Sync release-ash-2501 with main

Sync release-ash-2501 with main

Author: sethmanheim

AKS-Arc/aks-arc-diagnostic-checker.md

@@ -102,7 +102,7 @@ $urlArray = @(
     "https://login.windows.net",
     "https://mcr.microsoft.com",
     "https://gbl.his.arc.azure.com",
-    "https://k8connecthelm.azureedge.net",
+    "https://k8connecthelm.download.prss.microsoft.com",
     "https://guestnotificationservice.azure.com",
     "https://sts.windows.net",
     "https://graph.microsoft.com"

AKS-Arc/aks-vmware-networking-concepts.md

@@ -89,8 +89,8 @@ For deployment and operation of Kubernetes clusters, the following URLs must be
 |linuxgeneva-microsoft.azurecr.io    | HTTPS/443 |
 |gcr.io    | HTTPS/443 |
 |aka.ms    | HTTPS/443 |
-|k8connecthelm.azureedge.net | HTTPS/443 |
-|k8sconnectcsp.azureedge.net | HTTPS/443 |
+|k8connecthelm.download.prss.microsoft.com | HTTPS/443 |
+|k8sconnectcsp.download.prss.microsoft.com | HTTPS/443 |
 |.blob.core.windows.net | HTTPS/443 |
 
 ## Next steps

AKS-Arc/create-clusters-terraform.md

@@ -4,7 +4,7 @@ description: Learn how to create Kubernetes clusters using Terraform.
 author: sethmanheim
 ms.author: sethm
 ms.topic: how-to
-ms.date: 11/15/2024
+ms.date: 02/10/2025
 
 ---
 
@@ -51,7 +51,11 @@ To create an SSH key pair (same as Azure AKS), use the following procedure:
 
 ## Sign in to Azure
 
-Terraform only supports authenticating to Azure with the Azure CLI. Authenticating using Azure PowerShell isn't supported. Therefore, while you can use the Azure PowerShell module when doing your Terraform work, you must first [authenticate to Azure](/azure/developer/terraform/authenticate-to-azure).
+Terraform only supports authenticating to Azure with the Azure CLI using [`az login`](/cli/azure/reference-index#az-login). Authenticating using Azure PowerShell isn't supported. Therefore, while you can use the Azure PowerShell module when doing your Terraform work, you must first [authenticate to Azure](/azure/developer/terraform/authenticate-to-azure):
+
+```azurecli
+az login 
+```
 
 ## Implement the Terraform code
 
@@ -114,9 +118,9 @@ Run [`terraform init`](https://www.terraform.io/docs/commands/init.html) to
 terraform init -upgrade
 ```
 
-## Create a Terraform execution plan and apply the plan
+## Create a Terraform execution plan and apply
 
-Run [terraform plan](https://www.terraform.io/docs/commands/plan.html) to create an execution plan, then run [terraform apply](https://www.terraform.io/docs/commands/apply.html) to apply the output file to your cloud infrastructure:
+Make sure you run [`az login`](/cli/azure/reference-index#az-login) and authenticate to Azure before this step, otherwise applying the Terraform plan fails. Run [`terraform plan`](https://www.terraform.io/docs/commands/plan.html) to create an execution plan, then run [`terraform apply`](https://www.terraform.io/docs/commands/apply.html) to apply the output file to your cloud infrastructure:
 
