Sync release-aks-2503 with main

sethmanheim · web-flow · commit 824891bcfa32 · 2025-03-24T09:47:30.000-07:00
diff --git a/AKS-Arc/aks-networks.md b/AKS-Arc/aks-networks.md
@@ -3,7 +3,7 @@ title: Create logical networks for Kubernetes clusters on Azure Local, version 2
 description: Learn how to create Arc-enabled logical networks for AKS.
 ms.topic: how-to
 author: sethmanheim
-ms.date: 11/19/2024
+ms.date: 03/21/2025
 ms.author: sethm 
 ms.lastreviewed: 04/01/2024
 ms.reviewer: abha
@@ -43,11 +43,27 @@ ConvergedSwitch(management_compute_storage)    External        Teamed-Interface
 
 ## Create the logical network
 
-You can create a logical network using either the Azure Command-Line Interface (CLI) or by using the Azure portal.
+You can create a logical network by using either the Azure CLI or the Azure portal.
 
 # [Azure CLI](#tab/azurecli)
 
-You can use the [`az stack-hci-vm network lnet create`](/cli/azure/stack-hci-vm/network/lnet#az-stack-hci-vm-network-lnet-create) cmdlet to create a logical network on the VM switch in Static IP configuration.
+To create a logical network on the VM switch in a static IP configuration, you can use the [`az stack-hci-vm network lnet create`](/cli/azure/stack-hci-vm/network/lnet#az-stack-hci-vm-network-lnet-create) command:
+
+```azurecli
+az stack-hci-vm network lnet create \
+  --subscription $subscription \
+  --resource-group $resource_group \
+  --custom-location $customLocationID \
+  --name $lnetName \
+  --vm-switch-name $vmSwitchName \
+  --ip-allocation-method "Static" \
+  --address-prefixes $addressPrefixes \
+  --gateway $gateway \
+  --dns-servers $dnsServers \
+  --ip-pool-start $ipPoolStart \
+  --ip-pool-end $ipPoolEnd \
+  --vlan 10
+```
 
 For static IP, the required parameters are as follows:
 
@@ -57,17 +73,14 @@ For static IP, the required parameters are as follows:
 | `--resource-group` | Name of the resource group where you create the logical network. |
 | `--subscription` | Name or ID of the subscription where your Azure Local is deployed. |
 | `--custom-location` | Provide the custom location associated with your Azure Local cluster where you're creating the logical network. |
-| `--vm-switch-name`     | The name of the VM switch. Usage: `--vm-switch-name "vm-switch-01"`. | 
+| `--vm-switch-name`     | The name of the VM switch. Usage: `--vm-switch-name "vm-switch-01"`. |
 | `--address-prefixes` | AddressPrefix for the network. Currently only 1 address prefix is supported. Usage: `--address-prefixes "10.220.32.16/24"`. |
-| `--dns-servers`      | Space-separated list of DNS server IP addresses. Usage: `--dns-servers 10.220.32.16 10.220.32.17`. | 
+| `--dns-servers`      | Space-separated list of DNS server IP addresses. Usage: `--dns-servers 10.220.32.16 10.220.32.17`. |
 | `--gateway`         | Gateway. The gateway IP address must be within the scope of the address prefix. Usage: `--gateway 10.220.32.16`. |
-| `--ip-allocation-method`   | The IP address allocation method. Supported values are "Static". Usage: `--ip-allocation-method "Static"`. |
-| `--ip-pool-start`     | The start IP address of your IP pool. The address must be in range of the address prefix. Usage: `--ip-pool-start "10.220.32.18"`.  | 
+| `--ip-allocation-method`   | The IP address allocation method. Supported values are `Static`. Usage: `--ip-allocation-method "Static"`. |
+| `--ip-pool-start`     | The start IP address of your IP pool. The address must be in range of the address prefix. Usage: `--ip-pool-start "10.220.32.18"`.  |
 | `--ip-pool-end`       | The end IP address of your IP pool. The address must be in range of the address prefix. Usage: `--ip-pool-end "10.220.32.38"`.  |
-
-```azurecli
-az stack-hci-vm network lnet create --subscription $subscription --resource-group $resource_group --custom-location $customLocationID --name $lnetName --vm-switch-name $vmSwitchName --ip-allocation-method "Static" --address-prefixes $addressPrefixes --gateway $gateway --dns-servers $dnsServers --ip-pool-start $ipPoolStart --ip-pool-end $ipPoolEnd
-```
+| `--vlan`              | The VLAN ID. Usage: `--vlan 10`. This parameter is required, otherwise the default value of 0 results in an AKS Arc cluster creation failure.  |
 
