Sync release-hotfixes with main

Sync release-hotfixes with main

Author: sethmanheim

AKS-Hybrid/aks-edge-howto-deploy-azure-iot.md

@@ -1,25 +1,25 @@
 ---
 title: Azure IoT Operations with AKS Edge Essentials
-description: Learn how to use Azure IoT Operations with AKS Edge Essentials.
+description: Learn how to run the quickstart script that creates an Arc-enabled AKS Edge Essentials Kubernetes cluster that can run Azure IoT Operations.
 author: rcheeran
 ms.author: rcheeran
 ms.topic: how-to
 ms.date: 10/23/2024
 ms.custom: template-how-to
 ---
 
-# Deploy Azure IoT Operations on AKS Edge Essentials
+# Create and configure an AKS Edge Essentials cluster that can run Azure IoT Operations
 
-[Azure IoT Operations](/azure/iot-operations/overview-iot-operations) requires an Arc-enabled Kubernetes cluster. You can use AKS Edge Essentials to create a Microsoft-managed Kubernetes cluster and deploy Azure IoT Operations on it, as a workload. This article describes the steps to run a script that creates an AKS Edge Essentials Kubernetes cluster with the required configuration applicable for Azure IoT Operations.
+Azure Kubernetes Service (AKS) Edge Essentials is one of the supported cluster platforms for [Azure IoT Operations](/azure/iot-operations/overview-iot-operations). You can use AKS Edge Essentials to create a Microsoft-managed Kubernetes cluster and deploy Azure IoT Operations on it as a workload. This article describes the steps to run a script that creates an AKS Edge Essentials Kubernetes cluster with the required configurations for Azure IoT Operations and then connects that cluster to Azure Arc.
 
 > [!NOTE]
-> Azure IoT Operations is generally available on AKS Edge Essentials when deployed on single machine clusters. Deploying clusters on multiple machines is an experimental feature.
+> Azure IoT Operations supports AKS Edge Essentials when deployed on single machine clusters. Deploying clusters on multiple machines is an experimental feature.
 
 ## Prerequisites for running the script
 
 To run the script, you need the following prerequisites:
 
-- An Azure subscription with either the **Owner** role or a combination of **Contributor** and **User Access Administrator** roles. You can check your access level by navigating to your subscription, selecting **Access control (IAM)** on the left-hand side of the Azure portal, and then selecting **View my access**. For more information about managing resource groups, see the [Azure Resource Manager documentation](/azure/azure-resource-manager/management/manage-resource-groups-portal). If you don't have an Azure subscription, [create one for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+- An Azure subscription with either the **Owner** role or a combination of **Contributor** and **User Access Administrator** roles. You can check your access level by navigating to your subscription, selecting **Access control (IAM)** on the left-hand side of the Azure portal, and then selecting **View my access**. If you don't have an Azure subscription, [create one for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
 - Azure CLI version 2.64.0 or newer installed on your development machine. Use `az --version` to check your version and `az upgrade` to update if necessary. For more information, see [How to install the Azure CLI](/cli/azure/install-azure-cli).
 - Install the latest version of the following extensions for Azure CLI:
 
@@ -28,17 +28,17 @@ To run the script, you need the following prerequisites:
    az extension add --upgrade --name connectedk8s 
    ```
 
-- Hardware requirements: ensure that your machine has a minimum of 16-GB available RAM, 8 available vCPUs, and 52-GB free disk space reserved for Azure IoT Operations.
-- If you deploy Azure IoT Operations to a multi-node cluster with fault tolerance enabled, review the hardware and storage requirements in [Prepare Linux for Edge Volumes](/azure/azure-arc/container-storage/prepare-linux-edge-volumes).
+- Hardware requirements: ensure that your machine has a minimum of 16-GB available RAM, 4 available vCPUs, and 52-GB free disk space reserved for Azure IoT Operations.
 
-## Create an AKS Edge Essentials cluster for Azure IoT Operations
+## Create an Arc-enabled cluster
 
 The [AksEdgeQuickStartForAio.ps1](https://github.com/Azure/AKS-Edge/blob/main/tools/scripts/AksEdgeQuickStart/AksEdgeQuickStartForAio.ps1) script automates the process of creating and connecting a cluster, and is the recommended path for deploying Azure IoT Operations on AKS Edge Essentials. The script performs the following tasks:
 
