MicrosoftDocs
diff --git a/‎articles/backup/backup-azure-arm-restore-vms.md
Lines changed: 15 additions & 1 deletion b/‎articles/backup/backup-azure-arm-restore-vms.md
Lines changed: 15 additions & 1 deletion
diff --git a/‎articles/backup/backup-azure-vm-backup-faq.yml
Lines changed: 24 additions & 5 deletions b/‎articles/backup/backup-azure-vm-backup-faq.yml
Lines changed: 24 additions & 5 deletions
diff --git a/‎articles/backup/backup-azure-vms-troubleshoot.md
Lines changed: 66 additions & 2 deletions b/‎articles/backup/backup-azure-vms-troubleshoot.md
Lines changed: 66 additions & 2 deletions
@@ -3,7 +3,7 @@ title: Restore VMs by using the Azure portal
 description: Restore an Azure virtual machine from a recovery point by using the Azure portal, including the Cross Region Restore feature.
 ms.reviewer: geg
 ms.topic: conceptual
-ms.date: 03/23/2022
+ms.date: 09/07/2022
 author: v-amallick
 ms.service: backup
 ms.author: v-amallick
@@ -22,6 +22,8 @@ Azure Backup provides several ways to restore a VM.
 **Restore disk** | Restores a VM disk, which can then be used to create a new VM.<br/><br/> Azure Backup provides a template to help you customize and create a VM. <br/><br> The restore job generates a template that you can download and use to specify custom VM settings, and create a VM.<br/><br/> The disks are copied to the Resource Group you specify.<br/><br/> Alternatively, you can attach the disk to an existing VM, or create a new VM using PowerShell.<br/><br/> This option is useful if you want to customize the VM, add configuration settings that weren't there at the time of backup, or add settings that must be configured using the template or PowerShell.
 **Replace existing** | You can restore a disk, and use it to replace a disk on the existing VM.<br/><br/> The current VM must exist. If it's been deleted, this option can't be used.<br/><br/> Azure Backup takes a snapshot of the existing VM before replacing the disk, and stores it in the staging location you specify. Existing disks connected to the VM are replaced with the selected restore point.<br/><br/> The snapshot is copied to the vault, and retained in accordance with the retention policy. <br/><br/> After the replace disk operation, the original disk is retained in the resource group. You can choose to manually delete the original disks if they aren't needed. <br/><br/>Replace existing is supported for unencrypted managed VMs, including VMs [created using custom images](https://azure.microsoft.com/resources/videos/create-a-custom-virtual-machine-image-in-azure-resource-manager-with-powershell/). It's unsupported for classic VMs, unmanaged VMs, and [generalized VMs](../virtual-machines/windows/upload-generalized-managed.md).<br/><br/> If the restore point has more or less disks than the current VM, then the number of disks in the restore point will only reflect the VM configuration.<br><br> Replace existing is also supported for VMs with linked resources, like [user-assigned managed-identity](../active-directory/managed-identities-azure-resources/overview.md) or [Key Vault](../key-vault/general/overview.md).
 **Cross Region (secondary region)** | Cross Region restore can be used to restore Azure VMs in the secondary region, which is an [Azure paired region](../availability-zones/cross-region-replication-azure.md).<br><br> You can restore all the Azure VMs for the selected recovery point if the backup is done in the secondary region.<br><br> During the backup, snapshots aren't replicated to the secondary region. Only the data stored in the vault is replicated. So secondary region restores are only [vault tier](about-azure-vm-restore.md#concepts) restores. The restore time for the secondary region will be almost the same as the vault tier restore time for the primary region.  <br><br> This feature is available for the options below:<br><br> - [Create a VM](#create-a-vm) <br> - [Restore Disks](#restore-disks) <br><br> We don't currently support the [Replace existing disks](#replace-existing-disks) option.<br><br> Permissions<br> The restore operation on secondary region can be performed by Backup Admins and App admins.
+**Cross Subscription Restore** | Allows you to restore Azure Virtual Machines or disks to any subscription (as per the Azure RBAC capabilities) from restore points.  <br><br>   You can trigger Cross Subscription Restore for managed virtual machines only. <br><br> Cross Subscription Restore is currently enabled only in [standard policy](backup-during-vm-creation.md#create-a-vm-with-backup-configured) from Vault tier. It's also supported for [Restore with Managed System Identities (MSI)](backup-azure-arm-restore-vms.md#restore-vms-with-managed-identities). <br><br> It's unsupported from [snapshots](backup-azure-vms-introduction.md#snapshot-creation) and [secondary region](backup-azure-arm-restore-vms.md#restore-in-secondary-region) restores. <br><br>  It's unsupported for [Encrypted Azure VMs](backup-azure-vms-introduction.md#encryption-of-azure-vm-backups) and [Trusted Launch VMs](backup-support-matrix-iaas.md#tvm-backup).
+
 
