Clean up unmanaged disk retirement references

Author: akarshprabhu

articles/backup/backup-azure-private-endpoints-concept.md

@@ -64,7 +64,7 @@ The following table lists the scenarios and recommendations:
 | Scenario | Recommendation |
 | --- | --- |
 | Backup of workloads in an Azure VM (SQL Server, SAP HANA), backup via MARS agent, DPM server | We recommend the use of private endpoints to allow backup and restore without needing to add to an allow list any IPs or FQDNs for Azure Backup or Azure Storage from your virtual networks. In that scenario, ensure that VMs that host SQL databases can reach Microsoft Entra IPs or FQDNs. |
-| Azure VM backup | A VM backup doesn't require you to allow access to any IPs or FQDNs. So, it doesn't require private endpoints for backup and restore of disks.  <br><br>   However, file recovery from a vault that contains private endpoints would be restricted to virtual networks that contain a private endpoint for the vault. <br><br> When you're using unmanaged disks in an access control list (ACL), ensure that the storage account that contains the disks allows access to trusted Microsoft services if it's in an ACL. |
+| Azure VM backup | A VM backup doesn't require you to allow access to any IPs or FQDNs. So, it doesn't require private endpoints for backup and restore of disks.  <br><br>   However, file recovery from a vault that contains private endpoints would be restricted to virtual networks that contain a private endpoint for the vault. <br><br> For legacy recovery points from VMs that used unmanaged disks, ensure that the storage account used for restore metadata and temporary VHD files allows access to trusted Microsoft services if it's protected by an access control list (ACL). |
 | Azure Files backup | An Azure Files backup is stored in the local storage account. So it doesn't require private endpoints for backup and restore. |
 | Changed virtual network for a private endpoint in the vault and virtual machine | Stop backup protection and configure backup protection in a new vault with private endpoints enabled. |
 

articles/backup/backup-azure-vm-backup-faq.yml

@@ -224,7 +224,7 @@ sections:
 
       - question: How do I restore a VM to a restore point before the VM was migrated to managed disks?
         answer: |
-          The restore process remains the same. If the recovery point is from a point in time when the VM had unmanaged disks, restore the disks as managed disks by following [unmanaged disks restore](tutorial-restore-disk.md#unmanaged-disks-restore). If the VM had managed disks, restore the disks as managed disks by following [managed disk restore](tutorial-restore-disk.md#managed-disk-restore). Then you can [create a VM from those disks](tutorial-restore-disk.md#create-a-vm-from-the-restored-disk).
+          The restore process remains the same. If the recovery point is from a point in time when the VM had unmanaged disks, follow [Restore legacy recovery points from VMs that used unmanaged disks](backup-azure-arm-restore-vms.md#restore-legacy-recovery-points-from-vms-that-used-unmanaged-disks). If the VM had managed disks, restore the disks as managed disks by following [managed disk restore](tutorial-restore-disk.md#managed-disk-restore). Then you can [create a VM from those disks](tutorial-restore-disk.md#create-a-vm-from-the-restored-disk).
 
           [Learn more](backup-azure-vms-automation.md#restore-an-azure-vm) about doing this in PowerShell.
 

articles/backup/backup-azure-vm-migrate-enhanced-policy.md

@@ -26,7 +26,7 @@ Azure Backup now supports migration to the enhanced policy for Azure VM backups
 - Before you start the migration, ensure that there are no ongoing backup jobs for the VM that you plan to migrate.
 - Migration is supported for Managed VMs only and isn’t supported for Classic or unmanaged VMs.
 - Once the migration is complete, you can’t change the backup policy back to standard policy.
-- When you migrate a VM Backup Item from Standard to Enhanced policy, the process triggers a backup job that might take several hours for large VMs. This precautionary backup uses managed disk snapshots — starting with a full disk copy for instant restore, which increases backup time. Later snapshots are incremental, storing only changes since the last snapshot. If you're using unmanaged disks, make sure the storage account hosting the snapshot or VHD files allows public network access or similar settings; otherwise, the system falls back to a standard recovery point restore, which slows down recovery.
+- When you migrate a VM Backup Item from Standard to Enhanced policy, the process triggers a backup job that might take several hours for large VMs. This precautionary backup uses managed disk snapshots — starting with a full disk copy for instant restore, which increases backup time. Later snapshots are incremental, storing only changes since the last snapshot.
 - The change from standard policy to enhanced policy can result in extra costs. [Learn More](backup-instant-restore-capability.md#cost-impact).
 
 >[!Note]

articles/backup/backup-azure-vms-encryption.md

@@ -32,14 +32,14 @@ For more information about encryption of managed disks with CMKs, see [Server-si
 
 ### Encryption support by using ADE
 
-Azure Backup supports backup of Azure VMs that have their OS/data disks encrypted with ADE. ADE uses Azure BitLocker for encryption of Windows VMs, and the dm-crypt feature for Linux VMs. ADE integrates with Azure Key Vault to manage disk-encryption keys and secrets. You can also use Key Vault key encryption keys (KEKs) to add an extra layer of security. KEKs encrypt secrets before writing them to Key Vault.
+Azure Backup supports backup of managed Azure VMs that have their OS/data disks encrypted with ADE. ADE uses Azure BitLocker for encryption of Windows VMs, and the dm-crypt feature for Linux VMs. ADE integrates with Azure Key Vault to manage disk-encryption keys and secrets. You can also use Key Vault key encryption keys (KEKs) to add an extra layer of security. KEKs encrypt secrets before writing them to Key Vault.
 