 - Downloads the latest [AKS Edge Essentials MSI from this repo](https://github.com/Azure/aks-edge).
 - Installs AKS Edge Essentials, and deploys and creates a single machine Kubernetes cluster on your Windows machine.
 - Connects to the Azure subscription, creates a resource group if it doesn't already exist, and connects the cluster to Arc to create an Arc-enabled Kubernetes cluster.
 - Enables the custom location feature on the Arc-enabled Kubernetes cluster.
+- Enables the workload identity federation feature on the Arc-enabled Kubernetes cluster.
 - Deploys the local path provisioning.
 - Configures firewall rules on the host Windows machine for the MQTT broker.
 - On the Linux VM, which serves as the Kubernetes control plane node:
@@ -47,7 +47,7 @@ The [AksEdgeQuickStartForAio.ps1](https://github.com/Azure/AKS-Edge/blob/main/to
     - `sudo iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 9110 -j ACCEPT`
     - `sudo iptables -A INPUT -p tcp --dport (10124, 8420, 2379, 50051) -j ACCEPT`
 
-After you download the script, perform the following steps:
+To run the quickstart script, perform the following steps:
 
 1. Open an elevated PowerShell window and change the directory to a working folder.
 1. Get the `objectId` of the Microsoft Entra ID application that the Azure Arc service uses in your tenant. Run the following command exactly as written, without changing the GUID value.
@@ -71,20 +71,20 @@ After you download the script, perform the following steps:
    |SUBSCRIPTION_ID     |      The ID of your Azure subscription. If you don't know your subscription ID, see [Find your Azure subscription](/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription).   |
    |TENANT_ID  |    The ID of your Microsoft Entra tenant. If you don't know your tenant ID, see [Find your Microsoft Entra tenant](/azure/azure-portal/get-subscription-tenant-id#find-your-microsoft-entra-tenant).     |
    |RESOURCE_GROUP_NAME     |   The name of an existing resource group or a name for a new resource group to be created.      |
-   |LOCATION     |      An Azure region close to you. For the list of currently supported Azure regions, see [Supported regions](/azure/iot-operations/overview-iot-operations#supported-regions).   |
+   |LOCATION     |      An Azure region close to you. For the list of Azure IoT Operations's supported Azure regions, see [Supported regions](/azure/iot-operations/overview-iot-operations#supported-regions).   |
    |CLUSTER_NAME     |    A name for the new cluster to be created.     |
    |ARC_APP_OBJECT_ID     |  The object ID value that you retrieved in step 2.       |
 
-If there are issues during deployment; for example, if your machine reboots as part of this process, run the set of commands again.
+   If there are issues during deployment, like if your machine reboots as part of this process, run the set of commands again.
 
-Run the following commands to check that the deployment was successful:
+1. Run the following commands to check that the deployment was successful:
 
-```powershell
-Import-Module AksEdge
-Get-AksEdgeDeploymentInfo
-```
+   ```powershell
+   Import-Module AksEdge
+   Get-AksEdgeDeploymentInfo
+   ```
 
-In the output of the `Get-AksEdgeDeploymentInfo` command, you should see that the cluster's Arc status is **Connected**.
+   In the output of the `Get-AksEdgeDeploymentInfo` command, you should see that the cluster's Arc status is **Connected**.
 
 ## Verify your cluster
 

AKS-Hybrid/connect-to-arc.md

@@ -100,7 +100,7 @@ Make sure the service principal used in this command has the Owner role assigned
 If you want to enable custom locations on your cluster along with Azure Arc, run the following command to get the object ID of the custom location application, and then connect to Azure Arc using a service principal:
 
 ```powershell
-$objectID = (Get-AzADServicePrincipal -ApplicationId "bc313c14-388c-4e7d-a58e-70017303ee3b").Id
+$objectID = (Get-AzADServicePrincipal -ApplicationId "00001111-aaaa-2222-bbbb-3333cccc4444").Id
 Enable-AksHciArcConnection -name $clusterName -subscriptionId $subscriptionId -resourceGroup $resourceGroup -credential $Credential -tenantId $tenantId -location -customLocationsOid $objectID
 ```
 

AKS-Hybrid/deploy-load-balancer-cli.md

@@ -83,7 +83,7 @@ Microsoft.KubernetesRuntime  RegistrationRequired  Registered
 Obtain the Application ID of the Arc extension by running [az ad sp list](/cli/azure/ad/sp#az-ad-sp-list). In order to run the following command, you must be a `user` member of your Azure tenant. For more information about user and guest membership, see [default user permissions in Microsoft Entra ID](/entra/fundamentals/users-default-permissions).
 
 ```azurecli
-$objID = az ad sp list --filter "appId eq '087fca6e-4606-4d41-b3f6-5ebdf75b8b4c'" --query "[].id" --output tsv
+$objID = az ad sp list --filter "appId eq '00001111-aaaa-2222-bbbb-3333cccc4444'" --query "[].id" --output tsv
 ```
 
 Once you have the $objID, you can install the MetalLB Arc extension on your Kubernetes cluster. To run the below command, you need to have [**Kubernetes extension contributor**](/azure/role-based-access-control/built-in-roles/containers#kubernetes-extension-contributor) role.

