Merge pull request #253117 from MicrosoftDocs/release-mua-for-backup-vault

Release mua for backup vault --Scheduled release at 4am of 9/29

Author: huypub

articles/backup/backup-azure-delete-vault.md

@@ -51,7 +51,7 @@ To delete a vault, follow these steps:
 
   Alternately, go to the blades manually by following the steps below.
 
-- <a id="portal-mua">**Step 2:**</a> If Multi-User Authorization (MUA) is enabled, seek necessary permissions from the security administrator before vault deletion. [Learn more](./multi-user-authorization.md#authorize-critical-protected-operations-using-azure-ad-privileged-identity-management)
+- <a id="portal-mua">**Step 2:**</a> If Multi-User Authorization (MUA) is enabled, seek necessary permissions from the security administrator before vault deletion. [Learn more](./multi-user-authorization.md#authorize-critical-protected-operations-using-azure-active-directory-privileged-identity-management)
 
 - <a id="portal-disable-soft-delete">**Step 3:**</a> Disable the soft delete and Security features
 
@@ -279,7 +279,7 @@ If you're sure that all the items backed up in the vault are no longer required
 
 Follow these steps:
 
-- **Step 1:** Seek the necessary permissions from the security administrator to delete the vault if Multi-User Authorization has been enabled against the vault. [Learn more](./multi-user-authorization.md#authorize-critical-protected-operations-using-azure-ad-privileged-identity-management)
+- **Step 1:** Seek the necessary permissions from the security administrator to delete the vault if Multi-User Authorization has been enabled against the vault. [Learn more](./multi-user-authorization.md#authorize-critical-protected-operations-using-azure-active-directory-privileged-identity-management)
 
 - <a id="powershell-install-az-module">**Step 2:**</a> Upgrade to PowerShell 7 version by performing these steps:
 

articles/backup/enable-multi-user-authorization-quickstart.md

@@ -1,53 +1,97 @@
 ---
 title: Quickstart - Multi-user authorization using Resource Guard
 description: In this quickstart, learn how to use Multi-user authorization to protect against unauthorized operation.
-ms.topic: tutorial
-ms.date: 05/05/2022
+ms.topic: quickstart
+ms.date: 09/25/2023
 ms.service: backup
 author: AbhishekMallick-MS
 ms.author: v-abhmallick
 ---
 
-# Quickstart: Enable protection using Multi-user authorization on Recovery Services vault in Azure Backup
-
-Multi-user authorization (MUA) for Azure Backup allows you to add an additional layer of protection to critical operations on your Recovery Services vaults. For MUA, Azure Backup uses another Azure resource called the Resource Guard to ensure critical operations are performed only with applicable authorization. Learn about [MUA concepts](multi-user-authorization-concept.md).
+# Quickstart: Enable protection using Multi-user authorization in Azure Backup
 
 This quickstart describes how to enable Multi-user authorization (MUA) for Azure Backup.
 
+Multi-user authorization (MUA) for Azure Backup allows you to add an additional layer of protection to critical operations on your Recovery Services vaults and Backup vaults. For MUA, Azure Backup uses another Azure resource called the Resource Guard to ensure critical operations are performed only with applicable authorization. 
+
+>[!Note]
+>MUA is now generally available for both Recovery Services vaults and Backup vaults.
+
+Learn about [MUA concepts](multi-user-authorization-concept.md).
+
 ## Prerequisites
 
 Before you start:
 
+**Choose a vault**
+
+# [Recovery Services vault](#tab/recovery-services-vault)
+
 -  Ensure the Resource Guard and the Recovery Services vault are in the same Azure region.
 -  Ensure the Backup admin does **not** have **Contributor** permissions on the Resource Guard. You can choose to have the Resource Guard in another subscription of the same directory or in another directory to ensure maximum isolation.
 - Ensure that your subscriptions containing the Recovery Services vault as well as the Resource Guard (in different subscriptions or tenants) are registered to use the **Microsoft.RecoveryServices** provider. For more details, see [Azure resource providers and types](../azure-resource-manager/management/resource-providers-and-types.md#register-resource-provider-1).
 - Ensure that you [create a Resource Guard](multi-user-authorization.md#create-a-resource-guard) in a different subsctiption/tenant as that of the vault located in the same region.
 - Ensure to [assign permissions to the Backup admin on the Resource Guard to enable MUA](multi-user-authorization.md#assign-permissions-to-the-backup-admin-on-the-resource-guard-to-enable-mua).
 
