addressed PLR review comments

AbhishekMallick-MS · AbhishekMallick-MS · commit 816869d17e61 · 2023-12-20T20:57:11.000+05:30
diff --git a/articles/backup/azure-kubernetes-service-backup-overview.md b/articles/backup/azure-kubernetes-service-backup-overview.md
@@ -17,7 +17,7 @@ ms.author: v-abhmallick
 AKS backup integrates with Backup center in Azure, providing a single view that can help you govern, monitor, operate, and analyze backups at scale. Your backups are also available in the Azure portal under **Settings** in the resource menu for an AKS instance.
 
 >[!Note]
->Vaulted backup and Cross Region Restore for AKS using Azure Backup is now in preview.
+>Vaulted backup and Cross Region Restore for AKS using Azure Backup are currently in preview.
 
 ## How does AKS backup work?
 
@@ -186,7 +186,7 @@ Azure Backup for AKS supports two storage tiers as backup datastores:
 
 - **Operational Tier**: The Backup Extension installed in the AKS cluster first takes the backup by taking Volume snapshots via CSI Driver and stores cluster state in a blob container in your own tenant. This tier supports lower RPO with the minimum duration between two backups of four hours. Additionally, for Azure Disk-based volumes, Operational Tier supports quicker restores.
 
-- **Vault standard Tier (preview)**: To store backup data for longer duration at lower cost than snapshots, AKS backup supports Vault standard datastore. As per the retention rules set in the backup policy, the first successful backup (of a day, week, month, or year) is moved to a blob container outside your tenant. This datastore not only allows longer retention but also provides ransomware protection. You can also move backups stored in the Vault to another region (Azure Paired Region) for recovery. 
+- **Vault standard Tier (preview)**: To store backup data for longer duration at lower cost than snapshots, AKS backup supports Vault-standard datastore. As per the retention rules set in the backup policy, the first successful backup (of a day, week, month, or year) is moved to a blob container outside your tenant. This datastore not only allows longer retention, but also provides ransomware protection. You can also move backups stored in the vault to another region (Azure Paired Region) for recovery by enabling *Geo redundancy* and *Cross Region Restore* in the Backup vault.
 
 > [!Note]
 > You can store the backup data in a vault-standard datastore via Backup Policy by defining retention rules. Only one scheduled recovery point per day is moved to Vault Tier. However,  you can move any number of on-demand backups to the Vault as per the rule selected.  
diff --git a/articles/backup/azure-kubernetes-service-cluster-backup-concept.md b/articles/backup/azure-kubernetes-service-cluster-backup-concept.md
@@ -17,7 +17,7 @@ This article describes the prerequisites for Azure Kubernetes Service (AKS) back
 Azure Backup now allows you to back up AKS clusters (cluster resources and persistent volumes attached to the cluster) using a backup extension, which must be installed in the cluster. Backup vault communicates with the cluster via this Backup Extension to perform backup and restore operations. Based on the least privileged security model, a Backup vault must have *Trusted Access* enabled to communicate with the AKS cluster.
 
 >[!Note]
->Vaulted backup and Cross Region Restore for AKS using Azure Backup is now in preview.
+>Vaulted backup and Cross Region Restore for AKS using Azure Backup are currently in preview.
 
 ## Backup Extension
 
diff --git a/articles/backup/azure-kubernetes-service-cluster-backup-support-matrix.md b/articles/backup/azure-kubernetes-service-cluster-backup-support-matrix.md
@@ -16,7 +16,7 @@ ms.author: v-abhmallick
 You can use [Azure Backup](./backup-overview.md) to help protect Azure Kubernetes Service (AKS). This article summarizes region availability, supported scenarios, and limitations.
 
 >[!Note]
->Vaulted backup and Cross Region Restore for AKS using Azure Backup is now in preview.
+>Vaulted backup and Cross Region Restore for AKS using Azure Backup are currently in preview.
 
