Merge branch 'release-azurelocal-rebrand' of https://github.com/MicrosoftDocs/azure-stack-docs-pr into arc-gateway

Author: v-sissondan

azure-local/includes/hci-switch-wdac-policy-mode.md

@@ -3,17 +3,14 @@ author: ManikaDhiman
 ms.author: alkohli
 ms.service: azure-stack
 ms.topic: include
-ms.date: 10/11/2024
+ms.date: 11/18/2024
 ms.reviewer: alkohli
 ---
 
 1. Connect to your Azure Local machine.
 
 1. Run the following PowerShell command using local administrator credentials or deployment user (AzureStackLCMUser) credentials.
 
-   > [!IMPORTANT]
-   > Cmdlets that require to be signed in as deployment user (AzureStackLCMUser) need proper credentials authorization via the security group (PREFIX-ECESG) and CredSSP (when using remote PowerShell) or Console session (RDP).
-
 1. Run the following cmdlet to check the WDAC policy mode that is currently enabled:
 
    ```powershell

azure-local/manage/manage-secure-baseline.md

@@ -114,8 +114,6 @@ The following cmdlet properties are for the *AzureStackOSConfigAgent* module. Th
     - AllNodes – Provides boolean value (true/False) computed across nodes.
     - Cluster – Provides boolean value from ECE store. Interacts with the orchestrator and acts to all the nodes in the cluster.
   
-      > [!IMPORTANT]
-      > `Enable AzsSecurity` and `Disable AzsSecurity` cmdlets are only available on new deployments or on upgraded deployments after the security baselines are properly applied to nodes.
 
 - `Enable-AzsSecurity`   -Scope <Local | Cluster>
 - `Disable-AzsSecurity`  -Scope <Local | Cluster>
@@ -128,6 +126,9 @@ The following cmdlet properties are for the *AzureStackOSConfigAgent* module. Th
     - Side Channel Mitigation
     - SMB Signing
     - SMB Cluster encryption
+    
+  > [!IMPORTANT]
+  > `Enable AzsSecurity` and `Disable AzsSecurity` cmdlets are only available on new deployments or on upgraded deployments after the security baselines are properly applied to nodes.
 
 The following table documents supported security features, whether they support drift control, and whether a reboot is required to implement the feature.
 

azure-local/manage/manage-security-post-upgrade.md

@@ -5,7 +5,7 @@ author: alkohli
 ms.author: alkohli
 ms.topic: how-to
 ms.service: azure-stack-hci
-ms.date: 11/13/2024
+ms.date: 11/18/2024
 ---
 
 # Manage security after upgrading Azure Local
@@ -20,7 +20,7 @@ Before you begin, make sure that you have access to an Azure Local, version 23H2
 
 ## Post upgrade security changes
 
-When you upgrade you  Azure Local from version 22H2 to version 23H2, the security posture of your system doesn't change. We strongly recommend that you update the security settings after the upgrade to benefit from enhanced security.
+When you upgrade your Azure Local from version 22H2 to version 23H2, the security posture of your system doesn't change. We strongly recommend that you update the security settings after the upgrade to benefit from enhanced security.
 
 Here are the benefits of updating the security settings:
 
@@ -108,20 +108,20 @@ If you need to enable BitLocker on any of your volumes, see [Manage BitLocker en
 
 Application control for business (formerly known as Windows Defender Application Control or WDAC) provides a great layer of defense against running untrusted code.
 
-After you've upgraded to version 23H2, consider enabling WDAC. This can be disruptive if the necessary measures aren't taken for proper validation of existing third party software already existing on the servers.
+After you've upgraded to version 23H2, consider enabling Application Control. This can be disruptive if the necessary measures aren't taken for proper validation of existing third party software already existing on the servers.
 
-For new deployments, WDAC is enabled in *Enforced* mode (blocking nontrusted binaries), whereas for upgraded systems we recommend that you follow these steps:
+For new deployments, Application Control is enabled in *Enforced* mode (blocking nontrusted binaries), whereas for upgraded systems we recommend that you follow these steps:
 
-1. [Enable WDAC in *Audit* mode (assuming unknown software might be present)](./manage-wdac.md).
-1. [Monitor WDAC events](./manage-wdac.md).
-1. [Create the necessary supplemental policies](./manage-wdac.md).
+1. [Enable Application Control in *Audit* mode (assuming unknown software might be present)](./manage-wdac.md#switch-wdac-policy-modes).
+1. [Monitor Application Control events](/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations).
+1. [Create the necessary supplemental policies](./manage-wdac.md#create-a-wdac-supplemental-policy).
 1. Repeat steps #2 and #3 as necessary until no further audit events are observed. Switch to *Enforced* mode.
 
     > [!WARNING]
     > Failure to create the necessary AppControl policies to enable additional third party software will prevent that software from running.
 
-For instructions to enable in *Enforced* mode, see [Manage Windows Defender Application Control for Azure Local](./manage-wdac.md).
+For instructions to enable in *Enforced* mode, see [Manage Windows Defender Application Control for Azure Local](./manage-wdac.md#switch-wdac-policy-modes).
 
