Feedback

alkohli · alkohli · commit cdd037819374 · 2025-06-23T14:02:16.000-07:00
diff --git a/azure-local/concepts/sdn-overview.md b/azure-local/concepts/sdn-overview.md
@@ -30,6 +30,9 @@ With SDN enabled by Azure Arc, you create and apply network security groups (NSG
 
 You can also manage SDN with on-premises tools like Windows Admin Center or SDN Express scripts. This approach is available for Windows Server and Azure Local 2311.2 or later. This method uses three main SDN components, and you choose which to deploy: Network Controller, Software Load Balancer (SLB), and Gateway. For more information, see [SDN managed by on-premises tools](../concepts/software-defined-networking-23h2.md).
 
+## Important considerations
+
+<insert table>
 
 ## Comparison summary of SDN management
 
diff --git a/azure-local/deploy/enable-sdn-integration.md b/azure-local/deploy/enable-sdn-integration.md
@@ -47,12 +47,13 @@ Here's an architecture diagram of Network Controller in a 2-node Azure Local ins
 ## Considerations for SDN enabled by Arc
 
 > [!IMPORTANT]
-> - SDN enabled by Arc is a preview feature.
-> - Once you enable SDN, you can't roll back or disable.
+> - SDN enabled by Arc is a preview feature. Once you enable SDN, you can't roll back or disable.
+> - If you are already running Network controller on your Azure Local cluster that was deployed using on-premises tools you MUST NOT attempt to run this method.
+> - The only VMs that are in scope for using NSGs with this feature are Azure Local VMs. These are VMs that were deployed from Azure client interfaces (Azure CLI, Azure Portal, ARM). DO NOT use an Azure Local VM in conjunction with an NSG that is managed and applied from on-premises tools!
 
-Consider this information before you enable SDN:
 
-- SDN enabled by Arc is supported with updates to newer Azure Local releases.
+For your existing Azure Local instances:
+
 - Enabling SDN with existing Azure Local VMs and logical networks is supported.
     - The logical networks and network interfaces are automatically hydrated into the Network Controller.
     - Make sure to plan for a maintenance window if you're running on a production environment. Your workloads experience a short network disruption while SDN Azure Virtual Filtering Platform policies are applied.
diff --git a/azure-local/manage/create-network-security-groups.md b/azure-local/manage/create-network-security-groups.md
@@ -25,6 +25,7 @@ Use a network security group to manage network traffic between logical networks
 - Source and destination IP addresses.
 - Port numbers.
 - Protocols (TCP/UDP).
+- Direction (inbound or outbound).
 
 Here is a diagram that shows how network security groups are attached to logical networks and VM network interfaces on Azure Local:
 
@@ -49,6 +50,9 @@ The diagram shows a network setup with two logical networks:
 
 In this example, the NSG controls traffic flow between logical networks A and B, and between VM Web and VM SQL. You can apply the NSG to each logical network or network interface to enforce specific security rules. For example, logical network B might allow only traffic over SQL port 1433 from logical network A.
 
+> [!NOTE]
+> - The only VMs that are in scope for using NSGs with this feature are Azure Local VMs. These are VMs that were deployed from Azure client interfaces (Azure CLI, Azure Portal, ARM). DO NOT use an Azure Local VM in conjunction with an NSG that is managed and applied from on-premises tools!
+
 ## Prerequisites
 
 # [Azure CLI](#tab/azurecli)
diff --git a/azure-local/manage/manage-network-security-groups.md b/azure-local/manage/manage-network-security-groups.md
@@ -14,6 +14,8 @@ ms.service: azure-local
 
 This article describes how to manage network security groups (NSGs) on your Azure Local virtual machines (VMs) enabled by Azure Arc. Once you create network security groups on your Azure Local VMs, you can then list, show details, associate, dissociate, update, and delete these resources.
 
+*The only VMs that are in scope for using NSGs with this feature are Azure Local VMs. These are VMs that were deployed from Azure client interfaces (Azure CLI, Azure Portal, ARM). Do not use an Azure Local VM in conjunction with an NSG that is managed and applied from on-premises tools!*
+
 [!INCLUDE [important](../includes/hci-preview.md)]
 
 
@@ -41,7 +43,7 @@ This article describes how to manage network security groups (NSGs) on your Azur
     
 ---
 
-## Manage network security groups and network security rules
+*## Manage network securi*ty groups and network security rules
 
 # [Azure CLI](#tab/azurecli)
 