 ## Supported regions
 
@@ -68,12 +68,15 @@ You can use [Azure Backup](./backup-overview.md) to help protect Azure Kubernete
   | Number of on-demand backups allowed in a day per backup instance | 10 |
   | Number of allowed restores per backup instance in a day | 10 |
 
-- Disaster Recovery  Feature is only available between Azure Paired Region (if backup is configured in a Geo Redundant Backup Vault), the backup data will only be available in an Azure paired region. For example, if you have an AKS cluster in East US that is backed up in a Geo Redundant Backup Vault, the backup data will also be available in West US for restore.
+### Additional limitations for Vaulted backup and Cross Region Restore (preview)
 
-- Only Azure Disk with Persistent Volumes of size <= 1 TB are eligible to be moved to the Vault Tier; otherwise, they will be skipped in the backup data. 
+- Only Azure Disk with Persistent Volumes of size <= 1 TB are eligible to be moved to the Vault Tier; otherwise, they are skipped in the backup data. 
 
-- Only one scheduled recovery point will be available in Vault Tier per day that is providing an RPO of 24 hours. For secondary region, the recovery point can take up to 12 hours, thus providing an RPO of 36 hours. 
-•	During restore from Vault Tier, the provided staging location should not have a Read/Delete Lock; otherwise, hydrated resources will not be cleaned after restore. 
+- *Disaster Recovery* feature is only available between Azure Paired Regions (if backup is configured in a Geo Redundant Backup vault). The backup data is only available in an Azure paired region. For example, if you have an AKS cluster in East US that is backed up in a Geo Redundant Backup vault, the backup data is also available in West US for restore.
+
+- Only one scheduled recovery point is available in Vault Tier per day that is providing an RPO of 24 hours. For secondary region, the recovery point can take up to 12 hours, thus providing an RPO of 36 hours.
+
+- During restore from Vault Tier, the provided staging location shouldn't have a *Read*/*Delete Lock*; otherwise, hydrated resources aren't cleaned after restore. 
 
 ## Next steps
 
diff --git a/articles/backup/azure-kubernetes-service-cluster-backup.md b/articles/backup/azure-kubernetes-service-cluster-backup.md
@@ -17,7 +17,7 @@ This article describes how to configure and back up Azure Kubernetes Service (AK
 You can use Azure Backup to back up AKS clusters (cluster resources and persistent volumes attached to the cluster) by using the Backup extension, which must be installed in the cluster. The Backup vault communicates with the cluster via the Backup extension to perform backup and restore operations.
 
 >[!Note]
->Vaulted backup and Cross Region Restore for AKS using Azure Backup is now in preview.
+>Vaulted backup and Cross Region Restore for AKS using Azure Backup are currently in preview.
 
 ## Before you start
 
@@ -42,7 +42,7 @@ A Backup vault is a management entity that stores recovery points treated over t
 >[!Note]
 >A Backup vault is a new resource that's used to back up newly supported datasources. A Backup vault is different from a Recovery Services vault.
 
-If you want to use AKS backup to protect your AKS clusters against disaster recovery: 
+If you want to use Azure Backup to protect your AKS clusters from any regional outage: 
 
 1. Set the **Backup Storage Redundancy** parameter as **Globally-Redundant** during vault creation. Once the redundancy for a vault is set, you can't disable.
 
@@ -84,7 +84,7 @@ To create a backup policy:
 
    :::image type="content" source="./media/azure-kubernetes-service-cluster-backup/retention-period.png" alt-text="Screenshot that shows selection of retention period.":::
 
-   You can also create additional retention rules to store backups that are taken daily or weekly to be stored for a longer duration.
+   You can also create additional retention rules to store backups for a longer duration that are taken daily or weekly.
 
 
    - **Default**: This  rule defines the default retention duration for all the operational tier backups taken. You can only edit this rule and  can’t delete it.
@@ -97,7 +97,10 @@ To create a backup policy:
    You can also define similar rules for the *First successful backup taken every week, month, and year*.
 