 ```terraform
 terraform plan -out main.tfplan 

AKS-Arc/includes/data-allow-table.md

@@ -20,7 +20,7 @@ ms.lastreviewed: 08/15/2022
 |  \<region>.dp.kubernetesconfiguration.azure.com | 443  | Required to onboard AKS hybrid clusters to Azure Arc. |
 | gbl.his.arc.azure.com | 443 | Required to get the regional endpoint for pulling system-assigned Managed Identity certificates. |
 | \*.his.arc.azure.com | 443 | Required to pull system-assigned Managed Identity certificates. |
-| k8connecthelm.azureedge.net    | 443 | Arc-enabled Kubernetes uses Helm 3 to deploy Azure Arc agents on the AKS on Azure Local management cluster. This endpoint is needed for the Helm client download to facilitate deployment of the agent helm chart. |
+| k8connecthelm.download.prss.microsoft.com    | 443 | Arc-enabled Kubernetes uses Helm 3 to deploy Azure Arc agents on the AKS on Azure Local management cluster. This endpoint is needed for the Helm client download to facilitate deployment of the agent helm chart. |
 | \*.arc.azure.net| 443 | Required to manage AKS Arc clusters in the Azure portal. |
 | dl.k8s.io | 443 | Required to download and update Kubernetes binaries for Azure Arc. |
 |  akshci.azurefd.net | 443 | Required for AKS on Azure Local billing when running `Install-AksHci`. |

AKS-Arc/supported-kubernetes-versions.md

@@ -3,10 +3,10 @@ title: Supported Kubernetes versions for AKS enabled by Azure Arc
 description: Understand the Kubernetes version support policy and lifecycle of clusters for Azure Kubernetes Service enabled by Azure Arc.
 services: container-service
 ms.topic: article
-ms.date: 11/22/2024
+ms.date: 02/10/2025
 author: sethmanheim
 ms.author: sethm 
-ms.lastreviewed: 1/14/2022
+ms.lastreviewed: 02/10/2025
 ms.reviewer: abha
 
 # Intent: As an IT Pro, I want to know how Kubernetes versions are supported, as well as the lifecycle of clusters in AKS enabled by Azure Arc.
@@ -40,16 +40,22 @@ You should install the latest patch release of the minor version you're running.
 
 ## AKS Arc Kubernetes release calendar
 
-The following table lists the current supported Kubernetes released versions on AKS Arc:
-
-|  K8s version | Supported Azure Local versions | Current status | Last release with Kubernetes patch/CVE updates |
+|  K8s minor version | Supported Azure Local versions | Current status | Last release with Kubernetes patch/CVE updates |
 |--------------|-------------------|--------------|------------|
 | 1.30 | TBD | Upcoming | TBD |
 | 1.29 | [2411](aks-whats-new-23h2.md#features-and-improvements), [2408](aks-whats-new-23h2.md#release-2408) | Generally available | TBD |
 | 1.28 | [2411](aks-whats-new-23h2.md#features-and-improvements), [2408](aks-whats-new-23h2.md#release-2408), [2405](aks-whats-new-23h2.md#release-2405) | Generally available | TBD |
 | 1.27 | [2411](aks-whats-new-23h2.md#features-and-improvements), [2408](aks-whats-new-23h2.md#release-2408), [2405](aks-whats-new-23h2.md#release-2405), 2402 | Generally available | 2411 release |
 | 1.26 | [2405](aks-whats-new-23h2.md#release-2405), 2402 and older | No more patch versions/CVE updates | 2405 release |
 
+### AKS Arc supported Kubernetes minor and patch versions per release
+
+| Release             | Supported minor & patch versions                 |
+|---------------------|--------------------------------------------------|
+| 2411                | 1.27.7, 1.27.9, 1.28.5, 1.28.9, 1.29.2, 1.29.4   |
+| 2408                | 1.27.7, 1.27.9, 1.28.5, 1.28.9, 1.29.2, 1.29.4   |
+| 2405                | 1.26.10, 1.26.12, 1.27.7, 1.27.9, 1.28.3, 1.28.5 |
+
 ## Kubernetes version support policy
 
 AKS defines a generally available (GA) version as a version that's available for download when deploying or updating AKS enabled by Arc. AKS supports three GA minor versions of Kubernetes:

azure-local/concepts/compare-vm-management-capabilities.md

@@ -4,7 +4,7 @@ description: Learn about the kinds of virtual machines (VMs) that can run on Azu
 ms.topic: conceptual
 author: ManikaDhiman
 ms.author: v-manidhiman
-ms.date: 02/04/2025
+ms.date: 02/07/2025
 ---
 
