Merge pull request #54121 from staleycyn/patch-3

Content drift changes for the backup and disaster recovery module

Author: Stacyrch140

learn-pr/wwl-azure/design-solution-for-backup-disaster-recovery/includes/3-design-for-azure-backup.md

@@ -19,9 +19,9 @@ Azure Backup offers multiple components that you can download and deploy on the
 
 Azure Backup organizes your backup data in a storage entity called a _vault_. A storage vault stores backup copies, recovery points, and backup policies. There are two types of vaults: Azure Backup and Azure Recovery Services. The primary differences are the types of supported data sources and Azure products. 
 
-- **Azure Backup vault**: Azure Backup vaults are used with Azure Backup only. Supported data sources include Azure Database for PostgreSQL servers, Azure blobs, and Azure disks.
+- **Azure Backup vault**: Azure Backup vaults are used with Azure Backup only. 
 
-- **Azure Recovery Services vault**: Azure Recovery Services vaults can be used with Azure Backup or Azure Site Recovery. Supported data sources include Azure virtual machines, SQL, or SAP HANA in an Azure virtual machine, and Azure file shares. You can back up data to a Recovery Services vault from Azure Backup Server, Azure Backup Agent, and System Center Data Protection Manager.
+- **Azure Recovery Services vault**: Azure Recovery Services vaults can be used with Azure Backup or Azure Site Recovery. 
 
 ### Things to consider when using storage vaults
 
@@ -35,4 +35,11 @@ In your planning for Azure Backup and vault storage, consider the following poin
 
 - **Consider redundancy**. Specify how data in your vault is replicated for redundancy.
    - Use locally redundant storage (LRS) to protect against failure in a datacenter. LRS replicates data to a storage scale unit.
-   - Use geo-redundant storage (GRS) to protect against region-wide outages. GRS replicates your data to a secondary region. 
+   - Use zone-redundant storage (ZRS) to replicate data across availability zones in the same region, combining resilience to zone failures with data residency.
+   - Use geo-redundant storage (GRS) to protect against region-wide outages. GRS replicates your data to a secondary region.
+
+- **Consider ransomware protection**. Protect against ransomware by making your backup vault immutable, so recovery points can't be deleted before their set expiry. You can also choose to make this immutability permanent.
+  
+- **Consider multi-user authorization**. Require approval from another user for important backup actions by using Resource Guard. Multi-user authorization adds extra security and helps prevent insider threats.
+  
+- **Consider centralized management**. Use Resiliency in Azure to manage backups and disaster recovery across all vaults, subscriptions, and regions. Get a unified view of security, protection, and alerts.

learn-pr/wwl-azure/design-solution-for-backup-disaster-recovery/includes/5-design-for-azure-files-backup-recovery.md

@@ -27,15 +27,19 @@ Let's review some of the characteristics regarding backup and recovery of Azure
 
 #### Automated file share backups
 
-You can automate and manage your Azure file shares snapshots. Automating snapshot backups with Azure Backup is the recommended approach. The following diagram shows how automatic backups of file shares can be restored from a Recovery Services vault.
+You can protect Azure file shares using two backup approaches: **vaulted backup** and **snapshot backup**. Microsoft recommends vaulted backup for comprehensive protection against data loss, including protection from ransomware attacks and rogue administrator deletion.
+
+- **Vaulted backup** stores backup data in a Backup vault (offsite copy), supports retention up to 10 years, and provides protection against storage account deletion and ransomware. Vaulted backup is the recommended approach for comprehensive data protection.
+- **Snapshot backup** creates snapshots that are stored locally within the storage account and managed via Recovery Services vault metadata. While faster for restore operations, snapshot backups cannot protect against storage account-level deletion or ransomware targeting the storage account. The following diagram shows how automatic snapshot backups can be restored:
+
 
 :::image type="content" source="../media/file-share-automated.png" alt-text="Diagram that shows how Azure file shares snapshots are restored from a Recovery Services vault in Azure Backup." border="false":::
 
-- Azure Backup keeps the metadata about the snapshot backup in the Recovery Services vault, but no data is transferred. This method provides you with a fast backup solution that has built-in backup and reporting. 
+1. Azure Backup keeps the metadata about the snapshot backup in the Recovery Services vault, but no data is transferred. This method provides you with a fast backup solution that has built-in backup and reporting. 
 
