MicrosoftDocs
diff --git a/‎AKS-Arc/aks-hci-network-system-requirements.md
Lines changed: 4 additions & 1 deletion b/‎AKS-Arc/aks-hci-network-system-requirements.md
Lines changed: 4 additions & 1 deletion
diff --git a/‎azure-local/concepts/firewall-requirements.md
Lines changed: 19 additions & 0 deletions b/‎azure-local/concepts/firewall-requirements.md
Lines changed: 19 additions & 0 deletions
diff --git a/‎azure-local/concepts/physical-network-requirements.md
Lines changed: 12 additions & 8 deletions b/‎azure-local/concepts/physical-network-requirements.md
Lines changed: 12 additions & 8 deletions
diff --git a/‎azure-local/deploy/deployment-azure-arc-gateway-overview.md
Lines changed: 28 additions & 29 deletions b/‎azure-local/deploy/deployment-azure-arc-gateway-overview.md
Lines changed: 28 additions & 29 deletions
diff --git a/‎azure-local/deploy/download-23h2-software.md
Lines changed: 3 additions & 2 deletions b/‎azure-local/deploy/download-23h2-software.md
Lines changed: 3 additions & 2 deletions
diff --git a/‎azure-local/includes/hci-download-vhdx.md
Lines changed: 3 additions & 3 deletions b/‎azure-local/includes/hci-download-vhdx.md
Lines changed: 3 additions & 3 deletions
@@ -2,7 +2,7 @@
 title: AKS enabled by Azure Arc network requirements
 description: Learn about AKS network prerequisites.
 ms.topic: overview
-ms.date: 11/19/2024
+ms.date: 04/23/2025
 author: sethmanheim
 ms.author: sethm
 ms.reviewer: abha
@@ -64,6 +64,9 @@ Regardless of the option you choose, you must ensure that the IP addresses alloc
 
 Proxy settings in AKS are inherited from the underlying infrastructure system. The functionality to set individual proxy settings for Kubernetes clusters and change proxy settings isn't supported yet. For more information on how to set proxy correctly, see [proxy requirements for Azure Local](/azure/azure-local/manage/configure-proxy-settings-23h2).
 
+> [!WARNING]
+> You cannot update incorrect proxy settings after you deploy Azure Local. If the proxy is misconfigured, you must redeploy Azure Local.
+
 ## Firewall URL exceptions
 
 Firewall requirements for AKS have been consolidated with Azure Local firewall requirements. See [Azure Local firewall requirements](/azure/azure-local/concepts/firewall-requirements) for list of URLs that need to be allowed to successfully deploy AKS.
 
@@ -65,6 +65,25 @@ For a consolidated list of endpoints for Japan East that includes Azure Local, A
 For a consolidated list of endpoints for South Central US that includes Azure Local, Arc-enabled servers, ARB, and AKS, use:
 - [Required endpoints in South Central US for Azure Local](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/SouthCentralUSEndpoints/southcentralus-hci-endpoints.md)
 
+## Firewall requirements for OEMs
+
+Depending on the OEM you are using for Azure Local you may need to open additional endpoints in your firewall.
+
+DataON required endpoints for Azure Local deployments
+- [DataOn required endpoints](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/OEMEndpoints/DataOn/DataOnAzureLocalEndpoints.md)
+
+Dell required endpoints for Azure Local deployments
+- [Dell required endpoints](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/OEMEndpoints/Dell/DellAzureLocalEndpoints.md)
+
+HPE required endpoints for Azure Local deployments
+- [HPE required endpoints](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/OEMEndpoints/HPE/HPEAzureLocalEndpoints.md)
+
+Hitachi required endpoints for Azure Local deployments
+- [Hitachi required endpoints](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/OEMEndpoints/Hitachi/HitachiAzureLocalEndpoints.md)
+
+Lenovo required endpoints for Azure Local deployments
+- [Lenovo required endpoints](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/OEMEndpoints/Lenovo/LenovoAzureLocalEndpoints.md)
+
 ## Firewall requirements for additional Azure services
 
 Depending on additional Azure services you enable for Azure Local, you may need to make additional firewall configuration changes. Refer to the following links for information on firewall requirements for each Azure service:
 