    >[!Note]
-   >By using retention rules, you can store the backup data in Operational and Vault-standard datastore or in Operational datastore only. 
+   >- In addition to first successful backup of the day, you can define the retention rules for first successful backup of the week, month, and year. In terms of priority, the order is year, month, week, and day.
+   >- The backups stored in the Vault Tier are also copied in the secondary region (Azure Paired region) which you can use to restore AKS clusters to a secondary region during primary region outage.
+
+
 
 1. When the backup frequency and retention settings are configured, select **Next**.
 
diff --git a/articles/backup/azure-kubernetes-service-cluster-restore.md b/articles/backup/azure-kubernetes-service-cluster-restore.md
@@ -17,7 +17,7 @@ This article describes how to restore backed-up Azure Kubernetes Service (AKS).
 Azure Backup now allows you to back up AKS clusters (cluster resources and persistent volumes attached to the cluster) using a backup extension, which must be installed in the cluster. Backup vault communicates with the cluster via this Backup Extension to perform backup and restore operations. 
 
 >[!Note]
->Vaulted backup and Cross Region Restore for AKS using Azure Backup is now in preview.
+>Vaulted backup and Cross Region Restore for AKS using Azure Backup are currently in preview.
 
 ## Before you start
 
@@ -111,6 +111,10 @@ As part of item-level restore capability of AKS backup, you can utilize multiple
    
      :::image type="content" source="./media/azure-kubernetes-service-cluster-restore/select-backed-up-namespace-for-migrate.png" alt-text="Screenshot shows the selection of namespace for migration.":::
 
+## Restore in secondary region (preview)
+
+To restore the AKS cluster in the secondary region, [configure Geo redundancy and Cross Region Restore in the Backup vault](azure-kubernetes-service-cluster-backup.md#create-a-backup-vault), and then [trigger restore](tutorial-restore-aks-backups-across-regions.md#restore-in-secondary-region-preview).
+
 ## Next steps
 
 - [Manage Azure Kubernetes Service cluster backups](azure-kubernetes-service-cluster-manage-backups.md)
diff --git a/articles/backup/tutorial-restore-aks-backups-across-regions.md b/articles/backup/tutorial-restore-aks-backups-across-regions.md
@@ -10,9 +10,11 @@ author: AbhishekMallick-MS
 ms.author: v-abhmallick
 ---
 
-# Tutorial: Enable disaster recovery for AKS backups and restore across Regions (preview)
+# Tutorial: Enable Vault Tier backups for AKS and restore across regions by using Azure Backup (preview)
 
-This tutorial describes how to create backups for an AKS cluster available in the Secondary Region (Azure Paired region) and then perform a disaster recovery using Cross Region Restore.
+This tutorial describes how to create backups for an AKS cluster available in the Secondary Region (Azure Paired region) and  perform a disaster recovery by using Cross Region Restore.
+
+Azure Backup allows you to store AKS cluster backups in both **Operational Tier as snapshot** and **Vault Tier as blobs** (preview). This feature enables you to move snapshot-based AKS backups stored in Operational Tier to a Vault-standard Tier. You can use the backup policy, to define whether to store backups just in Operational Tier as snapshots or also protect them in Vault Tier along with Operational. Vaulted backups are stored offsite, which protects them from tenant compromise, malicious attacks, and ransomware threats. You can also retain the backup data for long term and can do Cross Region Restore by configuring the Backup vault with storage redundancy set as global and Cross Region Restore property as enabled. [Learn more](azure-kubernetes-service-backup-overview.md). 
 
 ## Consideration
 
@@ -24,7 +26,7 @@ For backups to be available in Secondary region (Azure Paired Region), [create a
 
 ## Configure Vault Tier backup (preview)
 
-To use AKS backup against regional disaster recovery, store the backups in Vault Tier. You can enable this capability by [creating a backup policy](azure-kubernetes-service-cluster-backup.md#create-a-backup-policy) with retention policy set for Vault-standard datastore.
+To use AKS backup for regional disaster recovery, store the backups in Vault Tier. You can enable this capability by [creating a backup policy](azure-kubernetes-service-cluster-backup.md#create-a-backup-policy) with retention policy set for Vault-standard datastore.
 
