MicrosoftDocs
diff --git a/‎articles/backup/aks-backup-faq.yml‎
Lines changed: 23 additions & 5 deletions b/‎articles/backup/aks-backup-faq.yml‎
Lines changed: 23 additions & 5 deletions
diff --git a/‎articles/backup/azure-kubernetes-service-backup-overview.md‎
Lines changed: 23 additions & 9 deletions b/‎articles/backup/azure-kubernetes-service-backup-overview.md‎
Lines changed: 23 additions & 9 deletions
@@ -37,7 +37,7 @@ sections:
         answer: | 
           The pods associated with the AKS Backup Extension are deployed on the NodePools of the AKS cluster. To successfully deploy these pods and prevent them from interfering with your application resources, ensure the following:
           - The AKS cluster must have the agent node pool with the `Linux` operating system including both Azure Linux and Ubuntu.
-          - The agent node pool must have VMSS SKUs based on non-ARM64 based architecture.
+          - The agent node pool must have Azure Virtual Machine Scale Sets SKUs based on non-ARM64 based architecture.
           - The agent node pool must have the taint `CriticalAddOnOnly` associated with it. This taint is automatically added to the node pool when the AKS Cluster is created via Portal. It ensures that only critical add-on pods, such as the AKS Backup Extension pods, are scheduled on the node pool. This prevents interference with your application workloads and ensures that backup operations are isolated from other workloads in the cluster. In case the taint isn't present, you can add it manually before installing the AKS Backup Extension.
 
       - question: |
@@ -70,10 +70,10 @@ sections:
           As part of the Backup Extension installation, a User Identity also gets created in the Node Resource Group of the cluster. This identity is used by the AKS Backup Extension to access the Azure resources required for backup operations. The User Identity is assigned `Storage Blob Data Contributor` role over the storage account to enable access for the Extension. Whenever extension is uninstalled from the AKS cluster, the identity also gets deleted.
 
       - question: |
-          Why should Velero shouldn't be used in the cluster alongside of AKS Backup Extension?
+          Why Velero shouldn't be used in the cluster alongside of AKS Backup Extension?
         answer: | 
           Velero is a third-party backup solution for Kubernetes that can conflict with the AKS Backup Extension. It's recommended to use only the AKS Backup Extension for backup operations in a cluster, but not both simultaneously. 
-          AKS Backup Extension also deploys Velero CRDs in the cluster. In case standalone Velero is installed in the AKS cluster along with Backup Extension and the versions used by each installation differ at any point in time can lead to failures due to contract mismatches. Additionally, custom Velero configurations created by the you—such as a VolumeSnapshotClass for Velero CSI-based snapshotting—might interfere with the AKS Backup snapshotting setup. Velero annotations containing `velero.io` applied to various resources in the cluster can also impact the behavior of AKS Backup in unsupported ways.
+          AKS Backup Extension also deploys Velero CRDs in the cluster. In case standalone Velero is installed in the AKS cluster along with Backup Extension and the versions used by each installation differ at any point in time can lead to failures due to contract mismatches. Additionally, custom Velero configurations created by you such as a VolumeSnapshotClass for Velero CSI-based snapshotting—might interfere with the AKS Backup snapshotting setup. Velero annotations containing `velero.io` applied to various resources in the cluster can also impact the behavior of AKS Backup in unsupported ways.
           
       - question: |
            What is a snapshot resource group?
@@ -88,16 +88,34 @@ sections:
       - question: |
            What are the types of Persistent Volumes that are supported by Azure Backup for AKS?
         answer: | 
-           Azure Backup for AKS relies on CSI driver-based snapshots for its backup and restore operations. Because of this dependency, only Azure Disk-based Persistent Volumes attached via the CSI driver are currently supported. Other Azure storage options—such as Azure File Share, Azure Blob, Azure Container Storage, Azure NetApp Files, Azure Managed Lustre, and third-party storage solutions—aren't supported at this time. Within Azure Disks, the following SKUs are supported:
+           Azure Backup for AKS relies on CSI driver-based snapshots for its backup and restore operations. The following persistent volume types are supported:
+           
+           **Azure Disk-based Persistent Volumes**: Attached via the CSI driver with the following SKUs:
             
