MicrosoftDocs
diff --git a/‎adaptive-cloud/docfx.json
Lines changed: 1 addition & 0 deletions b/‎adaptive-cloud/docfx.json
Lines changed: 1 addition & 0 deletions
diff --git a/‎azure-local/concepts/data-collection.md
Lines changed: 9 additions & 9 deletions b/‎azure-local/concepts/data-collection.md
Lines changed: 9 additions & 9 deletions
diff --git a/‎azure-local/concepts/nested-virtualization.md
Lines changed: 3 additions & 3 deletions b/‎azure-local/concepts/nested-virtualization.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎azure-local/deploy/deployment-prep-active-directory.md
Lines changed: 8 additions & 7 deletions b/‎azure-local/deploy/deployment-prep-active-directory.md
Lines changed: 8 additions & 7 deletions
diff --git a/‎azure-local/docfx.json
Lines changed: 1 addition & 0 deletions b/‎azure-local/docfx.json
Lines changed: 1 addition & 0 deletions
diff --git a/‎azure-local/manage/cluster-powershell.md
Lines changed: 9 additions & 7 deletions b/‎azure-local/manage/cluster-powershell.md
Lines changed: 9 additions & 7 deletions
@@ -44,6 +44,7 @@
       "breadcrumb_path": "/azure/adaptive-cloud/breadcrumb/toc.json",
       "feedback_system": "Standard",
       "permissioned-type": "public",
+      "manager":"lizross",
       "ms.service": "azure-stack",
       "tittleSuffix": "Azure Adaptive Cloud",
       "feedback_product_url": "https://feedback.azure.com/d365community/forum/5c778dec-0625-ec11-b6e6-000d3a4f0858",
 
@@ -5,7 +5,7 @@ author: jasongerend
 ms.author: jgerend
 ms.topic: conceptual
 ms.service: azure-local
-ms.date: 04/24/2023
+ms.date: 02/27/2025
 ---
 
 # Azure Stack HCI data collection
@@ -14,20 +14,20 @@ ms.date: 04/24/2023
 
 [!INCLUDE [azure-local-banner-22h2](../includes/azure-local-banner-22h2.md)]
 
-This topic describes required data collected to keep Azure Stack HCI secure, up to date, and working as expected.
+This article describes required data collected to keep Azure Stack HCI secure, up to date, and working as expected.
 
-Customer data, including the names, metadata, configuration, and contents of your on-premises virtual machines (VMs) is never sent to the cloud unless you turn on additional services like Azure Backup or Azure Site Recovery, or unless you enroll those VMs individually into cloud management services like Azure Arc.
+Customer data, including the names, metadata, configuration, and contents of your on-premises virtual machines (VMs) is never sent to the cloud unless you turn on other services like Azure Backup or Azure Site Recovery, or unless you enroll those VMs individually into cloud management services like Azure Arc.
 
-We do collect diagnostic data. The data described below is required for Microsoft to provide Azure Stack HCI. This data is collected once a day, and data collection events can be viewed in the event logs. Azure Stack HCI collects the minimum data required to keep your clusters up to date, secure, and operating properly.
+We do collect diagnostic data. The data described in the following section is required for Microsoft to provide Azure Stack HCI. This data is collected once a day, and data collection events can be viewed in the event logs. Azure Stack HCI collects the minimum data required to keep your clusters up to date, secure, and operating properly.
 
    > [!IMPORTANT]
-   > The data described below that Azure Stack HCI collects is independent from Windows diagnostic data, which can be configured for various levels of collection. In Azure Stack HCI, the default setting for Windows diagnostic data collection is Security (off), meaning that no Windows diagnostic data is sent unless the administrator changes the diagnostic data settings. For more information, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization). Microsoft is an independent controller of any Windows diagnostic data collected in connection with Azure Stack HCI. Microsoft will handle the Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement).
+   > The data described below that Azure Stack HCI collects is independent from Windows diagnostic data, which can be configured for various levels of collection. In Azure Stack HCI, the default setting for Windows diagnostic data collection is Security (off), meaning that no Windows diagnostic data is sent unless the administrator changes the diagnostic data settings. For more information, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization). Microsoft is an independent controller of any Windows diagnostic data collected in connection with Azure Stack HCI. Microsoft handles the Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement).
 
