Merge pull request #18194 from MicrosoftDocs/main

6/12/2025 PM Publish

Author: Taojunshen

AKS-Arc/TOC.yml

@@ -5,6 +5,8 @@
   items:
   - name: What is AKS enabled by Azure Arc?
     href: aks-overview.md
+  - name: Compare AKS across platforms
+    href: aks-platforms-compare.md 
   - name: Supported Kubernetes versions
     href: supported-kubernetes-versions.md  
   - name: Data collection

AKS-Arc/aks-platforms-compare.md

@@ -3,7 +3,7 @@ title: Monitor Kubernetes audit events in AKS enabled by Azure Arc
 description: Learn how to create a diagnostic setting to access Kubernetes audit logs.
 author: sethmanheim
 ms.topic: how-to
-ms.date: 05/08/2024
+ms.date: 06/12/2025
 ms.author: sethm 
 ms.lastreviewed: 02/26/2024
 ms.reviewer: guanghu
@@ -18,7 +18,7 @@ You can access Kubernetes audit logs in Kubernetes control plane logs. Control p
 
 ## Create a diagnostic setting
 
-Before creating the diagnostic setting, install the **Arc K8S** extension, which enables log collection from the AKS cluster.
+Before you create the diagnostic setting, install the **Arc K8S** extension, which enables log collection from the AKS cluster.
 
 Install the Arc K8S extension by running the following command:
 
@@ -56,4 +56,4 @@ az k8s-extension delete -g <resouerce-group-name> -c <cluster-name> --cluster-ty
 
 ## Next steps
 
-[Monitor Kubernetes object events](kubernetes-monitor-object-events.md)
+[Monitor Kubernetes object events](kubernetes-monitor-object-events.md)

AKS-Arc/kubernetes-monitor-audit-events.md

@@ -4,7 +4,7 @@ description: Learn how to use enhanced Azure management for Azure Local. This en
 ms.topic: article
 author: alkohli
 ms.author: alkohli
-ms.date: 05/12/2023
+ms.date: 06/10/2025
 ---
 
 # Enhanced management of Azure Local from Azure
@@ -30,7 +30,7 @@ The managed identity serves as an identity for the various components of your ma
 
     For more information, see [Monitor Azure Local with Azure Monitor Insights](./monitor-single-23h2.md).
 
-- **Protection of VM workloads via Azure Site Recovery** - You can protect your business critical VM workloads running on Azure Local by replicating the VMs using the Azure Site Recovery agent which is deployed as an Arc for Server extension. The Azure Local managed identity is used to download a key credential file from Azure. This file lets the agent know which service to talk to and which Recovery services vault to communicate with. This mechanism allows us to scope the access to the Recovery services vault to only the applicable Azure Local.
+- **Protection of VM workloads via Azure Site Recovery** - You can protect your business critical virtual machine (VM) workloads running on Azure Local by replicating the VMs using the Azure Site Recovery agent which is deployed as an Arc for Server extension. The Azure Local managed identity is used to download a key credential file from Azure. This file lets the agent know which service to talk to and which Recovery services vault to communicate with. This mechanism allows us to scope the access to the Recovery services vault to only the applicable Azure Local.
 
     The Arc for Server extension uses the system managed identity to download the key credential file to every machine of the system. If a new machine is added to your system, Azure Local automatically triggers the installation of Arc for Server extension for Azure Site Recovery on the new machine. In the absence of managed identity, this was previously a manual step that required you to install the agent to each machine that was added to the system.
 
@@ -43,7 +43,7 @@ With this feature enhancement, the following actions can be initiated from Azure
 
 ## Enable enhanced management
 
-To enable the enhanced management feature, you will need to install the latest cumulative update for Azure Local, version 22H2 and rerun registration for your system.
+To enable the enhanced management feature, you'll need to install the latest cumulative update for Azure Local, version 22H2 and rerun registration for your system.
 
 ## Prerequisites
 
@@ -73,15 +73,15 @@ For systems running version 22H2, to enable Azure management and managed identit
         Update-Module -Name Az.StackHCI
         ```
 
-1. Skip this step and go to the next step if your system is already registered. If your system has not been previously registered to Azure, [register your system with Azure](../deploy/register-with-azure.md). The registration process configures a managed identity and Azure Service Bus to enable the new management feature.
-1. If the system is already registered to Azure, rerun the registration. Use of `RepairRegistration` parameter will help configure a managed identity and Azure Service Bus while retaining other information such as resource name, resource group and other settings.
+1. Skip this step and go to the next step if your system is already registered. If your system hasn't been previously registered to Azure, [register your system with Azure](../deploy/register-with-azure.md). The registration process configures a managed identity and Azure Service Bus to enable the new management feature.
+1. If the system is already registered to Azure, rerun the registration. Use of the `RepairRegistration` parameter helps configure a managed identity and Azure Service Bus while retaining other information such as resource name, resource group, and other settings.
 
