PBI3162129, 31043293, 31878190, 32183108 and 31444365

Author: PriskeyJeronika

articles/site-recovery/azure-to-azure-common-questions.md

@@ -3,7 +3,7 @@ title: Common questions about Azure virtual machine disaster recovery with Azure
 description: This article answers common questions about Azure virtual machine disaster recovery when you use Azure Site Recovery.
 ms.author: ankitadutta
 author: ankitaduttaMSFT
-ms.date: 03/13/2025
+ms.date: 05/11/2025
 ms.topic: faq
 ms.service: azure-site-recovery
 
@@ -137,6 +137,12 @@ The Azure portal displays *logical Zones*. In the datacenter, actual physical zo
 
 In case the source and target zones are the same, you can't view zone for target configuration while enabling zonal replication.
 
+### Can I choose a different name for my recovery services vault automation instead of using the existing one?
+
+When you replicate a new VM and specify a new Automation Account name, the vault updates to use this new Automation Account at the vault level. This updated name appears in the vault under **Recovery Services Vault** > **Site Recovery Infrastructure** > **Extension Update Settings**.
+
+Azure Site Recovery uses this new Automation Account to manage the site recovery extension on all replicated VMs.
+
 ## Replication policy
 
 ### What is a replication policy?

articles/site-recovery/azure-to-azure-how-to-enable-replication-private-endpoints.md

@@ -5,7 +5,7 @@ author: ankitaduttaMSFT
 ms.author: ankitadutta
 ms.service: azure-site-recovery
 ms.topic: how-to
-ms.date: 03/13/2025
+ms.date: 05/11/2025
 ms.custom: references_regions, subject-rbac-steps, engagement-fy23
 ---
 # Replicate machines with private endpoints
@@ -56,7 +56,7 @@ A recovery services vault is an entity that contains the replication information
 used to trigger Site Recovery operations. For more information, see
 [Create a Recovery Services vault](./azure-to-azure-tutorial-enable-replication.md#create-a-recovery-services-vault).
 
-## Enable the managed identity for the vault.
+## Enable the managed identity for the vault
 
 A [managed identity](../active-directory/managed-identities-azure-resources/overview.md) allow the
 vault to gain access to the customer's storage accounts. Site Recovery needs to access the source
@@ -67,6 +67,9 @@ Managed identity access is essential when you're using private links service for
 
    :::image type="content" source="./media/azure-to-azure-how-to-enable-replication-private-endpoints/enable-managed-identity-in-vault.png" alt-text="Shows the Azure portal and the Recovery Services page.":::
 
+    > [!NOTE]
+    > System assigned and User assigned managed identity is supported for Recovery Services vault.
+
 1. Change the **Status** to _On_ and select **Save**.
 
 1. An **Object ID** is generated indicating that the vault is now registered with Azure Active

articles/site-recovery/azure-to-azure-support-matrix.md

@@ -2,7 +2,7 @@
 title: Support matrix for Azure VM disaster recovery with Azure Site Recovery
 description: Summarizes support for Azure VMs disaster recovery to a secondary region with Azure Site Recovery.
 ms.topic: concept-article
-ms.date: 04/07/2025
+ms.date: 05/11/2025
 ms.service: azure-site-recovery
 author: ankitaduttaMSFT
 ms.author: ankitadutta
@@ -139,6 +139,8 @@ Rocky Linux | [See supported versions](#supported-rocky-linux-kernel-versions-fo
 
 > [!NOTE]
 > For Linux versions, Azure Site Recovery doesn't support custom OS kernels. Only the stock kernels that are part of the distribution minor version release/update are supported.
+>
+> VMs created on ARM64 CPU architecture aren't supported by Azure Site Recovery. 
 
 > [!NOTE] 
 > To support latest Linux kernels within 15 days of release, Azure Site Recovery rolls out hot fix patch on top of latest mobility agent version. This fix is rolled out in between two major version releases. To update to latest version of mobility agent (including hot fix patch), follow steps mentioned in [this article](service-updates-how-to.md#azure-vm-disaster-recovery-to-azure). This patch is currently rolled out for mobility agents used in Azure to Azure DR scenario.
@@ -447,6 +449,7 @@ Internal Load balancer | Supported | Associate the preconfigured load balancer u
 Public IP address | Supported | Associate an existing public IP address with the NIC. Or, create a public IP address and associate it with the NIC using an Azure Automation script in a recovery plan.
 NSG on NIC | Supported | Associate the NSG with the NIC using an Azure Automation script in a recovery plan.
 NSG on subnet | Supported | Associate the NSG with the subnet using an Azure Automation script in a recovery plan.
+ASG | Unsupported | Azure Site Recovery doesn't support ASGs.
 Reserved (static) IP address | Supported | If the NIC on the source VM has a static IP address, and the target subnet has the same IP address available, it's assigned to the failed over VM.<br/><br/> If the target subnet doesn't have the same IP address available, one of the available IP addresses in the subnet is reserved for the VM.<br/><br/> You can also specify a fixed IP address and subnet in **Replicated items** > **Settings** > **Network** > **Network interfaces**.
 Dynamic IP address | Supported | If the NIC on the source has dynamic IP addressing, the NIC on the failed over VM is also dynamic by default.<br/><br/> You can modify this to a fixed IP address if required.
 Multiple IP addresses | Supported | When you fail over a VM that has a NIC with multiple IP addresses, only the primary IP address of the NIC in the source region is kept by default. To failover Secondary IP Configurations, go to the **Network** blade and configure them. <br> This is supported only for region replication, zone to zone replication isn't supported.

