Merge pull request #2706 from MicrosoftDocs/copilot/update-azure-gen1-to-gen2

Remove preview language for Gen1 to Gen2 Trusted launch upgrade (GA announcement)

Author: prmerger-automator[bot]

articles/virtual-machines/generation-2.md

@@ -14,7 +14,7 @@ ms.author: ajkundna
 
 **Applies to:** :heavy_check_mark: Linux VMs :heavy_check_mark: Windows VMs :heavy_check_mark: Flexible scale sets :heavy_check_mark: Uniform scale sets
 
-Support for Generation 2 virtual machines (VMs) is now available on Azure. You can't change a virtual machine's generation after you've created it, so review the considerations on this page before you choose a generation.
+Support for Generation 2 virtual machines (VMs) is now available on Azure. You can also upgrade existing Generation 1 virtual machines to Generation 2 with Trusted launch. Review the considerations on this page and the [upgrade guidance](trusted-launch-existing-vm-gen-1.md) before choosing or upgrading a generation.
 
 Generation 2 VMs support key features that aren't supported in Generation 1 VMs. These features include increased memory, Intel Software Guard Extensions (Intel SGX), and virtualized persistent memory (vPMEM). Generation 2 VMs running on-premises, have some features that aren't supported in Azure yet. For more information, see the [Features and capabilities](#features-and-capabilities) section.
 
@@ -92,6 +92,8 @@ For more information, see [Trusted launch](trusted-launch.md).
 
 ## Creating a Generation 2 VM
 
+Alternatively, you can upgrade an existing Generation 1 VM to Generation 2 with Trusted launch. For more information, see [Upgrade existing Gen1 VMs to Gen2-Trusted launch](trusted-launch-existing-vm-gen-1.md).
+
 ### Azure Resource Manager Template
 To create a simple Windows Generation 2 VM, see [Create a Windows virtual machine from a Resource Manager template](./windows/ps-template.md)
 To create a simple Linux Generation 2 VM, see [How to create a Linux virtual machine with Azure Resource Manager templates](./linux/create-ssh-secured-vm-from-template.md)
@@ -208,7 +210,7 @@ You can also create Generation 2 VMs by using virtual machine scale sets. In the
     Yes.
 
 * **Can I migrate a VM from Generation 1 to Generation 2?**  
-    Azure Virtual Machines supports upgrading Generation 1 virtual machines (VM) to Generation 2 by upgrading to the [trusted launch security type](trusted-launch-existing-vm-gen-1.md). 
+    Azure Virtual Machines supports upgrading existing Generation 1 VMs to Generation 2 by upgrading to the Trusted launch security type. See [Upgrade existing Gen1 VMs to Gen2-Trusted launch](trusted-launch-existing-vm-gen-1.md) for steps and prerequisites. 
 
 * **Why is my VM size not enabled in the size selector when I try to create a Generation 2 VM?**
 
@@ -222,3 +224,5 @@ You can also create Generation 2 VMs by using virtual machine scale sets. In the
 Learn more about the [trusted launch](trusted-launch-portal.md) with Generation 2 VMs.
 
 Learn about [Generation 2 virtual machines in Hyper-V](/windows-server/virtualization/hyper-v/plan/should-i-create-a-generation-1-or-2-virtual-machine-in-hyper-v).
+
+[Upgrade an existing Gen1 VM to Gen2-Trusted launch](trusted-launch-existing-vm-gen-1.md).

articles/virtual-machines/trusted-launch-existing-vm-gen-1.md

@@ -3,7 +3,6 @@ title: Upgrade Gen1 VMs to Trusted launch
 description: Learn how to upgrade existing Azure Gen1 virtual machines (VMs) to Trusted launch.
 author: AjKundnani
 ms.author: ajkundna
-ms.reviewer: cynthn
 ms.service: azure-virtual-machines
 ms.subservice: trusted-launch
 ms.topic: how-to
@@ -20,7 +19,7 @@ Azure Virtual Machines supports upgrading Generation 1 virtual machines (VM) to
 
 [Trusted launch](trusted-launch.md) is a way to enable foundational compute security on [Azure Generation 2 VMs](generation-2.md) and protects against advanced and persistent attack techniques like boot kits and rootkits. It does so by combining infrastructure technologies like Secure Boot, virtual Trusted Platform Module (vTPM), and boot integrity monitoring on your VM.
 
-> [!NOTE]
+> [!IMPORTANT]
 >
 > Support for *Upgrade of Gen1 VMs to Gen2 without enabling Trusted launch* is **not supported**.
 

articles/virtual-machines/trusted-launch-existing-vm.md

@@ -24,7 +24,7 @@ Azure Virtual Machines supports enabling Azure Trusted launch on existing [Azure
 [Trusted launch](trusted-launch.md) is a way to enable foundational compute security on [Azure Generation 2 VMs](generation-2.md) and protects against advanced and persistent attack techniques like boot kits and rootkits. It does so by combining infrastructure technologies like Secure Boot, virtual Trusted Platform Module (vTPM), and boot integrity monitoring on your VM.
 