 >[!Tip]
 >To receive alerts/notifications when a restore operation fails, use [Azure Monitor alerts for Azure Backup](backup-azure-monitoring-built-in-monitor.md#azure-monitor-alerts-for-azure-backup). This helps you to monitor such failures and take necessary actions to remediate the issues.
@@ -93,6 +95,14 @@ As one of the [restore options](#restore-options), you can create a VM quickly w
 
     ![Restore configuration wizard - choose restore options](./media/backup-azure-arm-restore-vms/recovery-configuration-wizard1.png)
 
+1. Choose the required subscription from the **Subscription** drop-down list to restore an Azure VM to a different subscription.
+
+   Azure Backup now supports Cross Subscription Restore (CSR), you can now restore an Azure VM using a recovery point from default subscription to another. Default subscription is the subscription where recovery point is available.
+
+   The following screenshot lists all subscriptions under the tenant where you've permissions, which enable you to restore the Azure VM to another subscription.
+
+   :::image type="content" source="./media/backup-azure-arm-restore-vms/backup-azure-cross-subscription-restore.png" alt-text="Screenshot showing the list of all subscriptions under the tenant where you have permissions.":::
+
 1. Select **Restore** to trigger the restore operation.
 
 >[!Note]
@@ -112,6 +122,10 @@ As one of the [restore options](#restore-options), you can create a disk from a
 
    :::image type="content" source="./media/backup-azure-arm-restore-vms/trigger-restore-operation-disks.png" alt-text="Screenshot showing to select Resource disks.":::
 
+1. Choose the required subscription from the **Subscription** drop-down list to restore the VM disks to a different subscription.
+
+   Azure Backup now supports Cross Subscription Restore (CSR). Like Azure VM, you can now restore Azure VM disks using a recovery point from default subscription to another. Default subscription is the subscription where recovery point is available.
+
 1. Select **Restore** to trigger the restore operation.
 
 When your virtual machine uses managed disks and you select the **Create virtual machine** option, Azure Backup doesn't use the specified storage account. In the case of **Restore disks** and **Instant Restore**, the storage account is used only for storing the template. Managed disks are created in the specified resource group. When your virtual machine uses unmanaged disks, they're restored as blobs to the storage account.
 
@@ -4,7 +4,7 @@ metadata:
   description: In this article, discover answers to common questions about backing up Azure VMs with the Azure Backup service.
   ms.topic: faq
   ms.service: backup
-  ms.date: 07/19/2022
+  ms.date: 09/07/2022
   author: v-amallick
   ms.author: v-amallick
 
@@ -234,7 +234,26 @@ sections:
           Microsoft Windows allows a VM name that has maximum of 15 characters. Also, you can't specify a DNS host name that differs from the *NETBIOS* host name. However, you can create host headers for a website hosted on an Azure VM with the name as per recommendation.
 
