Merge pull request #18550 from haraldfianbakken/release-local-disconnectednew

Release local disconnectednew

Author: prmerger-automator[bot]

azure-local/manage/disconnected-operations-cli.md

@@ -51,11 +51,10 @@ For disconnected operations:
 1. Understand [public key infrastructure (PKI) for Azure Local with disconnected operations (preview)](disconnected-operations-pki.md)
 2. Set up and configure the certificate trusts for Azure CLI using PowerShell.
 
-    Here's an example script:
-
-    ```console
-    First, import the helper method as defined in this section:
+    Here's an example script you can run in Powershell:
 
+    ```powershell    
+        # Define the helper method
         function UpdatePythonCertStore
         {
             [CmdletBinding()]
@@ -109,9 +108,8 @@ For disconnected operations:
             Write-Verbose "[END] Updating CLI cert store"
         }
 
-    Next, run the helper method in PowerShell:
-
-    UpdatePythonCertStore -ApplianceRootCertPath D:\applianceIngressRoot.cer
+        # Run the helper method in PowerShell:
+        UpdatePythonCertStore -ApplianceRootCertPath D:\applianceIngressRoot.cer
     ```
 
 ## Set up Azure CLI for disconnected operations

azure-local/manage/disconnected-operations-deploy.md

@@ -51,6 +51,8 @@ Here's a checklist of things you need before you deploy Azure Local with disconn
 - DNS server to resolve IP to FQDN names.
 - Local credentials for Azure Local machines.
 - Active directory credentials for Azure Local deployment.
+- [Active directory OU and networking requirements](../deploy/deployment-prerequisites.md).
+- [Local credentials and AD credentials to meet minimum password complexity](../deploy/deployment-prerequisites.md).
 - [Active directory prepared for Azure Local deployment](../deploy/deployment-prep-active-directory.md).
 - Certificates to secure ingress endpoints (24 certificates) and the public key (root) used to create these certificates.
 - Certificates to secure the management endpoint (2 certificates).
@@ -561,6 +563,28 @@ In this section, verify the installation and create local Azure resources.
 1. Sign in to your identity provider using the credentials you configured during the deployment.
     - You should see a familiar Azure portal running in your network.
 
+### Register required resource providers
+
+Make sure you register the required resource providers before deployment. Here's an example of how to automate the resource providers registration from Azure CLI.
+
+```azurecli  
+    az cloud set -n 'azure.local'
+    az login  
+    az provider register --namespace Microsoft.AzureStackHCI
+    az provider register --namespace Microsoft.ExtendedLocation
+    az provider register --namespace Microsoft.ResourceConnector
+    az provider register --namespace Microsoft.EdgeArtifact
+```
+
+Wait until all resource providers are in the state **Registered**. Here's a sample Azure CLI command to list all resource providers and their statuses.
+
+```azurecli  
+    az provider list -o table
+``` 
+
+> [!NOTE] 
+> You can also register or view resource provider statuses in the local portal. To do this, go to your **Subscription**, click the dropdown arrow for **Settings**, and select **Resource providers**. 
+
 ### Create resource group SPN for cluster  
 
 Use the operator account to create an SPN for Arc initialization of each Azure Local node. To create the SPN, follow these steps:
@@ -670,7 +694,6 @@ To initialize each node, follow these steps. Modify where necessary to match you
     ResourceGroup    = $resourcegroup
     SubscriptionID   = $applianceSubscriptionId
     TenantID         = $applianceTenantId
-    Force            = $true
     CloudFqdn        = $applianceFQDN
     }
     ```
@@ -693,13 +716,7 @@ To initialize each node, follow these steps. Modify where necessary to match you
 
 To enable Azure Local to be air-gapped or deployed fully disconnected, you must do the following on each node:
 
-- Run this command to add the required environment variable:
-
-```powershell
- [Environment]::SetEnvironmentVariable("NUGET_CERT_REVOCATION_MODE", "offline", [System.EnvironmentVariableTarget]::Machine)
-```
-
-- Configure the timeserver to use your domain controller, for example. Modify the script and run it from PowerShell:
+- Configure the timeserver to use your domain controller. Modify the script and run it from PowerShell:
 
 ```powershell
 w32tm /config /manualpeerlist:"dc.contoso.com" /syncfromflags:manual /reliable:yes /update
@@ -761,7 +778,7 @@ From a client with network access to the management endpoint, import the **Opera
 
