Merging changes synced from https://github.com/MicrosoftDocs/azure-stack-docs-pr (branch live)

Author: Learn Build Service GitHub App

azure-local/concepts/security-features.md

@@ -5,7 +5,7 @@ author: alkohli
 ms.author: alkohli
 ms.topic: conceptual
 ms.service: azure-local
-ms.date: 02/26/2025
+ms.date: 03/04/2025
 ---
 
 # Security features for Azure Local
@@ -158,11 +158,11 @@ For more information, see [Manage syslog forwarding](../manage/manage-syslog-for
 
 Azure Local comes with Microsoft Defender Antivirus enabled and configured by default. We strongly recommend that you use Microsoft Defender Antivirus with your Azure Local instances. Microsoft Defender Antivirus provides real-time protection, cloud-delivered protection, and automatic sample submission.
 
-Although we recommend using Microsoft Defender Antivirus for Azure Local, if you prefer third-party antivirus and security software, **we advise selecting one that your Independent Software Vendor (ISV) has validated for Azure Local** to minimize potential functionality issues.
+Although we recommend using Microsoft Defender Antivirus for Azure Local, if you prefer non-Microsoft antivirus and security software, **we advise selecting one that your Independent Software Vendor (ISV) has validated for Azure Local** to minimize potential functionality issues.
 
 For more information, see [Microsoft Defender Antivirus compatibility with other security products](/defender-endpoint/microsoft-defender-antivirus-compatibility).
 
-In the rare instance that you experience any functionality issues with Azure Local using a third-party antivirus software, you can exclude the following paths:
+In the rare instance that you experience any functionality issues with Azure Local using non-Microsoft antivirus software, you can exclude the following paths:
 
 - C:\Agents\\*
 - C:\CloudContent\\*
@@ -183,7 +183,10 @@ Microsoft Defender for Cloud is a security posture management solution with ad
 
 With the basic Defender for Cloud plan, you get recommendations on how to improve the security posture of your Azure Local system at no extra cost. With the paid Defender for Servers plan, you get enhanced security features including security alerts for individual machines and Arc VMs.
 
-For more information, see [Manage system security with Microsoft Defender for Cloud (preview)](../manage/manage-security-with-defender-for-cloud.md).
+For more information, see:
+
+- [Manage system security with Microsoft Defender for Cloud (preview)](../manage/manage-security-with-defender-for-cloud.md).
+- [Microsoft Defender Antivirus and non-Microsoft antivirus solutions without Defender for Endpoint](/defender-endpoint/defender-antivirus-compatibility-without-mde).
 
 ## Next steps
 

azure-local/concepts/system-requirements-23h2.md

@@ -6,7 +6,7 @@ ms.author: alkohli
 ms.topic: how-to
 ms.service: azure-local
 ms.custom: references_regions
-ms.date: 02/21/2025
+ms.date: 02/14/2025
 ---
 
 # System requirements for Azure Local
@@ -41,6 +41,8 @@ Here are the Azure requirements for your Azure Local instance:
    - Japan East
    - South Central US
 
+- **Azure Key Vault**: Make sure to enable public network access when you set up a key vault. This setting allows Azure Local instances to connect to the key vault without any access issues.
+
 ## Machine and storage requirements
 
 Before you begin, make sure that the physical machine and storage hardware used to deploy Azure Local meets the following requirements:

azure-local/deploy/deployment-arc-register-local-ui.md

@@ -5,7 +5,7 @@ ms.topic: article
 author: alkohli
 ms.author: alkohli
 ms.service: azure-local
-ms.date: 02/20/2025
+ms.date: 03/03/2025
 ---
 
 # Register your Azure Local machines via the local UI (preview)
@@ -165,6 +165,9 @@ Follow these steps to configure the network settings and connect the machines to
 