 # [Azure portal](#tab/azureportal)
 
@@ -77,11 +90,11 @@ Complete the following steps to create a logical network using the Azure portal:
 
    :::image type="content" source="./media/aks-networks/select-logical-network.png" alt-text="Screenshot showing Resources pane in Azure portal." lightbox="./media/aks-networks/select-logical-network.png":::
 
-2. In the right pane, select **Create logical network**.
+1. In the right pane, select **Create logical network**.
 
    :::image type="content" source="./media/aks-networks/create-logical-network.png" alt-text="Screenshot showing logical network creation link." lightbox="./media/aks-networks/create-logical-network.png":::
 
-3. On the **Create logical network** page, on the **Basics** tab:
+1. On the **Create logical network** page, on the **Basics** tab:
 
     - Select the Azure subscription name.
     - Select the associated resource group name.
@@ -94,7 +107,7 @@ Complete the following steps to create a logical network using the Azure portal:
 
    :::image type="content" source="./media/aks-networks/enter-network-name.png" alt-text="Screenshot showing Basics tab." lightbox="./media/aks-networks/enter-network-name.png":::
 
-4. On the **Network configuration** tab, select **Static** and then enter the following:
+1. On the **Network configuration** tab, select **Static** and then enter the following:
     - IPv4 address space (previously reserved).
     - IP pools.
     - Default gateway address.
@@ -105,7 +118,7 @@ Complete the following steps to create a logical network using the Azure portal:
 
    :::image type="content" source="./media/aks-networks/enter-ip-addresses.png" alt-text="Screenshot showing Network configuration tab." lightbox="./media/aks-networks/enter-ip-addresses.png":::
 
-5. On the **Review + Create** tab, review network settings and then select **Create**:
+1. On the **Review + Create** tab, review network settings and then select **Create**:
 
    :::image type="content" source="./media/aks-networks/review-and-create-static.png" alt-text="Screenshot showing static network properties page." lightbox="./media/aks-networks/review-and-create-static.png":::
 
diff --git a/azure-local/TOC.yml b/azure-local/TOC.yml
@@ -160,7 +160,7 @@ items:
       href: /azure/aks/hybrid/aks-create-clusters-portal?toc=/azure/azure-local/toc.json&bc=/azure/azure-local/breadcrumb/toc.json
     - name: Run Azure Virtual Desktop on Azure Local
       href: /azure/virtual-desktop/deploy-azure-virtual-desktop?toc=/azure/azure-local/toc.json&bc=/azure/azure-local/breadcrumb/toc.json
-    - name: Run Azure Arc VMs
+    - name: Run Azure Local VMs
       href: manage/create-arc-virtual-machines.md
     - name: Run SQL Server
       href: deploy/sql-server-23h2.md
@@ -207,9 +207,9 @@ items:
 - name: Manage
   items:
 
-  - name: Azure Arc VMs
+  - name: Azure Local VMs
     items:
-    - name: What is Azure Arc VM management?
+    - name: What is Azure Local VM management?
       href: manage/azure-arc-vm-management-overview.md
     - name: Compare VM management capabilities
       href: concepts/compare-vm-management-capabilities.md
@@ -219,7 +219,7 @@ items:
       href: manage/azure-arc-vm-management-prerequisites.md
     - name: Assign RBAC role
       href: manage/assign-vm-rbac-roles.md
-    - name: Create Arc VM resources
+    - name: Create Azure Local VM resources
       items:
       - name: 1. Create a storage path
         href: manage/create-storage-path.md
@@ -231,7 +231,7 @@ items:
           href: manage/virtual-machine-image-storage-account.md
         - name: Using images in local share 
           href: manage/virtual-machine-image-local-share.md
-        - name: Using an existing Arc VM
+        - name: Using an existing Azure Local VM
           href: manage/virtual-machine-image-existing-arc-vm.md
         - name: Using Linux VM image
           items: 
@@ -247,17 +247,17 @@ items:
         href: manage/create-logical-networks.md
       - name: 4. Create network interfaces
         href: manage/create-network-interfaces.md
-      - name: 5. Create Arc VMs
+      - name: 5. Create Azure Local VMs
         href: manage/create-arc-virtual-machines.md
     - name: Connect to VM via SSH
       href: manage/connect-arc-vm-using-ssh.md
-    - name: Manage Arc VMs
+    - name: Manage Azure Local VMs
       href: manage/manage-arc-virtual-machines.md
     - name: Manage Azure Local VM resources
       href: manage/manage-arc-virtual-machine-resources.md 
     - name: Manage VM extensions
       href: manage/virtual-machine-manage-extension.md
-    - name: Activate Arc VMs
+    - name: Activate Azure Local VMs
       items:
       - name: Azure verification for VMs
         href: deploy/azure-verification.md
@@ -275,7 +275,7 @@ items:
     - name: FAQs
       href: manage/azure-arc-vms-faq.yml
 