-- When Azure Backup is enabled on the file share, the soft delete feature is also enabled. 
+1. When Azure Backup is enabled on the file share, the soft delete feature is also enabled. 
 
-- You can configure snapshot backups for daily, weekly, monthly, or yearly retention.
+1. You can configure snapshot backups for daily, weekly, monthly, or yearly retention.
 
 ### Things to consider when using file share backups
 
@@ -45,10 +49,12 @@ Take a moment to review some considerations for creating and recovering from fil
 
 - **Consider alerts and reporting**. You can configure alerts for backup and restore failures and use the reporting solution provided by Azure Backup. These reports provide insights on file share backups.
 
+- **Consider backup approach choice**. Choose vaulted backup for comprehensive protection including ransomware resilience and long-term retention up to 10 years. Choose snapshot backup when you need faster restore times for short-term scenarios and have other protection measures for the storage account itself.
+
 - **Consider self-service restore**. Azure Backup uses server endpoint Windows Volume Shadow Copy Service (VSS) snapshots. You might consider giving advanced users the ability to restore files themselves. 
 
 - **Consider on-demand backups**. Azure Backup policies are limited to scheduling a backup once a day. If a user creates a file in the morning and works on it all day, a nightly backup doesn't include the new file. For these reasons, consider on-demand backups for the most critical file shares. 
 
 - **Consider file share organization**. Organize your file shares according to how you intend to store the data in backups. You might separate your file shares for backup according to public facing data versus internal file shares. 
 
-- **Consider code deployments**. If a bug or application error is introduced with the new deployment, you can go back to a previous version of your data on that file share. To help protect against these scenarios, you can take a share snapshot before you deploy new application code. 
+- **Consider code deployments**. If a bug or application error is introduced with the new deployment, you can go back to a previous version of your data on that file share. To help protect against these scenarios, you can take a share snapshot before you deploy new application code. 

learn-pr/wwl-azure/design-solution-for-backup-disaster-recovery/includes/6-design-for-azure-virtual-machine-backup-recovery.md

@@ -10,18 +10,15 @@ Let's examine how Azure Backup supports backup and recovery of Azure virtual mac
 
 - Azure Backup allows for simple configuration and scaling for Windows and Linux virtual machines.
 
-   > [!Note]
-   > Azure Backup has specialized offerings for database workloads like SQL Server and SAP HANA. These offerings are workload-aware, provide 15-minute RPO (recovery point objective), and allow back up and restore of individual databases.
+- Azure VM backup offers two policy types:
+   - **Standard policy**: Once-daily backups with standard snapshot storage. Suitable for most scenarios but doesn't support Trusted Launch VMs (via portal), Ultra Disks, or Premium SSD v2.
+   - **Enhanced policy**: Supports backups as frequently as every 4 hours, zone-resilient snapshots (ZRS), and newer disk types including Ultra Disks and Premium SSD v2. Required for Trusted Launch VMs and enables agentless multi-disk crash-consistent backup.
 
 - The backup job for a virtual machine involves two phases:
    - First, a virtual machine snapshot is taken.
    - Second, the virtual machine snapshot is transferred to a Recovery Services vault. 
 
-   The transfer of the backup data to the Recovery Services vault has no effect on your production workloads. 
-
-- Azure virtual machine backups stored in a Recovery Services vault provide built-in management of recovery points.
-
-- Virtual machine backups are optimized so you can easily restore a full backup, or from a specific recovery point.
+- Azure virtual machine backups stored in a Recovery Services vault provide built-in management of recovery points. Virtual machine backups are optimized so you can easily restore a full backup, or from a specific recovery point.
 
 - Snapshot backups support [different levels of consistency](/azure/backup/backup-azure-vms-introduction#snapshot-consistency), including _Application_, _System_, and _Crash_.
 
@@ -39,14 +36,12 @@ Here are some things to review when planning backup and recovery for your virtua
 
 - **Consider backup frequency**. Determine how frequently you need to create fresh backups. Implement both short-term (daily) and long-term (weekly) backups. If you need to take a backup outside of your scheduled via backup policy, you can use an on-demand backup. You might do on-demand backups multiple times per day when scheduled backup permits only one backup per day.
 