@@ -141,11 +141,13 @@ If your switch isn't included, contact your switch vendor to ensure that your sw
 |-----  |---| :-:  | :-:  | :-:   | :-:   |
 | [S41xx series](https://www.dell.com/en-us/learn/assets/shared-content~data-sheets~en/documents~dell-emc-networking-s4100-series-spec-sheet.pdf) <br>(10 GbE)|SmartFabric OS10.5.4 or later |&check;| &check;| &check;| &check; |
 | [S52xx series](https://www.delltechnologies.com/resources/en-us/asset/data-sheets/products/networking/dell_emc_networking-s5200_on_spec_sheet.pdf) <br>(10, 25, 100 GbE)|SmartFabric OS10.5.4 or later |&check;| &check;| &check;| &check; |
-| [S5232F series](https://www.delltechnologies.com/asset/en-in/products/networking/technical-support/dell_emc_networking-s5200_on_spec_sheet.pdf) <br>(10, 25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
-| [S5248F series](https://www.delltechnologies.com/asset/en-in/products/networking/technical-support/dell_emc_networking-s5200_on_spec_sheet.pdf) <br>(10, 25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
-| [S5296F series](https://www.delltechnologies.com/asset/en-in/products/networking/technical-support/dell_emc_networking-s5200_on_spec_sheet.pdf) <br>(10, 25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
 | [S54xx series](https://www.delltechnologies.com/asset/en-us/products/networking/technical-support/dell-emc-powerswitch-s5448f-on-spec-sheet.pdf) <br>(25, 100 GbE)|SmartFabric OS10.5.4 or later |&check;| &check;| &check;| &check; |
-| [S5448F series](https://www.delltechnologies.com/asset/en-my/products/networking/technical-support/dell-emc-powerswitch-s5448f-on-spec-sheet.pdf) <br>(25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
+| [S5232F](https://www.delltechnologies.com/asset/en-in/products/networking/technical-support/dell_emc_networking-s5200_on_spec_sheet.pdf) <br>(10, 25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
+| [S5248F](https://www.delltechnologies.com/asset/en-in/products/networking/technical-support/dell_emc_networking-s5200_on_spec_sheet.pdf) <br>(10, 25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
+| [S5296F](https://www.delltechnologies.com/asset/en-in/products/networking/technical-support/dell_emc_networking-s5200_on_spec_sheet.pdf) <br>(10, 25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
+| [S5448F](https://www.delltechnologies.com/asset/en-my/products/networking/technical-support/dell-emc-powerswitch-s5448f-on-spec-sheet.pdf) <br>(25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
+| [Z9432F](https://www.delltechnologies.com/asset/en-us/products/networking/technical-support/dell-emc-powerswitch-z9432f-spec-sheet.pdf) <br>(10, 25, 100, 400 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
+| [Z9664F](https://www.delltechnologies.com/asset/en-in/products/networking/technical-support/dell-powerswitch-z9664f-on-spec-sheet.pdf) <br>(10, 25, 100, 400 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
 
 > [!NOTE]
 > Guest RDMA requires both Compute (Standard) and Storage.
@@ -155,11 +157,13 @@ If your switch isn't included, contact your switch vendor to ensure that your sw
 |-----  |---| :-:  | :-:  | :-:   | :-:   |
 | [S41xx series](https://www.dell.com/en-us/learn/assets/shared-content~data-sheets~en/documents~dell-emc-networking-s4100-series-spec-sheet.pdf) <br>(10 GbE)|SmartFabric OS10.5.4 or later |&check;| &check;| &check;| &check; |
 | [S52xx series](https://www.delltechnologies.com/resources/en-us/asset/data-sheets/products/networking/dell_emc_networking-s5200_on_spec_sheet.pdf) <br>(10, 25, 100 GbE)|SmartFabric OS10.5.4 or later |&check;| &check;| &check;| &check; |
-| [S5232F series](https://www.delltechnologies.com/asset/en-in/products/networking/technical-support/dell_emc_networking-s5200_on_spec_sheet.pdf) <br>(10, 25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
-| [S5248F series](https://www.delltechnologies.com/asset/en-in/products/networking/technical-support/dell_emc_networking-s5200_on_spec_sheet.pdf) <br>(10, 25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
-| [S5296F series](https://www.delltechnologies.com/asset/en-in/products/networking/technical-support/dell_emc_networking-s5200_on_spec_sheet.pdf) <br>(10, 25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
 | [S54xx series](https://www.delltechnologies.com/asset/en-us/products/networking/technical-support/dell-emc-powerswitch-s5448f-on-spec-sheet.pdf) <br>(25, 100 GbE)|SmartFabric OS10.5.4 or later |&check;| &check;| &check;| &check; |
-| [S5448F series](https://www.delltechnologies.com/asset/en-my/products/networking/technical-support/dell-emc-powerswitch-s5448f-on-spec-sheet.pdf) <br>(25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
+| [S5232F](https://www.delltechnologies.com/asset/en-in/products/networking/technical-support/dell_emc_networking-s5200_on_spec_sheet.pdf) <br>(10, 25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
+| [S5248F](https://www.delltechnologies.com/asset/en-in/products/networking/technical-support/dell_emc_networking-s5200_on_spec_sheet.pdf) <br>(10, 25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
+| [S5296F](https://www.delltechnologies.com/asset/en-in/products/networking/technical-support/dell_emc_networking-s5200_on_spec_sheet.pdf) <br>(10, 25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
+| [S5448F](https://www.delltechnologies.com/asset/en-my/products/networking/technical-support/dell-emc-powerswitch-s5448f-on-spec-sheet.pdf) <br>(25, 100 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
+| [Z9432F](https://www.delltechnologies.com/asset/en-us/products/networking/technical-support/dell-emc-powerswitch-z9432f-spec-sheet.pdf) <br>(10, 25, 100, 400 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
+| [Z9664F](https://www.delltechnologies.com/asset/en-in/products/networking/technical-support/dell-powerswitch-z9664f-on-spec-sheet.pdf) <br>(10, 25, 100, 400 GbE)|SONiC 4.5.0 or later |&check;| &check;| &check;| &check; |
 