 ## Next steps
 
-- [Understand BitLocker encryption](.././concepts/security-bitlocker.md).
+- [Understand BitLocker encryption](../manage/manage-secure-baseline.md).

azure-local/overview.md

@@ -5,7 +5,7 @@ ms.topic: overview
 author: alkohli
 ms.author: alkohli
 ms.service: azure-stack-hci
-ms.date: 11/13/2024
+ms.date: 11/18/2024
 ms.custom: e2e-hybrid, linux-related-content
 ---
 
@@ -25,7 +25,7 @@ Azure Local also accelerates cloud and AI innovation by seamlessly delivering ne
 
 An Azure Local instance consists of a machine or a cluster of machines running the Azure Stack HCI operating system and connected to Azure. You can use the Azure portal to monitor and manage individual Azure Local instances as well as view all the deployments of Azure Local. You can also manage Azure Local with your existing tools, including Windows Admin Center and PowerShell.
 
-You can [Download the operating system software](./deploy/download-azure-stack-hci-23h2-software.md) from the Azure portal with a free 60-day trial.
+You can [Download the operating system software](./deploy/download-23h2-software.md) from the Azure portal with a free 60-day trial.
 
 To acquire the machines that support Azure Local, you can purchase validated hardware from a Microsoft hardware partner with the operating system pre-installed. See the [Azure Local Catalog](https://aka.ms/AzureStackHCICatalog) for hardware options and use the sizing tool to estimate hardware requirements.
 
@@ -73,10 +73,9 @@ Customers often choose Azure Local in the following scenarios.
 |:-|:-|
 | Azure Virtual Desktop (AVD) | Azure Virtual Desktop for Azure Local lets you deploy Azure Virtual Desktop session hosts on your on-premises infrastructure. You manage your session hosts from the Azure portal. To learn more, see [Azure Virtual Desktop for Azure Local](/azure/virtual-desktop/azure-stack-hci-overview). |
 | Azure Kubernetes Service (AKS) enabled by Azure Arc | You can leverage Azure Local to host container-based deployments, which increases workload density and resource usage efficiency. Azure Local also further enhances the agility and resiliency inherent to Azure Kubernetes deployments. Azure Local manages automatic failover of VMs serving as Kubernetes cluster nodes in case of a localized failure of the underlying physical components. This supplements the high availability built into Kubernetes, which automatically restarts failed containers on either the same or another VM. To learn more, see [Azure Kubernetes Service on Azure Local and Windows Server](/azure/aks/hybrid/aks-overview). |
-| AI and ML workloads | Azure Local also accelerates cloud and AI innovation by seamlessly delivering new applications and workloads. You can leverage Azure Local to deploy AI models on workloads. To learn more, see [Deploy AI models](index.yml). |
 | Run Azure Arc services on-premises | Azure Arc allows you to run Azure services anywhere. This allows you to build consistent hybrid and multicloud application architectures by using Azure services that can run in Azure, on-premises, at the edge, or at other cloud providers. Azure Arc enabled services allow you to run Arc VMs, Azure data services and Azure application services such as Azure App Service, Functions, Logic Apps, Event Grid, and API Management anywhere to support hybrid workloads. To learn more, see [Azure Arc overview](/azure/azure-arc/overview). |
-| Highly performant SQL Server | Azure Local provides an additional layer of resiliency to highly available, mission-critical Always On availability groups-based deployments of SQL Server. This approach also offers extra benefits associated with the single-vendor approach, including simplified support and performance optimizations built into the underlying platform. To learn more, see [Deploy SQL Server on Azure Local](deploy/sql-server.md). |
-| Trusted enterprise virtualization | Azure Local satisfies the trusted enterprise virtualization requirements through its built-in support for Virtualization-based Security (VBS). VBS relies on Hyper-V to implement the mechanism referred to as virtual secure mode, which forms a dedicated, isolated memory region within its guest VMs. By using programming techniques, it's possible to perform designated, security-sensitive operations in this dedicated memory region while blocking access to it from the host OS. This considerably limits potential vulnerability to kernel-based exploits. To learn more, see [Deploy Trusted Enterprise Virtualization on Azure Local](deploy/trusted-enterprise-virtualization.md). |
+| Highly performant SQL Server | Azure Local provides an additional layer of resiliency to highly available, mission-critical Always On availability groups-based deployments of SQL Server. This approach also offers extra benefits associated with the single-vendor approach, including simplified support and performance optimizations built into the underlying platform. To learn more, see [Deploy SQL Server on Azure Local](./deploy/sql-server-23h2.md). |
+| Trusted enterprise virtualization | Azure Local satisfies the trusted enterprise virtualization requirements through its built-in support for Virtualization-based Security (VBS). VBS relies on Hyper-V to implement the mechanism referred to as virtual secure mode, which forms a dedicated, isolated memory region within its guest VMs. By using programming techniques, it's possible to perform designated, security-sensitive operations in this dedicated memory region while blocking access to it from the host OS. This considerably limits potential vulnerability to kernel-based exploits. To learn more, see [About Trusted Launch for Arc VMs on Azure Local](./manage/trusted-launch-vm-overview.md). |
 | Scale-out storage | Storage Spaces Direct is a core technology of Azure Local that uses industry-standard servers with locally attached drives to offer high availability, performance, and scalability. Using Storage Spaces Direct results in significant cost reductions compared with competing offers based on storage area network (SAN) or network-attached storage (NAS) technologies. These benefits result from an innovative design and a wide range of enhancements, such as persistent read/write cache drives, mirror-accelerated parity, nested resiliency, and deduplication. |
 | Disaster recovery for virtualized workloads | A stretched cluster of Azure Local (functionality only available in Azure Stack HCI OS, version 22H2) provides automatic failover of virtualized workloads to a secondary site following a primary site failure. Synchronous replication ensures crash consistency of VM disks. |
 | Data center consolidation and modernization | Refreshing and consolidating aging virtualization hosts with Azure Local can improve scalability and make your environment easier to manage and secure. It's also an opportunity to retire legacy SAN storage to reduce footprint and total cost of ownership. Operations and systems administration are simplified with unified tools and interfaces and a single point of support. |
@@ -103,7 +102,7 @@ You can use the Azure portal for an increasing number of tasks including:
 