-- **Consider backup policies**. Create a single backup policy for a group of virtual machines that require the same schedule start time, frequency, and retention settings. You might establish a backup policy for critical virtual machines, and a separate policy for noncritical machines. 
+- **Consider backup policies**. Create a single backup policy for a group of virtual machines that require the same schedule start time, frequency, and retention settings. You might establish a backup policy for critical virtual machines, and a separate policy for noncritical machines. Also, consider enhanced policy for backup frequency more than once a day. 
 
 - **Consider plan changes**. After you implement your backup solution, continue to monitor and review your plan. As your business requirements change, make sure to review and change your backup policies. Enable monitoring and alerting features and review the results. 
 
 - **Consider practice restore runs**. Restoring backups for virtual machines can be time-consuming. It's a recommended practice to try restoring from your backups before you experience a critical scenario where recovery is essential.
 
-   The total restore time depends on the Input/Output operations per second (IOPS) and the throughput of the storage account. The total restore time can be affected if the target storage account is loaded with other application read and write operations. To improve restore operation, select a storage account that isn't loaded with other application data.
-
 - **Consider throttling during restore**. If you're restoring virtual machines from a single Recovery Services vault, we highly recommend that you use different general-purpose v2 storage accounts. By using a v2 storage account, you can ensure your target storage account doesn't get throttled. Consider a scenario where each virtual machine must have a different storage account. If 10 virtual machines are being restored, plan to use 10 different storage accounts.
 
-- **Consider Cross Region Restore (CRR)**. CRR allows you to restore Azure virtual machines in a secondary region, which is an Azure paired region. This option lets you conduct drills to meet audit or compliance requirements. You can also restore the virtual machine or its disk if there's a disaster in the primary region. CRR is an opt-in feature for any Recovery Services vault. CRR also works for SQL databases and SAP HANA databases hosted on Azure virtual machines.
+- **Consider Cross Region Restore (CRR)**. CRR allows you to restore Azure virtual machines in a secondary region, which is an Azure paired region. This option lets you conduct drills to meet audit or compliance requirements. You can also restore the virtual machine or its disk if there's a disaster in the primary region. CRR is an opt-in feature for any Recovery Services vault. CRR also works for SQL databases and SAP HANA databases hosted on Azure virtual machines.

learn-pr/wwl-azure/design-solution-for-backup-disaster-recovery/includes/7-design-for-azure-sql-backup-recovery.md

@@ -28,4 +28,4 @@ You can use the automated backups in several ways.
 
 Azure SQL Database automatic backups remain available to restore for up to 35 days. This period is enough for the purposes of day-to-day administration. But sometimes you might need to retain data for longer periods. For example, data protection regulations in your local jurisdiction might require you to keep backups for several years.
 
-For these requirements, use the long-term retention (LTR) feature. This way, you can store Azure SQL Database backups in read-access geo-redundant storage (RA-GRS) blobs for up to 10 years. If you need access to any backup in LTR, you can restore it as a new database by using either the Azure portal or PowerShell.
+For these requirements, use the long-term retention (LTR) feature. This way, you can store Azure SQL Database backups in Azure Blob Storage for up to 10 years. 

learn-pr/wwl-azure/design-solution-for-backup-disaster-recovery/index.yml

@@ -5,15 +5,15 @@ metadata:
   prefetch-feature-rollout: true
   title: Design a solution for backup and disaster recovery
   description: "You learn how to select appropriate backup solutions for Azure workloads. You also learn how to select appropriate disaster recovery options for these workloads. "
-  ms.date: 01/26/2026
+  ms.date: 03/23/2026
   author: wwlpublish
   ms.author: cynthist
   ms.topic: module
   ms.collection: N/A
   ms.custom:
   - N/A
   ms.service: azure
-  ai-usage: human-only
+  ai-usage: ai-assisted
 title: Design a solution for backup and disaster recovery
 summary: Learn how to select appropriate backup solutions and disaster recovery solutions for Azure workloads.
 abstract: |
@@ -58,4 +58,4 @@ units:
 - learn.wwl.design-solution-for-backup-disaster-recovery.knowledge-check
 - learn.wwl.design-solution-for-backup-disaster-recovery.summary-resources
 badge:
-  uid: learn.wwl.design-solution-for-backup-disaster-recovery.badge
+  uid: learn.wwl.design-solution-for-backup-disaster-recovery.badge