Refactor the hybrid capabilities article

azure-local/hybrid-capabilities-with-azure-services-23h2.md

@@ -1,26 +1,30 @@
 ---
-title: Hybrid capabilities with Azure services in Azure Local, version 23H2
-description: This article describes the cloud service components of Azure Local, version 23H2.
+title: Hybrid capabilities with Azure services in Azure Local
+description: Learn about the hybrid capabilities in Azure Local and how Azure services enabled by Azure Arc allow you to deploy workloads on Azure Local and manage infrastructure and VMs.
 ms.topic: overview
 author: alkohli
 ms.author: alkohli
-ms.date: 04/16/2025
+ms.date: 09/11/2025
 ms.custom: e2e-hybrid
 ---
 
-# Hybrid capabilities with Azure services in Azure Local
+# Hybrid capabilities enabled by Azure Arc in Azure Local
 
-[!INCLUDE [applies-to](./includes/hci-applies-to-23h2.md)]
+This article outlines the hybrid capabilities available in Azure Local and describes the distinct ways Azure Arc enables them.
 
-Your on-premises Azure Local solution integrates with Azure cloud via several cloud service components, such as Azure Local cloud service, Azure Arc, and other Azure hybrid services. This article describes the functionality provided by these cloud service components, and how they help provide hybrid capabilities to your Azure Local deployment.
+## Hybrid integration of Azure services with Azure Local
+
+Azure Local allows you to take advantage of both on-premises and cloud resources working together. By integrating with Azure services, you can natively monitor, secure, and back up your local environment to Azure. [Azure Arc](/azure/azure-arc/overview) plays a key role in this integration by extending the Azure control plane to your existing infrastructure. It enables you to run Azure-native workloads on Azure Local, and use Azure services to manage both infrastructure and VMs consistently.
+
+The following diagram shows how Azure Arc provides hybrid integration between Azure services and Azure Local:
 
 :::image type="content" source="media/hybrid-capabilities-with-azure-services-23h2/azure-stack-hci-solution.png" alt-text="The architecture diagram of the Azure Local solution, which shows the integration points between the on-premises Azure Local solution and Azure cloud." border="false" lightbox="media/hybrid-capabilities-with-azure-services-23h2/azure-stack-hci-solution.png":::
 
-## Azure Local cloud service
+## Hybrid capabilities in Azure Local
 
-The Azure Local cloud service in Azure is a key part of the Azure Local product offering. It includes standard Azure components, such as a resource provider in Azure Resource Manager and a UI extension in the Azure portal. These components enable access to Azure Local functionality via familiar Azure tools and UX, such as [Azure portal](manage/azure-portal.md), [Azure PowerShell](/powershell/module/az.stackhci/?view=azps-7.2.0&preserve-view=true), and [Azure CLI](/cli/azure/stack-hci?view=azure-cli-latest&preserve-view=true). The Azure Local cloud service also enables contextual navigation from an Azure Local resource to its Arc-enabled servers and Azure Local virtual machines (VMs) enabled by Azure Arc.
+With hybrid integration through Azure Arc, you can manage, monitor, secure, and update your on-premises Azure Local environment using familiar Azure tools, such as the [Azure portal](manage/azure-portal.md), [Azure PowerShell](/powershell/module/az.stackhci/?view=azps-7.2.0&preserve-view=true), and [Azure CLI](/cli/azure/stack-hci?view=azure-cli-latest&preserve-view=true).
 
-The Azure Local cloud service extends the hybrid capabilities for Azure Local by enabling the following cloud-based functionalities:
+Hybrid integration supports the following capabilities:
 
 - **Registration.** To enable hybrid capabilities, you must register every Azure Local that you intend to connect with Azure Arc. For more information, see [Register your machines and assign permissions for Azure Local deployment](deploy/deployment-arc-register-server-permissions.md).
 
@@ -44,29 +48,61 @@ The Azure Local cloud service extends the hybrid capabilities for Azure Local by
 
 - **Enhanced management.** You can perform enhanced management of your Azure Local from Azure. This feature is enabled by the Managed Identity created for your Azure Local resource that serves as the identity for the various components of your system. For more information, see [Enhanced management of Azure Local from Azure](manage/azure-enhanced-management-managed-identity.md).
 