     ```powershell
     Register-AzStackHCI  -SubscriptionId "<subscription_ID>" -RepairRegistration
     ```
 
 > [!NOTE]
-> The registration fails if you use an older version, earlier than 1.4.1 for your `Az.StackHCI` PowerShell module. The updated module is backward compatible and will run on OS versions with or without the new feature update installed.
+> The registration fails if you use an older version, earlier than 1.4.1 for your `Az.StackHCI` PowerShell module. The updated module is backward compatible and runs on OS versions with or without the new feature update installed.
 
 
 ## Next steps

azure-local/manage/azure-enhanced-management-managed-identity.md

@@ -42,8 +42,6 @@ Trusted launch is a security type that can be specified when you create Azure Lo
 
 - VM live migration network traffic isn't encrypted. We strongly recommend that you enable a network layer encryption technology such as IPsec to protect live migration network traffic.
 
-<!--- VM live migration network traffic is not encrypted. We strongly recommend that you enable IPsec to protect live migration network traffic. For more information, see [Network Recommendations for a Hyper-V Cluster](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn550728(v=ws.11)#How_to_isolate_the_network_traffic_on_a_Hyper-V_cluster).-->
-
 ## Guest operating system images
 
 All Windows 11 images (excluding 24H2 Windows 11 SKUs) and Windows Server 2022 images from Azure Marketplace supported by Azure Local VMs are supported. See [Create Azure Local VM image using Azure Marketplace images](/azure-stack/hci/manage/virtual-machine-image-azure-marketplace?tabs=azurecli) for a list of all supported Windows 11 images.

azure-local/manage/trusted-launch-vm-overview.md

@@ -3,7 +3,7 @@ title: Migrate Hyper V VMs to Azure Local using Azure Migrate (preview)
 description: Learn about how to to migrate Windows and Linux VMs to your Azure Local instance using Azure Migrate  (preview).
 author: alkohli
 ms.topic: how-to
-ms.date: 10/31/2024
+ms.date: 06/12/2025
 ms.author: alkohli
 ms.reviewer: alkohli
 ms.custom: linux-related-content
@@ -21,8 +21,8 @@ This article describes how to migrate Hyper-V virtual machines (VMs) to Azure Lo
 
 Before you migrate your VMs:
 
-- Make sure that you have replicated the VM on your Azure Local instance. To replicate a VM, use the instructions in [Replicate Hyper-V VMs to Azure Local using Azure Migrate](migrate-hyperv-replicate.md).
-- Make sure the replication has completed and the migration status is **Ready to migrate**.
+- Make sure that you replicate the VM on your Azure Local instance. To replicate a VM, use the instructions in [Replicate Hyper-V VMs to Azure Local using Azure Migrate](migrate-hyperv-replicate.md).
+- Make sure the replication is completed and that the migration status is **Ready to migrate**.
 
 
 ## Migrate VMs
@@ -69,7 +69,7 @@ Once the migration is complete, the VMs are running on your Azure Local instance
 ## Verify and complete migration
 
 > [!IMPORTANT]
-> After verifying the status of the migrated VM, be sure to **complete migration** as detailed below. Failing to do so may lead to unexpected behavior.
+> After verifying the status of the migrated VM, be sure to **complete migration** as follows. Failing to do so may lead to unexpected behavior.
 
 1. In the Azure portal, go to your Azure Local resource, then select **Virtual machines**.
 1. In the list of VMs in the right-pane, verify that the VMs that you migrated are present.
@@ -98,19 +98,19 @@ Once the migration is complete, the VMs are running on your Azure Local instance
 
     :::image type="content" source="./media/migrate-azure-migrate/complete-migration-virtual-machine-3.png" alt-text="Screenshot of confirmation to complete migration in Azure portal."lightbox="./media/migrate-azure-migrate/complete-migration-virtual-machine-3.png":::
 
-    The **Complete migrate** action starts the **Delete protected item** job that you can track from the  **Jobs**  page. This job will only clean up the replication by deleting the delete protected item job - this will not affect your migrated VM.  
+    The **Complete migrate** action starts the **Delete protected item** job that you can track from the  **Jobs**  page. This job only cleans up the replication by deleting the delete protected item job - this won't affect your migrated VM.  
 