 > [!IMPORTANT]
-> Support for *enabling Trusted launch on existing Azure Generation 1 VMs* is currently in preview. Refer to [Upgrade existing Azure Gen1 VMs and enable Trusted launch](trusted-launch-existing-vm-gen-1.md).
+> Support for enabling Trusted launch on existing Azure Generation 1 VMs is available. Refer to [Upgrade existing Azure Gen1 VMs to Gen2-Trusted launch](trusted-launch-existing-vm-gen-1.md).
 
 ## Prerequisites
 

articles/virtual-machines/trusted-launch-portal.md

@@ -3,7 +3,6 @@ title: Deploy a Trusted Launch VM
 description: Deploy a VM that uses Trusted Launch.
 author: cynthn
 ms.author: cynthn
-ms.reviewer: jushiman
 ms.service: azure-virtual-machines
 ms.subservice: trusted-launch
 ms.topic: how-to
@@ -25,6 +24,7 @@ ms.custom:
 ## Prerequisites
 
 - We recommend that you [onboard your subscription to Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/?&ef_id=CjwKCAjwwsmLBhACEiwANq-tXHeKhV--teH6kIijnBTmP-PgktfvGr5zW9TAx00SR7xsGUc3sTj5sBoCkEoQAvD_BwE:G:s&OCID=AID2200277_SEM_CjwKCAjwwsmLBhACEiwANq-tXHeKhV--teH6kIijnBTmP-PgktfvGr5zW9TAx00SR7xsGUc3sTj5sBoCkEoQAvD_BwE:G:s&gclid=CjwKCAjwwsmLBhACEiwANq-tXHeKhV--teH6kIijnBTmP-PgktfvGr5zW9TAx00SR7xsGUc3sTj5sBoCkEoQAvD_BwE#overview) if it isn't already. Defender for Cloud has a free tier, which offers useful insights for various Azure and hybrid resources. With the absence of Defender for Cloud, Trusted Launch VM users can't monitor [boot integrity](boot-integrity-monitoring-overview.md) of VM.
+- If you have existing Generation 1 VMs, you can upgrade them to Generation 2 with Trusted launch. See [Upgrade existing Gen1 VMs to Gen2-Trusted launch](trusted-launch-existing-vm-gen-1.md).
 - Assign Azure policy initiatives to your subscription. These policy initiatives need to be assigned only once per subscription. Policies will help deploy and audit for Trusted Launch VMs while automatically installing all required extensions on all supported VMs.
    - Configure the Trusted Launch VMs' [built-in policy initiative](trusted-launch-portal.md#trusted-launch-built-in-policies).
    - Configure prerequisites to enable Guest Attestation on Trusted Launch-enabled VMs.
@@ -38,7 +38,7 @@ ms.custom:
 
 ## Deploy a Trusted Launch VM
 
-Create a VM with Trusted Launch enabled. Choose one of the following options.
+Choose one of the following options to create a new Trusted Launch VM.
 
 ### [Portal](#tab/portal)
 
@@ -556,7 +556,7 @@ Make sure that you're running the latest version of the Azure CLI.
 ---
 ## Trusted Launch built-in policies
 
-To help users adopt Trusted Launch, Azure policies are available to help resource owners adopt Trusted Launch. The main objective is to help convert Generation 1 and 2 VMs that are Trusted Launch capable.
+To help users adopt Trusted Launch, Azure policies are available to help resource owners adopt Trusted Launch. The main objective is to help convert Generation 1 and 2 VMs that are Trusted Launch capable. 
 
 The **Virtual machine should have Trusted launch enabled** single policy checks if the VM is currently enabled with Trusted Launch security configurations. The **Disks and OS supported for Trusted launch** policy checks if previously created VMs have the [capable Generation 2 OS and VM size](trusted-launch.md#virtual-machines-sizes) to deploy a Trusted Launch VM.
 
@@ -581,3 +581,5 @@ If the VM is running, you receive a message that the VM will restart. Select **Y
 
 Learn more about [Trusted Launch](trusted-launch.md) and [boot integrity monitoring](boot-integrity-monitoring-overview.md) VMs.
 
+If you have existing Gen1 VMs, you can upgrade them to Gen2-Trusted launch. For more information, see [Upgrade existing Gen1 VMs to Gen2-Trusted launch](trusted-launch-existing-vm-gen-1.md).
+

articles/virtual-machines/trusted-launch.md

@@ -21,6 +21,7 @@ Azure offers Trusted Launch as a seamless way to improve the security of [Genera
 > [!IMPORTANT]
 >
 > - Trusted Launch is the default state for newly created Azure Gen2 VM and scale sets. See the [Trusted Launch FAQs](trusted-launch-faq.md) if your new VM requires features that [aren't supported with Trusted launch](trusted-launch.md#unsupported-features).
+> - You can upgrade existing Azure Gen1 VMs to Gen2-Trusted launch to enable Secure Boot and vTPM. See [Upgrade existing Gen1 VMs to Gen2-Trusted launch](trusted-launch-existing-vm-gen-1.md).
 > - [Existing VM](overview.md) can have Trusted Launch enabled after being created. For more information, see [Enable Trusted Launch on existing VMs](trusted-launch-existing-vm.md).
 > - Existing [virtual machine scale set](../virtual-machine-scale-sets/overview.md) can have Trusted Launch enabled after being created. For more information, see [Enable Trusted Launch on existing scale set](trusted-launch-existing-vmss.md).