What's new in Azure Stack HCI, version 23H2

Applies to: Azure Stack HCI, version 23H2

This article lists the various features and improvements that are available in Azure Stack HCI, version 23H2.

Azure Stack HCI, version 23H2 is the latest version of the Azure Stack HCI solution. This version focuses on cloud-based deployment and updates, cloud-based monitoring, new and simplified experience for Arc VM management, security, and more. For an earlier version of Azure Stack HCI, see What's new in Azure Stack HCI, version 22H2.

There are 2 release trains for Azure Stack HCI, version 23H2: 2402 and 2311. The various features and improvements available for the releases included in these trains are discussed in the following sections.

The 2402 release train includes the following releases:

Features and improvements in 2402.1

This is primarily a bug fix release. See the Fixed issues list to understand the bug fixes.

Features and improvements in 2402

This section lists the new features and improvements in the 2402 release of Azure Stack HCI, version 23H2.

New built in security role

This release introduces a new Azure built-in role called Azure Resource Bridge Deployment Role, to harden the security posture for Azure Stack HCI, version 23H2. If you provisioned a cluster before January 2024, then you must assign the Azure Resource Bridge Deployment User role to the Arc Resource Bridge principal.

The role applies the concept of least amount of privileges and must be assigned to the service principal: clustername.arb before you update the cluster.

To take advantage of the constraint permissions, remove the permissions that were applied before. Follow the steps to Assign an Azure RBAC role via the portal. Search for and assign the Azure Resource Bridge Deployment role to the member: <deployment-cluster-name>-cl.arb.

An update health check is also included in this release that confirms that the new role is assigned before you apply the update.

Changes to Active Directory preparation

Beginning this release, the Active Directory preparation process is simplified. You can use your own existing process to create an Organizational Unit (OU), a user account with appropriate permissions, and with Group policy inheritance blocked for the Group Policy Object (GPO). You can also use the Microsoft provided script to create the OU. For more information, see Prepare Active Directory.

Region expansion

Azure Stack HCI, version 23H2 solution is now supported in Australia. For more information, see Azure Stack HCI supported regions.

New documentation for network considerations

We're also releasing new documentation that provides guidance on network considerations for the cloud deployment of Azure Stack HCI, version 23H2. For more information, see Network considerations for Azure Stack HCI.

Next steps