     :::image type="content" source="./media/migrate-azure-migrate/complete-migration-virtual-machine-4.png" alt-text="Screenshot of Jobs page with deletion job selected in Azure portal."lightbox="./media/migrate-azure-migrate/complete-migration-virtual-machine-4.png":::
 
-    Completing the migration or deleting the protected item will automatically remove any leftover seed files, such as the seed.iso file attached to the migrated VM and seed disks used during replication. These files can occupy significant space on the target Azure Local system, so it's important to finalize the migration after verifying the VMs. If migrations are not completed, these files will continue to occupy space on the target system.
+    Completing the migration or deleting the protected item will automatically remove any leftover seed files, such as the seed.iso file attached to the migrated VM and seed disks used during replication. These files can occupy significant space on the target Azure Local system, so it's important to finalize the migration after verifying the VMs. If migrations aren't completed, these files continue to occupy space on the target system.
 
-    After the migrate resource is deleted, it is also removed from the **Replications** view. You'll also see the migrated VM job disappear from the **Replications** view.
+    After the migrate resource is deleted, it's also removed from the **Replications** view. You also see the migrated VM job disappear from the **Replications** view.
 
     :::image type="content" source="./media/migrate-azure-migrate/complete-migration-virtual-machine-5.png" alt-text="Screenshot of Replications page with VM not showing in the list in Azure portal."lightbox="./media/migrate-azure-migrate/complete-migration-virtual-machine-5.png":::
 
 ## Clean up
 
-Once you have verified that migration is complete and no more machines need to be migrated, the last step is to clean up. Cleanup requires deletion of the following resources created during migration:
+Once you verify that migration is complete and no more machines need to be migrated, the last step is to clean up. Cleanup requires deletion of the following resources created during migration:
 
 - Source VMs and the associated VM disks from the Hyper-V server and the Failover Cluster Manager.
 - Source and target appliance VMs.

azure-local/media/release-information-23h2/release-trains-supported-update-paths.png

@@ -77,7 +77,6 @@ Customers often choose Azure Local in the following scenarios.
 | Highly performant SQL Server | Azure Local provides an additional layer of resiliency to highly available, mission-critical Always On availability groups-based deployments of SQL Server. This approach also offers extra benefits associated with the single-vendor approach, including simplified support and performance optimizations built into the underlying platform. To learn more, see [Deploy SQL Server on Azure Local](./deploy/sql-server-23h2.md). |
 | Trusted enterprise virtualization | Azure Local satisfies the trusted enterprise virtualization requirements through its built-in support for Virtualization-based Security (VBS). VBS relies on Hyper-V to implement the mechanism referred to as virtual secure mode, which forms a dedicated, isolated memory region within its guest VMs. By using programming techniques, it's possible to perform designated, security-sensitive operations in this dedicated memory region while blocking access to it from the host OS. This considerably limits potential vulnerability to kernel-based exploits. To learn more, see [About Trusted Launch for Azure Local VMs enabled by Arc](./manage/trusted-launch-vm-overview.md). |
 | Scale-out storage | Storage Spaces Direct is a core technology of Azure Local that uses industry-standard servers with locally attached drives to offer high availability, performance, and scalability. Using Storage Spaces Direct results in significant cost reductions compared with competing offers based on storage area network (SAN) or network-attached storage (NAS) technologies. These benefits result from an innovative design and a wide range of enhancements, such as persistent read/write cache drives, mirror-accelerated parity, nested resiliency, and deduplication. |
-| Disaster recovery for virtualized workloads | A stretched cluster of Azure Local (functionality only available in Azure Stack HCI OS, version 22H2) provides automatic failover of virtualized workloads to a secondary site following a primary site failure. Synchronous replication ensures crash consistency of VM disks. |
 | Data center consolidation and modernization | Refreshing and consolidating aging virtualization hosts with Azure Local can improve scalability and make your environment easier to manage and secure. It's also an opportunity to retire legacy SAN storage to reduce footprint and total cost of ownership. Operations and systems administration are simplified with unified tools and interfaces and a single point of support. |
 | Branch office and edge | For branch office and edge workloads, you can minimize infrastructure costs by deploying two-node clusters with inexpensive witness options, such as a cloud witness. Another factor that contributes to the lower cost of two-node clusters is support for switchless networking, which relies on crossover cable between cluster nodes instead of more expensive high-speed switches. Customers can also centrally view remote Azure Local deployments in the Azure portal. To learn more, see [Deploy branch office and edge on Azure Local](deploy/branch-office-edge.md). |
 

azure-local/migrate/migrate-azure-migrate.md

@@ -123,11 +123,10 @@ This release has the following features and improvements:
 