-## Azure Arc on Azure Local
+## Workloads enabled by Azure Arc on Azure Local
+
+Azure Arc enables you to deploy and run many Azure-native workloads directly within your Azure local environments.
+
+The following table describes the workloads enabled by Azure Arc that are supported on Azure Local:
 
-Azure Arc simplifies governance and management by delivering a consistent management plane from Azure. To learn more about Azure Arc, see [Azure Arc overview](/azure/azure-arc/overview). For additional guidance regarding the different services Azure Arc offers, see [Choosing the right Azure Arc service for machines](/azure/azure-arc/choose-service).
+| Service | Description | Learn More |
+|--|--|--|
+| **Azure Local VMs enabled by Azure Arc** | Windows and Linux VMs hosted outside Azure, on your corporate network, running on Azure Local. | [Create Azure Local virtual machines enabled by Azure Arc](./manage/create-arc-virtual-machines.md) |
+| **Azure Kubernetes Service (AKS) enabled by Azure Arc** | AKS on Azure Local uses Azure Arc to create new Kubernetes clusters on Azure Local directly from Azure. It enables you to use familiar tools like the Azure portal, Azure CLI, and Azure Resource Manager templates to create and manage your Kubernetes clusters running on Azure Local. | [What's new in AKS on Azure Local](/azure/aks/hybrid/aks-whats-new-23h2) |
+| **Azure Virtual Desktop** | Azure Virtual Desktop for Azure Local lets you deploy Azure Virtual Desktop session hosts on your on-premises infrastructure. | [Deploy Azure Virtual Desktop](/azure/virtual-desktop/deploy-azure-virtual-desktop) |
+| **Azure IoT Operations (Preview)** | Provide description. | Provide a learn more link. |
+| **Container Apps (Preview)** | Provide description. | Provide a learn more link. |
+| **Logic Apps (Preview)** | Provide description. | Provide a learn more link. |
+| **SQL Server enabled by Azure Arc** | Run SQL Server and Storage Spaces Direct on Azure Local for a highly available, cost-efficient, and flexible platform. | [Deploy SQL Server on Azure Local](./deploy/sql-server-23h2.md)|
+| **SQL Managed Instance enabled by Azure Arc** | Provide description. | Provide a learn more link. |
+| **PostgreSQL enabled by Azure Arc** | Provide description. | Provide a learn more link. |
+| **Video Indexer** | Provide description. | Provide a learn more link. |
+| **Machine Learning** | Provide description. | Provide a learn more link. |
 
-Azure Local delivers hybrid value through the following Azure Arc technologies:
+## Services enabled by Azure Arc to manage Azure Local infrastructure
 
-- [**Arc-enabled servers.**](/azure/azure-arc/servers/overview) As part of the Azure Local deployment process, you must register every Azure Local that you intend to join with Azure Arc. For more information, see [Register your machines and assign permissions for Azure Local deployment](deploy/deployment-arc-register-server-permissions.md).
+Azure Arc simplifies governance and management of Azure Local infrastructure by delivering a consistent management plane from Azure. There are many services enabled by Azure Arc that you can use to monitor system health, enforce policies, automate updates, secure workloads, and ensure compliance.
 
-    You can install, upgrade, and manage Azure Arc extensions on Azure Local to run hybrid services like monitoring and Windows Admin Center in the Azure portal. For more information, see [Azure Arc extension management on Azure Local](manage/arc-extension-management.md).
+The following table describes Azure services enabled by Azure Arc that are used for managing Azure Local infrastructure:
 
-- **Azure Local VMs.** Azure Local VM management lets you provision and manage Windows and Linux VMs hosted in an on-premises Azure Local environment. Administrators can manage VMs on their Azure Local by using Azure management tools, including Azure portal, Azure CLI, Azure PowerShell, and Azure Resource Manager (ARM) templates. For more information, see [What is Azure Arc VM management?](manage/azure-arc-vm-management-overview.md).
+| Service | Description | Learn More |
+|--|--|--|
+| **Azure Update Manager** | Allows you to apply, view, and manage updates for each Azure Local instance across your infrastructure, including remote or branch offices. | [Use Azure Update Manager to update your Azure Local](update/azure-update-manager-23h2.md) |
+| **Azure Monitor** | Azure Local utilizes Azure Monitor tools, such as Insights, Metrics, Logs, Workbooks, and Alerts. These tools help collect data, analyze, and proactively respond to consistent or trending variances from your established baseline. |  [Overview of Azure Local monitoring](./concepts/monitoring-overview.md) |
+| **Microsoft Defender for Cloud (Preview)** | Protects Azure Local from cyber threats and vulnerabilities. The **Defender for Servers** plan offers enhanced security features, including alerts for individual machines and Azure Local VMs. | [Manage system security with Microsoft Defender for Cloud (preview)](./manage/manage-security-with-defender-for-cloud.md) |
+| **Microsoft Defender for Endpoints** | Provide description. | Provide a learn more link. |
+| **Azure Policy** | Enforces organizational standards and assesses compliance at scale. <br> - You can use Azure Policy in a disconnected Azure Local environment to enforce compliance and manage resources at scale. <br> - You can also use Azure Policy to enable Insights for monitoring Azure Local systems at scale.| - [Azure Policy](/azure/governance/policy/overview) <br> - [Use Azure Policy in a disconnected Azure Local environment](./manage/disconnected-operations-policy.md). <br> - [Enable Insights for Azure Local at scale using Azure policies](./manage/monitor-multi-azure-policies.md)|
+| **Azure Machine Configuration** | Enables auditing and configuring OS settings as code for machines and VMs. Provided by Azure Instance Metadata Service (IMDS) at no cost. | [Azure Machine configuration](/azure/governance/machine-configuration) |
+| **Configuration Management** | Adjust vCPU, memory, disks, NICs. Provide description. | Provide a learn more link. |
+| **Azure Key Vault** | This service appears in the diagram but not listed in the spreadsheet. Confirm if we should include it. If so, provide description.   | Provide a learn more link. |
+| **Azure File Sync** |This service appears in the diagram but not listed in the spreadsheet. Confirm if we should include it. If so, provide description.   | Provide a learn more link. |
 