            - Premium SSD
            - Standard SSD
            - Standard HDD
+           - Premium SSD v2
+           - Ultra Disks
+           
+           > [!NOTE]
+           > While snapshot and restore operations are supported across all disk SKUs, operations for Premium SSD v2 and Ultra Disks may take longer because the process involves copying data from the volume to a snapshot and back. The snapshot may appear available and the volume may be mounted before the underlying data copy operation is fully completed, causing a delay before the restored data becomes visible.
            
-           However, Premium SSD v2 and Ultra Disks aren't supported. Additionally, when it comes to Azure Disks with network access settings:
+           When it comes to Azure Disks with network access settings:
 
            - The Operational Tier supports both Public and Private access disks of any size.
            - The Vault Tier supports only Public access disks, with a maximum size of up to 1TB.
+           
+           **Azure Files-based Persistent Volumes**: Provisioned via the CSI driver (`file.csi.azure.com`) with the following characteristics:
+           
+           - SMB protocol only (NFS is not supported)
+           - Both Standard and Premium file shares
+           - Public network endpoints only (private endpoints are not supported)
+           - Maximum 25,000 files per file share
+           - Operational Tier backup only (Vault Tier is not supported)
+           - Retention up to 30 days
+           
+           Other Azure storage options—such as Azure Blob, Azure Container Storage, Azure NetApp Files, Azure Managed Lustre, and third-party storage solutions—aren't supported at this time. [Learn more about Azure Files support and limitations](azure-kubernetes-service-cluster-backup-support-matrix.md#azure-files-based-persistent-volumes---additional-considerations).
 
       - question: |
            If an AKS cluster has Persistent Volumes of unsupported types, what happens during the backup operation?
 
@@ -14,9 +14,9 @@ ms.author: v-mallicka
 
 # What is Azure Kubernetes Service backup?
 
-[Azure Kubernetes Service (AKS)](/azure/aks/intro-kubernetes) backup is a simple, cloud-native process that you can use to back up and restore containerized applications and data that run in your AKS cluster. You can configure scheduled backups for cluster state and application data stored on Kubernetes Persistent Volumes in Container Storage Interface (CSI) driver-based Azure Disk Storage. 
+[Azure Kubernetes Service (AKS)](/azure/aks/intro-kubernetes) backup is a simple, cloud-native process that you can use to back up and restore containerized applications and data that run in your AKS cluster. You can configure scheduled backups for cluster state and application data stored on Kubernetes Persistent Volumes in Container Storage Interface (CSI) driver-based Azure Disks and Azure SMB Files. 
 
-The solution gives you granular control. You can back up or restore a specific namespace or an entire cluster by storing backups locally in a blob container and as disk snapshots. You can use AKS backup for end-to-end scenarios, including operational recovery, cloning developer or test environments, and cluster upgrade scenarios.
+The solution gives you granular control. You can back up or restore a specific namespace or an entire cluster by storing backups locally in a blob container and as disk/file snapshots. You can use AKS backup for end-to-end scenarios, including operational recovery, cloning developer or test environments, and cluster upgrade scenarios.
 
 AKS backup integrates with Resiliency in Azure, to provide a single view that can help you govern, monitor, operate, and analyze backups at scale. Your backups are also available in the Azure portal under **Settings** on the service menu for an AKS instance.
 
@@ -32,10 +32,14 @@ AKS backup allows you to store backups in both the Operational Tier and the Vaul
 
 After you install the Backup extension and enable Trusted Access, you can configure scheduled backups for the clusters according to your backup policy. You can also restore the backups to the original cluster or to a different cluster in the same subscription and region. As you set up the specific operation, you can choose a specific namespace or an entire cluster as a backup and restore configuration.
 