+# [Backup vault](#tab/backup-vault)
+
+-  Ensure the Resource Guard and the Backup vault are in the same Azure region.
+-  Ensure the Backup admin does **not** have **Contributor** permissions on the Resource Guard. You can choose to have the Resource Guard in another subscription of the same directory or in another directory to ensure maximum isolation.
+- Ensure that your subscriptions contain the Backup vault as well as the Resource Guard (in different subscriptions or tenants) are registered to use the provider - **Microsoft.DataProtection**4. For more information, see [Azure resource providers and types](../azure-resource-manager/management/resource-providers-and-types.md#register-resource-provider-1).
+
+---
+
 ## Enable MUA
 
-The Backup admin now has the Reader role on the Resource Guard and can easily enable multi-user authorization on vaults managed by them.
+Once the Backup admin has the Reader role on the Resource Guard, they can enable multi-user authorization on vaults managed by following these steps:
+
+**Choose a vault**
 
-Follow these steps:
+# [Recovery Services vault](#tab/recovery-services-vault)
 
-1. Go to the Recovery Services vault.
-1. Go to **Properties** on the left navigation panel, then to **Multi-User Authorization** and click **Update**.
-1. The option to enable MUA appears. Choose a Resource Guard using one of the following ways:
+1. Go to the Recovery Services vault for which you want to configure MUA.
 
-   1. You can either specify the URI of the Resource Guard, make sure you specify the URI of a Resource Guard you have **Reader** access to and that is the same regions as the vault. You can find the URI (Resource Guard ID) of the Resource Guard in its **Overview** screen:
+1. On the left pane, select **Properties**.
 
-   1. Or, you can select the Resource Guard from the list of Resource Guards you have **Reader** access to, and those available in the region.
+1. Go to **Multi-User Authorization** and select **Update**.
+
+1. To enable MUA and choose a Resource Guard, perform one of the following actions:
+
+   - You can either specify the URI of the Resource Guard, make sure you specify the URI of a Resource Guard you have **Reader** access to and that is the same regions as the vault. You can find the URI (Resource Guard ID) of the Resource Guard in its **Overview** screen:
+
+   - Or, you can select the Resource Guard from the list of Resource Guards you have **Reader** access to, and those available in the region.
 
       1. Click **Select Resource Guard**
-      1. Click on the dropdown and select the directory the Resource Guard is in.
-      1. Click **Authenticate** to validate your identity and access.
+      1. Select the dropdown list and choose the directory the Resource Guard is in.
+      1. Select **Authenticate** to validate your identity and access.
       1. After authentication, choose the **Resource Guard** from the list displayed.
 
-1. Click **Save** once done to enable MUA.
+1. Select **Save** to enable MUA.
+
+# [Backup vault](#tab/backup-vault)
+
+1. Go to the Backup vault for which you want to configure MUA.
+1. On the left panel, select **Properties**.
+1. Go to **Multi-User Authorization** and select **Update**.
+
+1. To enable MUA and choose a Resource Guard, perform one of the following actions:
+
+   - You can either specify the URI of the Resource Guard. Ensure that you specify the URI of a Resource Guard you have **Reader** access to and it's in the same regions as the vault. You can find the URI (Resource Guard ID) of the Resource Guard on its **Overview** page.
+
+   - Or, you can select the Resource Guard from the list of Resource Guards you have **Reader** access to, and those available in the region.
+
+     1. Click **Select Resource Guard**.
+     1. Select the drop-down and select the directory the Resource Guard is in.
+     1. Select **Authenticate** to validate your identity and access.
+     1. After authentication, choose the **Resource Guard** from the list displayed.
+
+1. Select **Save** to enable MUA.
+
+---
 
