Merge pull request #42466 from github/repo-sync

docs-bot · web-flow · commit 5ec792c45285 · 2026-01-20T07:38:45.000-08:00
Repo sync
diff --git a/content/actions/how-tos/manage-runners/self-hosted-runners/monitor-and-troubleshoot.md b/content/actions/how-tos/manage-runners/self-hosted-runners/monitor-and-troubleshoot.md
@@ -116,6 +116,11 @@ export GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY=1
 > [!WARNING]
 > Disabling TLS verification is not recommended since TLS provides privacy and data integrity between the self-hosted runner application and {% data variables.product.github %}. We recommend that you install the {% data variables.product.github %} certificate in the operating system certificate store for your self-hosted runner. For guidance on how to install the {% data variables.product.github %} certificate, check with your operating system vendor.
 
+{% ifversion fpt or ghec %}
+> [!NOTE]
+> For {% data variables.actions.github_hosted_larger_runners %} using Azure private networking, see the TLS interception requirements in [AUTOTITLE](/organizations/managing-organization-settings/configuring-private-networking-for-github-hosted-runners-in-your-organization#prerequisites).
+{% endif %}
+
 ## Reviewing the self-hosted runner application log files
 
 You can monitor the status of the self-hosted runner application and its activities. Log files are kept in the `_diag` directory where you installed the runner application, and a new log is generated each time the application is started. The filename begins with `Runner_`, and is followed by a UTC timestamp of when the application was started.
diff --git a/data/reusables/actions/azure-vnet-procedures-prereqs.md b/data/reusables/actions/azure-vnet-procedures-prereqs.md
@@ -8,6 +8,10 @@ You will use a script to automate configuring your Azure resources.
 
 * To ensure resource availability/data residency, resources must be created in the same Azure region.
 
+* Outbound network traffic from the subnet **must not** be subject to TLS interception as our Virtual Machines will not be configured to trust intermediate certificates that your network uses to perform TLS interception. For more details, see [Certificates used by Azure Firewall Premium](https://learn.microsoft.com/en-us/azure/firewall/premium-certificates#certificates-used-by-azure-firewall-premium) in the Microsoft documentation.
+   
+   If you need to use TLS interception, you can install intermediate certificates via a custom image. See [AUTOTITLE](/actions/how-tos/manage-runners/larger-runners/use-custom-images).
+
 * Save the following `.bicep` file. Name the file `actions-nsg-deployment.bicep`.
 
   The `.bicep` file we provide contains the minimal set of rules to use {% data variables.product.company_short %}-hosted runners with Azure VNET. You may need to add rules for your specific use case.
