Merge pull request #17746 from MicrosoftDocs/main

Taojunshen · web-flow · commit 5f1a8c1963e0 · 2025-04-24T06:01:21.000+08:00
4/23/2025 PM Publish
diff --git a/AKS-Arc/aks-hci-network-system-requirements.md b/AKS-Arc/aks-hci-network-system-requirements.md
@@ -2,7 +2,7 @@
 title: AKS enabled by Azure Arc network requirements
 description: Learn about AKS network prerequisites.
 ms.topic: overview
-ms.date: 11/19/2024
+ms.date: 04/23/2025
 author: sethmanheim
 ms.author: sethm
 ms.reviewer: abha
@@ -64,6 +64,9 @@ Regardless of the option you choose, you must ensure that the IP addresses alloc
 
 Proxy settings in AKS are inherited from the underlying infrastructure system. The functionality to set individual proxy settings for Kubernetes clusters and change proxy settings isn't supported yet. For more information on how to set proxy correctly, see [proxy requirements for Azure Local](/azure/azure-local/manage/configure-proxy-settings-23h2).
 
+> [!WARNING]
+> You cannot update incorrect proxy settings after you deploy Azure Local. If the proxy is misconfigured, you must redeploy Azure Local.
+
 ## Firewall URL exceptions
 
 Firewall requirements for AKS have been consolidated with Azure Local firewall requirements. See [Azure Local firewall requirements](/azure/azure-local/concepts/firewall-requirements) for list of URLs that need to be allowed to successfully deploy AKS.
diff --git a/azure-local/deploy/download-23h2-software.md b/azure-local/deploy/download-23h2-software.md
@@ -5,10 +5,10 @@ author: alkohli
 ms.author: alkohli
 ms.topic: how-to
 ms.service: azure-local
-ms.date: 04/21/2025
+ms.date: 04/23/2025
 ---
 
-# Download version 23H2 operating system for Azure Local deployment
+# Download operating system for Azure Local deployment
 
 [!INCLUDE [hci-applies-to-23h2](../includes/hci-applies-to-23h2.md)]
 
@@ -27,6 +27,7 @@ Before you begin the download of the software from Azure portal, ensure that you
    - [Pay-as-you-go](https://azure.microsoft.com/pricing/purchase-options/pay-as-you-go/) subscription with credit card.
    - Subscription obtained through an Enterprise Agreement (EA).
    - Subscription obtained through the Cloud Solution Provider (CSP) program.
+   - At a minimum, you'll need **Reader** access at the subscription level.
 
 - Register the Microsoft Azure Stack HCI resource provider. For more information, see [Register your machines and assign permissions for Azure Local deployment](deployment-arc-register-server-permissions.md).
 
diff --git a/azure-local/manage/manage-secrets-rotation.md b/azure-local/manage/manage-secrets-rotation.md
@@ -4,7 +4,7 @@ description: This article describes how to manage internal secret rotation on Az
 author:  alkohli
 ms.author:  alkohli
 ms.topic: how-to
-ms.date: 02/11/2025
+ms.date: 04/09/2025
 ms.service: azure-local
 ---
 
@@ -89,9 +89,9 @@ This section describes how you can change the storage account key for the cluste
     Set-ECEServiceSecret -ContainerName WitnessCredential -Credential $WitnessCred
     ```
 
-## Revoke SAS token for storage account used for Arc VM images
+## Revoke SAS token for storage account used for Azure Local VM images
 
-This section describes how you can revoke the Shared Access Signature (SAS) token for the storage account used for Arc VM images.
+This section describes how you can revoke the Shared Access Signature (SAS) token for the storage account used for images used by Azure Local VMs enabled by Arc.
 
 | SAS policy   | SAS expired?    | Steps to revoke   |
 |---------|---------|---------|
diff --git a/azure-local/manage/manage-security-with-defender-for-cloud.md b/azure-local/manage/manage-security-with-defender-for-cloud.md
@@ -4,7 +4,7 @@ description: This article describes how to use Microsoft Defender for Cloud to s
 author: alkohli
 ms.author: alkohli
 ms.topic: how-to
-ms.date: 02/04/2025
+ms.date: 04/09/2025
 ms.service: azure-local
 ---
 
@@ -32,15 +32,15 @@ Before you begin, make sure that the following prerequisites are completed:
 Follow these steps to enable Defender for Cloud for Azure Local.
 
 - Step 1: Turn on Foundational CSPM.
-- Step 2: Turn on Defender for Servers for individual machines and Arc VMs.
+- Step 2: Turn on Defender for Servers for individual machines and Azure Local VMs enabled by Arc.
 
