Merge pull request #260470 from MicrosoftDocs/main

Publish to Live Wednesday 4AM PST 12/06

Author: PMEds28

articles/azure-arc/vmware-vsphere/deliver-extended-security-updates-for-vmware-vms-through-arc.md

@@ -0,0 +1,67 @@
+---
+title:  Deliver ESUs for VMware VMs through Arc
+description: Deliver ESUs for VMware VMs through Azure Arc. 
+ms.date: 12/06/2023
+ms.topic: how-to
+ms.services: azure-arc
+ms.subservice: azure-arc-vmware-vsphere
+author: Farha-Bano
+ms.author: v-farhabano
+manager: jsuri
+keywords: "VMware, Arc, Azure"
+---
+
+# Deliver ESUs for VMware VMs through Arc
+
+Azure Arc-enabled VMware vSphere allows you to enroll all the Windows Server 2012/2012 R2 VMs managed by your vCenter in [Extended Security Updates](https://learn.microsoft.com/windows-server/get-started/extended-security-updates-overview) (ESUs) at scale. 
+
+ESUs allow you to leverage cost flexibility in the form of pay-as-you-go Azure billing and enhanced delivery experience in the form of built-in inventory and keyless delivery. In addition, ESUs enabled by Azure Arc give you access to Azure management services such as [Azure Update Manager](https://learn.microsoft.com/azure/update-manager/overview?tabs=azure-vms), [Azure Automation Change Tracking and Inventory](https://learn.microsoft.com/azure/automation/change-tracking/overview?tabs=python-2), and [Azure Policy Guest Configuration](https://learn.microsoft.com/azure/cloud-adoption-framework/manage/azure-server-management/guest-configuration-policy) at no additional cost. 
+
+This article provides the steps to procure and deliver ESUs to WS 2012 and 2012 R2 VMware VMs onboarded to Azure Arc-enabled VMware vSphere. 
+
+>[!Note]
+> - To purchase ESUs, you must have Software Assurance through Volume Licensing Programs such as an Enterprise Agreement (EA), Enterprise Agreement Subscription (EAS), Enrollment for Education Solutions (EES), or Server and Cloud Enrollment (SCE). Alternatively, if your Windows Server 2012/2012 R2 machines are licensed through SPLA or with a Server Subscription, Software Assurance isn't required to purchase ESUs.
+
+## Prerequisites
+
+- The user account must have an Owner/Contributor role in a Resource Group in Azure to create and assign ESUs to VMware VMs. 
+- The vCenter managing the WS 2012 and 2012 R2 VMs, for which the ESUs are to be applied, should be [onboarded to Azure Arc](./quick-start-connect-vcenter-to-arc-using-script.md). After onboarding, the WS 2012 and 2012 R2 VMs, for which the ESUs are to be applied, should be [Azure-enabled](./browse-and-enable-vcenter-resources-in-azure.md) and [guest management enabled](./enable-guest-management-at-scale.md). 
+
+## Create Azure Arc ESUs 
+
+1.	Sign in to the [Azure portal](https://portal.azure.com/).
+2.	On the **Azure Arc** page, select **Extended Security Updates** in the left pane. Here, you can view and create ESU Licenses and view eligible resources for ESUs.
+3.	The **Licenses** tab displays Azure Arc WS 2012 licenses that are available. Select an existing license to apply or create a new license.
+
+    :::image type="content" source="media/deliver-esus-for-vmware-vms/select-or-create-license.png" alt-text="Screenshot of how to create a new license." lightbox="media/deliver-esus-for-vmware-vms/select-or-create-license.png":::
+