-  - name: Trusted launch for Arc VMs
+  - name: Trusted launch for Azure Local VMs
     items: 
       - name: What is Trusted launch for Azure Local VMs?
         href: manage/trusted-launch-vm-overview.md
@@ -284,7 +284,7 @@ items:
       - name: Manual backup and recovery
         href: manage/trusted-launch-vm-import-key.md
 
-  - name: Non Arc VMs
+  - name: Unmanaged VMs
     items:
       - name: Manage VMs
         href: manage/vm.md
@@ -345,7 +345,7 @@ items:
 
   - name: Azure Arc extensions
     items:
-    - name: Arc extension management
+    - name: Azure Arc extension management
       href: manage/arc-extension-management.md
     - name: Telemetry and diagnostics extension
       href: concepts/telemetry-and-diagnostics-overview.md
@@ -737,11 +737,11 @@ items:
 
 - name: Reference
   items:
-  - name: For Azure Arc VM management
+  - name: For Azure Local VM management
     items:
     - name: Azure Local VM PowerShell commands
       href: /powershell/module/az.stackhcivm
-    - name: Azure Local Arc VMs Azure CLI commands
+    - name: Azure Local VMs Azure CLI commands
       href: /cli/azure/stack-hci-vm
   - name: For Azure Local instance, service, and management
     items:
diff --git a/azure-local/concepts/compare-vm-management-capabilities.md b/azure-local/concepts/compare-vm-management-capabilities.md
@@ -1,13 +1,13 @@
 ---
-title: Compare management capabilities of Azure Local VMs
+title: Compare management capabilities of VMs on Azure Local
 description: Learn about the kinds of virtual machines (VMs) that can run on Azure Local and compare their management capabilities.
 ms.topic: conceptual
 author: alkohli
 ms.author: alkohli
-ms.date: 03/11/2025
+ms.date: 03/18/2025
 ---
 
-# Compare management capabilities of Azure Local VMs
+# Compare management capabilities of VMs on Azure Local
 
 [!INCLUDE [applies-to](../includes/hci-applies-to-23h2.md)]
 
@@ -17,44 +17,44 @@ This article describes the types of virtual machines (VMs) available on Azure Lo
 
 Here are the different types of VMs that you can run on your Azure Local system:
 
-- **Arc VMs:** Windows and Linux VMs hosted outside of Azure, on your corporate network, running on Azure Local.
-  - Are created using [Arc VM provisioning flow](../manage/create-arc-virtual-machines.md?tabs=azureportal), registered to [Arc Resource Bridge](/azure/azure-arc/resource-bridge/overview), and have the [Connected Machine agent](/azure/azure-arc/servers/agent-overview) installed.
+- **Azure Local VMs enabled by Azure Arc:** Windows and Linux VMs hosted outside of Azure, on your corporate network, running on Azure Local.
+  - Are created using [Azure Local VM provisioning flow](../manage/create-arc-virtual-machines.md?tabs=azureportal), registered to [Azure Arc resource bridge](/azure/azure-arc/resource-bridge/overview), and have the [Connected Machine agent](/azure/azure-arc/servers/agent-overview) installed.
   - Offer extensive management capabilities in the Azure portal, second only to native Azure VMs.
-  - Through Arc Resource Bridge, Arc VMs provide lifecycle management capabilities like starting, stopping, changing VM memory/vCPU, and adding or removing data disk and network interfaces.
-  - Through the Connected Machine agent, Arc VMs leverage Azure Arc extensions such as Microsoft Defender for Cloud and Azure Monitor to govern, protect, configure, and monitor virtual machines.
+  - Through Azure Arc resource bridge, Azure Local VMs provide lifecycle management capabilities like starting, stopping, changing VM memory/vCPU, and adding or removing data disk and network interfaces.
+  - Through the Connected Machine agent, Azure Local VMs leverage Azure Arc extensions such as Microsoft Defender for Cloud and Azure Monitor to govern, protect, configure, and monitor virtual machines.
   - Can be managed through Azure.
 
