Merge pull request #3268 from MicrosoftDocs/main638591832651680687sync_temp

For protected branch, push strategy should use PR and merge to target branch method to work around git push error

Author: learn-build-service-prod[bot]

azure-stack/hci/release-information-23h2.md

@@ -6,7 +6,7 @@ ms.author: alkohli
 ms.topic: conceptual
 ms.service: azure-stack
 ms.subservice: azure-stack-hci
-ms.date: 07/12/2024
+ms.date: 08/13/2024
 ---
 
 # Azure Stack HCI, version 23H2 release information
@@ -55,6 +55,7 @@ All dates are listed in ISO 8601 format: *YYYY-MM-DD*
 
 |Release build| OS build |Baseline or Update| What's new | Known issues |
 |--|--|--|--|--|
+|  | 25398.1085  <br><br> [Aug OS security update](./security-update/hci-security-update-jul-2024.md) <br><br> Availability date: 2024-08-13 | Update | [Features and improvements](./whats-new.md#features-and-improvements-in-24052) | [Known issues](./known-issues-2405-2.md) |
 | 10.2405.2.7 | 25398.1009  <br><br> [July OS security update](./security-update/hci-security-update-jul-2024.md) <br><br> Availability date: 2024-07-16 | Update | [Features and improvements](./whats-new.md#features-and-improvements-in-24052) | [Known issues](./known-issues-2405-2.md) |
 | 10.2405.1.4 | 25398.950  <br><br> [June OS security update](./security-update/hci-security-update-jun-2024.md) <br><br> Availability date: 2024-06-19 | Update | [Features and improvements](./whats-new.md#features-and-improvements-in-24051) | [Known issues](./known-issues-2405-1.md) |
 | 10.2402.4.4  | 25398.950 <br><br> [June OS security update](./security-update/hci-security-update-jun-2024.md) <br><br> Availability date: 2024-06-19 | Update | [Features and improvements](./whats-new.md#features-and-improvements-in-24024) | [Known issues](./known-issues-2402-4.md) |

azure-stack/hci/release-information.md

@@ -6,7 +6,7 @@ ms.author: jgerend
 ms.topic: conceptual
 ms.service: azure-stack
 ms.subservice: azure-stack-hci
-ms.date: 07/08/2024
+ms.date: 08/12/2024
 ---
 
 # Azure Stack HCI, version 22H2 release information
@@ -25,6 +25,7 @@ All dates are listed in ISO 8601 format: *YYYY-MM-DD*
 
 | **OS build** | **Availability date** | **KB article** |
 |:-|:-|:-|
+| 20349.2655 | 2024-08-13 | [KB 5041160](https://support.microsoft.com/topic/3e8026f2-bb4c-4c1c-9855-d41e1b5b1bd9) |
 | 20349.2582 | 2024-07-09 | [KB 5040437](https://support.microsoft.com/topic/b23d6ba9-4659-4780-887f-530776c4e730) |
 | 20349.2529 | 2024-06-20 | [KB 5041054](https://support.microsoft.com/topic/0a1f8b2c-f195-4e3d-b95a-52a12b801658) |
 | 20349.2527 | 2024-06-11 | [KB 5039227](https://support.microsoft.com/topic/121b63dd-f970-45a3-8365-b5f4d2081999) |