+4.	To create a new WS 2012 license, select **Create**, and then provide the information required to configure the license on the page. For detailed information on how to complete this step, see [License provisioning guidelines for Extended Security Updates for Windows Server 2012](../servers/license-extended-security-updates.md).
+5.	Review the information provided and select **Create**. The license you created appears in the list, and you can link it to one or more Arc-enabled VMware vSphere VMs by following the steps in the next section.
+
+    :::image type="content" source="media/deliver-esus-for-vmware-vms/new-license-created.png" alt-text="Screenshot showing the successful creation of a new license." lightbox="media/deliver-esus-for-vmware-vms/new-license-created.png":::
+
+## Link ESU licenses to Arc-enabled VMware vSphere VMs
+
+You can select one or more Arc-enabled VMware vSphere VMs to link to an ESU license. Once you've linked a VM to an activated ESU license, the VM is eligible to receive Windows Server 2012 and 2012 R2 ESUs.
+
+>[!Note]
+> You have the flexibility to configure your patching solution of choice to receive these updates – whether it's [Azure Update Manager](https://learn.microsoft.com/azure/update-center/overview), [Windows Server Update Services](https://learn.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), Microsoft Updates, [Microsoft Endpoint Configuration Manager](https://learn.microsoft.com/mem/configmgr/core/understand/introduction), or a third-party patch management solution.
+
+1.	Select the **Eligible Resources** tab to view a list of all your Arc-enabled server machines running Windows Server 2012 and 2012 R2, including VMware machines that are guest management enabled. The **ESUs status** column indicates whether the machine is ESUs enabled.
+ 
+    :::image type="content" source="media/deliver-esus-for-vmware-vms/view-arc-enabled-machines.png" alt-text="Screenshot of arc-enabled server machines running Windows Server 2012 and 2012 R2 under the eligible resources tab." lightbox="media/deliver-esus-for-vmware-vms/view-arc-enabled-machines.png":::
+
+2.	To enable ESUs for one or more machines, select them in the list, and then select **Enable ESUs**.
+3.	On the **Enable Extended Security Updates** page, you can see the number of machines selected to enable ESUs and the WS 2012 licenses available to apply. Select a license to link to the selected machine(s) and select **Enable**.
+
+    :::image type="content" source="media/deliver-esus-for-vmware-vms/enable-license.png" alt-text="Screenshot of how to select and enable license." lightbox="media/deliver-esus-for-vmware-vms/enable-license.png":::
+
+4.	The **ESUs status** column value of the selected machines changes to **Enabled**.
+
+    >[!Note]
+    > - See [Troubleshoot delivery of Extended Security Updates for Windows Server 2012](../servers/troubleshoot-extended-security-updates.md) to troubleshoot any problems that occur during the enablement process.<br>
+    > - Review the [additional scenarios](../servers/deliver-extended-security-updates.md#additional-scenarios) in which you may be eligible to receive ESU patches at no additional cost.
+
+## Next steps
+
+[Programmatically deploy and manage Azure Arc Extended Security Updates licenses](../servers/api-extended-security-updates.md).