-AKS backup enables backup operations for your AKS data sources that are deployed in the cluster. It also enables backup operations for the data stored in the Persistent Volume for the cluster. It then stores the backups in a blob container. The disk-based Persistent Volumes are backed up as disk snapshots in a snapshot resource group. The snapshots and cluster state in a blob combine to form a recovery point called the Operational Tier stored in your tenant. You can also convert backups (the first successful backup in a day, week, month, or year) in the Operational Tier to blobs, and then move them to a vault (outside your tenant) one time per day.
+AKS backup enables backup operations for your AKS data sources that are deployed in the cluster. It also enables backup operations for the data stored in the Persistent Volume for the cluster. It then stores the backups in a blob container. The disk-based Persistent Volumes are backed up as disk snapshots in a snapshot resource group while files-based Persistent Volumes are backed up as snapshots alongside the File itself. These snapshots and cluster state stored in the blob combine to form a recovery point called the Operational Tier stored in your tenant. You can also convert backups (the first successful backup in a day, week, month, or year) in the Operational Tier to blobs, and then move them to a vault (outside your tenant) one time per day.
 
 > [!NOTE]
-> Currently, Azure Backup supports only Persistent Volumes in CSI driver-based Azure Disk Storage. During backups, the solution skips other Persistent Volume types, such as Azure Files share and blobs. Also, if you set defined retention rules for the Vault Tier, backups are only eligible to be moved to the vault if the Persistent Volumes are less than or equal to 1 TB.
+> Azure Backup currently supports backing up Persistent Volumes that use CSI driver–based Azure Disks and Azure Files (SMB). Persistent Volumes that use other storage types—such as Azure Files (NFS) and Azure Blob storage—are skipped during backup.
+> 
+> The Operational Tier supports backups for both Azure Disk and Azure SMB Files volumes. However, Vault Tier support is available only when the backup configuration includes Azure Disk–based volumes exclusively, with a limit of up to 100 disks and 1 TB per disk.
+>
+> To configure backup for AKS clusters with Azure Files-based volumes, see [Back up Azure Files volumes in AKS clusters](tutorial-backup-aks-azure-files.md). For more information about Azure Files support and limitations, see the [support matrix](azure-kubernetes-service-cluster-backup-support-matrix.md#azure-files-based-persistent-volumes---additional-considerations). 
 
 ## Configure backup
 
@@ -51,7 +55,7 @@ AKS backup automatically triggers a scheduled backup job. The job copies the clu
 You can use AKS backup to create multiple backup instances for a single AKS cluster by using different backup configurations per backup instance. However, we recommend that you create each backup instance of an AKS cluster in one of the following two ways:
 
 * In a different Backup vault
-* By using a separate backup policy in the same Backup vault
+* In same Backup vault but with a separate backup policy 
 
 ## Manage backup
 
@@ -63,6 +67,10 @@ AKS backup uses managed identity to access other Azure resources. To configure t
 
 Also, the Backup extension creates a user identity and assigns a set of permissions to access the storage account where backups are stored in a blob. You can grant permissions to the managed identity by using Azure role-based access control. A managed identity is a special type of service principle that can be used only with Azure resources. Learn more about [managed identities](../active-directory/managed-identities-azure-resources/overview.md).
 
+### Modify backup configuration
+
+AKS Backup now allows you to modify the configuration of an existing backup instance, including the namespaces to protect, label-based inclusion or exclusion of resources, API groups, secrets, and supported volume types such as Azure Disks and Azure Files.  
+
 ## Restore from a backup
 
 You can restore data from any point in time for which a recovery point exists. A recovery point is created when a backup instance is in a protected state. It can be used to restore data until the backup policy retains the data.
@@ -425,20 +433,26 @@ To create and apply resource modification, follow these steps:
 
 Azure Backup for AKS supports two storage tiers as backup datastores:
 
