob.core.windows.net/documentation/AzureStackHCI-22H2-Supplemental-Package-deployment-and-management-guide.pdf).

azure-stack/hci/deploy/media/azure-verification/legacy-support.png

@@ -52,7 +52,3 @@ Here are the known issues that have carried over from the previous releases in A
 |7|Environment Checker| If SSL inspection is turned on in your Azure Stack HCI system, the connectivity validator fails with the certificate validation error message.  | For information about the error and how to troubleshoot it, see [Potential failure scenario for connectivity validator](./manage/use-environment-checker.md#potential-failure-scenario-for-connectivity-validator).|
 |8|Diagnostics | Deployment was configured with **Diagnostic data** set to ON in the deployment tool. However during the deployment and after the deployment is complete, the diagnostic data isn't collected.|You can run the `Send-DiagnosticsData`command on Azure Stack HCI cluster node to collect diagnostic logs. |
 |9|Host networking |Defining overrides for Network ATC intents fail due to Constrained Language mode. |Make sure to configure overrides to default values during the network intent creation. After your cluster is deployed, you can create a network intent that uses a customized value for the property. <br><br> If the cluster is in Windows Defender Application Control (WDAC) enforcement mode, switch the node from where you set the override in `Audit` mode. To switch the local node to audit, run the following command: <br> `Enable-ASLocalWDACPolicy -Mode Audit` <br>For more information, see [Enable WDAC policy modes](./concepts/security-windows-defender-application-control.md#enable-wdac-policy-modes). <br/><br>You can now modify an existing compute intent with a customized value for any object property. For example, to modify a compute intent on adapters that use `JumboPacket` property as **9014**, run the following commands:<br/><br> `$adapterOverrides = New-NetIntentAdapterPropertyOverrides`<br><br>`$adapterOverrides.JumboPacket = 9014`<br><br>`Set-NetIntent -Name ExistingIntentName -AdapterPropertyOverrides $adapterOverrides`<br> |
-
-## Next steps
-
-- Read the [Deployment and management guide](https://databoxupdatepackages.blob.core.windows.net/documentation/AzureStackHCI-22H2-Supplemental-Package-deployment-and-management-guide.pdf).

azure-stack/hci/hci-known-issues-2306-5.md

@@ -122,20 +122,21 @@ The following cmdlet properties are for the *AzureStackOSConfigAgent* module. Th
 - `Enable-AzsSecurity`   -Scope <Local | Cluster>
 - `Disable-AzsSecurity`  -Scope <Local | Cluster>
   - **FeatureName** - <CredentialGuard | DriftControl | DRTM | HVCI | SideChannelMitigation | SMBEncryption | SMBSigning | VBS>
-    - Credential Guard
     - Drift Control
+    - Credential Guard
     - VBS (Virtualization Based Security)- We only support enable command.
     - DRTM (Dynamic Root of Trust for Measurement)
     - HVCI (Hypervisor Enforced if Code Integrity)
     - Side Channel Mitigation
-    - SMB Encryption
     - SMB Signing
+    - SMB Cluster encryption
 
 The following table documents supported security features, whether they support drift control, and whether a reboot is required to implement the feature.
 
 |Name |Feature |Supports drift control |Reboot required |
 |-----|--------|-----------------------|----------------|
 |Enable <br> |Virtualization Based Security (VBS) |Yes   |Yes |
+|Enable <br> |Credential Guard |Yes   |Yes |
 |Enable <br> Disable |Dynamic Root of Trust for Measurement (DRTM) |Yes |Yes |
 |Enable <br> Disable |Hypervisor-protected Code Integrity (HVCI) |Yes |Yes |
 |Enable <br> Disable |Side channel mitigation |Yes |Yes |