articles/azure-arc/vmware-vsphere/media/deliver-esus-for-vmware-vms/enable-license.png

@@ -36,6 +36,10 @@
         href: setup-and-manage-self-service-access.md
       - name: Perform VM operations on VMware VMs through Azure
         href: perform-vm-ops-through-azure.md
+  - name: Enable Extended Security Updates
+    items:
+      - name: Deliver ESUs for VMware VMs through Arc
+        href: deliver-extended-security-updates-for-vmware-vms-through-arc.md
   - name: Administer
     items: 
     - name: Administer Arc-enabled VMware vSphere

articles/azure-arc/vmware-vsphere/media/deliver-esus-for-vmware-vms/new-license-created.png

@@ -50,10 +50,7 @@ Use the script to enable VM insights using Azure Monitoring Agent and  Dependenc
 
 ### [Azure Monitor Agent](#tab/AMA)
 
-
-AMA Onboarding 
-If AMA is onboarded, a Data Collection Rule (DCR) and a User Assigned Managed Identity (UAMI) is also associated to the VM/VMSS and UAMI settings are passed over to AMA extension.   
-
+When you enable VM insights using Azure Monitor Agent, the script associates a Data Collection Rule (DCR) and a User Assigned Managed Identity (UAMI) to the VM/VMSS, and passes the UAMI settings to the Azure Monitor Agent extension.   
 
 ```powershell
 Install-VMInsights.ps1 -SubscriptionId <SubscriptionId> `

articles/azure-arc/vmware-vsphere/media/deliver-esus-for-vmware-vms/select-or-create-license.png

@@ -15,50 +15,47 @@ This article describes how to enable VM insights for a virtual machine or Virtua
 - Azure Virtual Machine Scale Sets
 - Hybrid virtual machines connected with Azure Arc
 
+If you aren't familiar with how to deploy a Resource Manager template, see [Deploy templates](#deploy-templates).
+
 ## Prerequisites
 
 - [Log Analytics workspace](./vminsights-configure-workspace.md).
-- To enable VM insights for Log Analytics agent, [configure your Log Analytics workspace for VM insights](../vm/vminsights-configure-workspace.md). This prerequisite isn't relevant if you're using Azure Monitor Agent.  
 - See [Supported operating systems](./vminsights-enable-overview.md#supported-operating-systems) to ensure that the operating system of the virtual machine or Virtual Machine Scale Set you're enabling is supported. 
 - See [Manage the Azure Monitor agent](../agents/azure-monitor-agent-manage.md#prerequisites) for prerequisites related to Azure Monitor agent.
 
 ## Resource Manager templates
-Azure Resource Manager templates are available for download that onboard virtual machines and Virtual Machine Scale Sets. A different set of templates is used for Azure Monitor agent and Log Analytics agent. The templates install the required agents and perform the configuration required to onboard to machine to VM insights.
-
-
-If you aren't familiar how to deploy a Resource Manager template, see [Deploy templates](#deploy-templates) for different options.
+Use the Azure Resource Manager templates provided in this article to onboard virtual machines and Virtual Machine Scale Sets using Azure Monitor agent and Log Analytics agent. The templates install the required agents and perform the configuration required to onboard to machine to VM insights.
 
 >[!NOTE]
->The template needs to be deployed in the same resource group as the virtual machine or virtual machine scale set being enabled.
+> Deploy the template in the same resource group as the virtual machine or virtual machine scale set being enabled.
 
-## Azure Monitor agent
-Download the [Azure Monitor agent templates](https://github.com/Azure/AzureMonitorForVMs-ArmTemplates/releases/download/vmi_ama_ga/DeployDcr.zip). You must first install the data collection rule and can then install agents to use that DCR. 
+## Enable VM insights using Azure Monitor Agent
+First deploy the data collection rule, and then install agents to use that data collection rule. 
 
 ###  Deploy data collection rule
-You only need to perform this step once. This will install the DCR that's used by each agent. The DCR will be created in the same resource group as the workspace with a name in the format "MSVMI-{WorkspaceName}".
 
-Use on of the following sets of template and parameter files folders depending on your requirements:
+This step installs a data collection rule, named `MSVMI-{WorkspaceName}`, in the same resource group as your Log Analytics workspace:
 
-| Folder | File | Description |
-|:---|:---|
-| DeployDcr\\<br>PerfAndMapDcr | DeployDcrTemplate<br>DeployDcrParameters | Enable both Performance and Map experience of VM Insights. |
