resolved merge conflict

Author: Manika Dhiman

AKS-Arc/TOC.yml

@@ -181,11 +181,12 @@
       href: check-vm-sku.md
     - name: Connectivity issues with MetalLB
       href: load-balancer-issues.md 
-
   - name: Reference
     items:
     - name: Azure CLI
       href: /cli/azure/aksarc
+    - name: Azure PowerShell
+      href: /powershell/module/az.aksarc/
     - name: REST API reference
       href: /rest/api/hybridcontainer/operation-groups
   - name: Resources

azure-local/concepts/observability.md

@@ -3,7 +3,7 @@ title: Azure Local observability
 description: Learn about observability in Azure Local.
 author: alkohli
 ms.author: alkohli
-ms.date: 10/18/2024
+ms.date: 04/25/2025
 ms.topic: conceptual
 ms.service: azure-local
 ---
@@ -109,6 +109,36 @@ The following table describes the types of data, their storage location, default
 | Metrics | Metrics are numerical values collected at regular intervals, describing aspects of a system. | Metrics data is sent to the respective region in which resource is deployed. | Enabled by default and can be disabled anytime. | Platform metrics are stored for 93 days, however, you can only query (in the Metrics tile) for a maximum of 30 days' worth of data on any single chart. | You can use metrics explorer to interactively analyze the data in your metric database. |
 | Billing and census | Billing data includes the system ID and the number of physical cores and hours used. Census data is required to enable basic management from Azure and includes system information (system name and ID, system connection status, storage pool ID, trial days remaining and billing model), machine information (number of machines, machine name, OS version, machine manufacturer, model and serial number, number of physical cores and memory size), and basic configuration such as, enablement of Azure verification for VMs, Azure managed identity and diagnostics level setting. | Billing and census data is sent to the respective resource region where the customer registered the device. | Billing is always enabled as it is required to charge for Azure Local usage. Census data is also always enabled, as it includes the minimal information required to manage Azure Local from Azure. | Data is deleted when the resource is deleted, except for billing data, which is retained. | To view billing data, navigate to the Azure Local system resource page in Azure portal, select **Overview** in the left pane, in the Essentials section select the **Billing status** link, followed by **View Cost Management**. To view census data, select **JSON View** located in the top right corner of the Essentials section. |
 
+## Crash dump collection
+
+Crash dump collection is a feature in Azure Local that allows for the automatic collection, analysis, and debugging of crashes. The data collected from a crash, referred to as the crash dump, is used for analysis and debugging.
+
+### Key features
+
+Here are the key features of crash dump collection for Azure Local:
+
+- **Automatic collection and analysis.** Automatically gathers data from Azure Local crashes and analyzes it to pinpoint the root causes of failures, aiding in quick diagnosis and resolution. This minimizes downtime and enhances service reliability.
+- **Compliance and security.** Ensures crash data is handled securely and in compliance with data protection regulations across all Azure regions and national clouds.
+- **Customizable settings.** Enabled by default for optimal performance and reliability, but can be disabled using specific commands if necessary. However, we recommend to keep it enabled to benefit from its diagnostic capabilities.
+
+### Prerequisites
+
+To use the crash dump collection feature, install the `AzureEdgeTelemetryAndDiagnostics` extension, version 2.0.18 or later. For information about the extension, see [Azure Local telemetry and diagnostics extension overview](./telemetry-and-diagnostics-overview.md).
+
+### Disable crash dump collection
+
+To disable the crash dump collection capability, use the following command:
+
+```powershell
+Set-EdgeCrashDumpCollection -SetState Disable
+```
+
+To re-enable it, use the following command:
+
+```powershell
+Set-EdgeCrashDumpCollection -SetState Enable
+```
+
 ## Next steps
 
 - [Azure Local telemetry and diagnostics extension](./telemetry-and-diagnostics-overview.md)

azure-local/concepts/system-requirements-23h2.md

@@ -6,7 +6,7 @@ ms.author: alkohli
 ms.topic: how-to
 ms.service: azure-local
 ms.custom: references_regions
-ms.date: 04/03/2025
+ms.date: 04/25/2025
 ---
 
 # System requirements for Azure Local
@@ -32,6 +32,10 @@ Here are the Azure requirements for your Azure Local instance:
 
 - **Azure regions**: Azure Local is supported for the following regions:
 
+   # [Azure public](#tab/azure-public)
+
+   These public regions support geographic locations worldwide, for clusters deployed anywhere in the world:
+
    - East US
    - West Europe
    - Australia East
@@ -41,6 +45,15 @@ Here are the Azure requirements for your Azure Local instance:
    - Japan East
    - South Central US
 
+
+   # [Azure Government (Preview)](#tab/azure-government)
+
+   Regions supported in the Azure Government cloud:
+
+   - US Gov Virginia
+
+   ---
+
 - **Azure Key Vault**: Make sure to enable public network access when you set up a key vault. This setting allows Azure Local instances to connect to the key vault without any access issues.
 