azure-stack/hci/security-update/hci-security-update-aug-2024.md

@@ -0,0 +1,65 @@
+---
+title:  August 2024 security update (KB 5041573) for Azure Stack HCI, version 23H2
+description: Read about the August 2024 security update (KB 5041573) for Azure Stack HCI, version 23H2.
+author: alkohli
+ms.topic: conceptual
+ms.date: 08/13/2024
+ms.author: alkohli
+ms.reviewer: alkohli
+ms.subservice: azure-stack-hci
+---
+
+# August 2024 OS security update (KB 5041573) for Azure Stack HCI, version 23H2
+
+[!INCLUDE [applies-to](../../includes/hci-applies-to-23h2.md)]
+
+This article describes the OS security update for Azure Stack HCI, version 23H2 that was released on August 13, 2024 and applies to OS build 25398.1085.
+
+<!--For an overview of Azure Stack HCI, version 23H2 release notes, see the [update history](https://support.microsoft.com/topic/release-notes-for-azure-stack-hci-version-23h2-018b9b10-a75b-4ad7-b9d1-7755f81e5b0b).-->
+
+## Improvements
+
+This security update includes quality improvements. The following key issues and features are present in this update:
+
+- **Stability of clusters on Windows Server 2022**. Servers in the same cluster shutdown when you don't expect them to. This leads to high latency and network availability issues.  
+
+- **Bootloader**. A race condition might stop a computer from starting. This occurs when you configure the bootloader to start many operating systems.  
+
+- **Autopilot**. Using Autopilot to provision a Surface Laptop SE device fails.  
+
+- **Windows Defender Application Control (WDAC)**. A memory leak occurs that might exhaust system memory as time goes by. This issue occurs when you provision a device.  
+
+- **Protected Process Light (PPL) protections**. You can bypass them.  
+
+- **Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)**. This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.  
+
+- **NetJoinLegacyAccountReuse**. This update removes this registry key. For more information, see [KB 5020276 Net join: Domain join hardening changes](https://support.microsoft.com/topic/kb5020276-netjoin-domain-join-hardening-changes-2b65a0f3-1f4c-42ef-ac0f-1caaf421baf8).
+
+- **BitLocker (known issue)**. A [BitLocker recovery screen](/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview) shows when you start up your device. This occurs after you install the July 9, 2024, update. This issue is more likely to occur if [device encryption](https://support.microsoft.com/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) is on. Go to **Settings > Privacy & Security > Device encryption**. To unlock your drive, Windows might ask you to enter the recovery key from your Microsoft account.
+
+- **Lock screen**. This update addresses CVE-2024-38143. As a result, the **Use my windows user account** check box isn't available on the lock screen to connect to Wi-Fi.
+
+- **Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)**. This update applies SBAT to systems that run Windows and stops vulnerable Linux EFI (shim bootloaders) from running. This update doesn't apply to systems that dual-boot Windows and Linux. After the update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image.
+
+- **Domain Name System (DNS)**. This update hardens DNS server security to address CVE-2024-37968. If the configurations of your domains aren't up to date, you might get the SERVFAIL error or a time-out.
+
+For more information about security vulnerabilities, see the [Security Update Guide](https://msrc.microsoft.com/update-guide/) and the [August 2024 Security Updates](https://msrc.microsoft.com/update-guide/releaseNote/2024-Aug).
+
+## Known issues
+
+Microsoft isn't currently aware of any issues with this update.
+
+## To install this update
+
+Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](/windows/deployment/update/servicing-stack-updates) and [Servicing Stack Updates (SSU): Frequently Asked Questions](https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe).
+
+To install the LCU on your Azure Stack HCI cluster, see [Update Azure Stack HCI clusters](../update/about-updates-23h2.md).
+
+## File list
+
+For a list of the files that are provided in this update, download the file information for [Cumulative update 5041573](https://go.microsoft.com/fwlink/?linkid=2282056).
+
+## Next steps
+
+- [Install updates via PowerShell](../update/update-via-powershell-23h2.md) for Azure Stack HCI, version 23H2.
+- [Install updates via Azure Update Manager in Azure portal](../update/azure-update-manager-23h2.md) for Azure Stack HCI, version 23H2.

azure-stack/hci/toc.yml

@@ -51,7 +51,9 @@ items:
         href: known-issues-2311.md
     - name: Security updates
       items:
-      - name: July 2024 - Current
+      - name: August 2024 - Current
+        href: security-update/hci-security-update-aug-2024.md
+      - name: July 2024
         href: security-update/hci-security-update-jul-2024.md
       - name: June 2024 
         href: security-update/hci-security-update-jun-2024.md
@@ -211,6 +213,30 @@ items:
   - name: Troubleshoot updates
     href: update/update-troubleshooting-23h2.md
 
+- name: Upgrade 
+  items:
+  - name: About Azure Stack HCI upgrades
+    href: upgrade/about-upgrades-23h2.md
+  - name: Upgrade to version 23H2 OS
+    items: 
+    - name: Via PowerShell
+      href: upgrade/upgrade-22h2-to-23h2-powershell.md
+    - name: Via Windows Admin Center
+      href: upgrade/upgrade-22h2-to-23h2-windows-admin-center.md
+    - name: Via other methods
+      href: upgrade/upgrade-22h2-to-23h2-other-methods.md
+  - name: Perform post-OS upgrade tasks
+    href: upgrade/post-upgrade-steps.md
+  - name: Install, enable Network ATC
+    href: upgrade/install-enable-network-atc.md
+  - name: Validate solution upgrade readiness
+    href: upgrade/validate-solution-upgrade-readiness.md
+  - name: Apply solution upgrade
+    href: upgrade/install-solution-upgrade.md
+  - name: Troubleshoot upgrades
+    href: upgrade/troubleshoot-upgrade-to-azure-stack-hci-23h2.md
+
+
 - name: Manage
   items:
 

