Sync release-aks-ee-feb with main

Sync release-aks-ee-feb with main

Author: sethmanheim

azure-local/manage/connect-arc-vm-using-ssh.md

@@ -5,7 +5,7 @@ author: alkohli
 ms.author: alkohli
 ms.topic: how-to
 ms.service: azure-local
-ms.date: 02/11/2025
+ms.date: 02/18/2025
 
 #customer intent: As a Senior Content Developer, I want to provide customers with the highest level of content for using disconneced operations to deploy and manage their Azure Local instances.
 ---
@@ -61,7 +61,7 @@ Before you begin, ensure that you:
    $resourceGroup="<your resource group>"
    $serverName = "<your server name>"
    $location = "<your location>"
-   $localUser = "Administrator" # Use a local admin account for testing        
+   $localUser = "<your username>" # Use a local admin account for testing        
    ```
 
    e. Install the `OpenSSH` Arc Extension:
@@ -107,7 +107,7 @@ Before you begin, ensure that you:
 
       :::image type="content" source="./media/connect-arc-vm-using-ssh/azure-portal-extensions-list-view-3.png" alt-text="Screenshot of Azure portal Extensions list view." lightbox="./media/connect-arc-vm-using-ssh/azure-portal-extensions-list-view-3.png":::
 
-## Use SSH to connect to Azure Local
+## Use SSH to connect to an Arc VM on Azure Local
 
 > [!NOTE]
 > You may be asked to allow Arc SSH to set up port 22 for SSH.
@@ -124,7 +124,7 @@ Use the following steps to connect to Azure Local.
 
    :::image type="content" source="./media/connect-arc-vm-using-ssh/server-connection-6.png" alt-text="Screenshot of server connection over SSH." lightbox="./media/connect-arc-vm-using-ssh/server-connection-6.png":::
 
-## Use RDP over SSH to connect to Azure Local
+## Use RDP over SSH to connect an Arc VM on Azure Local
 
 1. To sign into Azure Local using RDP over SSH, run the following command with the RDP parameter:
 

azure-local/manage/manage-security-post-upgrade.md

@@ -5,7 +5,7 @@ author: alkohli
 ms.author: alkohli
 ms.topic: how-to
 ms.service: azure-local
-ms.date: 02/03/2025
+ms.date: 02/18/2025
 ---
 
 # Manage security after upgrading Azure Local
@@ -41,31 +41,31 @@ Each of these steps is described in detail in the following sections.
 A new deployment of Azure Local introduces two baselines documents injected by the security management layer, while the upgraded cluster doesn't.
 
 > [!IMPORTANT]
-> After applying the security baseline documents, a new mechanism is used to apply and maintain the [Security baseline settings](https://aka.ms/hci-securitybase).
+> After you apply the security baseline documents, a new mechanism is used to apply and maintain [Security baseline settings](https://aka.ms/hci-securitybase).
 
 1. If your servers inherit baseline settings through mechanisms such as GPO, DSC, or scripts, we recommend that you:
 
     - Remove these duplicate settings from such mechanisms.
-    - Alternatively, after applying the security baseline, [Disable the drift control mechanism](./manage-secure-baseline.md).
+    - Alternatively, after you apply the security baseline, [Disable the drift control mechanism](./manage-secure-baseline.md).
 
-    The new security posture of your servers will combine the previous settings, the new settings, and the overlapping settings with updated values.
+    The new security posture of your servers combines previous settings, new settings, and overlapping settings with updated values.
 
     > [!NOTE]
-    > Microsoft tests and vaildates the Azure Local security settings. We strongly recommend that you keep these settings. Use of custom settings can potentially lead to system instability, incompatibility with the new product scenarios, and could require extensive testing and troubleshooting on your part.
+    > Microsoft tests and vaildates the Azure Local security settings. We strongly recommend that you keep these settings. Use of custom settings can potentially lead to system instability, incompatibility with new product scenarios, and could require extensive testing and troubleshooting on your part.
 
-1. When running the followign commands, you'll find the documents aren't in place. These cmdlets won't return any output.
+1. When running the following commands, you'll find the documents aren't in place. These cmdlets won't return any output.
 
-    ```powershell
-    Get-AzSSecuritySettingsConfiguration
-    Get-AzSSecuredCoreConfiguration
-    ```
+   ```powershell
+   Get-ASOSConfigSecuredCoreDoc
+   Get-ASOSConfigSecuritySettingsDoc
+   ```
 
 1. To enable the baselines, go to each of the nodes you upgraded. Run the following commands locally or remotely using a privileged administrator account:
 
-    ```powershell
-    Start-AzSSecuritySettingsConfiguration
-    Start-AzSSecuredCoreConfiguration
-    ```
+   ```powershell
+   Start-AzSSecuritySettingsConfiguration
+   Start-AzSSecuredCoreConfiguration
+   ```
 
 1. Reboot the nodes in a proper sequence for the new settings to become effective.
 
@@ -78,9 +78,9 @@ Get-AzSSecuritySettingsConfiguration
 Get-AzSSecuredCoreConfiguration
 ```
 
-You'll get an output for each cmdlet with the baseline information.
+You get an output for each cmdlet with baseline information.
 
-Here is an example of the baseline output:
+Here's an example of the baseline output:
 
 ```powershell
 OsConfiguration": {
@@ -108,7 +108,7 @@ If you need to enable BitLocker on any of your volumes, see [Manage BitLocker en
 
 Application control for business (formerly known as Windows Defender Application Control or WDAC) provides a great layer of defense against running untrusted code.
 
-After you upgrade your system, consider enabling Application Control. This can be disruptive if the necessary measures aren't taken for proper validation of existing third party software already existing on the servers.
+After you upgrade your system, consider enabling Application Control. This can be disruptive if the necessary measures aren't taken for proper validation of existing non-Microsoft software already existing on the servers.
 
 For new deployments, Application Control is enabled in *Enforced* mode (blocking nontrusted binaries), whereas for upgraded systems we recommend that you follow these steps:
 
@@ -118,7 +118,7 @@ For new deployments, Application Control is enabled in *Enforced* mode (blocking
 1. Repeat steps #2 and #3 as necessary until no further audit events are observed. Switch to *Enforced* mode.
 
     > [!WARNING]
-    > Failure to create the necessary AppControl policies to enable additional third party software will prevent that software from running.
+    > Failure to create the necessary AppControl policies to enable non-Microsoft software may prevent that software from running.
 
 For instructions to enable in *Enforced* mode, see [Manage Windows Defender Application Control for Azure Local](./manage-wdac.md#switch-application-control-policy-modes).
 

azure-local/manage/support-tools.md

@@ -4,7 +4,7 @@ description: This article provides guidance on the Support Diagnostic Tool for A
 author: alkohli
 ms.author: alkohli
 ms.topic: how-to
-ms.date: 01/16/2025
+ms.date: 02/18/2025
 ---
 
 # Use the Support Diagnostic Tool to troubleshoot Azure Local issues
@@ -235,7 +235,7 @@ Data collection done C:\temp\Azs.Support\XXXXXXX\SupportDataBundle-XX-XX_XX-XX-X
 ## Questions or Feedback?
 
 Do you have an issue? Would you like to share feedback with us about the Azure Local Support Diagnostic Tool?
-We Listen! To submit feedback, use the "contact owners" option inside PSGallery.
+We Listen! To submit feedback, contact [[email protected]](mailto:[email protected]).
 
 ## Next steps