more updates

Author: AbhishekMallick01

articles/backup/azure-kubernetes-service-cluster-backup-concept.md

@@ -3,7 +3,7 @@ title: Azure Kubernetes Service (AKS) backup using Azure Backup overview
 description: This article explains the concept of Azure Kubernetes Service (AKS) backup using Azure Backup.
 ms.topic: conceptual
 ms.service: backup
-ms.date: 02/28/2023
+ms.date: 03/03/2023
 author: jyothisuri
 ms.author: jsuri
 ---
@@ -24,15 +24,15 @@ This section explains the least privileged security models required for a Backup
 
 - Backup Extension uses a blob container (provided in input during installation) as a default location for backup storage. To access this blob container, the Extension Identity requires *Storage Account Contributor* role on the storage account that has the container.
 
-- Backup Extension also needs to be installed on both the source cluster to be backed up and the target cluster where the restore will happen.
+- You need to install Backup Extension on both the source cluster to be backed up and the target cluster where the restore will happen.
 
-Learn [how to manage the operation to install Backup Extension using Azure CLI](azure-kubernetes-service-cluster-manage-backups.md#manage-azure-kubernetes-service-cluster-backups-using-azure-backup-preview).
+Learn [how to manage the operation to install Backup Extension using Azure CLI](azure-kubernetes-service-cluster-manage-backups.md#manage-operations).
 
 ### Trusted Access
 
-Many Azure services depend on *clusterAdmin kubeconfig* and the *publicly accessible kube-apiserver endpoint* to access AKS clusters. The **AKS Trusted Access** feature enables you to bypass the private endpoint restriction. Without using Microsoft Azure Active Directory (Azure AD) application, this feature enables you to give explicit consent to your system-assigned identity of allowed resources to access your AKS clusters using an Azure resource RoleBinding. 
+Many Azure services depend on *clusterAdmin kubeconfig* and the *publicly accessible kube-apiserver endpoint* to access AKS clusters. The **AKS Trusted Access** feature enables you to bypass the private endpoint restriction. Without using Microsoft Azure Active Directory (Azure AD) application, this feature enables you to give explicit consent to your system-assigned identity of allowed resources to access your AKS clusters using an Azure resource RoleBinding. The Trusted Access feature allows you to access AKS clusters with different configurations, which isn’t limited to private clusters, clusters with local accounts disabled, Azure AD clusters, and authorized IP range clusters.
 
-Your Azure resources access AKS clusters through the AKS regional gateway via system-assigned Managed Identity authentication with the appropriate Kubernetes permissions via an Azure resource role. The Trusted Access feature allows you to access AKS clusters with different configurations, which aren't limited to private clusters, clusters with local accounts disabled, Azure AD clusters, and authorized IP range clusters. 
+Your Azure resources access AKS clusters through the AKS regional gateway using system-assigned managed identity authentication. The managed identity must have the appropriate Kubernetes permissions assigned via an Azure resource role.
 
 For AKS backup, the Backup vault accesses your AKS clusters via Trusted Access to configure backups and restores. The Backup vault is assigned a pre-defined role **Microsoft.DataProtection/backupVaults/backup-operator** in the AKS cluster, allowing it to only perform specific backup operations. 
 
@@ -42,10 +42,11 @@ Learn [how to enable Trusted Access](azure-kubernetes-service-cluster-manage-bac
 
 To enable backup for an AKS cluster, see the following prerequisites: .
 
-- AKS backup uses CSI drivers snapshot capabilities to perform backups of Persistent Volumes. CSI Driver support is available for AKS clusters with Kubernetes version *1.21.1* or later. 
-- Currently, AKS backup only supports backup of Azure Disk based Persistent Volumes (enabled by CSI Driver). If you’re using Azure File Share and Azure Blob type Persistent Volumes in your AKS clusters, you can configure backups for them via the Azure Backup solutions available for [Azure File Share](azure-file-share-backup-overview.md) and [Azure Blob](blob-backup-overview.md).
+- AKS backup uses CSI drivers snapshot capabilities to perform backups of persistent volumes. CSI Driver support is available for AKS clusters with Kubernetes version *1.21.1* or later. 
 
-- In Tree, volumes aren't supported by AKS backup; only CSI driver based volumes can be backed up. You can [migrate from tree volumes to CSI driver based Persistent Volumes](../aks/csi-migrate-in-tree-volumes.md).
+  >[!Note]
+  >- Currently, AKS backup only supports backup of Azure Disk based persistent volumes (enabled by CSI driver). If you're using Azure File Share and Azure Blob type persistent volumes in your AKS clusters, you can configure backups for them via the Azure Backup solutions available for [Azure File Share](azure-file-share-backup-overview.md) and [Azure Blob](blob-backup-overview.md).
+ >- In Tree, volumes aren't supported by AKS backup; only CSI driver based volumes can be backed up. You can [migrate from tree volumes to CSI driver based Persistent Volumes](../aks/csi-migrate-in-tree-volumes.md).
 
 - Before installing Backup Extension in the AKS cluster, ensure that the CSI drivers and snapshots are enabled for your cluster. If disabled, see [these steps to enable them](../aks/csi-storage-drivers.md#enable-csi-storage-drivers-on-an-existing-cluster).
 
@@ -60,24 +61,24 @@ To enable backup for an AKS cluster, see the following prerequisites: .
 
 To perform AKS backup and restore operations as a user, you need to have specific roles on the AKS cluster, Backup vault, Storage account, and Snapshot resource group.
 
-| Scope | Preferred Role | Reason |
+| Scope | Preferred Role | Description |
 | --- | --- | --- |
-| AKS Cluster | Owner | Owner role allows you to install Backup Extension, enable *Trusted Access* and grant permissions to Backup vault over cluster. |
-| Backup vault resource group | Backup Contributor | This role allows you to create Backup vault in a resource group, create backup policy, configure backup, and restore and assign missing roles required for Backup operations. |
-| Storage account | Owner | Owner role allows you to perform read and write operations on the storage account and assign required roles to other Azure resources as a part of backup operations. |
-| Snapshot resource group | Owner | Owner role allows you to perform read and write operations on the Snapshot resource group and assign required roles to other Azure resources as part of backup operations. |
+| AKS Cluster | Allows you to install Backup Extension, enable *Trusted Access* and grant permissions to Backup vault over the cluster. |
+| Backup vault resource group | Backup Contributor | Allows you to create Backup vault in a resource group, create backup policy, configure backup, and restore and assign missing roles required for Backup operations. |
+| Storage account | Owner | Allows you to perform read and write operations on the storage account and assign required roles to other Azure resources as a part of backup operations. |
+| Snapshot resource group | Owner | Allows you to perform read and write operations on the Snapshot resource group and assign required roles to other Azure resources as part of backup operations. |
 
 >[!Note]
->Owner role on an Azure resource allows you to perform Azure RBAC operations of that resource. If it's not available, you need to get the *resource owner* to provide the required roles to the Backup vault and AKS cluster before initiating the backup or restore operations.
+>Owner role on an Azure resource allows you to perform Azure RBAC operations of that resource. If it's not available, the *resource owner* must provide the required roles to the Backup vault and AKS cluster before initiating the backup or restore operations.
 
 Also, as part of the backup and restore operations, the following roles are assigned to the AKS cluster, Backup Extension Identity, and Backup vault.
 
-| Role | Assigned To | Assigned on | Reason |
+| Role | Assigned To | Assigned on | Description |
 | --- | --- | --- | --- |
-| Reader | Backup vault | AKS cluster | This role allows the Backup vault to perform list and read operations on AKS cluster. |
-| Reader | Backup vault | Snapshot resource group | This role allows the Backup vault to perform list and read operations on snapshot resource group. |
-| Disk Snapshot Contributor | AKS cluster | Snapshot resource group | This role allows AKS cluster to store persistent volume snapshots in the resource group. |
-| Storage Account Contributor | Extension Identity | Storage account | This role allows Backup Extension to store cluster resource backups in the blob container. | 
+| Reader | Backup vault | AKS cluster | Allows the Backup vault to perform list and read operations on AKS cluster. |
+| Reader | Backup vault | Snapshot resource group | Allows the Backup vault to perform list and read operations on snapshot resource group. |
+| Disk Snapshot Contributor | AKS cluster | Snapshot resource group | Allows AKS cluster to store persistent volume snapshots in the resource group. |
+| Storage Account Contributor | Extension Identity | Storage account | Allows Backup Extension to store cluster resource backups in the blob container. |
 
 >[!Note]
 >AKS backup allows you to assign these roles during backup and restore processes through the Azure portal with a single click.

articles/backup/azure-kubernetes-service-cluster-backup.md

@@ -3,7 +3,7 @@ title: Back up Azure Kubernetes Service (AKS) using Azure Backup
 description: This article explains how to back up Azure Kubernetes Service (AKS) using Azure Backup.
 ms.topic: how-to
 ms.service: backup
-ms.date: 02/28/2023
+ms.date: 03/03/2023
 author: jyothisuri
 ms.author: jsuri
 ---
@@ -92,7 +92,7 @@ To configure backups for AKS cluster, follow these steps:
 6. In the *context* pane, provide the *storage account* and *blob container* where you need to store the backup, and then select **Generate Command**.
 
    >[!Note]
-   >Before you install the AKS Backup Extension via *Azure CLI*, you must enable the `Microsoft.KubernetesConfiguration` resource provider on the subscription. We don't recommend to proceed with the Backup Extension installation before enabling the resource provider.
+   >Before you install the AKS Backup Extension via *Azure CLI*, you must enable the `Microsoft.KubernetesConfiguration` resource provider on the subscription.
    >
    >To register the resource provider before the extension installation (don't initiate extension installation before registering resource provider), run the following commands:
    >
@@ -101,21 +101,22 @@ To configure backups for AKS cluster, follow these steps:
    >2. Monitor the registration process. The registration may take up to *10 minutes*.
    >   `az provider show -n Microsoft.KubernetesConfiguration -o table`
 
-7. Open the PowerShell console, sign in to the Azure portal (`az login`), and then copy and run the generated commands.
+7. Open the PowerShell console, and then upgrade the CLI to version *2.24.0* or later using the command `az upgrade`.
+
+   Sign in to the Azure portal (using the command `az login`), and then copy and run the generated commands.
 
    The commands install the *Backup Extension* and *Assign Extension* managed identity permissions on the storage account.
 
    Once done, select **Revalidate**.
 
    >[!Note]
-   >1. Before you run the Azure CLI command, upgrade the CLI to version *2.24.0* or later using the command `az upgrade`.
-   >2. We're using the Extension managed identity attached to the underlying compute of the AKS cluster. After running the `az role assignment` command, it may take some time (up to *1 hour*) to propagate permission to the AKS cluster (due to caching issue). If revalidation fails, try again after some time.
+   >We're using the Extension managed identity attached to the underlying compute of the AKS cluster. After running the `az role assignment` command, it may take some time (up to *1 hour*) to propagate permission to the AKS cluster (due to caching issue). If revalidation fails, try again after some time.
 
 8. To enable *Trusted Access* and *other role permissions*, select **Grant Permission** > **Next**.
 
 9. Select the backup policy that defines the schedule and retention policy for AKS backup, and then select **Next**.
 
-10. Select **Add/Edit** to define the **Backup Instance Configuration**.
+10. Select **Add/Edit** to define the *backup instance configuration*.
 
 11. In the *context* pane, enter the *cluster resources* that you want to back up.