Merge pull request #16402 from alkohli/secnu

Security improvements added to What's new

Author: prmerger-automator[bot]

azure-local/manage/manage-secure-baseline.md

@@ -44,6 +44,23 @@ The following table explains the rules that aren't compliant and the rationale o
 | Interactive logon: Message title for users attempting to log on| Not Compliant | Warning - "" is equal to "" |This must be defined by customer, it does not have drift control enabled.|
 | Minimum password length | Not Compliant | Critical - Seven is less than the minumum value of 14. | This must be defined by customer, it does not have drift control enabled in order to allow this setting to align with your organization's policies.|
 
+### Fixing the compliance for the rules
+
+To fix the compliance for the rules, run the following commands or use any other tool you prefer: 
+
+1. **Legal notice**: Create a custom value for legal notice depending on your organization's needs and policies. Run the following commands:
+
+    ```PowerShell
+    Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "LegalNoticeCaption" -Value "Legal Notice"
+    Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "LegalNoticeText" -Value "LegalNoticeText"
+    ```
+
+1. **Minimum password length**: Set the minimum password length policy to 14 characthers on the Azure Local machine. The default value is 7, and any value below 14 is still flagged by the monitoring baseline policy. Run the following commands:
+
+    ```PowerShell
+    net accounts /minpwlen:14
+    ```
+
 ## Manage security defaults with PowerShell
 
 With drift protection enabled, you can only modify nonprotected security settings. To modify protected security settings that form the baseline, you must first disable drift protection. To view and download the complete list of security settings, see [Security Baseline](https://aka.ms/hci-securitybase).

azure-local/whats-new.md

@@ -5,7 +5,7 @@ ms.topic: overview
 author: alkohli
 ms.author: alkohli
 ms.service: azure-stack-hci
-ms.date: 11/18/2024
+ms.date: 11/19/2024
 ---
 
 # What's new in Azure Local, version 23H2
@@ -48,6 +48,16 @@ This is a baseline release with the following features and improvements:
 
         For more information, see [Add a network interface on your Azure Local](./manage/manage-arc-virtual-machine-resources.md#add-a-network-interface).
 
+- **Security improvements** - Starting this release, the security posture of Azure Local is enhanced with the following improvements:
+
+  - **Security posture following Azure Local, version 22H2 to version 23H2 upgrade** - Warnings and guardrails were added in the upgrade flow. Documentation was also updated to reflect the security posture of Azure Local after upgrading from version 22H2 to version 23H2.
+  
+    For more information, see [Manage security after upgrading Azure Local from version 22H2 to version 23H2](./manage/manage-security-post-upgrade.md).
+
+  - **Improved security baseline compliance** - Starting this release, the security settings on the Azure Local nodes are compared against the security baseline with full accuracy. On the right secured-core hardware, you achieve a 99% compliance score, which you can view in the Azure portal.
+  
+    For more information, see [View security baseline compliance in the Azure portal](./manage/manage-secure-baseline.md#view-security-baseline-compliance-in-the-azure-portal).
+    
 - **AKS on Azure Local** - This release has several new features and enhancements for AKS on Azure Local. For more information, see [What's new in AKS on Azure Local](/azure/aks/hybrid/aks-whats-new-23h2).
 
 ## [2408 releases](#tab/2408releases)