 ## Data collection and residency
 
 This Azure Stack HCI data:
 
-- is not sent to Microsoft until the product is registered with Azure. When Azure Stack HCI is unregistered, this data collection stops.
+- isn't sent to Microsoft until the product is registered with Azure. When Azure Stack HCI is unregistered, this data collection stops.
 - is logged to the Microsoft-AzureStack-HCI/Analytic event channel.
 - is in JSON format, so that system administrators can examine and analyze the data being sent.
 
@@ -43,14 +43,14 @@ To learn about how Microsoft stores diagnostic data in Azure, see [Data residenc
 
 ## Data retention
 
-After Azure Stack HCI collects this data, it is retained for 90 days. Aggregated, de-identified data may be kept longer.
+After Azure Stack HCI collects this data, it's retained for 90 days. Aggregated, de-identified data may be kept longer.
 
 ## What data is collected?
 
 Azure Stack HCI collects:
 
 - Information about servers such as operating system version, processor model, number of processor cores, memory size, cluster identifier, and hash of hardware ID
-- List of installed Azure Stack HCI server features (e.g. BitLocker)
+- List of installed Azure Stack HCI server features (for example, BitLocker)
 - Information necessary to compute the reliability of the Azure Stack HCI operating system
 - Information necessary to compute the reliability of the health collection data
 - Information gathered from the event log for specific errors, such as update download failed
@@ -97,7 +97,7 @@ Azure Stack HCI collects:
        } 
    }
    ```
- 
+
 The output should look something like this:
 
 ```shell
 
@@ -5,7 +5,7 @@ author: jasongerend
 ms.author: jgerend
 ms.topic: conceptual
 ms.service: azure-local
-ms.date: 04/17/2023
+ms.date: 02/27/2025
 ---
 
 # Nested virtualization in Azure Stack HCI
@@ -17,7 +17,7 @@ ms.date: 04/17/2023
 Nested virtualization is a feature that lets you run Hyper-V inside a Hyper-V virtual machine (VM). This allows you to maximize your hardware investments and gain flexibility in evaluation and testing scenarios.
 
    > [!IMPORTANT]
-   > Because Azure Stack HCI is intended as a virtualization host where you run all of your workloads in VMs, nested virtualization is not supported in production environments. For production use, Azure Stack HCI should be deployed on validated physical hardware.
+   > Because Azure Stack HCI is intended as a virtualization host where you run all of your workloads in VMs, nested virtualization isn't supported in production environments. For production use, Azure Stack HCI should be deployed on validated physical hardware.
 
 Some scenarios in which nested virtualization can be useful are:
 
@@ -42,7 +42,7 @@ To configure nested virtualization on a VM using PowerShell, see [Run Hyper-V in
 ## Nested virtualization processor support
 
 Azure Stack HCI, version 21H2 adds support for nested virtualization on AMD processors. Now you can run nested virtualization on first generation EPYC processors or newer generations (Naples, Rome, Milan).
- 
+
 Prerequisites:
 
 - Azure Stack HCI, version 21H2
 
@@ -3,7 +3,7 @@ title: Prepare Active Directory for Azure Local, version 23H2 deployment
 description: Learn how to prepare Active Directory before you deploy Azure Local, version 23H2.
 author: alkohli
 ms.topic: how-to
-ms.date: 02/20/2025
+ms.date: 03/03/2025
 ms.author: alkohli
 ms.reviewer: alkohli
 ms.service: azure-local
@@ -88,7 +88,7 @@ To create a dedicated OU, follow these steps:
 
 1. Verify that the OU is created. If using a Windows Server client, go to **Server Manager > Tools > Active Directory Users and Computers**.
 
-1. An OU with the specified name is created. This OU contains the new LCM deployment user account.
+1. An OU with the specified name is created. This OU contains the new Lifecycle Manager (LCM) deployment user account.
 
     :::image type="content" source="media/deployment-prep-active-directory/active-directory-11.png" alt-text="Screenshot of Active Directory Computers and Users window." lightbox="media/deployment-prep-active-directory/active-directory-11.png":::
 
@@ -97,18 +97,19 @@ To create a dedicated OU, follow these steps:
 
 ## Considerations for large scale deployments
 
-The Lifecycle Manager (LCM) user account is utilized during Azure Local instance deployments that use Active Directory (AD), or for any add-node/repair operations for existing instances. The LCM user account is responsible for performing domain join actions, which necessitates the LCM user identity having delegated permissions to add computer accounts to the target Organizational Unit (OU) in the on-premises domain. During the deployment of Azure Local, the LCM user account is added to the local administrators' group of the physical machines.
+The LCM user account is used during servicing operations, such as applying updates via PowerShell. This account is also used when performing domain join actions against your AD, such as [repairing a node](../manage/repair-server.md) or [adding a node](../manage/add-server.md). This requires the LCM user identity having delegated permissions to add computer accounts to the target OU in the on-premises domain.
 
-To mitigate the risk of a compromised LCM user account credential, we advise that for each Azure Local instance, you have a dedicated LCM user account with a unique password.
+During the cloud deployment of Azure Local, the LCM user account is added to the local administrators group of the physical nodes. To mitigate the risk of a compromised LCM user account, **we recommend having a dedicated LCM user account with a unique password for each Azure Local instance.** This recommendation limits the scope and impact of a compromised LCM account to a single instance.
 