-Azure Backup can back up and restore Azure VMs by using ADE with and without the Microsoft Entra app, as summarized in the following table.
+Azure Backup can back up and restore managed Azure VMs by using ADE with and without the Microsoft Entra app, as summarized in the following table.
 
 VM disk type | ADE (BEK/dm-crypt) | ADE and KEK
 --- | --- | ---
-Unmanaged | Yes | Yes
-Managed  | Yes | Yes
+Unmanaged | No | No
+Managed | Yes | Yes
 
 - Learn more about [ADE](/azure/virtual-machines/disk-encryption-overview), [Key Vault](/azure/key-vault/general/overview), and [KEKs](/azure/virtual-machine-scale-sets/disk-encryption-key-vault#set-up-a-key-encryption-key-kek).
 - Read the [FAQ](/azure/virtual-machines/disk-encryption-overview) for Azure VM disk encryption.
@@ -48,6 +48,7 @@ Managed  | Yes | Yes
 
 Before you back up or restore encrypted Azure VMs, review the following limitations:
 
+- Backup of Azure VMs that use unmanaged disks isn't supported.
 - You can back up and restore ADE-encrypted VMs within the same subscription.
 - You can encrypt VMs only by using standalone keys. Any key that's a part of a certificate used to encrypt a VM isn't currently supported.
 - You can restore data to a secondary region. Azure Backup supports cross-region restore of encrypted Azure VMs to the Azure paired regions. For more information, see [Support matrix](./backup-support-matrix.md#cross-region-restore).

articles/backup/backup-instant-restore-capability.md

@@ -20,8 +20,8 @@ Instant Restore provides the following capabilities:
 * Reduces backup and restore times by retaining snapshots locally for 2 days with the Standard policy and 7 days with the Enhanced policy, by default. You can configure this default snapshot retention value from 1 to 5 days for the Standard policy and from 1 to 30 days for the Enhanced policy.
 * Supports disk sizes up to 32 TB. Don't use Azure Backup to resize disks.
 * Supports Standard SSDs along with Standard HDDs and Premium SSDs with the Standard policy. Supports backup and instant restore of Premium SSD v2 and Ultra Disks, in addition to Standard HDD, Standard SSD, and Premium SSD v1 disks, with the Enhanced policy.
-* Uses an unmanaged virtual machine's (VM) original storage accounts (per disk) when restoring. This ability exists even when the VM has disks that are distributed across storage accounts. It speeds up restore operations for various VM configurations.
-* Uses unmanaged Premium disks in storage accounts for backup of VMs. We recommend that you allocate *50%* of free space of the total allocated storage space with Instant Restore. The 50% free space isn't a requirement for backups after the first backup is finished.
+* For legacy recovery points from VMs that used unmanaged disks, Azure Backup uses the original storage accounts (per disk) for restore metadata and temporary VHD files. This behavior exists even when the VM has disks distributed across storage accounts.
+* For legacy recovery points from VMs that used unmanaged Premium disks in storage accounts, ensure that sufficient free space is available for the snapshots and temporary restore artifacts. This guidance applies only to recovery points that were created before unmanaged-disk VM backup support was removed.
 
 ## How does Instant Restore work?
 

articles/backup/private-endpoints-overview.md

@@ -57,7 +57,7 @@ The following table provides more information:
 | Scenario | Recommendations |
 | ------------------------------------------------------------ | ------------------------------------------------------------ |
 | Backup of workloads in an Azure VM (SQL Server, SAP HANA), backup via MARS agent, DPM server | We recommend the use of private endpoints to allow backup and restore without needing to add to an allow list any IPs or FQDNs for Azure Backup or Azure Storage from your virtual networks. In that scenario, ensure that VMs that host SQL databases can reach Microsoft Entra IPs or FQDNs. |
-| Azure VM backup                                         | A VM backup doesn't require you to allow access to any IPs or FQDNs. So, it doesn't require private endpoints for backup and restore of disks.  <br><br>   However, file recovery from a vault that contains private endpoints would be restricted to virtual networks that contain a private endpoint for the vault. <br><br> When you're using unmanaged disks in an access control list (ACL), ensure that the storage account that contains the disks allows access to trusted Microsoft services if it's in an ACL. |
+| Azure VM backup                                         | A VM backup doesn't require you to allow access to any IPs or FQDNs. So, it doesn't require private endpoints for backup and restore of disks.  <br><br>   However, file recovery from a vault that contains private endpoints would be restricted to virtual networks that contain a private endpoint for the vault. <br><br> For legacy recovery points from VMs that used unmanaged disks, ensure that the storage account used for restore metadata and temporary VHD files allows access to trusted Microsoft services if it's protected by an access control list (ACL). |
 | Azure Files backup                                      | An Azure Files backup is stored in the local storage account. So it doesn't require private endpoints for backup and restore. |
 | Changed virtual network for a private endpoint in the vault and virtual machine | Stop backup protection and configure backup protection in a new vault with private endpoints enabled. |