 > [!NOTE]
 > Guest RDMA requires both Compute (Standard) and Storage.
 
@@ -3,7 +3,7 @@ title: Overview of Azure Arc gateway for Azure Local, version 23H2 (preview)
 description: Learn what is Azure Arc gateway for Azure Local, version 23H2 (preview). 
 author: alkohli
 ms.topic: how-to
-ms.date: 04/10/2025
+ms.date: 04/23/2025
 ms.author: alkohli
 ms.service: azure-local
 ---
@@ -89,37 +89,36 @@ Unsupported scenarios for Azure Local include:
 
 ## Azure Local endpoints not redirected
 
-As part of the Azure Local version 2411.1 preview update, the endpoints from the table are required and must be allowlisted in your proxy or firewall to deploy the Azure Local instance. These version 2408 and 2411 endpoints are not redirected via the Arc gateway:
+The endpoints from the table are required and must be allowlisted in your proxy or firewall to deploy the Azure Local instance:
 
 | Endpoint # | Required endpoint | Component  |
 | -- | -- | -- |
-| 1 | `http://go.microsoft.com:443` | Arc registration |
-| 2 | `http://login.microsoftonline.com:443` | Arc registration |
-| 3 | `http://<region>.login.microsoft.com:443` | Arc registration |
-| 4 | `http://download.microsoft.com:443` | Arc registration |
-| 5 | `http://management.azure.com:443` | Arc registration |
-| 6 | `http://gbl.his.arc.azure.com:443` | Arc registration |  
-| 7 | `http://<region>.his.arc.azure.com:443` | Arc registration |
-| 8 | `http://dc.services.visualstudio.com:443` | Arc registration |
-| 9 | `https://<region>.obo.arc.azure.com:8084` | AKS extensions |
-| 10 | `http://<yourarcgatewayId>.gw.arc.azure.com:443` | Arc gateway |
-| 11 | `http://<yourkeyvaultname>.vault.azure.net:443` | Azure Key Vault |
-| 12 | `http://<yourblobstorageforcloudwitnessname>.blob.core.windows.net:443` | Cloud Witness Storage Account |
-| 13 | `http://files.pythonhosted.org:443` | Microsoft On-premises Cloud/ARB/AKS |
-| 14 | `http://pypi.org:443` | Microsoft On-premises Cloud/ARB/AKS |
-| 15 | `http://raw.githubusercontent.com:443` | Microsoft On-premises Cloud/ARB/AKS |
-| 16 | `http://pythonhosted.org:443` | Microsoft On-premises Cloud/ARB/AKS |
-| 17 | `http://ocsp.digicert.com`  | Certificate Revocation List for Arc extensions |
-| 18 | `http://s.symcd.com` | Certificate Revocation List for Arc extensions |
-| 19 | `http://ts-ocsp.ws.symantec.com` | Certificate Revocation List for Arc extensions |
-| 20 | `http://ocsp.globalsign.com` | Certificate Revocation List for Arc extensions |
-| 21 | `http://ocsp2.globalsign.com` | Certificate Revocation List for Arc extensions |
-| 22 | `http://oneocsp.microsoft.com` | Certificate Revocation List for Arc extensions |
-| 23 | `http://dl.delivery.mp.microsoft.com` | Windows Update |
-| 24 | `http://*.tlu.dl.delivery.mp.microsoft.com` | Windows Update |
-| 25 | `http://*.windowsupdate.com` | Windows Update |
-| 26 | `http://*.windowsupdate.microsoft.com` | Windows Update |
-| 27 | `http://*.update.microsoft.com` | Windows Update |
+| 1 | `http://login.microsoftonline.com:443` | Arc registration |
+| 2 | `http://<region>.login.microsoft.com:443` | Arc registration |
+| 3 | `http://management.azure.com:443` | Arc registration |
+| 4 | `http://gbl.his.arc.azure.com:443` | Arc registration |  
+| 5 | `http://<region>.his.arc.azure.com:443` | Arc registration |
+| 6 | `http://dc.services.visualstudio.com:443` | Arc registration |
+| 7 | `https://<region>.obo.arc.azure.com:8084` | AKS extensions |
+| 8 | `http://<yourarcgatewayId>.gw.arc.azure.com:443` | Arc gateway |
+| 9 | `http://<yourkeyvaultname>.vault.azure.net:443` | Azure Key Vault |
+| 10 | `http://<yourblobstorageforcloudwitnessname>.blob.core.windows.net:443` | Cloud Witness Storage Account |
+| 11 | `http://files.pythonhosted.org:443` | Not required starting with 2504 new deployments. Microsoft On-premises Cloud/ARB/AKS |
+| 12 | `http://pypi.org:443` | Not required starting with 2504 new deployments. Microsoft On-premises Cloud/ARB/AKS |
+| 13 | `http://raw.githubusercontent.com:443` | Not required starting with 2504 new deployments. Microsoft On-premises Cloud/ARB/AKS |
+| 14 | `http://pythonhosted.org:443` | Not required starting with 2504 new deployments. Microsoft On-premises Cloud/ARB/AKS |
+| 15 | `http://ocsp.digicert.com`  | Certificate Revocation List for Arc extensions |
+| 16 | `http://s.symcd.com` | Certificate Revocation List for Arc extensions |
+| 17 | `http://ts-ocsp.ws.symantec.com` | Certificate Revocation List for Arc extensions |
+| 18 | `http://ocsp.globalsign.com` | Certificate Revocation List for Arc extensions |
+| 19 | `http://ocsp2.globalsign.com` | Certificate Revocation List for Arc extensions |
+| 20 | `http://oneocsp.microsoft.com` | Certificate Revocation List for Arc extensions |
+| 21 | `http://crl.microsoft.com/pkiinfra` | Certificate Revocation List for Arc extensions |
+| 22 | `http://dl.delivery.mp.microsoft.com` | Windows Update |
+| 23 | `http://*.tlu.dl.delivery.mp.microsoft.com` | Windows Update |
+| 24 | `http://*.windowsupdate.com` | Windows Update |
+| 25 | `http://*.windowsupdate.microsoft.com` | Windows Update |
+| 26 | `http://*.update.microsoft.com` | Windows Update |
 