-We recommend that you follow these best practices for OU creation:
+We recommend that you follow these best practices for OU creation. These recommendations are automated when you use the `New-HciAdObjectsPreCreation` cmdlet to [Prepare Active Directory](#active-directory-preparation-module).
 
 - For each Azure Local instance, create an individual OU within Active Directory. This approach helps manage computer account, CNO, LCM user account, and physical machine computer accounts within the scope of a single OU for each instance.
 - When deploying multiple instances at-scale, for easier management:
   - Create an OU under a single parent OU for each instance.
-  - Disable GPO inheritance at the parent OU level.
+  - Enable the **Block Inheritance** option at both the parent OU and sub OU levels.
+  - To apply a GPO to all Azure Local instances, such as for nesting a domain group in the local administrators group, link the GPO to the parent OU and enable the **Enforced** option. By doing this, you apply the configuration to all sub OUs, even with **Block Inheritance** enabled.
 
-The preceding recommendations are automated, when you use the `New-HciAdObjectsPreCreation` cmdlet to [Prepare Active Directory](#active-directory-preparation-module).
+If your organization's processes and procedures require deviations from these recommendations, they are allowed. However, it's important to consider the security and manageability implications of your design taking these factors into consideration.
 
 ## Next steps
 
 
@@ -77,6 +77,7 @@
       "breadcrumb_path": "/azure/azure-local/breadcrumb/toc.json",
       "feedback_system": "Standard",
       "permissioned-type": "public",
+      "manager":"lizross",
       "ms.service": "azure-local",
       "titleSuffix": "Azure Local",
       "feedback_product_url": "https://feedback.azure.com/d365community/forum/74a4b1b9-0725-ec11-b6e6-000d3a4f07b8",
 
@@ -3,7 +3,7 @@ title: Manage Azure Stack HCI and Windows Server clusters using PowerShell
 description: Learn how to manage clusters on Azure Stack HCI and Windows Server using PowerShell
 author: JasonGerend
 ms.topic: how-to
-ms.date: 04/17/2023
+ms.date: 02/27/2025
 ms.author: jgerend
 ms.reviewer: stevenek
 ---
@@ -14,12 +14,14 @@ ms.reviewer: stevenek
 
 [!INCLUDE [azure-local-banner-22h2](../includes/azure-local-banner-22h2.md)]
 
-Windows PowerShell can be used to manage resources and configure features on your Azure Stack HCI and Windows Server clusters.
+This article describes how to manage Azure Stack HCI and Windows Server clusters using PowerShell.
+
+You can use Windows PowerShell to manage resources and configure features on your Azure Stack HCI and Windows Server clusters.
 
 You manage clusters from a remote computer, rather than on a host server in a cluster. This remote computer is called the management computer.
 
 > [!NOTE]
-> When running PowerShell commands from a management computer, include the `-Name` or `-Cluster` parameter with the name of the cluster you are managing. In addition, you will need to specify the fully qualified domain name (FQDN) when using the `-ComputerName` parameter for a server node.
+> When running PowerShell commands from a management computer, include the `-Name` or `-Cluster` parameter with the name of the cluster you're managing. In addition, you need to specify the fully qualified domain name (FQDN) when using the `-ComputerName` parameter for a server node.
 
 For the complete reference documentation for managing clusters using PowerShell, see the [FailoverCluster reference](/powershell/module/failoverclusters).
 
@@ -30,7 +32,7 @@ Windows PowerShell is used to perform all the tasks in this article. It's recomm
 If the following cmdlets aren't available in your PowerShell session, you may need to add the `Failover Cluster` Module for Windows PowerShell Feature, using the following PowerShell cmd: `Add-WindowsFeature RSAT-Clustering-PowerShell`.
 
 > [!NOTE]
-> Starting with Windows 10 October 2018 Update, RSAT is included as a set of "Features on Demand" right from Windows 10. For versions older than Windows 10 22H2, simply go to **Settings > Apps > Apps & features > Optional features > Add a feature > RSAT: Failover Clustering Tools**, and select **Install**. For Windows 10 22H2 and Windows 11, go to **Settings > System > Optional features > Add a feature > RSAT: Failover Clustering Tools**, and select **Add**. To see operation progress, click the Back button to view status on the "Manage optional features" page. The added feature will persist across Windows 10 version upgrades.
+> Starting with Windows 10 October 2018 Update, RSAT is included as a set of "Features on Demand" right from Windows 10. For versions older than Windows 10 22H2, go to **Settings > Apps > Apps & features > Optional features > Add a feature > RSAT: Failover Clustering Tools**, and select **Install**. For Windows 10 22H2 and Windows 11, go to **Settings > System > Optional features > Add a feature > RSAT: Failover Clustering Tools**, and select **Add**. To see operation progress, click the Back button to view status on the "Manage optional features" page. The added feature persists across Windows 10 version upgrades.
 ## View cluster settings and resources
 
 Gets information about a cluster named Cluster1:
@@ -84,7 +86,7 @@ Starts the Cluster service on all server nodes of the cluster on which it isn't
 Start-Cluster -Name Cluster1
 ```
 
