Sync release-hotfixes with main

Sync release-hotfixes with main

Author: sethmanheim

AKS-Arc/azure-rbac-local.md

@@ -6,8 +6,8 @@ ms.custom: devx-track-azurecli
 author: sethmanheim
 ms.author: sethm
 ms.reviewer: leslielin
-ms.date: 02/21/2025
-ms.lastreviewed: 02/21/2025
+ms.date: 05/21/2025
+ms.lastreviewed: 05/21/2025
 
 # Intent: As an IT Pro, I want to use Azure RBAC to authenticate connections to my AKS clusters over the Internet or on a private network.
 # Keyword: Kubernetes role-based access control AKS Azure RBAC AD
@@ -31,7 +31,7 @@ For a conceptual overview, see [Azure RBAC for Kubernetes Authorization](concept
 Before you begin, make sure you have the following prerequisites:
 
 - AKS on Azure Local currently supports enabling Azure RBAC only during Kubernetes cluster creation. You can't enable Azure RBAC after the Kubernetes cluster is created.
-- Install the latest version of the **aksarc** and **connectedk8s** Azure CLI extensions. Note that you need to run the **aksarc** extension version 1.1.1 or later to enable Azure RBAC. Run `az --version` to find the current version. If you need to install or upgrade Azure CLI, see [Install Azure CLI](/cli/azure/install-azure-cli).
+- You can enable Azure RBAC using either Azure CLI or the Azure portal. To use Azure CLI, you must install the latest versions of the **aksarc** and **connectedk8s** Azure CLI extensions. Note that you need the **aksarc** extension version 1.1.1 or later to enable Azure RBAC. Run `az --version` to find the current version. If you need to install or upgrade Azure CLI, see [Install Azure CLI](/cli/azure/install-azure-cli).
 
   ```azurecli
   az extension add --name aksarc
@@ -67,18 +67,30 @@ Before you begin, make sure you have the following prerequisites:
 
 You can create an Azure RBAC-enabled Kubernetes cluster for authorization and a Microsoft Entra ID for authentication.
 
+### [Azure CLI](#tab/azurecli)
+
 ```azurecli
 az aksarc create -n $aks_cluster_name -g $resource_group_name --custom-location $customlocation_ID --vnet-ids $logicnet_Id --generate-ssh-keys --enable-azure-rbac
 ```
 
 After a few minutes, the command completes and returns JSON-formatted information about the cluster.
 
+### [Azure portal](#tab/azureportal)
+
+1. Go to **Kubernetes - Azure Arc**, select the **Add** icon, and then select **Create a Kubernetes cluster with Azure Arc**.
+1. Under the **Access** tab, locate the authentication and authorization settings. Select **Microsoft Entra Authentication with Azure RBAC**.
+1. Complete all other desired configurations for your cluster.
+1. Select **Review + create** to create the cluster.
+---
+
 ## Step 2: Create role assignments for users to access the cluster
 
 [!INCLUDE [built-in-roles](includes/built-in-roles.md)]
 
 You can use the [`az role assignment create`](/cli/azure/role/assignment#az-role-assignment-create) command to create role assignments.
 
+### [Azure CLI](#tab/azurecli)
+
 First, get the `$ARM-ID` for the target cluster to which you want to assign a role.
 
 ```azurecli
@@ -95,6 +107,13 @@ az role assignment create --role "Azure Arc Kubernetes Viewer" --assignee <assig
 
 In this example, the scope is the Azure Resource Manager ID of the cluster. It can also be the resource group containing the Kubernetes cluster.
 
+### [Azure portal](#tab/azureportal)
+
+1. Go to **Azure Arc | Kubernetes clusters** and locate your Azure RBAC-enabled cluster for which you want to assign roles.
+1. Navigate to **Access control (IAM)**, select the **Add** icon, and then select **Add role assignment**. If the **Add role assignment** option is disabled, verify that Azure RBAC is enabled by checking **Settings > Properties > AAD profile > Enable Azure RBAC**.
+1. Follow the instructions to complete the role assignment. 
+---
+
 ### Create custom role definitions
 
 You can choose to create your own role definition for use in role assignments.