 ```powershell  
 Import-Module "C:\azurelocal\OperationsModule\Azure.Local.DisconnectedOperations.psd1" -Force  
-$password = ConvertTo-SecureString “RETRACTED” -AsPlainText -Force  
+$password = ConvertTo-SecureString 'RETRACTED' -AsPlainText -Force  
 $context = Set-DisconnectedOperationsClientContext -ManagementEndpointClientCertificatePath "${env:localappdata}\AzureLocalOpModuleDev\certs\ManagementEndpoint\ManagementEndpointClientAuth.pfx" -ManagementEndpointClientCertificatePassword $password -ManagementEndpointIpAddress "169.254.53.25"  
 ```  
 

azure-local/manage/disconnected-operations-known-issues.md

@@ -16,13 +16,13 @@ ms.reviewer: hafianba
 
 This article lists critical known issues and their workarounds in disconnected operations for Azure Local.
 
-These release notes update continuously, and we add critical issues that require a workaround as we find them. Before you deploy disconnected operations with Azure Local, review the information here.
+These release notes update continuously, and we add critical issues that need a workaround as we find them. Before you deploy disconnected operations with Azure Local, review the information here.
 
-## Known issues for version 2506
+## Known issues in the preview release
 
 ### Azure Local deployment with Azure Keyvault
 
-Role-Based Access Control (RBAC) permissions on a newly created Azure Key Vault take up to 20 minutes to propagate. If you create the Azure Key Vault in the local portal and try to finish the cloud deployment, you might encounter permission issues when validating the cluster before deployment.
+Role-Based Access Control (RBAC) permissions on a newly created Azure Key Vault can take up to 20 minutes to propagate. If you create the Azure Key Vault in the local portal and try to finish the cloud deployment, you might run into permission issues when validating the cluster before deployment.
 
 **Mitigation**: Wait 20 minutes after you create the Azure Key Vault to finish deploying the cluster, or create the key vault ahead of time. Assign the managed identity for each node, the key vault admin, and the user deploying to the cloud explicit roles on the key vault: **Key Vault Secrets Officer** and **Key Vault Data Access Administrator**.
 
@@ -33,8 +33,8 @@ param($resourceGroupName = "aldo-disconnected", $keyVaultName = "aldo-kv", $subs
 
 $location = "autonomous"
 
-Write-Verbose "Login interactive with user that will do cloud deployment"
-# Login to Azure CLI (use the user you will run the portal deployment flow)"
+Write-Verbose "Sign in interactive with the user who does cloud deployment"
+# Sign in to Azure CLI (se the user you run the portal deployment flow with)"
 az login 
 az account set --subscription $subscriptionName
 $accountInfo = (az account show)|convertfrom-json
@@ -45,13 +45,13 @@ $rg = (az group create --name $resourceGroupName --location $location)|Convertfr
 $kv = (az keyvault create --name $keyVaultName --resource-group $resourceGroupName --location $location --enable-rbac-authorization $true)|Convertfrom-json
 
 Write-Verbose "Assigning permissions to $($accountInfo.user.name) on the Key Vault"
-# Assign the secrets officer role to the resource group (could use KV explicit).
+# Assign the secrets officer role to the resource group (you can use KV explicit).
 az role assignment create --assignee $accountInfo.user.name --role "Key Vault Secrets Officer" --scope $kv.Id
 az role assignment create --assignee $accountInfo.user.name --role "Key Vault Data Access Administrator" --scope $kv.Id
 
 $machines = (az connectedmachine list -g $resourceGroupName)|ConvertFrom-Json
 
-# For now only supporting minimum 3 machines for ALDO
+# For now, only support a minimum of 3 machines for Azure Local disconnected operations
 if($machines.Count -lt 3){
     Write-Error "No machines found in the resource group $resourceGroupName. Please check the resource group and try again. Please use the same resource group as where your Azure Local nodes are"
     return 1
@@ -90,7 +90,7 @@ After you stop an Arc VM, the start, restart, and delete buttons in the Azure po
 
 #### Unable to view the network interface or read properties on an Arc VM
 
-Viewing the network interface or properties on an Arc VM in the portal isn't supported in this release.
+Viewing the network interface or properties on an Arc VM in the portal is unsupported in this preview release.
 
 #### Portal showing unsaved change notification after updating VM size
 
@@ -121,7 +121,7 @@ ssh-keygen -t rsa
 
 #### Update or scale a node pool from the portal is disabled
 
-Updating or scaling a node pool from the portal is currently not supported.
+Updating or scaling a node pool from the portal is unsupported in this preview release.
 
 **Mitigation**: Use the CLI to update or scale a node pool.
 
@@ -150,13 +150,13 @@ Ignore the portal warning for this release.
 
 When attempting to create a Kubernetes cluster with Entra authentication, you encounter an error.
 
-**Mitigation**: Only local accounts with Kubernetes RBAC are supported in this preview.
+**Mitigation**: Only local accounts with Kubernetes RBAC are supported in this preview release.
 
 #### Arc extensions
 
 When navigating to extensions on an AKS cluster the add button is disabled and there aren't any extensions listed.
 
-Arc extensions are unsupported in this release.
+Arc extensions are unsupported in this preview release.
 
 #### AKS resource shows on portal after deletion
 
@@ -168,23 +168,23 @@ After successfully deleting an AKS cluster from portal the resource continues to
 az aksarc delete
 ```
 
-### Export Host Guardian Service certificates
+#### Export Host Guardian Service certificates
 
-This feature isn't supported in this release.
+This feature is unsupported in this preview release.
 
-### Restart a node or the control plane VM
+#### Restart a node or the control plane VM
 
 After you restart a node or the control plane VM, the system might take up to an hour to become fully ready. If you notice issues with the local portal, missing resources, or failed deployments, check the appliance health using the **OperationsModule** to confirm that all services are fully converged.
 
 ### Subscriptions
 
-### Operator create subscription
+#### Operator create subscription
 
 After you create a new subscription as an operator, the subscription appears in the list as non-clickable and displays ***no access*** for the owner.
 
 **Mitigation**: Refresh your browser window.
 
-### Operator subscriptions view (timeout)
+#### Operator subscriptions view (timeout)
 
 If you're signed in as an operator, you might see a timeout screen and be unable to view, list, or create subscriptions.
 
@@ -224,9 +224,9 @@ When you select Sign-out, the request doesn't work.
 
 #### Template specs
 
-Template specs aren't supported in the preview release. Deployments that use ARM templates with template specs fail.
+Template specs are unsupported in the preview release. Deployments that use ARM templates with template specs fail.
 
-## Unsupported scenarios
+### Unsupported scenarios
 
 The following scenarios are unsupported in the preview release.