Merge pull request #314806 from MicrosoftDocs/main

learn-build-service-prod[bot] · web-flow · commit f309479fd782 · 2026-04-16T11:11:19.000Z
Auto Publish – main to live - 2026-04-16 11:00 UTC
diff --git a/articles/backup/whats-new.md b/articles/backup/whats-new.md
@@ -19,6 +19,8 @@ You can learn more about the new releases by bookmarking this page or by [subscr
 
 ## Updates summary
 
+- April 2026
+  - [Simplified CLI experience to enable backup for AKS clusters](#simplified-cli-experience-to-enable-backup-for-aks-clusters)
 - January 2026
   - [Backup support for Confidential VMs (preview)](#backup-support-for-confidential-vms-preview)
 - November 2025
@@ -63,6 +65,13 @@ You can learn more about the new releases by bookmarking this page or by [subscr
 - January 2024
   - [Cross Region Restore support for PostgreSQL by using Azure Backup is now generally available](#cross-region-restore-support-for-postgresql-by-using-azure-backup-is-now-generally-available)
 
+## Simplified CLI experience to enable backup for AKS clusters
+
+Azure Backup now supports configuring backups for Azure Kubernetes Service (AKS) clusters using a single Azure CLI command. This simplified experience eliminates the need for multiple manual setup steps such as installing the Backup extension, preparing storage, creating a backup vault and policy, configuring Trusted Access, and creating the backup instance.
+ 
+The single command automatically completes all required configuration, including extension deployment, storage preparation, vault and policy provisioning or reuse, Trusted Access setup, and backup instance creation. Optional configuration files let you reference existing resources and apply tags, making this capability well‑suited for automation, infrastructure‑as‑code, and CI/CD pipelines.
+ 
+For more information, see [Configure AKS backup using a single CLI command](azure-kubernetes-service-cluster-backup-using-cli.md#configure-backup-using-a-single-azure-cli-command).
 
 ## Backup support for Confidential VMs (preview)
 
diff --git a/articles/migrate/migrate-support-matrix-vmware.md b/articles/migrate/migrate-support-matrix-vmware.md
@@ -294,7 +294,7 @@ Stack |VMware, Hyper-V, and physical servers. | VMware, Hyper-V, and physical se
 Windows servers | Windows Server 2008 R2 and later are supported. | Not supported.
 Linux servers | Not supported | Servers that meet the [requirements](/azure/migrate/migrate-support-matrix-vmware?view=migrate&tabs=businesscase#vmware-requirements)
 Web server versions | IIS 7.5 and later. | Tomcat 8 or later.
-Protocol | WinRM port 5986 (HTTPS) by default, if HTTPS prerequisites aren't configured on the target servers, communication falls back to WinRM port 5985 (HTTP) | SSH port 22 (TCP)
+Connection | Uses VMware tools. If VMware tools is not installed, WinRM port 5986 (HTTPS) is used by default. If HTTPS prerequisites aren't configured on the target servers, communication falls back to WinRM port 5985 (HTTP) | Uses VMware tools. If VMware tools is not installed, SSH port 22 (TCP) is used.
 Required privileges | The user should be a part of the two user groups 1. Remote Management Users 2. IIS_IUSRS. The users must have read permissions to the following locations: C:\Windows\system32\inetsrv\config, C:\Windows\system32\inetsrv\config\applicationHost.config and C:\Windows\system32\inetsrv\config\redirection.config. Add the user to 'log on as batch job' using secpol.msc and ensure user is not part of 'deny log on as batch job'  | **Read (r)** and **Execute (x)** permissions recursively on all CATALINA_HOME directories.
 
 > [!NOTE]
diff --git a/articles/migrate/whats-new.md b/articles/migrate/whats-new.md
@@ -23,6 +23,8 @@ ms.custom: mvc, engagement-fy25
 
 - Public preview: Azure Migrate now offers Azure Copilot migration agent, which provides a conversational experience to help you plan and analyze VMware migrations using Azure Migrate data. You can use natural language prompts to explore inventory, assess readiness, and evaluate migration strategies and business cases, while migration execution continues in the Azure Migrate portal. [Learn more](azure-copilot-migration-agent.md).
 