-* **Operational Tier**: The Backup extension installed in the AKS cluster first takes the backup by taking volume snapshots via CSI driver. It then stores cluster state in a blob container in your own tenant. This tier supports a lower recovery point objective (RPO) with the minimum duration of four hours between two backups. Additionally, for Azure disk-based volumes, the Operational Tier supports quicker restores.
+* **Operational Tier**: The Backup extension installed in the AKS cluster creates backups by taking volume snapshots through the CSI driver and storing the cluster state in a blob container within your tenant, called as Operational Tier. This tier supports a minimum recovery point objective (RPO) of four hours between backups and enables faster restore operations.
+
+The Operational Tier supports backups for both Azure Disk and Azure Files (SMB)–based volumes. Although, when Azure Files volumes are included in the backup configuration, the backup policy supports a maximum retention period of 30 days.
+
+* **Vault Tier**: To store backups for longer durations at a lower cost than snapshots, AKS backup supports the Vault-standard datastore. Based on the retention rules defined in the backup policy, the first successful backup of each day, week, month, or year is transferred to a blob container managed by the Backup vault and stored outside your tenant. This datastore supports long-term retention and provides built-in ransomware protection.
+
+You can also enable **Geo-redundancy** and **Cross-Region Restore** in the Backup vault to copy backups to the Azure paired region for recovery scenarios.
 
-* **Vault Tier**: To store backup data for a longer duration at a lower cost than snapshots, AKS backup supports vault-standard datastores. According to the retention rules set in the backup policy, the first successful backup (of a day, week, month, or year) is moved to a blob container outside your tenant. This datastore not only allows longer retention, but also provides ransomware protection. You can also move backups stored in the vault to another region (Azure-paired region) for recovery by enabling **Geo-redundancy** and **Cross Region Restore** in the Backup vault.
+Vault-standard datastore support is available only for **Azure Disk–based volumes**. It isn’t supported when Azure Files volumes are included in the backup configuration.
 
   > [!NOTE]
-  > You can store the backup data in a vault-standard datastore via Backup Policy by defining retention rules. Only one scheduled recovery point per day is moved to the Vault Tier. However, you can move any number of on-demand backups to the vault according to the rule selected.  
+  > You can store backup data in the Vault Tier by configuring retention rules in the backup policy. For scheduled backups, only one recovery point per day is eligible to be transferred to the Vault Tier. However, you can move any number of on-demand backups to the Vault Tier by associating them with a retention rule in the policy that has Vault Tier storage enabled.
 
 ## Understand pricing
 
 You incur charges for:
 
 * **Protected instance fee**: Azure Backup for AKS charges a *protected instance fee* per namespace per month. When you configure backup for an AKS cluster, a protected instance is created. Each instance has a specific number of namespaces that are backed up as defined in the backup configuration. For more information on the AKS backup pricing, see [Pricing for Azure backup](https://azure.microsoft.com/pricing/details/backup/) and select Azure Kubernetes Service as the workload.
 
-* **Snapshot fee**: Azure Backup for AKS protects a disk-based Persistent Volume by taking snapshots that are stored in the resource group in your Azure subscription. These snapshots incur snapshot storage charges. Because the snapshots aren't copied to the Backup vault, backup storage costs don't apply. For more information on snapshot pricing, see [Managed Disks pricing](https://azure.microsoft.com/pricing/details/managed-disks/).
+* **Snapshot fee**: Azure Backup for AKS protects disk- and file-based Persistent Volumes by creating snapshots. For Azure Disks, snapshots are stored in a resource group in your subscription; for Azure Files, they’re stored alongside the file share in your subscription. These snapshots incur standard snapshot storage charges. Because the snapshots aren’t copied to the Backup vault, vault storage charges don’t apply. Although if vault tier is enabled, snapshot charges will still remain applicable. For more information on snapshot pricing, see [Managed Disks pricing](https://azure.microsoft.com/pricing/details/managed-disks/) and [Azure Files pricing](https://azure.microsoft.com/pricing/details/storage/files/).
 
 * **Backup storage fee**: Azure Backup for AKS also supports storing backups in the Vault Tier. You can store backups in the Vault Tier by defining retention rules for vault standard in the backup policy, with one restore point per day eligible to be moved into the vault. Restore points stored in the Vault Tier are charged a separate fee (called a Backup storage fee) according to the total data stored (in gigabytes) and redundancy type enable on the Backup vault.