Sync release-ash-2501 with main

Sync release-ash-2501 with main

Author: sethmanheim

AKS-Arc/aks-arc-diagnostic-checker.md

@@ -1,19 +1,19 @@
 ---
 title: Use diagnostic checker to identify common causes for failures (preview)
-description: Learn how to diagnose common causes for failures 
+description: Learn how to diagnose common causes for failures in AKS Arc.
 ms.topic: troubleshooting
 author: sethmanheim
 ms.author: sethm
-ms.date: 06/17/2024
+ms.date: 01/30/2025
 ms.reviewer: abha
 
 #Customer intent: As an AKS user, I want to use the diagnostic checker to run diagnostic checks on my AKS cluster to find out common causes for AKS cluster create failure. 
 
 ---
 
-# Use diagnostic checker to diagnose and fix environment issues for AKS cluster creation failure (preview)
+# Use the diagnostic checker to diagnose and fix environment issues for AKS cluster creation failure (preview)
 
-It can be difficult to identify environment-related issues, such as networking configurations, that can result in an AKS cluster creation failure. The diagnostic checker is a PowerShell-based tool that can help identify AKS cluster creation failures due to potential issues in the environment.
+It can be difficult to identify environment-related issues, such as networking configurations, that can result in an AKS cluster creation failure. The diagnostic checker is a PowerShell-based tool that can help you identify AKS cluster creation failures due to potential issues in the environment.
 
 > [!NOTE]
 > You can only use the diagnostic checker tool if an AKS cluster was created, but is in a failed state. You can't use the tool if you don't see an AKS cluster on the Azure portal. If the AKS cluster creation fails before an Azure Resource Manager resource is created, [file a support request](aks-troubleshoot.md#open-a-support-request).
@@ -280,12 +280,12 @@ http-connectivity-required-url-test Failure Ensure that the logical network IP a
 
 The following table provides a summary of each test performed by the script, including possible causes for failure and recommendations for mitigation:
 
-| Test Name                        | Description                                                                 | Causes for failure                                                                                      | Mitigation Recommendations                                                                                                                                     |
+| Test name                        | Description                                                                 | Causes for failure                                                                                      | Mitigation Recommendations                                                                                                                                     |
 |--------------------------------------|---------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | cloud-agent-connectivity-test        | Checks whether the DNS server can resolve the MOC cloud agent FQDN and that the cloud agent is reachable from the control plane node VM. The cloud agent is created using one of the IP addresses from the [management IP pool](/azure-stack/hci/plan/cloud-deployment-network-considerations#management-ip-pool), on port 55000. The control plane node VM is given IP addresses from the Arc VM logical network. | Logical network IP addresses can't connect to management IP pool addresses due to: <br> - Incorrect DNS server resolution. <br> - Firewall rules. <br> - The logical network is in a different vlan than the management IP pool and there's no cross-vlan connectivity. | Make sure that the logical network IP addresses can connect to all the management IP pool addresses on the required ports. Check the [AKS network port and cross vlan requirements](aks-hci-network-system-requirements.md#network-port-and-cross-vlan-requirements) for a detailed list of ports that need to be opened. |
 | gateway-icmp-ping-test   | Checks whether the gateway specified in the logical network attached to the AKS cluster is reachable from the AKS cluster control plane node VM. | - Gateway is down or unreachable. <br>- Network routing issues between the AKS cluster control plane node VM and the gateway. <br>- Firewall blocking ICMP traffic. | - Ensure the gateway is operational.<br>- Verify routing configurations.<br>- Adjust firewall rules to allow ICMP traffic.                                              |
 | http-connectivity-required-url-test  | Checks whether the required URLs are reachable from the AKS cluster control plane node VM.                         | - Control plane node VM has no outbound internet access. <br> - Required URLs aren't allowed through the firewall.                           | Ensure that the logical network IP addresses have outbound internet access. If there's a firewall, ensure that the [AKS required URLs](aks-hci-network-system-requirements.md#firewall-url-exceptions) are accessible from the Arc VM logical network.  |
 
 ## Next steps
 
-If the problem persists, collect [AKS cluster logs](get-on-demand-logs.md) before [creating a support request](aks-troubleshoot.md#open-a-support-request).
+If the problem persists, collect [AKS cluster logs](get-on-demand-logs.md) before you [create a support request](aks-troubleshoot.md#open-a-support-request).

