diff --git a/cSpell.json b/cSpell.json
index 365c88ef064e..b82b4b81f76c 100644
--- a/cSpell.json
+++ b/cSpell.json
@@ -177,6 +177,13 @@
                 "Noreuse"
             ]
         },
+        {
+            "filename": "**/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/**/*json",
+            "words": [
+                "vtpm",
+                "trustedlaunch"
+            ]
+        },
         {
             "filename": "**/specification/containerregistry/data-plane/Microsoft.ContainerRegistry/preview/2018-08-10/containerregistry.json",
             "words": [
diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json
index 2fe595857a63..659d7923c409 100644
--- a/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json
+++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json
@@ -7146,6 +7146,14 @@
         "sshAccess": {
           "$ref": "#/definitions/AgentPoolSSHAccess",
           "description": "SSH access method of an agent pool."
+        },
+        "enableVTPM": {
+          "type": "boolean",
+          "description": "vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false."
+        },
+        "enableSecureBoot": {
+          "type": "boolean",
+          "description": "Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and drivers can boot. For more details, see aka.ms/aks/trustedlaunch.  If not specified, the default is false."
         }
       },
       "description": "The security settings of an agent pool."