MicrosoftDocs
diff --git a/‎articles/backup/backup-azure-dataprotection-use-rest-api-backup-blobs.md
Lines changed: 92 additions & 25 deletions b/‎articles/backup/backup-azure-dataprotection-use-rest-api-backup-blobs.md
Lines changed: 92 additions & 25 deletions
diff --git a/‎articles/backup/backup-azure-dataprotection-use-rest-api-create-update-blob-policy.md
Lines changed: 90 additions & 2 deletions b/‎articles/backup/backup-azure-dataprotection-use-rest-api-create-update-blob-policy.md
Lines changed: 90 additions & 2 deletions
@@ -1,8 +1,8 @@
 ---
 title: Back up blobs in a storage account using Azure Data Protection REST API.
 description: In this article, learn how to configure, initiate, and manage backup operations of blobs using REST API.
-ms.topic: conceptual
-ms.date: 10/31/2022
+ms.topic: how-to
+ms.date: 05/30/2024
 ms.assetid: 7c244b94-d736-40a8-b94d-c72077080bbe
 ms.service: backup
 ms.custom: engagement-fy23
@@ -12,52 +12,47 @@ ms.author: v-abhmallick
 
 # Back up blobs in a storage account using Azure Data Protection via REST API
 
-Azure Backup enables you to easily configure operational backup for protecting block blobs in your storage accounts.
+Azure Backup enables you to easily configure backup for protecting block blobs in your storage accounts.
 
-This article describes how to configure backups for blobs in a storage account via REST API. Backup of blobs is configured at the storage account level. So, all blobs in the storage account are protected with operational backup.
-
-In this article, you'll learn about:
-
-> [!div class="checklist"]
-> - Prerequisites
-> - Configure backup
+This article describes how to configure backups for blobs in a storage account via REST API. Backup of blobs is configured at the storage account level. You can now perform [operational](blob-backup-overview.md?tabs=operational-backup) and [vaulted](blob-backup-overview.md?tabs=vaulted-backup) backups to protect block blobs in your storage accounts using Azure Backup.
 
 For information on the Azure blob region availability, supported scenarios and limitations, see the [support matrix](blob-backup-support-matrix.md).
 
 ## Prerequisites
 
+Before you back up blobs in a storage account using REST API, ensure that you:
+
 - [Create a Backup vault](backup-azure-dataprotection-use-rest-api-create-update-backup-vault.md)
 - [Create a blob backup policy](backup-azure-dataprotection-use-rest-api-create-update-blob-policy.md)
 
 ## Configure backup
 
 Once you create the vault and policy, you need to consider two critical points to protect all Azure Blobs within a storage account.
 
-### Key entities
-
-#### Storage account that contains the blobs for protection
+- Key entities
+- Permissions
 
-Fetch the Azure Resource Manager ID of the storage account which contains the blobs to be protected. This serves as the identifier of the storage account.
+### Key entities
 
-For example, we'll use a storage account named *msblobbackup*, under the resource group *RG-BlobBackup*, in a different subscription and in *west US*.
+- **Storage account containing the blobs to be protected**: Fetch the Azure Resource Manager ID of the storage account which contains the blobs to be protected. This serves as the identifier of the storage account.
 
-```http
-"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/RG-BlobBackup/providers/Microsoft.Storage/storageAccounts/msblobbackup"
-```
+  For example, we'll use a storage account named *msblobbackup*, under the resource group *RG-BlobBackup*, in a different subscription and in *west US*.
 
-#### Backup vault
+  ```http
+  "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/RG-BlobBackup/providers/Microsoft.Storage/storageAccounts/msblobbackup"
+  ```
 
-The Backup vault requires permissions on the storage account to enable backups on blobs present within the storage account. The system-assigned managed identity of the vault is used for assigning the permissions.
+- **Backup vault**: The Backup vault requires permissions on the storage account to enable backups on blobs present within the storage account. The system-assigned managed identity of the vault is used for assigning the permissions.
 
-For example, we'll use a backup vault called *testBkpVault* in *West US* region under *TestBkpVaultRG* resource group.
+  For example, we'll use a backup vault called *testBkpVault* in *West US* region under *TestBkpVaultRG* resource group.
 
 ### Assign permissions
 
-You need to assign a few permissions via Azure role-based access control (Azure RBAC) to vault (represented by vault Managed Service Identity) and the relevant storage account. You can do these via Azure portal, PowerShell, or REST API. Learn more about all [related permissions](blob-backup-configure-manage.md#grant-permissions-to-the-backup-vault-on-storage-accounts).
+You need to assign a few permissions via Azure role-based access control (Azure RBAC) to the created vault (represented by vault Managed Service Identity) and the relevant storage account. You can do these via Azure portal, PowerShell, or REST API. Learn more about all [related permissions](blob-backup-configure-manage.md#grant-permissions-to-the-backup-vault-on-storage-accounts).
 