           Learn more about the [VM naming convention limitations for Azure VMs](/troubleshoot/windows-server/identity/naming-conventions-for-computer-domain-site-ou).
-          
+
+      - question: Can I restore an Azure Virtual Machine in a different subscription?
+        answer: |
+          Yes, [Cross Subscription Restore now](backup-azure-arm-restore-vms.md#restore-options) allows you to restore Azure VMs from a recovery point in one subscription to another under tenant as per Azure role-based access control (Azure RBAC) rules. Cross Subscription Restore is only supported from vault tier and not from [snapshots](backup-azure-vms-introduction.md#snapshot-creation).
+
+      - question: Does Cross Subscription Restore support all Azure VM?
+        answer: |
+          No, it's unsupported for [Encrypted Azure VMs](backup-azure-vms-introduction.md#encryption-of-azure-vm-backups) and [Trusted Launch VMs](backup-support-matrix-iaas.md#tvm-backup).
+
+      - question: Can I use Azure VM snapshots to restore in another subscription?
+        answer: |
+          No, [Cross Subscription Restore](backup-azure-arm-restore-vms.md#restore-options) is only supported from vault tier and not from [snapshots](backup-azure-vms-introduction.md#snapshot-creation).
+
+      - question: Can I perform Cross Subscription Restore for Azure VMs running in secondary regions?
+        answer: |
+          No, [Cross Subscription Restore](backup-azure-arm-restore-vms.md#restore-options) does not support restore from [secondary regions](backup-azure-arm-restore-vms.md#restore-in-secondary-region).
+
+      - question: Can I use Enhanced policy for Cross Subscription Restore?
+        answer: |
+          No, [Cross subscription Restore](backup-azure-arm-restore-vms.md#restore-options) is currently enabled only in [standard policy](backup-during-vm-creation.md#create-a-vm-with-backup-configured).
 
   - name: Manage VM backups
     questions:
@@ -281,13 +300,13 @@ sections:
 
           One way to view the retention settings for your backups, is to navigate to the backup item [dashboard](./backup-azure-manage-vms.md#view-vms-on-the-dashboard) for your VM, in the Azure portal. Selecting the link to its backup policy helps you view the retention duration of all the daily, weekly, monthly and yearly retention points associated with the VM.
 
-          You can also use [Backup Explorer](./monitor-azure-backup-with-backup-explorer.md) to view the retention settings for all your VMs within a single pane of glass. Go to Backup Explorer from any Recovery Services vault, go to the **Backup Items** tab and select the Advanced View to see detailed retention information for each VM.
+          You can also use [Backup Explorer](./monitor-azure-backup-with-backup-explorer.md) to view the retention settings for all your VMs within a single pane of glass. Go to the Backup Explorer from any Recovery Services vault, go to the **Backup Items** tab and select the Advanced View to see detailed retention information for each VM.
       - question: When the snapshot is moved from a storage account to a vault, how is encryption in the transit managed?
         answer: Azure VM Backup uses [HTTPS communication for encryption in transit](guidance-best-practices.md#encryption-of-data-in-transit-and-at-rest). The data transfer uses Azure fabric (and not public endpoints), which do not need Internet access for VM backup.
 
       - question: How can I disable the File Recovery option?
         answer: |
-          [This API](/rest/api/backup/item-level-recovery-connections/provision) provisions a script for invoking an **iSCSI connection** for file recovery from Azure Backup.
+          [This API](/rest/api/backup/item-level-recovery-connections/provision) provision a script for invoking an **iSCSI connection** for file recovery from Azure Backup.
           - You can disable this option using **custom role-definitions** by excluding API action.
           - You can also use the [private endpoints](private-endpoints.md) to restrict access to the iSCSI server from within the private network.
           - You can also disable this option across an organization using the [deny assignment](../role-based-access-control/deny-assignments.md) feature.
@@ -326,7 +345,7 @@ sections:
 
       - question: How do I manage key rotations? How to ensure which key is used during backup and if it’s present to be used with the restored VM?
         answer: |
-          Azure Backup backs up the secrets and KEK data of the key version during backup, and restores the same. However, booting ADE VMs with older version keys is also possible.
+          Azure Backup backs up the secrets and KEK data of the key version during backup, and restores the same. However, booting ADE VMs with older version keys are also possible.
 
 
 
 
@@ -3,7 +3,7 @@ title: Troubleshoot backup errors with Azure VMs
 description: In this article, learn how to troubleshoot errors encountered with backup and restore of Azure virtual machines.
 ms.reviewer: srinathv
 ms.topic: troubleshooting
-ms.date: 07/04/2022
+ms.date: 09/07/2022
 author: v-amallick
 ms.service: backup
 ms.author: v-amallick
@@ -233,7 +233,7 @@ If you see permissions in the **MachineKeys** directory that are different than
    * Under **Personal** > **Certificates**, delete all certificates where **Issued To** is the classic deployment model or **Windows Azure CRP Certificate Generator**.
 3. Trigger a VM backup job.
 