 - **[Arc-enabled servers](/azure/azure-arc/servers/overview):** Windows and Linux physical servers and virtual machines hosted outside of Azure, on your corporate network, or on other cloud providers with the Connected Machine agent installed.
   - Arc-enabled servers run on Azure Local as virtual machines.
-  - Lack the lifecycle management capabilities that Arc VMs offer.
+  - Lack the lifecycle management capabilities that Azure Local VMs offer.
   - Through the Connected Machine agent, Arc-enabled servers leverage Azure Arc extensions such as Microsoft Defender for Cloud and Azure Monitor to govern, protect, configure, and monitor virtual machines.
   - Can be managed through Azure.
 
-- **Non-Arc VMs:** Windows and Linux VMs created and hosted outside of Azure, on your corporate network, running on Azure Local.
+- **Unmanaged VMs:** Windows and Linux VMs created and hosted outside of Azure, on your corporate network, running on Azure Local.
   - Aren't connected to Azure.
   - Can't be managed through Azure.
 
-The following table compares the provisioning and management methods for the various types of Azure Local VM:
+The following table compares the provisioning and management methods for the various types of VMs running on Azure Local:
 
-| VM provisioning and management methods | Arc VMs | Arc-enabled servers | Non-Arc VMs |
+| VM provisioning and management methods | Azure Local VMs enabled by Azure Arc | Arc-enabled servers | Unmanaged VMs |
 | :---- | :---- | :---- | :---- |
-| Provisioning method |  [Arc VM provisioning flow](../manage/create-arc-virtual-machines.md?tabs=azureportal). Create Arc VMs using Azure CLI, Azure portal, or Azure Resource Manager template. Using ARM templates, you can also automate VM provisioning in a secure cloud environment. <br><br> [Azure Migrate flow](../migrate/migration-azure-migrate-overview.md). Migrate existing VMware and Hyper-V VMs as Arc VMs to Azure Local using the migration flow. | Connect these machines to Azure by [deploying the Connected Machine agent](/azure/azure-arc/servers/deployment-options) | On-premises provisioning flow. Use local tools like Failover Cluster Manager available in your on-premises environment, or use [Windows Admin Center](../manage/vm.md#create-a-new-vm), [System Center Virtual Machine Manager (SCVMM)](/system-center/vmm/provision-vms), or [PowerShell](../manage/vm-powershell.md#create-a-vm).|
-| Management method | Via Azure. | Via Azure. See [Management and monitoring for Azure Arc-enabled servers](/azure/cloud-adoption-framework/scenarios/hybrid/arc-enabled-servers/eslz-management-and-monitoring-arc-server). | Via the local tools. Manage these VMs through the management consoles of the same local tools used for their creation. |
+| Provisioning method |  [Azure Local VMs provisioning flow](../manage/create-arc-virtual-machines.md?tabs=azureportal). Create Azure Local VMs using Azure CLI, Azure portal, or Azure Resource Manager (ARM) template. Using ARM templates, you can also automate VM provisioning in a secure cloud environment. <br><br> [Azure Migrate flow](../migrate/migration-azure-migrate-overview.md). Migrate existing VMware and Hyper-V VMs to Azure Local using the migration flow. | Connect these machines to Azure by [deploying the Connected Machine agent](/azure/azure-arc/servers/deployment-options) | On-premises provisioning flow. Use local tools like Failover Cluster Manager available in your on-premises environment, or use [Windows Admin Center](../manage/vm.md#create-a-new-vm), [System Center Virtual Machine Manager (SCVMM)](/system-center/vmm/provision-vms), or [PowerShell](../manage/vm-powershell.md#create-a-vm).|
+| Management method | [Via Azure](../manage/manage-arc-virtual-machines.md). | Via Azure. See [Management and monitoring for Azure Arc-enabled servers](/azure/cloud-adoption-framework/scenarios/hybrid/arc-enabled-servers/eslz-management-and-monitoring-arc-server). | Via the local tools. Manage these VMs through the management consoles of the same local tools used for their creation. |
 
 > [!NOTE]
-> Currently, conversion of an Arc-enabled server or non-Arc VM to an Arc VM isn't supported.
+> Currently, conversion of an Arc-enabled server or unmanaged VM to an Azure Local VM isn't supported.
 