 # Compare management capabilities of Azure Local VMs
@@ -48,7 +48,13 @@ The following table compares the provisioning and management methods for the var
 
 The following table compares the management capabilities for Arc VMs, Arc-enabled servers, and non-Arc VMs across various operations and features available through the Azure portal:
 
-|Management capability|Arc VMs|Arc-enabled servers|Non-Arc VMs|
+> [!IMPORTANT]
+> Keep in mind the following information when comparing VM management capabilities:
+>- Microsoft Product Terms for your program override this section. For more information, see [Microsoft Azure Product Terms](https://www.microsoft.com/licensing/#products) and select your program to show the terms.
+>- Some services, even if included in Azure Hybrid Benefits, may incur operational costs, such as storing log data. For more information, see [Azure Pricing calculator](https://azure.microsoft.com/pricing/calculator/).
+>- Some key features are part of the Windows Server Management enabled by Azure Arc experience. For more information, see [Windows Server Management enabled by Azure Arc](/azure/azure-arc/servers/windows-server-management-overview?tabs=portal).
+
+|Azure VM management capability|Arc VMs|Arc-enabled servers|Non-Arc VMs|
 |:-----|:-----:|:-----:|:-----:|
 | **Settings** |
 | - Start|✅|❌|❌|
@@ -75,12 +81,13 @@ The following table compares the management capabilities for Arc VMs, Arc-enable
 | - Automanage |✅|❌|❌|
 | - Run command |✅|✅|❌|
 | - SQL Server Configuration |✅|✅|❌|
-| - Updates | ✅ <br>(free) | ✅ <br>(additional cost) | ❌ |
-| - Inventory |✅|✅|❌|
-| - Change tracking |✅|✅|❌|
+| - Azure Update Manager | ✅ <br>[3](#3) | ✅ <br>[1](#1) and [2](#2)  | ❌ |
+| - Inventory |✅|✅  <br>[1](#1) and [2](#2) |❌|
+| - Change tracking |✅|✅  <br>[1](#1) and [2](#2) |❌|
+| - Extended Security Updates | ✅ <br>[3](#3) | ✅ <br>[3](#3) | ❌ |
 | **Windows management** |
-| - Windows Admin Center |❌|✅|❌|
-| - Best Practices Assessment |✅|✅|❌|
+| - Windows Admin Center |❌|✅  <br>[1](#1) and [2](#2) |❌|
+| - Best Practices Assessment |✅|✅  <br>[1](#1) and [2](#2) |❌|
 | **Monitoring** |
 | - Azure Monitor |✅|✅|❌|
 | - Insights|✅|✅|❌|
@@ -94,6 +101,17 @@ The following table compares the management capabilities for Arc VMs, Arc-enable
 | - Export template |✅|❌|❌|
 | - Resource health |❌ <br>(Use Alerts) |✅|❌|
 
+
+<!--- 1: at additional costs.
+- [^2]: included as part of Windows Server and SQL Server management capabilities enabled by Azure Arc. For more information, see [Azure Hybrid Benefits for Windows Server](/windows-server/get-started/azure-hybrid-benefit?tabs=azure).
+- [^3]: included for VMs running on Azure and Azure Local instances.-->
+
+<a name="1"></a>1: At additional costs.
+
+<a name="2"></a>2: Included as part of Windows Server and SQL Server management capabilities enabled by Azure Arc. For more information, see [Azure Hybrid Benefits for Windows Server](/windows-server/get-started/azure-hybrid-benefit?tabs=azure).
+
+<a name="3"></a>3: Included for VMs running on Azure and Azure Local instances.
+
 ## Next steps
 
 - Review [Azure Arc VM management prerequisites](../manage/azure-arc-vm-management-prerequisites.md).

azure-local/deploy/azure-verification.md

@@ -7,7 +7,7 @@ ms.topic: overview
 ms.custom:
   - devx-track-azurepowershell
 ms.reviewer: jlei
-ms.date: 10/22/2024
+ms.date: 02/03/2025
 ms.lastreviewed: 03/05/2024
 ms.service: azure-local
 ---
@@ -18,9 +18,9 @@ ms.service: azure-local
 
 Microsoft Azure offers a range of differentiated workloads and capabilities that are designed to run only on Azure. Azure Local extends many of the same benefits you get from Azure, while running on the same familiar and high-performance on-premises or edge environments.
 