AKS-Hybrid/reference/ps/set-akshciregistration.md

@@ -39,7 +39,7 @@ Registers AKS hybrid with Azure.
 ### Register AKS hybrid using a subscription ID and resource group name
 
 ```powershell
-Set-AksHciRegistration -subscriptionId 57ac26cf-a9f0-4908-b300-9a4e9a0fb205 -resourceGroupName myresourcegroup
+Set-AksHciRegistration -subscriptionId aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e -resourceGroupName myresourcegroup
 ```
 
 ### Register with a device login or while running in a headless shell

azure-managed-lustre/create-file-system-resource-manager.md

@@ -187,23 +187,23 @@ This section shows example contents for a JSON template file. You can remove opt
             "identity": {
               "type": "UserAssigned",
               "userAssignedIdentities": {
-                "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/<rg-name>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<identity-name>": {}
+                "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/<rg-name>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<identity-name>": {}
               }
             },
             "properties": {
               "encryptionSettings": {
                 "keyEncryptionKey": {
                   "keyUrl": "https://<keyvault-name>.vault.azure.net/keys/kvk/<key>",
                   "sourceVault": {
-                    "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/<rg-name>/providers/Microsoft.KeyVault/vaults/<keyvault-name>"
+                    "id": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/<rg-name>/providers/Microsoft.KeyVault/vaults/<keyvault-name>"
                   }
                 }
               },
-              "filesystemSubnet": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/<rg-name>/providers/Microsoft.Network/virtualNetworks/<vnet-name>/subnets/<subnet-name>",
+              "filesystemSubnet": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/<rg-name>/providers/Microsoft.Network/virtualNetworks/<vnet-name>/subnets/<subnet-name>",
               "hsm": {
                 "settings": {
-                  "container": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/<rg-name>/providers/Microsoft.Storage/storageAccounts/<storage-account-name>/blobServices/default/containers/<container-name>",
-                  "loggingContainer": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/<rg-name>/providers/Microsoft.Storage/storageAccounts/<storage-account-name>/blobServices/default/containers/<logging-container-name>",
+                  "container": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/<rg-name>/providers/Microsoft.Storage/storageAccounts/<storage-account-name>/blobServices/default/containers/<container-name>",
+                  "loggingContainer": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/<rg-name>/providers/Microsoft.Storage/storageAccounts/<storage-account-name>/blobServices/default/containers/<logging-container-name>",
                   "importPrefixesInitial": [
                     "/"
                   ]
@@ -247,26 +247,26 @@ resource filesystem 'Microsoft.StorageCache/amlFilesystems@2024-03-01' = {
   identity: {
     type: 'UserAssigned'
     userAssignedIdentities: {
-      '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/<rg-name>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<identity-name>': {}
+      '/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/<rg-name>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<identity-name>': {}
     }
   }
   properties: {
     encryptionSettings: {
       keyEncryptionKey: {
         keyUrl: 'https://<keyvault-name>.vault.azure.net/keys/kvk/<key>'
         sourceVault: {
-          id: '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/<rg-name>/providers/Microsoft.KeyVault/vaults/<keyvault-name>'
+          id: '/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/<rg-name>/providers/Microsoft.KeyVault/vaults/<keyvault-name>'
         }
       }
     }
-    filesystemSubnet: '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/<rg-name>/providers/Microsoft.Network/virtualNetworks/<vnet-name>/subnets/<subnet-name>'
+    filesystemSubnet: '/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/<rg-name>/providers/Microsoft.Network/virtualNetworks/<vnet-name>/subnets/<subnet-name>'
     hsm: {
       settings: {
-        container: '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/<rg-name>/providers/Microsoft.Storage/storageAccounts/<storage-account-name>/blobServices/default/containers/<container-name>'
+        container: '/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/<rg-name>/providers/Microsoft.Storage/storageAccounts/<storage-account-name>/blobServices/default/containers/<container-name>'
         importPrefixesInitial: [
           '/'
         ]
-        loggingContainer: '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/<rg-name>/providers/Microsoft.Storage/storageAccounts/<storage-account-name>/blobServices/default/containers/<logging-container-name>'
+        loggingContainer: '/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/<rg-name>/providers/Microsoft.Storage/storageAccounts/<storage-account-name>/blobServices/default/containers/<logging-container-name>'
       }
     }
     maintenanceWindow: {