 ## Machine and storage requirements

azure-local/deploy/download-23h2-software.md

@@ -5,7 +5,7 @@ author: alkohli
 ms.author: alkohli
 ms.topic: how-to
 ms.service: azure-local
-ms.date: 04/23/2025
+ms.date: 04/28/2025
 ---
 
 # Download operating system for Azure Local deployment
@@ -34,7 +34,8 @@ Before you begin the download of the software from Azure portal, ensure that you
 ## Download the software from the Azure portal
 
 > [!IMPORTANT]
-> English is the only supported language for the deployment.
+> - English is the only supported language for the deployment.
+> - For deployments in Azure Government only, download the OS image from the following location: [OS image](https://aka.ms/hcireleaseimage).
 
 Follow these steps to download the software:
 

azure-local/deploy/single-server.md

@@ -23,7 +23,7 @@ Currently you can't use Windows Admin Center to deploy Azure Stack HCI on a sing
 
 ## Prerequisites
 
-- A server from the [Azure Stack HCI Catalog](https://hcicatalog.azurewebsites.net/#/catalog) certified for use as a single-node cluster and configured with all NVMe or all SSD drives.
+- A server from the [Azure Stack HCI Catalog](https://azurelocalsolutions.azure.microsoft.com/#/catalog) certified for use as a single-node cluster and configured with all NVMe or all SSD drives.
 - For network, hardware and other requirements, see [Azure Stack HCI network and domain requirements](../deploy/operating-system.md#determine-hardware-and-network-requirements).
 - Optionally, [install Windows Admin Center](/windows-server/manage/windows-admin-center/deploy/install) to register and manage the server after it's deployed.
 

azure-local/known-issues.md

@@ -3,7 +3,7 @@ title: Release notes with fixed and known issues in Azure Local
 description: Read about the known issues and fixed issues in Azure Local.
 author: alkohli
 ms.topic: conceptual
-ms.date: 04/29/2025
+ms.date: 04/28/2025
 ms.author: alkohli
 ms.reviewer: alkohli
 ---
@@ -58,6 +58,7 @@ The following table lists the known issues in this release:
 |---------|---------|---------|
 | Add server <br> Repair server <!--32447442--> | The `Add-server` and `Repair-server` cmdlets fail with the error: <br> `Cluster Build ID matches node to add's Build ID`. | Use the OS image of the same solution version as that running on the existing cluster. To get the OS image, contact Microsoft Support or OEM Support. |
 
+
 ## Known issues from previous releases
 
 The following table lists the known issues from previous releases:
@@ -92,7 +93,7 @@ The following table lists the known issues from previous releases:
 
 ## Expected system behavior
 
-The following table lists the expected behavior of Azure Local solution, which are not bugs or limitations.
+The following table lists the system behavior, which is by design and shouldn't be considered as bugs or limitations.
 
 | Feature  | Behavior  |  Workaround |
 |---------|---------|---------|
@@ -153,6 +154,8 @@ The following table lists the known issues in this release:
 | Updates <!--32073115--> | Updating to 2503.0.13 failed `Update PreRequisites` for Role 'MocArb' with exception: `SyntaxWarning: invalid escape sequence '\W' at CheckAndInstall-CliExtensions`. | For detailed steps on how to resolve this issue, see the [Troubleshooting guide](https://github.com/Azure/AzureLocal-Supportability/blob/main/TSG/Update/).  |
 | Security vulnerability <!--32074481--> | There is a known security vulnerability in this release that may affect security scans for the updates. For more information, see [Azure Arc Installer vulnerability CVE-2025-26627 - Host](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26627) |  |
 | Azure Local VMs <!--32074457O--> | There is a known security vulnerability in this release that may affect security scans for the updates. For more information, see [Azure Arc Installer vulnerability CVE-2025-26627 - Guest](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26627)  |  |
+| Microsoft Defender for Cloud <br><br> Azure Government <!--32555179-->| In the Azure Government cloud, Microsoft Defender for Cloud recommendations for Azure Local do not show up in the Microsoft Defender for Cloud portal.|  |
+| Metrics <br><br> Azure Government <!--IcM-620345316-->| Metrics from Azure Local clusters in the Azure Government cloud fail to reach Azure. As a result, metrics don't show up in the Monitoring, Metrics, or workbook graphs. Metrics based alerts aren't triggered and new alerts can't be set up.|  |
 