 You can also subscribe to additional Azure hybrid services.
 
-For more details on the cloud service components of Azure Local, see [Azure Local hybrid capabilities with Azure services](hybrid-capabilities-with-azure-services.md).
+For more details on the cloud service components of Azure Local, see [Azure Local hybrid capabilities with Azure services](./hybrid-capabilities-with-azure-services-23h2.md
 
 ## What you need for Azure Local
 
@@ -112,18 +111,18 @@ To get started, you'll need:
 - One or more machines from the [Azure Local Catalog](https://aka.ms/AzureStackHCICatalog), purchased from your preferred Microsoft hardware partner.
 - An [Azure subscription](https://azure.microsoft.com/).
 - Operating system licenses for your workload VMs – for example, Windows Server. See [Activate Windows Server VMs](manage/vm-activate.md).
-- An internet connection for each machine in the system that can connect via HTTPS outbound traffic to well-known Azure endpoints at least every 30 days. See [Azure connectivity requirements](concepts/firewall-requirements.md) for more information.
+- An internet connection for each machine in the system that can connect via HTTPS outbound traffic to well-known Azure endpoints at least every 30 days. See [Azure connectivity requirements](./concepts/firewall-requirements.md) for more information.
 - For systems stretched across sites (functionality only available in version 22H2):
   - At least four servers (two in each site)
   - At least one 1 Gb connection between sites (a 25 Gb RDMA connection is preferred)
   - An average latency of 5 ms round trip between sites if you want to do synchronous replication where writes occur simultaneously in both sites.
-- If you plan to use SDN, you'll need a virtual hard disk (VHD) for the Azure Stack HCI OS to create Network Controller VMs (see [Plan to deploy Network Controller](concepts/network-controller.md)).
+- If you plan to use SDN, you'll need a virtual hard disk (VHD) for the Azure Stack HCI OS to create Network Controller VMs (see [Plan to deploy Network Controller](./concepts/plan-network-controller-deployment.md)).
 
-Make sure your hardware meets the [System requirements](concepts/system-requirements-23h2.md) and that your network meets the [physical network](concepts/physical-network-requirements.md) and [host network](concepts/host-network-requirements.md) requirements for Azure Local.
+Make sure your hardware meets the [System requirements](concepts/system-requirements-23h2.md) and that your network meets the [physical network](./concepts/physical-network-requirements.md) and [host network](concepts/host-network-requirements.md) requirements for Azure Local.
 
 For Azure Kubernetes Service on Azure Local and Windows Server requirements, see [AKS network requirements](/azure/aks/hybrid/aks-hci-network-system-requirements).
 
-Azure Local is priced on a per core basis on your on-premises machines. For current pricing, see [Azure Local pricing](https://azure.microsoft.com/pricing/details/azure-stack/hci/).
+Azure Local is priced on a per core basis on your on-premises machines. For current pricing, see [Azure Local pricing](https://aka.ms/azloc-pricing).
 
 ## Hardware and software partners
 

azure-local/whats-new.md

@@ -5,7 +5,7 @@ ms.topic: overview
 author: alkohli
 ms.author: alkohli
 ms.service: azure-stack-hci
-ms.date: 11/16/2024
+ms.date: 11/18/2024
 ---
 
 # What's new in Azure Local, version 23H2
@@ -48,6 +48,7 @@ This is a baseline release with the following features and improvements:
 
         For more information, see [Add a network interface on your Azure Local](./manage/manage-arc-virtual-machine-resources.md#add-a-network-interface).
 
+- **AKS on Azure Local** - This release has several new features and enhancements for AKS on Azure Local. For more information, see [What's new in AKS on Azure Local](/azure/aks/hybrid/aks-whats-new-23h2).
 
 ## [2408 releases](#tab/2408releases)