 To set the retention policy in a backup policy, follow these steps:
 
@@ -40,7 +42,7 @@ To set the retention policy in a backup policy, follow these steps:
 
    :::image type="content" source="./media/azure-kubernetes-service-cluster-backup/retention-period.png" alt-text="Screenshot that shows selection of retention period.":::
 
-   You can also create additional retention rules to store backups that are taken daily or weekly to be stored for a longer duration.
+   You can also create additional retention rules to store backups for a longer duration that are taken daily or weekly.
 
 
    - **Default**: This  rule defines the default retention duration for all the operational tier backups taken. You can only edit this rule and  can’t delete it.
@@ -50,12 +52,12 @@ To set the retention policy in a backup policy, follow these steps:
      :::image type="content" source="./media/azure-kubernetes-service-cluster-backup/retention-configuration-for-vault-operational-tiers.png" alt-text="Screenshot that shows the retention configuration for Vault Tier and Operational Tier.":::
 
 
-With the new backup policy, you can [configure protection for the AKS cluster](azure-kubernetes-service-cluster-backup.md#configure-backups). Now, your backups will be stored in both Operational Tier as snapshot and in Vault Tier as blobs. The backups stored in the vault will be available in the Secondary Region (an [Azure paired region](../reliability/cross-region-replication-azure.md#azure-paired-regions)) for restore. Thus, you can use your backups against regional disaster.
+With the new backup policy, you can [configure protection for the AKS cluster](azure-kubernetes-service-cluster-backup.md#configure-backups) and store in both Operational Tier (as snapshot) and Vault Tier (as blobs). Once the configuration is complete, the backups stored in the vault are available in the Secondary Region (an [Azure paired region](../reliability/cross-region-replication-azure.md#azure-paired-regions)) for restore that can be used when during regional outage.
 
 
 ## Restore in secondary region (preview)
 
-In case of a regional outage, you can use the recovery points stored in Vault Tier in secondary region to bring back the AKS cluster. 
+In case of primary region outage, you can use the recovery points stored in Vault Tier in secondary region to bring back the AKS cluster. 
 
 Follow these steps:
 
diff --git a/articles/backup/whats-new.md b/articles/backup/whats-new.md
@@ -83,9 +83,9 @@ You can learn more about the new releases by bookmarking this page or by [subscr
 
 ## Vaulted backup and Cross Region Restore for support for AKS (preview)
  
-Azure Backup now supports storing AKS backups offsite, which is protected against tenant compromise, malicious attacks and ransomware threats. in addition, this feature will allow you to back up data for long term with regard to compliance and regulatory requirements. With this new feature, your snapshot-based AKS backups stored in Operational Tier are now converted into blobs and moved to a Vault standard tier outside of your tenant. You can enable/disable this feature by updating the retention rules of your Backup Policy.
+Azure Backup supports storing AKS backups offsite, which is protected against tenant compromise, malicious attacks and ransomware threats. Along with backup stored in a vault, you can also use the backups in a regional disaster scenario and recover backups.
 
-Along with backup stored in a Vault, now you can also use the backups in a regional disaster scenario and recover backups. You can now enable a Backup Vault to be Globally redundant with Cross region restore and then your vaulted backups will be available in an Azure Paired region for restore. In case of a regional outage, you can use these backups to restore your AKS clusters in a secondary region.
+Once the feature is enabled, your snapshot-based AKS backups stored in Operational Tier are converted into blobs and moved to a Vault-standard tier outside of your tenant. You can enable/disable this feature by updating the retention rules of your backup policy. This feature also allows you to back up data for long term storage as per the compliance and regulatory requirements. With this feature, you can also enable a Backup vault to be *Globally redundant* with *Cross Region Restore*, and then your vaulted backups will be available in an Azure Paired region for restore. In case of primary region outage, you can use these backups to restore your AKS clusters in a secondary region.
 
 For more information, see [Overview of AKS backup](azure-kubernetes-service-backup-overview.md).
 
