diff --git a/NoticeOnUpgradeTov7.0.md b/NoticeOnUpgradeTov7.0.md
index 3b828648..02dfae0d 100644
--- a/NoticeOnUpgradeTov7.0.md
+++ b/NoticeOnUpgradeTov7.0.md
@@ -30,3 +30,17 @@ In v6.0, `default_node_pool.linux_os_config` block won't be added to `azurerm_ku
 ## Remove unused net_profile_docker_bridge_cidr
 
 `var.net_profile_docker_bridge_cidr` has been [deprecated](https://github.com/hashicorp/terraform-provider-azurerm/issues/18119) and is not used in the module anymore and has been removed.
+
+## Add `create_before_destroy=true` to node pools #357
+
+Now `azurerm_kubernetes_cluster_node_pool.node_pool` resource has `create_before_destroy=true` to avoid downtime when upgrading node pools. Users must be aware that there would be a "random" suffix added into pool's name, this suffix's length is `4`, so your previous node pool's name `nodepool1` would be `nodepool1xxxx`. This suffix is calculated from node pool's config, the same configuration would lead to the same suffix. You might need to shorten your node pool's name because of this new added suffix.
+
+To enable this feature, we've also added new `null_resource.pool_name_keeper` to track node pool's name in case you've changed the name.
+
+## Check `api_server_authorized_ip_ranges` when `public_network_access_enabled` is `true` #361
+
+As the [document](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#public_network_access_enabled) described:
+
+>When `public_network_access_enabled` is set to true, `0.0.0.0/32` must be added to `authorized_ip_ranges` in the `api_server_access_profile block`.
+
+We'll add `api_server_access_profile` nested block after AzureRM provider's v4.0, but starting from v7.0 we'll enforce such pre-condition check.
\ No newline at end of file