-### Prepare the request to configure backup
+### Prepare the request to configure blob backup
 
-Once you set the relevant permissions to the vault and storage account, and configure the vault and policy, prepare the request to configure backup.
+Once the relevant permissions to the vault and storage account are set, and the vault and policy configuration are done, prepare the request to configure backup.
 
 The following is the request body to configure backup for all blobs within a storage account. The Azure Resource Manager ID (ARM ID) of the storage account and its details are mentioned in the *datasourceinfo* section and the policy information is present in the *policyinfo* section.
 
@@ -80,6 +75,44 @@ The following is the request body to configure backup for all blobs within a sto
   }
 }
 ```
+To configure backup with vaulted backup (preview) enabled, refer the below request body.
+
+```json
+{backupInstanceDataSourceType is Microsoft.Storage/storageAccounts/blobServices
+backupInstanceResourceType is Microsoft.Storage/storageAccounts
+{
+    "id": null,
+    "name": "{{backupInstanceName}}",
+    "type": "Microsoft.DataProtection/backupvaults/backupInstances",
+    "properties": {
+        "objectType": "BackupInstance",
+        "dataSourceInfo": {
+            "objectType": "Datasource",
+            "resourceID": "/subscriptions/{{backupInstanceSubscriptionId}}/resourceGroups/{{backupInstanceresourcegroup}}/providers/{{backupInstanceResourceType}}/{{backupInstanceName}}",
+            "resourceName": "{{backupInstanceName}}",
+            "resourceType": "{{backupInstanceResourceType}}",
+            "resourceUri": "/subscriptions/{{backupInstanceSubscriptionId}}/resourceGroups/{{backupInstanceRG}}/providers/{{backupInstanceResourceType}}/{{backupInstanceName}}",
+            "resourceLocation": "{{location}}",
+            "datasourceType": "{{backupInstanceDataSourceType}}"
+        },
+        "policyInfo": {
+            "policyId": "/subscriptions/{{subscription}}/resourceGroups/{{resourceGroup}}/providers/{{backupVaultRP}}/{{vaultName}}/backupPolicies/{{policyName}}",
+            "name": "{{policyName}}",
+            "policyVersion": "3.2",
+            "policyParameters": {
+                "dataStoreParametersList": [
+                ],
+                "backupDatasourceParametersList" : [
+                    {
+                        "objectType": "BlobBackupDatasourceParameters",
+                        "containersList": ["container1", "container2", "container3", "container4", "container5"]
+                    }
+                ]
+            }
+        }
+    }
+}
+```
 
 ### Validate the request to configure backup
 
@@ -97,7 +130,7 @@ For example, this translates to:
 POST https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/TestBkpVaultRG/providers/Microsoft.DataProtection/backupVaults/testBkpVault/validateForBackup?api-version=2021-01-01
 ```
 
-The [request body](#prepare-the-request-to-configure-backup) that you prepared earlier is used to give the details of the storage account to be protected.
+The [request body](#prepare-the-request-to-configure-blob-backup) that you prepared earlier is used to give the details of the storage account to be protected.
 
