MicrosoftDocs
diff --git a/‎articles/backup/azure-data-lake-storage-backup-overview.md
Lines changed: 64 additions & 0 deletions b/‎articles/backup/azure-data-lake-storage-backup-overview.md
Lines changed: 64 additions & 0 deletions
diff --git a/‎articles/backup/azure-data-lake-storage-backup-support-matrix.md
Lines changed: 93 additions & 0 deletions b/‎articles/backup/azure-data-lake-storage-backup-support-matrix.md
Lines changed: 93 additions & 0 deletions
@@ -0,0 +1,64 @@
+---
+title: About Azure Data Lake Storage Gen 2 vaulted backup (preview)
+description: Learn how the Azure Data Lake Storage Gen2 vaulted backup works
+ms.topic: overview
+ms.date: 04/16/2025
+author: jyothisuri
+ms.author: jsuri
+ms.custom: engagement-fy24
+--- 
+
+# About Azure Data Lake Storage Gen 2 vaulted backup (preview)
+
+[Azure Data Lake Storage (ADLS)](/azure/storage/blobs/data-lake-storage-introduction) vaulted backup (preview) is a streamlined, cloud-native solution for backing up and restoring general-purpose v2 storage accounts with a [hierarchical namespace](/azure/storage/blobs/data-lake-storage-namespace). It allows selective backup and restoration of containers, storing backups in a dedicated vault for granular control.
+
+>[!Note]
+>- This feature is currently in limited preview and is available in specific regions only. See the [supported regions](azure-data-lake-storage-backup-support-matrix.md#supported-regions).
+>- To enroll in this preview feature, fill [this form](https://forms.office.com/r/sixidTkYb4)  and write to [[email protected]](mailto:[email protected]).
+
+## Azure Data Lake Storage Gen 2 backup workflow
+
+Vaulted backup uses platform capabilities such as snapshots and object replication to copy data to the Backup vault. Object replication asynchronously copies block blobs from a source storage account to a destination backup storage account, including the blob's contents, versions, metadata, and properties.  
+
+When protection is configured, Azure Backup sets up a destination storage account within the Backup vault and applies an object replication policy at the container level for both source and destination accounts. During backup, Azure Backup places a recovery point marker on the source account and tracks its replication. After the marker is replicated to the destination, the recovery point is created.
+
+*The following diagram shows the recovery point creation process after the snapshot is taken:*
+
+:::image type="content" source="./media/azure-data-lake-storage-backup-overview/recovery-point-creation-architecture.png" alt-text="Diagram shows the recovery point creation process in the backup flow."::: 
+
+Learn about the [supported scenarios and limitations for Azure Data Lake Storage Gen 2 backup](azure-data-lake-storage-backup-support-matrix.md).
+
+## ADLS backup configuration and retention
+
+The ADLS backup requires a Backup vault that provides a centralized view of configured backups. Vaulted backup is set at the storage account level, with the option to exclude containers. If an account has over 100 containers, reduce the count to 100 or less.
+
+Backup policies manage schedules and retention, supporting daily or weekly backups and recovery point creation. Retention can be set for daily, weekly, monthly, or yearly backups and can be retained up to **10 years**, with yearly rules taking priority. Default retention applies if no other rules are set.
+
+Azure Backup automatically runs scheduled jobs, replicating block blobs from the source to the destination storage account. It preserves contents, versions, metadata, and properties based on the backup frequency. Backups remain in the vault per policy and are deleted once the retention period ends.
+
+Backup can be enabled for multiple storage accounts in a single vault using one or multiple backup policies. Vaulted backups support long-term retention for up to 10 years.
+
+### Backup management 
+
+After the ADLS backup configuration is complete, a backup instance is created in the Backup vault. Use it to initiate restores, monitor activity, stop protection, and perform other backup operations.
+
+The Backup vault's managed identity needs specific permissions on storage accounts for backup and restore operations. These permissions are bundled into the **Storage Account Backup Contributor** role for easy management.
+
+Assign the role to the Backup vault before configuring backup for easier setup. Alternatively, you can assign it during configuration. A managed identity is a service principal exclusive to Azure resources.
+Learn more about [managed identities](/azure/active-directory/managed-identities-azure-resources/overview).
+
+### Restoration from backups
+
+You can restore data from any point in time where a recovery point exists. Recovery points are created when a storage account is in a protected state and remain available for restoration as long as they fall within the retention period defined by the backup policy. You can choose to perform a granular recovery by selecting specific containers, applying a prefix-based filter, or restore the entire storage account.
+
+
+Azure Backup allows restoring data from any recovery point within the retention period set by the backup policy. Recovery points are created when the storage account is in protected state, and can be used to restore until they expire as per the retention policy. This solution allows performing granular recovery by selecting containers, applying a prefix-based filter, or restoring the full storage account.
+
+>[!Note]
+>- To restore a recovery point to a different subscription, request the Azure Backup team to allowlist the required subscription and grant access by using the same [signup form](https://forms.office.com/r/sixidTkYb4).
+>- Currently, the vaulted backup solution supports restoring data only to a different storage account within the same region as the vault. However, restoring data from older recovery points might result in a longer recovery time (higher [Recovery Time Objective](azure-backup-glossary.md#recovery-time-objective-rto)).