 ## Restrictions and limitations
 
 
@@ -5,10 +5,10 @@ author: alkohli
 ms.author: alkohli
 ms.topic: how-to
 ms.service: azure-local
-ms.date: 04/21/2025
+ms.date: 04/23/2025
 ---
 
-# Download version 23H2 operating system for Azure Local deployment
+# Download operating system for Azure Local deployment
 
 [!INCLUDE [hci-applies-to-23h2](../includes/hci-applies-to-23h2.md)]
 
@@ -27,6 +27,7 @@ Before you begin the download of the software from Azure portal, ensure that you
    - [Pay-as-you-go](https://azure.microsoft.com/pricing/purchase-options/pay-as-you-go/) subscription with credit card.
    - Subscription obtained through an Enterprise Agreement (EA).
    - Subscription obtained through the Cloud Solution Provider (CSP) program.
+   - At a minimum, you'll need **Reader** access at the subscription level.
 
 - Register the Microsoft Azure Stack HCI resource provider. For more information, see [Register your machines and assign permissions for Azure Local deployment](deployment-arc-register-server-permissions.md).
 
 
@@ -3,7 +3,7 @@ author: alkohli
 ms.author: alkohli
 ms.service: azure-local
 ms.topic: include
-ms.date: 10/11/2024
+ms.date: 04/22/2025
 ---
 
 
@@ -12,9 +12,9 @@ SDN uses a VHDX file containing either the Azure Stack HCI or Windows Server ope
 > [!NOTE]
 > The version of the OS in your VHDX must match the version used by the Azure Local Hyper-V machines. This VHDX file is used by all SDN infrastructure components.
 
-To download an English-language version of the VHDX file, see [Download the operating system from the Azure portal](../deploy/download-23h2-software.md). Make sure to select **English VHDX** from the **Choose language** dropdown list.
+[Download an English-language version of the VHDX file](https://aka.ms/PVvxVBVCVVC).
 
-Currently, a non-English VHDX file isn't available for download. If you require a non-English version, download the corresponding ISO file and convert it to VHDX using the `Convert-WindowsImage` cmdlet. You must run this script from a Windows client computer. You'll probably need to run this script as Administrator and modify the execution policy for scripts using the `Set-ExecutionPolicy` command.
+Currently, a non-English VHDX file isn't available for download. If you require a non-English version, [download the corresponding ISO file](../deploy/download-23h2-software.md) and convert it to VHDX using the `Convert-WindowsImage` cmdlet. You must run this script from a Windows client computer. You'll probably need to run this script as Administrator and modify the execution policy for scripts using the `Set-ExecutionPolicy` command.
 
 The following syntax shows an example of using `Convert-WindowsImage`: