Merge branch 'aksbackup26082024' of https://github.com/rajats22/azure-docs-pr into aksbackup26082024

Author: rajats22

articles/backup/azure-kubernetes-service-backup-overview.md

@@ -35,7 +35,7 @@ After the Backup extension is installed and Trusted Access is enabled, you can c
 The backup solution enables the backup operations for your AKS datasources that are deployed in the cluster and for the data that's stored in the persistent volume for the cluster, and then store the backups in a blob container. The disk-based persistent volumes are backed up as disk snapshots in a snapshot resource group. The snapshots and cluster state in a blob both combine to form a recovery point that is stored in your tenant called Operational Tier. You can also convert backups (first successful backup in a day, week, month, or year) in the Operational Tier  to blobs, and then move them to a Vault (outside your tenant) once a day.
 
 > [!NOTE]
-> Currently, Azure Backup supports only persistent volumes in CSI driver-based Azure Disk Storage. During backups, the solution skips other persistent volume types, such as Azure File Share and blobs. Also, backups are eligible to be moved to the vault if the persistent volumes are of size less than or equal to 1 TB.
+> Currently, Azure Backup supports only persistent volumes in CSI driver-based Azure Disk Storage. During backups, the solution skips other persistent volume types, such as Azure File Share and blobs. Also, if you have defined retention rules for Vault tier then backups are only eligible to be moved to the vault if the persistent volumes are of size less than or equal to 1 TB.
 
 ## Configure backup
 
@@ -438,7 +438,7 @@ You incur charges for:
 
 - **Snapshot fee**: Azure Backup for AKS protects a disk-based persistent volume by taking snapshots that are stored in the resource group in your Azure subscription. These snapshots incur snapshot storage charges. Because the snapshots aren't copied to the Backup vault, backup storage cost doesn't apply. For more information on the snapshot pricing, see [Managed Disk pricing](https://azure.microsoft.com/pricing/details/managed-disks/).
 
-- **Backup Storage fee**: Azure Backup for AKS also supports storing backups in Vault Tier. This can be achieved by defining retention rules for **vault-standard** in the backup policy, with one restore point per day elligible to be moved into the Vault. Restore points stored in the Vault Tier are charged a separate fees called Backup Storage fee as per the total data stored (in GBs) and redundancy type enable on the Backup Vault. 
+- **Backup Storage fee**: Azure Backup for AKS also supports storing backups in Vault Tier. This can be achieved by defining retention rules for **vault-standard** in the backup policy, with one restore point per day eligible to be moved into the Vault. Restore points stored in the Vault Tier are charged a separate fee called Backup Storage fee as per the total data stored (in GBs) and redundancy type enable on the Backup Vault. 
 
 
 ## Next step

articles/backup/azure-kubernetes-service-backup-troubleshoot.md

@@ -349,7 +349,7 @@ These error codes can appear while you enable AKS backup to store backups in a v
 
 **Cause**: To perform a restore operation, user needs to have a **read** permission over the backed up AKS cluster. 
 
-**Recommended action**: Assign Reader role over the source AKS cluster and then proceed to perform the restore operation. 
+**Recommended action**: Assign Reader role on the source AKS cluster and then proceed to perform the restore operation. 
 
 ## Next steps
 

articles/backup/azure-kubernetes-service-cluster-backup-concept.md

@@ -50,9 +50,7 @@ Your Azure resources access AKS clusters through the AKS regional gateway using
 
 For AKS backup, the Backup vault accesses your AKS clusters via Trusted Access to configure backups and restores. The Backup vault is assigned a predefined role **Microsoft.DataProtection/backupVaults/backup-operator** in the AKS cluster, allowing it to only perform specific backup operations. 
 
-To enable Trusted Access between a Backup vault and an AKS cluster, you must register the `TrustedAccessPreview`  feature flag on `Microsoft.ContainerService` at the subscription level. Learn more [to register the resource provider](azure-kubernetes-service-cluster-manage-backups.md#enable-the-feature-flag).
-
-Learn [how to enable Trusted Access](azure-kubernetes-service-cluster-manage-backups.md#register-the-trusted-access).
+To enable Trusted Access between a Backup vault and an AKS cluster. Learn [how to enable Trusted Access](azure-kubernetes-service-cluster-manage-backups.md#trusted-access-related-operations)
 
 >[!Note]
 >- You can install the Backup Extension on your AKS cluster directly from the Azure portal under the *Backup* section in AKS portal.

articles/backup/azure-kubernetes-service-cluster-backup-policy.md

@@ -1,5 +1,5 @@
 ---
-title: Audit and Enforce Backup Operations for Azure Kubernetes Service clusters using Azure Policy 
+title: Audit and enforce backup operations for Azure Kubernetes Service clusters using Azure Policy 
 description: 'An article describing how to use Azure Policy to audit and enforce backup operations for all Azure Kubernetes Service clusters created in a given scope'
 ms.topic: how-to
 ms.date: 08/26/2024
@@ -8,19 +8,19 @@ author: AbhishekMallick-MS
 ms.author: v-abhmallick
 ---
 
-# Audit and Enforce Backup Operations for Azure Kubernetes Service clusters using Azure Policy 
+# Audit and enforce backup operations for Azure Kubernetes Service clusters using Azure Policy 
 
 One of the key responsibilities of a Backup or Compliance Admin in an organization is to ensure that all business-critical machines are backed up with the appropriate retention.
 
-Today, Azure Backup provides various built-in policies (using [Azure Policy](../governance/policy/overview.md)) to help you automatically ensure that your Azure Kubernetes Service clusters are prepped for backup configuration. Depending on how your backup teams and resources are organized, you can use any one of the below policies:
+Azure Backup provides various built-in policies (using [Azure Policy](../governance/policy/overview.md)) to help you automatically ensure that your Azure Kubernetes Service clusters are ready for backup configuration. Depending on how your backup teams and resources are organized, you can use any one of the below policies:
 
 ## Policy 1 - Azure Backup Extension should be installed in AKS clusters
 
-It is an [audit-only](../governance/policy/concepts/effects.md#audit) policy. This policy identifies which AKS clusters don't have backup extension installed but doesn't automatically install backup extension for these AKS clusters. It is useful when you're only looking to evaluate the overall preparedness of the AKS clusters for backup compliance but not looking to take action immediately.
+Use this [audit-only](../governance/policy/concepts/effects.md#audit) policy to identify the AKS clusters that don't have the backup extension installed. However, this policy doesn't automatically install the backup extension to these AKS clusters. It's useful only to evaluate the overall readiness of the AKS clusters for backup compliance, and not to take action immediately.
 
 ## Policy 2 - Azure Backup should be enabled for AKS clusters
 
-It is an [audit-only](../governance/policy/concepts/effects.md#audit) policy. This policy identifies which clusters don't have backup enabled but doesn't automatically configure backups for these clusters. It's useful when you're only looking to evaluate the overall compliance of the clusters but not looking to take action immediately.
+Use this [audit-only](../governance/policy/concepts/effects.md#audit) policy to identify the clusters that don't have backups enabled. However, this policy doesn't automatically configure backups for these clusters. It's useful only to evaluate the overall compliance of the clusters, and not to take action immediately.
 
 ## Policy 3 - Install Azure Backup Extension in AKS clusters (Managed Cluster) with a given tag.
 
@@ -32,6 +32,8 @@ A central backup team in an organization can use this policy to install backup e
 
 ## Supported Scenarios
 
+Before you audit and enforce backups for AKS clusters, see the following scenarios supported:
+
 * The built-in policy is currently supported only for Azure Kubernetes Service clusters. 
 
 * Users must take care to ensure that the necessary [prerequisites](azure-kubernetes-service-cluster-backup-concept.md#Backup Extension) are enabled before Policies 3 and 4 are assigned.
@@ -42,26 +44,40 @@ A central backup team in an organization can use this policy to install backup e
 
 ## Using the built-in policies
 
-The below steps describe the end-to-end process of assigning Policy 3: **Install Azure Backup Extension in AKS clusters (Managed Cluster) with a given tag**. Similar instructions apply for the other policies. Once assigned, any new AKS cluster created under this scope has backup extension installed automatically.
+This section describes the end-to-end process of assigning Policy 3: **Install Azure Backup Extension in AKS clusters (Managed Cluster) with a given tag**. Similar instructions apply for the other policies. Once assigned, any new AKS cluster created under this scope has backup extension installed automatically.
+
+To assign Policy 3, follow these steps:
 
 1. Sign in to the Azure portal and navigate to the **Policy** Dashboard.
+   
 2. Select **Definitions** in the left menu to get a list of all built-in policies across Azure Resources.
+   
 3. Filter the list for **Category=Backup** and select the policy named *Install Azure Backup Extension in AKS clusters (Managed Cluster) with a given tag*.
-:::image type="content" source="./media/azure-kubernetes-service-cluster-backup-policy/policy-dashboard-inline.png" alt-text="Screenshot showing how to filter the list by category on Policy dashboard." lightbox="./media/backup-azure-auto-enable-backup/policy-dashboard-expanded.png":::
-4. Select the name of the policy. You're then redirected to the detailed definition for this policy.
-![Screenshot showing the Policy Definition pane.](./media/azure-kubernetes-service-cluster-backup-policy/policy-definition-blade.png)
-5. Select the **Assign** button at the top of the pane. This redirects you to the **Assign Policy** pane.
-6. Under **Basics**, select the three dots next to the **Scope** field. It opens up a right context pane where you can select the subscription for the policy to be applied on. You can also optionally select a resource group, so that the policy is applied only for AKS clusters in a particular resource group.
-![Screenshot showing the Policy Assignment Basics tab.](./media/azure-kubernetes-service-cluster-backup-policy/policy-assignment-basics.png)
-7. In the **Parameters** tab, choose a location from the drop-down, and select the storage account to which the backup extension installed in the AKS cluster in the scope must be associated. You can also choose to specify a tag name and an array of tag values. An AKS cluster that contains any of the specified values for the given tag are excluded from the scope of the policy assignment.
-![Screenshot showing the Policy Assignment Parameters pane.](./media/azure-kubernetes-service-cluster-backup-policy/policy-assignment-parameters.png)
-8. Ensure that **Effect** is set to deployIfNotExists.
-9. Navigate to **Review+create** and select **Create**.
+   
+:::image type="content" source="./media/azure-kubernetes-service-cluster-backup-policy/policy-dashboard-inline.png" alt-text="Screenshot showing how to filter the list by category on Policy dashboard." lightbox="./media/azure-kubernetes-service-cluster-backup-policy/policy-dashboard-inline.png":::
+
+5. Select the name of the policy. You're then redirected to the detailed definition for this policy.
+
+:::image type="content" source="./media/azure-kubernetes-service-cluster-backup-policy/policy-definition-blade.png" alt-text="Screenshot showing the Policy Definition tab." lightbox="./media/azure-kubernetes-service-cluster-backup-policy/policy-definition-blade.png":::
+
+7. Select the **Assign** button at the top of the pane. This redirects you to the **Assign Policy** pane.
+   
+8. Under **Basics**, select the three dots next to the **Scope** field. It opens up a right context pane where you can select the subscription for the policy to be applied on. You can also optionally select a resource group, so that the policy is applied only for AKS clusters in a particular resource group.
+
+:::image type="content" source="media/azure-kubernetes-service-cluster-backup-policy/policy-assignment-basics.png" alt-text="Screenshot showing the Policy Assignment Basics tab." lightbox="media/azure-kubernetes-service-cluster-backup-policy/policy-assignment-basics.png":::
+
+8. In the **Parameters** tab, choose a location from the drop-down, and select the storage account to which the backup extension installed in the AKS cluster in the scope must be associated. You can also choose to specify a tag name and an array of tag values. An AKS cluster that contains any of the specified values for the given tag are excluded from the scope of the policy assignment.
+
+:::image type="content" source="./media/azure-kubernetes-service-cluster-backup-policy/policy-assignment-parameters.png" alt-text="Screenshot showing the Policy Assignment Parameters pane." lightbox="./media/azure-kubernetes-service-cluster-backup-policy/policy-assignment-parameters.png":::
+
+10. Ensure that **Effect** is set to deployIfNotExists.
+   
+11. Navigate to **Review+create** and select **Create**.
 
 > [!NOTE]
 >
-> - Azure Policy can also be used on existing AKS clusters, using [remediation](../governance/policy/how-to/remediate-resources.md).
+> - Use [remediation](../governance/policy/how-to/remediate-resources.md) to enable these policies on existing AKS clusters.
 
 ## Next step
 
-[Learn more about Azure Policy](../governance/policy/overview.md)
+[Learn more about Azure Policy](../governance/policy/overview.md)