 #### Example request body
 
@@ -120,6 +153,40 @@ The [request body](#prepare-the-request-to-configure-backup) that you prepared e
   }
 }
 ```
+#### Example request body for vaulted backup (preview)
+
+```json
+{
+    "objectType": "ValidateForBackupRequest",
+    "backupInstance": {
+        "objectType": "BackupInstance",
+        "dataSourceInfo": {
+            "objectType": "Datasource",
+            "resourceID": "/subscriptions/{{backupInstanceSubscriptionId}}/resourceGroups/{{backupInstanceRG}}/providers/{{backupInstanceResourceType}}/{{backupInstanceName}}",
+            "resourceName": "{{backupInstanceName}}",
+            "resourceType": "{{backupInstanceResourceType}}",
+            "resourceUri": "/subscriptions/{{backupInstanceSubscriptionId}}/resourceGroups/{{backupInstanceRG}}/providers/{{backupInstanceResourceType}}/{{backupInstanceName}}",
+            "resourceLocation": "{{location}}",
+            "datasourceType": "{{backupInstanceDataSourceType}}"
+        },
+        "policyInfo": {
+            "policyId": "/subscriptions/{{subscription}}/resourceGroups/{{resourceGroup}}/providers/{{backupVaultRP}}/{{vaultName}}/backupPolicies/{{policyName}}",
+            "name": "{{policyName}}",
+            "policyVersion": "3.2",
+            "policyParameters": {
+                "dataStoreParametersList": [
+                ] ,
+                "backupDatasourceParametersList" : [
+                    {
+                        "objectType": "BlobBackupDatasourceParameters",
+                        "containersList": ["container1", "container2", "container3", "container4", "container5"]
+                    }
+                ]
+            }
+        }
+    }
+}
+```
 
 #### Responses for validate backup request
 
 
@@ -2,7 +2,7 @@
 title: Create Azure Backup policies for blobs using data protection REST API
 description: In this article, you'll learn how to create and manage backup policies for blobs using REST API.
 ms.topic: how-to
-ms.date: 10/28/2022
+ms.date: 05/30/2024
 ms.assetid: 472d6a4f-7914-454b-b8e4-062e8b556de3
 ms.service: backup
 ms.custom: engagement-fy23
@@ -12,6 +12,8 @@ ms.author: v-abhmallick
 
 # Create Azure Data Protection backup policies for blobs using REST API
 
+This article describes how to create Azure Data Protection backup policies for Azure Blobs using REST API.
+
 Azure Backup policy typically governs the retention and schedule of your backups. As operational backup for blobs is continuous in nature, you don't need a schedule to perform backups. The policy is essentially needed to specify the retention period. You can reuse the backup policy to configure backup for multiple storage accounts to a vault.
 
 > [!IMPORTANT]
@@ -60,7 +62,7 @@ The following request body defines a backup policy for blob backups.
 The policy says:
 
 - Retention period is 30 days.
-- Datastore is 'operational store' since the backups are local and no data is stored in the Backup vault.
+- Datastore is 'operational store'.
 
 ```json
 {
@@ -92,6 +94,92 @@ The policy says:
 }
 ```
 
+To configure a backup policy with the vaulted backup (preview), use the following JSON script:
+
+```json
+{
+  "id": "/subscriptions/495944b2-66b7-4173-8824-77043bb269be/resourceGroups/Blob-Backup/providers/Microsoft.DataProtection/BackupVaults/yavovaultecy01/backupPolicies/TestPolicy",
+  "name": "TestPolicy",
+  "type": "Microsoft.DataProtection/BackupVaults/backupPolicies",
+  "properties": {
+    "policyRules": [
+      {
+        "name": "Default",
+        "objectType": "AzureRetentionRule",
+        "isDefault": true,
+        "lifecycles": [
+          {
+            "deleteAfter": {
+              "duration": "P30D",
+              "objectType": "AbsoluteDeleteOption"
+            },
+            "sourceDataStore": {
+              "dataStoreType": "OperationalStore",
+              "objectType": "DataStoreInfoBase"
+            },
+            "targetDataStoreCopySettings": []
+          }
+        ]
+      },
+      {
+        "name": "Default",
+        "objectType": "AzureRetentionRule",
+        "isDefault": true,
+        "lifecycles": [
+          {
+            "deleteAfter": {
+              "duration": "P7D",
+              "objectType": "AbsoluteDeleteOption"
+            },
+            "sourceDataStore": {
+              "dataStoreType": "VaultStore",
+              "objectType": "DataStoreInfoBase"
+            },
+            "targetDataStoreCopySettings": []
+          }
+        ]
+      },
+      {
+        "name": "BackupDaily",
+        "objectType": "AzureBackupRule",
+        "backupParameters": {
+          "backupType": "Discrete",
+          "objectType": "AzureBackupParams"
+        },
+        "dataStore": {
+          "dataStoreType": "VaultStore",
+          "objectType": "DataStoreInfoBase"
+        },
+        "trigger": {
+          "schedule": {
+            "timeZone": "UTC",
+            "repeatingTimeIntervals": [
+              "R/2024-05-08T14:00:00+00:00/P1D"
+            ]
+          },
+          "taggingCriteria": [
+            {
+              "isDefault": true,
+              "taggingPriority": 99,
+              "tagInfo": {
+                "id": "Default_",
+                "tagName": "Default"
+              }
+            }
+          ],
+          "objectType": "ScheduleBasedTriggerContext"
+        }
+      }
+    ],
+    "datasourceTypes": [
+      "Microsoft.Storage/storageAccounts/blobServices"
+    ],
+    "objectType": "BackupPolicy",
+    "name": "TestPolicy"
+  }
+} 
+```
+
 > [!IMPORTANT]
 > The supported time formats is *DateTime* only. They don't support *Time* format alone.