articles/site-recovery/hybrid-how-to-enable-replication-private-endpoints.md

@@ -5,7 +5,7 @@ author: ankitaduttaMSFT
 ms.author: ankitadutta
 ms.service: azure-site-recovery
 ms.topic: how-to
-ms.date: 12/19/2024
+ms.date: 05/11/2025
 ms.custom: subject-rbac-steps, engagement-fy23
 ---
 # Replicate on-premises machines by using private endpoints
@@ -17,15 +17,6 @@ a recovery vault is supported in all Azure Commercial & Government regions.
 >[!Note]
 >Automatic upgrades are not supported for Private Endpoints. [Learn more](upgrade-mobility-service-modernized.md).
 
-In this tutorial, you learn how to:
-
-> [!div class="checklist"]
-> * Create an Azure Backup Recovery Services vault to protect your machines.
-> * Enable a managed identity for the vault. Grant the permissions required to access the storage accounts to enable replication of traffic from on-premises to Azure target locations. Managed identity access for storage is required for Private Link access to the vault.
-> * Make DNS changes that are required for private endpoints.
-> * Create and approve private endpoints for a vault inside a virtual network.
-> * Create private endpoints for the storage accounts. You can continue to allow public or firewalled access for storage as needed. Creating a private endpoint to access storage isn't required for Azure Site Recovery.
-
 
 The following diagram shows the replication workflow for hybrid disaster
 recovery with private endpoints. You can't create private endpoints in your on-premises network. To use private links, you need to create an Azure virtual network (called a *bypass network* in this article), establish private connectivity between on-premises and the bypass network, and
@@ -39,6 +30,7 @@ then create private endpoints in the bypass network. You can choose any form of
 
 - Private links are supported in Site Recovery 9.35 and later.
 - You can create private endpoints only for new Recovery Services vaults that don't have any items registered to them. Therefore, you must create private endpoints before any items are added to the vault. See [Azure Private Link pricing](https://azure.microsoft.com/pricing/details/private-link/) for pricing information.
+- Private endpoint for Recovery Services only supports dynamic IP addresses. Static IP addresses are not supported. 
 - When you create a private endpoint for a vault, the vault is locked down. It can be accessed only from networks that have private endpoints.
 - Microsoft Entra ID doesn't currently support private endpoints. So you need to allow outbound access from the secured Azure virtual network to IPs and fully qualified domain names that are required for Microsoft Entra ID to work in a region. As applicable, you can also use network security group tag "Microsoft Entra ID" and Azure Firewall tags to allow access to Microsoft Entra ID.
 - Five IP addresses are required in the bypass network where you create your private endpoint. When you create a private endpoint for the vault, Site Recovery creates five private links for access to its microservices.

articles/site-recovery/media/azure-to-azure-how-to-enable-replication-private-endpoints/enable-managed-identity-in-vault.png

@@ -3,7 +3,7 @@ title: Support matrix for VMware/physical disaster recovery in Azure Site Recove
 description: Summarizes support for disaster recovery of VMware VMs and physical server to Azure using Azure Site Recovery.
 ms.topic: concept-article
 ms.service: azure-site-recovery
-ms.date: 03/11/2025
+ms.date: 05/11/2025
 ms.author: ankitadutta
 author: ankitaduttaMSFT
 ms.custom: engagement-fy23, linux-related-content
@@ -308,6 +308,8 @@ Guest/server network static IP (Linux) | Yes. <br/><br/>VMs are configured to us
 Guest/server network multiple NICs | Yes.
 Private link access to Site Recovery service | Yes. [Learn more](hybrid-how-to-enable-replication-private-endpoints.md).
 
+> [!NOTE]
+> VM must allow Outbound traffic on Port 443 and 9943 to the appliance. 
 
 ## Azure VM network (after failover)