-This example stops the Cluster service on all nodes in the cluster named Cluster1, which will stop all services and applications configured in the cluster:
+This example stops the Cluster service on all nodes in the cluster named Cluster1, which stops all services and applications configured in the cluster:
 
 ```powershell
 Stop-Cluster -Name Cluster1
@@ -107,7 +109,7 @@ Remove-ClusterNode -Cluster Cluster1 -Name Node4
 ```
 
 >[!NOTE]
-> If the node has been added to a single server, see these [manual steps](../deploy/single-server.md#change-a-single-node-to-a-multi-node-cluster-optional) to reconfigure Storage Spaces Direct.
+> If the node is added to a single server, see these [manual steps](../deploy/single-server.md#change-a-single-node-to-a-multi-node-cluster-optional) to reconfigure Storage Spaces Direct.
 
 ## Set up the cluster witness
 
@@ -164,7 +166,7 @@ Before you remove (destroy) a cluster, you must unregister it from Azure first.
 Use the `Remove-ClusterResource` cmdlet to remove one or all resources on a cluster. For more examples and usage information, see the [Remove-ClusterResource](/powershell/module/failoverclusters/remove-clusterresource) reference documentation.
 
 > [!NOTE]
-> You will need to temporarily enable Credential Security Service Provider (CredSSP) authentication to remove a cluster. For more information, see [Enable-WSManCredSSP](/powershell/module/microsoft.wsman.management/enable-wsmancredssp).
+> You need to temporarily enable Credential Security Service Provider (CredSSP) authentication to remove a cluster. For more information, see [Enable-WSManCredSSP](/powershell/module/microsoft.wsman.management/enable-wsmancredssp).
 
 The following example removes cluster resources by name on cluster Cluster1: