Merge pull request #2730 from MicrosoftDocs/main

Auto Publish – main to live - 2025-12-05 18:00 UTC

Author: learn-build-service-prod[bot]

articles/virtual-machines/generation-2.md

@@ -14,7 +14,7 @@ ms.author: ajkundna
 
 **Applies to:** :heavy_check_mark: Linux VMs :heavy_check_mark: Windows VMs :heavy_check_mark: Flexible scale sets :heavy_check_mark: Uniform scale sets
 
-Support for Generation 2 virtual machines (VMs) is now available on Azure. You can't change a virtual machine's generation after you've created it, so review the considerations on this page before you choose a generation.
+Support for Generation 2 virtual machines (VMs) is now available on Azure. You can also upgrade existing Generation 1 virtual machines to Generation 2 with Trusted launch. Review the considerations on this page and the [upgrade guidance](trusted-launch-existing-vm-gen-1.md) before choosing or upgrading a generation.
 
 Generation 2 VMs support key features that aren't supported in Generation 1 VMs. These features include increased memory, Intel Software Guard Extensions (Intel SGX), and virtualized persistent memory (vPMEM). Generation 2 VMs running on-premises, have some features that aren't supported in Azure yet. For more information, see the [Features and capabilities](#features-and-capabilities) section.
 
@@ -89,7 +89,6 @@ For more information, see [Trusted launch](trusted-launch.md).
 | [Azure disk encryption](../virtual-machines/disk-encryption-overview.md)             | :heavy_check_mark: | :heavy_check_mark:                |
 | [Server-side encryption](disk-encryption.md)            | :heavy_check_mark: | :heavy_check_mark: |
 
-
 ## Creating a Generation 2 VM
 
 ### Azure Resource Manager Template
@@ -158,6 +157,9 @@ You can create a Generation 2 VM from a managed image or managed disk in the sam
 
 You can also create Generation 2 VMs by using virtual machine scale sets. In the Azure CLI, use Azure scale sets to create Generation 2 VMs.
 
+> [!NOTE]
+> Alternatively, you can upgrade an existing Generation 1 VM to Generation 2 with Trusted launch. For more information, see [Upgrade existing Gen1 VMs to Gen2-Trusted launch](trusted-launch-existing-vm-gen-1.md).
+
 ## Frequently asked questions
 
 * **Are Generation 2 VMs available in all Azure regions?**  
@@ -208,7 +210,7 @@ You can also create Generation 2 VMs by using virtual machine scale sets. In the
     Yes.
 
 * **Can I migrate a VM from Generation 1 to Generation 2?**  
-    Azure Virtual Machines supports upgrading Generation 1 virtual machines (VM) to Generation 2 by upgrading to the [trusted launch security type](trusted-launch-existing-vm-gen-1.md). 
+    Azure Virtual Machines supports upgrading existing Generation 1 VMs to Generation 2 by upgrading to the Trusted launch security type. See [Upgrade existing Gen1 VMs to Gen2-Trusted launch](trusted-launch-existing-vm-gen-1.md) for steps and prerequisites. 
 
 * **Why is my VM size not enabled in the size selector when I try to create a Generation 2 VM?**
 
@@ -222,3 +224,5 @@ You can also create Generation 2 VMs by using virtual machine scale sets. In the
 Learn more about the [trusted launch](trusted-launch-portal.md) with Generation 2 VMs.
 
 Learn about [Generation 2 virtual machines in Hyper-V](/windows-server/virtualization/hyper-v/plan/should-i-create-a-generation-1-or-2-virtual-machine-in-hyper-v).
+
+[Upgrade an existing Gen1 VM to Gen2-Trusted launch](trusted-launch-existing-vm-gen-1.md).

articles/virtual-machines/migration/sizes/d-ds-dv2-dsv2-ls-series-migration-guide.md

@@ -80,6 +80,20 @@ Refer to the full [Azure VM resizing guide](/azure/virtual-machines/sizes/resize
 #### Q: Which Sizes Are Being Retired?
 To review retired sizes, see [retired Azure VM sizes](/azure/virtual-machines/sizes/retirement/retired-sizes-list).
 
+The following sizes are being retired by 15 November 2028.
+
+- F
+- Fs
+- Fsv2
+- Lsv2
+- G
+- Gs
+- Av2
+- Amv2
+- B-series 
+
+
+
 #### Q: Why Should I Migrate?
 
 If you are actively running any sizes listed in this article, these VMs are set to retire in 2028. Migration is mandatory to avoid unexpected shutdown. Additionally, migration yields the following benefits: 

articles/virtual-machines/trusted-launch-existing-vm-gen-1.md

@@ -3,7 +3,6 @@ title: Upgrade Gen1 VMs to Trusted launch
 description: Learn how to upgrade existing Azure Gen1 virtual machines (VMs) to Trusted launch.
 author: AjKundnani
 ms.author: ajkundna
-ms.reviewer: cynthn
 ms.service: azure-virtual-machines
 ms.subservice: trusted-launch
 ms.topic: how-to
@@ -20,7 +19,7 @@ Azure Virtual Machines supports upgrading Generation 1 virtual machines (VM) to
 
 [Trusted launch](trusted-launch.md) is a way to enable foundational compute security on [Azure Generation 2 VMs](generation-2.md) and protects against advanced and persistent attack techniques like boot kits and rootkits. It does so by combining infrastructure technologies like Secure Boot, virtual Trusted Platform Module (vTPM), and boot integrity monitoring on your VM.
 
-> [!NOTE]
+> [!IMPORTANT]
 >
 > Support for *Upgrade of Gen1 VMs to Gen2 without enabling Trusted launch* is **not supported**.
 

articles/virtual-machines/trusted-launch-existing-vm.md

@@ -24,7 +24,7 @@ Azure Virtual Machines supports enabling Azure Trusted launch on existing [Azure
 [Trusted launch](trusted-launch.md) is a way to enable foundational compute security on [Azure Generation 2 VMs](generation-2.md) and protects against advanced and persistent attack techniques like boot kits and rootkits. It does so by combining infrastructure technologies like Secure Boot, virtual Trusted Platform Module (vTPM), and boot integrity monitoring on your VM.
 
 > [!IMPORTANT]
-> Support for *enabling Trusted launch on existing Azure Generation 1 VMs* is currently in preview. Refer to [Upgrade existing Azure Gen1 VMs and enable Trusted launch](trusted-launch-existing-vm-gen-1.md).
+> Support for enabling Trusted launch on existing Azure Generation 1 VMs is available. Refer to [Upgrade existing Azure Gen1 VMs to Gen2-Trusted launch](trusted-launch-existing-vm-gen-1.md).
 
 ## Prerequisites
 

articles/virtual-machines/trusted-launch-portal.md

@@ -3,7 +3,6 @@ title: Deploy a Trusted Launch VM
 description: Deploy a VM that uses Trusted Launch.
 author: cynthn
 ms.author: cynthn
-ms.reviewer: jushiman
 ms.service: azure-virtual-machines
 ms.subservice: trusted-launch
 ms.topic: how-to
@@ -25,6 +24,7 @@ ms.custom:
 ## Prerequisites
 
 - We recommend that you [onboard your subscription to Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/?&ef_id=CjwKCAjwwsmLBhACEiwANq-tXHeKhV--teH6kIijnBTmP-PgktfvGr5zW9TAx00SR7xsGUc3sTj5sBoCkEoQAvD_BwE:G:s&OCID=AID2200277_SEM_CjwKCAjwwsmLBhACEiwANq-tXHeKhV--teH6kIijnBTmP-PgktfvGr5zW9TAx00SR7xsGUc3sTj5sBoCkEoQAvD_BwE:G:s&gclid=CjwKCAjwwsmLBhACEiwANq-tXHeKhV--teH6kIijnBTmP-PgktfvGr5zW9TAx00SR7xsGUc3sTj5sBoCkEoQAvD_BwE#overview) if it isn't already. Defender for Cloud has a free tier, which offers useful insights for various Azure and hybrid resources. With the absence of Defender for Cloud, Trusted Launch VM users can't monitor [boot integrity](boot-integrity-monitoring-overview.md) of VM.
+- If you have existing Generation 1 VMs, you can upgrade them to Generation 2 with Trusted launch. See [Upgrade existing Gen1 VMs to Gen2-Trusted launch](trusted-launch-existing-vm-gen-1.md).
 - Assign Azure policy initiatives to your subscription. These policy initiatives need to be assigned only once per subscription. Policies will help deploy and audit for Trusted Launch VMs while automatically installing all required extensions on all supported VMs.
    - Configure the Trusted Launch VMs' [built-in policy initiative](trusted-launch-portal.md#trusted-launch-built-in-policies).
    - Configure prerequisites to enable Guest Attestation on Trusted Launch-enabled VMs.
@@ -38,7 +38,7 @@ ms.custom:
 