+- Public preview update: Security insights provide customers with a workload‑level view of risks in their on‑premises environment during migration planning. In addition to Servers and Software, it also assesses security risks in discovered Web apps and Databases. You can now identify web apps built on runtimes that are end of support and with vulnerabilities. Likewise, you can detect database instances with end of support platform and with vulnerabilities. [Learn more](insights-overview.md)
+
 ## Update (November 2025)
 
 - Azure Migrate now offers three built-in roles for role-based access control (RBAC), enabling you to implement least privilege access for your Azure Migrate projects. These new roles replace the previous requirement for Contributor or Owner permissions at the subscription level and allow you to grant only the necessary permissions for each migration phase.
diff --git a/articles/sentinel/sap/deploy-data-connector-agent-container.md b/articles/sentinel/sap/deploy-data-connector-agent-container.md
@@ -344,7 +344,10 @@ At this stage, the system's **Health** status is **Pending**. If the agent is up
 
     > [!IMPORTANT]
     > If you don't have the **Entra ID Application Developer** role or higher, and you select **deploy required Azure resources**, an error message is displayed, for example: "Deploy required Azure resources" (errors may vary). This means that the data collection rule (DCR) and data collection endpoint (DCE) were created, but you need to ensure that your Entra ID app registration is authorized. Continue to set up the correct authorization.
-
+    
+    > [!NOTE]
+    > When deploying the required Azure resources for the Microsoft Sentinel solution for SAP applications (agentless), Azure Resource Manager (ARM) may take up to **45 seconds** to complete resource provider operations. During this time, the deployment might appear delayed. This behavior is expected. Wait for the operation to complete before retrying or redeploying.
+    
 1. Do one of the following: 
     - If you have the **Entra ID Application Developer** role or higher, continue to the next step.
     - If you don't have the **Entra ID Application Developer** role or higher:
diff --git a/articles/site-recovery/includes/end-of-life-notes-windows-server-2008.md b/articles/site-recovery/includes/end-of-life-notes-windows-server-2008.md
@@ -4,10 +4,14 @@ title: include file
 description: include file with notes on end of life information for Windows Server 2008 and 2008 R2.
 author: Jeronika-MS
 ms.author: v-gajeronika
-ms.date: 02/27/2026
+ms.date: 04/15/2026
 ms.topic:  include
 ms.service: azure-site-recovery
 
 ---
 > [!NOTE]
-> Windows Server 2008 and Windows Server 2008 R2 have reached End of Support (EOS). For more information, see, [End of support for Windows Server 2008 and Windows Server 2008 R2](/troubleshoot/windows-server/windows-server-eos-faq/end-of-support-windows-server-2008-2008r2) and [Perform in-place upgrade to Windows Server 2016, 2019, 2022, or 2025](/azure/virtual-machines/windows-in-place-upgrade#perform-in-place-upgrade-to-windows-server-2016-2019-2022-or-2025). Review your usage and plan OS upgrades and migrations accordingly.
+> Windows Server 2008, 2008 R2, 2012 and 2012 R2 have reached End of Support (EOS). Review your usage and plan OS upgrades and migrations accordingly. For more information, see End of support for <br>
+>- [Windows Server 2008 and Windows Server 2008 R2](/troubleshoot/windows-server/windows-server-eos-faq/end-of-support-windows-server-2008-2008r2)
+>- [Windows Server 2012](/windows/release-health/status-windows-server-2012)
+>- [Windows Server 2012 R2](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br>
+>[Perform in-place upgrade to Windows Server 2016, 2019, 2022, or 2025](/azure/virtual-machines/windows-in-place-upgrade#perform-in-place-upgrade-to-windows-server-2016-2019-2022-or-2025).
diff --git a/articles/storage/blobs/access-tiers-overview.md b/articles/storage/blobs/access-tiers-overview.md
@@ -105,7 +105,12 @@ The creation time of a storage account, which is part of the account-level metad
 
 The **hot** access tier continues to have no minimum billable object size. To reduce potential cost impact, consider [packaging small objects into larger objects](access-tiers-best-practices.md#pack-small-files-before-moving-data-to-cooler-tiers) before moving data to cooler tiers, or using [smart tier](access-tiers-smart.md) to automatically keep small objects on the hot access tier.
 
-To support this change, the **Blob Capacity** metrics in the Azure portal will introduce new blob types: **BlockBlobSmall** and Azure **Data Lake Storage Small**.
+To support this change, the **Blob Capacity** metrics in the Azure portal will introduce new blob types: **BlockBlobSmall** and Azure **Azure Data Lake Storage Small**.
+
+> [!NOTE]
+> Customers with existing dashboards, alerts, cost reports, or automation that explicitly depend on the BlockBlob blob type should review and update those workflows accordingly.
+> 
+> Workflows that assume all block blobs are reported under the BlockBlob datatype may return incomplete or unexpected results once these new datatypes appear in capacity metrics.
 
 ## Default account access tier setting
 