-*Azure verification for VMs* makes it possible for supported Azure-exclusive workloads to work outside of the cloud. This feature, modeled after the [IMDS attestation](/azure/virtual-machines/windows/instance-metadata-service?tabs=windows#attested-data) service in Azure, is a built-in platform attestation service that is enabled by default on Azure Local, version 23H2 or later. It helps to provide guarantees for these VMs to operate in other Azure environments.
+*Azure verification for VMs* makes it possible for supported Azure-exclusive workloads to work outside of the cloud. This feature, modeled after the [IMDS attestation](/azure/virtual-machines/windows/instance-metadata-service?tabs=windows#attested-data) service in Azure, is a built-in platform attestation service that is enabled by default on Azure Local. It helps to provide guarantees for these VMs to operate in other Azure environments.
 
-For more information about the previous version of this feature on Azure Local, version 22H2 or earlier, see [Azure Benefits on Azure Local](../manage/azure-benefits.md).
+For more information about the previous version of this feature, version 22H2 or earlier, see [Azure Benefits on Azure Local](../manage/azure-benefits.md).
 
 ## Benefits available on Azure Local
 
@@ -39,14 +39,14 @@ Azure verification for VM enables you to use these benefits available only on Az
 
 ## Manage Azure VM verification
 
-Azure VM verification is automatically enabled by default in Azure Local, version 23H2 or later. The following instructions outline the prerequisites for using this feature and steps for managing benefits (optional).
+Azure VM verification is automatically enabled by default in Azure Local. The following instructions outline the prerequisites for using this feature and steps for managing benefits (optional).
 
 > [!NOTE]
 > To enable Extended Security Updates (ESUs), you must do additional setup and turn on [legacy OS support](#legacy-os-support).
 
 ### Host prerequisites
 
-- Make sure that you have access to Azure Local, version 23H2. All machines must be online, registered, and the system deployed. For more information, see [Register your machines with Arc](./deployment-arc-register-server-permissions.md) and see [Deploy via Azure portal](deploy-via-portal.md).
+- Make sure that you have access to Azure Local. All machines must be online, registered, and the system deployed. For more information, see [Register your machines with Arc](./deployment-arc-register-server-permissions.md) and see [Deploy via Azure portal](deploy-via-portal.md).
 - [Install Hyper-V and RSAT-Hyper-V-Tools](/windows-server/virtualization/hyper-v/get-started/install-the-hyper-v-role-on-windows-server).
 - (Optional) If you're using Windows Admin Center, you must install Cluster Manager extension (version 2.319.0) or later.
 
@@ -341,9 +341,9 @@ No. Turning on Azure VM verification incurs no extra fees.
 
 No. Azure VM verification is a feature built into Azure Local, and can only be used on Azure Local.
 
-### If I just upgraded to version 23H2 from 22H2, and I previously turned on the Azure Benefits feature, do I need to do anything new?
+### If I just upgraded from 22H2, and I previously turned on the Azure Benefits feature, do I need to do anything new?
 
-If you upgraded a system that previously had [Azure Benefits on Azure Local](../manage/azure-benefits.md) set up for your workloads, you don't need to do anything when you upgrade to Azure Local, version 23H2. When you upgrade, the feature remains enabled, and legacy OS support is turned on as well. However, if you want to use an improved way of doing VM-to-host communication through VM Bus in version 23H2, make sure that you have the required [host prerequisites](#host-prerequisites) and the [VM prerequisites](#vm-prerequisites).
+If you upgraded a system that previously had [Azure Benefits on Azure Local](../manage/azure-benefits.md) set up for your workloads, you don't need to do anything when you upgrade to Azure Local. When you upgrade, the feature remains enabled, and legacy OS support is turned on as well. However, if you want to use an improved way of doing VM-to-host communication through VM Bus, make sure that you have the required [host prerequisites](#host-prerequisites) and the [VM prerequisites](#vm-prerequisites).
 