azure-stack/hci/upgrade/about-upgrades-23h2.md

@@ -0,0 +1,63 @@
+---
+title: About Azure Stack HCI Upgrade to latest version 23H2
+description: Learn about how to upgrade from Azure Stack HCI, version 22H2 to latest Azure Stack HCI, version 23H2.
+author: alkohli
+ms.topic: conceptual
+ms.date: 08/13/2024
+ms.author: alkohli
+ms.reviewer: alkohli
+ms.subservice: azure-stack-hci
+---
+
+# About Azure Stack HCI upgrades
+
+[!INCLUDE [applies-to](../../includes/hci-applies-to-23h2-22h2.md)]
+
+This article provides an overview of upgrading your existing Azure Stack HCI system from version 22H2 to version 23H2.
+
+Throughout this article, we refer to Azure Stack HCI, version 23H2 as the *new* version and Azure Stack HCI, version 22H2 as the *old* version.
+
+## About Azure Stack HCI, version 23H2
+
+Azure Stack HCI, version 23H2 is the latest version of the Azure Stack HCI solution. This version integrates the Azure Arc infrastructure that provisions and manages the workloads such as Arc VMs, Azure Kubernetes Services, and Azure Virtual Desktop. For more information, see [What's new in Azure Stack HCI, version 23H2](../whats-new.md#features-and-improvements-in-2311).
+
+With version 23H2, Azure Stack HCI evolved from a cloud connected operating system (OS) to an Arc enabled solution. The OS forms the base layer of this solution, with the Arc and the Orchestrator (also known as the Lifecycle Manager) components layered on top. These components are packaged together into a solution that follows an [Infrastructure as code (IaC)](/devops/deliver/what-is-infrastructure-as-code) model.
+
+- This IaC model takes a set of input parameters that are specific to each customer and the environment.
+- The lifecycle manager then orchestrates the desired state across all the layers to meet the desired state and the version.
+
+The following diagram illustrates the components of an Azure Stack HCI, version 23H2 system:
+
+:::image type="content" source="./media/about-upgrades-23h2/azure-stack-hci-23h2-and-its-components.png" alt-text="Diagram that illustrates Azure Stack HCI and its components." lightbox="./media/about-upgrades-23h2/azure-stack-hci-23h2-and-its-components.png":::
+
+## Azure Stack HCI upgrade versus update
+
+An upgrade is a whole new version of software that represents a significant change or major improvement. An update, on the other hand, is a process of applying a set of changes to the software to improve its performance, security, or stability.
+
+The Azure Stack HCI, version 23H2, is a whole new version of the solution with a multitude of new capabilities. To move from Azure Stack HCI, version 22H2 to version 23H2, you need to upgrade your existing cluster. On the other hand, to ensure that you have the most recent features and security improvements for your current version of Azure Stack HCI, you would need to update your existing cluster.
+
+## High-level steps for Azure Stack HCI upgrade
+
+To upgrade your Azure Stack HCI from an old version, follow these high-level steps:
+
+1. Upgrade the *old* OS to the *new* OS using one of the following methods:
+    - [Via the PowerShell (recommended)](./upgrade-22h2-to-23h2-powershell.md).
+    - [Via the Windows Admin Center](./upgrade-22h2-to-23h2-windows-admin-center.md).
+    - [Via other manual methods](./upgrade-22h2-to-23h2-other-methods.md).
+
+1. Perform post-OS upgrade tasks.
+
+1. Validate the solution upgrade readiness.
+
+1. Apply the solution upgrade.
+
+The following diagram illustrates the Azure Stack HCI upgrade process:
+
+:::image type="content" source="./media/about-upgrades-23h2/update-os-to-23h2-and-apply-the-solution-update.png" alt-text="Diagram that illustrates the two steps to update the Azure Stack HCI OS and then apply the solution update." lightbox="./media/about-upgrades-23h2/update-os-to-23h2-and-apply-the-solution-update.png":::
+
+## Next steps
+
+Choose one of the following options to upgrade your Azure Stack HCI, version 22H2 to Azure Stack HCI, version 23H2:
+- [Use PowerShell](./upgrade-22h2-to-23h2-powershell.md).
+- [Use Windows Admin Center](./upgrade-22h2-to-23h2-windows-admin-center.md).
+- [Use other methods](./upgrade-22h2-to-23h2-other-methods.md).