AKS-Arc/aks-edge-howto-deploy-azure-iot.md

@@ -10,10 +10,10 @@ ms.custom: template-how-to
 
 # Create and configure an AKS Edge Essentials cluster that can run Azure IoT Operations
 
-Azure Kubernetes Service (AKS) Edge Essentials is one of the supported cluster platforms for [Azure IoT Operations](/azure/iot-operations/overview-iot-operations). You can use AKS Edge Essentials to create a Microsoft-managed Kubernetes cluster and deploy Azure IoT Operations on it as a workload. This article describes the steps to run a script that creates an AKS Edge Essentials Kubernetes cluster with the required configurations for Azure IoT Operations and then connects that cluster to Azure Arc.
+Azure Kubernetes Service (AKS) Edge Essentials is one of the supported cluster platforms for [Azure IoT Operations](/azure/iot-operations/overview-iot-operations). You can use AKS Edge Essentials to create a Microsoft-managed Kubernetes cluster and deploy Azure IoT Operations on it as a workload. This article describes the steps to run a script that creates an AKS Edge Essentials Kubernetes cluster with the required configurations for Azure IoT Operations and then connects that cluster to Azure Arc. 
 
 > [!NOTE]
-> Azure IoT Operations supports AKS Edge Essentials when deployed on single machine clusters. Deploying clusters on multiple machines is an experimental feature.
+> Azure IoT Operations supports AKS Edge Essentials when deployed on k3s single machine clusters only. K8s clusters are not supported for AIO and deploying clusters on multiple machines is an experimental feature.
 
 ## Prerequisites for running the script
 
@@ -33,8 +33,8 @@ To run the script, you need the following prerequisites:
 
 The [AksEdgeQuickStartForAio.ps1](https://github.com/Azure/AKS-Edge/blob/main/tools/scripts/AksEdgeQuickStart/AksEdgeQuickStartForAio.ps1) script automates the process of creating and connecting a cluster, and is the recommended path for deploying Azure IoT Operations on AKS Edge Essentials. The script performs the following tasks:
 
-- Downloads the latest [AKS Edge Essentials MSI from this repo](https://github.com/Azure/aks-edge).
-- Installs AKS Edge Essentials, and deploys and creates a single machine Kubernetes cluster on your Windows machine.
+- Downloads the latest k3s [AKS Edge Essentials MSI from this repo](https://github.com/Azure/aks-edge).
+- Installs AKS Edge Essentials, and deploys and creates a single machine k3s cluster on your Windows machine.
 - Connects to the Azure subscription, creates a resource group if it doesn't already exist, and connects the cluster to Arc to create an Arc-enabled Kubernetes cluster.
 - Enables the custom location feature on the Arc-enabled Kubernetes cluster.
 - Enables the workload identity federation feature on the Arc-enabled Kubernetes cluster.

AKS-Arc/includes/data-allow-table.md

@@ -3,7 +3,7 @@ author: sethmanheim
 ms.author: sethm
 ms.service: azure-stack
 ms.topic: include
-ms.date: 08/28/2022
+ms.date: 01/30/2025
 ms.reviewer: abha
 ms.lastreviewed: 08/15/2022
 