     The following preview features aren't supported for Azure Local in Azure Government cloud:
 
-    - [Azure Arc Gateway](./deploy/deployment-azure-arc-gateway-overview.md).
-    - [Deploy using local identity with Key Vault](./deploy/deployment-local-identity-with-key-vault.md).
-    - [Azure Site Recovery](./manage/azure-site-recovery.md).
-    - [Windows Admin Center in Azure portal](/windows-server/manage/windows-admin-center/azure/manage-vm).
-<!--- [Azure Backup](/backup/back-up-azure-stack-hyperconverged-infrastructure-virtual-machines).-->
+  - [Azure Arc Gateway](./deploy/deployment-azure-arc-gateway-overview.md).
+  - [Deploy using local identity with Key Vault](./deploy/deployment-local-identity-with-key-vault.md).
+  - [Azure Site Recovery](./manage/azure-site-recovery.md).
+  - [Windows Admin Center in Azure portal](/windows-server/manage/windows-admin-center/azure/manage-vm).
 
 - **Registration and deployment changes**
   - **Extension installation**: Extensions are no longer installed during the registration of Azure Local machines. Instead, the extensions are installed in the machine validation step during the Azure Local instance deployment. For more information, see [Register with Azure Arc via console](./deploy/deployment-arc-register-server-permissions.md) and [Deploy via Azure portal](./deploy/deploy-via-portal.md).

azure-local/overview.md

@@ -4,7 +4,7 @@ description: Learn about capacity planning for Azure Site Recovery.
 author: ronmiab
 ms.author: robess
 ms.topic: conceptual
-ms.date: 08/12/2024
+ms.date: 06/10/2025
 ms.reviewer: rtiberiu
 ms.lastreviewed: 04/15/2024
 ---
@@ -79,7 +79,7 @@ The target environment requires one Azure Site Recovery vault to be created for
 Installation of Azure Site Recovery on Azure Stack Hub requires that you install the Site Recovery Resource Provider (RP).
 
 > [!NOTE]
-> With Microsoft.SiteRecovery-1.2301.2216.2287, Azure Site Recovery on Azure Stack Hub does not require Event Hubs as a dependency.
+> With Microsoft.SiteRecovery-1.2301.2216.2287, Azure Site Recovery on Azure Stack Hub doesn't require Event Hubs as a dependency.
 
 :::image type="content" source="../operator/media/azure-site-recovery/capacity-planning/three-services.png" alt-text="Screenshot of the three services to install Azure Site Recovery on Azure Stack Hub."lightbox="media/azure-site-recovery/capacity-planning/three-services.png":::
 
@@ -117,7 +117,7 @@ When creating the BCDR plan, consider all aspects of the protected workloads. Th
 
 For the scope of Azure Site Recovery on Azure Stack Hub, here's a starting point for calculations, especially for the cache storage account used:
 
-1. If there's a failover, during normal operations, multiply the number of disks replicated by the average RPO. For example, you might have (2MB * 250s). The cache storage account is normally a few KB to 500 MB per disk.
+1. If there's a failover, during normal operations, multiply the number of disks replicated by the average RPO. For example, you might have (2 MB * 250 s). The cache storage account is normally a few KB to 500 MB per disk.
 
 2. If there's a failover, given a worst case scenario, multiply the number of disks replicated by the average RPO over a full day.
 
@@ -151,11 +151,11 @@ The following table is an example of tests run in our environments. You can use
 |16                       |32 MB/s         |4096     |                                   |
 
 > [!NOTE]
-> 8Kb is the smallest block size of data Azure Site Recovery supports. Any changes less than 8Kb are treated as 8Kb.
+> 8 Kb is the smallest block size of data Azure Site Recovery supports. Any changes less than 8 Kb are treated as 8 Kb.
 
 To test further, we generated a consistent type of workload; for example, consistent storage changes in blocks of 8 Kb that total up to 1 MB/s per disk. This scenario isn't likely in a real workload, given that changes can happen at various times of the day, or in spikes of various sizes.
 
-To replicate these random patterns, we've also tested scenarios with:
+To replicate these random patterns, we also tested scenarios with:
 
 - 120 VMs (80 Windows, 40 Linux) protected through the same Azure Site Recovery VM appliance.
   - Each VM generating at random intervals, at least twice per hour, random blocks totaling 5 Gb of data across five files.