MicrosoftDocs
diff --git a/‎articles/azure-netapp-files/azure-netapp-files-create-volumes-smb.md
Lines changed: 14 additions & 5 deletions b/‎articles/azure-netapp-files/azure-netapp-files-create-volumes-smb.md
Lines changed: 14 additions & 5 deletions
diff --git a/‎articles/media/azure-netapp-files/azure-netapp-files-active-directory-sites-and-services.png renamed to ‎articles/media/azure-netapp-files/azure-netapp-files-active-directory-sites-services.png b/‎articles/media/azure-netapp-files/azure-netapp-files-active-directory-sites-and-services.png renamed to ‎articles/media/azure-netapp-files/azure-netapp-files-active-directory-sites-services.png
diff --git a/‎articles/media/azure-netapp-files/azure-netapp-files-join-active-directory.png
-9.74 KB b/‎articles/media/azure-netapp-files/azure-netapp-files-join-active-directory.png
-9.74 KB
@@ -13,7 +13,7 @@ ms.workload: storage
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
-ms.date: 04/30/2020
+ms.date: 05/19/2020
 ms.author: b-juche
 ---
 # Create an SMB volume for Azure NetApp Files
@@ -53,7 +53,7 @@ A subnet must be delegated to Azure NetApp Files.
     |    SAM/LSA            |    445       |    UDP           |
     |    w32time            |    123       |    UDP           |
 
-* The site topology for the targeted Active Directory Domain Services must adhere to best practices, in particular the Azure VNet where Azure NetApp Files is deployed.  
+* The site topology for the targeted Active Directory Domain Services must adhere to the guidelines, in particular the Azure VNet where Azure NetApp Files is deployed.  
 
     The address space for the virtual network where Azure NetApp Files is deployed must be added to a new or existing Active Directory site (where a domain controller reachable by Azure NetApp Files is). 
 
@@ -74,7 +74,7 @@ A subnet must be delegated to Azure NetApp Files.
 
     For example, if your Active Directory has only the AES-128 capability, you must enable the AES-128 account option for the user credentials. If your Active Directory has the AES-256 capability, you must enable the AES-256 account option (which also supports AES-128). If your Active Directory does not have any Kerberos encryption capability, Azure NetApp Files uses DES by default.  
 
-    You can enable the account options in the properties of the Active Directory Users and Computers MMC console:   
+    You can enable the account options in the properties of the Active Directory Users and Computers Microsoft Management Console (MMC):   
 
     ![Active Directory Users and Computers MMC](../media/azure-netapp-files/ad-users-computers-mmc.png)
 -->
@@ -93,7 +93,7 @@ You can use your preferred [Active Directory Sites and Services](https://docs.mi
 
 To find your site name when you use ADDS, you can contact the administrative group in your organization that is responsible for Active Directory Domain Services. The example below shows the Active Directory Sites and Services plugin where the site name is displayed: 
 
-![Active Directory Sites and Services](../media/azure-netapp-files/azure-netapp-files-active-directory-sites-and-services.png)
+![Active Directory Sites and Services](../media/azure-netapp-files/azure-netapp-files-active-directory-sites-services.png)
 
 When you configure an AD connection for Azure NetApp Files, you specify the site name in scope for the **AD Site Name** field.
 
@@ -147,11 +147,20 @@ This setting is configured in the **Active Directory Connections** under **NetAp
 
         The service will create additional machine accounts in Active Directory as needed.
 
+        > [!IMPORTANT] 
+        > Renaming the SMB server prefix after you create the Active Directory connection is disruptive. You will need to re-mount existing SMB shares after renaming the SMB server prefix.
+
     * **Organizational unit path**  
         This is the LDAP path for the organizational unit (OU) where SMB server machine accounts will be created. That is, OU=second level, OU=first level. 
 
         If you are using Azure NetApp Files with Azure Active Directory Domain Services, the organizational unit path is `OU=AADDC Computers` when you configure Active Directory for your NetApp account.
-        
+
+     * **Backup policy users**  
+        You can include additional accounts that require elevated privileges to the computer account created for use with Azure NetApp Files. The specified accounts will be allowed to change the NTFS permissions at the file or folder level. For example, you can specify a non-privileged service account used for migrating data to an SMB file share in Azure NetApp Files.  
+
+        > [!IMPORTANT] 
+        > Using the backup policy user feature requires whitelisting. Email [email protected] with your subscription ID to request this feature. 
+
     * Credentials, including your **username** and **password**
 
     ![Join Active Directory](../media/azure-netapp-files/azure-netapp-files-join-active-directory.png)