 ### Step 1: Turn on Foundational CSPM
 
 This step turns on the basic Defender for Cloud plan—at no extra cost. This plan lets you monitor and identify the steps that you can take to secure Azure Local, along with other Azure and Arc resources. For instructions, see [Enable Defender for Cloud on your Azure subscription](/azure/defender-for-cloud/connect-azure-subscription#enable-defender-for-cloud-on-your-azure-subscription).
 
-### Step 2: Turn on Defender for Servers for individual machines and Arc VMs
+### Step 2: Turn on Defender for Servers for individual machines and Azure Local VMs
 
-This step gets you enhanced security features including security alerts for individual machines and Arc VMs.
+This step gets you enhanced security features including security alerts for individual machines and VMs.
 
 To do so, follow all the instructions in the [Enable the Defender for Servers plan](/azure/defender-for-cloud/tutorial-enable-servers-plan#enable-the-defender-for-servers-plan) section, which includes:
 
@@ -100,17 +100,17 @@ After you've [enabled Defender for Cloud for Azure Local](#enable-defender-for-c
 
    To learn more about the security recommendations specific to Azure Local, refer to the [Azure compute recommendations](/azure/defender-for-cloud/recommendations-reference-compute#azure-compute-recommendations) section in the [Compute security recommendations](/azure/defender-for-cloud/recommendations-reference-compute) article.
 
-## Monitor servers and Arc VMs
+## Monitor servers and Azure Local VMs
 
-Go to the Microsoft Defender for Cloud portal to monitor alerts for individual servers and Arc VMs running on Azure Local. You can utilize the regulatory compliance and attack path analysis features, among other enhanced security features.
+Go to the Microsoft Defender for Cloud portal to monitor alerts for individual servers and VMs running on Azure Local. You can utilize the regulatory compliance and attack path analysis features, among other enhanced security features.
 
-Follow these steps to access the Microsoft Defender for Cloud portal's pages to monitor individual servers and Arc VMs:
+Follow these steps to access the Microsoft Defender for Cloud portal's pages to monitor individual servers and VMs:
 
 1. Sign into the Azure portal, and search for and select **Microsoft Defender for Cloud**.
 
    :::image type="content" source="./media/manage-security-with-defender-for-cloud/access-defender-for-cloud.png" alt-text="Screenshot that shows how to search for Defender for Cloud in the Azure portal." lightbox="./media/manage-security-with-defender-for-cloud/access-defender-for-cloud.png" :::
 
-1. The **Overview** page of the Microsoft Defender for Cloud portal shows the overall security posture of your environment. From the left navigation pane, navigate to various portal pages, such as **Recommendations** to view security recommendations for individual servers and Arc VMs running on Azure Local, or **Security alerts** to monitor alerts for them.
+1. The **Overview** page of the Microsoft Defender for Cloud portal shows the overall security posture of your environment. From the left navigation pane, navigate to various portal pages, such as **Recommendations** to view security recommendations for individual servers and VMs running on Azure Local, or **Security alerts** to monitor alerts for them.
 
    :::image type="content" source="./media/manage-security-with-defender-for-cloud/defender-for-cloud-overview.png" alt-text="Screenshot of the Defender for Cloud Overview page." lightbox="./media/manage-security-with-defender-for-cloud/defender-for-cloud-overview.png" :::
 
diff --git a/azure-local/manage/monitor-multi-azure-policies.md b/azure-local/manage/monitor-multi-azure-policies.md
@@ -6,7 +6,7 @@ ms.author: alkohli
 ms.reviewer: saniyaislam
 ms.topic: how-to
 ms.service: azure-local
-ms.date: 09/12/2024
+ms.date: 04/09/2025
 ---
 
 # Enable Insights for Azure Local at scale using Azure policies
@@ -722,7 +722,7 @@ To create a policy assignment, follow these steps:
 
 1. Select **Next** to view the **Parameters** tab. If the policy definition you selected on the **Basics** tab included parameters, they show up on the **Parameters** tab.
 
-    For example, the policy to repair AMA shows the **Include Arc connected machines** parameter. Select **True** to include Arc connected machines in the policy assignment.
+    For example, the policy to repair AMA shows the **Include Arc connected machines** parameter. Select **True** to include Arc-enabled servers in the policy assignment.
 
     :::image type="content" source="./media/monitor-multi-azure-policies/policy-assign-parameters-tab.png" alt-text="Screenshot of the Parameters tab on Assign policy page to define or modify parameters." lightbox="./media/monitor-multi-azure-policies/policy-assign-parameters-tab.png":::
 