    :::image type="content" source="media/deployment-arc-register-local-ui/setup-configuration-open-in-azure-portal.png" alt-text="Screenshot that shows the Azure Arc agent setup configuration status, open in Azure portal option for Azure Local ." lightbox="media/deployment-arc-register-local-ui/setup-configuration-open-in-azure-portal.png":::
 
+> [!NOTE]
+> Once an Azure Local machine is registered with Azure Arc, the only way to undo the registration is to install the operating system again on the machine.
+
 ## Step 2: Verify machines are connected to Arc
 
 1. In the Azure portal, go to the resource group for bootstrapping.

azure-local/deploy/deployment-arc-register-server-permissions.md

@@ -57,38 +57,6 @@ Before you begin, make sure you've completed the following prerequisites:
 > [!IMPORTANT]
 > Run these steps as a local administrator on every Azure Local machine that you intend to cluster.
 
-<!-- 1. Install the [Arc registration script](https://www.powershellgallery.com/packages/AzSHCI.ARCInstaller) from PSGallery. **This step is only required if you're using an OS ISO that's older than 2408**. For more information, see [What's new in 2408](../whats-new.md#features-and-improvements-in-2408).
-
-    # [PowerShell](#tab/powershell)
-    ```powershell
-    #Register PSGallery as a trusted repo
-    Register-PSRepository -Default -InstallationPolicy Trusted
-
-    #Install required PowerShell modules in your machine for registration
-    Install-Module Az.Accounts -RequiredVersion 3.0.0
-    Install-Module Az.Resources -RequiredVersion 6.12.0
-    Install-Module Az.ConnectedMachine -RequiredVersion 0.8.0
-    
-
-    #Install Arc registration script from PSGallery 
-    Install-Module AzsHCI.ARCinstaller
-    ```
-    # [Output](#tab/output)
-    Here's a sample output of the installation:
-
-    ```output
-    PS C:\Users\SetupUser> Install-Module Az.Accounts -RequiredVersion 3.0.0
-    PS C:\Users\SetupUser> Install-Module Az.Resources -RequiredVersion 6.12.0
-    PS C:\Users\SetupUser> Install-Module Az.ConnectedMachine -RequiredVersion 0.8.0
-    PS C:\Users\SetupUser> Install-Module -Name AzSHCI.ARCInstaller                                           
-    NuGet provider is required to continue                                                                                   
-    PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet  provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or
-    'C:\Users\SetupUser\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by
-    running 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install
-    and import the NuGet provider now?
-    [Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y
-    PS C:\Users\SetupUser>
-    ``` -->
 
 1. Set the parameters. The script takes in the following parameters:
 
@@ -226,6 +194,11 @@ Before you begin, make sure you've completed the following prerequisites:
 
         :::image type="content" source="media/deployment-arc-register-server-permissions/mandatory-extensions-installed-registered-servers.png" alt-text="Screenshot of the Azure Local registered machines with mandatory extensions installed." lightbox="./media/deployment-arc-register-server-permissions/mandatory-extensions-installed-registered-servers.png":::
 
+> [!NOTE]
+> Once an Azure Local machine is registered with Azure Arc, the only way to undo the registration is to install the operating system again on the machine.
+
+
+
 ## Assign required permissions for deployment
 
 This section describes how to assign Azure permissions for deployment from the Azure portal.

azure-local/deploy/deployment-prerequisites.md

@@ -17,20 +17,19 @@ This article discusses the security, software, hardware, and networking prerequi
 
 ## Review requirements and complete prerequisites
 
-| Requirements                  | Links                                                                                           |
-|-------------------------------|-------------------------------------------------------------------------------------------------|
-| Security features             | [Link](../concepts/security-features.md)         |
-| Environment readiness         | [Link](../manage/use-environment-checker.md)      |
-| System requirements           | [Link](../concepts/system-requirements-23h2.md)      |
-| Firewall requirements         | [Link](../concepts//firewall-requirements.md)         |
+| Requirements | Links |
+|--|--|
+| Security features | [Link](../concepts/security-features.md) |
+| Environment readiness | [Link](../manage/use-environment-checker.md) |
+| System requirements | [Link](../concepts/system-requirements-23h2.md) |
+| Firewall requirements | [Link](../concepts//firewall-requirements.md) |
 | Physical network requirements | [Link](../concepts//physical-network-requirements.md) |
-| Host network requirements     | [Link](../concepts/host-network-requirements.md)    |
+| Host network requirements | [Link](../concepts/host-network-requirements.md) |
 
 ## Complete deployment checklist
 
 Use the following checklist to gather the required information ahead of the actual deployment of your Azure Local instance.
 