 ## Compare VM management capabilities
 
-The following table compares the management capabilities for Arc VMs, Arc-enabled servers, and non-Arc VMs across various operations and features available through the Azure portal:
+The following table compares the management capabilities for Azure Local VMs, Arc-enabled servers, and unmanaged VMs across various operations and features available through the Azure portal:
 
 > [!IMPORTANT]
 > Keep in mind the following information when comparing VM management capabilities:
 >- Microsoft Product Terms for your program override this section. For more information, see [Microsoft Azure Product Terms](https://www.microsoft.com/licensing/#products) and select your program to show the terms.
 >- Some services, even if included in Azure Hybrid Benefits, may incur operational costs, such as storing log data. For more information, see [Azure Pricing calculator](https://azure.microsoft.com/pricing/calculator/).
 >- Some key features are part of the Windows Server Management enabled by Azure Arc experience. For more information, see [Windows Server Management enabled by Azure Arc](/azure/azure-arc/servers/windows-server-management-overview?tabs=portal).
 
-|Azure VM management capability|Arc VMs|Arc-enabled servers|Non-Arc VMs|
+|Azure VM management capability|Azure Local VMs enabled by Azure Arc | Arc-enabled servers | Unmanaged VMs |
 |:-----|:-----:|:-----:|:-----:|
 | **Settings** |
 | - Start|✅|❌|❌|
@@ -100,11 +100,6 @@ The following table compares the management capabilities for Arc VMs, Arc-enable
 | - Export template |✅|❌|❌|
 | - Resource health |❌ <br>(Use Alerts) |✅|❌|
 
-
-<!--- 1: at additional costs.
-- [^2]: included as part of Windows Server and SQL Server management capabilities enabled by Azure Arc. For more information, see [Azure Hybrid Benefits for Windows Server](/windows-server/get-started/azure-hybrid-benefit?tabs=azure).
-- [^3]: included for VMs running on Azure and Azure Local instances.-->
-
 <a name="1"></a>1: At additional costs.
 
 <a name="2"></a>2: Included as part of Windows Server and SQL Server management capabilities enabled by Azure Arc. For more information, see [Azure Hybrid Benefits for Windows Server](/windows-server/get-started/azure-hybrid-benefit?tabs=azure).
@@ -113,4 +108,4 @@ The following table compares the management capabilities for Arc VMs, Arc-enable
 
 ## Next steps
 
-- Review [Azure Arc VM management prerequisites](../manage/azure-arc-vm-management-prerequisites.md).
+- Review [Azure Local VM management prerequisites](../manage/azure-arc-vm-management-prerequisites.md).
diff --git a/azure-local/concepts/security-features.md b/azure-local/concepts/security-features.md
@@ -5,7 +5,7 @@ author: alkohli
 ms.author: alkohli
 ms.topic: conceptual
 ms.service: azure-local
-ms.date: 03/06/2025
+ms.date: 03/24/2025
 ---
 
 # Security features for Azure Local
@@ -193,5 +193,5 @@ For more information, see:
 ## Next steps
 
 - [Assess deployment readiness via the Environment Checker](../manage/use-environment-checker.md).
-- [Read the Azure Local security book](https://assetsprod.microsoft.com/mpn/azure-stack-hci-security-book.pdf).
+- [Read the Azure Local security book](https://github.com/Azure-Samples/AzureLocal/blob/main/SecurityBook/Azure%20Local%20Security%20Book_01172025.pdf).
 - [View the Azure Local security standards](/azure-stack/hci/assurance/azure-stack-security-standards).
diff --git a/azure-local/manage/virtual-machine-operations.md b/azure-local/manage/virtual-machine-operations.md