-- [**Azure Kubernetes Service (AKS) enabled by Arc.**](/azure/aks/hybrid/) AKS on Azure Local uses Azure Arc to create new Kubernetes clusters on Azure Local directly from Azure. It enables you to use familiar tools like the Azure portal, Azure CLI, and Azure Resource Manager templates to create and manage your Kubernetes clusters running on Azure Local. For more information, see [What's new in AKS on Azure Local](/azure/aks/hybrid/aks-whats-new-23h2).
+## Services enabled by Azure Arc to manage Azure Local VMs
 
-## Other Azure hybrid services
+Administrators can manage Azure Local VMs enabled by Azure Arc on their Azure Local instances by using Azure management tools, including the Azure portal, the Azure CLI, Azure PowerShell, and [Azure Resource Manager](/azure/azure-resource-manager/management/overview) templates. For more information, see [What is Azure Local VM management?](./manage/azure-arc-vm-management-overview.md)
 
-In addition to hybrid functionality provided through Azure Arc, you can enable the following Azure services for other hybrid capabilities on Azure Local:
+For a complete list of Azure services enabled by Azure Arc to manage Azure Local VMs, see the table under [Comparison of VM management capabilities](./concepts/compare-vm-management-capabilities.md#comparison-of-vm-management-capabilities).
 
-- **Azure Backup.** With Microsoft Azure Backup Server (MABS) v3 UR2, you can back up Azure Local host (System State/BMR) and virtual machines (VMs) running on your Azure Local. To learn more about Azure Backup, see [Back up Azure Local virtual machines with MABS](/azure/backup/back-up-azure-stack-hyperconverged-infrastructure-virtual-machines).
+<!--The following services are not listed in the table in the "Compare management capabilities of VMs on Azure Local" article. Do we need to include them in the table?
 
-- **Azure Site Recovery.** With Azure Site Recovery support, you can continuously replicate VMs from Azure Local to Azure, as well as fail over and fail back. To learn more about Azure Site Recovery, see [Protect your Hyper-V Virtual Machines with Azure Site Recovery and Windows Admin Center](manage/azure-site-recovery.md).
+- Azure Backup. With Microsoft Azure Backup Server (MABS) v3 UR2, you can back up Azure Local host (System State/BMR) and virtual machines (VMs) running on your Azure Local. To learn more about Azure Backup, see [Back up Azure Local virtual machines with MABS](/azure/backup/back-up-azure-stack-hyperconverged-infrastructure-virtual-machines).
 
-- **Azure Update Manager.** Azure Update Manager is an Azure service that allows you to apply, view, and manage updates for each of your Azure Local instances. You can view each Azure Local across your entire infrastructure, or in remote or branch offices and update at scale. For more information, see [Use Azure Update Manager to update your Azure Local](update/azure-update-manager-23h2.md).
+- Azure Site Recovery. With Azure Site Recovery support, you can continuously replicate VMs from Azure Local to Azure, as well as fail over and fail back. To learn more about Azure Site Recovery, see [Protect your Hyper-V Virtual Machines with Azure Site Recovery and Windows Admin Center](manage/azure-site-recovery.md).
+- Defender for Servers
+- Defender for Endpoints
+- Microsoft Sentinel
+- Azure Migrate
+- Azure Policy
+- Domain Join-->
 
 ## Next steps