 ## Deploy a Trusted Launch VM
 
-Create a VM with Trusted Launch enabled. Choose one of the following options.
+Choose one of the deployment methods to create a new Trusted launch VM
 
 ### [Portal](#tab/portal)
 
@@ -553,10 +553,12 @@ Make sure that you're running the latest version of the Azure CLI.
        -Location $location `
        -VM $vm
     ```
+
 ---
+
 ## Trusted Launch built-in policies
 
-To help users adopt Trusted Launch, Azure policies are available to help resource owners adopt Trusted Launch. The main objective is to help convert Generation 1 and 2 VMs that are Trusted Launch capable.
+To help users adopt Trusted Launch, Azure policies are available to help resource owners adopt Trusted Launch. The main objective is to help upgrade Generation 1 and 2 VMs that are Trusted launch capable.
 
 The **Virtual machine should have Trusted launch enabled** single policy checks if the VM is currently enabled with Trusted Launch security configurations. The **Disks and OS supported for Trusted launch** policy checks if previously created VMs have the [capable Generation 2 OS and VM size](trusted-launch.md#virtual-machines-sizes) to deploy a Trusted Launch VM.
 
@@ -565,6 +567,7 @@ These two policies come together to make the Trusted Launch policy initiative. T
 To learn more and start deploying, see [Trusted Launch built-in policies](/azure/governance/policy/samples/built-in-policies#trusted-launch).
 
 ---
+
 ## Verify or update your settings
 
 For VMs created with Trusted Launch enabled, you can view the Trusted Launch configuration by going to the **Overview** page for the VM in the Azure portal. The **Properties** tab shows the status of Trusted Launch features.
@@ -579,5 +582,5 @@ If the VM is running, you receive a message that the VM will restart. Select **Y
 
 ## Related content
 
-Learn more about [Trusted Launch](trusted-launch.md) and [boot integrity monitoring](boot-integrity-monitoring-overview.md) VMs.
-
+- Learn more about [Trusted Launch](trusted-launch.md) and [boot integrity monitoring](boot-integrity-monitoring-overview.md) VMs.
+- If you have existing VMs or VM scale sets, you can upgrade them to Gen2-Trusted launch. For more information, see [Upgrade existing Gen1 VMs to Gen2-Trusted launch](trusted-launch-existing-vm-gen-1.md), [Upgrade existing Gen2 VMs to Gen2-Trusted launch](trusted-launch-existing-vm.md), [Upgrade existing Gen1 or Gen2 VM scale sets to Gen2-Trusted launch](trusted-launch-existing-vmss.md)

articles/virtual-machines/trusted-launch.md

@@ -21,7 +21,8 @@ Azure offers Trusted Launch as a seamless way to improve the security of [Genera
 > [!IMPORTANT]
 >
 > - Trusted Launch is the default state for newly created Azure Gen2 VM and scale sets. See the [Trusted Launch FAQs](trusted-launch-faq.md) if your new VM requires features that [aren't supported with Trusted launch](trusted-launch.md#unsupported-features).
-> - [Existing VM](overview.md) can have Trusted Launch enabled after being created. For more information, see [Enable Trusted Launch on existing VMs](trusted-launch-existing-vm.md).
+> - You can upgrade existing Azure Gen1 VMs to Gen2-Trusted launch to enable Secure Boot and vTPM. See [Upgrade existing Gen1 VMs to Gen2-Trusted launch](trusted-launch-existing-vm-gen-1.md).
+> - [Existing VM](overview.md) can have Trusted Launch enabled after being created. For more information, see [Enable Trusted Launch on existing Gen2 VMs](trusted-launch-existing-vm.md).
 > - Existing [virtual machine scale set](../virtual-machine-scale-sets/overview.md) can have Trusted Launch enabled after being created. For more information, see [Enable Trusted Launch on existing scale set](trusted-launch-existing-vmss.md).
 
 ## Benefits