 ### I just set up Azure VM verification on my system. How do I ensure that Azure VM verification stays active?
 

azure-local/deploy/deploy-via-portal.md

@@ -3,7 +3,7 @@ title: Deploy an Azure Local instance using the Azure portal
 description: Learn how to deploy an Azure Local instance from the Azure portal
 author: alkohli
 ms.topic: how-to
-ms.date: 11/07/2024
+ms.date: 02/10/2025
 ms.author: alkohli
 ms.service: azure-local
 #CustomerIntent: As an IT Pro, I want to deploy an Azure Local instance of 1-16 machines via the Azure portal so that I can host VM and container-based workloads on it.
@@ -238,6 +238,10 @@ If your deployment fails, you can rerun the deployment. In your Azure Local inst
 
 After the deployment is complete, you may need to perform some additional tasks to secure your system and ensure it's ready for workloads.
 
+### Enable Health monitoring
+
+To monitor storage pool consumption, use the steps in [Enable health alerts](../manage/health-alerts-via-azure-monitor-alerts.md) to receive alerts in Azure portal. An alert is created when the storage pool reaches 70%.
+
 ### Enable RDP
 
 For security reasons, Remote Desktop Protocol (RDP) is disabled and the local administrator renamed after the deployment completes on Azure Local instances. For more information on the renamed administrator, go to [Local builtin user accounts](../concepts/other-security-features.md#about-local-built-in-user-accounts).

azure-local/deploy/sdn-express-23h2.md

@@ -3,7 +3,7 @@ title: Deploy an SDN infrastructure using SDN Express for Azure Local, version 2
 description: Learn to deploy an SDN infrastructure using SDN Express for Azure Local, version 23h2.
 author: alkohli 
 ms.topic: how-to 
-ms.date: 01/16/2025
+ms.date: 02/07/2025
 ms.author: alkohli 
 ms.reviewer: anirbanpaul 
 ---
@@ -185,7 +185,8 @@ The SDN Express script deploys your specified SDN infrastructure. When the scrip
 1. Run the following command from a user account with administrative credentials for the host machines:
 
     ```powershell
-    .\SDNExpress.ps1 -ConfigurationDataFile MultiNodeSampleConfig.psd1 -Verbose
+    $cred=Get-credential
+    .\SDNExpress.ps1 -ConfigurationDataFile MultiNodeSampleConfig.psd1 -DomainJoinCredential $cred -NCCredential $cred -LocalAdminCredential $cred -Verbose
     ```
 
 1. After the NC VMs are created, configure dynamic DNS updates for the Network Controller cluster name on the DNS server. For more information, see [Dynamic DNS updates](../concepts/network-controller.md#dynamic-dns-updates).

azure-local/manage/azure-arc-vm-management-prerequisites.md

@@ -5,7 +5,8 @@ author: alkohli
 ms.author: alkohli
 ms.topic: how-to
 ms.service: azure-local
-ms.date: 01/08/2025
+ms.date: 02/03/2025
+
 ---
 
 # Azure Arc VM management prerequisites
@@ -43,7 +44,7 @@ For Arc VM images to be used on Azure Local, make sure to satisfy the following
 
 ## Firewall requirements
 
-Make sure the requirements as listed in [Required firewall URLs for Azure Local, version 23H2 deployments](../concepts/firewall-requirements.md#required-firewall-urls-for-azure-local-version-23h2-deployments) are satisfied to allow communication between the Arc VMs running on Azure Local and Azure Arc.
+Make sure the requirements as listed in [Required firewall URLs for Azure Local deployments](../concepts/firewall-requirements.md#required-firewall-urls-for-azure-local-version-23h2-deployments) are satisfied to allow communication between the Arc VMs running on Azure Local and Azure Arc.
 
 ## Azure Command-Line Interface (CLI) requirements