 ## Next steps
 
 - [Protected operations using MUA](multi-user-authorization.md?pivots=vaults-recovery-services-vault#protected-operations-using-mua)
-- [Authorize critical (protected) operations using Azure AD Privileged Identity Management](multi-user-authorization.md#authorize-critical-protected-operations-using-azure-ad-privileged-identity-management)
+- [Authorize critical (protected) operations using Azure Active Directory Privileged Identity Management](multi-user-authorization.md#authorize-critical-protected-operations-using-azure-active-directory-privileged-identity-management)
 - [Performing a protected operation after approval](multi-user-authorization.md#performing-a-protected-operation-after-approval)
-- [Disable MUA on a Recovery Services vault](multi-user-authorization.md#disable-mua-on-a-recovery-services-vault)
+- Disable MUA on a [Recovery Services vault](multi-user-authorization.md?tabs=azure-portal&pivots=vaults-recovery-services-vault#disable-mua-on-a-recovery-services-vault) or a [Backup vault](multi-user-authorization.md?tabs=azure-portal&pivots=vaults-backup-vault#disable-mua-on-a-backup-vault).

articles/backup/index.yml

@@ -11,7 +11,7 @@ metadata:
   ms.topic: landing-page 
   author: AbhishekMallick-MS
   ms.author: v-abhmallick 
-  ms.date: 09/11/2023
+  ms.date: 09/29/2023
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 
@@ -62,6 +62,10 @@ landingContent:
     linkLists:
       - linkListType: whats-new
         links:
+          - text: Multiple backups per day for Azure VMs
+            url: backup-azure-vms-enhanced-policy.md
+          - text: Multi-user authorization for Backup vault 
+            url: multi-user-authorization-concept.md?tabs=backup-vault
           - text: Enhanced soft delete
             url: backup-azure-enhanced-soft-delete-about.md
           - text: Azure Kubernetes Service backup (preview)

articles/backup/media/create-manage-backup-vault/select-cross-subsctiption-state-on-backup-vault-creation.png

@@ -2,17 +2,17 @@
 title: Multi-user authorization using Resource Guard
 description: An overview of Multi-user authorization using Resource Guard.
 ms.topic: conceptual
-ms.date: 09/15/2022
+ms.date: 09/25/2023
 ms.service: backup
 author: AbhishekMallick-MS
 ms.author: v-abhmallick
 ---
-# Multi-user authorization using Resource Guard
+# About Multi-user authorization using Resource Guard
 
 Multi-user authorization (MUA) for Azure Backup allows you to add an additional layer of protection to critical operations on your Recovery Services vaults and Backup vaults. For MUA, Azure Backup uses another Azure resource called the Resource Guard to ensure critical operations are performed only with applicable authorization.
 
 >[!Note]
->Multi-user authorization using Resource Guard for Backup vault is in preview.
+>Multi-user authorization using Resource Guard for Backup vault is now generally available.
 
 ## How does MUA for Backup work?
 
@@ -41,7 +41,7 @@ Modify protection (reduced retention) | Optional
 Stop protection with delete data | Optional
 Change MARS security PIN | Optional
 
-# [Backup vault (preview)](#tab/backup-vault)
+# [Backup vault](#tab/backup-vault)
 
 **Operation** | **Mandatory/ Optional**
 --- | ---
@@ -91,7 +91,7 @@ The following table lists the scenarios for creating your Resource Guard and vau
 
 **Usage scenario** | **Protection due to MUA** | **Ease of implementation** | **Notes**
 --- | --- |--- |--- |
-Vault and Resource Guard are **in the same subscription.** </br> The Backup admin does't have access to the Resource Guard. | Least isolation between the Backup admin and the Security admin. | Relatively easy to implement since only one subscription is required. | Resource level permissions/ roles need to be ensured are correctly assigned.
+Vault and Resource Guard are **in the same subscription.** </br> The Backup admin doesn't have access to the Resource Guard. | Least isolation between the Backup admin and the Security admin. | Relatively easy to implement since only one subscription is required. | Resource level permissions/ roles need to be ensured are correctly assigned.
 Vault and Resource Guard are **in different subscriptions but the same tenant.** </br> The Backup admin doesn't have access to the Resource Guard or the corresponding subscription. | Medium isolation between the Backup admin and the Security admin. | Relatively medium ease of implementation since two subscriptions (but a single tenant) are required. | Ensure that that permissions/ roles are correctly assigned for the resource or the subscription.
 Vault and Resource Guard are **in different tenants.** </br> The Backup admin doesn't have access to the Resource Guard, the corresponding subscription, or the corresponding tenant.| Maximum isolation between the Backup admin and the Security admin, hence, maximum security. | Relatively difficult to test since requires two tenants or directories to test. | Ensure that permissions/ roles are correctly assigned for the resource, the subscription or the directory.