 
 ## Known issues from previous releases

azure-local/manage/manage-security-with-defender-for-cloud.md

@@ -4,7 +4,8 @@ description: This article describes how to use Microsoft Defender for Cloud to s
 author: alkohli
 ms.author: alkohli
 ms.topic: how-to
-ms.date: 04/09/2025
+ms.date: 04/23/2025
+
 ms.service: azure-local
 ---
 
@@ -32,15 +33,16 @@ Before you begin, make sure that the following prerequisites are completed:
 Follow these steps to enable Defender for Cloud for Azure Local.
 
 - Step 1: Turn on Foundational CSPM.
-- Step 2: Turn on Defender for Servers for individual machines and Azure Local VMs enabled by Arc.
+- Step 2: Turn on Defender for Servers for individual machines and Azure Local virtual machines (VMs) enabled by Azure Arc.
+
 
 ### Step 1: Turn on Foundational CSPM
 
 This step turns on the basic Defender for Cloud plan—at no extra cost. This plan lets you monitor and identify the steps that you can take to secure Azure Local, along with other Azure and Arc resources. For instructions, see [Enable Defender for Cloud on your Azure subscription](/azure/defender-for-cloud/connect-azure-subscription#enable-defender-for-cloud-on-your-azure-subscription).
 
 ### Step 2: Turn on Defender for Servers for individual machines and Azure Local VMs
 
-This step gets you enhanced security features including security alerts for individual machines and VMs.
+This step gets you enhanced security features including security alerts for individual machines and Azure Local VMs.
 
 To do so, follow all the instructions in the [Enable the Defender for Servers plan](/azure/defender-for-cloud/tutorial-enable-servers-plan#enable-the-defender-for-servers-plan) section, which includes:
 
@@ -100,11 +102,27 @@ After you've [enabled Defender for Cloud for Azure Local](#enable-defender-for-c
 
    To learn more about the security recommendations specific to Azure Local, refer to the [Azure compute recommendations](/azure/defender-for-cloud/recommendations-reference-compute#azure-compute-recommendations) section in the [Compute security recommendations](/azure/defender-for-cloud/recommendations-reference-compute) article.
 
-## Monitor servers and Azure Local VMs
+### Security recommendation exclusions
+
+You can ignore the Windows Defender for Cloud recommendations below for storage accounts and Azure Key Vaults that are associated with Azure Local instances. However, don't ignore these recommendations for other storage accounts and Azure Key Vaults you may have.
+
+| Affected resource | Recommendation | Exclusion reason |
+| --- | --- | --- |
+| Storage account | Storage accounts should have infrastructure encryption. | Storage account encryption isn't supported for Azure Local instances because it doesn't allow passing in an encryption key. |
+| Storage account | Storage accounts should prevent shared key access. | Azure Local supports accessing storage accounts exclusively through shared keys. |
+| Storage account | Storage account should use a private link connection. | Azure Local doesn't currently support private link connections. |
+| Azure Key Vault | Azure Key Vaults should use a private link. | Azure Local doesn't currently support private link connections. |
+| Machine – Azure Arc | Windows Defender Exploit Guard should be enabled on Azure Local machines. | Windows Defender Exploit Guard isn't applicable to server-core SKUs without a GUI such as the Azure Local OS. |
+| Machine – Azure Arc | Azure Local machines should be configured to periodically check for missing system updates. | Azure Local machines shouldn't be updated individually. Use the Azure Local section in Azure Update Manager to update multiple systems or the Updates page on the Azure Local resource view whenever an update is available for the Azure Local instance. Updating individual machines could result in a mixed-mode state, which isn't supported. |
+| Machine – Azure Arc | System updates should be installed on your Azure Local machines using Azure Update Manager. | Azure Local machines shouldn't be updated individually. Utilize the Azure Local section in Azure Update Manager to update multiple systems or the Updates page on the Azure Local resource view whenever an update is available for the Azure Local instance. Updating individual machines could result in a mixed-mode state, which isn't supported. |
+| Machine – Azure Arc | Azure Local machines should have a vulnerability assessment solution. | Microsoft Defender Vulnerability Management doesn't currently support Azure Local. |
 