+
+## Next steps
+
+- [Configure vaulted backup for Azure Data Lake Storage Gen 2 using Azure portal (preview)](azure-data-lake-storage-configure-backup.md).
+- [Restore Azure Data Lake Storage Gen  2 using Azure portal (preview)](azure-data-lake-storage-restore.md).
@@ -0,0 +1,93 @@
+---
+title: Support matrix for Azure Data Lake Storage Gen2 vaulted backup (preview)
+description: Learn about the  regional availability, supported scenarios, and limitations for vaulted backups of Azure Data Lake Storage Gen2 (preview).
+ms.topic: reference
+ms.date: 04/16/2025
+ms.custom: references_regions, engagement-fy24
+ms.service: azure-backup
+author: jyothisuri
+ms.author: jsuri
+---
+
+# Support matrix for Azure Data Lake Storage Gen2 vaulted backup (preview)
+
+This article summarizes the regional availability, supported scenarios, and limitations for vaulted backups of Azure Data Lake Storage Gen2 (preview).
+
+## Supported regions
+
+Vaulted backups of Azure Data Lake Storage Gen2 are available in the following regions: France South, India Central, India West, East Asia, and Southeast Asia.
+
+## Supported storage accounts
+
+The following table lists the supported storage account details:
+
+| Storage  account details | Support |
+| ------------------------ | ------------------------------------------------------------ |
+| Account  Kind            | Only block blobs in a standard general-purpose v2 HNS-enabled storage account. <br><br>*Accounts using Network File Shares (NFS) 3.0, and Secure File Transfer Protocol (SFTP) protocols for blobs are currently not supported*.|
+| Redundancy              | Only Locally redundant storage (LRS) & Zone-redundant storage (ZRS) enabled storage account. |
+| Tier              | Hot, Cool, and Cold tier blobs are supported.<br><br>*Archive tier blob backup isn't supported*. |
+
+## Protection limits
+
+The following table lists the protection setting limit:
+
+| **Setting** | **Limit**                                                      |
+| ------------------------------------------------------------ | ----- |
+| Maximum number of containers in a storage account that can be protected | 100 |
+| Vault redundancy              | LRS/ZRS|
+
+### Supported protection scenarios
+
+The following protection scenarios are currently supported:
+
+- To back up any new containers that get created after backup configuration for the storage account, modify the protection of the storage account. These containers aren't backed up automatically.
+- The storage accounts to be backed up must contain a *minimum of one container*. If the storage account doesn't contain any containers or if no containers are selected, an error may appear when you configure backup.
+- The backup operation isn't supported for blobs that are uploaded by using [Data Lake Storage APIs](/rest/api/storageservices/data-lake-storage-gen2). 
+- Similarly, if you delete and recreate a container with the same name, **Object Replication** doesn't track the change, and future Recovery Points still include the previous blobs and versions.
+- Backup vaults with User-Assigned Managed Identity (UAMI) aren't compatible with Azure Blob Vaulted backups. Only System-Assigned Managed Identity (SAMI) works, because the vault needs to access the storage account where the blobs are stored. The vault uses its system-assigned managed identity for this access.
+- Enabling backups isn't supported for the blob container that are configured with native replication using data factory.
+- You can protect the storage account with the vault in another subscription but in the same region as storage account.
+- Archive tier for vault is currently not supported.
+
+
+## Backup limits
+
+The following table lists the Backup setting limits:
+
+| **Setting** | **Limit**                                                      |
+| ------------------------ | ------------------------------------------------------------ |
+| Maximum number of on-demand backups per day             | 4|
+| Maximum number of scheduled backups per day             | 1|
+
+>[!Note]
+>If you suspend and resume protection or delete the **Object Replication policy** on the **source storage account**, the policy triggers a full backup.
+
+## Retention limits
+
+The following table lists the Retention setting limits:
+
+| **Setting** | **Limit**                                                      |
+| ------------------------ | ------------------------------------------------------------ |
+| Maximum retention of daily recovery points             | 3,650 days|
+| Maximum retention of weekly recovery points             | 521 weeks|
+| Maximum retention of monthly recovery points             | 120 months|
+| Maximum retention of yearly recovery points             | 10 years|
+
+## Supported restore methods
+
+The following table lists the Retention setting limits:
+
+| **Setting** | **Limit**                                                      |
+| ------------------------ | ------------------------------------------------------------ |
+| Full restore             | You can restore the complete storage account to an alternate location.|
+| Containers restore       | You can select one or more containers or use prefix to filter specific containers to restore.|
+
+>[!Note]
+>- Cool and Cold tier blobs are restored in Hot tier.
+>- Restore to the source storage account is not supported. 
+>- The target storage selected for restore should not have any container with same name.
+
+## Next steps
+
+- [Configure vaulted backup for Azure Data Lake Storage Gen 2 using Azure portal (preview)](azure-data-lake-storage-configure-backup.md).
+- [Restore Azure Data Lake Storage Gen  2 using Azure portal (preview)](azure-data-lake-storage-restore.md).