-
 |Component|What is needed|
 |--|--|
 |Machine names|Unique name for each machine you wish to deploy.|
@@ -44,10 +43,9 @@ Use the following checklist to gather the required information ahead of the actu
 |Custom location|(Optional) A name for the custom location created for your system. This name is used for Azure Arc VM management. <br> For more information, see the **Specify management settings** page in [Deploy via Azure portal](./deploy-via-portal.md#specify-management-settings).|
 |Azure subscription ID|ID for the Azure subscription used to register the system. Make sure that you are a user access administrator and a contributor on this subscription. This will allow you to manage access to Azure resources, specifically to Arc-enable each machine of an Azure Local instance. For more information, see [Assign Azure permissions for deployment](./deployment-arc-register-server-permissions.md#assign-required-permissions-for-deployment)|
 |Azure Storage account|For two-node systems, a witness is required. For a cloud witness, an [Azure Storage account](/azure/storage/common/storage-account-create) is needed. In this release, you cannot use the same storage account for multiple systems. For more information, see **Specify management settings** in [Deploy via Azure portal](./deploy-via-portal.md#specify-management-settings). <br> For naming conventions, see [Azure Storage account names](/azure/storage/common/storage-account-overview#storage-account-name).|
-|Azure Key Vault|A key vault is required to securely store secrets for this system, such as cryptographic keys, local admin credentials, and BitLocker recovery keys. For more information, see **Basics** in [Deploy via Azure portal](./deploy-via-portal.md#start-the-wizard-and-fill-out-the-basics). <br> For naming convention, see [Azure Key Vault names](/azure/key-vault/general/about-keys-secrets-certificates#object-identifiers).|
+|Azure Key Vault|A key vault is required to securely store secrets for this system, such as cryptographic keys, local admin credentials, and BitLocker recovery keys. For requirements, see **Azure Key Vault** in [Azure requirements](../concepts/system-requirements-23h2.md#azure-requirements). For creating a key vault during deployment, see **Basics** in [Deploy via Azure portal](./deploy-via-portal.md#start-the-wizard-and-fill-out-the-basics). <br> For naming conventions, see [Azure Key Vault names](/azure/key-vault/general/about-keys-secrets-certificates#object-identifiers).|
 |Outbound connectivity| Run the [Environment checker](../manage/use-environment-checker.md) to ensure that your environment meets the outbound network connectivity requirements for firewall rules.|
 
-
 ## Next steps
 
 - Prepare your [Active Directory](./deployment-prep-active-directory.md) environment.

azure-local/faq.yml

@@ -123,6 +123,10 @@ sections:
           ------                         ----------------
           Microsoft Azure Stack HCI      23H2
           ```
+      - question: Is it possible to unregister an Azure Local machine with Azure Arc once it is registered?
+        answer: |
+          No. You can't undo the registration once you've registered the Azure Local machine with Azure Arc. To undo, you'll need to install the operating system again on the machine.        
+      
       - question: How long is Azure Local, version 22H2 supported?
         answer: |
             Azure Stack HCI, version 22H2 will reach end of support on May 31, 2025. After this date, you won't receive monthly security and quality updates. Support requests (SR) will only be available when performing an operating system upgrade. To continue receiving updates, we recommend that you upgrade your operating system to [version 23H2](./upgrade/upgrade-22h2-to-23h2-powershell.md).