-Go to the Microsoft Defender for Cloud portal to monitor alerts for individual servers and VMs running on Azure Local. You can utilize the regulatory compliance and attack path analysis features, among other enhanced security features.
+## Monitor Azure Local machines and Azure Local VMs
+
+Go to the Microsoft Defender for Cloud portal to monitor alerts for individual Azure Local machines and Azure Local VMs.
+
+Follow these steps to access the Microsoft Defender for Cloud portal's pages to monitor individual servers and Azure Local VMs:
 
-Follow these steps to access the Microsoft Defender for Cloud portal's pages to monitor individual servers and VMs:
 
 1. Sign into the Azure portal, and search for and select **Microsoft Defender for Cloud**.
 
@@ -114,6 +132,7 @@ Follow these steps to access the Microsoft Defender for Cloud portal's pages to
 
    :::image type="content" source="./media/manage-security-with-defender-for-cloud/defender-for-cloud-overview.png" alt-text="Screenshot of the Defender for Cloud Overview page." lightbox="./media/manage-security-with-defender-for-cloud/defender-for-cloud-overview.png" :::
 
+
 ## Next steps
 
 - [Review the deployment checklist and install Azure Local](../deploy/deployment-checklist.md).

azure-local/security-update/security-update.md

@@ -143,7 +143,7 @@ This security update includes quality improvements. Below is a summary of the ke
 
     Data to be set: 1 
 
-For more information about security vulnerabilities, see the [Security Update Guide](https://portal.msrc.microsoft.com/security-guidance) and the [February 2025 Security Updates](https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb).
+For more information about security vulnerabilities, see the [Security Update Guide](https://portal.msrc.microsoft.com/security-guidance) and the [March 2025 Security Updates](https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar).
 
 ## Known issues
 
@@ -171,7 +171,7 @@ To install the LCU on your Azure Local instance, see [Update Azure Stack Local i
 
 ## File list
 
-For a list of the files that are provided in this update, download the file information for [Cumulative update KB 5053599](security-update.md).
+For a list of the files that are provided in this update, download the file information for [Cumulative update KB 5053599](https://go.microsoft.com/fwlink/?linkid=2309855).
 
 ::: moniker-end
 

azure-local/upgrade/install-solution-upgrade.md

@@ -45,6 +45,7 @@ You install the solution upgrade via the Azure portal.
 > [!IMPORTANT]
 > - Microsoft only supports upgrade applied from Azure Local resource page. Use of 3rd party tools to install upgrades is not supported.
 > - If you have Azure Kubernetes Service (AKS) workloads on Azure Local, wait for the solution upgrade banner to appear on the Azure Local resource page. Then, remove AKS and all AKS hybrid settings before you apply the solution upgrade.
+> - By installing the solution upgrade, existing Hyper-V VMs won't automatically become Azure Arc VMs.
 
 Follow these steps to install the solution upgrade:
 

azure-local/upgrade/upgrade-22h2-to-23h2-other-methods.md

@@ -3,7 +3,7 @@ title: Upgrade Azure Stack HCI OS, version 22H2 to version 23H2 via other method
 description: Learn how to upgrade from Azure Stack HCI OS, version 22H2 to version 23H2 using other manual methods on Azure Local.
 author: alkohli
 ms.topic: how-to
-ms.date: 04/14/2025
+ms.date: 04/25/2025
 ms.author: alkohli
 ms.reviewer: alkohli
 ms.service: azure-local
@@ -49,6 +49,16 @@ Before you begin, make sure that:
 - You shut down virtual machines (VMs). We recommend shutting down VMs before performing the OS upgrade to prevent unexpected outages and damages to databases.
 - You have access to the Azure Stack HCI OS, version 23H2 software update. This update is available via Windows Update or as a downloadable media. The media is an ISO file that you can download from the [Azure portal](https://portal.azure.com/#view/Microsoft_Azure_HybridCompute/AzureArcCenterBlade/~/hciGetStarted).
 - You have access to a client that can connect to your Azure Local. This client should be running PowerShell 5.0 or later.
+- (Recommended) You enable [Secure Boot](/windows-hardware/design/device-experiences/oem-secure-boot) on Azure Local machines before you upgrade the OS.
+   To enable Secure Boot, follow these steps:
+   1. Drain the cluster node.
+   1. Restart the OS.
+   1. Enter the BIOS/UEFI menu.
+   1. Review the **Boot** or **Security** section of the UEFI configuration options Locate the Secure Boot option.
+   1. Set the option to **Enabled** or **On**.
+   1. Save the changes and restart your computer.
+
+   Consult with your hardware vendor for assistance if required.
 
 ## Step 0: Update registry keys