-| DeployDcr\\<br>PerfOnlyDcr | DeployDcrTemplate<br>DeployDcrParameters | Enable only Performance experience of VM Insights. |
+1. Download the [VM insights data collection rule templates](https://github.com/Azure/AzureMonitorForVMs-ArmTemplates/releases/download/vmi_ama_ga/DeployDcr.zip).
+1. Install one of these sets of template and parameter files based on your requirements:
+
+   | Folder | File | Description |
+   |:---|:---|
+   | DeployDcr\\<br>PerfAndMapDcr | DeployDcrTemplate<br>DeployDcrParameters | Enable both Performance and Map experience of VM Insights. |
+   | DeployDcr\\<br>PerfOnlyDcr | DeployDcrTemplate<br>DeployDcrParameters | Enable only Performance experience of VM Insights. |
 
 
 ### Deploy agents to machines
-Once the data collection rule has been created, deploy the agents using one of the templates in the following table. You specify the resource ID of the DCR that you created in the first step in the parameters file. Each of the templates requires that the virtual machine or Virtual Machine Scale Set is already created.
 
-| Folder | File | Description |
-|:---|:---|
-| ExistingVmOnboarding\\<br>PerfAndMapOnboarding | ExistingVmOnboardingTemplate.json<br>ExistingVmOnboardingParameters.json  | Enable both Performance and Map experience for virtual machine. Use with PerfAndMapDcr. |
-| ExistingVmOnboarding\\<br>PerfOnlyOnboarding | ExistingVmOnboardingTemplate.json<br>ExistingVmOnboardingParameters.json  | Enable only Performance experience for virtual machine. Use with PerfOnlyDCR. |
-| ExistingVmssOnboarding\\<br>PerfAndMapOnboarding | ExistingVmOnboardingTemplate.json<br>ExistingVmssOnboardingParameters.json  | Enable both Performance and Map experience for Virtual Machine Scale Set. Use with PerfAndMapDcr. |
-| ExistingVmssOnboarding\\<br>PerfOnlyOnboarding | ExistingVmOnboardingTemplate.json<br>ExistingVmssOnboardingParameters.json  | Enable only Performance experience for Virtual Machine Scale Set. Use with PerfOnlyDCR. |
+After you create the data collection rule, deploy:
 
+- [Azure Monitor Agent for Linux or Windows](../agents/resource-manager-agent.md#azure-monitor-agent).
+- [Dependency agent for Linux](../../virtual-machines/extensions/agent-dependency-linux.md) or [Dependency agent or Windows](../../virtual-machines/extensions/agent-dependency-windows.md) if you want to enable the Map feature. 
+  
 > [!NOTE]
 > If your virtual machines scale sets have an upgrade policy set to manual, VM insights will not be enabled for instances by default after installing the template. You must manually upgrade the instances.
 
-## Log Analytics agent
+## Enable VM insights using Log Analytics agent
 Download the [Logs Analytics agent templates](https://aka.ms/VmInsightsARMTemplates). You must first configure the workspace and can then install agents to use that DCR.
 
 ### Configure workspace
@@ -81,20 +78,7 @@ Once the workspace has been configured, deploy the agents using one of the templ
 | ExistingVmssOnboarding | ExistingVmssOnboarding.json<br>ExistingVmssOnboarding.json | Enables VM insights on existing Virtual Machine Scale Set. |
 | ExistingArcVmOnboarding | ExistingArcVmOnboarding.json<br>ExistingArcVmOnboarding.json | Enables VM insights on existing Arc-enabled server. |
 
-
 ## Deploy templates
-The templates can be deployed using [any deployment method for Resource Manager templates](../../azure-resource-manager/templates/deploy-powershell.md) including the following examples using PowerShell and CLI.
-
-```powershell
-New-AzResourceGroupDeployment -Name OnboardCluster -ResourceGroupName <ResourceGroupName> -TemplateFile <Template.json> -TemplateParameterFile <Parameters.json>
-```
-
-
-```azurecli
-az deployment group create --resource-group <ResourceGroupName> --template-file <Template.json> --parameters <Parameters.json>
-```
-
-## To deploy a Resource Manager template
 Each folder in the download has a template and a parameters file. Modify the parameters file with required details such as Virtual Machine Resource ID, Workspace resource ID, data collection rule resource ID, Location, and OS Type. Don't modify the template file unless you need to customize it for your particular scenario.
 
 ### Deploy with the Azure portal
@@ -116,9 +100,6 @@ az account set --subscription "Subscription Name"
 az deployment group create --resource-group <ResourceGroupName> --template-file <Template.json> --parameters <Parameters.json>
 ```
 