-### ExtensionStuckInDeletionState - Extension state is not supportive to backup operation
+### ExtensionStuckInDeletionState - Extension state is not supportive to the backup operation
 
 Error code: ExtensionStuckInDeletionState <br/>
 Error message: Extension state is not supportive to the backup operation
@@ -408,6 +408,70 @@ To resolve this issue:
 >- With a different name than the original one, **or**
 >- In a different resource group with the same name.
 
+#### UserErrorCrossSubscriptionRestoreNotSuppportedForOLR  
+
+**Error code**: UserErrorCrossSubscriptionRestoreNotSuppportedForOLR 
+
+**Error message**: Operation failed as Cross Subscription Restore is not supported for Original Location Recovery.
+
+**Resolution**: Ensure that you [select Create New/ Restore Disk](backup-azure-arm-restore-vms.md#restore-disks) for restore operation.
+
+#### UserErrorCrossSubscriptionRestoreNotSuppportedForUnManagedAzureVM   
+
+**Error code**: UserErrorCrossSubscriptionRestoreNotSuppportedForUnManagedAzureVM  
+
+**Error message**: Operation failed as Cross Subscription Restore is not supported for Azure VMs with Unmanaged Disks.
+
+**Resolution**: Perform standard restores within the same subscription instead.
+
+#### UserErrorCrossSubscriptionRestoreNotSuppportedForCRR
+
+**Error code**: UserErrorCrossSubscriptionRestoreNotSuppportedForCRR  
+
+**Error message**: Operation failed as Cross Subscription Restore is not supported along-with Cross Region Restore.
+
+**Resolution**: Use either Cross Subscription Restore' or Cross Region Restore.  
+  
+#### UserErrorCrossSubscriptionRestoreNotSuppportedFromSnapshot  
+
+**Error code**: UserErrorCrossSubscriptionRestoreNotSuppportedFromSnapshot 
+
+**Error message**: Operation failed as Cross Subscription Restore is not supported when restoring from a Snapshot recovery point.
+
+**Resolution**: Select a different recovery point where Tier 2 (Vault-Tier) is available. 
+  
+#### UserErrorCrossSubscriptionRestoreInvalidTenant  
+
+**Error code**: UserErrorCrossSubscriptionRestoreInvalidTenant 
+
+**Error message**: Operation failed as the tenant IDs for source and target subscriptions don't match.
+
+**Resolution**: Ensure that the source and target subscriptions belong to the same tenant.
+
+#### UserErrorCrossSubscriptionRestoreInvalidTargetSubscription  
+
+**Error code**: UserErrorCrossSubscriptionRestoreInvalidTargetSubscription 
+
+**Error message**: Operation failed as the target subscription specified for restore is not registered to the Azure Recovery Services Resource Provider.  
+
+**Resolution**:  Ensure the target subscription is registered to the Recovery Services Resource Provider before you attempt a cross subscription restore.
+ 
+#### UserErrorCrossSubscriptionRestoreNotSuppportedForEncryptedAzureVM 
+
+**Error code**: UserErrorCrossSubscriptionRestoreNotSuppportedForEncryptedAzureVM
+
+**Error message**: Operation failed as Cross Subscription Restore is not supported for Encrypted Azure VMs.
+
+**Resolution**: Use the same subscription for Restore of Encrypted AzureVMs. 
+ 
+#### UserErrorCrossSubscriptionRestoreNotSuppportedForTrustedLaunchAzureVM 
+
+**Error code**: UserErrorCrossSubscriptionRestoreNotSuppportedForTrustedLaunchAzureVM
+
+**Error message**: Operation failed as Cross Subscription Restore is not supported for Trusted Launch Azure VMs (TVMs).
+
+**Resolution**: Use the same subscription for Restore of Trusted Launch Azure VMs. 
+
 ## Backup or restore takes time
 
 If your backup takes more than 12 hours, or restore takes more than 6 hours, review [best practices](backup-azure-vms-introduction.md#best-practices), and