AKS-Arc/includes/supported-gpu-models.md

@@ -2,15 +2,15 @@
 author: sethmanheim
 ms.author: sethm
 ms.topic: include
-ms.date: 04/14/2025
+ms.date: 06/02/2025
 ms.reviewer: abha
-ms.lastreviewed: 04/14/2025
+ms.lastreviewed: 06/02/2025
 
 ---
 
 ## Supported GPU models
 
-The following GPU models are supported by AKS on Azure Local.
+The following GPU models are supported by AKS on Azure Local. Note that GPUs are only supported on Linux OS node pools. GPUs are not supported on Windows OS node pools.
 
 | Manufacturer | GPU model | Supported version |
 |--------------|-----------|-------------------|
@@ -45,4 +45,4 @@ The following VM sizes for each GPU model are supported by AKS on Azure Local.
 | Standard_NC4_A16   | 1 | 16 | 4  | 8  |
 | Standard_NC8_A16   | 1 | 16 | 8  | 16 |
 | Standard_NC16_A16  | 2 | 32 | 16 | 64 |
-| Standard_NC32_A16  | 2 | 32 | 32 | 128 |
+| Standard_NC32_A16  | 2 | 32 | 32 | 128 |

azure-local/deploy/download-23h2-software.md

@@ -5,7 +5,7 @@ author: alkohli
 ms.author: alkohli
 ms.topic: how-to
 ms.service: azure-local
-ms.date: 04/28/2025
+ms.date: 06/02/2025
 ---
 
 # Download operating system for Azure Local deployment
@@ -52,7 +52,7 @@ Follow these steps to download the software:
 
 1. On the **Download Azure Stack HCI** page, do the following:
 
-    1. Select the subscription in which you intend to deploy Azure Local. Ensure that the selected subscription has the Microsoft Azure Stack HCI resource provider registered.
+    1. Select the subscription in which you intend to deploy Azure Local. Ensure that the selected subscription has the Microsoft Azure Stack HCI resource provider registered and which you have **Reader** access at a minimum.
 
     :::image type="content" source="media/download-23h2-software/download-azure-stack-hci.png" alt-text="Screenshot of the Download Azure Stack HCI OS version 23H2 page showing step 1." lightbox="media/download-23h2-software/download-azure-stack-hci.png":::
 

azure-local/manage/azure-arc-vm-management-overview.md

@@ -56,6 +56,9 @@ Consider the following limitations when you're managing VMs on Azure Local:
   - VLAN ID
   - Virtual switch name
 
+> [!NOTE]
+> Taking a VM checkpoint locally is only supported for Azure Local 2504 and later.
+
 ## Components of Azure Local VM management
 
 Azure Local VM management has several components, including:

azure-local/manage/virtual-machine-operations.md

@@ -5,7 +5,7 @@ author: alkohli
 ms.author: alkohli
 ms.topic: concept-article
 ms.service: azure-local
-ms.date: 04/28/2025
+ms.date: 06/02/2025
 ---
 
 # Supported operations for Azure Local VMs enabled by Azure Arc
@@ -59,6 +59,7 @@ Perform the following VM operations only via the Azure CLI. Don't use the local
 - Save the VM state
 - Attach a GPU
 - Detach a GPU
+- Expand a data disk
 
 ### Local tools
 
@@ -93,9 +94,12 @@ You perform these operations either on the VM itself or on the cluster/node. The
 - Change the default location of VM files
 - Change automatic balancing of VMs in the cluster
 - Change the Hyper-V MAC address range on the node
-- Change the size of a disk (compact or expand)
+- Compact a disk
 - Checkpoint a VM (standard or production)
 
+> [!NOTE]
+> Taking a VM checkpoint locally is only supported for Azure Local 2504 and later.
+
 #### Operations supported only via Network ATC PowerShell cmdlets
 
 The following VM operations are supported only when you use the Network ATC PowerShell cmdlets. For more information, see [Customize cluster network settings](./manage-network-atc.md#customize-cluster-network-settings).
@@ -112,10 +116,11 @@ The following VM operations aren't supported.
 > [!IMPORTANT]
 > You can't perform these operations by using the Azure portal, the Azure CLI, or local tools. Performing these operations can lead to Azure Local VMs becoming unmanageable from the Azure portal.
 
-- Rename a VM inside the guest operating system
+- Rename a VM inside the guest operating cluster
 - Change the IP address of a network interface
 - Enable or change the VLAN ID of a network interface
 - Live migrate a VM from one cluster to another
+- Storage live migration on a VM
 - Change the type of disk (static, dynamic, VHD, or VHDX)
 
 If you need to change the IP address or the VLAN ID of a network interface, create a new network interface and delete the old one.