-
-
-
 ## Next steps
 
 Now that monitoring is enabled for your virtual machines, this information is available for analysis with VM insights.

articles/azure-arc/vmware-vsphere/media/deliver-esus-for-vmware-vms/view-arc-enabled-machines.png

@@ -14,7 +14,35 @@ This article lists significant changes to Azure Monitor documentation.
 > [!TIP]
 > Get notified when this page is updated by copying and pasting the following URL into your feed reader:
 >
-> :::image type="content" source="./media//whats-new/rss.png" alt-text="An rss icon":::  https://aka.ms/azmon/rss
+> :::image type="content" source="./media//whats-new/rss.png" alt-text="An rss icon.":::  https://aka.ms/azmon/rss
+
+## November 2023
+
+|Subservice | Article | Description |
+|---|---|---|
+Agents|[Migrate to Azure Monitor Agent from Log Analytics agent](agents/azure-monitor-agent-migration.md)|Container Insights is now generally available with Azure Monitor Agent.|
+Agents|[Azure Monitor Agent overview](agents/agents-overview.md)|Azure Monitor Agent now supports AlmaLinux 9, Oracle Linux 9, and Rocky Linux 9.|
+Alerts|[Create or edit an alert rule](alerts/alerts-create-new-alert-rule.md)|Added limitations of stateful log alerts.|
+Alerts|[Troubleshoot Azure Monitor metric alerts](alerts/alerts-troubleshoot-metric.md)|Documented network error that can occur if you create a metric alert rule that uses a large number of dimensions, creating a payload that is too large for the network. We also documented possible workarounds for this issue.|
+Alerts|[Create a metric alert with dynamic thresholds](alerts/alerts-dynamic-thresholds.md)|We restructured the section on Azure Monitor alerts, so that the content is more easily findable and usable.|
+Alerts|[Create or edit an alert rule](alerts/alerts-create-new-alert-rule.md)|Corrected information about dimensions. Dimensions are retrieved from the last 24 hours, not 48 hours.|
+Alerts|[Connect Azure to ITSM tools by using IT Service Management](alerts/itsmc-definition.md)|Added documentation to note that as of October 2023, we don't support the using ITSM actions to send alerts and events to ServiceNow in the Azure portal.|
+Alerts|[Create or edit an alert rule](alerts/alerts-create-new-alert-rule.md)|When you create a log alert rule, if you're querying an ADX or ARG cluster, the data sources accessed by the query, must have the Reader role.|
+Application-Insights|[Application Insights overview](app/app-insights-overview.md)|OpenTelemetry for .NET Core reached general availability and is now fully supported.|
+Application-Insights|[Enable Azure Monitor OpenTelemetry for .NET, Node.js, Python and Java applications](app/opentelemetry-enable.md)|Our OpenTelemetry FAQ section has been updated to reflect the general availability status of OpenTelemetry for .NET Core.|
+Application-Insights|[Monitor your Node.js services and apps with Application Insights](app/nodejs.md)|A dedicated troubleshooting article is now available to assist with issues related to monitoring Node.js apps.|
+Application-Insights|[Application Insights availability tests](app/availability-overview.md)|We enabled TLS 1.3 in Availability Tests and updated our troubleshooting information.|
+Containers|[Data transformations in Container insights](containers/container-insights-transformations.md)|New article describes how to transform data using a DCR transformation in Container insights|
+Containers|[Enable Container insights](containers/container-insights-onboard.md)|New article: Enable private link with Container insights|
+Essentials|[Azure Monitor managed service for Prometheus rule groups](essentials/prometheus-rule-groups.md)|Create or edit Prometheus rule group in the Azure portal (preview)|
+Logs|[Detect and mitigate potential issues using AIOps and machine learning in Azure Monitor](logs/aiops-machine-learning.md)|Microsoft Copilot for Azure now helps you write KQL queries to analyze data and troubleshoot issues based on prompts, such as "Are there any errors in container logs?". |
+Logs|[Best practices for Azure Monitor Logs](./best-practices-logs.md)|More guidance on Azure Monitor Logs features that provide enhanced resilience.|
+Logs|[Data retention and archive in Azure Monitor Logs](logs/data-retention-archive.md)|Azure Monitor Logs extended archiving of data to up to 12 years.|
+Logs|[Set a table's log data plan to Basic or Analytics](logs/basic-logs-configure.md)|Added Basic logs support for Network managers tables.|
+Virtual-Machines|[Enable VM insights in the Azure portal](vm/vminsights-enable-portal.md)|Azure portal no longer supports enabling VM insights using Log Analytics agent.|
+Virtual-Machines|[Azure Monitor SCOM Managed Instance](vm/scom-managed-instance-overview.md)|Azure Monitor SCOM Managed Instance is now generally available.|
+Visualizations|[Azure Workbooks](visualize/workbooks-overview.md)|We clarified that when you're viewing Azure workbooks, you can see all of the workbooks that are in your current view. In order to see all of your existing workbooks of any kind, you must Browse across galleries. |
+
 
 ## October 2023