@@ -20,8 +20,8 @@ ms.lastreviewed: 08/15/2022
 |  \<region>.dp.kubernetesconfiguration.azure.com | 443  | Required to onboard AKS hybrid clusters to Azure Arc. |
 | gbl.his.arc.azure.com | 443 | Required to get the regional endpoint for pulling system-assigned Managed Identity certificates. |
 | \*.his.arc.azure.com | 443 | Required to pull system-assigned Managed Identity certificates. |
-| k8connecthelm.azureedge.net	| 443 | Arc-enabled Kubernetes uses Helm 3 to deploy Azure Arc agents on the AKS on Azure Local management cluster. This endpoint is needed for the Helm client download to facilitate deployment of the agent helm chart.
-| \*.arc.azure.net| 443 | Required to manage AKS hybrid clusters in Azure portal. |
+| k8connecthelm.azureedge.net    | 443 | Arc-enabled Kubernetes uses Helm 3 to deploy Azure Arc agents on the AKS on Azure Local management cluster. This endpoint is needed for the Helm client download to facilitate deployment of the agent helm chart. |
+| \*.arc.azure.net| 443 | Required to manage AKS Arc clusters in the Azure portal. |
 | dl.k8s.io | 443 | Required to download and update Kubernetes binaries for Azure Arc. |
 |  akshci.azurefd.net | 443 | Required for AKS on Azure Local billing when running `Install-AksHci`. |
-|  v20.events.data.microsoft.com </br> gcs.prod.monitoring.core.windows.net | 443 | Used periodically to send Microsoft required diagnostic data from the Azure Local or Windows Server host. |
+|  v20.events.data.microsoft.com </br> gcs.prod.monitoring.core.windows.net | 443 | Used to periodically send Microsoft required diagnostic data from the Azure Local or Windows Server host. |

README.md

@@ -1,16 +1,19 @@
-# Azure Stack documentation
+# Azure Local, AKS on Azure Local, and Azure Stack documentation
 
-Welcome to the open source [documentation for Azure Stack](https://learn.microsoft.com/azure-stack). Azure Stack is a portfolio of products that extend Azure services and capabilities to your environment of choice—from the datacenter to edge locations and remote offices. Azure Stack portfolio includes the following products:
+Welcome to the open source documentation for [Azure Local](https://azure.microsoft.com/products/local/?msockid=38168d9a81d967bd04fb9e7d803166bd), [Azure Kubernetes Service (AKS) on Azure Local](./AKS-Arc/cluster-architecture.md), and [Azure Stack](https://learn.microsoft.com/azure-stack).
 
-- Azure Local
-- Azure Stack HCI
-- Azure Kubernetes Service (AKS) enabled by Azure Arc
-- Azure Stack Hub
-- Azure Managed Lustre File System
+- **Azure Local** is a distributed infrastructure solution enabled by Azure Arc that lets you run virtual machines, containers, and select Azure services.
 
-## Contribute to the Azure Stack documentation
+- **AKS on Azure Local** is an enterprise-grade Kubernetes container platform. It includes Microsoft-supported core Kubernetes, a purpose-built Windows container host, and a Microsoft-supported Linux container host, providing a simple deployment and lifecycle management experience.
 
-Read our [Contributor Guide](https://learn.microsoft.com/contribute/content/) to learn about how to contribute to the Azure Stack documentation.
+- **Azure Stack** is a portfolio of products that extend Azure services and capabilities to your environment of choice, from the datacenter to edge locations and remote offices. The Azure Stack portfolio includes the following products:
+
+    - Azure Stack Hub
+    - Azure Stack Edge
+
+## Contribute to the repository
+
+Read our [Contributor Guide](https://learn.microsoft.com/contribute/content/) to learn about how to contribute to this repository.
 
 ## License
 

azure-local/migrate/media/migrate-vmware-replicate/add-target-cluster-information-2.png

@@ -338,6 +338,15 @@ Here are the summarized considerations for DNS servers addresses
 |2     | The infrastructure IP address range DNS servers must be the same used for the nodes.       |
 |3     | Azure Resource Bridge VM control plane and AKS control plane will use the DNS Servers configured on the infrastructure IP address range.      |
 |4     | It is not supported to change the DNS servers after deployment. Make sure you plan your DNS strategy before doing the Azure Local deployment.       |
+|5     | When defining an array of multiple DNS servers on an ARM template for the Infrastructure network, make sure each value is within quotes "" and separated by commas, as in the following example.  |
+
+```powershell
+"dnsServers": [
+                        "10.250.16.124",
+                        "10.250.17.232",
+                        "10.250.18.107"
+                    ]
+```
 
 ### Proxy requirements
 

azure-local/migrate/media/migrate-vmware-replicate/add-target-cluster-information-22.png

@@ -8,6 +8,8 @@
     items:
     - name: Security updates
       href: release-notes-security-updates.md
+    - name: Microsoft Entra ID Graph API retirement
+      href: graph-api-retirement.md
     - name: Release notes
       href: release-notes.md
     - name: Hotfixes