azure-stack/hci/manage/monitor-hci-single-23h2.md

@@ -183,7 +183,7 @@ Provides health faults on a cluster.
 |--|--|--|--|
 | Fault | A short description of health faults. On clicking the link, a side panel opens with more information. | No unit | PoolCapacityThresholdExceeded |
 | Faulting resource type | The type of resource that encountered a fault. | No unit | StoragePool |
-| Faulting resource ID | Unique ID for the resource that encountered a health fault. | Unique ID | {1245340c-780b-4afc-af3c-f9bdc4b12f8a}: SP:{c57f23d1-d784-4a42-8b59-4edd8e70e830} |
+| Faulting resource ID | Unique ID for the resource that encountered a health fault. | Unique ID | {a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1}: SP:{b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2} |
 | Severity | Severity of fault could be warning or critical. | No unit | Warning |
 | Initial fault time | Timestamp of when server was last updated. | Datetime | 4/9/2022, 12:15:42 PM |
 

azure-stack/hci/manage/monitor-hci-single.md

@@ -482,7 +482,7 @@ Provides health faults on a cluster.
 |--|--|--|--|
 | Fault | A short description of health faults. On clicking the link, a side panel opens with more information. | No unit | PoolCapacityThresholdExceeded |
 | Faulting resource type | The type of resource that encountered a fault. | No unit | StoragePool |
-| Faulting resource ID | Unique ID for the resource that encountered a health fault. | Unique ID | {1245340c-780b-4afc-af3c-f9bdc4b12f8a}: SP:{c57f23d1-d784-4a42-8b59-4edd8e70e830} |
+| Faulting resource ID | Unique ID for the resource that encountered a health fault. | Unique ID | {a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1}: SP:{b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2} |
 | Severity | Severity of fault could be warning or critical. | No unit | Warning |
 | Initial fault time | Timestamp of when server was last updated. | Datetime | 4/9/2022, 12:15:42 PM |
 

azure-stack/hci/manage/troubleshoot-arc-enabled-vms.md

@@ -22,7 +22,7 @@ This section describes the errors related to Azure Arc VM management and their r
 
 When trying to run the command to enable guest management, you see the following error:
 
-**Error:** `Deployment failed. Correlation ID: 5d0c4921-78e0-4493-af16-dffee5cbf9d8. VM Spec validation failed for guest agent provisioning: Invalid managed identity. A system-assigned managed identity must be enabled in parent resource: Invalid Configuration`
+**Error:** `Deployment failed. Correlation ID: aaaa0000-bb11-2222-33cc-444444dddddd. VM Spec validation failed for guest agent provisioning: Invalid managed identity. A system-assigned managed identity must be enabled in parent resource: Invalid Configuration`
 
 This failure is because the managed identity wasn't created for this VM. System-assigned Managed Identity is required to enable guest management.
 

azure-stack/hci/manage/use-datacenter-firewall-powershell.md

@@ -322,7 +322,7 @@ These files contain a sequence of flow events, for example:
                 ]
             },
             "operationName":"NetworkSecurityGroupFlowEvents",
-            "resourceId":"394f647d-2ed0-4c31-87c5-389b8c0c8132",
+            "resourceId":"a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1",
             "time":"20180719:L012620622",
             "category":"NetworkSecurityGroupFlowEvent",
             "systemId":"d8b3b697-5355-40e2-84d2-1bf2f0e0dc4a"
@@ -407,4 +407,4 @@ For related information, see:
 
 - [Datacenter Firewall overview](../concepts/datacenter-firewall-overview.md).
 - [Network Controller overview](../concepts/network-controller-overview.md).
-- [SDN in Azure Stack HCI and Windows Server](../concepts/software-defined-networking.md).
+- [SDN in Azure Stack HCI and Windows Server](../concepts/software-defined-networking.md).

azure-stack/hci/update/update-troubleshooting-23h2.md

@@ -58,7 +58,7 @@ To collect logs for the update failures using PowerShell, follow these steps on
     PS C:\Users\lcmuser> $Failure = $Update|Get-SolutionUpdateRun
     PS C:\Users\lcmuser> $Failure
     
-    ResourceId      : redmond/Solution10.2303.1.7/2c21b859-e063-4f24-a4db-bc1d6be82c4e
+    ResourceId      : redmond/Solution10.2303.1.7/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1
     Progress        : Microsoft.AzureStack.Services.Update.ResourceProvider.UpdateService.Models.Step
     TimeStarted     : 4/21/2023 10:02:54 PM
     LastUpdatedTime : 4/21/2023 3:19:05 PM
@@ -78,7 +78,7 @@ To collect logs for the update failures using PowerShell, follow these steps on
     Here's sample output:
 
     ```output
-    PS C:\Users\lcmuser> Get-ActionplanInstance -actionplaninstanceid 2c21b859-e063-4f24-a4db-bc1d6be82c4e >log.txt
+    PS C:\Users\lcmuser> Get-ActionplanInstance -actionplaninstanceid a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 >log.txt
     
     PS C:\Users\lcmuser>notepad log.txt
     ```